Commit 76c919c1 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files 

Add missing variable length cipher flag for Blowfish.

Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
parent 98405f24

CHANGES

+8 −1
Original line number Original line Diff line number Diff line
@@ -11,6 +11,13 @@ 
         *) applies to 0.9.6a (/0.9.6b) and 0.9.7

         *) applies to 0.9.6a (/0.9.6b) and 0.9.7

         +) applies to 0.9.7 only

         +) applies to 0.9.7 only





  *) Fix for compatibility mode trust settings: ignore trust settings

     unless some valid trust or reject settings are present.

     [Steve Henson]



  *) Fix for blowfish EVP: its a variable length cipher.

     [Steve Henson]



  +) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with

  +) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with

     256 bit (=32 byte) keys. Of course seeding with more entropy bytes

     256 bit (=32 byte) keys. Of course seeding with more entropy bytes

     than this minimum value is recommended.

     than this minimum value is recommended.
@@ -97,7 +104,7 @@ 
     ENGINE structure.

     ENGINE structure.

     [Geoff]

     [Geoff]





  +) Fix various bugs related to DSA S/MIME verification. Handle missing

  *) Fix various bugs related to DSA S/MIME verification. Handle missing

     parameters in DSA public key structures and return an error in the

     parameters in DSA public key structures and return an error in the

     DSA routines if parameters are absent.

     DSA routines if parameters are absent.

     [Steve Henson]

     [Steve Henson]

crypto/evp/e_bf.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -67,7 +67,7 @@ static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 
		       const unsigned char *iv, int enc);

		       const unsigned char *iv, int enc);





IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,

IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,

			0, bf_init_key, NULL, 

			EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, 

			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)

			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)

	

	

static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

crypto/x509/x509_trs.c

+2 −1
Original line number Original line Diff line number Diff line
@@ -241,7 +241,8 @@ int X509_TRUST_get_trust(X509_TRUST *xp) 




static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)

static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)

{

{

	if(x->aux) return obj_trust(trust->arg1, x, flags);

	if(x->aux && (x->aux->trust || x->aux->reject))

		return obj_trust(trust->arg1, x, flags);

	/* we don't have any trust settings: for compatibility

	/* we don't have any trust settings: for compatibility

	 * we return trusted if it is self signed

	 * we return trusted if it is self signed

	 */

	 */