Add missing variable length cipher flag for Blowfish.

author Dr. Stephen Henson <steve@openssl.org>

Thu, 24 May 2001 23:00:46 +0000 (23:00 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 24 May 2001 23:00:46 +0000 (23:00 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 24 May 2001 23:00:46 +0000 (23:00 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 24 May 2001 23:00:46 +0000 (23:00 +0000)
diff --git a/CHANGES b/CHANGES

index e1dfac5d4d19a090fabc36a3de4f7184e69069c1..1ff891caf77be151574514cddb81eba3b0fe3aa3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
  
   Changes between 0.9.6a and 0.9.6b  [XX xxx XXXX]
  
+  *) Fix for compatibility mode trust settings: ignore trust settings
+     unless some valid trust or reject settings are present.
+     [Steve Henson]
+
+  *) Fix for blowfish EVP: its a variable length cipher.
+     [Steve Henson]
+
    *) Fix various bugs related to DSA S/MIME verification. Handle missing
       parameters in DSA public key structures and return an error in the
       DSA routines if parameters are absent.
diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c

index 72047f64dabb08614fa61aea1dc621a03603a5b0..53559b0b6571e75543524bb0dd9840157bebd362 100644 (file)
--- a/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
@@ -67,7 +67,7 @@ static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        const unsigned char *iv, int enc);
  
  IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,
-                       0, bf_init_key, NULL, 
+                       EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, 
                         EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
         
  static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c

index a7b1543461b9ee6790d0f36ef4865c84908cf72a..86b3b79dcc029bd9b4e498661cad2f15bd7893f1 100644 (file)
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -228,7 +228,8 @@ int X509_TRUST_get_trust(X509_TRUST *xp)
  
  static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
  {
-       if(x->aux) return obj_trust(trust->arg1, x, flags);
+       if(x->aux && (x->aux->trust || x->aux->reject))
+               return obj_trust(trust->arg1, x, flags);
         /* we don't have any trust settings: for compatibility
          * we return trusted if it is self signed
          */
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 24 May 2001 23:00:46 +0000 (23:00 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 24 May 2001 23:00:46 +0000 (23:00 +0000)
CHANGES		patch \| blob \| history
crypto/evp/e_bf.c		patch \| blob \| history
crypto/x509/x509_trs.c		patch \| blob \| history