Skip to content
  1. May 11, 2014
  2. May 08, 2014
    • Dr. Stephen Henson's avatar
      Return an error if no recipient type matches. · 70ddf8ec
      Dr. Stephen Henson authored
      If the key type does not match any CMS recipient type return
      an error instead of using a random key (MMA mitigation). This
      does not leak any useful information to an attacker.
      
      PR#3348
      (cherry picked from commit 83a3182e0560f76548f4378325393461f6275493)
      70ddf8ec
  3. May 06, 2014
  4. Apr 24, 2014
  5. Apr 11, 2014
  6. Apr 09, 2014
  7. Apr 04, 2014
  8. Apr 02, 2014
    • Eric Young's avatar
      Fix base64 decoding bug. · 9ad5c5e4
      Eric Young authored
      A short PEM encoded sequence if passed to the BIO, and the file
      had 2 \n following would fail.
      
      PR#3289
      (cherry picked from commit 10378fb5)
      9ad5c5e4
  9. Mar 27, 2014
  10. Feb 15, 2014
  11. Jan 29, 2014
    • Dr. Stephen Henson's avatar
      Clarify docs. · 2fb8642e
      Dr. Stephen Henson authored
      Remove reference to ERR_TXT_MALLOCED in the error library as that is
      only used internally. Indicate that returned error data must not be
      freed.
      (cherry picked from commit f2d678e6)
      2fb8642e
  12. Jan 10, 2014
  13. Jan 04, 2014
    • Dr. Stephen Henson's avatar
      Restore SSL_OP_MSIE_SSLV2_RSA_PADDING · 0da40f0f
      Dr. Stephen Henson authored
      The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
      0.9.7h but deleting it will break source compatibility with any software
      that references it. Restore it but #define to zero.
      (cherry picked from commit b17d6b8d)
      0da40f0f
  14. Dec 10, 2013
  15. Dec 09, 2013
  16. Nov 27, 2013
  17. Nov 21, 2013
  18. Oct 04, 2013
  19. Sep 17, 2013
    • Bodo Moeller's avatar
      Fix overly lenient comparisons: · ff7b0210
      Bodo Moeller authored
          - EC_GROUP_cmp shouldn't consider curves equal just because
            the curve name is the same. (They really *should* be the same
            in this case, but there's an EC_GROUP_set_curve_name API,
            which could be misused.)
      
          - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
            or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
            equality (not an error).
      
          Reported by: king cope
      
      (cherry picked from commit ca567a03)
      
      Conflicts:
      	Configure
      ff7b0210
  20. Aug 20, 2013
  21. Aug 13, 2013
    • Michael Tuexen's avatar
      DTLS message_sequence number wrong in rehandshake ServerHello · 9204e7ef
      Michael Tuexen authored
      This fix ensures that
      * A HelloRequest is retransmitted if not responded by a ClientHello
      * The HelloRequest "consumes" the sequence number 0. The subsequent
      ServerHello uses the sequence number 1.
      * The client also expects the sequence number of the ServerHello to
      be 1 if a HelloRequest was received earlier.
      This patch fixes the RFC violation.
      
      Conflicts:
      
      	ssl/d1_pkt.c
      (cherry picked from commit 6f87807e)
      9204e7ef
  22. Aug 08, 2013
    • Michael Tuexen's avatar
      DTLS handshake fix. · 257df40f
      Michael Tuexen authored
      Reported by: Prashant Jaikumar <rmstar@gmail.com>
      
      Fix handling of application data received before a handshake.
      (cherry picked from commit 0c75eeac)
      257df40f
  23. Apr 08, 2013
  24. Apr 07, 2013
  25. Mar 19, 2013
  26. Mar 18, 2013