16211866 problem in UTILITY/OPENSSL s11u1-sru 0.175.1.7.0.4.0 S11.1SRU7.4
authorJan Parcel <Jan.Parcel@oracle.com>
Mon, 22 Apr 2013 14:49:13 -0700
branchs11u1-sru
changeset 2579 626cbb1c0b2a
parent 2577 cdb3354f37f6
child 2583 c6f6cd2a7c87
16211866 problem in UTILITY/OPENSSL 16339858 Check DTLS_BAD_VER for version number
components/openssl/openssl-0.9.8-fips-140/Makefile
components/openssl/openssl-0.9.8-fips-140/patches/01-7009105.patch
components/openssl/openssl-1.0.0/Makefile
components/openssl/openssl-1.0.0/openssl-1.0.0.p5m
components/openssl/openssl-1.0.0/patches/31_dtls_version-1.0.0.patch
--- a/components/openssl/openssl-0.9.8-fips-140/Makefile	Fri Apr 19 17:34:45 2013 -0700
+++ b/components/openssl/openssl-0.9.8-fips-140/Makefile	Mon Apr 22 14:49:13 2013 -0700
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
 #
 PARFAIT_BUILD=no
 
@@ -29,13 +29,13 @@
 COMPONENT_NAME =	openssl
 # Note that this is the OpenSSL version that is used to build FIPS-140 certified
 # libraries. However, we use the FIPS canister version for the IPS package.
-COMPONENT_VERSION =	0.9.8q
+COMPONENT_VERSION =	0.9.8y
 IPS_COMPONENT_VERSION = 1.2
 COMPONENT_PROJECT_URL=	http://www.openssl.org/
 COMPONENT_SRC =		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:d522b3e8a2b48e83ba1e142d7205eaca01358a137bb58e8d64583574e697ffd7
+    sha256:bbecf13495e612936e3a9860c29c0701413564b7a964bf771a3575eaa867cee3
 COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 
 # Apply the patch on SPARC only. Must put this before including prep.mk as
--- a/components/openssl/openssl-0.9.8-fips-140/patches/01-7009105.patch	Fri Apr 19 17:34:45 2013 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-diff -ruN openssl-0.9.8q-old/crypto/opensslv.h openssl-0.9.8q/crypto/opensslv.h
---- openssl-0.9.8q-old/crypto/opensslv.h	2010-12-02 19:53:52.000000000 +0100
-+++ openssl-0.9.8q/crypto/opensslv.h	2010-12-27 14:08:42.112072026 +0100
[email protected]@ -25,7 +25,7 @@
-  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
-  *  major minor fix final patch/beta)
-  */
--#define OPENSSL_VERSION_NUMBER	0x0090811f
-+#define OPENSSL_VERSION_NUMBER	0x0090811fL
- #ifdef OPENSSL_FIPS
- #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8q-fips 2 Dec 2010"
- #else
--- a/components/openssl/openssl-1.0.0/Makefile	Fri Apr 19 17:34:45 2013 -0700
+++ b/components/openssl/openssl-1.0.0/Makefile	Mon Apr 22 14:49:13 2013 -0700
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
 #
 include ../../../make-rules/shared-macros.mk
 
@@ -28,15 +28,15 @@
 # When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too. 
 # For more information about wanboot-openssl testing, please refer to
 # ../README.
-COMPONENT_VERSION =	1.0.0j
+COMPONENT_VERSION =	1.0.0k
 # Version for IPS. It is easier to do it manually than convert the letter to a
 # number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.0.10
+IPS_COMPONENT_VERSION = 1.0.0.11
 COMPONENT_PROJECT_URL=	http://www.openssl.org/
 COMPONENT_SRC =		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:626fb8fcb3eb7e966edbe71553ff993d137f6e8a87b05051a3695e621098b8af
+    sha256:2982b2e9697a857b336c5c1b1b7b463747e5c1d560f25f6ace95365791b1efd1
 COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 
 # Architecture-specific patches
--- a/components/openssl/openssl-1.0.0/openssl-1.0.0.p5m	Fri Apr 19 17:34:45 2013 -0700
+++ b/components/openssl/openssl-1.0.0/openssl-1.0.0.p5m	Mon Apr 22 14:49:13 2013 -0700
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
 #
 
 <transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -505,7 +505,7 @@
 file path=usr/share/man/man3openssl/SSL_get_psk_identity.3openssl
 file path=usr/share/man/man3openssl/X509_STORE_CTX_get_error.3openssl
 file path=usr/share/man/man3openssl/EVP_PKEY_print_private.3openssl
-file path=usr/share/man/man3openssl/EVP_PKEY_verifyrecover.3openssl
+file path=usr/share/man/man3openssl/EVP_PKEY_verify_recover.3openssl
 file path=usr/share/man/man3openssl/CMS_get0_RecipientInfos.3openssl
 file path=usr/share/man/man3openssl/CMS_get1_ReceiptRequest.3openssl
 file path=usr/share/man/man3openssl/CMS_add1_recipient_cert.3openssl
@@ -1394,7 +1394,7 @@
 link path=usr/share/man/man3openssl/EVP_PKEY_CTX_get_keygen_info.3openssl target=EVP_PKEY_keygen.3openssl
 link path=usr/share/man/man3openssl/CMS_RecipientInfo_set0_pkey.3openssl target=CMS_get0_RecipientInfos.3openssl
 link path=usr/share/man/man3openssl/EVP_PKEY_missing_parameters.3openssl target=EVP_PKEY_cmp.3openssl
-link path=usr/share/man/man3openssl/EVP_PKEY_verifyrecover_init.3openssl target=EVP_PKEY_verifyrecover.3openssl
+link path=usr/share/man/man3openssl/EVP_PKEY_verify_recover_init.3openssl target=EVP_PKEY_verify_recover.3openssl
 link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set1_policies.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl
 link path=usr/share/man/man3openssl/SSL_set_psk_client_callback.3openssl target=SSL_CTX_set_psk_client_callback.3openssl
 link path=usr/share/man/man3openssl/SSL_set_psk_server_callback.3openssl target=SSL_CTX_use_psk_identity_hint.3openssl
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.0/patches/31_dtls_version-1.0.0.patch	Mon Apr 22 14:49:13 2013 -0700
@@ -0,0 +1,12 @@
+--- openssl-1.0.0k/ssl/s3_cbc.c.orig	2013-02-05 03:58:46.000000000 -0800
++++ openssl-1.0.0k/ssl/s3_cbc.c	2013-02-27 17:25:37.618740089 -0800
[email protected]@ -137,7 +137,8 @@
+ 			    unsigned mac_size)
+ 	{
+ 	unsigned padding_length, good, to_check, i;
+-	const char has_explicit_iv = s->version == DTLS1_VERSION;
++	const char has_explicit_iv =
++	    (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER);
+ 	const unsigned overhead = 1 /* padding length byte */ +
+ 				  mac_size +
+ 				  (has_explicit_iv ? block_size : 0);