# HG changeset patch # User jenny.yung@oracle.com # Date 1403286106 25200 # Node ID baa0bfe12186882149708d442afd9f10251c4840 # Parent 5989631794851dfc1fadaed5684a7a06bb887e2b 18811227 parfait errors in openssl needs to be fixed diff -r 598963179485 -r baa0bfe12186 components/openssl/README --- a/components/openssl/README Fri Jun 20 09:46:39 2014 -0700 +++ b/components/openssl/README Fri Jun 20 10:41:46 2014 -0700 @@ -131,6 +131,9 @@ For instructions in sparcv9cap.c, remove if not supported on any platforms. Otherwise modify them to call getisax() to check for HW capability instead. +39_parfait_fixes.patch +Fixes errors found by parfait in openssl. + The fips Build --- diff -r 598963179485 -r baa0bfe12186 components/openssl/openssl-1.0.1-fips-140/openssl-1.0.1-fips-140.p5m --- a/components/openssl/openssl-1.0.1-fips-140/openssl-1.0.1-fips-140.p5m Fri Jun 20 09:46:39 2014 -0700 +++ b/components/openssl/openssl-1.0.1-fips-140/openssl-1.0.1-fips-140.p5m Fri Jun 20 10:41:46 2014 -0700 @@ -27,6 +27,8 @@ # change of action type. It should be removed once non-FIPS version becomes # available in the reference repository set name=pkg.linted.pkglint.dupaction010.1 value=true +set name=pkg.linted.pkglint.dupaction001.1 value=true +set name=pkg.linted.pkglint.dupaction010.2 value=true set name=pkg.fmri \ value=pkg:/library/security/openssl/openssl-fips-140@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION) diff -r 598963179485 -r baa0bfe12186 components/openssl/openssl-1.0.1-fips-140/patches/39_parfait_fixes.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1-fips-140/patches/39_parfait_fixes.patch Fri Jun 20 10:41:46 2014 -0700 @@ -0,0 +1,66 @@ +# This patch was developed in-house +# Patch submitted to upstream +--- openssl-1.0.1h/crypto/ocsp/ocsp_ht.c.~1~ Tue Jun 10 12:56:08 2014 ++++ openssl-1.0.1h/crypto/ocsp/ocsp_ht.c Tue Jun 10 12:55:30 2014 +@@ -158,8 +158,15 @@ + + OCSP_REQ_CTX *rctx; + rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); ++ if (!rctx) ++ return 0; + rctx->state = OHS_ERROR; + rctx->mem = BIO_new(BIO_s_mem()); ++ if (!rctx->mem) ++ { ++ OCSP_REQ_CTX_free(rctx); ++ return 0; ++ } + rctx->io = io; + rctx->asn1_len = 0; + if (maxline > 0) +@@ -168,15 +175,24 @@ + rctx->iobuflen = OCSP_MAX_LINE_LEN; + rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); + if (!rctx->iobuf) ++ { ++ OCSP_REQ_CTX_free(rctx); + return 0; ++ } + if (!path) + path = "/"; + + if (BIO_printf(rctx->mem, post_hdr, path) <= 0) ++ { ++ OCSP_REQ_CTX_free(rctx); + return 0; ++ } + + if (req && !OCSP_REQ_CTX_set1_req(rctx, req)) ++ { ++ OCSP_REQ_CTX_free(rctx); + return 0; ++ } + + return rctx; + } +@@ -490,6 +506,9 @@ + + ctx = OCSP_sendreq_new(b, path, req, -1); + ++ if (!ctx) ++ return NULL; ++ + do + { + rv = OCSP_sendreq_nbio(&resp, ctx); +--- openssl-1.0.1h/ssl/d1_both.c.~1~ Tue Jun 3 14:16:25 2014 ++++ openssl-1.0.1h/ssl/d1_both.c Tue Jun 3 14:17:26 2014 +@@ -1172,6 +1172,8 @@ + + frag = dtls1_hm_fragment_new(s->init_num, 0); + ++ if (!frag) ++ return 0; + memcpy(frag->fragment, s->init_buf->data, s->init_num); + + if ( is_ccs) diff -r 598963179485 -r baa0bfe12186 components/openssl/openssl-1.0.1/patches/39_parfait_fixes.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/39_parfait_fixes.patch Fri Jun 20 10:41:46 2014 -0700 @@ -0,0 +1,66 @@ +# This patch was developed in-house +# Patch submitted to upstream +--- openssl-1.0.1h/crypto/ocsp/ocsp_ht.c.~1~ Tue Jun 10 12:56:08 2014 ++++ openssl-1.0.1h/crypto/ocsp/ocsp_ht.c Tue Jun 10 12:55:30 2014 +@@ -158,8 +158,15 @@ + + OCSP_REQ_CTX *rctx; + rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); ++ if (!rctx) ++ return 0; + rctx->state = OHS_ERROR; + rctx->mem = BIO_new(BIO_s_mem()); ++ if (!rctx->mem) ++ { ++ OCSP_REQ_CTX_free(rctx); ++ return 0; ++ } + rctx->io = io; + rctx->asn1_len = 0; + if (maxline > 0) +@@ -168,15 +175,24 @@ + rctx->iobuflen = OCSP_MAX_LINE_LEN; + rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); + if (!rctx->iobuf) ++ { ++ OCSP_REQ_CTX_free(rctx); + return 0; ++ } + if (!path) + path = "/"; + + if (BIO_printf(rctx->mem, post_hdr, path) <= 0) ++ { ++ OCSP_REQ_CTX_free(rctx); + return 0; ++ } + + if (req && !OCSP_REQ_CTX_set1_req(rctx, req)) ++ { ++ OCSP_REQ_CTX_free(rctx); + return 0; ++ } + + return rctx; + } +@@ -490,6 +506,9 @@ + + ctx = OCSP_sendreq_new(b, path, req, -1); + ++ if (!ctx) ++ return NULL; ++ + do + { + rv = OCSP_sendreq_nbio(&resp, ctx); +--- openssl-1.0.1h/ssl/d1_both.c.~1~ Thu May 29 13:07:00 2014 ++++ openssl-1.0.1h/ssl/d1_both.c Thu May 29 13:07:45 2014 +@@ -1172,6 +1172,8 @@ + + frag = dtls1_hm_fragment_new(s->init_num, 0); + ++ if (!frag) ++ return 0; + memcpy(frag->fragment, s->init_buf->data, s->init_num); + + if ( is_ccs)