| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2012-10-04 | update CHANGESOpenSSL-fips-2_0_1 | Dr. Stephen Henson | |
| 2011-11-19 | Add flag to support cofactor ECDH | Dr. Stephen Henson | |
| 2011-11-06 | Update fips_test_suite to take multiple command line options and | Dr. Stephen Henson | |
| an induced error checking function. | |||
| 2011-11-05 | Add single call public key sign and verify functions. | Dr. Stephen Henson | |
| 2011-11-01 | Add support for multicall fips_algvs utility combining functionality | Dr. Stephen Henson | |
| of all fips test utilities in a single binary and some minimal script parsing for platforms lacking a suitable shell. In order to keep changes to the build system to a minimum it #includes all the utilities C source files (yuck). | |||
| 2011-10-19 | add authentication parameter to FIPS_module_mode_set | Dr. Stephen Henson | |
| 2011-10-19 | BN_BLINDING multi-threading fix. | Bodo Möller | |
| Submitted by: Emilia Kasper (Google) | |||
| 2011-10-19 | Fix warnings. | Bodo Möller | |
| Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code. | |||
| 2011-10-18 | Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and | Bodo Möller | |
| NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these; -DEC_NISTP224_64_GCC_128 no longer works.) Submitted by: Google Inc. | |||
| 2011-10-13 | typo | Bodo Möller | |
| 2011-10-13 | In ssl3_clear, preserve s3->init_extra along with s3->rbuf. | Bodo Möller | |
| Submitted by: Bob Buckholz <bbuckholz@google.com> | |||
| 2011-10-09 | fix CHANGES entry | Dr. Stephen Henson | |
| 2011-09-29 | Add FIPS selftests for ECDH algorithm. | Dr. Stephen Henson | |
| 2011-09-22 | Use function name FIPS_drbg_health_check() for health check function. | Dr. Stephen Henson | |
| Add explanatory comments to health check code. | |||
| 2011-09-21 | Revise DRBG to split between internal and external flags. | Dr. Stephen Henson | |
| One demand health check function. Perform generation test in fips_test_suite. Option to skip dh test if fips_test_suite. | |||
| 2011-09-14 | new function to lookup FIPS supported ciphers by NID | Dr. Stephen Henson | |
| 2011-09-12 | More extensive DRBG health check. New function to call health check | Dr. Stephen Henson | |
| for all DRBG combinations. | |||
| 2011-09-09 | Add support for Dual EC DRBG from SP800-90. Include updates to algorithm | Dr. Stephen Henson | |
| tests and POST code. | |||
| 2011-09-06 | Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past | Dr. Stephen Henson | |
| produce an error (CVE-2011-3207) | |||
| 2011-09-05 | Fix session handling. | Bodo Möller | |
| 2011-09-05 | Fix d2i_SSL_SESSION. | Bodo Möller | |
| 2011-09-05 | (EC)DH memory handling fixes. | Bodo Möller | |
| Submitted by: Adam Langley | |||
| 2011-09-05 | Fix memory leak on bad inputs. | Bodo Möller | |
| 2011-09-05 | Synchronize with 1.0.1 CHANGES file. | Bodo Möller | |
| 2011-08-26 | Add support for canonical generation of DSA parameter g. | Dr. Stephen Henson | |
| Modify fips_dssvs to support appropriate file format. | |||
| 2011-08-23 | Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. | Andy Polyakov | |
| 2011-08-14 | Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA | Dr. Stephen Henson | |
| using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites. | |||
| 2011-08-08 | Add HMAC DRBG from SP800-90 | Dr. Stephen Henson | |
| 2011-08-03 | Expand range of ctrls for AES GCM to support retrieval and setting of | Dr. Stephen Henson | |
| invocation field. Add complete support for AES GCM ciphersuites including all those in RFC5288 and RFC5289. | |||
| 2011-07-25 | Update CHANGES. | Dr. Stephen Henson | |
| 2011-07-04 | Add functions to return FIPS module version. | Dr. Stephen Henson | |
| 2011-06-15 | Fix the version history: changes going into 1.1.0 that are also going | Bodo Möller | |
| into 1.0.1 should not be listed as "changes between 1.0.1 and 1.0.0". This makes the OpenSSL_1_0_1-stable and HEAD versions of this file consistent with each other (the HEAD version has the additional 1.1.0 section, but doesn't otherwise differ). | |||
| 2011-05-30 | Output supported curves in preference order instead of numerically. | Dr. Stephen Henson | |
| 2011-05-25 | Fix the ECDSA timing attack mentioned in the paper at: | Dr. Stephen Henson | |
| http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention. | |||
| 2011-05-20 | PR: 2295 | Dr. Stephen Henson | |
| Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com> Reviewed by: steve OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code elimination. | |||
| 2011-05-19 | Add CHANGES entry: add FIPS support to ssl | Dr. Stephen Henson | |
| 2011-05-19 | Implement FIPS_mode and FIPS_mode_set | Dr. Stephen Henson | |
| 2011-05-12 | Provisional support for TLS v1.2 client authentication: client side only. | Dr. Stephen Henson | |
| Parse certificate request message and set digests appropriately. Generate new TLS v1.2 format certificate verify message. Keep handshake caches around for longer as they are needed for client auth. | |||
| 2011-05-11 | Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in | Dr. Stephen Henson | |
| the FIPS capable OpenSSL. | |||
| 2011-05-09 | Initial TLS v1.2 client support. Include a default supported signature | Dr. Stephen Henson | |
| algorithms extension (including everything we support). Swicth to new signature format where needed and relax ECC restrictions. Not TLS v1.2 client certifcate support yet but client will handle case where a certificate is requested and we don't have one. | |||
| 2011-05-06 | Continuing TLS v1.2 support: add support for server parsing of | Dr. Stephen Henson | |
| signature algorithms extension and correct signature format for server key exchange. All ciphersuites should now work on the server but no client support and no client certificate support yet. | |||
| 2011-04-29 | Initial incomplete TLS v1.2 support. New ciphersuites added, new version | Dr. Stephen Henson | |
| checking added, SHA256 PRF support added. At present only RSA key exchange ciphersuites work with TLS v1.2 as the new signature format is not yet implemented. | |||
| 2011-04-29 | Initial "opaque SSL" framework. If an application defines | Dr. Stephen Henson | |
| OPENSSL_NO_SSL_INTERN all ssl related structures are opaque and internals cannot be directly accessed. Many applications will need some modification to support this and most likely some additional functions added to OpenSSL. The advantage of this option is that any application supporting it will still be binary compatible if SSL structures change. | |||
| 2011-04-23 | Always return multiple of block length bytes from default DRBG seed | Dr. Stephen Henson | |
| callback. Handle case where no multiple of the block size is in the interval [min_len, max_len]. | |||
| 2011-04-23 | Add PRNG security strength checking. | Dr. Stephen Henson | |
| 2011-04-18 | Fix EVP CCM decrypt. Add decrypt support to algorithm test program. | Dr. Stephen Henson | |
| 2011-04-18 | Initial untested CCM support via EVP. | Dr. Stephen Henson | |
| 2011-04-15 | Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation. | Dr. Stephen Henson | |
| 2011-04-14 | Initial incomplete POST overhaul: add support for POST callback to | Dr. Stephen Henson | |
| allow status of POST to be monitored and/or failures induced. | |||
| 2011-04-12 | Provisional AES XTS support. | Dr. Stephen Henson | |
 |
index : openssl | |
| Mirror of https://github.com/openssl/openssl | matthias |
| summaryrefslogtreecommitdiffstats |