# HG changeset patch # User Ronald Jordan # Date 1406051293 25200 # Node ID 6c32d6df504acebc9ca7fd60ee254746fb06e629 # Parent cb18d9a0f746e4453529d2bc658d1b3c62d46617 17283726 memory leak with EVP_CipherInit_ex diff -r cb18d9a0f746 -r 6c32d6df504a components/openssl/README --- a/components/openssl/README Thu Jul 17 07:28:40 2014 -0700 +++ b/components/openssl/README Tue Jul 22 10:48:13 2014 -0700 @@ -116,6 +116,10 @@ - implementation of atoi() - avoid using ssl_fill_hello_random() in s3_clnt.c +36_evp_leak.patch: +Solaris-specific fix for mem leak caused by EVP_EncryptFinal_ex() +and EVP_DecryptFinal_ex() not cleaning up properly. + openssl-t4-inline.sparc-patch SPARC-only patch. Add patch to support inline T4 instruction in OpenSSL upstream code until diff -r cb18d9a0f746 -r 6c32d6df504a components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch Tue Jul 22 10:48:13 2014 -0700 @@ -0,0 +1,146 @@ +Patch developed in-house. Solaris-specific; not suitable for upstream. + +--- openssl-1.0.1f/crypto/evp/evp_enc.c.orig Mon Feb 11 07:26:04 2013 ++++ openssl-1.0.1f/crypto/evp/evp_enc.c Mon Feb 3 16:40:48 2014 +@@ -393,10 +393,14 @@ + { + ret = M_do_cipher(ctx, out, NULL, 0); + if (ret < 0) +- return 0; ++ { ++ ret = 0; ++ goto cleanup; ++ } + else + *outl = ret; +- return 1; ++ ret = 1; ++ goto cleanup; + } + + b=ctx->cipher->block_size; +@@ -404,7 +408,8 @@ + if (b == 1) + { + *outl=0; +- return 1; ++ ret = 1; ++ goto cleanup; + } + bl=ctx->buf_len; + if (ctx->flags & EVP_CIPH_NO_PADDING) +@@ -412,10 +417,12 @@ + if(bl) + { + EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); +- return 0; ++ ret = 0; ++ goto cleanup; + } + *outl = 0; +- return 1; ++ ret = 1; ++ goto cleanup; + } + + n=b-bl; +@@ -427,6 +434,12 @@ + if(ret) + *outl=b; + ++cleanup: ++ if (ctx->cipher->cleanup) ++ { ++ ctx->cipher->cleanup(ctx); ++ } ++ + return ret; + } + +@@ -500,7 +513,7 @@ + + int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + { +- int i,n; ++ int i,n,ret = 1; + unsigned int b; + *outl=0; + +@@ -508,10 +521,14 @@ + { + i = M_do_cipher(ctx, out, NULL, 0); + if (i < 0) +- return 0; ++ { ++ ret = 0; ++ goto cleanup; ++ } + else + *outl = i; +- return 1; ++ ret = 1; ++ goto cleanup; + } + + b=ctx->cipher->block_size; +@@ -520,10 +537,12 @@ + if(ctx->buf_len) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); +- return 0; ++ ret = 0; ++ goto cleanup; + } + *outl = 0; +- return 1; ++ ret = 1; ++ goto cleanup; + } + if (b > 1) + { +@@ -530,7 +549,8 @@ + if (ctx->buf_len || !ctx->final_used) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH); +- return(0); ++ ret = 0; ++ goto cleanup; + } + OPENSSL_assert(b <= sizeof ctx->final); + n=ctx->final[b-1]; +@@ -537,7 +557,8 @@ + if (n == 0 || n > (int)b) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); +- return(0); ++ ret = 0; ++ goto cleanup; + } + for (i=0; ifinal[--b] != n) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); +- return(0); ++ ret = 0; ++ goto cleanup; + } + } + n=ctx->cipher->block_size-n; +@@ -554,7 +576,14 @@ + } + else + *outl=0; +- return(1); ++ ++cleanup: ++ if (ctx->cipher->cleanup) ++ { ++ ctx->cipher->cleanup(ctx); ++ } ++ ++ return ret; + } + + void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) diff -r cb18d9a0f746 -r 6c32d6df504a components/openssl/openssl-1.0.1/patches/36_evp_leak.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/36_evp_leak.patch Tue Jul 22 10:48:13 2014 -0700 @@ -0,0 +1,146 @@ +Patch developed in-house. Solaris-specific; not suitable for upstream. + +--- openssl-1.0.1f/crypto/evp/evp_enc.c.orig Mon Feb 11 07:26:04 2013 ++++ openssl-1.0.1f/crypto/evp/evp_enc.c Mon Feb 3 16:40:48 2014 +@@ -393,10 +393,14 @@ + { + ret = M_do_cipher(ctx, out, NULL, 0); + if (ret < 0) +- return 0; ++ { ++ ret = 0; ++ goto cleanup; ++ } + else + *outl = ret; +- return 1; ++ ret = 1; ++ goto cleanup; + } + + b=ctx->cipher->block_size; +@@ -404,7 +408,8 @@ + if (b == 1) + { + *outl=0; +- return 1; ++ ret = 1; ++ goto cleanup; + } + bl=ctx->buf_len; + if (ctx->flags & EVP_CIPH_NO_PADDING) +@@ -412,10 +417,12 @@ + if(bl) + { + EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); +- return 0; ++ ret = 0; ++ goto cleanup; + } + *outl = 0; +- return 1; ++ ret = 1; ++ goto cleanup; + } + + n=b-bl; +@@ -427,6 +434,12 @@ + if(ret) + *outl=b; + ++cleanup: ++ if (ctx->cipher->cleanup) ++ { ++ ctx->cipher->cleanup(ctx); ++ } ++ + return ret; + } + +@@ -500,7 +513,7 @@ + + int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + { +- int i,n; ++ int i,n,ret = 1; + unsigned int b; + *outl=0; + +@@ -508,10 +521,14 @@ + { + i = M_do_cipher(ctx, out, NULL, 0); + if (i < 0) +- return 0; ++ { ++ ret = 0; ++ goto cleanup; ++ } + else + *outl = i; +- return 1; ++ ret = 1; ++ goto cleanup; + } + + b=ctx->cipher->block_size; +@@ -520,10 +537,12 @@ + if(ctx->buf_len) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); +- return 0; ++ ret = 0; ++ goto cleanup; + } + *outl = 0; +- return 1; ++ ret = 1; ++ goto cleanup; + } + if (b > 1) + { +@@ -530,7 +549,8 @@ + if (ctx->buf_len || !ctx->final_used) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH); +- return(0); ++ ret = 0; ++ goto cleanup; + } + OPENSSL_assert(b <= sizeof ctx->final); + n=ctx->final[b-1]; +@@ -537,7 +557,8 @@ + if (n == 0 || n > (int)b) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); +- return(0); ++ ret = 0; ++ goto cleanup; + } + for (i=0; ifinal[--b] != n) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); +- return(0); ++ ret = 0; ++ goto cleanup; + } + } + n=ctx->cipher->block_size-n; +@@ -554,7 +576,14 @@ + } + else + *outl=0; +- return(1); ++ ++cleanup: ++ if (ctx->cipher->cleanup) ++ { ++ ctx->cipher->cleanup(ctx); ++ } ++ ++ return ret; + } + + void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)