Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-06-05 | Prepare for 1.0.1i-dev | Dr. Stephen Henson | |
2014-06-05 | Prepare for 1.0.1h releaseOpenSSL_1_0_1h | Dr. Stephen Henson | |
2014-06-05 | Update CHANGES and NEWS | Dr. Stephen Henson | |
2014-04-26 | Fix version documentation. | mancha | |
Specify -f is for compilation flags. Add -d to synopsis section. (cherry picked from commit 006397ea62bbcae22c8664d53c2222b808c4bdd1) Closes #79. | |||
2014-04-24 | Fix eckey_priv_encode() | mancha | |
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey. | |||
2014-04-22 | Fix double frees. | Ben Laurie | |
2014-04-07 | Prepare for 1.0.1h-dev | Dr. Stephen Henson | |
2014-04-07 | Prepare for 1.0.1g releaseOpenSSL_1_0_1g | Dr. Stephen Henson | |
2014-04-07 | Add heartbeat extension bounds check. | Dr. Stephen Henson | |
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix (CVE-2014-0160) | |||
2014-04-05 | Set TLS padding extension value. | Dr. Stephen Henson | |
Enable TLS padding extension using official value from: http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml (cherry picked from commit cd6bd5ffda616822b52104fee0c4c7d623fd4f53) Conflicts: CHANGES ssl/tls1.h | |||
2014-03-12 | Fix for CVE-2014-0076 | Dr. Stephen Henson | |
Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. (cherry picked from commit 2198be3483259de374f91e57d247d0fc667aef29) Conflicts: CHANGES | |||
2014-02-05 | Backport TLS padding extension from master. | Dr. Stephen Henson | |
(cherry picked from commit 8c6d8c2a498146992123ef5407d7ba01a1e7224d) Conflicts: CHANGES ssl/t1_lib.c | |||
2014-01-06 | Prepare for 1.0.1g-dev | Dr. Stephen Henson | |
2014-01-06 | Prepare for 1.0.1f releaseOpenSSL_1_0_1f | Dr. Stephen Henson | |
2014-01-06 | Fix for TLS record tampering bug CVE-2013-4353 | Dr. Stephen Henson | |
2013-12-20 | Fix DTLS retransmission from previous session. | Dr. Stephen Henson | |
For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. CVE-2013-6450. | |||
2013-09-16 | Update CHANGES. | Rob Stradling | |
2013-09-16 | Sync CHANGES and NEWS files. | Bodo Moeller | |
2013-02-11 | update CHANGES | Dr. Stephen Henson | |
2013-02-11 | prepare for next version | Dr. Stephen Henson | |
2013-02-11 | prepare for release | Dr. Stephen Henson | |
2013-02-06 | prepare for next version | Dr. Stephen Henson | |
2013-02-04 | typoOpenSSL_1_0_1d | Dr. Stephen Henson | |
2013-02-04 | typo | Dr. Stephen Henson | |
2013-02-04 | Add CHANGES entries. | Dr. Stephen Henson | |
2013-01-29 | Don't try and verify signatures if key is NULL (CVE-2013-0166) | Dr. Stephen Henson | |
Add additional check to catch this in ASN1_item_verify too. | |||
2012-12-13 | Make verify return errors. | Ben Laurie | |
2012-09-17 | Call OCSP Stapling callback after ciphersuite has been chosen, so the | Ben Laurie | |
right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836. | |||
2012-05-11 | PR: 2813 | Dr. Stephen Henson | |
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com> Fix possible deadlock when decoding public keys. | |||
2012-05-11 | PR: 2811 | Dr. Stephen Henson | |
Reported by: Phil Pennock <openssl-dev@spodhuis.org> Make renegotiation work for TLS 1.2, 1.1 by not using a lower record version client hello workaround if renegotiating. | |||
2012-05-10 | prepare for next version | Dr. Stephen Henson | |
2012-05-10 | prepare for 1.0.1c releaseOpenSSL_1_0_1c | Dr. Stephen Henson | |
2012-05-10 | Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and | Dr. Stephen Henson | |
DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333) | |||
2012-05-10 | Reported by: Solar Designer of Openwall | Dr. Stephen Henson | |
Make sure tkeylen is initialised properly when encrypting CMS messages. | |||
2012-04-26 | Don't try to use unvalidated composite ciphers in FIPS mode | Dr. Stephen Henson | |
2012-04-26 | prepare for next version | Dr. Stephen Henson | |
2012-04-26 | prepare for 1.0.1b release | Dr. Stephen Henson | |
2012-04-26 | CHANGES: clarify. | Andy Polyakov | |
2012-04-26 | CHANGEs: fix typos and clarify. | Andy Polyakov | |
2012-04-25 | Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and | Dr. Stephen Henson | |
OpenSSL 1.0.0. Add CHANGES entry noting the consequences. | |||
2012-04-25 | s23_clnt.c: ensure interoperability by maitaining client "version capability" | Andy Polyakov | |
vector contiguous [from HEAD]. PR: 2802 | |||
2012-04-19 | update for next version | Dr. Stephen Henson | |
2012-04-19 | prepare for 1.0.1a releaseOpenSSL_1_0_1a | Dr. Stephen Henson | |
2012-04-19 | Check for potentially exploitable overflows in asn1_d2i_read_bio | Dr. Stephen Henson | |
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110) | |||
2012-04-17 | Disable SHA-2 ciphersuites in < TLS 1.2 connections. | Bodo Möller | |
(TLS 1.2 clients could end up negotiating these with an OpenSSL server with TLS 1.2 disabled, which is problematic.) Submitted by: Adam Langley | |||
2012-04-17 | Additional workaround for PR#2771 | Dr. Stephen Henson | |
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client ciphersuites to this value. A value of 50 should be sufficient. Document workarounds in CHANGES. | |||
2012-03-31 | CHANGES: mention vpaes fix and harmonize with 1.0.0. | Andy Polyakov | |
PR: 2775 | |||
2012-03-22 | update version to 1.0.1a-dev | Dr. Stephen Henson | |
2012-03-14 | prepare for 1.0.1 release | Dr. Stephen Henson | |
2012-02-23 | correct CHANGESOpenSSL_1_0_1-beta3 | Dr. Stephen Henson | |