Loading CHANGES +8 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,14 @@ Changes between 0.9.6c and 0.9.6d [XX xxx XXXX] *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines: an end-of-file condition would erronously be flagged, when the CRLF was just at the end of a processed block. The bug was discovered when processing data through a buffering memory BIO handing the data to a BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov <ptsekov@syntrex.com> and Nedelcho Stanev. [Lutz Jaenicke] *) Implement a countermeasure against a vulnerability recently found in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment before application data chunks to avoid the use of known IVs Loading crypto/evp/encode.c +7 −0 Original line number Diff line number Diff line Loading @@ -277,6 +277,13 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, eof++; } if (v == B64_CR) { ln = 0; if (exp_nl) continue; } /* eoln */ if (v == B64_EOLN) { Loading Loading
CHANGES +8 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,14 @@ Changes between 0.9.6c and 0.9.6d [XX xxx XXXX] *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines: an end-of-file condition would erronously be flagged, when the CRLF was just at the end of a processed block. The bug was discovered when processing data through a buffering memory BIO handing the data to a BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov <ptsekov@syntrex.com> and Nedelcho Stanev. [Lutz Jaenicke] *) Implement a countermeasure against a vulnerability recently found in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment before application data chunks to avoid the use of known IVs Loading
crypto/evp/encode.c +7 −0 Original line number Diff line number Diff line Loading @@ -277,6 +277,13 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, eof++; } if (v == B64_CR) { ln = 0; if (exp_nl) continue; } /* eoln */ if (v == B64_EOLN) { Loading
