Commits · ddc38679cedcd154eb18187b8c384b1a05f61fc6 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jul 21, 2003
- tolerate extra data at end of client hello for SSL 3.0 · ddc38679
  Bodo Möller authored Jul 21, 2003
```
PR: 659
```
  ddc38679
- fix: 0.9.7 is based on 0.9.6h, not on 0.9.6k · 02e05594
  Bodo Möller authored Jul 21, 2003
```
typo in 0.9.6k section
```
  02e05594
Jun 19, 2003
- Document the last change. · cf9a88ca
  Richard Levitte authored Jun 19, 2003
```
PR: 587
```
  cf9a88ca
- Prepare for changes in the 0.9.6 branch · 4f1cd832
  Richard Levitte authored Jun 19, 2003
  
  4f1cd832
- Prepare for changes in the 0.9.6 branch · ed7f1d0b
  Richard Levitte authored Jun 19, 2003
  
  ed7f1d0b
Jun 11, 2003
- Add the possibility to have symbols loaded globally with DSO. · e666c459
  Richard Levitte authored Jun 11, 2003
  
  e666c459
- Add functionality to set marks on the error stack and to pop all errors to the next mark. · 54f64516
  Richard Levitte authored Jun 11, 2003
  
  54f64516
Jun 10, 2003
- Document the AES_cbc_encrypt() change · a0694600
  Richard Levitte authored Jun 10, 2003
  
  a0694600
Jun 03, 2003
- Update CHANGES to reflect base64 fix added to 0.9.7 · 63b81558
  Dr. Stephen Henson authored Jun 03, 2003
  
  63b81558
Jun 01, 2003
- Various S/MIME bug and compatibility fixes. · beab098d
  Dr. Stephen Henson authored Jun 01, 2003
  
  beab098d
May 01, 2003
- Add STORE support in ENGINE. · 3bbb0212
  Richard Levitte authored May 01, 2003
  
  3bbb0212
- Define a STORE type. For documentation, read the entry in CHANGES, · a5db6fa5
  Richard Levitte authored May 01, 2003
```
crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h.
```
  a5db6fa5
- Define the OPENSSL_ITEM structure. · 535fba49
  Richard Levitte authored May 01, 2003
  
  535fba49
Apr 29, 2003
- Add BUF_strndup() and BUF_memdup(). Not currently used, but I've code · 1ae0a83b
  Richard Levitte authored Apr 29, 2003
```
that uses them that I'll commit in a few days.
```
  1ae0a83b
- Correct documentation. sk_find_ex() doesn't return a pointer, it · 9d6c32d6
  Richard Levitte authored Apr 29, 2003
```
returns an index.
```
  9d6c32d6
- Add an extended variant of OBJ_bsearch() that can be given a few · ea5240a5
  Richard Levitte authored Apr 29, 2003
```
flags.
```
  ea5240a5
Apr 11, 2003
- include 'Changes between 0.9.6i and 0.9.6j' · 7a04fdd8
  Bodo Möller authored Apr 11, 2003
  
  7a04fdd8
Apr 03, 2003
- Implement self-signing in 'openssl ca'. This makes it easier to have · 16b1b035
  Richard Levitte authored Apr 03, 2003
```
the CA certificate part of the CA database, and combined with
'unique_subject=no', it should make operations like CA certificate
roll-over easier.
```
  16b1b035
- Add functionality to help making self-signed certificate. · e6526fbf
  Richard Levitte authored Apr 03, 2003
  
  e6526fbf
- Make it possible to have multiple active certificates with the same · f85b68cd
  Richard Levitte authored Apr 03, 2003
```
subject.
```
  f85b68cd
Apr 02, 2003
- make RSA blinding thread-safe · 5679bcce
  Bodo Möller authored Apr 02, 2003
  
  5679bcce
Mar 30, 2003
- Multi valued AVA support. · 1a15c899
  Dr. Stephen Henson authored Mar 30, 2003
  
  1a15c899
Mar 24, 2003
- Support for name constraints. · 520b76ff
  Dr. Stephen Henson authored Mar 24, 2003
  
  520b76ff
Mar 21, 2003
- Support for policy constraints. · f80153e2
  Dr. Stephen Henson authored Mar 21, 2003
  
  f80153e2
Mar 20, 2003
- make sure RSA blinding works when the PRNG is not properly seeded; · c554155b
  Bodo Möller authored Mar 20, 2003
```
enable it automatically for the built-in engine
```
  c554155b
- Support for policyMappings · a1d12dae
  Dr. Stephen Henson authored Mar 20, 2003
  
  a1d12dae
Mar 19, 2003
- countermeasure against new Klima-Pokorny-Rosa atack · 02da5bcd
  Bodo Möller authored Mar 19, 2003
  
  02da5bcd
Mar 13, 2003
- Fix a bone-head bug. This warrants a CHANGES entry because it could affect · bba2cb3a
  Geoff Thorpe authored Mar 13, 2003
```
applications if they were passing a bogus 'flags' parameter yet having
things work as they wanted anyway.
```
  bba2cb3a
Mar 11, 2003

The default implementation of DSA_METHOD has an interdependence on the · 879650b8

Geoff Thorpe authored Mar 11, 2003

dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and
dsa_sign_setup(). When another DSA_METHOD implementation does not define
these lower-level handlers, it becomes impossible to do a fallback to
software on errors using a simple DSA_OpenSSL()->fn(key).

This change allows the default DSA_METHOD to function in such circumstances
by only using dsa_mod_exp() and bn_mod_exp() handlers if they exist,
otherwise using BIGNUM implementations directly (which is what those
handlers did before this change). There should be no noticable difference
for the software case, or indeed any custom case that didn't already
segfault, except perhaps that there is now one less level of indirection in
all cases.

PR: 507

879650b8

Feb 28, 2003
- - new ECDH_compute_key interface (KDF is no longer a fixed built-in) · 176f31dd
  Bodo Möller authored Feb 28, 2003
```
- bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary
```
  176f31dd
Feb 27, 2003
- Support for dirName from config files in GeneralName extensions. · f0dc08e6
  Dr. Stephen Henson authored Feb 27, 2003
  
  f0dc08e6
Feb 25, 2003
- Fix indefinite length encoding so EOC correctly updates · e9ec6396
  Dr. Stephen Henson authored Feb 25, 2003
```
the buffer pointer.

Rename PKCS7_PARTSIGN to PKCS7_STREAM.

Guess what that's for :-)
```
  e9ec6396
Feb 22, 2003
- Add instructions for building the MinGW target in Cygwin, and · 63ff3e83
  Ulf Möller authored Feb 22, 2003
```
rearrange some of the other text for better readability.
```
  63ff3e83
- Allow building applications against static libraries with Makefile.shared. · 132eaa59
  Richard Levitte authored Feb 22, 2003
  
  132eaa59
- Base64 bio fixes. The base64 bio was seriously broken · 5562cfac
  Dr. Stephen Henson authored Feb 22, 2003
```
when reading from a non blocking BIO.

It would incorrectly interpret retries as EOF, incorrectly
buffer initial data and have no buffering at all after initial
data (data would be sent one byte at a time to EVP_DecodeUpdate).
```
  5562cfac
Feb 19, 2003
- Security fix: Vaudenay timing attack on CBC. · 5b0b0e98
  Richard Levitte authored Feb 19, 2003
```
An advisory will be posted to the web.  Expect a release within the hour.
```
  5b0b0e98
Feb 18, 2003
- Make the no-err option work properly · 758f942b
  Richard Levitte authored Feb 18, 2003
  
  758f942b
Feb 15, 2003
- Single pass processing to cleartext S/MIME signing. · 27068df7
  Dr. Stephen Henson authored Feb 15, 2003
  
  27068df7
Feb 14, 2003
- Add support for IA64. · b7bbac72
  Richard Levitte authored Feb 14, 2003
```
PR: 454
```
  b7bbac72
Feb 13, 2003

Add full support for -rpath/-R, both in shared libraries and · 2d3de726

Richard Levitte authored Feb 13, 2003

applications, at least on the platforms where it's known how
to do it.

Note: this has only been tested on GNU-based platforms (Linux), and
needs to be tested on all others.  Additionally, it's not yet
supported on the following platforms, for lack of information:

Darwin (MacOS X)
Cygwin
OSF1/Alpha
SVR3
ReliantUNIX

Please help out with testing and the platforms we don't yet know well
enough.

2d3de726