- 24 Mar, 2014 1 commit
-
-
Emilia Kasper authored
-
- 19 Mar, 2014 1 commit
-
-
Dr. Stephen Henson authored
Some CMS SignedData structure use a signature algorithm OID such as SHA1WithRSA instead of the RSA algorithm OID. Workaround this case by tolerating the signature if we recognise the OID.
-
- 18 Mar, 2014 1 commit
-
-
Piotr Sikora authored
-
- 12 Mar, 2014 2 commits
-
-
Dr. Stephen Henson authored
Use a previously unused value as we will be updating multiple released branches. (cherry picked from commit 0737acd2a8cc688902b5151cab5dc6737b82fb96)
-
Dr. Stephen Henson authored
Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. (cherry picked from commit 2198be34) Conflicts: CHANGES
-
- 10 Mar, 2014 2 commits
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- 07 Mar, 2014 3 commits
-
-
Dr. Stephen Henson authored
(cherry picked from commit 7a3e67f029969620966b8a627b8485d83692cca5)
-
Andy Polyakov authored
PR: 3275
-
Andy Polyakov authored
The problem is that OpenSSH calls EVP_Cipher, which is not as protective as EVP_CipherUpdate. Formally speaking we ought to do more checks in *_cipher methods, including rejecting lengths not divisible by block size (unless ciphertext stealing is in place). But for now I implement check for zero length in low-level based on precedent. PR: 3087, 2775
-
- 06 Mar, 2014 3 commits
-
-
Andy Polyakov authored
-
Andy Polyakov authored
Submitted by: Roumen Petrov
-
Andy Polyakov authored
Submitted by: Roumen Petrov
-
- 03 Mar, 2014 1 commit
-
-
Dr. Stephen Henson authored
(cherry picked from commit bdfc0e28)
-
- 01 Mar, 2014 3 commits
-
-
Dr. Stephen Henson authored
Add option to set an alternative to the default hmacWithSHA1 PRF for PKCS#8 private key encryptions. This is used automatically by PKCS8_encrypt if the nid specified is a PRF. Add option to pkcs8 utility. Update docs. (cherry picked from commit b60272b01fcb4f69201b3e1659b4f7e9e9298dfb)
-
Dr. Stephen Henson authored
(cherry picked from commit 124d2188)
-
Dr. Stephen Henson authored
Although the memory allocated by compression methods is fixed and cannot grow over time it can cause warnings in some leak checking tools. The function SSL_COMP_free_compression_methods() will free and zero the list of supported compression methods. This should *only* be called in a single threaded context when an application is shutting down to avoid interfering with existing contexts attempting to look up compression methods. (cherry picked from commit 976c5830)
-
- 28 Feb, 2014 1 commit
-
-
Andy Polyakov authored
PR: 3271
-
- 27 Feb, 2014 5 commits
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- 26 Feb, 2014 5 commits
-
-
Rob Stradling authored
-
Dr. Stephen Henson authored
(cherry picked from commit 3eddd1706a30cdf3dc9278692d8ee9038eac8a0d)
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- 25 Feb, 2014 7 commits
-
-
Andy Polyakov authored
PR: 3201
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
(cherry picked from commit 3678161d717d0f46c5b5b052a6d6a33438b1df00)
-
Dr. Stephen Henson authored
Not all platforms define BN_ULLONG. Define SCTS_TIMESTAMP as a type which should work on all platforms. (cherry picked from commit 6634416732b94627eba1c47de3c3a6321a5458f0)
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Windows 8 SDKs complain that GetVersion() is deprecated. We only use GetVersion like this: (GetVersion() < 0x80000000) which checks if the Windows version is NT based. Use a macro check_winnt() which uses GetVersion() on older SDK versions and true otherwise.
-
Rob Stradling authored
-
- 24 Feb, 2014 4 commits
-
-
Andy Polyakov authored
Allegedly formwarding to NUL: sometimes creates NUL file in file system. PR: 3250
-
Andy Polyakov authored
PR: 3251 Suggested by: Thorsten Schning
-
Andy Polyakov authored
when adding duplicates in add_cert_dir. PR: 3261 Reported by: Marian Done
-
Andy Polyakov authored
-
- 23 Feb, 2014 1 commit
-
-
Dr. Stephen Henson authored
When setting the current certificate check that it has a corresponding private key.
-