diff options
| -rw-r--r-- | CHANGES | 9 | ||||
| -rw-r--r-- | crypto/evp/e_bf.c | 2 | ||||
| -rw-r--r-- | crypto/x509/x509_trs.c | 3 |
3 files changed, 11 insertions, 3 deletions
@@ -11,6 +11,13 @@ *) applies to 0.9.6a (/0.9.6b) and 0.9.7 +) applies to 0.9.7 only + *) Fix for compatibility mode trust settings: ignore trust settings + unless some valid trust or reject settings are present. + [Steve Henson] + + *) Fix for blowfish EVP: its a variable length cipher. + [Steve Henson] + +) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with 256 bit (=32 byte) keys. Of course seeding with more entropy bytes than this minimum value is recommended. @@ -97,7 +104,7 @@ ENGINE structure. [Geoff] - +) Fix various bugs related to DSA S/MIME verification. Handle missing + *) Fix various bugs related to DSA S/MIME verification. Handle missing parameters in DSA public key structures and return an error in the DSA routines if parameters are absent. [Steve Henson] diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c index 00b069f02c..e9a19d57d2 100644 --- a/crypto/evp/e_bf.c +++ b/crypto/evp/e_bf.c @@ -67,7 +67,7 @@ static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8, - 0, bf_init_key, NULL, + EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index c164badbe4..f0b93489d7 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -241,7 +241,8 @@ int X509_TRUST_get_trust(X509_TRUST *xp) static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) { - if(x->aux) return obj_trust(trust->arg1, x, flags); + if(x->aux && (x->aux->trust || x->aux->reject)) + return obj_trust(trust->arg1, x, flags); /* we don't have any trust settings: for compatibility * we return trusted if it is self signed */ |