1
diff -cr openssl6-engine/CHANGES ossl6-engine/CHANGES
2
*** openssl6-engine/CHANGES Mon Sep 8 16:57:27 2003
3
--- ossl6-engine/CHANGES Mon Sep 29 21:30:15 2003
8
Changes between 0.9.6j and 0.9.6k [xx XXX 2003]
10
+ *) Fix various bugs revealed by running the NISCC test suite:
12
+ Stop out of bounds reads in the ASN1 code when presented with
13
+ invalid tags (CAN-2003-0543 and CAN-2003-0544).
15
+ If verify callback ignores invalid public key errors don't try to check
16
+ certificate signature with the NULL public key.
20
*) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
21
if the server requested one: as stated in TLS 1.0 and SSL 3.0
23
diff -cr openssl6-engine/crypto/asn1/asn1_lib.c ossl6-engine/crypto/asn1/asn1_lib.c
24
*** openssl6-engine/crypto/asn1/asn1_lib.c Thu Aug 8 20:11:25 2002
25
--- ossl6-engine/crypto/asn1/asn1_lib.c Mon Sep 29 21:30:15 2003
31
if (--max == 0) goto err;
32
+ if (l > (INT_MAX >> 7L)) goto err;
37
+ if (--max == 0) goto err;
41
diff -cr openssl6-engine/crypto/x509/x509_vfy.c ossl6-engine/crypto/x509/x509_vfy.c
42
*** openssl6-engine/crypto/x509/x509_vfy.c Sat Dec 28 02:01:41 2002
43
--- ossl6-engine/crypto/x509/x509_vfy.c Mon Sep 29 21:30:15 2003
49
! if (X509_verify(xs,pkey) <= 0)
51
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
57
! else if (X509_verify(xs,pkey) <= 0)
59
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;