← Back to branch summary

~ubuntu-branches/ubuntu/maverick/openssl/maverick

« back to all changes in this revision

Viewing changes to diffs.sec6e

  • Committer: Bazaar Package Importer
  • Author(s): Kurt Roeckx
  • Date: 2005-12-13 21:37:42 UTC
  • mto: (11.1.1 lenny)
  • mto: This revision was merged to the branch mainline in revision 4.
  • Revision ID: james.westby@ubuntu.com-20051213213742-d0ydaylf80l16bj1
Tags: upstream-0.9.8a
ImportĀ upstreamĀ versionĀ 0.9.8a

Show diffs side-by-side

added added

removed removed

Lines of Context:
diffs.sec6e
1
 
diff -cr openssl6-engine/CHANGES ossl6-engine/CHANGES
2
 
*** openssl6-engine/CHANGES     Mon Sep  8 16:57:27 2003
3
 
--- ossl6-engine/CHANGES        Mon Sep 29 21:30:15 2003
4
 
***************
5
 
*** 4,9 ****
6
 
--- 4,19 ----
7
 
  
8
 
   Changes between 0.9.6j and 0.9.6k  [xx XXX 2003]
9
 
  
10
 
+   *) Fix various bugs revealed by running the NISCC test suite:
11
 
12
 
+      Stop out of bounds reads in the ASN1 code when presented with
13
 
+      invalid tags (CAN-2003-0543 and CAN-2003-0544).
14
 
+      
15
 
+      If verify callback ignores invalid public key errors don't try to check
16
 
+      certificate signature with the NULL public key.
17
 
18
 
+      [Steve Henson]
19
 
20
 
    *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
21
 
       if the server requested one: as stated in TLS 1.0 and SSL 3.0
22
 
       specifications.
23
 
diff -cr openssl6-engine/crypto/asn1/asn1_lib.c ossl6-engine/crypto/asn1/asn1_lib.c
24
 
*** openssl6-engine/crypto/asn1/asn1_lib.c      Thu Aug  8 20:11:25 2002
25
 
--- ossl6-engine/crypto/asn1/asn1_lib.c Mon Sep 29 21:30:15 2003
26
 
***************
27
 
*** 104,113 ****
28
 
--- 104,115 ----
29
 
                        l<<=7L;
30
 
                        l|= *(p++)&0x7f;
31
 
                        if (--max == 0) goto err;
32
 
+                       if (l > (INT_MAX >> 7L)) goto err;
33
 
                        }
34
 
                l<<=7L;
35
 
                l|= *(p++)&0x7f;
36
 
                tag=(int)l;
37
 
+               if (--max == 0) goto err;
38
 
                }
39
 
        else
40
 
                { 
41
 
diff -cr openssl6-engine/crypto/x509/x509_vfy.c ossl6-engine/crypto/x509/x509_vfy.c
42
 
*** openssl6-engine/crypto/x509/x509_vfy.c      Sat Dec 28 02:01:41 2002
43
 
--- ossl6-engine/crypto/x509/x509_vfy.c Mon Sep 29 21:30:15 2003
44
 
***************
45
 
*** 490,496 ****
46
 
                                ok=(*cb)(0,ctx);
47
 
                                if (!ok) goto end;
48
 
                                }
49
 
!                       if (X509_verify(xs,pkey) <= 0)
50
 
                                {
51
 
                                ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
52
 
                                ctx->current_cert=xs;
53
 
--- 490,496 ----
54
 
                                ok=(*cb)(0,ctx);
55
 
                                if (!ok) goto end;
56
 
                                }
57
 
!                       else if (X509_verify(xs,pkey) <= 0)
58
 
                                {
59
 
                                ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
60
 
                                ctx->current_cert=xs;