| 91bad2b | Dr. Stephen Henson | 29 March 2010, 13:11:54 UTC | Prepare for 1.0.0 release - finally ;-) | 29 March 2010, 13:11:54 UTC |
| 1244d5b | Andy Polyakov | 29 March 2010, 09:59:58 UTC | ARMv4 assembler: [unconfirmed] fix for compilation failure [from HEAD]. | 29 March 2010, 09:59:58 UTC |
| c0ed5cd | Andy Polyakov | 29 March 2010, 09:50:33 UTC | dso_dlfcn.c: fix compile failure on Tru64 [from HEAD]. | 29 March 2010, 09:50:33 UTC |
| c8281fd | Dr. Stephen Henson | 28 March 2010, 00:42:29 UTC | PR: 1696 Check return value if d2i_PBEPARAM(). | 28 March 2010, 00:42:29 UTC |
| fe8e6bf | Dr. Stephen Henson | 27 March 2010, 23:28:23 UTC | PR: 1763 Remove useless num = 0 assignment. Remove redundant cases on sock_ctrl(): default case handles them. | 27 March 2010, 23:28:23 UTC |
| 9caf25d | Dr. Stephen Henson | 27 March 2010, 19:27:51 UTC | PR: 1904 Submitted by: David Woodhouse <dwmw2@infradead.org> Pass passphrase minimum length down to UI. | 27 March 2010, 19:27:51 UTC |
| 348620c | Dr. Stephen Henson | 27 March 2010, 18:28:13 UTC | PR: 1813 Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com> Fix memory leak when engine name cannot be loaded. | 27 March 2010, 18:28:13 UTC |
| 30fc2ab | Dr. Stephen Henson | 25 March 2010, 12:07:45 UTC | update FAQ | 25 March 2010, 12:07:45 UTC |
| 5b5464d | Bodo Möller | 25 March 2010, 11:22:42 UTC | Fix for "Record of death" vulnerability CVE-2010-0740. Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010). | 25 March 2010, 11:22:42 UTC |
| cd15a05 | Dr. Stephen Henson | 24 March 2010, 23:42:20 UTC | initialise buf if wrong_info not used | 24 March 2010, 23:42:20 UTC |
| 7b52778 | Dr. Stephen Henson | 24 March 2010, 23:16:49 UTC | PR: 1731 and maybe 2197 Clear error queue in a few places in SSL code where errors are expected so they don't stay in the queue. | 24 March 2010, 23:16:49 UTC |
| 162de2f | Andy Polyakov | 22 March 2010, 22:44:35 UTC | rand_win.c: fix logical bug in readscreen [from HEAD]. | 22 March 2010, 22:44:35 UTC |
| f6e4af6 | Andy Polyakov | 22 March 2010, 22:39:46 UTC | bss_file.c: fix MSC 6.0 warning [from HEAD]. | 22 March 2010, 22:39:46 UTC |
| 32b76dc | Andy Polyakov | 15 March 2010, 22:29:20 UTC | e_capi.c: fix typo. | 15 March 2010, 22:29:20 UTC |
| bcfd252 | Andy Polyakov | 15 March 2010, 22:26:33 UTC | Fix UPLINK typo [from HEAD]. | 15 March 2010, 22:26:33 UTC |
| 32c4527 | Dr. Stephen Henson | 15 March 2010, 13:09:39 UTC | workaround for missing definition in some headers | 15 March 2010, 13:09:39 UTC |
| 118b90c | Dr. Stephen Henson | 12 March 2010, 12:48:46 UTC | PR: 2192 Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk> The prompt_info and wrong_info parameters can be empty strings which can produce confusing prompts. Treat empty string same as NULL. | 12 March 2010, 12:48:46 UTC |
| f6a61b1 | Dr. Stephen Henson | 12 March 2010, 12:07:05 UTC | missing goto meant signature was never printed out | 12 March 2010, 12:07:05 UTC |
| 75ece4b | Dr. Stephen Henson | 10 March 2010, 13:48:21 UTC | don't leave bogus errors in the queue | 10 March 2010, 13:48:21 UTC |
| 724cca4 | Dr. Stephen Henson | 09 March 2010, 17:23:51 UTC | make update | 09 March 2010, 17:23:51 UTC |
| 5b3fdb0 | Dr. Stephen Henson | 09 March 2010, 17:18:17 UTC | PR: 2188 Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk> Add "missing" functions to get and set prompt constructor. | 09 March 2010, 17:18:17 UTC |
| fcc3d02 | Dr. Stephen Henson | 09 March 2010, 17:08:39 UTC | PR: 2186 Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch@tecsys.com> Detect aix64-gcc | 09 March 2010, 17:08:39 UTC |
| 5356ea7 | Dr. Stephen Henson | 08 March 2010, 23:47:57 UTC | reserve a few more bits for future cipher modes | 08 March 2010, 23:47:57 UTC |
| 06226df | Dr. Stephen Henson | 07 March 2010, 16:40:19 UTC | The OID sanity check was incorrect. It should only disallow *leading* 0x80 values. | 07 March 2010, 16:40:19 UTC |
| bf638ef | Dr. Stephen Henson | 06 March 2010, 20:47:45 UTC | don't add digest alias if signature algorithm is undefined | 06 March 2010, 20:47:45 UTC |
| 07973d5 | Dr. Stephen Henson | 05 March 2010, 13:33:43 UTC | Fix memory leak: free up ENGINE functional reference if digest is not found in an ENGINE. | 05 March 2010, 13:33:43 UTC |
| 3b3f711 | Dr. Stephen Henson | 03 March 2010, 19:56:17 UTC | PR: 2183 PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms. Include original HAVE_FORK detection logic while allowing it to be overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0 | 03 March 2010, 19:56:17 UTC |
| 47333a3 | Dr. Stephen Henson | 03 March 2010, 15:41:00 UTC | Submitted by: Tomas Hoger <thoger@redhat.com> Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted). | 03 March 2010, 15:41:00 UTC |
| d92138f | Dr. Stephen Henson | 03 March 2010, 15:30:26 UTC | don't mix definitions and code | 03 March 2010, 15:30:26 UTC |
| b2bf335 | Andy Polyakov | 02 March 2010, 16:25:10 UTC | Fix s390x-specific HOST_l2c|c2l [from HEAD]. Submitted by: Andreas Krebbel | 02 March 2010, 16:25:10 UTC |
| 33bec62 | Dr. Stephen Henson | 01 March 2010, 23:54:34 UTC | PR: 2178 Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com> Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL returns 1. | 01 March 2010, 23:54:34 UTC |
| 2e630b1 | Dr. Stephen Henson | 01 March 2010, 14:22:02 UTC | use supplied ENGINE in genrsa | 01 March 2010, 14:22:02 UTC |
| 002d3fe | Dr. Stephen Henson | 01 March 2010, 03:01:56 UTC | use correct prototype as in HEAD | 01 March 2010, 03:01:56 UTC |
| fb24311 | Dr. Stephen Henson | 01 March 2010, 01:52:47 UTC | 'typo' | 01 March 2010, 01:52:47 UTC |
| 9027843 | Dr. Stephen Henson | 01 March 2010, 01:19:36 UTC | make USE_CRYPTODEV_DIGESTS work | 01 March 2010, 01:19:36 UTC |
| bcd9d12 | Ben Laurie | 28 February 2010, 13:38:16 UTC | Fix warning. | 28 February 2010, 13:38:16 UTC |
| 7936333 | Dr. Stephen Henson | 28 February 2010, 00:24:24 UTC | algorithms field has changed in 1.0.0 and later: update | 28 February 2010, 00:24:24 UTC |
| fbe2c6b | Dr. Stephen Henson | 27 February 2010, 23:04:10 UTC | Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and 1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos ciphersuite bugs introduced with PR:1336." | 27 February 2010, 23:04:10 UTC |
| fc11f47 | Dr. Stephen Henson | 26 February 2010, 14:41:48 UTC | Revert CFB block length change. Despite what SP800-38a says the input to CFB mode does *not* have to be a multiple of the block length and several other specifications (e.g. PKCS#11) do not require this. | 26 February 2010, 14:41:48 UTC |
| 2b23d89 | Dr. Stephen Henson | 26 February 2010, 12:14:30 UTC | oops, use correct date | 26 February 2010, 12:14:30 UTC |
| 9cfa3cf | Dr. Stephen Henson | 25 February 2010, 18:21:20 UTC | update FAQ, NEWS | 25 February 2010, 18:21:20 UTC |
| 6507653 | Dr. Stephen Henson | 23 February 2010, 14:09:22 UTC | The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in the verify application documentation. | 23 February 2010, 14:09:22 UTC |
| 7fe747d | Bodo Möller | 23 February 2010, 10:36:30 UTC | Always check bn_wexpend() return values for failure (CVE-2009-3245). (The CHANGES entry covers the change from PR #2111 as well, submitted by Martin Olsson.) Submitted by: Neel Mehta | 23 February 2010, 10:36:30 UTC |
| 32567c9 | Bodo Möller | 19 February 2010, 18:26:23 UTC | Fix X509_STORE locking | 19 February 2010, 18:26:23 UTC |
| 4f3d52f | Dr. Stephen Henson | 18 February 2010, 12:41:50 UTC | clarify documentation | 18 February 2010, 12:41:50 UTC |
| 8321bab | Dr. Stephen Henson | 17 February 2010, 19:43:46 UTC | OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved | 17 February 2010, 19:43:46 UTC |
| 9892388 | Dr. Stephen Henson | 17 February 2010, 18:38:10 UTC | Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as initial connection to unpatched servers. There are no additional security concerns in doing this as clients don't see renegotiation during an attack anyway. | 17 February 2010, 18:38:10 UTC |
| 9051fc5 | Dr. Stephen Henson | 17 February 2010, 14:32:25 UTC | PR: 2100 Submitted by: James Baker <jbaker@tableausoftware.com> et al. Workaround for slow Heap32Next on some versions of Windows. | 17 February 2010, 14:32:25 UTC |
| 03fd7f2 | Dr. Stephen Henson | 16 February 2010, 14:30:19 UTC | Submitted by: Dmitry Ivanov <vonami@gmail.com> Don't leave dangling pointers in GOST engine if calls fail. | 16 February 2010, 14:30:19 UTC |
| 45d6a15 | Dr. Stephen Henson | 16 February 2010, 14:20:40 UTC | PR: 2171 Submitted by: Tomas Mraz <tmraz@redhat.com> Since SSLv2 doesn't support renegotiation at all don't reject it if legacy renegotiation isn't enabled. Also can now use SSL2 compatible client hello because RFC5746 supports it. | 16 February 2010, 14:20:40 UTC |
| 6c6ca18 | Dr. Stephen Henson | 15 February 2010, 19:40:30 UTC | The "block length" for CFB mode was incorrectly coded as 1 all the time. It should be the number of feedback bits expressed in bytes. For CFB1 mode set this to 1 by rounding up to the nearest multiple of 8. | 15 February 2010, 19:40:30 UTC |
| 97fe2b4 | Dr. Stephen Henson | 15 February 2010, 19:25:52 UTC | Correct ECB mode EVP_CIPHER definition: IV length is 0 | 15 February 2010, 19:25:52 UTC |
| f689ab5 | Dr. Stephen Henson | 15 February 2010, 19:17:55 UTC | add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable | 15 February 2010, 19:17:55 UTC |
| edb7cac | Dr. Stephen Henson | 15 February 2010, 19:01:56 UTC | PR: 2164 Submitted by: "Noszticzius, Istvan" <inoszticzius@rightnow.com> Don't clear the output buffer: ciphers should correctly the same input and output buffers. | 15 February 2010, 19:01:56 UTC |
| 81d87a2 | Dr. Stephen Henson | 12 February 2010, 21:59:57 UTC | update references to new RI RFC | 12 February 2010, 21:59:57 UTC |
| 7366f0b | Dr. Stephen Henson | 12 February 2010, 17:07:24 UTC | PR: 2170 Submitted by: Magnus Lilja <lilja.magnus@gmail.com> Make -c option in dgst work again. | 12 February 2010, 17:07:24 UTC |
| 1d8fa09 | Dr. Stephen Henson | 12 February 2010, 17:02:13 UTC | Make assembly language versions of OPENSSL_cleanse() accept zero length parameter. Backport from HEAD, orginal by appro. | 12 February 2010, 17:02:13 UTC |
| e085e6c | Dr. Stephen Henson | 09 February 2010, 14:17:57 UTC | Fix memory leak in ENGINE autoconfig code. Improve error logging. | 09 February 2010, 14:17:57 UTC |
| 008fa45 | Dr. Stephen Henson | 09 February 2010, 14:13:00 UTC | update year | 09 February 2010, 14:13:00 UTC |
| c8c4913 | Dr. Stephen Henson | 07 February 2010, 13:54:54 UTC | oops, use new value for new flag | 07 February 2010, 13:54:54 UTC |
| 961f1de | Dr. Stephen Henson | 07 February 2010, 13:47:08 UTC | make update | 07 February 2010, 13:47:08 UTC |
| 1700426 | Dr. Stephen Henson | 07 February 2010, 13:41:23 UTC | Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy an EVP_CIPHER_CTX structure which may have problems with external ENGINEs who need to duplicate internal handles etc. | 07 February 2010, 13:41:23 UTC |
| aa7f5ba | Dr. Stephen Henson | 03 February 2010, 18:19:05 UTC | don't assume 0x is at start of string | 03 February 2010, 18:19:05 UTC |
| 45acdd6 | Dr. Stephen Henson | 02 February 2010, 14:26:32 UTC | tolerate broken CMS/PKCS7 implementations using signature OID instead of digest | 02 February 2010, 14:26:32 UTC |
| 8b354e7 | Dr. Stephen Henson | 02 February 2010, 13:36:05 UTC | PR: 2161 Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve. Make no-dsa, no-ecdsa and no-rsa compile again. | 02 February 2010, 13:36:05 UTC |
| 868f5e4 | Dr. Stephen Henson | 01 February 2010, 16:49:42 UTC | PR: 2160 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Make session tickets work with DTLS. | 01 February 2010, 16:49:42 UTC |
| 4e5fdd1 | Dr. Stephen Henson | 01 February 2010, 12:44:11 UTC | PR: 2159 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Typo in PR#1949 bug, oops! | 01 February 2010, 12:44:11 UTC |
| d552a33 | Richard Levitte | 29 January 2010, 12:07:50 UTC | Typo. | 29 January 2010, 12:07:50 UTC |
| d023b4e | Richard Levitte | 29 January 2010, 12:02:54 UTC | The previous take went wrong, try again. | 29 January 2010, 12:02:54 UTC |
| fa79cc9 | Richard Levitte | 29 January 2010, 11:44:40 UTC | Architecture specific header files need special handling. | 29 January 2010, 11:44:40 UTC |
| 06daa75 | Richard Levitte | 29 January 2010, 11:43:53 UTC | If opensslconf.h and buildinf.h are to be in an architecture specific directory, place it in the same tree as the other architecture specific things. | 29 January 2010, 11:43:53 UTC |
| ffa304c | Dr. Stephen Henson | 28 January 2010, 17:52:18 UTC | oops, revert more test code arghh! | 28 January 2010, 17:52:18 UTC |
| df21765 | Dr. Stephen Henson | 28 January 2010, 17:50:23 UTC | In engine_table_select() don't clear out entire error queue: just clear out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise errors from other sources (e.g. SSL library) can be wiped. | 28 January 2010, 17:50:23 UTC |
| 5a6ae11 | Dr. Stephen Henson | 27 January 2010, 18:53:49 UTC | reword RI description | 27 January 2010, 18:53:49 UTC |
| 5e5df40 | Dr. Stephen Henson | 27 January 2010, 17:50:20 UTC | update documentation to reflect new renegotiation options | 27 January 2010, 17:50:20 UTC |
| 6d4943e | Dr. Stephen Henson | 27 January 2010, 16:06:58 UTC | Some shells print out the directory name if CDPATH is set breaking the pod2man test. Use ./util instead to avoid this. | 27 January 2010, 16:06:58 UTC |
| 57cffe9 | Dr. Stephen Henson | 27 January 2010, 14:05:15 UTC | typo | 27 January 2010, 14:05:15 UTC |
| a758f61 | Dr. Stephen Henson | 27 January 2010, 12:55:52 UTC | PR: 2157 Submitted by: "Green, Paul" <Paul.Green@stratus.com> Typo. | 27 January 2010, 12:55:52 UTC |
| b3b35df | Richard Levitte | 27 January 2010, 09:18:05 UTC | Cosmetic changes, including changing a confusing example. | 27 January 2010, 09:18:05 UTC |
| 5ad5024 | Richard Levitte | 27 January 2010, 01:19:12 UTC | Apparently, test/testtsa.com was only half done | 27 January 2010, 01:19:12 UTC |
| d89b895 | Richard Levitte | 27 January 2010, 01:18:26 UTC | size_t doesn't compare less than zero... | 27 January 2010, 01:18:26 UTC |
| d793c29 | Dr. Stephen Henson | 26 January 2010, 19:48:10 UTC | add CHANGES entry | 26 January 2010, 19:48:10 UTC |
| 57749b1 | Dr. Stephen Henson | 26 January 2010, 19:46:30 UTC | PR: 1949 Submitted by: steve@openssl.org More robust fix and workaround for PR#1949. Don't try to work out if there is any write pending data as this can be unreliable: always flush. | 26 January 2010, 19:46:30 UTC |
| 1cdb785 | Dr. Stephen Henson | 26 January 2010, 18:07:41 UTC | PR: 2138 Submitted by: Kevin Regan <k.regan@f5.com> Clear stat structure if -DPURIFY is set to avoid problems on some platforms which include unitialised fields. | 26 January 2010, 18:07:41 UTC |
| 704d33b | Dr. Stephen Henson | 26 January 2010, 14:33:52 UTC | Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and later. | 26 January 2010, 14:33:52 UTC |
| b2a7515 | Dr. Stephen Henson | 26 January 2010, 13:58:49 UTC | OPENSSL_isservice is now defined on all platforms not just WIN32 | 26 January 2010, 13:58:49 UTC |
| f4f2b52 | Dr. Stephen Henson | 26 January 2010, 13:56:15 UTC | oops | 26 January 2010, 13:56:15 UTC |
| c7d5edb | Dr. Stephen Henson | 26 January 2010, 13:55:33 UTC | export OPENSSL_isservice and make update | 26 January 2010, 13:55:33 UTC |
| d8f07f1 | Dr. Stephen Henson | 26 January 2010, 12:29:48 UTC | Typo | 26 January 2010, 12:29:48 UTC |
| 78bfb45 | Dr. Stephen Henson | 25 January 2010, 16:07:51 UTC | PR: 2149 Submitted by: Douglas Stebila <douglas@stebila.ca> Fix wap OIDs. | 25 January 2010, 16:07:51 UTC |
| 6ad4d60 | Richard Levitte | 25 January 2010, 00:22:52 UTC | There's really no need to use $ENV::HOME | 25 January 2010, 00:22:52 UTC |
| 2fad8aa | Richard Levitte | 25 January 2010, 00:21:14 UTC | Forgot to correct the definition of __arch in this file. Submitted by Steven M. Schweda <sms@antinode.info> | 25 January 2010, 00:21:14 UTC |
| 74397d4 | Richard Levitte | 25 January 2010, 00:20:32 UTC | It seems like sslroot: needs to be defined for some tests to work. Submitted by Steven M. Schweda <sms@antinode.info> | 25 January 2010, 00:20:32 UTC |
| c8ca769 | Richard Levitte | 25 January 2010, 00:19:33 UTC | Compile t1_reneg on VMS as well. Submitted by Steven M. Schweda <sms@antinode.info> | 25 January 2010, 00:19:33 UTC |
| 25d42c1 | Richard Levitte | 25 January 2010, 00:18:31 UTC | A few more macros for long symbols. Submitted by Steven M. Schweda <sms@antinode.info> | 25 January 2010, 00:18:31 UTC |
| a377811 | Dr. Stephen Henson | 24 January 2010, 16:57:38 UTC | PR: 2153, 2125 Submitted by: steve@openssl.org The original fix for PR#2125 broke compilation on some Unixware platforms: revert and make conditional on VMS. | 24 January 2010, 16:57:38 UTC |
| ef1b6b2 | Dr. Stephen Henson | 24 January 2010, 13:54:07 UTC | The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should both address the original bug and retain compatibility with the old behaviour. | 24 January 2010, 13:54:07 UTC |
| 1699389 | Dr. Stephen Henson | 22 January 2010, 20:17:30 UTC | Tolerate PKCS#8 DSA format with negative private key. | 22 January 2010, 20:17:30 UTC |
| ad8ee3d | Dr. Stephen Henson | 22 January 2010, 18:49:19 UTC | If legacy renegotiation is not permitted then send a fatal alert if a patched server attempts to renegotiate with an unpatched client. | 22 January 2010, 18:49:19 UTC |
| 39f0a4d | Dr. Stephen Henson | 21 January 2010, 18:46:28 UTC | typo | 21 January 2010, 18:46:28 UTC |
