aboutsummaryrefslogtreecommitdiffstats
path: root/CHANGES
Commit message (Collapse)AuthorAgeFilesLines
* ifdef cleanup, part 4a: '#ifdef undef'Rich Salz2015-01-241-0/+4
| | | | | | | | | | | This removes all code surrounded by '#ifdef undef' One case is left: memmove() replaced by open-coded for loop, in crypto/stack/stack.c That needs further review. Also removed a couple of instances of /* dead code */ if I saw them while doing the main removal. Reviewed-by: Matt Caswell <matt@openssl.org>
* Keep disclaiming 16-bit support.Andy Polyakov2015-01-231-1/+1
| | | | | | | | If you examine changes, you are likely to wonder "but what about ILP64, elusive as they are, don't they fall victim to 16-bit rationalization?" No, the case was modeled and verified to work. Reviewed-by: Rich Salz <rsalz@openssl.org>
* ifdef cleanup part 3: OPENSSL_SYSNAMERich Salz2015-01-231-0/+2
| | | | | | | | Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx Remove MS_STATIC; it's a relic from platforms <32 bits. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
* ifdef cleanup, 2 remove OPENSSL_NO_SETVBUF_IONBFRich Salz2015-01-221-0/+1
| | | | | | | Use setbuf(fp, NULL) instead of setvbuf(). This removes some ifdef complexity because all of our platforms support setbuf. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Cleanup OPENSSL_NO_xxx, part 1master-pre-reformatRich Salz2015-01-141-0/+5
| | | | | | | | | | OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO Two typo's on #endif comments fixed: OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE Reviewed-by: Richard Levitte <levitte@openssl.org>
* RT3548: Remove unsupported platformsRich Salz2015-01-121-0/+1
| | | | | | | This last one for this ticket. Removes WIN16. So long, MS_CALLBACK and MS_FAR. We won't miss you. Reviewed-by: Richard Levitte <levitte@openssl.org>
* RT3548: Remove some unsupported platforms.Rich Salz2015-01-121-0/+3
| | | | | | | | | This commit removes NCR, Tandem, Cray. Regenerates TABLE. Removes another missing BEOS fluff. The last platform remaining on this ticket is WIN16. Reviewed-by: Richard Levitte <levitte@openssl.org>
* use correct credit in CHANGESDr. Stephen Henson2015-01-061-2/+4
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* CHANGES: mention "universal" ARM support.Andy Polyakov2015-01-061-0/+8
| | | | | | This is re-commit without unrelated modification. Reviewed-by: Matt Caswell <matt@openssl.org>
* Revert "CHANGES: mention "universal" ARM support."Andy Polyakov2015-01-061-8/+0
| | | | | | This reverts commit 4fec91506975f62a2f93be71a46acc7fae7eef45. Reviewed-by: Matt Caswell <matt@openssl.org>
* CHANGES: mention "universal" ARM support.Andy Polyakov2015-01-061-0/+8
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Only allow ephemeral RSA keys in export ciphersuites.Dr. Stephen Henson2015-01-061-0/+8
| | | | | | | | | | | OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell <matt@openssl.org>
* ECDH downgrade bug fix.Dr. Stephen Henson2015-01-051-0/+7
| | | | | | | | | | Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2014-3572 Reviewed-by: Matt Caswell <matt@openssl.org>
* Ensure that the session ID context of an SSL* is updatedAdam Langley2015-01-051-0/+7
| | | | | | | | | when its SSL_CTX is updated. From BoringSSL commit https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3a Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix various certificate fingerprint issues.Dr. Stephen Henson2015-01-051-0/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: Emilia Käsper <emilia@openssl.org>
* RT3548: Remove unsupported platformsRich Salz2014-12-281-0/+1
| | | | | | | | This commit removes DG-UX. It also flushes out some left-behinds in config. And regenerates TABLE from Configure (hadn't been done in awhile). Reviewed-by: Richard Levitte <levitte@openssl.org>
* RT3548: unsupported platformsRich Salz2014-12-251-0/+1
| | | | | | | This commit removes Sinix/ReliantUNIX RM400 (And a missed piece of BEOS fluff) Reviewed-by: Richard Levitte <levitte@openssl.org>
* RT3548: Remove unsupported platforms.Rich Salz2014-12-221-0/+1
| | | | | | This commit removes MPE/iX Reviewed-by: Andy Polyakov <appro@openssl.org>
* RT3548: Remvoe unsupported platformsRich Salz2014-12-211-0/+1
| | | | | | This commit removes SunOS (a sentimental favorite of mine). Reviewed-by: Richard Levitte <levitte@openssl.org>
* RT3548: Remove outdated platformsRich Salz2014-12-191-1/+2
| | | | | | This commit removes all mention of NeXT and NextStep. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Update CHANGES for deprecated updatesMatt Caswell2014-12-181-0/+9
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* RT3548: Remove some obsolete platformsRich Salz2014-12-181-1/+3
| | | | | | This commit removes Sony NEWS4 Reviewed-by: Richard Levitte <levitte@openssl.org>
* RT3548: Remove some obsolete platformsRich Salz2014-12-171-0/+3
| | | | | | This commit removes BEOS. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add CHANGES entry for OCBMatt Caswell2014-12-081-0/+5
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Update changes to indicate that SSLv2 support has been removedKurt Roeckx2014-12-041-0/+4
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* RT2679: Fix error if keysize too shortAnnie Yousar2014-11-201-0/+4
| | | | | | | | | In keygen, return KEY_SIZE_TOO_SMALL not INVALID_KEYBITS. ** I also increased the minimum from 256 to 512, which is now documented in CHANGES file. ** Reviewed-by: Matt Caswell <matt@openssl.org>
* Do not resume a session if the negotiated protocol version does not matchDavid Benjamin2014-11-201-0/+6
| | | | | | | | the session's version (server). See also BoringSSL's commit bdf5e72f50e25f0e45e825c156168766d8442dde. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Clean up CHANGESEmilia Kasper2014-11-201-17/+1
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is resetEmilia Kasper2014-11-201-0/+10
| | | | | | | | | | | | | | once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. (Because the first CCS would latch the correct keys and subsequent CCS messages would have to be encrypted, a MitM attacker cannot exploit this, though.) Thanks to Joeri de Ruiter for reporting this issue. Reviewed-by: Matt Caswell <matt@openssl.org>
* Always require an advertised NewSessionTicket message.Emilia Kasper2014-11-201-0/+8
| | | | | | | | | | | The server must send a NewSessionTicket message if it advertised one in the ServerHello, so make a missing ticket message an alert in the client. An equivalent change was independently made in BoringSSL, see commit 6444287806d801b9a45baf1f6f02a0e3a16e144c. Reviewed-by: Matt Caswell <matt@openssl.org>
* Tighten session ticket handlingEmilia Kasper2014-10-281-0/+16
| | | | | | | | | | Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Reviewed-by: Bodo Moeller <bodo@openssl.org>
* Add missing CHANGES interval [1.0.1h, 1.0.1i]Emilia Kasper2014-10-271-0/+86
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Sync CHANGESEmilia Kasper2014-10-271-41/+41
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add missing credit.Andy Polyakov2014-10-221-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Updates CHANGES fileMatt Caswell2014-10-151-0/+33
| | | | Reviewed-by: Bodo Möller <bodo@openssl.org>
* Support TLS_FALLBACK_SCSV.Bodo Moeller2014-10-151-0/+6
| | | | Reviewed-by: Stephen Henson <steve@openssl.org>
* DTLS 1.2 support has been added to 1.0.2.Bodo Moeller2014-10-021-5/+5
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add additional explanation to CHANGES entry.Dr. Stephen Henson2014-09-291-5/+7
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Add additional DigestInfo checks.Dr. Stephen Henson2014-09-291-0/+10
| | | | | | | | | | | Reencode DigestInto in DER and check against the original: this will reject any improperly encoded DigestInfo structures. Note: this is a precautionary measure, there is no known attack which can exploit this. Thanks to Brian Smith for reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Note i2d_re_X509_tbs and related changes in CHANGESEmilia Kasper2014-09-231-0/+6
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit e9128d9401ad617e17c5eb3772512c24b038b967)
* CHANGES: mention ECP_NISTZ256.Andy Polyakov2014-09-231-0/+4
| | | | Reviewed-by: Bodo Moeller <bodo@openssl.org>
* Add CHANGES entry for SCT viewer code.Dr. Stephen Henson2014-09-051-0/+4
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org>
* RT3268: Fix spelling errors in CHANGES file.Claus Assmann2014-08-151-35/+35
| | | | | | Fix a bunch of typo's and speling (sic) errors in the CHANGES file. Reviewed-by: Tim Hudson <tjh@cryptsoft.com>
* Sync with clean-up 1.0.2 CHANGES file.Bodo Moeller2014-08-011-19/+0
| | | | | (If a change is already present in 1.0.1f or 1.0.1h, don't list it again under changes between 1.0.1h and 1.0.2.)
* Sync with current 1.0.2 CHANGES file.Bodo Moeller2014-08-011-15/+115
|
* Simplify and fix ec_GFp_simple_points_make_affineBodo Moeller2014-08-011-0/+5
| | | | | | (which didn't always handle value 0 correctly). Reviewed-by: emilia@openssl.org
* CHANGES: mention new platforms.Andy Polyakov2014-07-221-0/+35
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Remove all RFC5878 code.Dr. Stephen Henson2014-07-041-7/+0
| | | | Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
* Credit to Felix.Ben Laurie2014-06-011-0/+4
| | | | Closes #116.
* Add an NSS output format to sess_id to export to export the session id and ↵Martin Kaiser2014-05-241-0/+4
| | | | the master key in NSS keylog format. PR#3352
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-26 21:46:37 +0000