Skip to main content
  • Home
  • login
  • Browse the archive

    swh mirror partner logo
swh logo
SoftwareHeritage
Software
Heritage
Mirror
Features
  • Search

  • Downloads

  • Save code now

  • Add forge now

  • Help


sort by:
RevisionAuthorDateMessageCommit Date
e4ea6f0 Michal Bozon14 May 2014, 20:07:51 UTCCorrected POD syntax errors. PR#335314 May 2014, 22:00:56 UTC
a2c00fb Kurt Roeckx12 May 2014, 16:19:14 UTCCheck sk_SSL_CIPHER_num() after assigning sk.12 May 2014, 22:07:44 UTC
d06ae0f Günther Noack01 May 2014, 11:33:11 UTCAvoid out-of-bounds write in SSL_get_shared_ciphers PR: 331711 May 2014, 23:04:57 UTC
afa2ea2 Viktor Dukhovni11 May 2014, 19:28:56 UTCFix infinite loop. PR#334711 May 2014, 20:20:00 UTC
0b6394c Tim Hudson11 May 2014, 12:29:59 UTCsafety check to ensure we dont send out beyond the users buffer11 May 2014, 12:38:23 UTC
70ddf8e Dr. Stephen Henson08 May 2014, 12:17:11 UTCReturn an error if no recipient type matches. If the key type does not match any CMS recipient type return an error instead of using a random key (MMA mitigation). This does not leak any useful information to an attacker. PR#3348 (cherry picked from commit 83a3182e0560f76548f4378325393461f6275493)08 May 2014, 12:18:49 UTC
9febee0 Geoff Thorpe04 May 2014, 22:44:14 UTCevp: prevent underflow in base64 decoding This patch resolves RT ticket #2608. Thanks to Robert Dugal for originally spotting this, and to David Ramos for noticing that the ball had been dropped. Signed-off-by: Geoff Thorpe <geoff@openssl.org>06 May 2014, 22:23:54 UTC
a721216 Geoff Thorpe04 May 2014, 20:19:22 UTCbignum: allow concurrent BN_MONT_CTX_set_locked() The lazy-initialisation of BN_MONT_CTX was serialising all threads, as noted by Daniel Sands and co at Sandia. This was to handle the case that 2 or more threads race to lazy-init the same context, but stunted all scalability in the case where 2 or more threads are doing unrelated things! We favour the latter case by punishing the former. The init work gets done by each thread that finds the context to be uninitialised, and we then lock the "set" logic after that work is done - the winning thread's work gets used, the losing threads throw away what they've done. Signed-off-by: Geoff Thorpe <geoff@openssl.org>06 May 2014, 22:23:49 UTC
47f689a Dr. Stephen Henson06 May 2014, 13:07:37 UTCInitialize num properly. PR#3289 PR#3345 (cherry picked from commit 3ba1e406c2309adb427ced9815ebf05f5b58d155)06 May 2014, 13:09:26 UTC
f51f374 Dr. Stephen Henson06 May 2014, 13:02:17 UTCSet Enveloped data version to 2 if ktri version not zero. (cherry picked from commit 9c5d953a07f472452ae2cb578e39eddea2de2b9c)06 May 2014, 13:05:05 UTC
3c1128f Steve Marquess24 April 2014, 11:13:05 UTCAdd new sponsors (cherry picked from commit 351f0a124bffaa94d2a8abdec2e7dde5ae9c457d)24 April 2014, 11:31:42 UTC
8185c94 Dr. Stephen Henson11 April 2014, 01:50:51 UTCAdd new key fingerprint. (cherry picked from commit 3143a332e8f2f5ca1a6f0262a1a1a66103f2adf7)11 April 2014, 01:52:14 UTC
c61f0cb Dr. Stephen Henson09 April 2014, 14:42:40 UTCFix free errors in ocsp utility. Keep copy of any host, path and port values allocated by OCSP_parse_url and free as necessary. (cherry picked from commit 5219d3dd350cc74498dd49daef5e6ee8c34d9857)09 April 2014, 14:45:56 UTC
d90605d Dr. Stephen Henson04 April 2014, 11:46:39 UTCUpdate FAQ. (cherry picked from commit 6cc0068430d0a4abdef0b466d422e6a4d154a5fe)04 April 2014, 12:09:13 UTC
e563349 Dr. Stephen Henson04 April 2014, 11:44:43 UTCUse correct length when prompting for password. Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in the openssl utility. Thanks to Rob Mackinnon, Leviathan Security for reporting this issue. (cherry picked from commit 7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca)04 April 2014, 12:09:05 UTC
9ad5c5e Eric Young02 April 2014, 18:50:33 UTCFix base64 decoding bug. A short PEM encoded sequence if passed to the BIO, and the file had 2 \n following would fail. PR#3289 (cherry picked from commit 10378fb5f4c67270b800e8f7c600cd0548874811)02 April 2014, 18:58:25 UTC
4bc24cf Dr. Stephen Henson27 March 2014, 01:03:46 UTCmake update27 March 2014, 01:03:46 UTC
79f5776 Dr. Stephen Henson27 March 2014, 01:03:07 UTCUpdate NEWS27 March 2014, 01:03:07 UTC
d79eb92 Dr. Stephen Henson12 March 2014, 14:35:54 UTCUpdate ordinals. Use a previously unused value as we will be updating multiple released branches. (cherry picked from commit 0737acd2a8cc688902b5151cab5dc6737b82fb96)27 March 2014, 00:59:48 UTC
fff69a7 mancha27 March 2014, 00:55:08 UTCFix for CVE-2014-0076 backported to 0.9.8 branch Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. Thanks for mancha for backporting the fix to OpenSSL 0.9.8 branch.27 March 2014, 00:55:08 UTC
a375025 mancha27 March 2014, 00:47:14 UTCFix alert handling. Fix OpenSSL 0.9.8 alert handling. PR#303827 March 2014, 00:54:16 UTC
d471adf Dr. Stephen Henson15 February 2014, 01:27:56 UTCRemove duplicate statement. (cherry picked from commit 5a7652c3e585e970e5b778074c92e617e48fde38)15 February 2014, 01:31:34 UTC
2fb8642 Dr. Stephen Henson29 January 2014, 00:59:35 UTCClarify docs. Remove reference to ERR_TXT_MALLOCED in the error library as that is only used internally. Indicate that returned error data must not be freed. (cherry picked from commit f2d678e6e89b6508147086610e985d4e8416e867)29 January 2014, 01:02:35 UTC
c44d95c Dr. Stephen Henson10 January 2014, 23:03:47 UTCfix shell syntax PR#3216 (cherry picked from commit 080ae6843299c873808c04487d4ccf51624fe618)10 January 2014, 23:04:40 UTC
0da40f0 Dr. Stephen Henson04 January 2014, 13:50:52 UTCRestore SSL_OP_MSIE_SSLV2_RSA_PADDING The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL 0.9.7h but deleting it will break source compatibility with any software that references it. Restore it but #define to zero. (cherry picked from commit b17d6b8d1d49fa4732deff17cfd1833616af0d9c)04 January 2014, 14:01:25 UTC
7f722c9 Dr. Stephen Henson10 December 2013, 00:11:06 UTCremove obsolete STATUS file10 December 2013, 00:11:06 UTC
4268216 Dr. Stephen Henson09 December 2013, 23:53:28 UTCAdd release dates to NEWS09 December 2013, 23:53:28 UTC
17540b7 Dr. Stephen Henson27 November 2013, 15:37:39 UTCSimplify and update openssl.spec27 November 2013, 15:37:39 UTC
b70e4d3 Dr. Stephen Henson21 November 2013, 15:47:19 UTCFixes for no-static-engine and Windows builds.21 November 2013, 15:49:34 UTC
d9519a4 Rob Stradling12 September 2013, 20:47:25 UTCUpdate CHANGES.04 October 2013, 13:55:01 UTC
5ac9786 Rob Stradling10 September 2013, 12:04:05 UTCFix compilation with this branch's definition of SSL_CIPHER.04 October 2013, 13:55:01 UTC
0b05204 Rob Stradling10 September 2013, 11:46:24 UTCRemove empty line.04 October 2013, 13:55:01 UTC
a4bfeff Rob Stradling10 September 2013, 11:45:34 UTCTidy up comments.04 October 2013, 13:55:01 UTC
43433b3 Rob Stradling10 September 2013, 11:43:33 UTCUse TLS version supplied by client when fingerprinting Safari.04 October 2013, 13:55:01 UTC
020a478 Rob Stradling10 September 2013, 11:42:46 UTCBackport TLS 1.1/1.2 #defines04 October 2013, 13:55:01 UTC
cadbbd5 Rob Stradling10 September 2013, 11:41:37 UTCDon't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.04 October 2013, 13:55:01 UTC
ff7b021 Bodo Moeller16 September 2013, 10:59:21 UTCFix overly lenient comparisons: - EC_GROUP_cmp shouldn't consider curves equal just because the curve name is the same. (They really *should* be the same in this case, but there's an EC_GROUP_set_curve_name API, which could be misused.) - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates equality (not an error). Reported by: king cope (cherry picked from commit ca567a03ad4595589b6062465a8404764da4e3fa) Conflicts: Configure17 September 2013, 08:20:04 UTC
e7e4d50 Dr. Stephen Henson20 August 2013, 15:33:02 UTCCorrect ECDSA example. (cherry picked from commit 3a918ea2bbf4175d9461f81be1403d3781b2c0dc)20 August 2013, 16:31:53 UTC
9204e7e Michael Tuexen13 August 2013, 17:53:19 UTCDTLS message_sequence number wrong in rehandshake ServerHello This fix ensures that * A HelloRequest is retransmitted if not responded by a ClientHello * The HelloRequest "consumes" the sequence number 0. The subsequent ServerHello uses the sequence number 1. * The client also expects the sequence number of the ServerHello to be 1 if a HelloRequest was received earlier. This patch fixes the RFC violation. Conflicts: ssl/d1_pkt.c (cherry picked from commit 6f87807e629ee10ec0006b39d8851af8c5ade67b)13 August 2013, 18:00:59 UTC
257df40 Michael Tuexen08 August 2013, 12:28:55 UTCDTLS handshake fix. Reported by: Prashant Jaikumar <rmstar@gmail.com> Fix handling of application data received before a handshake. (cherry picked from commit 0c75eeacd3285b395dc75b65c3e6fe6ffbef59f0)08 August 2013, 12:33:20 UTC
a44c9b9 Dr. Stephen Henson08 April 2013, 17:03:12 UTCSet s->d1 to NULL after freeing it. (cherry picked from commit 04638f2fc335a6dc2af8e5d556d36e29c261dcd2)08 April 2013, 17:40:39 UTC
1cbd745 Dr. Stephen Henson07 April 2013, 16:23:21 UTCPrint out DSA key if parameters absent. In DSA_print DSA parameters can be absent (e.g inherited) it is not a fatal error.07 April 2013, 21:50:55 UTC
e1e39a2 Dr. Stephen Henson19 March 2013, 13:46:28 UTCDisable compression for DTLS. The only standard compression method is stateful and is incompatible with DTLS. (cherry picked from commit e14b8410ca882da8e9579a2d928706f894c8e1ae)19 March 2013, 13:48:02 UTC
01de6e2 Andy Polyakov18 March 2013, 19:03:44 UTCx86cpuid.pl: make it work with older CPU. PR: 3005, from master18 March 2013, 19:03:44 UTC
05689a1 Michael Tuexen18 March 2013, 14:30:38 UTCAvoid unnecessary fragmentation. (cherry picked from commit 80ccc66d7eedb2d06050130c77c482ae1584199a)18 March 2013, 14:33:27 UTC
1643edc Dr. Stephen Henson18 March 2013, 14:19:40 UTCEncode INTEGER correctly. If an ASN1_INTEGER structure is allocated but not explicitly set encode it as zero: don't generate an invalid zero length INTEGER.18 March 2013, 14:19:40 UTC
1546fb7 Dr. Stephen Henson18 March 2013, 13:58:32 UTCTypo.18 March 2013, 13:58:32 UTC
b7d222c Dr. Stephen Henson26 February 2013, 17:13:37 UTCMerge branch 'OpenSSL_0_9_8-stable' of /home/steve/src/git/openssl into OpenSSL_0_9_8-stable26 February 2013, 17:13:37 UTC
a93cc7c Geoff Lowe26 February 2013, 17:12:13 UTCUse orig_len, not rec->orig_len26 February 2013, 17:12:13 UTC
8988407 Nick Alcock15 February 2013, 17:44:11 UTCFix POD errors to stop make install_docs dying with pod2man 2.5.0+ podlators 2.5.0 has switched to dying on POD syntax errors. This means that a bunch of long-standing erroneous POD in the openssl documentation now leads to fatal errors from pod2man, halting installation. Unfortunately POD constraints mean that you have to sort numeric lists in ascending order if they start with 1: you cannot do 1, 0, 2 even if you want 1 to appear first. I've reshuffled such (alas, I wish there were a better way but I don't know of one).15 February 2013, 18:43:49 UTC
b2afc0a Andy Polyakov16 May 2011, 18:11:45 UTCcms-test.pl: make it work with not-so-latest perl. (cherry picked from commit 9c437e2faded18b4ef6499d7041c65d6e216955b)14 February 2013, 15:40:55 UTC
a8655eb David Woodhouse12 February 2013, 15:09:44 UTCCheck DTLS_BAD_VER for version number. Need to check DTLS_BAD_VER as well as DTLS1_VERSION. PR:2984 (cherry picked from commit 6a14feb048c0b7ad4da341fca364171e273da325)12 February 2013, 15:12:52 UTC
f751dc4 Dr. Stephen Henson11 February 2013, 18:24:03 UTCFix for SSL_get_certificate Now we set the current certificate to the one used by a server there is no need to call ssl_get_server_send_cert which will fail if we haven't sent a certificate yet. (cherry picked from commit 147dbb2fe3bead7a10e2f280261b661ce7af7adc)11 February 2013, 18:27:41 UTC
fbe621d Dr. Stephen Henson11 February 2013, 18:17:50 UTCFix in ssltest is no-ssl2 configured (cherry picked from commit cbf9b4aed3e209fe8a39e1d6f55aaf46d1369dc4)11 February 2013, 18:27:33 UTC
2e9fd43 Dr. Stephen Henson11 February 2013, 15:05:49 UTCuse 10240 for tar record size11 February 2013, 15:20:57 UTC
1638ce7 Lutz Jaenicke11 February 2013, 10:29:05 UTCFAQ/README: we are now using Git instead of CVS (cherry picked from commit f88dbb8385c199a2a28e9525c6bba3a64bda96af) Conflicts: INSTALL.W3211 February 2013, 10:31:48 UTC
7ecd974 Dr. Stephen Henson10 February 2013, 13:30:04 UTCSet next version. Note: it was decided that after 0.9.8y it should be 0.9.8za then 0.9.8zb etc.10 February 2013, 13:30:04 UTC
db731da Andy Polyakov09 February 2013, 18:38:47 UTCssl/s3_[clnt|srvr].c: fix warning and linking error. PR: 297909 February 2013, 18:38:47 UTC
5864fd2 Andy Polyakov08 February 2013, 20:30:52 UTCs3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal. (cherry picked from commit f93a41877d8d7a287debb7c63d7b646abaaf269c)08 February 2013, 20:38:06 UTC
ff58eaa Andy Polyakov08 February 2013, 15:59:26 UTCs3_cbc.c: get rid of expensive divisions [from master]. (cherry picked from commit e9baceab5a385e570706ca98dec768b2d89d1ac6)08 February 2013, 16:01:55 UTC
76c61a5 Andy Polyakov08 February 2013, 11:03:16 UTCssl/s3_enc.c: remove artefact.08 February 2013, 11:03:16 UTC
4ea7019 Andy Polyakov07 February 2013, 21:47:05 UTCssl/[d1|s3]_pkt.c: harmomize orig_len handling. (cherry picked from commit 8545f73b8919770a5d012fe7a82d6785b69baa27)08 February 2013, 10:51:09 UTC
59b1129 Dr. Stephen Henson07 February 2013, 21:06:37 UTCFix IV check and padding removal. Fix the calculation that checks there is enough room in a record after removing padding and optional explicit IV. (by Steve) For AEAD remove the correct number of padding bytes (by Andy) (cherry picked from commit be125aa5bae0b6baac526890c835e10378b6df74)08 February 2013, 10:49:41 UTC
fb092ef Andy Polyakov01 February 2013, 14:31:50 UTCssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. Kludge alert. This is arranged by passing padding length in unused bits of SSL3_RECORD->type, so that orig_len can be reconstructed. (cherry picked from commit 413cbfe68d83f9afc726b7234c49bd5ccddb97b4)07 February 2013, 15:03:00 UTC
6351ade Adam Langley06 February 2013, 15:50:42 UTCFix for EXP-RC2-CBC-MD5 MD5 should use little endian order. Fortunately the only ciphersuite affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which is a rarely used export grade ciphersuite. (cherry picked from commit ee463921ed94572b97a5e1fa8c4d88a27099347e)06 February 2013, 16:12:49 UTC
8964efc Dr. Stephen Henson04 February 2013, 23:31:21 UTCprepare for release05 February 2013, 16:50:37 UTC
430b637 Dr. Stephen Henson04 February 2013, 23:21:50 UTCmake update05 February 2013, 16:50:36 UTC
ca3b81c Dr. Stephen Henson04 February 2013, 21:13:18 UTCFix error codes. (cherry picked from commit 35d732fc2e1badce13be22a044187ebd4d769552)05 February 2013, 16:50:36 UTC
031cbec Dr. Stephen Henson04 February 2013, 23:18:46 UTCupdate NEWS and CHANGES05 February 2013, 16:50:36 UTC
1213e6c Andy Polyakov09 November 2012, 13:58:40 UTCbn_word.c: fix overflow bug in BN_add_word. (cherry picked from commit 134c00659a1bc67ad35a1e4620e16bc4315e6e37)05 February 2013, 16:50:36 UTC
3261989 Dr. Stephen Henson01 February 2013, 16:05:54 UTCupdate NEWS05 February 2013, 16:50:35 UTC
40e0de0 Andy Polyakov01 February 2013, 09:10:32 UTCs3/s3_cbc.c: allow for compilations with NO_SHA256|512. (cherry picked from commit d5371324d978e4096bf99b9d0fe71b2cb65d9dc8)05 February 2013, 16:50:35 UTC
5f9345a Andy Polyakov01 February 2013, 08:59:56 UTCssl/s3_cbc.c: md_state alignment portability fix. RISCs are picky and alignment granted by compiler for md_state can be insufficient for SHA512. (cherry picked from commit 36260233e7e3396feed884d3f501283e0453c04f)05 February 2013, 16:50:35 UTC
33ccde5 Andy Polyakov01 February 2013, 08:55:43 UTCssl/s3_cbc.c: uint64_t portability fix. Break dependency on uint64_t. It's possible to declare bits as unsigned int, because TLS packets are limited in size and 32-bit value can't overflow. (cherry picked from commit cab13fc8473856a43556d41d8dac5605f4ba1f91)05 February 2013, 16:50:35 UTC
1909df0 Dr. Stephen Henson01 February 2013, 14:29:01 UTCDon't access EVP_MD internals directly.05 February 2013, 16:50:35 UTC
c23a745 Dr. Stephen Henson31 January 2013, 15:19:00 UTCAdd ordinal for CRYPTO_memcmp: since this will affect multiple branches it needs to be in a "gap".05 February 2013, 16:50:34 UTC
924b117 Dr. Stephen Henson31 January 2013, 14:35:34 UTCTiming fix mitigation for FIPS mode. We have to use EVP in FIPS mode so we can only partially mitigate timing differences. Make an extra call to HMAC_Update to hash additonal blocks to cover any timing differences caused by removal of padding.05 February 2013, 16:50:34 UTC
24b2806 Dr. Stephen Henson31 January 2013, 14:31:11 UTCMove CRYPTO_memcmp to o_init.c when compiling with fips: cryptlib.o is in the fips module for fips capable builds.05 February 2013, 16:50:34 UTC
99f5093 Dr. Stephen Henson31 January 2013, 14:14:25 UTCThe cbc functions shouldn't be inside #ifdef OPENSSL_NO_TLSEXT05 February 2013, 16:50:34 UTC
be88529 Ben Laurie28 January 2013, 17:34:33 UTCUpdate DTLS code to match CBC decoding in TLS. This change updates the DTLS code to match the constant-time CBC behaviour in the TLS. (cherry picked from commit 9f27de170d1b7bef3d46d41382dc4dafde8b3900) (cherry picked from commit 5e4ca556e970edb8a7f364fcb6ee6818a965a60b) Conflicts: ssl/d1_enc.c ssl/d1_pkt.c ssl/s3_pkt.c05 February 2013, 16:50:33 UTC
b3a959a Ben Laurie28 January 2013, 17:33:18 UTCDon't crash when processing a zero-length, TLS >= 1.1 record. The previous CBC patch was bugged in that there was a path through enc() in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left at the previous value which could suggest that the packet was a sufficient length when it wasn't. (cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd) (cherry picked from commit 2c948c1bb218f4ae126e14fd3453d42c62b93235) Conflicts: ssl/s3_enc.c05 February 2013, 16:50:33 UTC
2928cb4 Ben Laurie30 January 2013, 16:56:30 UTCFixups.05 February 2013, 16:50:33 UTC
a33e670 Ben Laurie28 January 2013, 18:24:55 UTCOops. Add missing file. (cherry picked from commit 014265eb02e26f35c8db58e2ccbf100b0b2f0072) (cherry picked from commit 7721c53e5e9fe4c90be420d7613559935a96a4fb)05 February 2013, 16:50:33 UTC
35a65e8 Ben Laurie28 January 2013, 17:31:49 UTCMake CBC decoding constant time. This patch makes the decoding of SSLv3 and TLS CBC records constant time. Without this, a timing side-channel can be used to build a padding oracle and mount Vaudenay's attack. This patch also disables the stitched AESNI+SHA mode pending a similar fix to that code. In order to be easy to backport, this change is implemented in ssl/, rather than as a generic AEAD mode. In the future this should be changed around so that HMAC isn't in ssl/, but crypto/ as FIPS expects. (cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e) Conflicts: crypto/evp/c_allc.c ssl/ssl_algs.c ssl/ssl_locl.h ssl/t1_enc.c (cherry picked from commit 3622239826698a0e534dcf0473204c724bb9b4b4) Conflicts: ssl/d1_enc.c ssl/s3_enc.c ssl/s3_pkt.c ssl/ssl3.h ssl/ssl_algs.c ssl/t1_enc.c05 February 2013, 16:50:32 UTC
7ad132b Andy Polyakov19 January 2013, 12:20:21 UTC.gitignore adjustments05 February 2013, 16:50:32 UTC
2708813 Ben Laurie28 January 2013, 17:30:38 UTCAdd and use a constant-time memcmp. This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. (cherry picked from commit 2ee798880a246d648ecddadc5b91367bee4a5d98) Conflicts: crypto/crypto.h ssl/t1_lib.c (cherry picked from commit dc406b59f3169fe191e58906df08dce97edb727c) Conflicts: crypto/crypto.h ssl/d1_pkt.c ssl/s3_pkt.c05 February 2013, 16:50:32 UTC
affe989 Ben Laurie30 January 2013, 15:40:23 UTCAdd target so I can build.05 February 2013, 16:50:32 UTC
66e8211 Dr. Stephen Henson24 January 2013, 13:30:42 UTCDon't try and verify signatures if key is NULL (CVE-2013-0166) Add additional check to catch this in ASN1_item_verify too.05 February 2013, 16:50:31 UTC
dd2dee6 Dr. Stephen Henson23 January 2013, 01:04:36 UTCDon't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set23 January 2013, 01:16:59 UTC
6495179 Dr. Stephen Henson20 January 2013, 01:16:25 UTCDon't include comp.h if no-comp set.20 January 2013, 01:16:25 UTC
61b8c79 Dr. Stephen Henson11 January 2013, 23:21:19 UTCAdd .gitignore11 January 2013, 23:21:19 UTC
42aa3ec Dr. Stephen Henson10 December 2012, 16:45:39 UTCPR: 2888 Reported by: Daniel Black <daniel.black@openquery.com> Support renewing session tickets (backport from HEAD).10 December 2012, 16:45:39 UTC
bb152da Dr. Stephen Henson04 December 2012, 17:26:36 UTCcheck mval for NULL too04 December 2012, 17:26:36 UTC
c42ab44 Dr. Stephen Henson03 December 2012, 16:33:54 UTCfix leak03 December 2012, 16:33:54 UTC
42e10c3 Dr. Stephen Henson29 November 2012, 19:16:01 UTCPR: 2803 Submitted by: jean-etienne.schwartz@bull.net In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.29 November 2012, 19:16:01 UTC
c571a3e Dr. Stephen Henson21 November 2012, 14:01:38 UTCPR: 2908 Submitted by: Dmitry Belyavsky <beldmit@gmail.com> Fix DH double free if parameter generation fails.21 November 2012, 14:01:38 UTC
e55988b Dr. Stephen Henson19 November 2012, 20:07:23 UTCcorrect docs19 November 2012, 20:07:23 UTC
34b5ba3 Dr. Stephen Henson18 November 2012, 15:20:40 UTCPR: 2880 Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de> Correctly handle local machine keys in the capi ENGINE.18 November 2012, 15:20:40 UTC
629ac4b Andy Polyakov16 October 2012, 08:22:55 UTCaix[64]-cc: get MT support right [from HEAD]. PR: 289616 October 2012, 08:22:55 UTC
75f0bc4 Bodo Möller05 October 2012, 20:51:47 UTCFix EC_KEY initialization race. Submitted by: Adam Langley05 October 2012, 20:51:47 UTC
  • Newer
  • Older

ENEA — Copyright (C), ENEA. License: GNU AGPLv3+.
Legal notes  ::  JavaScript license information ::  Web API

back to top