openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	c60dca1f95	PR: 1868 Submitted by: Paolo Ganci <Paolo.Ganci@AdNovum.CH> Approved by: steve@openssl.org Don't set fields to NULL when freeing them up in ASN1 code. On some platforms with sizeof(long) < sizeof(char *) this can cause a crash.	2009-03-25 10:42:34 +00:00
Dr. Stephen Henson	188abf7e2a	Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com> Approved by: steve@openssl.org Check return code properly in CMS_SignerInfo_verify_content().	2009-03-25 10:40:32 +00:00
Dr. Stephen Henson	f021b7cca6	Reject BMPStrings and UniversalStrings of invalid length. This prevents a crash in ASN1_STRING_print_ex() which assumes they are valid.	2009-03-25 10:35:57 +00:00
Dr. Stephen Henson	37afdc953e	Don't force S/MIME signing purpose: allow it to be overridden by store settings. Don't set default values in X509_VERIFY_PARAM_new(): it stops parameters being inherited properly.	2009-03-15 13:36:01 +00:00
Dr. Stephen Henson	044855e146	Permit nested ASN1 string encoding but with a maximum depth to avoid stack overflow.	2009-03-14 18:33:25 +00:00
Dr. Stephen Henson	4fcf8d8b07	Submitted by: Jeremy Shapiro <jnshapir@us.ibm.com> Reviewed by: steve@openssl.org Improve efficientcy of mem_gets().	2009-03-07 16:58:43 +00:00
Bodo Möller	59689735a6	-hex option for openssl rand PR: 1831 Submitted by: Damien Miller	2009-02-02 00:27:56 +00:00
Dr. Stephen Henson	73cb37295d	Update from HEAD.	2009-01-28 12:55:36 +00:00
Dr. Stephen Henson	1f35508ae6	Support NumericString for name components.	2009-01-28 12:35:10 +00:00
Ben Laurie	dc0cb7e74f	Make it possible to override CC.	2009-01-17 14:36:17 +00:00
Dr. Stephen Henson	367316c723	Oops, remove duplicate entry.	2009-01-07 23:45:19 +00:00
Dr. Stephen Henson	d34353cc91	Prepare for next version.	2009-01-07 23:38:34 +00:00
Dr. Stephen Henson	6287fa5396	Prepare for 0.9.8j release.	2009-01-07 10:50:54 +00:00
Dr. Stephen Henson	a00c3c4019	Properly check EVP_VerifyFinal() and similar return values (CVE-2008-5077). Submitted by: Ben Laurie, Bodo Moeller, Google Security Team	2009-01-07 10:48:23 +00:00
Ben Laurie	c153422388	Enable TLS Extensions by default.	2008-12-26 15:27:51 +00:00
Bodo Möller	505ed2b076	Implement Configure option pattern "experimental-foo" (specifically, "experimental-jpake").	2008-12-02 01:21:06 +00:00
Dr. Stephen Henson	5a02ac6e5b	Revert OPENSSL_EXPERIMENTAL patch. Change it so JPAKE uses the standard OPENSSL_NO_JPAKE instead.	2008-11-24 16:14:15 +00:00
Geoff Thorpe	bfc6482a7a	Allow the CHIL engine to load even if dynamic locks aren't registered. Submitted by: Sander Temme	2008-11-19 14:08:06 +00:00
Dr. Stephen Henson	81dde5e8fe	Add support for experimental code, not compiled in by default and with OPENSSL_EXPERIMENTAL_FOO around it. Make JPAKE experimental.	2008-11-12 16:54:35 +00:00
Dr. Stephen Henson	4e98f8863f	Oops...	2008-10-31 12:18:42 +00:00
Dr. Stephen Henson	582ef3dbdb	Fix from HEAD.	2008-10-31 12:09:18 +00:00
Ben Laurie	2124e869a8	Add JPAKE.	2008-10-26 18:42:05 +00:00
Ben Laurie	cdffc716c9	Set the comparison function in v3_addr_canonize().	2008-10-14 19:21:30 +00:00
Ben Laurie	5dffc13f55	Add XMPP STARTTLS support.	2008-10-14 19:09:47 +00:00
Bodo Möller	d875413a0b	Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't enable disabled ciphersuites.	2008-09-22 21:22:51 +00:00
Bodo Möller	4ea574fdf3	Now that we're changing the 0.9.8i CHANGES anyway, reorder them according to the usual convention (reverse chronological order)	2008-09-15 20:34:13 +00:00
Dr. Stephen Henson	cf8115deb0	Add missing CHANGES entry.	2008-09-15 20:28:58 +00:00
Dr. Stephen Henson	6d3b70c8da	Prepare for next version...	2008-09-15 15:30:20 +00:00
Dr. Stephen Henson	0a4fda742b	Oops... use correct version number this time....	2008-09-15 14:26:34 +00:00
Dr. Stephen Henson	3745e57bf9	Prepare for next version....	2008-09-15 12:19:09 +00:00
Dr. Stephen Henson	b7e7aa00de	Begin release of OpenSSL 0.9.8i.	2008-09-15 10:28:13 +00:00
Bodo Möller	200d00c854	Fix SSL state transitions. Submitted by: Nagendra Modadugu	2008-09-14 14:02:01 +00:00
Bodo Möller	669b912dea	Really get rid of unsafe double-checked locking. Also, "CHANGES" clean-ups.	2008-09-14 13:51:49 +00:00
Bodo Möller	36a4a67b2b	Some precautions to avoid potential security-relevant problems.	2008-09-14 13:42:40 +00:00
Ben Laurie	b7c8b4fc95	Allow soft-loading engines.	2008-09-12 13:29:59 +00:00
Dr. Stephen Henson	dd6e90465d	Add support for Local Machine Keyset attribute in PKCS#12 files.	2008-06-26 23:26:52 +00:00
Bodo Möller	4afcee8b4b	avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr() Submitted by: Huang Ying Reviewed by: Douglas Stebila	2008-06-23 20:46:28 +00:00
Dr. Stephen Henson	1f3206216b	Add acknowledgement.	2008-06-09 16:50:48 +00:00
Dr. Stephen Henson	1a12ce8ea5	Update CHANGES.	2008-06-05 15:32:05 +00:00
Mark J. Cox	3f79793b7e	After tagging, bump ready for 0.9.8i development	2008-05-28 07:47:50 +00:00
Mark J. Cox	0d01d8a735	Prepare for 0.9.8h release	2008-05-28 07:37:14 +00:00
Mark J. Cox	2c0fa03dc6	Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake which could lead to a cilent crash as found using the Codenomicon TLS test suite (CVE-2008-1672) Reviewed by: openssl-security@openssl.org Obtained from: mark@awe.com	2008-05-28 07:29:27 +00:00
Mark J. Cox	d3b3a6d389	Fix double-free in TLS server name extensions which could lead to a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) Reviewed by: openssl-security@openssl.org Obtained from: jorton@redhat.com	2008-05-28 07:26:33 +00:00
Lutz Jänicke	5f23288692	Clear error queue when starting SSL_CTX_use_certificate_chain_file PR: 1417, 1513 Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>	2008-05-23 10:37:22 +00:00
Lutz Jänicke	45c58c7d10	Remove all root CA files (beyond test CAs including private key) from the OpenSSL distribution.	2008-05-23 08:59:56 +00:00
Dr. Stephen Henson	112591be76	Fix off by one error ;-)	2008-05-20 18:48:22 +00:00
Dr. Stephen Henson	1b8daa3693	Typo.	2008-05-20 16:13:11 +00:00
Dr. Stephen Henson	10d3886c51	Fix two invalid memory reads in RSA OAEP mode. Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com> Reviewed by: steve	2008-05-19 21:26:28 +00:00
Bodo Möller	c3031a4610	Avoid BN_MONT_CTX incompatibility.	2008-05-02 18:47:19 +00:00
Bodo Möller	812d8a176c	Unobtrusive backport of 32-bit x86 Montgomery improvements from 0.9.9-dev: you need to use "enable-montasm" to see a difference. (Huge speed advantage, but BN_MONT_CTX is not binary compatible, so this can't be enabled by default in the 0.9.8 branch.) The CHANGES entry also covers the 64-bit x86 backport in November 2007 by appro.	2008-05-01 23:11:34 +00:00

1 2 3 4 5 ...

1382 Commits