Merge in fixes from 0.9.6-stable. (6b458088) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+8 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,10 @@

		Changes between 0.9.6 and 0.9.6a [xx XXX 2001]

		*) Change bctest to avoid here-documents inside command substitution
		(workaround for FreeBSD /bin/sh bug).
		[Bodo Moeller]

		*) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes
		with des_encrypt() defined on some operating systems, like Solaris
		and UnixWare.
		@@ -29,6 +33,10 @@
		(but broken) behaviour.
		[Steve Henson]

		*) Enhance bctest to search for a working bc along $PATH and print
		it when found.
		[Tim Rice <tim@multitalents.net> via Richard Levitte]

		*) Fix memory leaks in err.c: free err_data string if necessary;
		don't write to the wrong index in ERR_set_error_data.
		[Bodo Moeller]

+2 −1

Original line number	Diff line number	Diff line
		@@ -15,6 +15,7 @@
		o Security fix: prevent Bleichenbacher's DSA attack.
		o Security fix: Zero the premaster secret after deriving the
		master secret in DH ciphersuites.
		o Reimplement SSL_peek(), which had various problems.
		o Compatibility fix: the function des_encrypt() renamed to
		des_encrypt1() to avoid clashes with some Unixen libc.
		o Bug fixes for Win32, HP/UX and Irix.
		@@ -26,7 +27,7 @@
		o Add tighter checks of BIGNUM routines.
		o Shared library support has been reworked for generality.
		o More documentation.
		o New function BN_rand_range()
		o New function BN_rand_range().
		o Add "-rand" option to openssl s_client and s_server.

		Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:

+21 −6

Original line number	Diff line number	Diff line
		@@ -1386,15 +1386,30 @@ static int www_body(char hostname, int s, unsigned char context)

		/* skip the '/' */
		p= &(buf[5]);
		dot=0;

		dot = 1;
		for (e=p; *e != '\0'; e++)
		{
		if (e[0] == ' ') break;
		if ( (e[0] == '.') &&
		(strncmp(&(e[-1]),"/../",4) == 0))
		dot=1;
		}
		if (e[0] == ' ')
		break;

		switch (dot)
		{
		case 0:
		dot = (e[0] == '/') ? 1 : 0;
		break;
		case 1:
		dot = (e[0] == '.') ? 2 : 0;
		break;
		case 2:
		dot = (e[0] == '.') ? 3 : 0;
		break;
		case 3:
		dot = (e[0] == '/') ? -1 : 0;
		break;
		}
		}
		dot = (dot == 3) \|\| (dot == -1); /* filename contains ".." component */

		if (*e == '\0')
		{

+4 −3

Original line number	Diff line number	Diff line
		@@ -141,11 +141,12 @@ static int i2d_X509_NAME_entries(X509_NAME *a)
		}
		size+=i2d_X509_NAME_ENTRY(ne,NULL);
		}
		/* If empty no extra SET OF needed */
		if (ret)
		ret+=ASN1_object_size(1,size,V_ASN1_SET);
		if (fe != NULL)
		{
		/* SET OF needed only if entries is non empty */
		ret+=ASN1_object_size(1,size,V_ASN1_SET);
		fe->size=size;
		}

		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);

+2 −2

Original line number	Diff line number	Diff line
		@@ -20,11 +20,11 @@ $L="edi";
		$R="esi";

		&external_label("des_SPtrans");
		&des_encrypt("des_encrypt",1);
		&des_encrypt("des_encrypt1",1);
		&des_encrypt("des_encrypt2",0);
		&des_encrypt3("des_encrypt3",1);
		&des_encrypt3("des_decrypt3",0);
		&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
		&cbc("des_ncbc_encrypt","des_encrypt1","des_encrypt1",0,4,5,3,5,-1);
		&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);

		&asm_finish();