- Apr 09, 2014
-
-
Dr. Stephen Henson authored
Keep copy of any host, path and port values allocated by OCSP_parse_url and free as necessary. (cherry picked from commit 5219d3dd)
-
- Apr 07, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit 4e6c12f3)
-
- Apr 06, 2014
-
-
Andy Polyakov authored
-
- Apr 04, 2014
-
-
Dr. Stephen Henson authored
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in the openssl utility. Thanks to Rob Mackinnon, Leviathan Security for reporting this issue. (cherry picked from commit 7ba08a4d)
-
Dr. Stephen Henson authored
(cherry picked from commit 6cc00684)
-
- Apr 03, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit dbb7654d)
-
Tim Hudson authored
New -hash_old to generate CRL hashes using old (before OpenSSL 1.0.0) algorithm. (cherry picked from commit de2d97cd)
-
- Apr 02, 2014
-
-
Eric Young authored
A short PEM encoded sequence if passed to the BIO, and the file had 2 \n following would fail. PR#3289 (cherry picked from commit 10378fb5)
-
- Mar 12, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Use a previously unused value as we will be updating multiple released branches.
-
Dr. Stephen Henson authored
Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix.
-
- Mar 10, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit a029788b)
-
- Mar 07, 2014
-
-
Andy Polyakov authored
PR: 3275 (cherry picked from commit ea38f020)
-
- Feb 26, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit 3eddd1706a30cdf3dc9278692d8ee9038eac8a0d)
-
- Feb 25, 2014
-
-
Andy Polyakov authored
PR: 3201 (cherry picked from commit 03da57fe)
-
Dr. Stephen Henson authored
Windows 8 SDKs complain that GetVersion() is deprecated. We only use GetVersion like this: (GetVersion() < 0x80000000) which checks if the Windows version is NT based. Use a macro check_winnt() which uses GetVersion() on older SDK versions and true otherwise. (cherry picked from commit a4cc3c80)
-
- Feb 24, 2014
-
-
Andy Polyakov authored
PR: 3251 Suggested by: Thorsten Schning (cherry picked from commit 3ae1b534)
-
Andy Polyakov authored
PR: 3251 Suggested by: Thorsten Schning (cherry picked from commit 779c51c6)
-
Andy Polyakov authored
when adding duplicates in add_cert_dir. PR: 3261 Reported by: Marian Done (cherry picked from commit 758954e0)
-
- Feb 15, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit 5a7652c3)
-
- Feb 14, 2014
-
-
Kurt Roeckx authored
If you use "-newkey rsa" it's supposed to read the default number of bits from the config file. However the value isn't used to generate the key, but it does print it's generating such a key. The set_keygen_ctx() doesn't call EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in pkey_rsa_init() (1024). Afterwards the number of bits gets read from the config file, but nothing is done with that anymore. We now read the config first and use the value from the config file when no size is given. PR: 2592 (cherry picked from commit 33432203)
-
Kurt Roeckx authored
(cherry picked from commit e547c45f)
-
Scott Schaefer authored
(cherry picked from commit 2b4ffc65)
-
Scott Schaefer authored
apps/pkcs12.c accepts -password as an argument. The document author almost certainly meant to write "-password, -passin". However, that is not correct, either. Actually the code treats -password as equivalent to -passin, EXCEPT when -export is also specified, in which case -password as equivalent to -passout. (cherry picked from commit 856c6dfb)
-
- Jan 29, 2014
-
-
Dr. Stephen Henson authored
Remove reference to ERR_TXT_MALLOCED in the error library as that is only used internally. Indicate that returned error data must not be freed. (cherry picked from commit f2d678e6)
-
- Jan 28, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit cb218267)
-
Dr. Stephen Henson authored
(cherry picked from commit 717cc858)
-
Dr. Stephen Henson authored
Always add a dynamically loaded ENGINE to list. Otherwise it can cause problems when multiply loaded, especially if it adds new public key methods. For all current engines we only want a single implementation anyway. (cherry picked from commit e933f91f)
-
- Jan 23, 2014
-
-
Dr. Stephen Henson authored
Use default instead of ENGINE version of digest. Without this errors will occur if you use an ENGINE for a private key and it doesn't implement the digest in question. (cherry picked from commit 4eedf86a)
-
Dr. Stephen Henson authored
-
- Jan 16, 2014
-
-
Kaspar Brand authored
PR#3178 (cherry picked from commit eb85ee9a)
-
- Jan 11, 2014
-
-
Zoltan Arpadffy authored
-
- Jan 10, 2014
-
-
Dr. Stephen Henson authored
-
- Jan 09, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit 8f4077ca)
-
- Jan 06, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Jan 04, 2014
-
-
Dr. Stephen Henson authored
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL 0.9.7h but deleting it will break source compatibility with any software that references it. Restore it but #define to zero. (cherry picked from commit b17d6b8d)
-
- Jan 02, 2014
-
-
Dr. Stephen Henson authored
-
- Dec 20, 2013
-
-
Dr. Stephen Henson authored
For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. CVE-2013-6450. (cherry picked from commit 34628967) Conflicts: ssl/ssl_locl.h
-