16211866 problem in UTILITY/OPENSSL
16339858 Check DTLS_BAD_VER for version number
--- a/components/openssl/openssl-0.9.8-fips-140/Makefile Fri Apr 19 17:34:45 2013 -0700
+++ b/components/openssl/openssl-0.9.8-fips-140/Makefile Mon Apr 22 14:49:13 2013 -0700
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
PARFAIT_BUILD=no
@@ -29,13 +29,13 @@
COMPONENT_NAME = openssl
# Note that this is the OpenSSL version that is used to build FIPS-140 certified
# libraries. However, we use the FIPS canister version for the IPS package.
-COMPONENT_VERSION = 0.9.8q
+COMPONENT_VERSION = 0.9.8y
IPS_COMPONENT_VERSION = 1.2
COMPONENT_PROJECT_URL= http://www.openssl.org/
COMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:d522b3e8a2b48e83ba1e142d7205eaca01358a137bb58e8d64583574e697ffd7
+ sha256:bbecf13495e612936e3a9860c29c0701413564b7a964bf771a3575eaa867cee3
COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
# Apply the patch on SPARC only. Must put this before including prep.mk as
--- a/components/openssl/openssl-0.9.8-fips-140/patches/01-7009105.patch Fri Apr 19 17:34:45 2013 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-diff -ruN openssl-0.9.8q-old/crypto/opensslv.h openssl-0.9.8q/crypto/opensslv.h
---- openssl-0.9.8q-old/crypto/opensslv.h 2010-12-02 19:53:52.000000000 +0100
-+++ openssl-0.9.8q/crypto/opensslv.h 2010-12-27 14:08:42.112072026 +0100
-@@ -25,7 +25,7 @@
- * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
- * major minor fix final patch/beta)
- */
--#define OPENSSL_VERSION_NUMBER 0x0090811f
-+#define OPENSSL_VERSION_NUMBER 0x0090811fL
- #ifdef OPENSSL_FIPS
- #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8q-fips 2 Dec 2010"
- #else
--- a/components/openssl/openssl-1.0.0/Makefile Fri Apr 19 17:34:45 2013 -0700
+++ b/components/openssl/openssl-1.0.0/Makefile Mon Apr 22 14:49:13 2013 -0700
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
include ../../../make-rules/shared-macros.mk
@@ -28,15 +28,15 @@
# When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too.
# For more information about wanboot-openssl testing, please refer to
# ../README.
-COMPONENT_VERSION = 1.0.0j
+COMPONENT_VERSION = 1.0.0k
# Version for IPS. It is easier to do it manually than convert the letter to a
# number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.0.10
+IPS_COMPONENT_VERSION = 1.0.0.11
COMPONENT_PROJECT_URL= http://www.openssl.org/
COMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:626fb8fcb3eb7e966edbe71553ff993d137f6e8a87b05051a3695e621098b8af
+ sha256:2982b2e9697a857b336c5c1b1b7b463747e5c1d560f25f6ace95365791b1efd1
COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
# Architecture-specific patches
--- a/components/openssl/openssl-1.0.0/openssl-1.0.0.p5m Fri Apr 19 17:34:45 2013 -0700
+++ b/components/openssl/openssl-1.0.0/openssl-1.0.0.p5m Mon Apr 22 14:49:13 2013 -0700
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
#
<transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -505,7 +505,7 @@
file path=usr/share/man/man3openssl/SSL_get_psk_identity.3openssl
file path=usr/share/man/man3openssl/X509_STORE_CTX_get_error.3openssl
file path=usr/share/man/man3openssl/EVP_PKEY_print_private.3openssl
-file path=usr/share/man/man3openssl/EVP_PKEY_verifyrecover.3openssl
+file path=usr/share/man/man3openssl/EVP_PKEY_verify_recover.3openssl
file path=usr/share/man/man3openssl/CMS_get0_RecipientInfos.3openssl
file path=usr/share/man/man3openssl/CMS_get1_ReceiptRequest.3openssl
file path=usr/share/man/man3openssl/CMS_add1_recipient_cert.3openssl
@@ -1394,7 +1394,7 @@
link path=usr/share/man/man3openssl/EVP_PKEY_CTX_get_keygen_info.3openssl target=EVP_PKEY_keygen.3openssl
link path=usr/share/man/man3openssl/CMS_RecipientInfo_set0_pkey.3openssl target=CMS_get0_RecipientInfos.3openssl
link path=usr/share/man/man3openssl/EVP_PKEY_missing_parameters.3openssl target=EVP_PKEY_cmp.3openssl
-link path=usr/share/man/man3openssl/EVP_PKEY_verifyrecover_init.3openssl target=EVP_PKEY_verifyrecover.3openssl
+link path=usr/share/man/man3openssl/EVP_PKEY_verify_recover_init.3openssl target=EVP_PKEY_verify_recover.3openssl
link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set1_policies.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl
link path=usr/share/man/man3openssl/SSL_set_psk_client_callback.3openssl target=SSL_CTX_set_psk_client_callback.3openssl
link path=usr/share/man/man3openssl/SSL_set_psk_server_callback.3openssl target=SSL_CTX_use_psk_identity_hint.3openssl
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.0/patches/31_dtls_version-1.0.0.patch Mon Apr 22 14:49:13 2013 -0700
@@ -0,0 +1,12 @@
+--- openssl-1.0.0k/ssl/s3_cbc.c.orig 2013-02-05 03:58:46.000000000 -0800
++++ openssl-1.0.0k/ssl/s3_cbc.c 2013-02-27 17:25:37.618740089 -0800
+@@ -137,7 +137,8 @@
+ unsigned mac_size)
+ {
+ unsigned padding_length, good, to_check, i;
+- const char has_explicit_iv = s->version == DTLS1_VERSION;
++ const char has_explicit_iv =
++ (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER);
+ const unsigned overhead = 1 /* padding length byte */ +
+ mac_size +
+ (has_explicit_iv ? block_size : 0);