Changes between 0.9.6j and 0.9.6k [xx XXX 2003]
- *)
+ *) Change X509_cretificate_type() to mark the key as exported/exportable
+ when it's 512 *bits* long, not 512 bytes.
+ [Richard Levitte]
Changes between 0.9.6i and 0.9.6j [10 Apr 2003]
doing a re-connect, always takes the first cipher in the cipher list.
If we accept a netscape connection, demand a client cert, have a
-non-self-sighed CA which does not have it's CA in netscape, and the
+non-self-signed CA which does not have it's CA in netscape, and the
browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
Netscape browsers do not really notice the server sending a
* otherwise it is the number of bytes per character
*/
-const static char tag2nbyte[] = {
+const static signed char tag2nbyte[] = {
-1, -1, -1, -1, -1, /* 0-4 */
-1, -1, -1, -1, -1, /* 5-9 */
-1, -1, 0, -1, /* 10-13 */
#define B_ASN1_NUMERICSTRING 0x0001
#define B_ASN1_PRINTABLESTRING 0x0002
#define B_ASN1_T61STRING 0x0004
-#define B_ASN1_TELETEXSTRING 0x0008
+#define B_ASN1_TELETEXSTRING 0x0004
#define B_ASN1_VIDEOTEXSTRING 0x0008
#define B_ASN1_IA5STRING 0x0010
#define B_ASN1_GRAPHICSTRING 0x0020
* had the buffer been large enough.) */
return -1;
else
- return (retlen <= INT_MAX) ? retlen : -1;
+ return (retlen <= INT_MAX) ? (int)retlen : -1;
}
if (i <= 0)
{
BIO_copy_next_retry(b);
+ *buf='\0';
if (i < 0) return((num > 0)?num:i);
if (i == 0) return(num);
}
int n, BN_ULONG *t)
{
int i,j,n2=n*2;
- unsigned int c1,c2,neg,zero;
+ int c1,c2,neg,zero;
BN_ULONG ln,lo,*p;
# ifdef BN_COUNT
# endif
# endif
#else
-# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
+# ifdef OPENSSL_SYS_SUNOS
+# define DLOPEN_FLAG 1
+# else
+# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
+# endif
#endif
/* For this DSO_METHOD, our meth_data STACK will contain;
st_idx=0;
}
}
- memset((char *)&m,0,sizeof(m));
+ OPENSSL_cleanse((char *)&m,sizeof(m));
if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* Don't just copy back local_md into md -- this could mean that
MD_Final(md,&m);
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- memset(&m,0,sizeof(m));
+ OPENSSL_cleanse(&m,sizeof(m));
if (ok)
return(1);
else
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
- if (strlen(path) > sizeof(addr.sun_path))
+ if (strlen(path) >= sizeof(addr.sun_path))
return (-1);
strcpy(addr.sun_path,path);
len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
- if (strlen(path) > sizeof(addr.sun_path))
+ if (strlen(path) >= sizeof(addr.sun_path))
return (-1);
strcpy(addr.sun_path,path);
len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
OPENSSL_free(b);
}
strncpy(buf,"NO X509_NAME",len);
+ buf[len-1]='\0';
return buf;
}
case EVP_PKEY_RSA:
ret|=EVP_PKS_RSA;
break;
- case EVP_PKS_DSA:
+ case EVP_PKEY_DSA:
ret|=EVP_PKS_DSA;
break;
default:
break;
}
- if (EVP_PKEY_size(pk) <= 512)
+ if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look
+ for, not bytes */
ret|=EVP_PKT_EXP;
if(pkey==NULL) EVP_PKEY_free(pk);
return(ret);
=item SSL_OP_NETSCAPE_CA_DN_BUG
If we accept a netscape connection, demand a client cert, have a
-non-self-sighed CA which does not have it's CA in netscape, and the
+non-self-signed CA which does not have it's CA in netscape, and the
browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
=item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
# define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP
* (unless when compiling with -D_POSIX_SOURCE,
* which doesn't work for us) */
+# endif
+# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
# define ssize_t int /* ditto */
# endif
# ifdef NEWS4 /* setvbuf is missing on mips-sony-bsd */
projects / oweals / openssl.git / commitdiff