Skip to content
  1. Apr 07, 2014
  2. Apr 06, 2014
  3. Apr 05, 2014
  4. Apr 04, 2014
  5. Apr 03, 2014
  6. Apr 02, 2014
  7. Apr 01, 2014
  8. Mar 27, 2014
  9. Mar 25, 2014
  10. Mar 19, 2014
  11. Mar 18, 2014
  12. Mar 12, 2014
    • Dr. Stephen Henson's avatar
      Update ordinals. · 8b0336c8
      Dr. Stephen Henson authored
      Use a previously unused value as we will be updating multiple released
      branches.
      (cherry picked from commit 0737acd2)
      8b0336c8
    • Dr. Stephen Henson's avatar
      Fix for CVE-2014-0076 · 0a9f7780
      Dr. Stephen Henson authored
      Fix for the attack described in the paper "Recovering OpenSSL
      ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
      by Yuval Yarom and Naomi Benger. Details can be obtained from:
      http://eprint.iacr.org/2014/140
      
      Thanks to Yuval Yarom and Naomi Benger for discovering this
      flaw and to Yuval Yarom for supplying a fix.
      (cherry picked from commit 2198be34)
      
      Conflicts:
      
      	CHANGES
      0a9f7780
  13. Mar 10, 2014
  14. Mar 07, 2014
  15. Mar 06, 2014
  16. Mar 03, 2014
  17. Mar 02, 2014
  18. Mar 01, 2014
    • Dr. Stephen Henson's avatar
      Add additional FIPS digests. · 813cfd9c
      Dr. Stephen Henson authored
      Add a few special case digests not returned by FIPS_get_digestbynid().
      
      Thanks to Roumen Petrov <openssl@roumenpetrov.info> for reporting this
      issue.
      813cfd9c
    • Dr. Stephen Henson's avatar
      Add function to free compression methods. · 976c5830
      Dr. Stephen Henson authored
      Although the memory allocated by compression methods is fixed and
      cannot grow over time it can cause warnings in some leak checking
      tools. The function SSL_COMP_free_compression_methods() will free
      and zero the list of supported compression methods. This should
      *only* be called in a single threaded context when an application
      is shutting down to avoid interfering with existing contexts
      attempting to look up compression methods.
      976c5830
    • Dr. Stephen Henson's avatar
      PKCS#8 support for alternative PRFs. · b60272b0
      Dr. Stephen Henson authored
      Add option to set an alternative to the default hmacWithSHA1 PRF
      for PKCS#8 private key encryptions. This is used automatically
      by PKCS8_encrypt if the nid specified is a PRF.
      
      Add option to pkcs8 utility.
      
      Update docs.
      b60272b0
    • Dr. Stephen Henson's avatar
      Fix memory leak. · 124d2188
      Dr. Stephen Henson authored
      124d2188
  19. Feb 28, 2014
  20. Feb 27, 2014
    • Dr. Stephen Henson's avatar
      Fix fips flag handling. · 5f2329b8
      Dr. Stephen Henson authored
      Don't set the fips flags in cipher and digests as the implementations
      aren't suitable for FIPS mode and will be redirected to the FIPS module
      versions anyway.
      
      Return EVP_CIPH_FLAG_FIPS or EVP_MD_FLAG_FIPS if a FIPS implementation
      exists when calling EVP_CIPHER_flags and EVP_MD_flags repectively.
      
      Remove unused FIPS code from e_aes.c: the 1.0.2 branch will never be
      used to build a FIPS module.
      5f2329b8
    • Dr. Stephen Henson's avatar
      Remove unused file. · 01fb5e13
      Dr. Stephen Henson authored
      The file evp_fips.c isn't used in OpenSSL 1.0.2 as FIPS and non-FIPS
      implementations of algorithms can coexist.
      01fb5e13