[openssl-commits] [openssl] OpenSSL_0_9_8zd create

Matt Caswell matt at openssl.org
Thu Jan 8 15:23:56 UTC 2015

The annotated tag OpenSSL_0_9_8zd has been created
        at  58f95e3a7db8e68ffabef77a5669d5767376197c (tag)
   tagging  b873409efee1731171f78d8eb456b57aa4b7d0ff (commit)
  replaces  OpenSSL_0_9_8zc
 tagged by  Matt Caswell
        on  Thu Jan 8 14:33:47 2015 +0000

- Log -----------------------------------------------------------------
OpenSSL 0.9.8zd release tag

Andy Polyakov (4):
      e_os.h: allow inline functions to be compiled by legacy compilers.
      e_os.h: refine inline override logic (to address warnings in debug build).
      md32_common.h: address compiler warning in HOST_c2l.
      Fix for CVE-2014-3570.

Bodo Moeller (2):
      When processing ClientHello.cipher_suites, don't ignore cipher suites     listed after TLS_FALLBACK_SCSV.
      Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.

Dr. Stephen Henson (12):
      Don't try 1**0 test with FIPS.
      Reject invalid constructed encodings.
      Add ASN1_TYPE_cmp and X509_ALGOR_cmp.
      Update ordinals.
      Fix various certificate fingerprint issues.
      ECDH downgrade bug fix.
      Only allow ephemeral RSA keys in export ciphersuites.
      use correct function name
      use correct credit in CHANGES
      fix error discrepancy
      Fix crash in dtls1_get_record whilst in the listen state where you get two     separate reads performed - one for the header and one for the body of the     handshake record.
      Fix typo.

Emilia Kasper (1):
      Revert "RT3425: constant-time evp_enc"

Kurt Cancemi (1):
      RT3547: Add missing static qualifier

Kurt Roeckx (4):
      Keep old method in case of an unsupported protocol
      Fix warning
      Fix warning about negative unsigned intergers
      Return error when a bit string indicates an invalid amount of bits left

Matt Caswell (5):
      Prepare for 0.9.8zd-dev
      Follow on from CVE-2014-3571. This fixes the code that was the original source     of the crash due to p being NULL. Steve's fix prevents this situation from     occuring - however this is by no means obvious by looking at the code for     dtls1_get_record. This fix just makes things look a bit more sane.
      CHANGES and NEWS updates for release
      make update
      Prepare for 0.9.8zd release

Richard Levitte (1):
      Include "constant_time_locl.h" rather than "../constant_time_locl.h".     The different -I compiler parameters will take care of the rest...

Samuel Neves (1):
      Use only unsigned arithmetic in constant-time operations

Tim Hudson (2):
      Add constant_time_locl.h to HEADERS,     so the Win32 compile picks it up correctly.
      no-ssl2 with no-ssl3 does not mean drop the ssl lib


More information about the openssl-commits mailing list