Skip to content
  1. Apr 07, 2014
    • Dr. Stephen Henson's avatar
      Return if ssleay_rand_add called with zero num. · 5be1ae28
      Dr. Stephen Henson authored
      Treat a zero length passed to ssleay_rand_add a no op: the existing logic
      zeroes the md value which is very bad. OpenSSL itself never does this
      internally and the actual call doesn't make sense as it would be passing
      zero bytes of entropy.
      
      Thanks to Marcus Meissner <meissner@suse.de> for reporting this bug.
      5be1ae28
    • Dr. Stephen Henson's avatar
      Add heartbeat extension bounds check. · 96db9023
      Dr. Stephen Henson authored
      A missing bounds check in the handling of the TLS heartbeat extension
      can be used to reveal up to 64k of memory to a connected client or
      server.
      
      Thanks for Neel Mehta of Google Security for discovering this bug and to
      Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
      preparing the fix (CVE-2014-0160)
      96db9023
    • Dr. Stephen Henson's avatar
      Document -verify_return_error option. · 0d7717fc
      Dr. Stephen Henson authored
      (cherry picked from commit 4e6c12f3)
      0d7717fc
  2. Apr 06, 2014
  3. Apr 05, 2014
  4. Apr 04, 2014
  5. Apr 03, 2014
  6. Apr 02, 2014
    • Eric Young's avatar
      Fix base64 decoding bug. · bfc3424d
      Eric Young authored
      A short PEM encoded sequence if passed to the BIO, and the file
      had 2 \n following would fail.
      
      PR#3289
      (cherry picked from commit 10378fb5)
      bfc3424d
  7. Mar 12, 2014
  8. Mar 10, 2014
  9. Mar 07, 2014
  10. Feb 27, 2014
  11. Feb 26, 2014
  12. Feb 25, 2014
  13. Feb 24, 2014
  14. Feb 15, 2014
  15. Feb 14, 2014
    • Kurt Roeckx's avatar
      Use defaults bits in req when not given · e420060a
      Kurt Roeckx authored
      If you use "-newkey rsa" it's supposed to read the default number of bits from the
      config file.  However the value isn't used to generate the key, but it does
      print it's generating such a key.  The set_keygen_ctx() doesn't call
      EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
      pkey_rsa_init() (1024).  Afterwards the number of bits gets read from the config
      file, but nothing is done with that anymore.
      
      We now read the config first and use the value from the config file when no size
      is given.
      
      PR: 2592
      (cherry picked from commit 33432203)
      e420060a
    • Kurt Roeckx's avatar
      Fix additional pod errors with numbered items. · d8ec8a4a
      Kurt Roeckx authored
      (cherry picked from commit e547c45f)
      d8ec8a4a
    • Scott Schaefer's avatar
      Fix various spelling errors · 040ed7b4
      Scott Schaefer authored
      (cherry picked from commit 2b4ffc65)
      040ed7b4
    • Scott Schaefer's avatar
      Document pkcs12 -password behavior · c76e5b08
      Scott Schaefer authored
      apps/pkcs12.c accepts -password as an argument.  The document author
      almost certainly meant to write "-password, -passin".
      
      However, that is not correct, either.  Actually the code treats
      -password as equivalent to -passin, EXCEPT when -export is also
      specified, in which case -password as equivalent to -passout.
      (cherry picked from commit 856c6dfb)
      c76e5b08
    • Dr. Stephen Henson's avatar
      Backport TLS padding extension from master. · 00712158
      Dr. Stephen Henson authored
      (cherry picked from commit 8c6d8c2a)
      
      Conflicts:
      
      	CHANGES
      	ssl/t1_lib.c
      00712158
  16. Feb 05, 2014
  17. Feb 03, 2014
  18. Jan 29, 2014
    • Dr. Stephen Henson's avatar
      Clarify docs. · f21e6b6e
      Dr. Stephen Henson authored
      Remove reference to ERR_TXT_MALLOCED in the error library as that is
      only used internally. Indicate that returned error data must not be
      freed.
      (cherry picked from commit f2d678e6)
      f21e6b6e
  19. Jan 28, 2014