| 703ec84 | Dr. Stephen Henson | 18 January 2012, 13:38:34 UTC | prepare for release | 18 January 2012, 13:38:34 UTC |
| 04d706d | Dr. Stephen Henson | 18 January 2012, 13:36:59 UTC | update NEWS | 18 January 2012, 13:36:59 UTC |
| b996cec | Dr. Stephen Henson | 18 January 2012, 13:36:04 UTC | Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050) | 18 January 2012, 13:36:04 UTC |
| 7e927da | Dr. Stephen Henson | 17 January 2012, 14:19:51 UTC | fix CHANGES entry | 17 January 2012, 14:19:51 UTC |
| 7aa6d2f | Andy Polyakov | 15 January 2012, 13:40:40 UTC | Fix OPNESSL vs. OPENSSL typos [from HEAD]. PR: 2613 Submitted by: Leena Heino | 15 January 2012, 13:40:40 UTC |
| 27b1f13 | Andy Polyakov | 12 January 2012, 16:37:20 UTC | Sanitize usage of <ctype.h> functions. It's important that characters are passed zero-extended, not sign-extended [from HEAD]. PR: 2682 | 12 January 2012, 16:37:20 UTC |
| f63c927 | Andy Polyakov | 12 January 2012, 16:36:30 UTC | asn1/t_x509.c: fix serial number print, harmonize with a_int.c [from HEAD]. PR: 2675 Submitted by: Annie Yousar | 12 January 2012, 16:36:30 UTC |
| d572544 | Andy Polyakov | 11 January 2012, 21:42:20 UTC | ecdsa.pod: typo. PR: 2678 Submitted by: Annie Yousar | 11 January 2012, 21:42:20 UTC |
| 9100840 | Andy Polyakov | 11 January 2012, 15:32:57 UTC | aes-sparcv9.pl: clean up regexp [from HEAD]. PR: 2685 | 11 January 2012, 15:32:57 UTC |
| 0f32c83 | Dr. Stephen Henson | 10 January 2012, 14:37:09 UTC | fix warning | 10 January 2012, 14:37:09 UTC |
| 80b5701 | Bodo Möller | 05 January 2012, 13:38:47 UTC | Update for 0.9.8s. | 05 January 2012, 13:38:47 UTC |
| a99b6fc | Bodo Möller | 05 January 2012, 13:15:50 UTC | Fix usage indentation | 05 January 2012, 13:15:50 UTC |
| 02d1a6b | Bodo Möller | 05 January 2012, 10:22:23 UTC | Fix for builds without DTLS support. Submitted by: Brian Carlstrom | 05 January 2012, 10:22:23 UTC |
| 08e8d58 | Dr. Stephen Henson | 04 January 2012, 23:55:26 UTC | update for next version | 04 January 2012, 23:55:26 UTC |
| c90c41f | Dr. Stephen Henson | 04 January 2012, 17:01:33 UTC | prepare for release | 04 January 2012, 17:01:33 UTC |
| c47b636 | Dr. Stephen Henson | 04 January 2012, 16:57:14 UTC | update NEWS | 04 January 2012, 16:57:14 UTC |
| 7200b39 | Dr. Stephen Henson | 04 January 2012, 16:52:53 UTC | make update | 04 January 2012, 16:52:53 UTC |
| 84c9582 | Dr. Stephen Henson | 04 January 2012, 16:51:14 UTC | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson. | 04 January 2012, 16:51:14 UTC |
| 63819e6 | Dr. Stephen Henson | 04 January 2012, 16:46:10 UTC | add missing part for SGC restart fix (CVE-2011-4619) | 04 January 2012, 16:46:10 UTC |
| 8206dba | Dr. Stephen Henson | 04 January 2012, 15:38:54 UTC | Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) [include source patch this time!] | 04 January 2012, 15:38:54 UTC |
| 528ef87 | Dr. Stephen Henson | 04 January 2012, 15:33:15 UTC | Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) | 04 January 2012, 15:33:15 UTC |
| 9004c53 | Dr. Stephen Henson | 04 January 2012, 15:27:54 UTC | Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) | 04 January 2012, 15:27:54 UTC |
| f47f99f | Dr. Stephen Henson | 04 January 2012, 15:26:29 UTC | stop warning | 04 January 2012, 15:26:29 UTC |
| 00f473b | Dr. Stephen Henson | 04 January 2012, 15:16:20 UTC | Check GOST parameters are not NULL (CVE-2012-0027) | 04 January 2012, 15:16:20 UTC |
| 356de71 | Dr. Stephen Henson | 04 January 2012, 15:07:54 UTC | Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) | 04 January 2012, 15:07:54 UTC |
| 9eab925 | Dr. Stephen Henson | 04 January 2012, 14:45:09 UTC | fix warnings | 04 January 2012, 14:45:09 UTC |
| 22d89c5 | Dr. Stephen Henson | 04 January 2012, 14:24:48 UTC | Submitted by: Adam Langley <agl@chromium.org> Reviewed by: steve Fix memory leaks. | 04 January 2012, 14:24:48 UTC |
| c06916d | Dr. Stephen Henson | 26 December 2011, 19:38:19 UTC | PR: 2326 Submitted by: Tianjie Mao <tjmao@tjmao.net> Reviewed by: steve Fix incorrect comma expressions and goto f_err as alert has been set. | 26 December 2011, 19:38:19 UTC |
| ef7545a | Dr. Stephen Henson | 19 December 2011, 17:04:39 UTC | PR: 2563 Submitted by: Paul Green <Paul.Green@stratus.com> Reviewed by: steve Improved PRNG seeding for VOS. | 19 December 2011, 17:04:39 UTC |
| fecb4ff | Andy Polyakov | 09 December 2011, 14:26:56 UTC | x86-mont.pl: fix bug in integer-only squaring path. PR: 2648 | 09 December 2011, 14:26:56 UTC |
| 2a4adf1 | Dr. Stephen Henson | 06 December 2011, 00:01:00 UTC | The default CN prompt message can be confusing when often the CN needs to be the server FQDN: change it. [Reported by PSW Group] | 06 December 2011, 00:01:00 UTC |
| 44c854d | Bodo Möller | 02 December 2011, 12:51:05 UTC | Resolve a stack set-up race condition (if the list of compression methods isn't presorted, it will be sorted on first read). Submitted by: Adam Langley | 02 December 2011, 12:51:05 UTC |
| 4709103 | Bodo Möller | 02 December 2011, 12:41:00 UTC | Fix ecdsatest.c. Submitted by: Emilia Kasper | 02 December 2011, 12:41:00 UTC |
| f3d51d7 | Bodo Möller | 02 December 2011, 12:24:29 UTC | Fix BIO_f_buffer(). Submitted by: Adam Langley Reviewed by: Bodo Moeller | 02 December 2011, 12:24:29 UTC |
| 70d3b4b | Andy Polyakov | 14 November 2011, 21:21:58 UTC | Configure: fix corruption in RC4 implementation in darwin64-x86_64-cc. | 14 November 2011, 21:21:58 UTC |
| 2fb94e4 | Andy Polyakov | 05 November 2011, 10:16:46 UTC | ppc.pl: fix bug in bn_mul_comba4 [from HEAD]. PR: 2636 Submitted by: Charles Bryant | 05 November 2011, 10:16:46 UTC |
| 1b84893 | Richard Levitte | 30 October 2011, 11:40:59 UTC | Teach mkshared.com to have a look for disabled algorithms in opensslconf.h | 30 October 2011, 11:40:59 UTC |
| 68b5330 | Dr. Stephen Henson | 27 October 2011, 13:06:34 UTC | PR: 2628 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Send alert instead of assertion failure for incorrectly formatted DTLS fragments. | 27 October 2011, 13:06:34 UTC |
| da7ae62 | Dr. Stephen Henson | 27 October 2011, 13:01:08 UTC | PR: 2628 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix for ECC keys and DTLS. | 27 October 2011, 13:01:08 UTC |
| f53337b | Dr. Stephen Henson | 26 October 2011, 16:43:14 UTC | PR: 2632 Submitted by: emmanuel.azencot@bull.net Reviewed by: steve Return -1 immediately if not affine coordinates as BN_CTX has not been set up. | 26 October 2011, 16:43:14 UTC |
| f70a589 | Bodo Möller | 19 October 2011, 14:58:34 UTC | BN_BLINDING multi-threading fix. Submitted by: Emilia Kasper (Google) | 19 October 2011, 14:58:34 UTC |
| d41bbd0 | Bodo Möller | 13 October 2011, 15:05:50 UTC | use -no_ecdhe when using -no_dhe | 13 October 2011, 15:05:50 UTC |
| 4995629 | Bodo Möller | 13 October 2011, 13:24:37 UTC | Clarify warning | 13 October 2011, 13:24:37 UTC |
| 48373e5 | Bodo Möller | 13 October 2011, 13:05:12 UTC | In ssl3_clear, preserve s3->init_extra along with s3->rbuf. Submitted by: Bob Buckholz <bbuckholz@google.com> | 13 October 2011, 13:05:12 UTC |
| 4236902 | Dr. Stephen Henson | 09 October 2011, 00:56:32 UTC | PR: 2482 Submitted by: Rob Austein <sra@hactrn.net> Reviewed by: steve Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann. | 09 October 2011, 00:56:32 UTC |
| b00fe7c | Dr. Stephen Henson | 26 September 2011, 17:04:49 UTC | fix signed/unsigned warning | 26 September 2011, 17:04:49 UTC |
| 872e3fd | Dr. Stephen Henson | 23 September 2011, 21:48:59 UTC | use keyformat for -x509toreq, don't hard code PEM | 23 September 2011, 21:48:59 UTC |
| c11ada6 | Dr. Stephen Henson | 23 September 2011, 13:39:45 UTC | PR: 2606 Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de> Reviewed by: steve Handle timezones correctly in UTCTime. | 23 September 2011, 13:39:45 UTC |
| 8f09688 | Dr. Stephen Henson | 23 September 2011, 13:35:19 UTC | PR: 2602 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS bug which prevents manual MTU setting | 23 September 2011, 13:35:19 UTC |
| 0b96f60 | Dr. Stephen Henson | 23 September 2011, 13:12:52 UTC | PR: 2347 Submitted by: Tomas Mraz <tmraz@redhat.com> Reviewed by: steve Fix usage message. | 23 September 2011, 13:12:52 UTC |
| ab06ff6 | Dr. Stephen Henson | 06 September 2011, 13:44:52 UTC | prepare for next version | 06 September 2011, 13:44:52 UTC |
| bba8456 | Dr. Stephen Henson | 06 September 2011, 13:01:44 UTC | update versions and dates for release | 06 September 2011, 13:01:44 UTC |
| b493a05 | Dr. Stephen Henson | 06 September 2011, 12:56:21 UTC | update NEWS | 06 September 2011, 12:56:21 UTC |
| c2a8133 | Dr. Stephen Henson | 06 September 2011, 12:53:56 UTC | Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past produce an error (CVE-2011-3207) Fix TLS ephemeral DH crash bug (CVE-2011-3210) | 06 September 2011, 12:53:56 UTC |
| e935440 | Bodo Möller | 05 September 2011, 10:25:21 UTC | (EC)DH memory handling fixes. Submitted by: Adam Langley | 05 September 2011, 10:25:21 UTC |
| 8eaf563 | Bodo Möller | 05 September 2011, 09:57:03 UTC | Fix memory leak on bad inputs. | 05 September 2011, 09:57:03 UTC |
| 80d7e6b | Bodo Möller | 05 September 2011, 09:54:59 UTC | "make update" | 05 September 2011, 09:54:59 UTC |
| 9c44e33 | Dr. Stephen Henson | 02 September 2011, 11:28:05 UTC | Don't use *from++ in tolower as this is implemented as a macro on some platforms. Thanks to Shayne Murray <Shayne.Murray@Polycom.com> for reporting this issue. | 02 September 2011, 11:28:05 UTC |
| b86f319 | Dr. Stephen Henson | 02 September 2011, 11:20:41 UTC | PR: 2576 Submitted by: Doug Goldstein <cardoe@gentoo.org> Reviewed by: steve Include header file stdlib.h which is needed on some platforms to get getenv() declaration. | 02 September 2011, 11:20:41 UTC |
| 0875c00 | Dr. Stephen Henson | 01 September 2011, 17:08:44 UTC | update NEWS | 01 September 2011, 17:08:44 UTC |
| dd3a770 | Dr. Stephen Henson | 01 September 2011, 15:42:38 UTC | Add error checking to PKCS1_MGF1. From HEAD. | 01 September 2011, 15:42:38 UTC |
| 64763ce | Dr. Stephen Henson | 01 September 2011, 15:02:53 UTC | PR: 2340 Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar> Reviewed by: steve Stop warnings if OPENSSL_NO_DGRAM is defined. | 01 September 2011, 15:02:53 UTC |
| 2fffc29 | Dr. Stephen Henson | 01 September 2011, 14:23:31 UTC | make timing attack protection unconditional | 01 September 2011, 14:23:31 UTC |
| d2650c3 | Dr. Stephen Henson | 01 September 2011, 14:02:02 UTC | PR: 2573 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug. | 01 September 2011, 14:02:02 UTC |
| b5bd966 | Dr. Stephen Henson | 01 September 2011, 13:52:27 UTC | PR: 2589 Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com> Reviewed by: steve Initialise p pointer. | 01 September 2011, 13:52:27 UTC |
| e71f778 | Dr. Stephen Henson | 01 September 2011, 13:48:57 UTC | PR: 2588 Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com> Reviewed by: steve Close file pointer. | 01 September 2011, 13:48:57 UTC |
| e3b95e6 | Dr. Stephen Henson | 01 September 2011, 13:45:25 UTC | PR: 2586 Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com> Reviewed by: steve Zero structure fields properly. | 01 September 2011, 13:45:25 UTC |
| 658eeec | Dr. Stephen Henson | 01 September 2011, 13:37:20 UTC | PR: 2586 Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com> Reviewed by: steve Fix brace mismatch. | 01 September 2011, 13:37:20 UTC |
| e1c3d65 | Dr. Stephen Henson | 14 August 2011, 13:48:42 UTC | Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites. | 14 August 2011, 13:48:42 UTC |
| 2e4abe2 | Andy Polyakov | 12 August 2011, 12:32:10 UTC | Alpha assembler fixes from HEAD. PR: 2577 | 12 August 2011, 12:32:10 UTC |
| ea294bb | Dr. Stephen Henson | 20 July 2011, 15:21:52 UTC | PR: 2559 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS socket error bug | 20 July 2011, 15:21:52 UTC |
| b58ea0b | Dr. Stephen Henson | 20 July 2011, 15:17:33 UTC | PR: 2555 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS sequence number bug | 20 July 2011, 15:17:33 UTC |
| 16067fe | Dr. Stephen Henson | 20 July 2011, 15:13:16 UTC | PR: 2550 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS HelloVerifyRequest Timer bug | 20 July 2011, 15:13:16 UTC |
| f2e9070 | Andy Polyakov | 15 July 2011, 19:59:18 UTC | config: detect if assembler supports --noexecstack and pass it down [from HEAD]. | 15 July 2011, 19:59:18 UTC |
| fe8629e | Dr. Stephen Henson | 14 July 2011, 12:01:25 UTC | PR: 2556 (partial) Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de> Reviewed by: steve Fix OID routines. Check on encoding leading zero rejection should start at beginning of encoding. Allow for initial digit when testing when to use BIGNUMs which can increase first value by 2 * 40. | 14 July 2011, 12:01:25 UTC |
| 2a12eff | Andy Polyakov | 13 July 2011, 14:55:11 UTC | ms/uplink.c: fix Visual Studio 2010 warning [from HEAD]. | 13 July 2011, 14:55:11 UTC |
| b680fef | Andy Polyakov | 13 July 2011, 06:23:25 UTC | perlasm/cbc.pl: fix tail processing bug [from HEAD]. PR: 2557 | 13 July 2011, 06:23:25 UTC |
| 7f7414e | Bodo Möller | 11 July 2011, 12:13:50 UTC | Fix typo. Submitted by: Jim Morrison | 11 July 2011, 12:13:50 UTC |
| 8b9db48 | Dr. Stephen Henson | 22 June 2011, 15:39:00 UTC | PR: 2470 Submitted by: Corinna Vinschen <vinschen@redhat.com> Reviewed by: steve Don't call ERR_remove_state from DllMain. | 22 June 2011, 15:39:00 UTC |
| f59f2fc | Dr. Stephen Henson | 22 June 2011, 15:29:55 UTC | PR: 2543 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Correctly handle errors in DTLSv1_handle_timeout() | 22 June 2011, 15:29:55 UTC |
| 419a530 | Dr. Stephen Henson | 22 June 2011, 15:23:32 UTC | PR: 2540 Submitted by: emmanuel.azencot@bull.net Reviewed by: steve Prevent infinite loop in BN_GF2m_mod_inv(). | 22 June 2011, 15:23:32 UTC |
| 69a8901 | Dr. Stephen Henson | 22 June 2011, 15:15:38 UTC | correctly encode OIDs near 2^32 | 22 June 2011, 15:15:38 UTC |
| 2bcd08e | Dr. Stephen Henson | 20 June 2011, 20:05:38 UTC | make EVP_dss() work for DSA signing | 20 June 2011, 20:05:38 UTC |
| 167d692 | Bodo Möller | 15 June 2011, 14:21:17 UTC | Complete the version history (include information on unreleased version 0.9.8s to show full information). | 15 June 2011, 14:21:17 UTC |
| 025ee1d | Dr. Stephen Henson | 08 June 2011, 15:56:20 UTC | fix memory leak | 08 June 2011, 15:56:20 UTC |
| dce7b92 | Dr. Stephen Henson | 25 May 2011, 15:21:12 UTC | PR: 2533 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes the program to crash. This is due to missing version checks and is fixed with this patch. | 25 May 2011, 15:21:12 UTC |
| db886c2 | Dr. Stephen Henson | 25 May 2011, 15:15:52 UTC | PR: 2529 Submitted by: Marcus Meissner <meissner@suse.de> Reviewed by: steve Call ssl_new() to reallocate SSL BIO internals if we want to replace the existing internal SSL structure. | 25 May 2011, 15:15:52 UTC |
| 4d43129 | Dr. Stephen Henson | 25 May 2011, 15:06:05 UTC | PR: 2527 Submitted by: Marcus Meissner <meissner@suse.de> Reviewed by: steve Set cnf to NULL to avoid possible double free. | 25 May 2011, 15:06:05 UTC |
| 92107f8 | Dr. Stephen Henson | 25 May 2011, 14:52:44 UTC | Fix the ECDSA timing attack mentioned in the paper at: http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention. | 25 May 2011, 14:52:44 UTC |
| e82d6a2 | Dr. Stephen Henson | 25 May 2011, 14:43:05 UTC | Fix the ECDSA timing attack mentioned in the paper at: http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention. | 25 May 2011, 14:43:05 UTC |
| 4e5755c | Dr. Stephen Henson | 25 May 2011, 14:29:55 UTC | Oops use up to date patch for PR#2506 | 25 May 2011, 14:29:55 UTC |
| dda8dcd | Dr. Stephen Henson | 25 May 2011, 12:36:50 UTC | PR: 2512 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix BIO_accept so it can be bound to IPv4 or IPv6 sockets consistently. | 25 May 2011, 12:36:50 UTC |
| 16646b0 | Dr. Stephen Henson | 25 May 2011, 12:28:31 UTC | PR: 2506 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fully implement SSL_clear for DTLS. | 25 May 2011, 12:28:31 UTC |
| 320881c | Dr. Stephen Henson | 25 May 2011, 12:24:26 UTC | PR: 2505 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS session resumption timer bug. | 25 May 2011, 12:24:26 UTC |
| 1d23fb3 | Dr. Stephen Henson | 19 May 2011, 17:56:47 UTC | update date | 19 May 2011, 17:56:47 UTC |
| c4f1942 | Dr. Stephen Henson | 19 May 2011, 17:39:49 UTC | inherit HMAC flags from MD_CTX | 19 May 2011, 17:39:49 UTC |
| 38c42c6 | Dr. Stephen Henson | 19 May 2011, 16:18:25 UTC | set encodedPoint to NULL after freeing it | 19 May 2011, 16:18:25 UTC |
| 51eb247 | Dr. Stephen Henson | 30 April 2011, 23:38:24 UTC | no need to include memory.h | 30 April 2011, 23:38:24 UTC |
| 8d22673 | Dr. Stephen Henson | 06 April 2011, 18:07:02 UTC | check buffer is larger enough before overwriting | 06 April 2011, 18:07:02 UTC |
| 3622d37 | Dr. Stephen Henson | 03 April 2011, 17:15:08 UTC | PR: 2462 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS Retransmission Buffer Bug | 03 April 2011, 17:15:08 UTC |
