16211866 problem in UTILITY/OPENSSL s11-update
authorJan Parcel <Jan.Parcel@oracle.com>
Wed, 17 Apr 2013 19:17:06 -0700
branchs11-update
changeset 2575 b6ffd60bade0
parent 2573 9506d3f4099e
child 2576 f1b6ecbb2d1e
16211866 problem in UTILITY/OPENSSL 16339858 Check DTLS_BAD_VER for version number
components/openssl/openssl-0.9.8-fips-140/Makefile
components/openssl/openssl-0.9.8-fips-140/patches/01-7009105.patch
components/openssl/openssl-1.0.0/Makefile
components/openssl/openssl-1.0.0/openssl-1.0.0.p5m
components/openssl/openssl-1.0.0/patches/31_dtls_version-1.0.0.patch
--- a/components/openssl/openssl-0.9.8-fips-140/Makefile	Tue Apr 16 13:29:16 2013 -0700
+++ b/components/openssl/openssl-0.9.8-fips-140/Makefile	Wed Apr 17 19:17:06 2013 -0700
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
 #
 PARFAIT_BUILD=no
 
@@ -29,14 +29,14 @@
 COMPONENT_NAME =	openssl-fips-140
 # Note that this is the OpenSSL version that is used to build FIPS-140 certified
 # libraries. However, we use the FIPS canister version for the IPS package.
-COMPONENT_VERSION =	0.9.8q
+COMPONENT_VERSION =	0.9.8y
 IPS_COMPONENT_VERSION = 1.2
 COMPONENT_PROJECT_URL=	http://www.openssl.org/
 COMPONENT_SRC_NAME =	openssl
 COMPONENT_SRC =		$(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:d522b3e8a2b48e83ba1e142d7205eaca01358a137bb58e8d64583574e697ffd7
+    sha256:bbecf13495e612936e3a9860c29c0701413564b7a964bf771a3575eaa867cee3
 COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	utility/openssl
 
--- a/components/openssl/openssl-0.9.8-fips-140/patches/01-7009105.patch	Tue Apr 16 13:29:16 2013 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-diff -ruN openssl-0.9.8q-old/crypto/opensslv.h openssl-0.9.8q/crypto/opensslv.h
---- openssl-0.9.8q-old/crypto/opensslv.h	2010-12-02 19:53:52.000000000 +0100
-+++ openssl-0.9.8q/crypto/opensslv.h	2010-12-27 14:08:42.112072026 +0100
[email protected]@ -25,7 +25,7 @@
-  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
-  *  major minor fix final patch/beta)
-  */
--#define OPENSSL_VERSION_NUMBER	0x0090811f
-+#define OPENSSL_VERSION_NUMBER	0x0090811fL
- #ifdef OPENSSL_FIPS
- #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8q-fips 2 Dec 2010"
- #else
--- a/components/openssl/openssl-1.0.0/Makefile	Tue Apr 16 13:29:16 2013 -0700
+++ b/components/openssl/openssl-1.0.0/Makefile	Wed Apr 17 19:17:06 2013 -0700
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
 #
 include ../../../make-rules/shared-macros.mk
 
@@ -28,15 +28,15 @@
 # When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too. 
 # For more information about wanboot-openssl testing, please refer to
 # ../README.
-COMPONENT_VERSION =	1.0.0j
+COMPONENT_VERSION =    1.0.0k
 # Version for IPS. It is easier to do it manually than convert the letter to a
 # number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.0.10
+IPS_COMPONENT_VERSION = 1.0.0.11
 COMPONENT_PROJECT_URL=	http://www.openssl.org/
 COMPONENT_SRC =		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:626fb8fcb3eb7e966edbe71553ff993d137f6e8a87b05051a3695e621098b8af
+    sha256:2982b2e9697a857b336c5c1b1b7b463747e5c1d560f25f6ace95365791b1efd1
 COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	utility/openssl
 
--- a/components/openssl/openssl-1.0.0/openssl-1.0.0.p5m	Tue Apr 16 13:29:16 2013 -0700
+++ b/components/openssl/openssl-1.0.0/openssl-1.0.0.p5m	Wed Apr 17 19:17:06 2013 -0700
@@ -506,7 +506,7 @@
 file path=usr/share/man/man3openssl/SSL_get_psk_identity.3openssl
 file path=usr/share/man/man3openssl/X509_STORE_CTX_get_error.3openssl
 file path=usr/share/man/man3openssl/EVP_PKEY_print_private.3openssl
-file path=usr/share/man/man3openssl/EVP_PKEY_verifyrecover.3openssl
+file path=usr/share/man/man3openssl/EVP_PKEY_verify_recover.3openssl
 file path=usr/share/man/man3openssl/CMS_get0_RecipientInfos.3openssl
 file path=usr/share/man/man3openssl/CMS_get1_ReceiptRequest.3openssl
 file path=usr/share/man/man3openssl/CMS_add1_recipient_cert.3openssl
@@ -1395,7 +1395,7 @@
 link path=usr/share/man/man3openssl/EVP_PKEY_CTX_get_keygen_info.3openssl target=EVP_PKEY_keygen.3openssl
 link path=usr/share/man/man3openssl/CMS_RecipientInfo_set0_pkey.3openssl target=CMS_get0_RecipientInfos.3openssl
 link path=usr/share/man/man3openssl/EVP_PKEY_missing_parameters.3openssl target=EVP_PKEY_cmp.3openssl
-link path=usr/share/man/man3openssl/EVP_PKEY_verifyrecover_init.3openssl target=EVP_PKEY_verifyrecover.3openssl
+link path=usr/share/man/man3openssl/EVP_PKEY_verify_recover_init.3openssl target=EVP_PKEY_verify_recover.3openssl
 link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set1_policies.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl
 link path=usr/share/man/man3openssl/SSL_set_psk_client_callback.3openssl target=SSL_CTX_set_psk_client_callback.3openssl
 link path=usr/share/man/man3openssl/SSL_set_psk_server_callback.3openssl target=SSL_CTX_use_psk_identity_hint.3openssl
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.0/patches/31_dtls_version-1.0.0.patch	Wed Apr 17 19:17:06 2013 -0700
@@ -0,0 +1,12 @@
+--- openssl-1.0.0k/ssl/s3_cbc.c.orig	2013-02-05 03:58:46.000000000 -0800
++++ openssl-1.0.0k/ssl/s3_cbc.c	2013-02-27 17:25:37.618740089 -0800
[email protected]@ -137,7 +137,8 @@
+ 			    unsigned mac_size)
+ 	{
+ 	unsigned padding_length, good, to_check, i;
+-	const char has_explicit_iv = s->version == DTLS1_VERSION;
++	const char has_explicit_iv =
++	    (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER);
+ 	const unsigned overhead = 1 /* padding length byte */ +
+ 				  mac_size +
+ 				  (has_explicit_iv ? block_size : 0);