| 35d732f | Dr. Stephen Henson | 04 February 2013, 21:13:18 UTC | Fix error codes. | 04 February 2013, 21:13:18 UTC |
| 896ddb9 | Dr. Stephen Henson | 04 February 2013, 20:48:45 UTC | Reword NEWS entry. | 04 February 2013, 20:48:45 UTC |
| e630b3c | Dr. Stephen Henson | 04 February 2013, 20:47:36 UTC | Update NEWS | 04 February 2013, 20:47:36 UTC |
| f1ca56a | Dr. Stephen Henson | 04 February 2013, 20:34:26 UTC | Add CHANGES entries. | 04 February 2013, 20:37:46 UTC |
| 529d27e | Andy Polyakov | 03 February 2013, 19:04:39 UTC | e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret. | 03 February 2013, 19:04:39 UTC |
| b2226c6 | Andy Polyakov | 09 November 2012, 13:58:40 UTC | bn_word.c: fix overflow bug in BN_add_word. (cherry picked from commit 134c00659a1bc67ad35a1e4620e16bc4315e6e37) | 02 February 2013, 21:39:00 UTC |
| 024de21 | Andy Polyakov | 02 February 2013, 18:52:43 UTC | x86_64 assembly pack: keep making Windows build more robust. PR: 2963 and a number of others (cherry picked from commit 4568182a8b8cbfd15cbc175189029ac547bd1762) | 02 February 2013, 21:26:20 UTC |
| 125093b | Andy Polyakov | 02 February 2013, 18:29:59 UTC | e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues. Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch. | 02 February 2013, 18:35:09 UTC |
| f3e99ea | Ben Laurie | 01 February 2013, 19:04:26 UTC | Merge remote-tracking branch 'origin/OpenSSL_1_0_1-stable' into OpenSSL_1_0_1-stable | 01 February 2013, 19:04:26 UTC |
| 8bfd4c6 | Andy Polyakov | 01 February 2013, 14:31:50 UTC | ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. Kludge alert. This is arranged by passing padding length in unused bits of SSL3_RECORD->type, so that orig_len can be reconstructed. | 01 February 2013, 14:54:37 UTC |
| ec07246 | Andy Polyakov | 01 February 2013, 14:31:50 UTC | ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. | 01 February 2013, 14:34:09 UTC |
| 04e45b5 | Dr. Stephen Henson | 01 February 2013, 13:53:43 UTC | Don't access EVP_MD_CTX internals directly. | 01 February 2013, 14:12:27 UTC |
| d537132 | Andy Polyakov | 01 February 2013, 09:10:32 UTC | s3/s3_cbc.c: allow for compilations with NO_SHA256|512. | 01 February 2013, 09:31:59 UTC |
| 3626023 | Andy Polyakov | 01 February 2013, 08:59:56 UTC | ssl/s3_cbc.c: md_state alignment portability fix. RISCs are picky and alignment granted by compiler for md_state can be insufficient for SHA512. | 01 February 2013, 09:31:52 UTC |
| cab13fc | Andy Polyakov | 01 February 2013, 08:55:43 UTC | ssl/s3_cbc.c: uint64_t portability fix. Break dependency on uint64_t. It's possible to declare bits as unsigned int, because TLS packets are limited in size and 32-bit value can't overflow. | 01 February 2013, 09:31:23 UTC |
| 34ab3c8 | Dr. Stephen Henson | 31 January 2013, 23:04:39 UTC | typo. | 31 January 2013, 23:04:39 UTC |
| 25c93fd | Dr. Stephen Henson | 31 January 2013, 17:04:41 UTC | Merge branch 'ben/timing-1.0.1' into OpenSSL_1_0_1-stable | 31 January 2013, 17:04:41 UTC |
| 428c106 | Dr. Stephen Henson | 31 January 2013, 16:39:40 UTC | Update NEWS | 31 January 2013, 16:39:40 UTC |
| 81ce0e1 | Dr. Stephen Henson | 31 January 2013, 15:19:00 UTC | Add ordinal for CRYPTO_memcmp: since this will affect multiple branches it needs to be in a "gap". | 31 January 2013, 15:31:57 UTC |
| b908e88 | Dr. Stephen Henson | 29 January 2013, 14:44:36 UTC | Timing fix mitigation for FIPS mode. We have to use EVP in FIPS mode so we can only partially mitigate timing differences. Make an extra call to EVP_DigestSignUpdate to hash additonal blocks to cover any timing differences caused by removal of padding. | 31 January 2013, 12:34:10 UTC |
| 62e4506 | Dr. Stephen Henson | 24 January 2013, 13:30:42 UTC | Don't try and verify signatures if key is NULL (CVE-2013-0166) Add additional check to catch this in ASN1_item_verify too. | 29 January 2013, 16:49:24 UTC |
| 014265e | Ben Laurie | 28 January 2013, 18:24:55 UTC | Oops. Add missing file. | 28 January 2013, 18:24:55 UTC |
| 9f27de1 | Ben Laurie | 28 January 2013, 17:34:33 UTC | Update DTLS code to match CBC decoding in TLS. This change updates the DTLS code to match the constant-time CBC behaviour in the TLS. | 28 January 2013, 17:34:33 UTC |
| 6cb19b7 | Ben Laurie | 28 January 2013, 17:33:18 UTC | Don't crash when processing a zero-length, TLS >= 1.1 record. The previous CBC patch was bugged in that there was a path through enc() in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left at the previous value which could suggest that the packet was a sufficient length when it wasn't. | 28 January 2013, 17:33:18 UTC |
| e130841 | Ben Laurie | 28 January 2013, 17:31:49 UTC | Make CBC decoding constant time. This patch makes the decoding of SSLv3 and TLS CBC records constant time. Without this, a timing side-channel can be used to build a padding oracle and mount Vaudenay's attack. This patch also disables the stitched AESNI+SHA mode pending a similar fix to that code. In order to be easy to backport, this change is implemented in ssl/, rather than as a generic AEAD mode. In the future this should be changed around so that HMAC isn't in ssl/, but crypto/ as FIPS expects. | 28 January 2013, 17:31:49 UTC |
| 2ee7988 | Ben Laurie | 28 January 2013, 17:30:38 UTC | Add and use a constant-time memcmp. This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. | 28 January 2013, 17:30:38 UTC |
| ffcf4c6 | Dr. Stephen Henson | 23 January 2013, 01:04:36 UTC | Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set | 23 January 2013, 01:07:23 UTC |
| b286a96 | Andy Polyakov | 22 January 2013, 21:11:31 UTC | x86_64 assembly pack: make Windows build more robust [from master]. PR: 2963 and a number of others | 22 January 2013, 21:54:04 UTC |
| 2a2df2e | Andy Polyakov | 22 January 2013, 20:13:37 UTC | bn/asm/mips.pl: hardwire local call to bn_div_words. | 22 January 2013, 20:16:51 UTC |
| 15481c5 | Dr. Stephen Henson | 20 January 2013, 01:07:58 UTC | Don't include comp.h if no-comp set. | 20 January 2013, 01:10:52 UTC |
| 366b60b | Andy Polyakov | 19 January 2013, 17:24:03 UTC | engines/ccgost: GOST fixes [from master]. Submitted by: Dmitry Belyavsky, Seguei Leontiev PR: 2821 | 19 January 2013, 17:26:54 UTC |
| 4782444 | Andy Polyakov | 19 January 2013, 12:20:21 UTC | .gitignore adjustments | 19 January 2013, 12:33:04 UTC |
| 8a17e16 | Dr. Stephen Henson | 14 January 2013, 00:24:34 UTC | Merge branch 'OpenSSL_1_0_1-stable' of /home/steve/src/git/openssl into OpenSSL_1_0_1-stable | 14 January 2013, 00:24:34 UTC |
| 72f27cd | Ben Laurie | 13 January 2013, 21:04:39 UTC | Fix some clang warnings. | 14 January 2013, 00:22:28 UTC |
| 3b3674a | Dr. Stephen Henson | 13 January 2013, 23:01:43 UTC | Merge branch 'OpenSSL_1_0_1-stable' of openssl.net:openssl into OpenSSL_1_0_1-stable | 13 January 2013, 23:01:43 UTC |
| 9d75e76 | Ben Laurie | 12 January 2013, 12:25:30 UTC | Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955). | 13 January 2013, 23:00:46 UTC |
| bf07bd4 | Ben Laurie | 12 January 2013, 12:25:30 UTC | Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955). | 12 January 2013, 15:13:40 UTC |
| 296cc7f | Dr. Stephen Henson | 07 January 2013, 16:24:58 UTC | Update debug-steve64 | 07 January 2013, 16:24:58 UTC |
| 3d92984 | Dr. Stephen Henson | 07 January 2013, 16:23:00 UTC | Add .gitignore | 07 January 2013, 16:23:00 UTC |
| 51447d5 | Dr. Stephen Henson | 07 January 2013, 16:14:15 UTC | In FIPS mode use PKCS#8 format when writing private keys: traditional format uses MD5 which is prohibited in FIPS mode. | 07 January 2013, 16:19:28 UTC |
| 1dcf520 | Dr. Stephen Henson | 07 January 2013, 16:13:48 UTC | Change default bits to 1024 | 07 January 2013, 16:18:57 UTC |
| fca84da | Dr. Stephen Henson | 30 December 2012, 16:05:11 UTC | make no-comp compile | 30 December 2012, 16:05:11 UTC |
| 3ea1e13 | Dr. Stephen Henson | 23 December 2012, 18:19:28 UTC | add missing \n | 23 December 2012, 18:19:28 UTC |
| dd6639b | Andy Polyakov | 16 December 2012, 19:41:57 UTC | VC-32.pl: fix typo [from HEAD]. Submitted by: Pierre Delaage | 16 December 2012, 19:41:57 UTC |
| bee0550 | Ben Laurie | 14 December 2012, 13:29:51 UTC | Documentation improvements by Chris Palmer (Google). | 14 December 2012, 13:29:51 UTC |
| fc57c58 | Ben Laurie | 13 December 2012, 16:08:17 UTC | Document -pubkey option. | 13 December 2012, 16:08:17 UTC |
| 5bb6d96 | Ben Laurie | 13 December 2012, 15:48:42 UTC | Make verify return errors. | 13 December 2012, 15:48:42 UTC |
| 28e1bd3 | Ben Laurie | 13 December 2012, 15:46:46 UTC | Add 64 bit target. | 13 December 2012, 15:46:46 UTC |
| dd83cc2 | Dr. Stephen Henson | 06 December 2012, 18:25:03 UTC | Fix two bugs which affect delta CRL handling: Use -1 to check all extensions in CRLs. Always set flag for freshest CRL. | 06 December 2012, 18:25:03 UTC |
| ea00598 | Andy Polyakov | 05 December 2012, 17:45:24 UTC | aes-s390x.pl: fix XTS bugs in z196-specific code path [from HEAD]. | 05 December 2012, 17:45:24 UTC |
| a650314 | Dr. Stephen Henson | 04 December 2012, 17:26:13 UTC | check mval for NULL too | 04 December 2012, 17:26:13 UTC |
| 54fdc39 | Dr. Stephen Henson | 03 December 2012, 16:33:24 UTC | fix leak | 03 December 2012, 16:33:24 UTC |
| 7dc98a6 | Andy Polyakov | 01 December 2012, 11:11:12 UTC | aes-s389x.pl: harmonize software-only code path [from HEAD]. | 01 December 2012, 11:11:12 UTC |
| f20ba1c | Dr. Stephen Henson | 29 November 2012, 19:15:36 UTC | PR: 2803 Submitted by: jean-etienne.schwartz@bull.net In OCSP_basic_varify return an error if X509_STORE_CTX_init fails. | 29 November 2012, 19:15:36 UTC |
| 7c35629 | Dr. Stephen Henson | 22 November 2012, 14:15:25 UTC | reject zero length point format list or supported curves extensions | 22 November 2012, 14:15:25 UTC |
| eb3a391 | Dr. Stephen Henson | 21 November 2012, 14:02:21 UTC | PR: 2908 Submitted by: Dmitry Belyavsky <beldmit@gmail.com> Fix DH double free if parameter generation fails. | 21 November 2012, 14:02:21 UTC |
| 540f7c7 | Dr. Stephen Henson | 20 November 2012, 00:28:56 UTC | fix leaks | 20 November 2012, 00:28:56 UTC |
| d6342aa | Dr. Stephen Henson | 19 November 2012, 20:07:05 UTC | correct docs | 19 November 2012, 20:07:05 UTC |
| e7b85bc | Dr. Stephen Henson | 18 November 2012, 15:21:02 UTC | PR: 2880 Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de> Correctly handle local machine keys in the capi ENGINE. | 18 November 2012, 15:21:02 UTC |
| 07eaaab | Dr. Stephen Henson | 15 November 2012, 19:15:20 UTC | add "missing" TLSv1.2 cipher alias | 15 November 2012, 19:15:20 UTC |
| 96f7faf | Dr. Stephen Henson | 16 October 2012, 22:46:40 UTC | Don't require tag before ciphertext in AESGCM mode | 16 October 2012, 22:46:40 UTC |
| 487a0df | Andy Polyakov | 16 October 2012, 08:16:25 UTC | aix[64]-cc: get MT support right [from HEAD]. PR: 2896 | 16 October 2012, 08:16:25 UTC |
| 09ef5f6 | Bodo Möller | 05 October 2012, 20:51:12 UTC | Fix EC_KEY initialization race. Submitted by: Adam Langley | 05 October 2012, 20:51:12 UTC |
| bcc0e4c | Bodo Möller | 24 September 2012, 19:49:42 UTC | Fix Valgrind warning. Submitted by: Adam Langley | 24 September 2012, 19:49:42 UTC |
| caac8fe | Richard Levitte | 24 September 2012, 18:49:04 UTC | * Configure: make the debug-levitte-linux{elf,noasm} less extreme. | 24 September 2012, 18:49:04 UTC |
| 353e845 | Dr. Stephen Henson | 21 September 2012, 14:01:59 UTC | Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate change the current certificate (in s->cert->key) to the one used and then SSL_get_certificate and SSL_get_privatekey will automatically work. Note for 1.0.1 and earlier also includes backport of the function ssl_get_server_send_pkey. | 21 September 2012, 14:01:59 UTC |
| d1451f1 | Richard Levitte | 21 September 2012, 13:08:28 UTC | * ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug. Fortunately in debugging code that's seldom used. | 21 September 2012, 13:08:28 UTC |
| c3a5b7b | Bodo Möller | 17 September 2012, 17:24:44 UTC | Fix warning. Submitted by: Chromium Authors | 17 September 2012, 17:24:44 UTC |
| 70d91d6 | Ben Laurie | 17 September 2012, 14:39:38 UTC | Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836. | 17 September 2012, 14:39:38 UTC |
| bc78883 | Andy Polyakov | 15 September 2012, 08:46:31 UTC | e_aes.c: uninitialized variable in aes_ccm_init_key [from HEAD]. PR: 2874 Submitted by: Tomas Mraz | 15 September 2012, 08:46:31 UTC |
| f929f20 | Dr. Stephen Henson | 11 September 2012, 13:44:38 UTC | fix memory leak | 11 September 2012, 13:44:38 UTC |
| 554cf97 | Andy Polyakov | 01 September 2012, 13:23:05 UTC | bn_lcl.h: gcc removed support for "h" constraint, which broke inline assembler [from HEAD]. | 01 September 2012, 13:23:05 UTC |
| 48ccbee | Dr. Stephen Henson | 01 September 2012, 11:29:52 UTC | Don't load GOST ENGINE if it is already loaded. Multiple copies of the ENGINE will cause problems when it is cleaned up as the methods are stored in static structures which will be overwritten and freed up more than once. Set static methods to NULL when the ENGINE is freed so it can be reloaded. | 01 September 2012, 11:29:52 UTC |
| 7a21707 | Dr. Stephen Henson | 22 August 2012, 22:42:04 UTC | PR: 2786 Reported by: Tomas Mraz <tmraz@redhat.com> Treat a NULL value passed to drbg_free_entropy callback as non-op. This can happen if the call to fips_get_entropy fails. | 22 August 2012, 22:42:04 UTC |
| 0720bf7 | Andy Polyakov | 17 August 2012, 19:59:49 UTC | sha1-armv4-large.pl: comply with ABI [from HEAD]. | 17 August 2012, 19:59:49 UTC |
| 9d67277 | Andy Polyakov | 17 August 2012, 09:02:40 UTC | aes-mips.pl: harmonize with fips module. PR: 2863 Submitted by: Duane Sand | 17 August 2012, 09:02:40 UTC |
| 12c1621 | Bodo Möller | 16 August 2012, 13:43:37 UTC | Enable message names for TLS 1.1, 1.2 with -msg. | 16 August 2012, 13:43:37 UTC |
| f9b48d6 | Andy Polyakov | 13 August 2012, 16:38:43 UTC | gosthash.c: use memmove in circle_xor8, as input pointers can be equal [from HEAD]. PR: 2858 | 13 August 2012, 16:38:43 UTC |
| 5c29127 | Andy Polyakov | 13 August 2012, 16:18:59 UTC | ./Configure: libcrypto.a can grow to many GB on Solaris 10, because of ar bug [from HEAD]. PR: 2838 | 13 August 2012, 16:18:59 UTC |
| 78d767f | Andy Polyakov | 13 August 2012, 15:32:18 UTC | gcm128.c: fix AAD-only case with AAD length not divisible by 16 [from HEAD]. PR: 2859 Submitted by: John Foley | 13 August 2012, 15:32:18 UTC |
| c8b979e | Richard Levitte | 05 July 2012, 12:58:27 UTC | Add evp_cnf in the build. | 05 July 2012, 12:58:27 UTC |
| 2beaa91 | Dr. Stephen Henson | 05 July 2012, 11:49:56 UTC | update NEWS | 05 July 2012, 11:49:56 UTC |
| efa288c | Richard Levitte | 05 July 2012, 09:00:49 UTC | Have the new names start in column 48, that makes it easy to see when the 31 character limit is reached (on a 80 column display, do the math) | 05 July 2012, 09:00:49 UTC |
| ad3bbd4 | Richard Levitte | 05 July 2012, 08:49:30 UTC | Cosmetics: remove duplicate symbol in crypto/symhacks.h | 05 July 2012, 08:49:30 UTC |
| 7391344 | Dr. Stephen Henson | 04 July 2012, 13:14:11 UTC | add missing evp_cnf.c file | 04 July 2012, 13:14:11 UTC |
| e133ff7 | Dr. Stephen Henson | 03 July 2012, 20:16:30 UTC | PR: 2840 Reported by: David McCullough <david_mccullough@mcafee.com> Restore fips configuration module from 0.9.8. | 03 July 2012, 20:16:30 UTC |
| 25da47c | Dr. Stephen Henson | 03 July 2012, 16:36:10 UTC | Fix memory leak. Always perform nexproto callback argument initialisation in s_server otherwise we use uninitialised data if -nocert is specified. | 03 July 2012, 16:36:10 UTC |
| 4dc40f5 | Ben Laurie | 01 July 2012, 16:04:12 UTC | Unused variable. | 01 July 2012, 16:04:12 UTC |
| a1a3757 | Andy Polyakov | 01 July 2012, 09:12:14 UTC | bss_dgram.c: fix typos in Windows code. | 01 July 2012, 09:12:14 UTC |
| c64c0e0 | Dr. Stephen Henson | 27 June 2012, 14:11:40 UTC | don't use pseudo digests for default values of keys | 27 June 2012, 14:11:40 UTC |
| e1e882a | Andy Polyakov | 27 June 2012, 12:58:03 UTC | x86_64 assembly pack: make it possible to compile with Perl located on path with spaces [from HEAD]. PR: 2835 | 27 June 2012, 12:58:03 UTC |
| 36b0719 | Dr. Stephen Henson | 19 June 2012, 13:39:03 UTC | oops, add -debug_decrypt option which was accidenatally left out | 19 June 2012, 13:39:03 UTC |
| 7655044 | Andy Polyakov | 19 June 2012, 12:36:00 UTC | bss_dgram.c: fix bugs [from HEAD]. PR: 2833 | 19 June 2012, 12:36:00 UTC |
| 58fdd30 | Dr. Stephen Henson | 10 June 2012, 23:01:28 UTC | revert more "version skew" changes that break FIPS builds | 10 June 2012, 23:01:28 UTC |
| 7175dba | Dr. Stephen Henson | 09 June 2012, 23:35:34 UTC | Revert "version skew" patches that break FIPS compilation. | 09 June 2012, 23:35:34 UTC |
| af454b5 | Ben Laurie | 08 June 2012, 09:18:47 UTC | Reduce version skew. | 08 June 2012, 09:18:47 UTC |
| 5b2bbf3 | Andy Polyakov | 16 May 2012, 18:22:27 UTC | s2_clnt.c: compensate for compiler bug [from HEAD]. | 16 May 2012, 18:22:27 UTC |
| 6321ac9 | Andy Polyakov | 16 May 2012, 18:18:29 UTC | ppccap.c: assume no features under 32-bit AIX kernel [from HEAD]. PR: 2810 | 16 May 2012, 18:18:29 UTC |
| eeca72f | Dr. Stephen Henson | 11 May 2012, 13:52:46 UTC | PR: 2813 Reported by: Constantine Sapuntzakis <csapuntz@gmail.com> Fix possible deadlock when decoding public keys. | 11 May 2012, 13:52:46 UTC |
| 6e164e5 | Dr. Stephen Henson | 11 May 2012, 13:32:26 UTC | PR: 2811 Reported by: Phil Pennock <openssl-dev@spodhuis.org> Make renegotiation work for TLS 1.2, 1.1 by not using a lower record version client hello workaround if renegotiating. | 11 May 2012, 13:32:26 UTC |
