--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/036-evp_leak.patch	Wed Oct 26 13:19:33 2016 -0700
@@ -0,0 +1,144 @@
+Patch developed in-house.  Solaris-specific; not suitable for upstream.
+
+--- openssl-1.0.1f/crypto/evp/evp_enc.c.orig    Mon Feb 11 07:26:04 2013
++++ openssl-1.0.1f/crypto/evp/evp_enc.c    Mon Feb  3 16:40:48 2014
+@@ -392,11 +392,13 @@
+
+     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+         ret = M_do_cipher(ctx, out, NULL, 0);
+-        if (ret < 0)
+-            return 0;
+-        else
++        if (ret < 0) {
++            ret = 0;
++            goto cleanup;
++        } else
+             *outl = ret;
+-        return 1;
++        ret = 1;
++        goto cleanup;
+     }
+
+     b = ctx->cipher->block_size;
+@@ -403,7 +405,8 @@
+     OPENSSL_assert(b <= sizeof ctx->buf);
+     if (b == 1) {
+         *outl = 0;
+-        return 1;
++        ret = 1;
++        goto cleanup;
+     }
+     bl = ctx->buf_len;
+     if (ctx->flags & EVP_CIPH_NO_PADDING) {
+@@ -410,10 +413,12 @@
+         if (bl) {
+             EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
+                    EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+-            return 0;
++            ret = 0;
++            goto cleanup;
+         }
+         *outl = 0;
+-        return 1;
++        ret = 1;
++        goto cleanup;
+     }
+ 
+     n = b - bl;
+@@ -424,6 +429,11 @@
+     if (ret)
+         *outl = b;
+ 
++cleanup:
++    if (ctx->cipher->cleanup) {
++        ctx->cipher->cleanup(ctx);
++    }
++
+     return ret;
+ }
+ 
+@@ -491,6 +501,7 @@
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ {
+     int i, n;
++    int err = 1;
+     unsigned int b;
+     *outl = 0;
+ 
+@@ -496,11 +507,13 @@
+
+     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+         i = M_do_cipher(ctx, out, NULL, 0);
+-        if (i < 0)
+-            return 0;
+-        else
++        if (i < 0) {
++            err = 0;
++            goto cleanup;
++        } else
+             *outl = i;
+-        return 1;
++        err = 1;
++        goto cleanup;
+     }
+
+     b = ctx->cipher->block_size;
+@@ -508,10 +521,12 @@
+         if (ctx->buf_len) {
+             EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
+                    EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+-            return 0;
++            err = 0;
++            goto cleanup;
+         }
+         *outl = 0;
+-        return 1;
++        err = 1;
++        goto cleanup;
+     }
+     if (b > 1) {
+         if (ctx->buf_len || !ctx->final_used) {
+@@ -516,7 +531,8 @@
+     if (b > 1) {
+         if (ctx->buf_len || !ctx->final_used) {
+             EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+-            return (0);
++            err = 0;
++            goto cleanup;
+         }
+         OPENSSL_assert(b <= sizeof ctx->final);
+ 
+@@ -527,7 +543,8 @@
+         n = ctx->final[b - 1];
+         if (n == 0 || n > (int)b) {
+             EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+-            return (0);
++            err = 0;
++            goto cleanup;
+         }
+         for (i = 0; i < n; i++) {
+             if (ctx->final[--b] != n) {
+@@ -532,7 +549,8 @@
+         for (i = 0; i < n; i++) {
+             if (ctx->final[--b] != n) {
+                 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+-                return (0);
++                err = 0;
++                goto cleanup;
+             }
+         }
+         n = ctx->cipher->block_size - n;
+@@ -541,7 +559,12 @@
+         *outl = n;
+     } else
+         *outl = 0;
+-    return (1);
++    err = 1;
++cleanup:
++    if (ctx->cipher->cleanup) {
++        ctx->cipher->cleanup(ctx);
++    }
++    return err;
+ }
+ 
+ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
branch	s11u3-sru
changeset 7163	ee09edbd5876
parent 4006	c737cefdce54