d9e048c | Dr. Stephen Henson | 04 February 2013, 23:28:09 UTC | prepare for release | 05 February 2013, 16:46:21 UTC |
65a9383 | Dr. Stephen Henson | 04 February 2013, 23:09:24 UTC | make update | 05 February 2013, 16:46:21 UTC |
c6b82f7 | Dr. Stephen Henson | 31 January 2013, 15:19:00 UTC | Add ordinal for CRYPTO_memcmp: since this will affect multiple branches it needs to be in a "gap". (cherry picked from commit 81ce0e14e72e8e255ad1bd9c7cfaa47a6291919c) | 05 February 2013, 16:46:20 UTC |
2559004 | Dr. Stephen Henson | 04 February 2013, 21:13:18 UTC | Fix error codes. (cherry picked from commit 35d732fc2e1badce13be22a044187ebd4d769552) | 05 February 2013, 16:46:19 UTC |
8a5d624 | Dr. Stephen Henson | 04 February 2013, 22:57:49 UTC | Update CHANGES and NEWS | 05 February 2013, 16:46:19 UTC |
ae4a75c | Andy Polyakov | 09 November 2012, 13:58:40 UTC | bn_word.c: fix overflow bug in BN_add_word. (cherry picked from commit 134c00659a1bc67ad35a1e4620e16bc4315e6e37) | 05 February 2013, 16:46:19 UTC |
2e884ce | Andy Polyakov | 02 February 2013, 18:52:43 UTC | x86_64 assembly pack: keep making Windows build more robust. PR: 2963 and a number of others (cherry picked from commit 4568182a8b8cbfd15cbc175189029ac547bd1762) | 05 February 2013, 16:46:19 UTC |
da8f1b7 | Dr. Stephen Henson | 01 February 2013, 16:04:59 UTC | update NEWS | 05 February 2013, 16:46:18 UTC |
33f44ac | Andy Polyakov | 01 February 2013, 09:10:32 UTC | s3/s3_cbc.c: allow for compilations with NO_SHA256|512. (cherry picked from commit d5371324d978e4096bf99b9d0fe71b2cb65d9dc8) | 05 February 2013, 16:46:18 UTC |
11c48a0 | Andy Polyakov | 01 February 2013, 08:59:56 UTC | ssl/s3_cbc.c: md_state alignment portability fix. RISCs are picky and alignment granted by compiler for md_state can be insufficient for SHA512. (cherry picked from commit 36260233e7e3396feed884d3f501283e0453c04f) | 05 February 2013, 16:46:18 UTC |
3cdaca2 | Andy Polyakov | 01 February 2013, 08:55:43 UTC | ssl/s3_cbc.c: uint64_t portability fix. Break dependency on uint64_t. It's possible to declare bits as unsigned int, because TLS packets are limited in size and 32-bit value can't overflow. (cherry picked from commit cab13fc8473856a43556d41d8dac5605f4ba1f91) | 05 February 2013, 16:46:17 UTC |
b23da29 | Ben Laurie | 28 January 2013, 17:34:33 UTC | Update DTLS code to match CBC decoding in TLS. This change updates the DTLS code to match the constant-time CBC behaviour in the TLS. (cherry picked from commit 9f27de170d1b7bef3d46d41382dc4dafde8b3900) | 05 February 2013, 16:46:17 UTC |
610dfc3 | Ben Laurie | 28 January 2013, 17:33:18 UTC | Don't crash when processing a zero-length, TLS >= 1.1 record. The previous CBC patch was bugged in that there was a path through enc() in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left at the previous value which could suggest that the packet was a sufficient length when it wasn't. (cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd) | 05 February 2013, 16:46:17 UTC |
080f395 | Ben Laurie | 29 January 2013, 18:06:08 UTC | Fixups from previous commit. | 05 February 2013, 16:46:17 UTC |
f852b60 | Ben Laurie | 28 January 2013, 18:24:55 UTC | Oops. Add missing file. (cherry picked from commit 014265eb02e26f35c8db58e2ccbf100b0b2f0072) | 05 February 2013, 16:46:16 UTC |
e235645 | Ben Laurie | 29 January 2013, 17:47:48 UTC | Add a target so I can build this. | 05 February 2013, 16:46:16 UTC |
e5420be | Ben Laurie | 28 January 2013, 17:31:49 UTC | Make CBC decoding constant time. This patch makes the decoding of SSLv3 and TLS CBC records constant time. Without this, a timing side-channel can be used to build a padding oracle and mount Vaudenay's attack. This patch also disables the stitched AESNI+SHA mode pending a similar fix to that code. In order to be easy to backport, this change is implemented in ssl/, rather than as a generic AEAD mode. In the future this should be changed around so that HMAC isn't in ssl/, but crypto/ as FIPS expects. (cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e) Conflicts: crypto/evp/c_allc.c ssl/ssl_algs.c ssl/ssl_locl.h ssl/t1_enc.c | 05 February 2013, 16:46:16 UTC |
9c00a95 | Ben Laurie | 28 January 2013, 17:30:38 UTC | Add and use a constant-time memcmp. This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. (cherry picked from commit 2ee798880a246d648ecddadc5b91367bee4a5d98) Conflicts: crypto/crypto.h ssl/t1_lib.c | 05 February 2013, 16:46:15 UTC |
ebc7186 | Dr. Stephen Henson | 24 January 2013, 13:30:42 UTC | Don't try and verify signatures if key is NULL (CVE-2013-0166) Add additional check to catch this in ASN1_item_verify too. | 05 February 2013, 16:46:15 UTC |
1dfa62d | Dr. Stephen Henson | 23 January 2013, 01:04:36 UTC | Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set | 23 January 2013, 01:14:13 UTC |
8c6364e | Andy Polyakov | 22 January 2013, 21:11:31 UTC | x86_64 assembly pack: make Windows build more robust [from master]. PR: 2963 and a number of others | 22 January 2013, 22:00:02 UTC |
98c2e93 | Dr. Stephen Henson | 20 January 2013, 01:07:58 UTC | Don't include comp.h if no-comp set. | 20 January 2013, 01:12:15 UTC |
c053e53 | Andy Polyakov | 19 January 2013, 17:24:03 UTC | engines/ccgost: GOST fixes [from master]. Submitted by: Dmitry Belyavsky, Seguei Leontiev PR: 2821 | 19 January 2013, 17:27:21 UTC |
6386647 | Andy Polyakov | 19 January 2013, 12:20:21 UTC | .gitignore adjustments | 19 January 2013, 14:31:09 UTC |
4b24b75 | Ben Laurie | 12 January 2013, 12:25:30 UTC | Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955). | 13 January 2013, 22:58:00 UTC |
bfff2cc | Dr. Stephen Henson | 13 January 2013, 22:57:22 UTC | Add .gitignore | 13 January 2013, 22:57:22 UTC |
d8b1777 | Dr. Stephen Henson | 30 December 2012, 16:05:24 UTC | make no-comp compile | 30 December 2012, 16:05:24 UTC |
d985a68 | Dr. Stephen Henson | 23 December 2012, 18:19:47 UTC | add missing \n | 23 December 2012, 18:19:47 UTC |
8dad8bc | Dr. Stephen Henson | 10 December 2012, 16:45:19 UTC | PR: 2888 Reported by: Daniel Black <daniel.black@openquery.com> Support renewing session tickets (backport from HEAD). | 10 December 2012, 16:45:19 UTC |
235e76b | Dr. Stephen Henson | 06 December 2012, 18:25:18 UTC | Fix two bugs which affect delta CRL handling: Use -1 to check all extensions in CRLs. Always set flag for freshest CRL. | 06 December 2012, 18:25:18 UTC |
d38c549 | Dr. Stephen Henson | 04 December 2012, 17:26:26 UTC | check mval for NULL too | 04 December 2012, 17:26:26 UTC |
5581891 | Dr. Stephen Henson | 03 December 2012, 16:33:35 UTC | fix leak | 03 December 2012, 16:33:35 UTC |
77ada38 | Dr. Stephen Henson | 29 November 2012, 19:15:52 UTC | PR: 2803 Submitted by: jean-etienne.schwartz@bull.net In OCSP_basic_varify return an error if X509_STORE_CTX_init fails. | 29 November 2012, 19:15:52 UTC |
8124ebc | Dr. Stephen Henson | 22 November 2012, 14:15:00 UTC | reject zero length point format list or supported curves extensions | 22 November 2012, 14:15:00 UTC |
04fde20 | Dr. Stephen Henson | 21 November 2012, 14:01:55 UTC | PR: 2908 Submitted by: Dmitry Belyavsky <beldmit@gmail.com> Fix DH double free if parameter generation fails. | 21 November 2012, 14:01:55 UTC |
6bd6119 | Dr. Stephen Henson | 20 November 2012, 00:29:09 UTC | fix leaks | 20 November 2012, 00:29:09 UTC |
23b5e47 | Dr. Stephen Henson | 19 November 2012, 20:07:14 UTC | correct docs | 19 November 2012, 20:07:14 UTC |
fb81e6d | Dr. Stephen Henson | 18 November 2012, 15:20:49 UTC | PR: 2880 Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de> Correctly handle local machine keys in the capi ENGINE. | 18 November 2012, 15:20:49 UTC |
50ff4af | Andy Polyakov | 16 October 2012, 08:20:18 UTC | aix[64]-cc: get MT support right [from HEAD]. PR: 2896 | 16 October 2012, 08:20:18 UTC |
c51f6bc | Bodo Möller | 05 October 2012, 20:51:31 UTC | Fix EC_KEY initialization race. Submitted by: Adam Langley | 05 October 2012, 20:51:31 UTC |
836a811 | Dr. Stephen Henson | 05 October 2012, 13:00:18 UTC | backport OCSP fix enhancement | 05 October 2012, 13:00:18 UTC |
bb65e3f | Ben Laurie | 04 October 2012, 15:16:12 UTC | Backport OCSP Stapling fix. | 04 October 2012, 15:16:12 UTC |
b8719c7 | Ben Laurie | 04 October 2012, 15:04:26 UTC | Fix warning. | 04 October 2012, 15:04:26 UTC |
92b2530 | Ben Laurie | 04 October 2012, 15:03:08 UTC | Fix warning (hope this doesn't break other platforms, there's a twisty little maze of #ifs, all different). | 04 October 2012, 15:03:08 UTC |
9ff94ad | Bodo Möller | 24 September 2012, 19:50:00 UTC | Fix Valgrind warning. Submitted by: Adam Langley | 24 September 2012, 19:50:00 UTC |
60ccb02 | Richard Levitte | 24 September 2012, 18:49:01 UTC | * Configure: make the debug-levitte-linux{elf,noasm} less extreme. | 24 September 2012, 18:49:01 UTC |
094fb13 | Richard Levitte | 21 September 2012, 13:08:26 UTC | * ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug. Fortunately in debugging code that's seldom used. | 21 September 2012, 13:08:26 UTC |
9c5d75d | Bodo Möller | 17 September 2012, 17:26:03 UTC | Fix warning. Submitted by: Chromium Authors | 17 September 2012, 17:26:03 UTC |
ca461ec | Dr. Stephen Henson | 11 September 2012, 13:45:11 UTC | fix memory leak | 11 September 2012, 13:45:11 UTC |
0ad9fe2 | Dr. Stephen Henson | 01 September 2012, 11:30:19 UTC | Don't load GOST ENGINE if it is already loaded. Multiple copies of the ENGINE will cause problems when it is cleaned up as the methods are stored in static structures which will be overwritten and freed up more than once. Set static methods to NULL when the ENGINE is freed so it can be reloaded. | 01 September 2012, 11:30:19 UTC |
a203df7 | Andy Polyakov | 17 August 2012, 20:01:47 UTC | sha1-armv4-large.pl: comply with ABI [from HEAD]. | 17 August 2012, 20:01:47 UTC |
1445172 | Andy Polyakov | 13 August 2012, 16:39:42 UTC | gosthash.c: use memmove in circle_xor8, as input pointers can be equal [from HEAD]. PR: 2858 | 13 August 2012, 16:39:42 UTC |
5c468f0 | Andy Polyakov | 13 August 2012, 16:21:00 UTC | ./Configure: libcrypto.a can grow to many GB on Solaris 10, because of ar bug [from HEAD]. PR: 2838 | 13 August 2012, 16:21:00 UTC |
83a4ae6 | Richard Levitte | 05 July 2012, 08:49:02 UTC | Cosmetics: remove duplicate symbol in crypto/symhacks.h | 05 July 2012, 08:49:02 UTC |
9374bc1 | Richard Levitte | 04 July 2012, 17:27:43 UTC | Cosmetic: Reorder so it's more similar to the Unixly build. | 04 July 2012, 17:27:43 UTC |
e9c563f | Andy Polyakov | 01 July 2012, 09:12:23 UTC | bss_dgram.c: fix typos in Windows code. | 01 July 2012, 09:12:23 UTC |
4887e07 | Andy Polyakov | 27 June 2012, 13:04:17 UTC | x86_64 assembly pack: make it possible to compile with Perl located on path with spaces [from HEAD]. PR: 2835 | 27 June 2012, 13:04:17 UTC |
652ac3e | Dr. Stephen Henson | 19 June 2012, 13:38:47 UTC | oops, add -debug_decrypt option which was accidenatally left out | 19 June 2012, 13:38:47 UTC |
8d2f61a | Andy Polyakov | 19 June 2012, 12:50:09 UTC | bss_dgram.c: fix bugs [from HEAD]. PR: 2833 | 19 June 2012, 12:50:09 UTC |
02a23fa | Andy Polyakov | 16 May 2012, 18:22:39 UTC | s2_clnt.c: compensate for compiler bug [from HEAD]. | 16 May 2012, 18:22:39 UTC |
bef20d4 | Dr. Stephen Henson | 11 May 2012, 13:50:09 UTC | PR: 2813 Reported by: Constantine Sapuntzakis <csapuntz@gmail.com> Fix possible deadlock when decoding public keys. | 11 May 2012, 13:50:09 UTC |
dddddb2 | Dr. Stephen Henson | 10 May 2012, 16:01:57 UTC | prepare for next version | 10 May 2012, 16:01:57 UTC |
8fcb936 | Dr. Stephen Henson | 10 May 2012, 14:48:54 UTC | prepare for 1.0.0j release | 10 May 2012, 14:48:54 UTC |
ecb58c1 | Dr. Stephen Henson | 10 May 2012, 14:45:05 UTC | update NEWS | 10 May 2012, 14:45:05 UTC |
a969ca5 | Dr. Stephen Henson | 10 May 2012, 14:44:20 UTC | Sanity check record length before skipping explicit IV in DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333) | 10 May 2012, 14:44:20 UTC |
1e4406a | Dr. Stephen Henson | 10 May 2012, 13:28:28 UTC | Reported by: Solar Designer of Openwall Make sure tkeylen is initialised properly when encrypting CMS messages. | 10 May 2012, 13:28:28 UTC |
94fbee8 | Richard Levitte | 04 May 2012, 10:43:19 UTC | Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS. | 04 May 2012, 10:43:19 UTC |
c50847c | Andy Polyakov | 27 April 2012, 20:21:26 UTC | ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA, why slower algorithm are affected more... [from HEAD]. PR: 2794 Submitted by: Ashley Lai | 27 April 2012, 20:21:26 UTC |
b1ce2d2 | Dr. Stephen Henson | 22 April 2012, 13:31:37 UTC | correct error code | 22 April 2012, 13:31:37 UTC |
743fb51 | Dr. Stephen Henson | 22 April 2012, 13:21:59 UTC | correct old FAQ answers, sync with HEAD | 22 April 2012, 13:21:59 UTC |
0ed7817 | Dr. Stephen Henson | 19 April 2012, 17:02:49 UTC | prepare for next version | 19 April 2012, 17:02:49 UTC |
d0e542f | Dr. Stephen Henson | 19 April 2012, 11:47:20 UTC | prepare for 1.0.0i release | 19 April 2012, 11:47:20 UTC |
457863e | Dr. Stephen Henson | 19 April 2012, 11:45:37 UTC | update NEWS | 19 April 2012, 11:45:37 UTC |
5bd4fcc | Dr. Stephen Henson | 19 April 2012, 11:44:51 UTC | Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110) | 19 April 2012, 11:44:51 UTC |
3dd2eeb | Andy Polyakov | 19 April 2012, 06:40:47 UTC | Makefile.org: clear yet another environment variable [from HEAD]. PR: 2793 | 19 April 2012, 06:40:47 UTC |
d079b38 | Andy Polyakov | 16 April 2012, 17:43:28 UTC | OPENSSL_NO_SOCK fixes [from HEAD]. PR: 2791 Submitted by: Ben Noordhuis | 16 April 2012, 17:43:28 UTC |
8eeaeb4 | Andy Polyakov | 16 April 2012, 17:37:04 UTC | Minor compatibility fixes [from HEAD]. PR: 2790 Submitted by: Alexei Khlebnikov | 16 April 2012, 17:37:04 UTC |
0041925 | Andy Polyakov | 15 April 2012, 17:23:23 UTC | s3_srvr.c: fix typo [from HEAD]. PR: 2538 | 15 April 2012, 17:23:23 UTC |
14fa016 | Dr. Stephen Henson | 10 April 2012, 22:28:34 UTC | update rather ancient EVP digest documentation | 10 April 2012, 22:28:34 UTC |
7fdccda | Dr. Stephen Henson | 31 March 2012, 18:02:35 UTC | PR: 2778(part) Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com> Time is always encoded as 4 bytes, not sizeof(Time). | 31 March 2012, 18:02:35 UTC |
cdc575c | Andy Polyakov | 29 March 2012, 17:51:37 UTC | ans1/tasn_prn.c: avoid bool in variable names [from HEAD]. PR: 2776 | 29 March 2012, 17:51:37 UTC |
2f0aaf7 | Dr. Stephen Henson | 22 March 2012, 15:43:06 UTC | Submitted by: Markus Friedl <mfriedl@gmail.com> Fix memory leaks in 'goto err' cases. | 22 March 2012, 15:43:06 UTC |
6b7887b | Dr. Stephen Henson | 18 March 2012, 18:14:46 UTC | Always use SSLv23_{client,server}_method in s_client.c and s_server.c, the old code came from SSLeay days before TLS was even supported. | 18 March 2012, 18:14:46 UTC |
9ad1b44 | Richard Levitte | 14 March 2012, 12:38:55 UTC | cipher should only be set to PSK if JPAKE is used. | 14 March 2012, 12:38:55 UTC |
9275ad3 | Andy Polyakov | 13 March 2012, 19:22:26 UTC | config: compensate for bug in Solaris cc drivers, which can remove /dev/null [from HEAD,1.0.1] | 13 March 2012, 19:22:26 UTC |
216a2a5 | Andy Polyakov | 13 March 2012, 19:19:57 UTC | x86_64-xlate.pl: remove old kludge. PR: 2435,2440 | 13 March 2012, 19:19:57 UTC |
c2c6044 | Dr. Stephen Henson | 12 March 2012, 16:35:49 UTC | prepare for next version | 12 March 2012, 16:35:49 UTC |
dc95c53 | Dr. Stephen Henson | 12 March 2012, 15:26:48 UTC | corrected fix to PR#2711 and also cover mime_param_cmp | 12 March 2012, 15:26:48 UTC |
b24a53d | Dr. Stephen Henson | 12 March 2012, 14:45:07 UTC | correct NEWS | 12 March 2012, 14:45:07 UTC |
ffbe7cd | Dr. Stephen Henson | 12 March 2012, 14:32:54 UTC | fix error code | 12 March 2012, 14:32:54 UTC |
97183a3 | Dr. Stephen Henson | 12 March 2012, 14:24:50 UTC | prepare for release | 12 March 2012, 14:24:50 UTC |
46ed8af | Dr. Stephen Henson | 12 March 2012, 14:23:35 UTC | update NEWS | 12 March 2012, 14:23:35 UTC |
6a0a484 | Dr. Stephen Henson | 12 March 2012, 14:22:59 UTC | Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and continue with symmetric decryption process to avoid leaking timing information to an attacker. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this issue. (CVE-2012-0884) | 12 March 2012, 14:22:59 UTC |
ad3d952 | Dr. Stephen Henson | 09 March 2012, 15:52:09 UTC | PR: 2756 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS timeout handling. | 09 March 2012, 15:52:09 UTC |
18ea747 | Dr. Stephen Henson | 08 March 2012, 14:02:00 UTC | check return value of BIO_write in PKCS7_decrypt | 08 March 2012, 14:02:00 UTC |
f4f512a | Dr. Stephen Henson | 06 March 2012, 13:46:52 UTC | PR: 2755 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions. | 06 March 2012, 13:46:52 UTC |
9c2bed0 | Dr. Stephen Henson | 06 March 2012, 13:22:57 UTC | PR: 2748 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix possible DTLS timer deadlock. | 06 March 2012, 13:22:57 UTC |
ad83334 | Andy Polyakov | 03 March 2012, 13:48:21 UTC | Configure: make no-whirlpool work [from HEAD]. | 03 March 2012, 13:48:21 UTC |
2cf4bc9 | Dr. Stephen Henson | 29 February 2012, 14:12:37 UTC | PR: 2743 Reported by: Dmitry Belyavsky <beldmit@gmail.com> Fix memory leak if invalid GOST MAC key given. | 29 February 2012, 14:12:37 UTC |
c8ac945 | Dr. Stephen Henson | 29 February 2012, 14:01:40 UTC | PR: 2742 Reported by: Dmitry Belyavsky <beldmit@gmail.com> If resigning with detached content in CMS just copy data across. | 29 February 2012, 14:01:40 UTC |