openssl - Mirror of https://github.com/openssl/openssl

Age	Commit message (Collapse)	Author
2016-06-27	Change usage of RAND_pseudo_bytes to RAND_bytes	Matt Caswell
	RAND_pseudo_bytes() allows random data to be returned even in low entropy conditions. Sometimes this is ok. Many times it is not. For the avoidance of any doubt, replace existing usage of RAND_pseudo_bytes() with RAND_bytes(). Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-01-22	Run util/openssl-format-source -v -c .	Matt Caswell
	Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22	Tweaks for comments due to indent's inability to handle them	Matt Caswell
	Reviewed-by: Tim Hudson <tjh@openssl.org>
2013-01-28	Add and use a constant-time memcmp.	Ben Laurie
	This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix.
2012-05-16	s2_clnt.c: compensate for compiler bug [from HEAD].	Andy Polyakov

2009-01-07	Updatde from stable branch.	Dr. Stephen Henson

2007-09-07	Change safestack reimplementation to match 0.9.8.	Dr. Stephen Henson
	Fix additional gcc 4.2 value not used warnings.
2007-06-04	Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.	Dr. Stephen Henson

2007-04-05	Don't use a negative number as a length. Coverity ID 57.	Ben Laurie

2006-09-28	Fix buffer overflow in SSL_get_shared_ciphers() function.	Mark J. Cox
	(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] Fix SSL client code which could crash if connecting to a malicious SSLv2 server. (CVE-2006-4343) [Tavis Ormandy and Will Drewry, Google Security Team]
2005-12-05	Avoid warnings on VC++ 2005.	Dr. Stephen Henson

2005-08-14	Let the TLSv1_method() etc. functions return a const SSL_METHOD	Nils Larsch
	pointer and make the SSL_METHOD parameter in SSL_CTX_new, SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-05	Initialize SSL_METHOD structures at compile time. This removes the need	Dr. Stephen Henson
	for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-05-11	Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled	Bodo Möller
	with the SSL_OP_NO_SSLv2 option.
2005-04-29	check return value of RAND_pseudo_bytes; backport from the stable branch	Nils Larsch

2004-03-15	Constify d2i, s2i, c2i and r2i functions and other associated	Richard Levitte
	functions and macros. This change has associated tags: LEVITTE_before_const and LEVITTE_after_const. Those will be removed when this change has been properly reviewed.
2003-12-27	Avoid including cryptlib.h, it's not really needed.	Richard Levitte
	Check if IDEA is being built or not. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-10-29	A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.	Geoff Thorpe
	I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate.
2003-01-15	Really fix SSLv2 session ID handling	Lutz Jänicke
	PR: 377
2002-12-29	Fix wrong handling of session ID in SSLv2 client code.	Lutz Jänicke
	PR: 377
2002-12-21	Stop a possible memory leak.	Richard Levitte
	(I wonder why s2_connect() handles the initial buffer allocation slightly differently...) PR: 416
2002-11-15	We need to read one more byte of the REQUEST-CERTIFICATE message.	Richard Levitte
	PR: 300
2002-11-13	Security fixes brought forward from 0.9.7.	Ben Laurie

2002-09-25	really fix race conditions	Bodo Möller
	Submitted by: "Patrick McCormick" <patrick@tellme.com> PR: 262 PR: 291
2002-09-23	really fix race condition	Bodo Möller
	PR: 262
2002-08-02	get rid of OpenSSLDie	Bodo Möller

2002-07-30	OpenSSL Security Advisory [30 July 2002]	Lutz Jänicke
	Changes marked "(CHATS)" were sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.
2002-01-12	Prototype info function.	Ben Laurie

2001-11-10	make code a little more similar to what it looked like before the fixes,	Bodo Möller
	call ssl2_part_read again to parse error message
2001-11-10	Implement msg_callback for SSL 2.0.	Bodo Möller
	Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
2001-10-24	Fix SSL handshake functions and SSL_clear() such that SSL_clear()	Bodo Möller
	never resets s->method to s->ctx->method when called from within one of the SSL handshake functions.
2001-10-16	Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()	Dr. Stephen Henson
	with existing code. Modify library to use digest *_ex() functions.
2001-07-30	Really add the EVP and all of the DES changes.	Ben Laurie

2001-03-07	Fix ERR_R_... problems.	Bodo Möller

2001-02-20	Use new-style system-id macros everywhere possible. I hope I haven't	Richard Levitte
	missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.
2001-02-09	New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override	Lutz Jänicke
	the clients choice; in SSLv2 the client uses the server's preferences.
2000-11-29	Store verify_result with sessions to avoid potential security hole.	Lutz Jänicke
	For the server side this was already done one year ago :-(
2000-05-27	Bugfix: clear error queue after ignoring ssl_verify_cert_chain result.	Bodo Möller

2000-02-03	ispell (and minor modifications)	Ulf Möller

2000-01-24	Avoid a race condition.	Bodo Möller

2000-01-21	Don't "goto err" in client_master_key because no such label exists;	Bodo Möller
	just return -1 as in other error cases.
2000-01-21	Check RAND_bytes() return value or use RAND_pseudo_bytes().	Ulf Möller

2000-01-16	Add missing #ifndefs that caused missing symbols when building libssl	Ulf Möller
	as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c. Submitted by: Kris Kennaway <kris@hub.freebsd.org> Modified by Ulf Möller
2000-01-13	Precautions against using the PRNG uninitialized: RAND_bytes() now	Ulf Möller
	returns int (1 = ok, 0 = not seeded). New function RAND_add() is the same as RAND_seed() but takes an estimate of the entropy as an additional argument.
2000-01-08	Make NO_RSA compile with pedantic.	Ben Laurie

2000-01-04	Rhapsody 5.5 (a.k.a. MacOS X) compiler bug workaround. At the very least	Andy Polyakov
	passes 'make test' now:-)
1999-11-16	Store verify_result with sessions to avoid potential security hole.	Bodo Möller

1999-05-13	New structure type SESS_CERT used instead of CERT inside SSL_SESSION.	Bodo Möller
	While modifying the sources, I found some inconsistencies on the use of s->cert vs. s->session->sess_cert; I don't know if those could really have caused problems, but possibly this is a proper bug-fix and not just a clean-up.
1999-05-09	No actual change, but the cert_st member of struct ssl_session_st is now	Bodo Möller
	called sess_cert instead of just cert. This is in preparation of further changes: Probably often when s->session->sess_cert is used, we should use s->cert instead; s->session->sess_cert should be a new structure containing only the stuff that is for just one connection (e.g. the peer's certificate, which the SSL client implementations currently store in s->session->[sess_]cert, which is a very confusing thing to do). Submitted by: Reviewed by: PR:
1999-04-29	Fix a couple of cases where an attempt is made to lock an already locked	Dr. Stephen Henson
	mutex.