Don't try and verify signatures if key is NULL (CVE-2013-0166)
[openssl.git] / CHANGES
2013-02-05 Dr. Stephen HensonDon't try and verify signatures if key is NULL (CVE...
2012-10-05 Ben LaurieUpdate CHANGES for OCSP fix.
2012-05-11 Dr. Stephen HensonPR: 2813
2012-05-10 Dr. Stephen Hensonprepare for next version
2012-05-10 Dr. Stephen Hensonprepare for 0.9.8x release
2012-05-10 Dr. Stephen HensonSanity check record length before skipping explicit...
2012-05-10 Dr. Stephen HensonReported by: Solar Designer of Openwall
2012-04-23 Dr. Stephen Hensonprepare for next version
2012-04-23 Dr. Stephen Hensonprepare form 0.9.8w release
2012-04-23 Dr. Stephen HensonThe fix for CVE-2012-2110 did not take into account...
2012-04-19 Dr. Stephen Hensonprepare for next version
2012-04-19 Dr. Stephen Hensonprepare for 0.9.8v release
2012-04-19 Dr. Stephen HensonCheck for potentially exploitable overflows in asn1_d2i...
2012-03-12 Dr. Stephen Hensonprepare for next version
2012-03-12 Dr. Stephen Hensonprepare for release
2012-03-12 Dr. Stephen HensonFix for CMS/PKCS7 MMA. If RSA decryption fails use...
2012-02-16 Dr. Stephen HensonFix bug in CVE-2011-4619: check we have really received...
2012-01-18 Dr. Stephen Hensonprepare for next version
2012-01-18 Dr. Stephen Hensonprepare for release
2012-01-18 Dr. Stephen HensonFix for DTLS DoS issue introduced by fix for CVE-2011...
2012-01-17 Dr. Stephen Hensonfix CHANGES entry
2012-01-04 Dr. Stephen Hensonupdate for next version
2012-01-04 Dr. Stephen Hensonprepare for 0.9.8s release
2012-01-04 Dr. Stephen HensonSubmitted by: Robin Seggelmann <seggelmann@fh-muenster...
2012-01-04 Dr. Stephen HensonFix double free in policy check code (CVE-2011-4109)
2012-01-04 Dr. Stephen HensonClear bytes used for block padding of SSL 3.0 records...
2012-01-04 Dr. Stephen HensonOnly allow one SGC handshake restart for SSL/TLS. ...
2012-01-04 Dr. Stephen HensonPrevent malformed RFC3779 data triggering an assertion...
2011-12-02 Bodo MöllerResolve a stack set-up race condition (if the list...
2011-12-02 Bodo MöllerFix ecdsatest.c.
2011-12-02 Bodo MöllerFix BIO_f_buffer().
2011-10-19 Bodo MöllerBN_BLINDING multi-threading fix.
2011-10-19 Bodo MöllerOops: this change (
2011-10-13 Bodo MöllerIn ssl3_clear, preserve s3->init_extra along with s3...
2011-09-05 Bodo Möller(EC)DH memory handling fixes.
2011-09-05 Bodo MöllerFix memory leak on bad inputs.
2011-05-25 Dr. Stephen HensonFix the ECDSA timing attack mentioned in the paper at:
2011-02-08 Bodo Möllerstart 0.9.8s-dev
2011-02-08 Bodo MöllerOCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) OpenSSL_0_9_8r
2011-01-03 Dr. Stephen HensonFix escaping code for string printing. If *any* escapin...
2010-12-02 Dr. Stephen Hensonupdate for next release
2010-12-02 Dr. Stephen Hensonprepare for release OpenSSL_0_9_8q
2010-12-02 Dr. Stephen Hensonfix for CVE-2010-4180
2010-11-29 Dr. Stephen Hensonadd CVE to JPAKE fix
2010-11-26 Ben LaurieBackport J-PAKE fix.
2010-11-16 Dr. Stephen Hensonupdate for next version
2010-11-16 Dr. Stephen Hensonprepare for release
2010-11-16 Dr. Stephen Hensonfix CVE-2010-3864
2010-10-10 Dr. Stephen HensonPR: 2314
2010-10-03 Dr. Stephen HensonAdd call to ENGINE_register_all_complete() to ENGINE_lo...
2010-08-26 Bodo MöllerECC library bugfixes.
2010-08-26 Bodo MöllerVersion tree clarification.
2010-06-26 Dr. Stephen Hensonfix so it is safe to repeatedly add PBE algorithms
2010-06-16 Dr. Stephen Hensonprepare for next release
2010-06-01 Dr. Stephen HensonPrepare for release. OpenSSL_0_9_8o
2010-06-01 Dr. Stephen HensonFix CVE-2010-0742
2010-04-07 Dr. Stephen HensonAdd SHA2 algorithms to SSL_library_init(). Although...
2010-03-25 Dr. Stephen HensonPR: 2202 (partial)
2010-03-25 Dr. Stephen Hensonupdates for next version
2010-03-24 Dr. Stephen HensonSubmitted by: Bodo Moeller and Adam Langley (Google).
2010-03-03 Dr. Stephen HensonSubmitted by: Tomas Hoger <>
2010-02-26 Dr. Stephen HensonChange versions for 0.9.8n-dev
2010-02-25 Dr. Stephen HensonPrepare for 0.9.8m release OpenSSL_0_9_8m
2010-02-23 Bodo MöllerAlways check bn_wexpend() return values for failure...
2010-02-19 Bodo MöllerFix X509_STORE locking
2010-02-17 Dr. Stephen HensonAllow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT...
2010-02-17 Dr. Stephen HensonPR: 2100
2010-02-12 Dr. Stephen Hensonupdate references to new RI RFC
2010-01-27 Dr. Stephen Hensontypo
2010-01-26 Dr. Stephen HensonPR: 1949
2010-01-26 Dr. Stephen HensonTypo
2010-01-20 Dr. Stephen Hensonprepare for release OpenSSL_0_9_8m-beta1
2010-01-13 Dr. Stephen HensonFix version handling so it can cope with a major versio...
2010-01-13 Dr. Stephen HensonModify compression code so it avoids using ex_data...
2010-01-06 Dr. Stephen HensonUpdates to conform with draft-ietf-tls-renegotiation...
2009-12-22 Bodo MöllerConstify crypto/cast.
2009-12-16 Dr. Stephen HensonNew option to enable/disable connection to unpatched...
2009-12-09 Dr. Stephen HensonAdd ctrls to clear options and mode.
2009-12-08 Dr. Stephen HensonSend no_renegotiation alert as required by spec.
2009-12-08 Dr. Stephen HensonAdd ctrl and macro so we can determine if peer support...
2009-12-08 Dr. Stephen HensonAdd support for magic cipher suite value (MCSV). Make...
2009-12-02 Dr. Stephen HensonPR: 2111
2009-11-26 Bodo Möller(whitespace)
2009-11-26 Bodo MöllerThe version numbering may change, again; so be careful...
2009-11-26 Bodo MöllerRemove attribution -- this wasn't my patch, I only...
2009-11-26 Bodo MöllerRemove obsolete information about a change for 0.9.7n.
2009-11-08 Ben LaurieFirst cut of renegotiation extension.
2009-11-05 Ben LaurieDisable renegotiation.
2009-10-30 Dr. Stephen HensonFix stateless session resumption so it can coexist...
2009-09-13 Dr. Stephen HensonAdd CHANGES entry.
2009-09-09 Dr. Stephen HensonAdd new option --strict-warnings to Configure script...
2009-08-10 Dr. Stephen HensonPR: 2003
2009-08-09 Dr. Stephen HensonAdd missing CHANGES entry for OID 0x80 fix.
2009-07-13 Dr. Stephen HensonDocument MD2 deprecation.
2009-06-30 Dr. Stephen HensonPR: 1960
2009-06-28 Dr. Stephen HensonPR: 1942
2009-06-26 Dr. Stephen HensonUpdate from 1.0.0-stable.
2009-06-17 Dr. Stephen HensonCorrect CHANGES entry.
2009-06-17 Dr. Stephen HensonPR: 1943
2009-06-15 Dr. Stephen HensonDon't check self-signed signature in X509_verify_cert...