The attached patch is against openssl-1.0.1-stable-SNAP-20110729 and
implements coordinate blinding. This randomizes the representative of
an elliptic curve point in its equivalence class. (For methods that
use projective coords such as curves over prime fields; for affine
coords, it does nothing
The CMS application only supports the econtent_type option for the sign
operation. The trivial patch below adds support for the encrypt operation
(enveloped-data).
This allows signalling of the content of enveloped-data structures.
Kind regards,
Paul
diff -u -r openssl-1.0.0d//apps/cms.c openss
DTLS buffers records of the next epoch while listening, although it's not
supposed to change its state. Additionally, when the decryption of buffered
records fails, the connection is dropped with a BadRecord alert, instead of
just silently discarding the message. With this patch nothing is buffe