Age | Commit message (Collapse) | Author | |
---|---|---|---|
2012-05-11 | PR: 2813 | Dr. Stephen Henson | |
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com> Fix possible deadlock when decoding public keys. | |||
2012-05-11 | PR: 2811 | Dr. Stephen Henson | |
Reported by: Phil Pennock <openssl-dev@spodhuis.org> Make renegotiation work for TLS 1.2, 1.1 by not using a lower record version client hello workaround if renegotiating. | |||
2012-05-10 | prepare for next version | Dr. Stephen Henson | |
2012-05-10 | prepare for 1.0.1c releaseOpenSSL_1_0_1c | Dr. Stephen Henson | |
2012-05-10 | Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and | Dr. Stephen Henson | |
DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333) | |||
2012-05-10 | Reported by: Solar Designer of Openwall | Dr. Stephen Henson | |
Make sure tkeylen is initialised properly when encrypting CMS messages. | |||
2012-04-26 | Don't try to use unvalidated composite ciphers in FIPS mode | Dr. Stephen Henson | |
2012-04-26 | prepare for next version | Dr. Stephen Henson | |
2012-04-26 | prepare for 1.0.1b release | Dr. Stephen Henson | |
2012-04-26 | CHANGES: clarify. | Andy Polyakov | |
2012-04-26 | CHANGEs: fix typos and clarify. | Andy Polyakov | |
2012-04-25 | Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and | Dr. Stephen Henson | |
OpenSSL 1.0.0. Add CHANGES entry noting the consequences. | |||
2012-04-25 | s23_clnt.c: ensure interoperability by maitaining client "version capability" | Andy Polyakov | |
vector contiguous [from HEAD]. PR: 2802 | |||
2012-04-19 | update for next version | Dr. Stephen Henson | |
2012-04-19 | prepare for 1.0.1a releaseOpenSSL_1_0_1a | Dr. Stephen Henson | |
2012-04-19 | Check for potentially exploitable overflows in asn1_d2i_read_bio | Dr. Stephen Henson | |
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110) | |||
2012-04-17 | Disable SHA-2 ciphersuites in < TLS 1.2 connections. | Bodo Möller | |
(TLS 1.2 clients could end up negotiating these with an OpenSSL server with TLS 1.2 disabled, which is problematic.) Submitted by: Adam Langley | |||
2012-04-17 | Additional workaround for PR#2771 | Dr. Stephen Henson | |
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client ciphersuites to this value. A value of 50 should be sufficient. Document workarounds in CHANGES. | |||
2012-03-31 | CHANGES: mention vpaes fix and harmonize with 1.0.0. | Andy Polyakov | |
PR: 2775 | |||
2012-03-22 | update version to 1.0.1a-dev | Dr. Stephen Henson | |
2012-03-14 | prepare for 1.0.1 release | Dr. Stephen Henson | |
2012-02-23 | correct CHANGESOpenSSL_1_0_1-beta3 | Dr. Stephen Henson | |
2012-02-16 | Fix bug in CVE-2011-4619: check we have really received a client hello | Dr. Stephen Henson | |
before rejecting multiple SGC restarts. | |||
2012-02-15 | Additional compatibility fix for MDC2 signature format. | Dr. Stephen Henson | |
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature: this will make all versions of MDC2 signature equivalent. | |||
2012-02-15 | An incompatibility has always existed between the format used for RSA | Dr. Stephen Henson | |
signatures and MDC2 using EVP or RSA_sign. This has become more apparent when the dgst utility in OpenSSL 1.0.0 and later switched to using the EVP_DigestSign functions which call RSA_sign. This means that the signature format OpenSSL 1.0.0 and later used with dgst -sign and MDC2 is incompatible with previous versions. Add detection in RSA_verify so either format works. Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice. | |||
2012-02-09 | Modify client hello version when renegotiating to enhance interop with | Dr. Stephen Henson | |
some servers. | |||
2012-01-18 | Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. | Dr. Stephen Henson | |
Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050) | |||
2012-01-17 | fix CHANGES entry | Dr. Stephen Henson | |
2012-01-05 | Update for 0.9.8s and 1.0.0f. | Bodo Möller | |
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing in the 1.0.1 branch, the actual code is here already.) | |||
2012-01-04 | update CHANGES | Dr. Stephen Henson | |
2012-01-04 | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen ↵ | Dr. Stephen Henson | |
<tuexen@fh-muenster.de> Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson. | |||
2012-01-04 | Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) | Dr. Stephen Henson | |
2012-01-04 | fix CHANGES | Dr. Stephen Henson | |
2012-01-04 | Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) | Dr. Stephen Henson | |
2012-01-04 | Check GOST parameters are not NULL (CVE-2012-0027) | Dr. Stephen Henson | |
2012-01-04 | Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) | Dr. Stephen Henson | |
2011-12-31 | update CHANGES | Dr. Stephen Henson | |
2011-12-31 | PR: 2658 | Dr. Stephen Henson | |
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Support for TLS/DTLS heartbeats. | |||
2011-12-19 | PR: 2563 | Dr. Stephen Henson | |
Submitted by: Paul Green <Paul.Green@stratus.com> Reviewed by: steve Improved PRNG seeding for VOS. | |||
2011-12-19 | update CHANGES. | Andy Polyakov | |
2011-12-19 | update CHANGES | Dr. Stephen Henson | |
2011-12-10 | remove old -attime code, new version includes all old functionality | Dr. Stephen Henson | |
2011-12-02 | Resolve a stack set-up race condition (if the list of compression | Bodo Möller | |
methods isn't presorted, it will be sorted on first read). Submitted by: Adam Langley | |||
2011-12-02 | Fix ecdsatest.c. | Bodo Möller | |
Submitted by: Emilia Kasper | |||
2011-12-02 | Fix BIO_f_buffer(). | Bodo Möller | |
Submitted by: Adam Langley Reviewed by: Bodo Moeller | |||
2011-11-15 | Add TLS exporter. | Ben Laurie | |
2011-11-15 | Add DTLS-SRTP. | Ben Laurie | |
2011-11-14 | Next Protocol Negotiation. | Ben Laurie | |
2011-10-19 | BN_BLINDING multi-threading fix. | Bodo Möller | |
Submitted by: Emilia Kasper (Google) | |||
2011-10-19 | Fix warnings. | Bodo Möller | |
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code. |