e4ea6f0 | Michal Bozon | 14 May 2014, 20:07:51 UTC | Corrected POD syntax errors. PR#3353 | 14 May 2014, 22:00:56 UTC |
a2c00fb | Kurt Roeckx | 12 May 2014, 16:19:14 UTC | Check sk_SSL_CIPHER_num() after assigning sk. | 12 May 2014, 22:07:44 UTC |
d06ae0f | Günther Noack | 01 May 2014, 11:33:11 UTC | Avoid out-of-bounds write in SSL_get_shared_ciphers PR: 3317 | 11 May 2014, 23:04:57 UTC |
afa2ea2 | Viktor Dukhovni | 11 May 2014, 19:28:56 UTC | Fix infinite loop. PR#3347 | 11 May 2014, 20:20:00 UTC |
0b6394c | Tim Hudson | 11 May 2014, 12:29:59 UTC | safety check to ensure we dont send out beyond the users buffer | 11 May 2014, 12:38:23 UTC |
70ddf8e | Dr. Stephen Henson | 08 May 2014, 12:17:11 UTC | Return an error if no recipient type matches. If the key type does not match any CMS recipient type return an error instead of using a random key (MMA mitigation). This does not leak any useful information to an attacker. PR#3348 (cherry picked from commit 83a3182e0560f76548f4378325393461f6275493) | 08 May 2014, 12:18:49 UTC |
9febee0 | Geoff Thorpe | 04 May 2014, 22:44:14 UTC | evp: prevent underflow in base64 decoding This patch resolves RT ticket #2608. Thanks to Robert Dugal for originally spotting this, and to David Ramos for noticing that the ball had been dropped. Signed-off-by: Geoff Thorpe <geoff@openssl.org> | 06 May 2014, 22:23:54 UTC |
a721216 | Geoff Thorpe | 04 May 2014, 20:19:22 UTC | bignum: allow concurrent BN_MONT_CTX_set_locked() The lazy-initialisation of BN_MONT_CTX was serialising all threads, as noted by Daniel Sands and co at Sandia. This was to handle the case that 2 or more threads race to lazy-init the same context, but stunted all scalability in the case where 2 or more threads are doing unrelated things! We favour the latter case by punishing the former. The init work gets done by each thread that finds the context to be uninitialised, and we then lock the "set" logic after that work is done - the winning thread's work gets used, the losing threads throw away what they've done. Signed-off-by: Geoff Thorpe <geoff@openssl.org> | 06 May 2014, 22:23:49 UTC |
47f689a | Dr. Stephen Henson | 06 May 2014, 13:07:37 UTC | Initialize num properly. PR#3289 PR#3345 (cherry picked from commit 3ba1e406c2309adb427ced9815ebf05f5b58d155) | 06 May 2014, 13:09:26 UTC |
f51f374 | Dr. Stephen Henson | 06 May 2014, 13:02:17 UTC | Set Enveloped data version to 2 if ktri version not zero. (cherry picked from commit 9c5d953a07f472452ae2cb578e39eddea2de2b9c) | 06 May 2014, 13:05:05 UTC |
3c1128f | Steve Marquess | 24 April 2014, 11:13:05 UTC | Add new sponsors (cherry picked from commit 351f0a124bffaa94d2a8abdec2e7dde5ae9c457d) | 24 April 2014, 11:31:42 UTC |
8185c94 | Dr. Stephen Henson | 11 April 2014, 01:50:51 UTC | Add new key fingerprint. (cherry picked from commit 3143a332e8f2f5ca1a6f0262a1a1a66103f2adf7) | 11 April 2014, 01:52:14 UTC |
c61f0cb | Dr. Stephen Henson | 09 April 2014, 14:42:40 UTC | Fix free errors in ocsp utility. Keep copy of any host, path and port values allocated by OCSP_parse_url and free as necessary. (cherry picked from commit 5219d3dd350cc74498dd49daef5e6ee8c34d9857) | 09 April 2014, 14:45:56 UTC |
d90605d | Dr. Stephen Henson | 04 April 2014, 11:46:39 UTC | Update FAQ. (cherry picked from commit 6cc0068430d0a4abdef0b466d422e6a4d154a5fe) | 04 April 2014, 12:09:13 UTC |
e563349 | Dr. Stephen Henson | 04 April 2014, 11:44:43 UTC | Use correct length when prompting for password. Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in the openssl utility. Thanks to Rob Mackinnon, Leviathan Security for reporting this issue. (cherry picked from commit 7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca) | 04 April 2014, 12:09:05 UTC |
9ad5c5e | Eric Young | 02 April 2014, 18:50:33 UTC | Fix base64 decoding bug. A short PEM encoded sequence if passed to the BIO, and the file had 2 \n following would fail. PR#3289 (cherry picked from commit 10378fb5f4c67270b800e8f7c600cd0548874811) | 02 April 2014, 18:58:25 UTC |
4bc24cf | Dr. Stephen Henson | 27 March 2014, 01:03:46 UTC | make update | 27 March 2014, 01:03:46 UTC |
79f5776 | Dr. Stephen Henson | 27 March 2014, 01:03:07 UTC | Update NEWS | 27 March 2014, 01:03:07 UTC |
d79eb92 | Dr. Stephen Henson | 12 March 2014, 14:35:54 UTC | Update ordinals. Use a previously unused value as we will be updating multiple released branches. (cherry picked from commit 0737acd2a8cc688902b5151cab5dc6737b82fb96) | 27 March 2014, 00:59:48 UTC |
fff69a7 | mancha | 27 March 2014, 00:55:08 UTC | Fix for CVE-2014-0076 backported to 0.9.8 branch Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. Thanks for mancha for backporting the fix to OpenSSL 0.9.8 branch. | 27 March 2014, 00:55:08 UTC |
a375025 | mancha | 27 March 2014, 00:47:14 UTC | Fix alert handling. Fix OpenSSL 0.9.8 alert handling. PR#3038 | 27 March 2014, 00:54:16 UTC |
d471adf | Dr. Stephen Henson | 15 February 2014, 01:27:56 UTC | Remove duplicate statement. (cherry picked from commit 5a7652c3e585e970e5b778074c92e617e48fde38) | 15 February 2014, 01:31:34 UTC |
2fb8642 | Dr. Stephen Henson | 29 January 2014, 00:59:35 UTC | Clarify docs. Remove reference to ERR_TXT_MALLOCED in the error library as that is only used internally. Indicate that returned error data must not be freed. (cherry picked from commit f2d678e6e89b6508147086610e985d4e8416e867) | 29 January 2014, 01:02:35 UTC |
c44d95c | Dr. Stephen Henson | 10 January 2014, 23:03:47 UTC | fix shell syntax PR#3216 (cherry picked from commit 080ae6843299c873808c04487d4ccf51624fe618) | 10 January 2014, 23:04:40 UTC |
0da40f0 | Dr. Stephen Henson | 04 January 2014, 13:50:52 UTC | Restore SSL_OP_MSIE_SSLV2_RSA_PADDING The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL 0.9.7h but deleting it will break source compatibility with any software that references it. Restore it but #define to zero. (cherry picked from commit b17d6b8d1d49fa4732deff17cfd1833616af0d9c) | 04 January 2014, 14:01:25 UTC |
7f722c9 | Dr. Stephen Henson | 10 December 2013, 00:11:06 UTC | remove obsolete STATUS file | 10 December 2013, 00:11:06 UTC |
4268216 | Dr. Stephen Henson | 09 December 2013, 23:53:28 UTC | Add release dates to NEWS | 09 December 2013, 23:53:28 UTC |
17540b7 | Dr. Stephen Henson | 27 November 2013, 15:37:39 UTC | Simplify and update openssl.spec | 27 November 2013, 15:37:39 UTC |
b70e4d3 | Dr. Stephen Henson | 21 November 2013, 15:47:19 UTC | Fixes for no-static-engine and Windows builds. | 21 November 2013, 15:49:34 UTC |
d9519a4 | Rob Stradling | 12 September 2013, 20:47:25 UTC | Update CHANGES. | 04 October 2013, 13:55:01 UTC |
5ac9786 | Rob Stradling | 10 September 2013, 12:04:05 UTC | Fix compilation with this branch's definition of SSL_CIPHER. | 04 October 2013, 13:55:01 UTC |
0b05204 | Rob Stradling | 10 September 2013, 11:46:24 UTC | Remove empty line. | 04 October 2013, 13:55:01 UTC |
a4bfeff | Rob Stradling | 10 September 2013, 11:45:34 UTC | Tidy up comments. | 04 October 2013, 13:55:01 UTC |
43433b3 | Rob Stradling | 10 September 2013, 11:43:33 UTC | Use TLS version supplied by client when fingerprinting Safari. | 04 October 2013, 13:55:01 UTC |
020a478 | Rob Stradling | 10 September 2013, 11:42:46 UTC | Backport TLS 1.1/1.2 #defines | 04 October 2013, 13:55:01 UTC |
cadbbd5 | Rob Stradling | 10 September 2013, 11:41:37 UTC | Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. | 04 October 2013, 13:55:01 UTC |
ff7b021 | Bodo Moeller | 16 September 2013, 10:59:21 UTC | Fix overly lenient comparisons: - EC_GROUP_cmp shouldn't consider curves equal just because the curve name is the same. (They really *should* be the same in this case, but there's an EC_GROUP_set_curve_name API, which could be misused.) - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates equality (not an error). Reported by: king cope (cherry picked from commit ca567a03ad4595589b6062465a8404764da4e3fa) Conflicts: Configure | 17 September 2013, 08:20:04 UTC |
e7e4d50 | Dr. Stephen Henson | 20 August 2013, 15:33:02 UTC | Correct ECDSA example. (cherry picked from commit 3a918ea2bbf4175d9461f81be1403d3781b2c0dc) | 20 August 2013, 16:31:53 UTC |
9204e7e | Michael Tuexen | 13 August 2013, 17:53:19 UTC | DTLS message_sequence number wrong in rehandshake ServerHello This fix ensures that * A HelloRequest is retransmitted if not responded by a ClientHello * The HelloRequest "consumes" the sequence number 0. The subsequent ServerHello uses the sequence number 1. * The client also expects the sequence number of the ServerHello to be 1 if a HelloRequest was received earlier. This patch fixes the RFC violation. Conflicts: ssl/d1_pkt.c (cherry picked from commit 6f87807e629ee10ec0006b39d8851af8c5ade67b) | 13 August 2013, 18:00:59 UTC |
257df40 | Michael Tuexen | 08 August 2013, 12:28:55 UTC | DTLS handshake fix. Reported by: Prashant Jaikumar <rmstar@gmail.com> Fix handling of application data received before a handshake. (cherry picked from commit 0c75eeacd3285b395dc75b65c3e6fe6ffbef59f0) | 08 August 2013, 12:33:20 UTC |
a44c9b9 | Dr. Stephen Henson | 08 April 2013, 17:03:12 UTC | Set s->d1 to NULL after freeing it. (cherry picked from commit 04638f2fc335a6dc2af8e5d556d36e29c261dcd2) | 08 April 2013, 17:40:39 UTC |
1cbd745 | Dr. Stephen Henson | 07 April 2013, 16:23:21 UTC | Print out DSA key if parameters absent. In DSA_print DSA parameters can be absent (e.g inherited) it is not a fatal error. | 07 April 2013, 21:50:55 UTC |
e1e39a2 | Dr. Stephen Henson | 19 March 2013, 13:46:28 UTC | Disable compression for DTLS. The only standard compression method is stateful and is incompatible with DTLS. (cherry picked from commit e14b8410ca882da8e9579a2d928706f894c8e1ae) | 19 March 2013, 13:48:02 UTC |
01de6e2 | Andy Polyakov | 18 March 2013, 19:03:44 UTC | x86cpuid.pl: make it work with older CPU. PR: 3005, from master | 18 March 2013, 19:03:44 UTC |
05689a1 | Michael Tuexen | 18 March 2013, 14:30:38 UTC | Avoid unnecessary fragmentation. (cherry picked from commit 80ccc66d7eedb2d06050130c77c482ae1584199a) | 18 March 2013, 14:33:27 UTC |
1643edc | Dr. Stephen Henson | 18 March 2013, 14:19:40 UTC | Encode INTEGER correctly. If an ASN1_INTEGER structure is allocated but not explicitly set encode it as zero: don't generate an invalid zero length INTEGER. | 18 March 2013, 14:19:40 UTC |
1546fb7 | Dr. Stephen Henson | 18 March 2013, 13:58:32 UTC | Typo. | 18 March 2013, 13:58:32 UTC |
b7d222c | Dr. Stephen Henson | 26 February 2013, 17:13:37 UTC | Merge branch 'OpenSSL_0_9_8-stable' of /home/steve/src/git/openssl into OpenSSL_0_9_8-stable | 26 February 2013, 17:13:37 UTC |
a93cc7c | Geoff Lowe | 26 February 2013, 17:12:13 UTC | Use orig_len, not rec->orig_len | 26 February 2013, 17:12:13 UTC |
8988407 | Nick Alcock | 15 February 2013, 17:44:11 UTC | Fix POD errors to stop make install_docs dying with pod2man 2.5.0+ podlators 2.5.0 has switched to dying on POD syntax errors. This means that a bunch of long-standing erroneous POD in the openssl documentation now leads to fatal errors from pod2man, halting installation. Unfortunately POD constraints mean that you have to sort numeric lists in ascending order if they start with 1: you cannot do 1, 0, 2 even if you want 1 to appear first. I've reshuffled such (alas, I wish there were a better way but I don't know of one). | 15 February 2013, 18:43:49 UTC |
b2afc0a | Andy Polyakov | 16 May 2011, 18:11:45 UTC | cms-test.pl: make it work with not-so-latest perl. (cherry picked from commit 9c437e2faded18b4ef6499d7041c65d6e216955b) | 14 February 2013, 15:40:55 UTC |
a8655eb | David Woodhouse | 12 February 2013, 15:09:44 UTC | Check DTLS_BAD_VER for version number. Need to check DTLS_BAD_VER as well as DTLS1_VERSION. PR:2984 (cherry picked from commit 6a14feb048c0b7ad4da341fca364171e273da325) | 12 February 2013, 15:12:52 UTC |
f751dc4 | Dr. Stephen Henson | 11 February 2013, 18:24:03 UTC | Fix for SSL_get_certificate Now we set the current certificate to the one used by a server there is no need to call ssl_get_server_send_cert which will fail if we haven't sent a certificate yet. (cherry picked from commit 147dbb2fe3bead7a10e2f280261b661ce7af7adc) | 11 February 2013, 18:27:41 UTC |
fbe621d | Dr. Stephen Henson | 11 February 2013, 18:17:50 UTC | Fix in ssltest is no-ssl2 configured (cherry picked from commit cbf9b4aed3e209fe8a39e1d6f55aaf46d1369dc4) | 11 February 2013, 18:27:33 UTC |
2e9fd43 | Dr. Stephen Henson | 11 February 2013, 15:05:49 UTC | use 10240 for tar record size | 11 February 2013, 15:20:57 UTC |
1638ce7 | Lutz Jaenicke | 11 February 2013, 10:29:05 UTC | FAQ/README: we are now using Git instead of CVS (cherry picked from commit f88dbb8385c199a2a28e9525c6bba3a64bda96af) Conflicts: INSTALL.W32 | 11 February 2013, 10:31:48 UTC |
7ecd974 | Dr. Stephen Henson | 10 February 2013, 13:30:04 UTC | Set next version. Note: it was decided that after 0.9.8y it should be 0.9.8za then 0.9.8zb etc. | 10 February 2013, 13:30:04 UTC |
db731da | Andy Polyakov | 09 February 2013, 18:38:47 UTC | ssl/s3_[clnt|srvr].c: fix warning and linking error. PR: 2979 | 09 February 2013, 18:38:47 UTC |
5864fd2 | Andy Polyakov | 08 February 2013, 20:30:52 UTC | s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal. (cherry picked from commit f93a41877d8d7a287debb7c63d7b646abaaf269c) | 08 February 2013, 20:38:06 UTC |
ff58eaa | Andy Polyakov | 08 February 2013, 15:59:26 UTC | s3_cbc.c: get rid of expensive divisions [from master]. (cherry picked from commit e9baceab5a385e570706ca98dec768b2d89d1ac6) | 08 February 2013, 16:01:55 UTC |
76c61a5 | Andy Polyakov | 08 February 2013, 11:03:16 UTC | ssl/s3_enc.c: remove artefact. | 08 February 2013, 11:03:16 UTC |
4ea7019 | Andy Polyakov | 07 February 2013, 21:47:05 UTC | ssl/[d1|s3]_pkt.c: harmomize orig_len handling. (cherry picked from commit 8545f73b8919770a5d012fe7a82d6785b69baa27) | 08 February 2013, 10:51:09 UTC |
59b1129 | Dr. Stephen Henson | 07 February 2013, 21:06:37 UTC | Fix IV check and padding removal. Fix the calculation that checks there is enough room in a record after removing padding and optional explicit IV. (by Steve) For AEAD remove the correct number of padding bytes (by Andy) (cherry picked from commit be125aa5bae0b6baac526890c835e10378b6df74) | 08 February 2013, 10:49:41 UTC |
fb092ef | Andy Polyakov | 01 February 2013, 14:31:50 UTC | ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. Kludge alert. This is arranged by passing padding length in unused bits of SSL3_RECORD->type, so that orig_len can be reconstructed. (cherry picked from commit 413cbfe68d83f9afc726b7234c49bd5ccddb97b4) | 07 February 2013, 15:03:00 UTC |
6351ade | Adam Langley | 06 February 2013, 15:50:42 UTC | Fix for EXP-RC2-CBC-MD5 MD5 should use little endian order. Fortunately the only ciphersuite affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which is a rarely used export grade ciphersuite. (cherry picked from commit ee463921ed94572b97a5e1fa8c4d88a27099347e) | 06 February 2013, 16:12:49 UTC |
8964efc | Dr. Stephen Henson | 04 February 2013, 23:31:21 UTC | prepare for release | 05 February 2013, 16:50:37 UTC |
430b637 | Dr. Stephen Henson | 04 February 2013, 23:21:50 UTC | make update | 05 February 2013, 16:50:36 UTC |
ca3b81c | Dr. Stephen Henson | 04 February 2013, 21:13:18 UTC | Fix error codes. (cherry picked from commit 35d732fc2e1badce13be22a044187ebd4d769552) | 05 February 2013, 16:50:36 UTC |
031cbec | Dr. Stephen Henson | 04 February 2013, 23:18:46 UTC | update NEWS and CHANGES | 05 February 2013, 16:50:36 UTC |
1213e6c | Andy Polyakov | 09 November 2012, 13:58:40 UTC | bn_word.c: fix overflow bug in BN_add_word. (cherry picked from commit 134c00659a1bc67ad35a1e4620e16bc4315e6e37) | 05 February 2013, 16:50:36 UTC |
3261989 | Dr. Stephen Henson | 01 February 2013, 16:05:54 UTC | update NEWS | 05 February 2013, 16:50:35 UTC |
40e0de0 | Andy Polyakov | 01 February 2013, 09:10:32 UTC | s3/s3_cbc.c: allow for compilations with NO_SHA256|512. (cherry picked from commit d5371324d978e4096bf99b9d0fe71b2cb65d9dc8) | 05 February 2013, 16:50:35 UTC |
5f9345a | Andy Polyakov | 01 February 2013, 08:59:56 UTC | ssl/s3_cbc.c: md_state alignment portability fix. RISCs are picky and alignment granted by compiler for md_state can be insufficient for SHA512. (cherry picked from commit 36260233e7e3396feed884d3f501283e0453c04f) | 05 February 2013, 16:50:35 UTC |
33ccde5 | Andy Polyakov | 01 February 2013, 08:55:43 UTC | ssl/s3_cbc.c: uint64_t portability fix. Break dependency on uint64_t. It's possible to declare bits as unsigned int, because TLS packets are limited in size and 32-bit value can't overflow. (cherry picked from commit cab13fc8473856a43556d41d8dac5605f4ba1f91) | 05 February 2013, 16:50:35 UTC |
1909df0 | Dr. Stephen Henson | 01 February 2013, 14:29:01 UTC | Don't access EVP_MD internals directly. | 05 February 2013, 16:50:35 UTC |
c23a745 | Dr. Stephen Henson | 31 January 2013, 15:19:00 UTC | Add ordinal for CRYPTO_memcmp: since this will affect multiple branches it needs to be in a "gap". | 05 February 2013, 16:50:34 UTC |
924b117 | Dr. Stephen Henson | 31 January 2013, 14:35:34 UTC | Timing fix mitigation for FIPS mode. We have to use EVP in FIPS mode so we can only partially mitigate timing differences. Make an extra call to HMAC_Update to hash additonal blocks to cover any timing differences caused by removal of padding. | 05 February 2013, 16:50:34 UTC |
24b2806 | Dr. Stephen Henson | 31 January 2013, 14:31:11 UTC | Move CRYPTO_memcmp to o_init.c when compiling with fips: cryptlib.o is in the fips module for fips capable builds. | 05 February 2013, 16:50:34 UTC |
99f5093 | Dr. Stephen Henson | 31 January 2013, 14:14:25 UTC | The cbc functions shouldn't be inside #ifdef OPENSSL_NO_TLSEXT | 05 February 2013, 16:50:34 UTC |
be88529 | Ben Laurie | 28 January 2013, 17:34:33 UTC | Update DTLS code to match CBC decoding in TLS. This change updates the DTLS code to match the constant-time CBC behaviour in the TLS. (cherry picked from commit 9f27de170d1b7bef3d46d41382dc4dafde8b3900) (cherry picked from commit 5e4ca556e970edb8a7f364fcb6ee6818a965a60b) Conflicts: ssl/d1_enc.c ssl/d1_pkt.c ssl/s3_pkt.c | 05 February 2013, 16:50:33 UTC |
b3a959a | Ben Laurie | 28 January 2013, 17:33:18 UTC | Don't crash when processing a zero-length, TLS >= 1.1 record. The previous CBC patch was bugged in that there was a path through enc() in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left at the previous value which could suggest that the packet was a sufficient length when it wasn't. (cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd) (cherry picked from commit 2c948c1bb218f4ae126e14fd3453d42c62b93235) Conflicts: ssl/s3_enc.c | 05 February 2013, 16:50:33 UTC |
2928cb4 | Ben Laurie | 30 January 2013, 16:56:30 UTC | Fixups. | 05 February 2013, 16:50:33 UTC |
a33e670 | Ben Laurie | 28 January 2013, 18:24:55 UTC | Oops. Add missing file. (cherry picked from commit 014265eb02e26f35c8db58e2ccbf100b0b2f0072) (cherry picked from commit 7721c53e5e9fe4c90be420d7613559935a96a4fb) | 05 February 2013, 16:50:33 UTC |
35a65e8 | Ben Laurie | 28 January 2013, 17:31:49 UTC | Make CBC decoding constant time. This patch makes the decoding of SSLv3 and TLS CBC records constant time. Without this, a timing side-channel can be used to build a padding oracle and mount Vaudenay's attack. This patch also disables the stitched AESNI+SHA mode pending a similar fix to that code. In order to be easy to backport, this change is implemented in ssl/, rather than as a generic AEAD mode. In the future this should be changed around so that HMAC isn't in ssl/, but crypto/ as FIPS expects. (cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e) Conflicts: crypto/evp/c_allc.c ssl/ssl_algs.c ssl/ssl_locl.h ssl/t1_enc.c (cherry picked from commit 3622239826698a0e534dcf0473204c724bb9b4b4) Conflicts: ssl/d1_enc.c ssl/s3_enc.c ssl/s3_pkt.c ssl/ssl3.h ssl/ssl_algs.c ssl/t1_enc.c | 05 February 2013, 16:50:32 UTC |
7ad132b | Andy Polyakov | 19 January 2013, 12:20:21 UTC | .gitignore adjustments | 05 February 2013, 16:50:32 UTC |
2708813 | Ben Laurie | 28 January 2013, 17:30:38 UTC | Add and use a constant-time memcmp. This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. (cherry picked from commit 2ee798880a246d648ecddadc5b91367bee4a5d98) Conflicts: crypto/crypto.h ssl/t1_lib.c (cherry picked from commit dc406b59f3169fe191e58906df08dce97edb727c) Conflicts: crypto/crypto.h ssl/d1_pkt.c ssl/s3_pkt.c | 05 February 2013, 16:50:32 UTC |
affe989 | Ben Laurie | 30 January 2013, 15:40:23 UTC | Add target so I can build. | 05 February 2013, 16:50:32 UTC |
66e8211 | Dr. Stephen Henson | 24 January 2013, 13:30:42 UTC | Don't try and verify signatures if key is NULL (CVE-2013-0166) Add additional check to catch this in ASN1_item_verify too. | 05 February 2013, 16:50:31 UTC |
dd2dee6 | Dr. Stephen Henson | 23 January 2013, 01:04:36 UTC | Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set | 23 January 2013, 01:16:59 UTC |
6495179 | Dr. Stephen Henson | 20 January 2013, 01:16:25 UTC | Don't include comp.h if no-comp set. | 20 January 2013, 01:16:25 UTC |
61b8c79 | Dr. Stephen Henson | 11 January 2013, 23:21:19 UTC | Add .gitignore | 11 January 2013, 23:21:19 UTC |
42aa3ec | Dr. Stephen Henson | 10 December 2012, 16:45:39 UTC | PR: 2888 Reported by: Daniel Black <daniel.black@openquery.com> Support renewing session tickets (backport from HEAD). | 10 December 2012, 16:45:39 UTC |
bb152da | Dr. Stephen Henson | 04 December 2012, 17:26:36 UTC | check mval for NULL too | 04 December 2012, 17:26:36 UTC |
c42ab44 | Dr. Stephen Henson | 03 December 2012, 16:33:54 UTC | fix leak | 03 December 2012, 16:33:54 UTC |
42e10c3 | Dr. Stephen Henson | 29 November 2012, 19:16:01 UTC | PR: 2803 Submitted by: jean-etienne.schwartz@bull.net In OCSP_basic_varify return an error if X509_STORE_CTX_init fails. | 29 November 2012, 19:16:01 UTC |
c571a3e | Dr. Stephen Henson | 21 November 2012, 14:01:38 UTC | PR: 2908 Submitted by: Dmitry Belyavsky <beldmit@gmail.com> Fix DH double free if parameter generation fails. | 21 November 2012, 14:01:38 UTC |
e55988b | Dr. Stephen Henson | 19 November 2012, 20:07:23 UTC | correct docs | 19 November 2012, 20:07:23 UTC |
34b5ba3 | Dr. Stephen Henson | 18 November 2012, 15:20:40 UTC | PR: 2880 Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de> Correctly handle local machine keys in the capi ENGINE. | 18 November 2012, 15:20:40 UTC |
629ac4b | Andy Polyakov | 16 October 2012, 08:22:55 UTC | aix[64]-cc: get MT support right [from HEAD]. PR: 2896 | 16 October 2012, 08:22:55 UTC |
75f0bc4 | Bodo Möller | 05 October 2012, 20:51:47 UTC | Fix EC_KEY initialization race. Submitted by: Adam Langley | 05 October 2012, 20:51:47 UTC |