- Feb 14, 2014
-
-
Kurt Roeckx authored
(cherry picked from commit e547c45f)
-
Scott Schaefer authored
(cherry picked from commit 2b4ffc65)
-
Scott Schaefer authored
apps/pkcs12.c accepts -password as an argument. The document author almost certainly meant to write "-password, -passin". However, that is not correct, either. Actually the code treats -password as equivalent to -passin, EXCEPT when -export is also specified, in which case -password as equivalent to -passout. (cherry picked from commit 856c6dfb)
-
Dr. Stephen Henson authored
(cherry picked from commit 8c6d8c2a) Conflicts: CHANGES ssl/t1_lib.c
-
- Feb 05, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit 8c6d8c2a) Conflicts: CHANGES ssl/t1_lib.c
-
- Feb 03, 2014
-
-
Dr. Stephen Henson authored
PR#3253 (cherry picked from commit 7f6e09b5)
-
- Jan 29, 2014
-
-
Dr. Stephen Henson authored
Remove reference to ERR_TXT_MALLOCED in the error library as that is only used internally. Indicate that returned error data must not be freed. (cherry picked from commit f2d678e6)
-
- Jan 28, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit cb218267)
-
Dr. Stephen Henson authored
(cherry picked from commit 717cc858)
-
Dr. Stephen Henson authored
PR#3244
-
Dr. Stephen Henson authored
Always add a dynamically loaded ENGINE to list. Otherwise it can cause problems when multiply loaded, especially if it adds new public key methods. For all current engines we only want a single implementation anyway. (cherry picked from commit e933f91f)
-
- Jan 23, 2014
-
-
Dr. Stephen Henson authored
Use default instead of ENGINE version of digest. Without this errors will occur if you use an ENGINE for a private key and it doesn't implement the digest in question.
-
- Jan 16, 2014
-
-
Kaspar Brand authored
PR#3178
-
- Jan 11, 2014
-
-
Zoltan Arpadffy authored
-
- Jan 09, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit 8f4077ca)
-
- Jan 08, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
PR#3220
-
- Jan 06, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Jan 04, 2014
-
-
Dr. Stephen Henson authored
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL 0.9.7h but deleting it will break source compatibility with any software that references it. Restore it but #define to zero. (cherry picked from commit b17d6b8d)
-
- Jan 02, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
When sending an invalid version number alert don't change the version number to the client version if a session is already established. Thanks to Marek Majkowski for additional analysis of this issue. PR#3191
-
- Dec 22, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit 8f686789)
-
- Dec 20, 2013
-
-
Dr. Stephen Henson authored
For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. CVE-2013-6450.
-
Dr. Stephen Henson authored
-
- Dec 19, 2013
-
-
Dr. Stephen Henson authored
When deciding whether to use TLS 1.2 PRF and record hash algorithms use the version number in the corresponding SSL_METHOD structure instead of the SSL structure. The SSL structure version is sometimes inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already. (CVE-2013-6449)
-
- Dec 18, 2013
-
-
Andy Polyakov authored
SHA512_Transform was initially added rather as tribute to tradition than for practucal reasons. But use was recently found in ssl/s3_cbc.c and it turned to be problematic on platforms that don't tolerate misasligned references to memory and lack assembly subroutine. (cherry picked from commit cdd1acd7)
-
Dr. Stephen Henson authored
Partial mitigation of PR#3200
-
- Dec 10, 2013
-
-
Dr. Stephen Henson authored
We need to lock when *not* in FIPS mode. (cherry picked from commit 57c4e42d)
-
Dr. Stephen Henson authored
-
- Dec 09, 2013
-
-
Dr. Stephen Henson authored
-
- Dec 08, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
PR: 3176. In FIPS mode ssleay_rand_bytes is only used for PRNG seeding and is performed in either a single threaded context (when the PRNG is first initialised) or under a lock (reseeding). To avoid multiple locks disable use of CRYPTO_LOCK_RAND in FIPS mode in ssleay_rand_bytes. (cherry picked from commit 53142f72c9b9c9bad2f39ca6200a4f04f5c8001c)
-
- Dec 03, 2013
-
-
Andy Polyakov authored
PR: 3189 Submitted by: Oscar Ciurana (cherry picked from commit c5d5f5bd)
-
- Nov 27, 2013
-
-
Dr. Stephen Henson authored
-
- Nov 12, 2013
-
-
Andy Polyakov authored
PR: 3165 Submitted by: Daniel Richard G. (cherry picked from commit 2df9ec01) (cherry picked from commit 0de70011)
-