| fef9e07 | Dr. Stephen Henson | 19 April 2012, 12:05:18 UTC | update FAQ | 19 April 2012, 12:05:18 UTC |
| 8ab27e6 | Dr. Stephen Henson | 19 April 2012, 11:39:03 UTC | prepare for 0.9.8v release | 19 April 2012, 11:39:03 UTC |
| 6415055 | Dr. Stephen Henson | 19 April 2012, 11:37:17 UTC | update NEWS | 19 April 2012, 11:37:17 UTC |
| 556e27b | Dr. Stephen Henson | 19 April 2012, 11:36:09 UTC | Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110) | 19 April 2012, 11:36:09 UTC |
| af0c009 | Dr. Stephen Henson | 15 April 2012, 16:48:34 UTC | use /fixed argument when linking FIPS targets to disable address space layout randomization | 15 April 2012, 16:48:34 UTC |
| 0b1cf4a | Dr. Stephen Henson | 31 March 2012, 18:02:23 UTC | PR: 2778(part) Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com> Time is always encoded as 4 bytes, not sizeof(Time). | 31 March 2012, 18:02:23 UTC |
| a9101cd | Dr. Stephen Henson | 18 March 2012, 18:18:30 UTC | Always use SSLv23_{client,server}_method in s_client.c and s_server.c, the old code came from SSLeay days before TLS was even supported. | 18 March 2012, 18:18:30 UTC |
| e351e2a | Dr. Stephen Henson | 12 March 2012, 16:35:13 UTC | prepare for next version | 12 March 2012, 16:35:13 UTC |
| 2152762 | Dr. Stephen Henson | 12 March 2012, 15:25:53 UTC | corrected fix to PR#2711 and also cover mime_param_cmp | 12 March 2012, 15:25:53 UTC |
| ddb7832 | Dr. Stephen Henson | 12 March 2012, 15:01:44 UTC | correct FAQ | 12 March 2012, 15:01:44 UTC |
| 2fad41d | Dr. Stephen Henson | 12 March 2012, 14:53:14 UTC | prepare for release | 12 March 2012, 14:53:14 UTC |
| b9c3d91 | Dr. Stephen Henson | 12 March 2012, 14:52:14 UTC | update NEWS | 12 March 2012, 14:52:14 UTC |
| 4f2fc3c | Dr. Stephen Henson | 12 March 2012, 14:51:45 UTC | Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and continue with symmetric decryption process to avoid leaking timing information to an attacker. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this issue. (CVE-2012-0884) | 12 March 2012, 14:51:45 UTC |
| 48819f4 | Dr. Stephen Henson | 12 March 2012, 14:50:55 UTC | fix error code | 12 March 2012, 14:50:55 UTC |
| b0cbdd3 | Dr. Stephen Henson | 12 March 2012, 12:46:52 UTC | manually patch missing part of PR#2756 | 12 March 2012, 12:46:52 UTC |
| 5016107 | Dr. Stephen Henson | 09 March 2012, 15:51:56 UTC | PR: 2756 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS timeout handling. | 09 March 2012, 15:51:56 UTC |
| 25d5d15 | Dr. Stephen Henson | 08 March 2012, 14:01:44 UTC | check return value of BIO_write in PKCS7_decrypt | 08 March 2012, 14:01:44 UTC |
| 725713f | Dr. Stephen Henson | 07 March 2012, 15:14:16 UTC | PR: 2755 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions. [0.9.8 version of patch] | 07 March 2012, 15:14:16 UTC |
| 73eb097 | Dr. Stephen Henson | 06 March 2012, 19:08:30 UTC | return failure code if I/O error | 06 March 2012, 19:08:30 UTC |
| 6720779 | Dr. Stephen Henson | 06 March 2012, 18:25:33 UTC | revert PR#2755: it breaks compilation | 06 March 2012, 18:25:33 UTC |
| b2a2c6a | Dr. Stephen Henson | 06 March 2012, 13:45:47 UTC | PR: 2755 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions. | 06 March 2012, 13:45:47 UTC |
| 272993b | Dr. Stephen Henson | 06 March 2012, 13:37:52 UTC | PR: 2696 Submitted by: Rob Austein <sra@hactrn.net> Fix inverted range problem in RFC3779 code. Thanks to Andrew Chi for generating test cases for this bug. [from HEAD] | 06 March 2012, 13:37:52 UTC |
| 58532ae | Dr. Stephen Henson | 06 March 2012, 13:22:32 UTC | oops, revert unrelated patches | 06 March 2012, 13:22:32 UTC |
| 4e7f6d3 | Dr. Stephen Henson | 06 March 2012, 13:20:20 UTC | PR: 2748 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix possible DTLS timer deadlock. | 06 March 2012, 13:20:20 UTC |
| f0be325 | Dr. Stephen Henson | 28 February 2012, 14:47:36 UTC | Fix memory leak cause by race condition when creating public keys. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug. | 28 February 2012, 14:47:36 UTC |
| b66af23 | Dr. Stephen Henson | 27 February 2012, 16:26:32 UTC | free headers after use in error message | 27 February 2012, 16:26:32 UTC |
| 29d0c13 | Dr. Stephen Henson | 27 February 2012, 15:23:20 UTC | Detect symmetric crypto errors in PKCS7_decrypt. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug. | 27 February 2012, 15:23:20 UTC |
| 8a4e81a | Dr. Stephen Henson | 23 February 2012, 21:50:13 UTC | PR: 2711 Submitted by: Tomas Mraz <tmraz@redhat.com> Tolerate bad MIME headers in parser. | 23 February 2012, 21:50:13 UTC |
| 843fc7b | Dr. Stephen Henson | 16 February 2012, 15:21:17 UTC | Fix bug in CVE-2011-4619: check we have really received a client hello before rejecting multiple SGC restarts. | 16 February 2012, 15:21:17 UTC |
| 6dcb6bf | Dr. Stephen Henson | 11 February 2012, 23:12:34 UTC | PR: 2703 Submitted by: Alexey Melnikov <alexey.melnikov@isode.com> Fix some memory and resource leaks in CAPI ENGINE. | 11 February 2012, 23:12:34 UTC |
| 1061c3c | Dr. Stephen Henson | 11 February 2012, 23:07:32 UTC | PR: 2705 Submitted by: Alexey Melnikov <alexey.melnikov@isode.com> Only create ex_data indices once for CAPI engine. | 11 February 2012, 23:07:32 UTC |
| 0d0f15d | Dr. Stephen Henson | 20 January 2012, 23:24:17 UTC | fix Visual Studio 2010 warning [from HEAD] (original by appro) | 20 January 2012, 23:24:17 UTC |
| a72ce94 | Dr. Stephen Henson | 18 January 2012, 14:27:13 UTC | prepare for next version | 18 January 2012, 14:27:13 UTC |
| f71d59c | Dr. Stephen Henson | 18 January 2012, 13:15:37 UTC | update FAQ | 18 January 2012, 13:15:37 UTC |
| 3309f83 | Dr. Stephen Henson | 18 January 2012, 13:14:49 UTC | prepare for release | 18 January 2012, 13:14:49 UTC |
| 6cc5f19 | Dr. Stephen Henson | 18 January 2012, 13:13:31 UTC | update NEWS | 18 January 2012, 13:13:31 UTC |
| 096327a | Dr. Stephen Henson | 18 January 2012, 13:12:08 UTC | Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050) | 18 January 2012, 13:12:08 UTC |
| cc10bcf | Dr. Stephen Henson | 17 January 2012, 14:18:26 UTC | fix CHANGES entry | 17 January 2012, 14:18:26 UTC |
| 875ac0e | Dr. Stephen Henson | 10 January 2012, 14:37:00 UTC | fix warning | 10 January 2012, 14:37:00 UTC |
| bf240f0 | Bodo Möller | 05 January 2012, 13:15:29 UTC | Fix usage indentation | 05 January 2012, 13:15:29 UTC |
| dd016b0 | Bodo Möller | 05 January 2012, 10:21:49 UTC | Fix for builds without DTLS support. Submitted by: Brian Carlstrom | 05 January 2012, 10:21:49 UTC |
| 2447884 | Dr. Stephen Henson | 04 January 2012, 23:56:13 UTC | update for next version | 04 January 2012, 23:56:13 UTC |
| a958083 | Dr. Stephen Henson | 04 January 2012, 19:23:07 UTC | update FAQ | 04 January 2012, 19:23:07 UTC |
| b3cebd5 | Dr. Stephen Henson | 04 January 2012, 19:20:49 UTC | prepare for 0.9.8s release | 04 January 2012, 19:20:49 UTC |
| 7b77514 | Dr. Stephen Henson | 04 January 2012, 19:16:11 UTC | update NEWS | 04 January 2012, 19:16:11 UTC |
| 7183aa6 | Dr. Stephen Henson | 04 January 2012, 19:12:39 UTC | make update | 04 January 2012, 19:12:39 UTC |
| eebefe3 | Dr. Stephen Henson | 04 January 2012, 19:10:16 UTC | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson. | 04 January 2012, 19:10:16 UTC |
| 1db0bbd | Dr. Stephen Henson | 04 January 2012, 19:00:28 UTC | Fix double free in policy check code (CVE-2011-4109) | 04 January 2012, 19:00:28 UTC |
| e643112 | Dr. Stephen Henson | 04 January 2012, 18:54:17 UTC | Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) | 04 January 2012, 18:54:17 UTC |
| 21c4b25 | Dr. Stephen Henson | 04 January 2012, 18:52:18 UTC | Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) | 04 January 2012, 18:52:18 UTC |
| 41cf2c3 | Dr. Stephen Henson | 04 January 2012, 18:45:18 UTC | stop warning | 04 January 2012, 18:45:18 UTC |
| 0e3a930 | Dr. Stephen Henson | 04 January 2012, 18:44:20 UTC | Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) | 04 January 2012, 18:44:20 UTC |
| 0c214e0 | Dr. Stephen Henson | 04 January 2012, 14:25:10 UTC | Submitted by: Adam Langley <agl@chromium.org> Reviewed by: steve Fix memory leaks. | 04 January 2012, 14:25:10 UTC |
| 6c61cfb | Dr. Stephen Henson | 26 December 2011, 19:38:28 UTC | PR: 2326 Submitted by: Tianjie Mao <tjmao@tjmao.net> Reviewed by: steve Fix incorrect comma expressions and goto f_err as alert has been set. | 26 December 2011, 19:38:28 UTC |
| 2ee77d3 | Andy Polyakov | 09 December 2011, 14:28:48 UTC | x86-mont.pl: fix bug in integer-only squaring path [from HEAD]. PR: 2648 | 09 December 2011, 14:28:48 UTC |
| 24f441e | Dr. Stephen Henson | 06 December 2011, 00:01:09 UTC | The default CN prompt message can be confusing when often the CN needs to be the server FQDN: change it. [Reported by PSW Group] | 06 December 2011, 00:01:09 UTC |
| 740da44 | Bodo Möller | 02 December 2011, 12:50:44 UTC | Resolve a stack set-up race condition (if the list of compression methods isn't presorted, it will be sorted on first read). Submitted by: Adam Langley | 02 December 2011, 12:50:44 UTC |
| 72033fd | Bodo Möller | 02 December 2011, 12:40:25 UTC | Fix ecdsatest.c. Submitted by: Emilia Kasper | 02 December 2011, 12:40:25 UTC |
| 9adf3fc | Bodo Möller | 02 December 2011, 12:23:57 UTC | Fix BIO_f_buffer(). Submitted by: Adam Langley Reviewed by: Bodo Moeller | 02 December 2011, 12:23:57 UTC |
| 65f7456 | Andy Polyakov | 05 November 2011, 10:17:06 UTC | ppc.pl: fix bug in bn_mul_comba4 [from HEAD]. PR: 2636 Submitted by: Charles Bryant | 05 November 2011, 10:17:06 UTC |
| 8794569 | Dr. Stephen Henson | 27 October 2011, 13:06:26 UTC | PR: 2628 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Send alert instead of assertion failure for incorrectly formatted DTLS fragments. | 27 October 2011, 13:06:26 UTC |
| f8731bc | Dr. Stephen Henson | 26 October 2011, 16:42:48 UTC | PR: 2632 Submitted by: emmanuel.azencot@bull.net Reviewed by: steve Return -1 immediately if not affine coordinates as BN_CTX has not been set up. | 26 October 2011, 16:42:48 UTC |
| 195d6bf | Bodo Möller | 19 October 2011, 14:57:59 UTC | BN_BLINDING multi-threading fix. Submitted by: Emilia Kasper (Google) | 19 October 2011, 14:57:59 UTC |
| dacd94b | Bodo Möller | 19 October 2011, 13:53:41 UTC | Oops: this change (http://cvs.openssl.org/chngview?cn=21503) wasn't right for 0.9.8-stable (it's actually a fix for http://cvs.openssl.org/chngview?cn=14494, which introduced SSL_CTRL_SET_MAX_SEND_FRAGMENT). | 19 October 2011, 13:53:41 UTC |
| 8070cb5 | Bodo Möller | 13 October 2011, 13:24:13 UTC | Clarify warning | 13 October 2011, 13:24:13 UTC |
| f7d514f | Bodo Möller | 13 October 2011, 13:04:40 UTC | In ssl3_clear, preserve s3->init_extra along with s3->rbuf. Submitted by: Bob Buckholz <bbuckholz@google.com> | 13 October 2011, 13:04:40 UTC |
| 6d50bce | Dr. Stephen Henson | 09 October 2011, 00:56:18 UTC | PR: 2482 Submitted by: Rob Austein <sra@hactrn.net> Reviewed by: steve Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann. | 09 October 2011, 00:56:18 UTC |
| 3cf0a38 | Dr. Stephen Henson | 26 September 2011, 17:05:00 UTC | fix signed/unsigned warning | 26 September 2011, 17:05:00 UTC |
| 91a1d08 | Dr. Stephen Henson | 23 September 2011, 21:49:08 UTC | use keyformat for -x509toreq, don't hard code PEM | 23 September 2011, 21:49:08 UTC |
| 85e7768 | Dr. Stephen Henson | 23 September 2011, 13:40:06 UTC | PR: 2606 Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de> Reviewed by: steve Handle timezones correctly in UTCTime. | 23 September 2011, 13:40:06 UTC |
| fc40153 | Dr. Stephen Henson | 23 September 2011, 13:35:32 UTC | PR: 2602 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS bug which prevents manual MTU setting | 23 September 2011, 13:35:32 UTC |
| 6ec9ff8 | Dr. Stephen Henson | 23 September 2011, 13:13:02 UTC | PR: 2347 Submitted by: Tomas Mraz <tmraz@redhat.com> Reviewed by: steve Fix usage message. | 23 September 2011, 13:13:02 UTC |
| db45308 | Bodo Möller | 05 September 2011, 10:25:15 UTC | (EC)DH memory handling fixes. Submitted by: Adam Langley | 05 September 2011, 10:25:15 UTC |
| 1c7c69a | Bodo Möller | 05 September 2011, 09:56:48 UTC | Fix memory leak on bad inputs. | 05 September 2011, 09:56:48 UTC |
| 24ad061 | Bodo Möller | 05 September 2011, 09:52:58 UTC | Move OPENSSL_init declaration out of auto-generated code section (it is not auto-generated). | 05 September 2011, 09:52:58 UTC |
| 92f96fa | Dr. Stephen Henson | 02 September 2011, 11:20:49 UTC | PR: 2576 Submitted by: Doug Goldstein <cardoe@gentoo.org> Reviewed by: steve Include header file stdlib.h which is needed on some platforms to get getenv() declaration. | 02 September 2011, 11:20:49 UTC |
| 0d1e362 | Dr. Stephen Henson | 01 September 2011, 15:03:10 UTC | PR: 2340 Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar> Reviewed by: steve Stop warnings if OPENSSL_NO_DGRAM is defined. | 01 September 2011, 15:03:10 UTC |
| a0bf2c8 | Dr. Stephen Henson | 01 September 2011, 14:23:41 UTC | make timing attack protection unconditional | 01 September 2011, 14:23:41 UTC |
| 6a662a4 | Dr. Stephen Henson | 01 September 2011, 14:01:36 UTC | PR: 2573 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug. | 01 September 2011, 14:01:36 UTC |
| 24d0524 | Dr. Stephen Henson | 01 September 2011, 13:48:48 UTC | PR: 2588 Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com> Reviewed by: steve Close file pointer. | 01 September 2011, 13:48:48 UTC |
| c081817 | Dr. Stephen Henson | 01 September 2011, 13:37:11 UTC | PR: 2586 Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com> Reviewed by: steve Fix brace mismatch. | 01 September 2011, 13:37:11 UTC |
| 46a1f24 | Dr. Stephen Henson | 20 July 2011, 15:20:19 UTC | PR: 2559 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS socket error bug | 20 July 2011, 15:20:19 UTC |
| ac02a4b | Dr. Stephen Henson | 20 July 2011, 15:17:20 UTC | PR: 2555 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS sequence number bug | 20 July 2011, 15:17:20 UTC |
| 4ba063d | Dr. Stephen Henson | 20 July 2011, 15:12:58 UTC | PR: 2550 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS HelloVerifyRequest Timer bug | 20 July 2011, 15:12:58 UTC |
| e0e0818 | Andy Polyakov | 15 July 2011, 19:59:31 UTC | config: detect if assembler supports --noexecstack and pass it down [from HEAD]. | 15 July 2011, 19:59:31 UTC |
| 82a5049 | Dr. Stephen Henson | 14 July 2011, 12:01:08 UTC | PR: 2556 (partial) Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de> Reviewed by: steve Fix OID routines. Check on encoding leading zero rejection should start at beginning of encoding. Allow for initial digit when testing when to use BIGNUMs which can increase first value by 2 * 40. | 14 July 2011, 12:01:08 UTC |
| d027b75 | Andy Polyakov | 13 July 2011, 06:25:15 UTC | perlasm/cbc.pl: fix tail processing bug [from HEAD]. PR: 2557 | 13 July 2011, 06:25:15 UTC |
| 87421d3 | Dr. Stephen Henson | 22 June 2011, 15:46:37 UTC | PR: 2471 Submitted by: Corinna Vinschen util/cygwin.sh: maintainer's update [from HEAD]. | 22 June 2011, 15:46:37 UTC |
| 87d14a3 | Dr. Stephen Henson | 22 June 2011, 15:39:19 UTC | PR: 2470 Submitted by: Corinna Vinschen <vinschen@redhat.com> Reviewed by: steve Don't call ERR_remove_state from DllMain. | 22 June 2011, 15:39:19 UTC |
| cc0931e | Dr. Stephen Henson | 22 June 2011, 15:29:36 UTC | PR: 2543 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Correctly handle errors in DTLSv1_handle_timeout() | 22 June 2011, 15:29:36 UTC |
| 22152d6 | Dr. Stephen Henson | 22 June 2011, 15:23:20 UTC | PR: 2540 Submitted by: emmanuel.azencot@bull.net Reviewed by: steve Prevent infinite loop in BN_GF2m_mod_inv(). | 22 June 2011, 15:23:20 UTC |
| 102bcbc | Dr. Stephen Henson | 22 June 2011, 15:15:20 UTC | correctly encode OIDs near 2^32 | 22 June 2011, 15:15:20 UTC |
| 8655de4 | Andy Polyakov | 06 June 2011, 19:58:21 UTC | rc4_skey.c [0.9.8]: at some point rc4_skey and x86[_64]cpuid were modified to examine bit#20 on x86[_64], but it was erroneously reverted to bit#28 in 2008 in process of FIPS integration. | 06 June 2011, 19:58:21 UTC |
| c4b2eb2 | Dr. Stephen Henson | 25 May 2011, 15:15:43 UTC | PR: 2529 Submitted by: Marcus Meissner <meissner@suse.de> Reviewed by: steve Call ssl_new() to reallocate SSL BIO internals if we want to replace the existing internal SSL structure. | 25 May 2011, 15:15:43 UTC |
| 03e3fbb | Dr. Stephen Henson | 25 May 2011, 15:06:32 UTC | PR: 2527 Submitted by: Marcus Meissner <meissner@suse.de> Reviewed by: steve Set cnf to NULL to avoid possible double free. | 25 May 2011, 15:06:32 UTC |
| bc7ee38 | Dr. Stephen Henson | 25 May 2011, 14:52:54 UTC | Fix the ECDSA timing attack mentioned in the paper at: http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention. | 25 May 2011, 14:52:54 UTC |
| 1e368ab | Dr. Stephen Henson | 25 May 2011, 14:43:47 UTC | Fix the ECDSA timing attack mentioned in the paper at: http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention. | 25 May 2011, 14:43:47 UTC |
| 2c77c5c | Dr. Stephen Henson | 25 May 2011, 14:29:39 UTC | Oops use up to date patch for PR#2506 | 25 May 2011, 14:29:39 UTC |
| 1eb38c5 | Dr. Stephen Henson | 25 May 2011, 12:28:42 UTC | PR: 2506 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fully implement SSL_clear for DTLS. | 25 May 2011, 12:28:42 UTC |
| fa65787 | Dr. Stephen Henson | 25 May 2011, 12:24:03 UTC | PR: 2505 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS session resumption timer bug. | 25 May 2011, 12:24:03 UTC |
