openssl - Mirror of https://github.com/openssl/openssl

Age	Commit message (Collapse)	Author
2014-06-01	Set default global mask to UTF8 only.	Dr. Stephen Henson
	(cherry picked from commit 3009244da47b989c4cc59ba02cf81a4e9d8f8431)
2014-06-01	Allocate extra space when NETSCAPE_HANG_BUG defined.	David Ramos
	Make sure there is an extra 4 bytes for server done message when NETSCAPE_HANG_BUG is defined. PR#3361 (cherry picked from commit 673c42b2380c34e7500f05e7f00c674cc677a065)
2014-05-29	Fix signed/unsigned warning.	Ben Laurie
	(cherry picked from commit 989d87cb1a174a951efd829ff6b2f68a322f9df8)
2014-05-29	Set version number correctly.	Dr. Stephen Henson
	PR#3249 (cherry picked from commit 8909bf20269035d295743fca559207ef2eb84eb3)
2014-05-29	Fix memory leak.	František Bořánek
	PR#3278 (cherry picked from commit de56fe797081fc09ebd1add06d6e2df42a324fd5)
2014-05-27	Fix for test_bn regular expression to work on Windows using MSYS. PR#3346	Peter Mosmans

2014-05-25	Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg	Matt Caswell

2014-05-25	Fix for non compilation with TLS_DEBUG defined	Matt Caswell

2014-05-21	Fix for PKCS12_create if no-rc2 specified.	Dr. Stephen Henson
	Use triple DES for certificate encryption if no-rc2 is specified. PR#3357 (cherry picked from commit 03b5b78c09fb10839a565f341cdc527c675e89ce)
2014-05-21	Change default cipher in smime app to des3.	Dr. Stephen Henson
	PR#3357 (cherry picked from commit ca3ffd9670f2b589bf8cc04923f953e06d6fbc58) Conflicts: doc/apps/smime.pod
2014-05-15	Removed note in BUGS section about AEAD ciphers - inadvertently added to ↵	Matt Caswell
	wrong branch
2014-05-14	Fix grammar error in verify pod. PR#3355	Jeffrey Walton

2014-05-14	Add information to BUGS section of enc documentation. PR#3354	Jeffrey Walton

2014-05-14	Corrected POD syntax errors. PR#3353	Michal Bozon

2014-05-12	Check sk_SSL_CIPHER_num() after assigning sk.	Kurt Roeckx

2014-05-12	Avoid out-of-bounds write in SSL_get_shared_ciphers	Günther Noack
	PR: 3317
2014-05-11	Fix infinite loop. PR#3347	Viktor Dukhovni

2014-05-11	safety check to ensure we dont send out beyond the users buffer	Tim Hudson

2014-05-08	Return an error if no recipient type matches.	Dr. Stephen Henson
	If the key type does not match any CMS recipient type return an error instead of using a random key (MMA mitigation). This does not leak any useful information to an attacker. PR#3348 (cherry picked from commit 83a3182e0560f76548f4378325393461f6275493)
2014-05-06	evp: prevent underflow in base64 decoding	Geoff Thorpe
	This patch resolves RT ticket #2608. Thanks to Robert Dugal for originally spotting this, and to David Ramos for noticing that the ball had been dropped. Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-06	bignum: allow concurrent BN_MONT_CTX_set_locked()	Geoff Thorpe
	The lazy-initialisation of BN_MONT_CTX was serialising all threads, as noted by Daniel Sands and co at Sandia. This was to handle the case that 2 or more threads race to lazy-init the same context, but stunted all scalability in the case where 2 or more threads are doing unrelated things! We favour the latter case by punishing the former. The init work gets done by each thread that finds the context to be uninitialised, and we then lock the "set" logic after that work is done - the winning thread's work gets used, the losing threads throw away what they've done. Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-06	Initialize num properly.	Dr. Stephen Henson
	PR#3289 PR#3345 (cherry picked from commit 3ba1e406c2309adb427ced9815ebf05f5b58d155)
2014-05-06	Set Enveloped data version to 2 if ktri version not zero.	Dr. Stephen Henson
	(cherry picked from commit 9c5d953a07f472452ae2cb578e39eddea2de2b9c)
2014-04-24	Add new sponsors	Steve Marquess
	(cherry picked from commit 351f0a124bffaa94d2a8abdec2e7dde5ae9c457d)
2014-04-11	Add new key fingerprint.	Dr. Stephen Henson
	(cherry picked from commit 3143a332e8f2f5ca1a6f0262a1a1a66103f2adf7)
2014-04-09	Fix free errors in ocsp utility.	Dr. Stephen Henson
	Keep copy of any host, path and port values allocated by OCSP_parse_url and free as necessary. (cherry picked from commit 5219d3dd350cc74498dd49daef5e6ee8c34d9857)
2014-04-04	Update FAQ.	Dr. Stephen Henson
	(cherry picked from commit 6cc0068430d0a4abdef0b466d422e6a4d154a5fe)
2014-04-04	Use correct length when prompting for password.	Dr. Stephen Henson
	Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in the openssl utility. Thanks to Rob Mackinnon, Leviathan Security for reporting this issue. (cherry picked from commit 7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca)
2014-04-02	Fix base64 decoding bug.	Eric Young
	A short PEM encoded sequence if passed to the BIO, and the file had 2 \n following would fail. PR#3289 (cherry picked from commit 10378fb5f4c67270b800e8f7c600cd0548874811)
2014-03-27	make update	Dr. Stephen Henson

2014-03-27	Update NEWS	Dr. Stephen Henson

2014-03-27	Update ordinals.	Dr. Stephen Henson
	Use a previously unused value as we will be updating multiple released branches. (cherry picked from commit 0737acd2a8cc688902b5151cab5dc6737b82fb96)
2014-03-27	Fix for CVE-2014-0076 backported to 0.9.8 branch	mancha
	Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. Thanks for mancha for backporting the fix to OpenSSL 0.9.8 branch.
2014-03-27	Fix alert handling.	mancha
	Fix OpenSSL 0.9.8 alert handling. PR#3038
2014-02-15	Remove duplicate statement.	Dr. Stephen Henson
	(cherry picked from commit 5a7652c3e585e970e5b778074c92e617e48fde38)
2014-01-29	Clarify docs.	Dr. Stephen Henson
	Remove reference to ERR_TXT_MALLOCED in the error library as that is only used internally. Indicate that returned error data must not be freed. (cherry picked from commit f2d678e6e89b6508147086610e985d4e8416e867)
2014-01-10	fix shell syntax PR#3216	Dr. Stephen Henson
	(cherry picked from commit 080ae6843299c873808c04487d4ccf51624fe618)
2014-01-04	Restore SSL_OP_MSIE_SSLV2_RSA_PADDING	Dr. Stephen Henson
	The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL 0.9.7h but deleting it will break source compatibility with any software that references it. Restore it but #define to zero. (cherry picked from commit b17d6b8d1d49fa4732deff17cfd1833616af0d9c)
2013-12-10	remove obsolete STATUS file	Dr. Stephen Henson

2013-12-09	Add release dates to NEWS	Dr. Stephen Henson

2013-11-27	Simplify and update openssl.spec	Dr. Stephen Henson

2013-11-21	Fixes for no-static-engine and Windows builds.	Dr. Stephen Henson

2013-10-04	Update CHANGES.	Rob Stradling

2013-10-04	Fix compilation with this branch's definition of SSL_CIPHER.	Rob Stradling

2013-10-04	Remove empty line.	Rob Stradling

2013-10-04	Tidy up comments.	Rob Stradling

2013-10-04	Use TLS version supplied by client when fingerprinting Safari.	Rob Stradling

2013-10-04	Backport TLS 1.1/1.2 #defines	Rob Stradling

2013-10-04	Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.	Rob Stradling
	OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
2013-09-17	Fix overly lenient comparisons:	Bodo Moeller
	- EC_GROUP_cmp shouldn't consider curves equal just because the curve name is the same. (They really should be the same in this case, but there's an EC_GROUP_set_curve_name API, which could be misused.) - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates equality (not an error). Reported by: king cope (cherry picked from commit ca567a03ad4595589b6062465a8404764da4e3fa) Conflicts: Configure