Age | Commit message (Collapse) | Author | |
---|---|---|---|
2007-09-07 | Change safestack reimplementation to match 0.9.8. | Dr. Stephen Henson | |
Fix additional gcc 4.2 value not used warnings. | |||
2007-08-31 | Update ssl code to support digests other than MD5+SHA1 in handshake. | Dr. Stephen Henson | |
Submitted by: Victor B. Wagner <vitus@cryptocom.ru> | |||
2007-08-27 | Add Google sponsorship note. | Dr. Stephen Henson | |
2007-08-23 | Update from stable branch. | Dr. Stephen Henson | |
2007-08-11 | RFC4507 (including RFC4507bis) TLS stateless session resumption support | Dr. Stephen Henson | |
for OpenSSL. | |||
2007-06-20 | CHANGES update from 098-stable. | Andy Polyakov | |
2007-06-07 | Finish gcc 4.2 changes. | Dr. Stephen Henson | |
2007-06-04 | Avoid use of function pointer casts in pem library. Modify safestack to | Dr. Stephen Henson | |
always use inline functions. | |||
2007-06-04 | Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. | Dr. Stephen Henson | |
2007-05-22 | Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 | Bodo Möller | |
2007-05-13 | More IGE speedup. | Ben Laurie | |
2007-05-13 | AES IGE mode speedup. | Ben Laurie | |
2007-04-23 | Add SEED encryption algorithm. | Bodo Möller | |
PR: 1503 Submitted by: KISA Reviewed by: Bodo Moeller | |||
2007-04-13 | Update smime utility to support streaming for -encrypt and -sign -nodetach | Dr. Stephen Henson | |
options. Add new streaming i2d (though strictly speaking it is BER format when streaming) and PEM functions. These all process content on the fly without storing it all in memory. | |||
2007-04-11 | New -mac and -macopt options to dgst utility. Reimplement -hmac option in | Dr. Stephen Henson | |
terms of new API. | |||
2007-04-11 | Update CHANGES. | Dr. Stephen Henson | |
2007-04-08 | New -sigopt option for dgst utility. | Dr. Stephen Henson | |
2007-03-28 | make BN_FLG_CONSTTIME semantics more fool-proof | Bodo Möller | |
2007-03-28 | Change to mitigate branch prediction attacks | Bodo Möller | |
Submitted by: Matthew D Wood Reviewed by: Bodo Moeller | |||
2007-03-21 | stricter session ID context matching | Bodo Möller | |
2007-02-26 | include complete 0.9.7 history | Bodo Möller | |
include release date of 0.9.8e | |||
2007-02-21 | Extend SMTP and IMAP protocol handling to perform the required | Lutz Jänicke | |
EHLO or CAPABILITY handshake before sending STARTTLS Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de> | |||
2007-02-21 | Update from 0.9.7-stable. | Dr. Stephen Henson | |
2007-02-20 | Improve ciphersuite order stability when disabling ciphersuites. | Bodo Möller | |
Change ssl_create_cipher_list() to prefer ephemeral ECDH over ephemeral DH. | |||
2007-02-19 | Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a | Bodo Möller | |
ciphersuite string such as "DEFAULT:RSA" cannot enable authentication-only ciphersuites. Also, change ssl_create_cipher_list() so that it no longer starts with an arbitrary ciphersuite ordering, but instead uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST. SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL". | |||
2007-02-17 | Reorganize the data used for SSL ciphersuite pattern matching. | Bodo Möller | |
This change resolves a number of problems and obviates multiple kludges. A new feature is that you can now say "AES256" or "AES128" (not just "AES", which enables both). In some cases the ciphersuite list generated from a given string is affected by this change. I hope this is just in those cases where the previous behaviour did not make sense. | |||
2007-02-03 | add support for DSA with SHA2 | Nils Larsch | |
2006-12-24 | Experimental streaming PKCS#7 support. | Dr. Stephen Henson | |
I thought it was about time I dusted this off. This stuff had been sitting on my hard drive for *ages* (2003 in fact). Hasn't been tested well and may not work properly. Nothing uses it at present which is just as well. Think of this as a traditional Christmas present which looks far more impressive in the adverts and on the box, some of the bits are missing and falls to bits if you play with it too much. | |||
2006-12-21 | fix typos | Nils Larsch | |
PR: 1354, 1355, 1398, 1408 | |||
2006-12-20 | add support for ecdsa-with-sha256 etc. | Nils Larsch | |
2006-12-19 | Fix the BIT STRING encoding of EC points or parameter seeds | Bodo Möller | |
(need to prevent the removal of trailing zero bits). | |||
2006-11-29 | fix support for receiving fragmented handshake messages | Bodo Möller | |
2006-11-27 | Add RFC 3779 support. | Ben Laurie | |
2006-11-21 | Update from 0.9.8 stable. Eliminate duplicate error codes. | Dr. Stephen Henson | |
2006-11-16 | Initial, incomplete support for typesafe macros without using function | Dr. Stephen Henson | |
casts. | |||
2006-10-23 | Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even | Andy Polyakov | |
recent mingw modifications. | |||
2006-09-28 | All 0.9.8d patches have been applied to HEAD now, so we no longer need | Bodo Möller | |
the redundant entries under the 0.9.9 heading. | |||
2006-09-28 | include 0.9.8d and 0.9.7l information | Bodo Möller | |
2006-09-28 | Fix ASN.1 parsing of certain invalid structures that can result | Mark J. Cox | |
in a denial of service. (CVE-2006-2937) [Steve Henson] | |||
2006-09-28 | Fix buffer overflow in SSL_get_shared_ciphers() function. | Mark J. Cox | |
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] Fix SSL client code which could crash if connecting to a malicious SSLv2 server. (CVE-2006-4343) [Tavis Ormandy and Will Drewry, Google Security Team] | |||
2006-09-21 | Tidy up CRL handling by checking for critical extensions when it is | Dr. Stephen Henson | |
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked entry to avoid the need to access the structure directly. Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be redirected. | |||
2006-09-17 | Overhaul of by_dir code to handle dynamic loading of CRLs. | Dr. Stephen Henson | |
2006-09-14 | Support for AKID in CRLs and partial support for IDP. Overhaul of CRL | Dr. Stephen Henson | |
handling to support this. | |||
2006-09-12 | Update | Bodo Möller | |
2006-09-11 | ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 | Bodo Möller | |
ciphersuite as well | |||
2006-09-06 | Every change so far that is in the 0.9.8 branch is (or should be) in HEAD | Bodo Möller | |
2006-09-05 | Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher | Mark J. Cox | |
(CVE-2006-4339) Submitted by: Ben Laurie, Google Security Team Reviewed by: bmoeller, mjc, shenson | |||
2006-08-31 | Forward port of IGE mode. | Ben Laurie | |
2006-07-25 | Support for multiple CRLs with same issuer name in X509_STORE. Modify | Dr. Stephen Henson | |
verify logic to try to use an unexpired CRL if possible. | |||
2006-07-24 | Cache some CRL related extensions. | Dr. Stephen Henson | |