19385782 Upgrade OpenSSL version to 1.0.1i
19385643 problem in LIBRARY/OPENSSL
19385653 problem in LIBRARY/OPENSSL
19385660 problem in LIBRARY/OPENSSL
19385675 problem in LIBRARY/OPENSSL
19385678 problem in LIBRARY/OPENSSL
19385688 problem in LIBRARY/OPENSSL
19385699 problem in LIBRARY/OPENSSL
19385708 problem in LIBRARY/OPENSSL
19385718 problem in LIBRARY/OPENSSL
--- a/components/openssl/README Mon Aug 11 02:04:37 2014 -0700
+++ b/components/openssl/README Mon Aug 11 08:52:35 2014 -0700
@@ -131,9 +131,6 @@
For instructions in sparcv9cap.c, remove if not supported on any platforms.
Otherwise modify them to call getisax() to check for HW capability instead.
-39_parfait_fixes.patch
-Fixes errors found by parfait in openssl.
-
The fips Build
---
--- a/components/openssl/openssl-1.0.1-fips-140/Makefile Mon Aug 11 02:04:37 2014 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/Makefile Mon Aug 11 08:52:35 2014 -0700
@@ -29,18 +29,18 @@
COMPONENT_NAME = openssl-fips-140
# Note that this is the OpenSSL version that is used to build FIPS-140 certified
# libraries. However, we use the FIPS canister version for the IPS package.
-COMPONENT_VERSION = 1.0.1h
+COMPONENT_VERSION = 1.0.1i
IPS_COMPONENT_VERSION = 2.0.6
COMPONENT_PROJECT_URL= http://www.openssl.org/
COMPONENT_SRC_NAME = openssl
COMPONENT_SRC = $(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093
+ sha256:3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7
COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= library/openssl
-TPNO= 17979
+TPNO= 18553
# OpenSSL FIPS directory
OPENSSL_FIPS_DIR = $(COMPONENT_DIR)/../openssl-fips
--- a/components/openssl/openssl-1.0.1-fips-140/patches/39_parfait_fixes.patch Mon Aug 11 02:04:37 2014 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,66 +0,0 @@
-# This patch was developed in-house
-# Patch submitted to upstream
---- openssl-1.0.1h/crypto/ocsp/ocsp_ht.c.~1~ Tue Jun 10 12:56:08 2014
-+++ openssl-1.0.1h/crypto/ocsp/ocsp_ht.c Tue Jun 10 12:55:30 2014
-@@ -158,8 +158,15 @@
-
- OCSP_REQ_CTX *rctx;
- rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
-+ if (!rctx)
-+ return 0;
- rctx->state = OHS_ERROR;
- rctx->mem = BIO_new(BIO_s_mem());
-+ if (!rctx->mem)
-+ {
-+ OCSP_REQ_CTX_free(rctx);
-+ return 0;
-+ }
- rctx->io = io;
- rctx->asn1_len = 0;
- if (maxline > 0)
-@@ -168,15 +175,24 @@
- rctx->iobuflen = OCSP_MAX_LINE_LEN;
- rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
- if (!rctx->iobuf)
-+ {
-+ OCSP_REQ_CTX_free(rctx);
- return 0;
-+ }
- if (!path)
- path = "/";
-
- if (BIO_printf(rctx->mem, post_hdr, path) <= 0)
-+ {
-+ OCSP_REQ_CTX_free(rctx);
- return 0;
-+ }
-
- if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
-+ {
-+ OCSP_REQ_CTX_free(rctx);
- return 0;
-+ }
-
- return rctx;
- }
-@@ -490,6 +506,9 @@
-
- ctx = OCSP_sendreq_new(b, path, req, -1);
-
-+ if (!ctx)
-+ return NULL;
-+
- do
- {
- rv = OCSP_sendreq_nbio(&resp, ctx);
---- openssl-1.0.1h/ssl/d1_both.c.~1~ Tue Jun 3 14:16:25 2014
-+++ openssl-1.0.1h/ssl/d1_both.c Tue Jun 3 14:17:26 2014
-@@ -1172,6 +1172,8 @@
-
- frag = dtls1_hm_fragment_new(s->init_num, 0);
-
-+ if (!frag)
-+ return 0;
- memcpy(frag->fragment, s->init_buf->data, s->init_num);
-
- if ( is_ccs)
--- a/components/openssl/openssl-1.0.1/Makefile Mon Aug 11 02:04:37 2014 -0700
+++ b/components/openssl/openssl-1.0.1/Makefile Mon Aug 11 08:52:35 2014 -0700
@@ -28,19 +28,19 @@
# When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too.
# For more information about wanboot-openssl testing, please refer to
# ../README.
-COMPONENT_VERSION = 1.0.1h
+COMPONENT_VERSION = 1.0.1i
# Version for IPS. It is easier to do it manually than convert the letter to a
# number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.1.8
+IPS_COMPONENT_VERSION = 1.0.1.9
COMPONENT_PROJECT_URL= http://www.openssl.org/
COMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093
+ sha256:3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7
COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= library/openssl
-TPNO= 17979
+TPNO= 18553
include $(WS_TOP)/make-rules/prep.mk
include $(WS_TOP)/make-rules/configure.mk
@@ -333,6 +333,8 @@
ssl/ssl_err2.o ssl/ssl_lib.o ssl/ssl_rsa.o ssl/ssl_sess.o ssl/t1_enc.o \
ssl/t1_lib.o ssl/t1_reneg.o ssl/d1_srtp.o ssl/s3_cbc.o ssl/t1_clnt.o
+
+
# Linking of openssl bits for wanboot.
# Interface for wanboot is specified in mapfile.wanboot. Object files are
# compiled to have functions in separate sections, unused sections get
--- a/components/openssl/openssl-1.0.1/patches/30_wanboot.patch Mon Aug 11 02:04:37 2014 -0700
+++ b/components/openssl/openssl-1.0.1/patches/30_wanboot.patch Mon Aug 11 08:52:35 2014 -0700
@@ -237,6 +237,20 @@
#include <errno.h>
#include <stdio.h>
+@@ -179,6 +181,7 @@
+ return(ret);
+ }
+
++#ifndef _BOOT
+ int RAND_write_file(const char *file)
+ {
+ unsigned char buf[BUFSIZE];
+@@ -327,3 +330,5 @@
+ #endif
+ return(buf);
+ }
++
++#endif /* _BOOT */
--- openssl-1.0.0e/crypto/x509v3/v3_utl.c 2009-07-27 14:08:53.000000000 -0700
+++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c 2011-12-13 05:10:08.844191400 -0800
@@ -659,9 +659,52 @@
--- a/components/openssl/openssl-1.0.1/patches/39_parfait_fixes.patch Mon Aug 11 02:04:37 2014 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,66 +0,0 @@
-# This patch was developed in-house
-# Patch submitted to upstream
---- openssl-1.0.1h/crypto/ocsp/ocsp_ht.c.~1~ Tue Jun 10 12:56:08 2014
-+++ openssl-1.0.1h/crypto/ocsp/ocsp_ht.c Tue Jun 10 12:55:30 2014
-@@ -158,8 +158,15 @@
-
- OCSP_REQ_CTX *rctx;
- rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
-+ if (!rctx)
-+ return 0;
- rctx->state = OHS_ERROR;
- rctx->mem = BIO_new(BIO_s_mem());
-+ if (!rctx->mem)
-+ {
-+ OCSP_REQ_CTX_free(rctx);
-+ return 0;
-+ }
- rctx->io = io;
- rctx->asn1_len = 0;
- if (maxline > 0)
-@@ -168,15 +175,24 @@
- rctx->iobuflen = OCSP_MAX_LINE_LEN;
- rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
- if (!rctx->iobuf)
-+ {
-+ OCSP_REQ_CTX_free(rctx);
- return 0;
-+ }
- if (!path)
- path = "/";
-
- if (BIO_printf(rctx->mem, post_hdr, path) <= 0)
-+ {
-+ OCSP_REQ_CTX_free(rctx);
- return 0;
-+ }
-
- if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
-+ {
-+ OCSP_REQ_CTX_free(rctx);
- return 0;
-+ }
-
- return rctx;
- }
-@@ -490,6 +506,9 @@
-
- ctx = OCSP_sendreq_new(b, path, req, -1);
-
-+ if (!ctx)
-+ return NULL;
-+
- do
- {
- rv = OCSP_sendreq_nbio(&resp, ctx);
---- openssl-1.0.1h/ssl/d1_both.c.~1~ Thu May 29 13:07:00 2014
-+++ openssl-1.0.1h/ssl/d1_both.c Thu May 29 13:07:45 2014
-@@ -1172,6 +1172,8 @@
-
- frag = dtls1_hm_fragment_new(s->init_num, 0);
-
-+ if (!frag)
-+ return 0;
- memcpy(frag->fragment, s->init_buf->data, s->init_num);
-
- if ( is_ccs)