19385782 Upgrade OpenSSL version to 1.0.1i
authorMisaki Miyashita <Misaki.Miyashita@Oracle.COM>
Mon, 11 Aug 2014 08:52:35 -0700
changeset 2041 3426b4846b15
parent 2040 262b5d64cdc5
child 2042 71cdec2c8af1
19385782 Upgrade OpenSSL version to 1.0.1i 19385643 problem in LIBRARY/OPENSSL 19385653 problem in LIBRARY/OPENSSL 19385660 problem in LIBRARY/OPENSSL 19385675 problem in LIBRARY/OPENSSL 19385678 problem in LIBRARY/OPENSSL 19385688 problem in LIBRARY/OPENSSL 19385699 problem in LIBRARY/OPENSSL 19385708 problem in LIBRARY/OPENSSL 19385718 problem in LIBRARY/OPENSSL
components/openssl/README
components/openssl/openssl-1.0.1-fips-140/Makefile
components/openssl/openssl-1.0.1-fips-140/patches/39_parfait_fixes.patch
components/openssl/openssl-1.0.1/Makefile
components/openssl/openssl-1.0.1/patches/30_wanboot.patch
components/openssl/openssl-1.0.1/patches/39_parfait_fixes.patch
--- a/components/openssl/README	Mon Aug 11 02:04:37 2014 -0700
+++ b/components/openssl/README	Mon Aug 11 08:52:35 2014 -0700
@@ -131,9 +131,6 @@
 For instructions in sparcv9cap.c, remove if not supported on any platforms.
 Otherwise modify them to call getisax() to check for HW capability instead. 
 
-39_parfait_fixes.patch
-Fixes errors found by parfait in openssl.
-
 The fips Build
 ---
 
--- a/components/openssl/openssl-1.0.1-fips-140/Makefile	Mon Aug 11 02:04:37 2014 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/Makefile	Mon Aug 11 08:52:35 2014 -0700
@@ -29,18 +29,18 @@
 COMPONENT_NAME =	openssl-fips-140
 # Note that this is the OpenSSL version that is used to build FIPS-140 certified
 # libraries. However, we use the FIPS canister version for the IPS package.
-COMPONENT_VERSION =	1.0.1h
+COMPONENT_VERSION =	1.0.1i
 IPS_COMPONENT_VERSION = 2.0.6
 COMPONENT_PROJECT_URL=	http://www.openssl.org/
 COMPONENT_SRC_NAME =	openssl
 COMPONENT_SRC =		$(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093
+    sha256:3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7
 COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	library/openssl
 
-TPNO=			17979
+TPNO=			18553
 
 # OpenSSL FIPS directory
 OPENSSL_FIPS_DIR = $(COMPONENT_DIR)/../openssl-fips
--- a/components/openssl/openssl-1.0.1-fips-140/patches/39_parfait_fixes.patch	Mon Aug 11 02:04:37 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,66 +0,0 @@
-# This patch was developed in-house
-# Patch submitted to upstream 
---- openssl-1.0.1h/crypto/ocsp/ocsp_ht.c.~1~	Tue Jun 10 12:56:08 2014
-+++ openssl-1.0.1h/crypto/ocsp/ocsp_ht.c	Tue Jun 10 12:55:30 2014
[email protected]@ -158,8 +158,15 @@
- 
- 	OCSP_REQ_CTX *rctx;
- 	rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
-+	if (!rctx)
-+		return 0;
- 	rctx->state = OHS_ERROR;
- 	rctx->mem = BIO_new(BIO_s_mem());
-+	if (!rctx->mem)
-+		{
-+		OCSP_REQ_CTX_free(rctx);
-+		return 0;
-+		}
- 	rctx->io = io;
- 	rctx->asn1_len = 0;
- 	if (maxline > 0)
[email protected]@ -168,15 +175,24 @@
- 		rctx->iobuflen = OCSP_MAX_LINE_LEN;
- 	rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
- 	if (!rctx->iobuf)
-+		{
-+		OCSP_REQ_CTX_free(rctx);
- 		return 0;
-+		}
- 	if (!path)
- 		path = "/";
- 
-         if (BIO_printf(rctx->mem, post_hdr, path) <= 0)
-+		{
-+		OCSP_REQ_CTX_free(rctx);
- 		return 0;
-+		}
- 
- 	if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
-+		{
-+		OCSP_REQ_CTX_free(rctx);
- 		return 0;
-+		}
- 
- 	return rctx;
- 	}
[email protected]@ -490,6 +506,9 @@
- 
- 	ctx = OCSP_sendreq_new(b, path, req, -1);
- 
-+	if (!ctx)
-+		return NULL;
-+
- 	do
- 		{
- 		rv = OCSP_sendreq_nbio(&resp, ctx);
---- openssl-1.0.1h/ssl/d1_both.c.~1~	Tue Jun  3 14:16:25 2014
-+++ openssl-1.0.1h/ssl/d1_both.c	Tue Jun  3 14:17:26 2014
[email protected]@ -1172,6 +1172,8 @@
- 
- 	frag = dtls1_hm_fragment_new(s->init_num, 0);
- 
-+	if (!frag)
-+		return 0;
- 	memcpy(frag->fragment, s->init_buf->data, s->init_num);
- 
- 	if ( is_ccs)
--- a/components/openssl/openssl-1.0.1/Makefile	Mon Aug 11 02:04:37 2014 -0700
+++ b/components/openssl/openssl-1.0.1/Makefile	Mon Aug 11 08:52:35 2014 -0700
@@ -28,19 +28,19 @@
 # When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too. 
 # For more information about wanboot-openssl testing, please refer to
 # ../README.
-COMPONENT_VERSION =	1.0.1h
+COMPONENT_VERSION =	1.0.1i
 # Version for IPS. It is easier to do it manually than convert the letter to a
 # number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.1.8
+IPS_COMPONENT_VERSION = 1.0.1.9
 COMPONENT_PROJECT_URL=	http://www.openssl.org/
 COMPONENT_SRC =		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093
+    sha256:3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7
 COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	library/openssl
 
-TPNO=			17979
+TPNO=			18553
 
 include $(WS_TOP)/make-rules/prep.mk
 include $(WS_TOP)/make-rules/configure.mk
@@ -333,6 +333,8 @@
     ssl/ssl_err2.o ssl/ssl_lib.o ssl/ssl_rsa.o ssl/ssl_sess.o ssl/t1_enc.o \
     ssl/t1_lib.o ssl/t1_reneg.o ssl/d1_srtp.o ssl/s3_cbc.o ssl/t1_clnt.o
 
+
+
 # Linking of openssl bits for wanboot.
 # Interface for wanboot is specified in mapfile.wanboot. Object files are
 # compiled to have functions in separate sections, unused sections get
--- a/components/openssl/openssl-1.0.1/patches/30_wanboot.patch	Mon Aug 11 02:04:37 2014 -0700
+++ b/components/openssl/openssl-1.0.1/patches/30_wanboot.patch	Mon Aug 11 08:52:35 2014 -0700
@@ -237,6 +237,20 @@
  
  #include <errno.h>
  #include <stdio.h>
[email protected]@ -179,6 +181,7 @@
+ 	return(ret);
+ 	}
+ 
++#ifndef	_BOOT
+ int RAND_write_file(const char *file)
+ 	{
+ 	unsigned char buf[BUFSIZE];
[email protected]@ -327,3 +330,5 @@
+ #endif
+ 	return(buf);
+ 	}
++
++#endif /* _BOOT */
 --- openssl-1.0.0e/crypto/x509v3/v3_utl.c	2009-07-27 14:08:53.000000000 -0700
 +++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c	2011-12-13 05:10:08.844191400 -0800
 @@ -659,9 +659,52 @@
--- a/components/openssl/openssl-1.0.1/patches/39_parfait_fixes.patch	Mon Aug 11 02:04:37 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,66 +0,0 @@
-# This patch was developed in-house
-# Patch submitted to upstream 
---- openssl-1.0.1h/crypto/ocsp/ocsp_ht.c.~1~	Tue Jun 10 12:56:08 2014
-+++ openssl-1.0.1h/crypto/ocsp/ocsp_ht.c	Tue Jun 10 12:55:30 2014
[email protected]@ -158,8 +158,15 @@
- 
- 	OCSP_REQ_CTX *rctx;
- 	rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
-+	if (!rctx)
-+		return 0;
- 	rctx->state = OHS_ERROR;
- 	rctx->mem = BIO_new(BIO_s_mem());
-+	if (!rctx->mem)
-+		{
-+		OCSP_REQ_CTX_free(rctx);
-+		return 0;
-+		}
- 	rctx->io = io;
- 	rctx->asn1_len = 0;
- 	if (maxline > 0)
[email protected]@ -168,15 +175,24 @@
- 		rctx->iobuflen = OCSP_MAX_LINE_LEN;
- 	rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
- 	if (!rctx->iobuf)
-+		{
-+		OCSP_REQ_CTX_free(rctx);
- 		return 0;
-+		}
- 	if (!path)
- 		path = "/";
- 
-         if (BIO_printf(rctx->mem, post_hdr, path) <= 0)
-+		{
-+		OCSP_REQ_CTX_free(rctx);
- 		return 0;
-+		}
- 
- 	if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
-+		{
-+		OCSP_REQ_CTX_free(rctx);
- 		return 0;
-+		}
- 
- 	return rctx;
- 	}
[email protected]@ -490,6 +506,9 @@
- 
- 	ctx = OCSP_sendreq_new(b, path, req, -1);
- 
-+	if (!ctx)
-+		return NULL;
-+
- 	do
- 		{
- 		rv = OCSP_sendreq_nbio(&resp, ctx);
---- openssl-1.0.1h/ssl/d1_both.c.~1~	Thu May 29 13:07:00 2014
-+++ openssl-1.0.1h/ssl/d1_both.c	Thu May 29 13:07:45 2014
[email protected]@ -1172,6 +1172,8 @@
- 
- 	frag = dtls1_hm_fragment_new(s->init_num, 0);
- 
-+	if (!frag)
-+		return 0;
- 	memcpy(frag->fragment, s->init_buf->data, s->init_num);
- 
- 	if ( is_ccs)