# HG changeset patch # User Jan Parcel # Date 1366251426 25200 # Node ID b6ffd60bade0baa850d9d202ecf572c4be8ae0d9 # Parent 9506d3f4099e13b2dfe72cfe46a1b7a6457eb2c6 16211866 problem in UTILITY/OPENSSL 16339858 Check DTLS_BAD_VER for version number diff -r 9506d3f4099e -r b6ffd60bade0 components/openssl/openssl-0.9.8-fips-140/Makefile --- a/components/openssl/openssl-0.9.8-fips-140/Makefile Tue Apr 16 13:29:16 2013 -0700 +++ b/components/openssl/openssl-0.9.8-fips-140/Makefile Wed Apr 17 19:17:06 2013 -0700 @@ -18,7 +18,7 @@ # # CDDL HEADER END # -# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. # PARFAIT_BUILD=no @@ -29,14 +29,14 @@ COMPONENT_NAME = openssl-fips-140 # Note that this is the OpenSSL version that is used to build FIPS-140 certified # libraries. However, we use the FIPS canister version for the IPS package. -COMPONENT_VERSION = 0.9.8q +COMPONENT_VERSION = 0.9.8y IPS_COMPONENT_VERSION = 1.2 COMPONENT_PROJECT_URL= http://www.openssl.org/ COMPONENT_SRC_NAME = openssl COMPONENT_SRC = $(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION) COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_HASH= \ - sha256:d522b3e8a2b48e83ba1e142d7205eaca01358a137bb58e8d64583574e697ffd7 + sha256:bbecf13495e612936e3a9860c29c0701413564b7a964bf771a3575eaa867cee3 COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE) COMPONENT_BUGDB= utility/openssl diff -r 9506d3f4099e -r b6ffd60bade0 components/openssl/openssl-0.9.8-fips-140/patches/01-7009105.patch --- a/components/openssl/openssl-0.9.8-fips-140/patches/01-7009105.patch Tue Apr 16 13:29:16 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ -diff -ruN openssl-0.9.8q-old/crypto/opensslv.h openssl-0.9.8q/crypto/opensslv.h ---- openssl-0.9.8q-old/crypto/opensslv.h 2010-12-02 19:53:52.000000000 +0100 -+++ openssl-0.9.8q/crypto/opensslv.h 2010-12-27 14:08:42.112072026 +0100 -@@ -25,7 +25,7 @@ - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for - * major minor fix final patch/beta) - */ --#define OPENSSL_VERSION_NUMBER 0x0090811f -+#define OPENSSL_VERSION_NUMBER 0x0090811fL - #ifdef OPENSSL_FIPS - #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8q-fips 2 Dec 2010" - #else diff -r 9506d3f4099e -r b6ffd60bade0 components/openssl/openssl-1.0.0/Makefile --- a/components/openssl/openssl-1.0.0/Makefile Tue Apr 16 13:29:16 2013 -0700 +++ b/components/openssl/openssl-1.0.0/Makefile Wed Apr 17 19:17:06 2013 -0700 @@ -18,7 +18,7 @@ # # CDDL HEADER END # -# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. # include ../../../make-rules/shared-macros.mk @@ -28,15 +28,15 @@ # When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too. # For more information about wanboot-openssl testing, please refer to # ../README. -COMPONENT_VERSION = 1.0.0j +COMPONENT_VERSION = 1.0.0k # Version for IPS. It is easier to do it manually than convert the letter to a # number while taking into account that there might be no letter at all. -IPS_COMPONENT_VERSION = 1.0.0.10 +IPS_COMPONENT_VERSION = 1.0.0.11 COMPONENT_PROJECT_URL= http://www.openssl.org/ COMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION) COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_HASH= \ - sha256:626fb8fcb3eb7e966edbe71553ff993d137f6e8a87b05051a3695e621098b8af + sha256:2982b2e9697a857b336c5c1b1b7b463747e5c1d560f25f6ace95365791b1efd1 COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE) COMPONENT_BUGDB= utility/openssl diff -r 9506d3f4099e -r b6ffd60bade0 components/openssl/openssl-1.0.0/openssl-1.0.0.p5m --- a/components/openssl/openssl-1.0.0/openssl-1.0.0.p5m Tue Apr 16 13:29:16 2013 -0700 +++ b/components/openssl/openssl-1.0.0/openssl-1.0.0.p5m Wed Apr 17 19:17:06 2013 -0700 @@ -506,7 +506,7 @@ file path=usr/share/man/man3openssl/SSL_get_psk_identity.3openssl file path=usr/share/man/man3openssl/X509_STORE_CTX_get_error.3openssl file path=usr/share/man/man3openssl/EVP_PKEY_print_private.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_verifyrecover.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_verify_recover.3openssl file path=usr/share/man/man3openssl/CMS_get0_RecipientInfos.3openssl file path=usr/share/man/man3openssl/CMS_get1_ReceiptRequest.3openssl file path=usr/share/man/man3openssl/CMS_add1_recipient_cert.3openssl @@ -1395,7 +1395,7 @@ link path=usr/share/man/man3openssl/EVP_PKEY_CTX_get_keygen_info.3openssl target=EVP_PKEY_keygen.3openssl link path=usr/share/man/man3openssl/CMS_RecipientInfo_set0_pkey.3openssl target=CMS_get0_RecipientInfos.3openssl link path=usr/share/man/man3openssl/EVP_PKEY_missing_parameters.3openssl target=EVP_PKEY_cmp.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_verifyrecover_init.3openssl target=EVP_PKEY_verifyrecover.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_verify_recover_init.3openssl target=EVP_PKEY_verify_recover.3openssl link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set1_policies.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl link path=usr/share/man/man3openssl/SSL_set_psk_client_callback.3openssl target=SSL_CTX_set_psk_client_callback.3openssl link path=usr/share/man/man3openssl/SSL_set_psk_server_callback.3openssl target=SSL_CTX_use_psk_identity_hint.3openssl diff -r 9506d3f4099e -r b6ffd60bade0 components/openssl/openssl-1.0.0/patches/31_dtls_version-1.0.0.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.0/patches/31_dtls_version-1.0.0.patch Wed Apr 17 19:17:06 2013 -0700 @@ -0,0 +1,12 @@ +--- openssl-1.0.0k/ssl/s3_cbc.c.orig 2013-02-05 03:58:46.000000000 -0800 ++++ openssl-1.0.0k/ssl/s3_cbc.c 2013-02-27 17:25:37.618740089 -0800 +@@ -137,7 +137,8 @@ + unsigned mac_size) + { + unsigned padding_length, good, to_check, i; +- const char has_explicit_iv = s->version == DTLS1_VERSION; ++ const char has_explicit_iv = ++ (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER); + const unsigned overhead = 1 /* padding length byte */ + + mac_size + + (has_explicit_iv ? block_size : 0);