Add missing variable length cipher flag for Blowfish.

author Dr. Stephen Henson <steve@openssl.org>

Thu, 24 May 2001 22:58:35 +0000 (22:58 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 24 May 2001 22:58:35 +0000 (22:58 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 24 May 2001 22:58:35 +0000 (22:58 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 24 May 2001 22:58:35 +0000 (22:58 +0000)
diff --git a/CHANGES b/CHANGES

index f3f345ac10a5c8840ece18d2ad87427ac4f50bc7..73bc3479c807f4a78f888d1eac4ef538f3b98620 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,13 @@
           *) applies to 0.9.6a (/0.9.6b) and 0.9.7
           +) applies to 0.9.7 only
  
+  *) Fix for compatibility mode trust settings: ignore trust settings
+     unless some valid trust or reject settings are present.
+     [Steve Henson]
+
+  *) Fix for blowfish EVP: its a variable length cipher.
+     [Steve Henson]
+
    +) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
       256 bit (=32 byte) keys. Of course seeding with more entropy bytes
       than this minimum value is recommended.
@@ -97,7 +104,7 @@
       ENGINE structure.
       [Geoff]
  
-  +) Fix various bugs related to DSA S/MIME verification. Handle missing
+  *) Fix various bugs related to DSA S/MIME verification. Handle missing
       parameters in DSA public key structures and return an error in the
       DSA routines if parameters are absent.
       [Steve Henson]
diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c

index 00b069f02c17eaf6f787fc6ca741c545be1f2389..e9a19d57d2b0cd5f069d947d131460898624d052 100644 (file)
--- a/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
@@ -67,7 +67,7 @@ static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        const unsigned char *iv, int enc);
  
  IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,
-                       0, bf_init_key, NULL, 
+                       EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, 
                         EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
         
  static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c

index c164badbe4b6c782ecf6b53d937e6b06a0c1f767..f0b93489d7fe8fca6550b07cb5fd5eda991e663f 100644 (file)
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -241,7 +241,8 @@ int X509_TRUST_get_trust(X509_TRUST *xp)
  
  static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
  {
-       if(x->aux) return obj_trust(trust->arg1, x, flags);
+       if(x->aux && (x->aux->trust || x->aux->reject))
+               return obj_trust(trust->arg1, x, flags);
         /* we don't have any trust settings: for compatibility
          * we return trusted if it is self signed
          */
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 24 May 2001 22:58:35 +0000 (22:58 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 24 May 2001 22:58:35 +0000 (22:58 +0000)
CHANGES		patch \| blob \| history
crypto/evp/e_bf.c		patch \| blob \| history
crypto/x509/x509_trs.c		patch \| blob \| history