summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2012-04-26prepare for next versionDr. Stephen Henson
2012-04-26make updateOpenSSL_1_0_1bDr. Stephen Henson
2012-04-26prepare for 1.0.1b releaseDr. Stephen Henson
2012-04-26update NEWSDr. Stephen Henson
2012-04-26CHANGES: clarify.Andy Polyakov
2012-04-26CHANGEs: fix typos and clarify.Andy Polyakov
2012-04-25Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL andDr. Stephen Henson
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
2012-04-25s23_clnt.c: ensure interoperability by maitaining client "version capability"Andy Polyakov
vector contiguous [from HEAD]. PR: 2802
2012-04-22correct error codeDr. Stephen Henson
2012-04-22check correctness of errors before updating them so we don't get bogus ↵Dr. Stephen Henson
errors added
2012-04-22correct old FAQ answers, sync with HEADDr. Stephen Henson
2012-04-20e_rc4_hmac_md5.c: reapply commit#21726, which was erroneously omitted.Andy Polyakov
PR: 2797, 2792
2012-04-20call OPENSSL_init when calling FIPS_mode tooDr. Stephen Henson
2012-04-20make ciphers work again for FIPS buildsDr. Stephen Henson
2012-04-19e_rc4_hmac_md5.c: last commit was inappropriate for non-x86[_64] platformsAndy Polyakov
[from HEAD]. PR: 2792
2012-04-19update for next versionDr. Stephen Henson
2012-04-19prepare for 1.0.1a releaseOpenSSL_1_0_1aDr. Stephen Henson
2012-04-19update NEWSDr. Stephen Henson
2012-04-19Check for potentially exploitable overflows in asn1_d2i_read_bioDr. Stephen Henson
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19Makefile.org: clear yet another environment variable [from HEAD].Andy Polyakov
PR: 2793
2012-04-18only call FIPS_cipherinit in FIPS modeDr. Stephen Henson
2012-04-18e_rc4_hmac_md5.c: update from HEAD, fixes crash on legacy Intel CPUs.Andy Polyakov
PR: 2792
2012-04-18update NEWSDr. Stephen Henson
2012-04-18correct error codeDr. Stephen Henson
2012-04-17Disable SHA-2 ciphersuites in < TLS 1.2 connections.Bodo Möller
(TLS 1.2 clients could end up negotiating these with an OpenSSL server with TLS 1.2 disabled, which is problematic.) Submitted by: Adam Langley
2012-04-17Additional workaround for PR#2771Dr. Stephen Henson
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client ciphersuites to this value. A value of 50 should be sufficient. Document workarounds in CHANGES.
2012-04-17Partial workaround for PR#2771.Dr. Stephen Henson
Some servers hang when presented with a client hello record length exceeding 255 bytes but will work with longer client hellos if the TLS record version in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all cases...
2012-04-16OPENSSL_NO_SOCK fixes [from HEAD].Andy Polyakov
PR: 2791 Submitted by: Ben Noordhuis
2012-04-16Minor compatibility fixes [from HEAD].Andy Polyakov
PR: 2790 Submitted by: Alexei Khlebnikov
2012-04-15s3_srvr.c: fix typo [from HEAD].Andy Polyakov
PR: 2538
2012-04-15e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty fragAndy Polyakov
countermeasure [from HEAD]. PR: 2778
2012-04-12s390x asm pack: fix typos.Andy Polyakov
2012-04-11oops, macro not present in OpenSSL 1.0.2Dr. Stephen Henson
2012-04-11fix reset fixDr. Stephen Henson
2012-04-11make reinitialisation work for CMACDr. Stephen Henson
2012-04-10update rather ancient EVP digest documentationDr. Stephen Henson
2012-04-09aes-s390x.pl: fix crash in AES_set_decrypt_key in linux32-s390x build [from ↵Andy Polyakov
HEAD].
2012-04-05aes-armv4.pl: make it more foolproof [inspired by aes-s390x.pl in 1.0.1].Andy Polyakov
2012-04-05aes-s390x.pl: fix endless loop in linux32-s390x build.Andy Polyakov
2012-04-04ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444) [from HEAD].Andy Polyakov
PR: 2778
2012-03-31CHANGES: mention vpaes fix and harmonize with 1.0.0.Andy Polyakov
PR: 2775
2012-03-31PR: 2778(part)Dr. Stephen Henson
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com> Time is always encoded as 4 bytes, not sizeof(Time).
2012-03-31modes_lcl.h: make it work on i386 [from HEAD].Andy Polyakov
PR: 2780
2012-03-31vpaes-x86[_64].pl: handle zero length in vpaes_cbc_encrypt [from HEAD].Andy Polyakov
PR: 2775
2012-03-31util/cygwin.sh update [from HEAD].Andy Polyakov
PR: 2761 Submitted by: Corinna Vinschen
2012-03-30bn/bn_gf2m.c: make new BN_GF2m_mod_inv work with BN_DEBUG_RAND [from HEAD].Andy Polyakov
2012-03-29Experimental workaround to large client hello issue (see PR#2771).Dr. Stephen Henson
If OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients only.
2012-03-29perlasm/x86masm.pl: fix last fix [from HEAD].Andy Polyakov
2012-03-29ans1/tasn_prn.c: avoid bool in variable names [from HEAD].Andy Polyakov
PR: 2776
2012-03-22fix leakDr. Stephen Henson
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 00:28:57 +0000