I've included two patches which fix issues introduced in OpenSSL 0.9.6e/f/g (I found them when upgrading from d to g).
The first patch is a single character change that resolves ticket#260. The bug is that in EVP_txt2obj() the content length rather than the length of the tag+length+content is being passed into d2i_ASN1_OBJECT(). The second patch fixes two static "done" flags used by OpenSSL_add_all_ciphers() and OpenSSL_add_all_digests(). When calling these functions the done flag is set so that subsequent calls don't add the ciphers/digests again. EVP_cleanup() clears these lists and when these functions are called again they don't re-add the ciphers/digests. This fix makes the two flags global and clears them in EVP_cleanup(). I noticed that the ERR_load_XXX_strings() functions also use such static flags. These aren't causing me any troubles at the moment but it looks like something else that also needs fixing to allow OpenSSL to be re-initialised. NOTE: I've cc'd [EMAIL PROTECTED] but this address seems defunct so I have also notified the BXA about these changes seperately as their requirements seem to have changed. See http://www.bxa.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html for details. <<openssl-0.9.6g-txt2obj.patch>> <<openssl-0.9.6g-evp-reinit.patch>> Steven -- Steven Reddie <[EMAIL PROTECTED]> Senior Software Engineer Computer Associates Pty Ltd (Australia)
openssl-0.9.6g-txt2obj.patch
Description: Binary data
openssl-0.9.6g-evp-reinit.patch
Description: Binary data