From 7fff6639911e4467c8f687924a1e7dc465ff5c17 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Wed, 30 Oct 2002 12:15:30 +0000
Subject: [PATCH] Recent changes from 0.9.6-stable.

---
 CHANGES              | 12 +++++++++---
 apps/pkcs8.c         |  3 ++-
 crypto/bn/bn_word.c  |  5 ++++-
 demos/selfsign.c     |  2 +-
 doc/c-indentation.el | 10 ++++------
 ssl/s3_srvr.c        |  2 +-
 tools/c_rehash.in    |  5 +++--
 7 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/CHANGES b/CHANGES
index 7914637d30..70e22b7da8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -58,6 +58,12 @@
 
  Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
 
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer.
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
   *) Fix cipher selection routines: ciphers without encryption had no flags
      for the cipher strength set and where therefore not handled correctly
      by the selection routines (PR #130).
@@ -89,7 +95,7 @@
   *) Add various sanity checks to asn1_get_length() to reject
      the ASN1 length bytes if they exceed sizeof(long), will appear
      negative or the content length exceeds the length of the
-     supplied buffer.
+     supplied buffer. (CAN-2002-0659)
      [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
 
   *) Assertions for various potential buffer overflows, not known to
@@ -194,8 +200,8 @@
      value is 0.
      [Richard Levitte]
 
-  *) [In 0.9.6c-engine release:]
-     Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
+  *) [In 0.9.6d-engine release:]
+     Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
      [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
 
   *) Add the configuration target linux-s390x.
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index bd1697a325..d7bfc9345d 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -266,7 +266,8 @@ int MAIN(int argc, char **argv)
 			if(passout) p8pass = passout;
 			else {
 				p8pass = pass;
-				EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
+				if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1))
+					return (1);
 			}
 			app_RAND_load_file(NULL, bio_err, 0);
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c
index cd59baa2c4..988e0ca7b3 100644
--- a/crypto/bn/bn_word.c
+++ b/crypto/bn/bn_word.c
@@ -123,7 +123,10 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
 	i=0;
 	for (;;)
 		{
-		l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+		if (i >= a->top)
+			l=w;
+		else
+			l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
 		a->d[i]=l;
 		if (w > l)
 			w=1;
diff --git a/demos/selfsign.c b/demos/selfsign.c
index 68904c611e..3d90caaa64 100644
--- a/demos/selfsign.c
+++ b/demos/selfsign.c
@@ -106,7 +106,7 @@ int days;
 		}
 	rsa=NULL;
 
-	X509_set_version(x,3);
+	X509_set_version(x,2);
 	ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
 	X509_gmtime_adj(X509_get_notBefore(x),0);
 	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
diff --git a/doc/c-indentation.el b/doc/c-indentation.el
index 48ca3cf69b..cbf01cb172 100644
--- a/doc/c-indentation.el
+++ b/doc/c-indentation.el
@@ -13,12 +13,10 @@
 ;
 ; Apparently statement blocks that are not introduced by a statement
 ; such as "if" and that are not the body of a function cannot
-; be handled too well by CC mode with this indentation style.
-; The style defined below does not indent them at all.
-; To insert tabs manually, prefix them with ^Q (the "quoted-insert"
-; command of Emacs).  If you know a solution to this problem
-; or find other problems with this indentation style definition,
-; please send e-mail to bodo@openssl.org.
+; be handled too well by CC mode with this indentation style,
+; so you have to indent them manually (you can use C-q tab).
+; 
+; For suggesting improvements, please send e-mail to bodo@openssl.org.
 
 (c-add-style "eay"
 	     '((c-basic-offset . 8)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index e4451e2bc7..cd122da8f1 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1566,7 +1566,7 @@ static int ssl3_get_cert_verify(SSL *s)
 		SSL3_ST_SR_CERT_VRFY_A,
 		SSL3_ST_SR_CERT_VRFY_B,
 		-1,
-		512, /* 512? */
+		514, /* 514? */
 		&ok);
 
 	if (!ok) return((int)n);
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
index 1a17605728..132c0e4ceb 100644
--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
@@ -101,7 +101,7 @@ sub check_file {
 sub link_hash_cert {
 		my $fname = $_[0];
 		$fname =~ s/'/'\\''/g;
-		my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in '$fname'`;
+		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
 		chomp $hash;
 		chomp $fprint;
 		$fprint =~ s/^.*=//;
@@ -131,7 +131,8 @@ sub link_hash_cert {
 
 sub link_hash_crl {
 		my $fname = $_[0];
-		my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
 		chomp $hash;
 		chomp $fprint;
 		$fprint =~ s/^.*=//;
-- 
2.25.1