Loading CHANGES +4 −0 Original line number Original line Diff line number Diff line Loading @@ -11,6 +11,10 @@ *) applies to 0.9.6a (/0.9.6b) and 0.9.7 *) applies to 0.9.6a (/0.9.6b) and 0.9.7 +) applies to 0.9.7 only +) applies to 0.9.7 only *) Verify that incoming data obeys the block size in ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c). [Bodo Moeller] +) Tidy up PKCS#12 attribute handling. Add support for the CSP name +) Tidy up PKCS#12 attribute handling. Add support for the CSP name attribute in PKCS#12 files, add new -CSP option to pkcs12 utility. attribute in PKCS#12 files, add new -CSP option to pkcs12 utility. [Steve Henson] [Steve Henson] Loading ssl/s3_enc.c +13 −2 Original line number Original line Diff line number Diff line Loading @@ -373,7 +373,6 @@ int ssl3_enc(SSL *s, int send) /* COMPRESS */ /* COMPRESS */ /* This should be using (bs-1) and bs instead of 7 and 8 */ if ((bs != 1) && send) if ((bs != 1) && send) { { i=bs-((int)l%bs); i=bs-((int)l%bs); Loading @@ -384,11 +383,23 @@ int ssl3_enc(SSL *s, int send) rec->input[l-1]=(i-1); rec->input[l-1]=(i-1); } } if (!send) { if (l == 0 || l%bs != 0) { SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); return(0); } } EVP_Cipher(ds,rec->data,rec->input,l); EVP_Cipher(ds,rec->data,rec->input,l); if ((bs != 1) && !send) if ((bs != 1) && !send) { { i=rec->data[l-1]+1; i=rec->data[l-1]+1; /* SSL 3.0 bounds the number of padding bytes by the block size; * padding bytes (except that last) are arbitrary */ if (i > bs) if (i > bs) { { SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); Loading ssl/t1_enc.c +13 −1 Original line number Original line Diff line number Diff line Loading @@ -509,6 +509,16 @@ int tls1_enc(SSL *s, int send) } } #endif /* KSSL_DEBUG */ #endif /* KSSL_DEBUG */ if (!send) { if (l == 0 || l%bs != 0) { SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); return(0); } } EVP_Cipher(ds,rec->data,rec->input,l); EVP_Cipher(ds,rec->data,rec->input,l); #ifdef KSSL_DEBUG #ifdef KSSL_DEBUG Loading @@ -522,7 +532,7 @@ int tls1_enc(SSL *s, int send) if ((bs != 1) && !send) if ((bs != 1) && !send) { { ii=i=rec->data[l-1]; ii=i=rec->data[l-1]; /* padding_length */ i++; i++; if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) { { Loading @@ -533,6 +543,8 @@ int tls1_enc(SSL *s, int send) if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) i--; i--; } } /* TLS 1.0 does not bound the number of padding bytes by the block size. * All of them must have value 'padding_length'. */ if (i > (int)rec->length) if (i > (int)rec->length) { { SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); Loading Loading
CHANGES +4 −0 Original line number Original line Diff line number Diff line Loading @@ -11,6 +11,10 @@ *) applies to 0.9.6a (/0.9.6b) and 0.9.7 *) applies to 0.9.6a (/0.9.6b) and 0.9.7 +) applies to 0.9.7 only +) applies to 0.9.7 only *) Verify that incoming data obeys the block size in ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c). [Bodo Moeller] +) Tidy up PKCS#12 attribute handling. Add support for the CSP name +) Tidy up PKCS#12 attribute handling. Add support for the CSP name attribute in PKCS#12 files, add new -CSP option to pkcs12 utility. attribute in PKCS#12 files, add new -CSP option to pkcs12 utility. [Steve Henson] [Steve Henson] Loading
ssl/s3_enc.c +13 −2 Original line number Original line Diff line number Diff line Loading @@ -373,7 +373,6 @@ int ssl3_enc(SSL *s, int send) /* COMPRESS */ /* COMPRESS */ /* This should be using (bs-1) and bs instead of 7 and 8 */ if ((bs != 1) && send) if ((bs != 1) && send) { { i=bs-((int)l%bs); i=bs-((int)l%bs); Loading @@ -384,11 +383,23 @@ int ssl3_enc(SSL *s, int send) rec->input[l-1]=(i-1); rec->input[l-1]=(i-1); } } if (!send) { if (l == 0 || l%bs != 0) { SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); return(0); } } EVP_Cipher(ds,rec->data,rec->input,l); EVP_Cipher(ds,rec->data,rec->input,l); if ((bs != 1) && !send) if ((bs != 1) && !send) { { i=rec->data[l-1]+1; i=rec->data[l-1]+1; /* SSL 3.0 bounds the number of padding bytes by the block size; * padding bytes (except that last) are arbitrary */ if (i > bs) if (i > bs) { { SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); Loading
ssl/t1_enc.c +13 −1 Original line number Original line Diff line number Diff line Loading @@ -509,6 +509,16 @@ int tls1_enc(SSL *s, int send) } } #endif /* KSSL_DEBUG */ #endif /* KSSL_DEBUG */ if (!send) { if (l == 0 || l%bs != 0) { SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); return(0); } } EVP_Cipher(ds,rec->data,rec->input,l); EVP_Cipher(ds,rec->data,rec->input,l); #ifdef KSSL_DEBUG #ifdef KSSL_DEBUG Loading @@ -522,7 +532,7 @@ int tls1_enc(SSL *s, int send) if ((bs != 1) && !send) if ((bs != 1) && !send) { { ii=i=rec->data[l-1]; ii=i=rec->data[l-1]; /* padding_length */ i++; i++; if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) { { Loading @@ -533,6 +543,8 @@ int tls1_enc(SSL *s, int send) if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) i--; i--; } } /* TLS 1.0 does not bound the number of padding bytes by the block size. * All of them must have value 'padding_length'. */ if (i > (int)rec->length) if (i > (int)rec->length) { { SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); Loading
