18811227 parfait errors in openssl needs to be fixed
authorjenny.yung@oracle.com <jenny.yung@oracle.com>
Fri, 20 Jun 2014 10:41:46 -0700
changeset 1958 baa0bfe12186
parent 1957 598963179485
child 1959 ba86b21a837b
18811227 parfait errors in openssl needs to be fixed
components/openssl/README
components/openssl/openssl-1.0.1-fips-140/openssl-1.0.1-fips-140.p5m
components/openssl/openssl-1.0.1-fips-140/patches/39_parfait_fixes.patch
components/openssl/openssl-1.0.1/patches/39_parfait_fixes.patch
--- a/components/openssl/README	Fri Jun 20 09:46:39 2014 -0700
+++ b/components/openssl/README	Fri Jun 20 10:41:46 2014 -0700
@@ -131,6 +131,9 @@
 For instructions in sparcv9cap.c, remove if not supported on any platforms.
 Otherwise modify them to call getisax() to check for HW capability instead. 
 
+39_parfait_fixes.patch
+Fixes errors found by parfait in openssl.
+
 The fips Build
 ---
 
--- a/components/openssl/openssl-1.0.1-fips-140/openssl-1.0.1-fips-140.p5m	Fri Jun 20 09:46:39 2014 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/openssl-1.0.1-fips-140.p5m	Fri Jun 20 10:41:46 2014 -0700
@@ -27,6 +27,8 @@
 # change of action type.  It should be removed once non-FIPS version becomes
 # available in the reference repository
 set name=pkg.linted.pkglint.dupaction010.1 value=true
+set name=pkg.linted.pkglint.dupaction001.1 value=true
+set name=pkg.linted.pkglint.dupaction010.2 value=true
 
 set name=pkg.fmri \
     value=pkg:/library/security/openssl/[email protected]$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/39_parfait_fixes.patch	Fri Jun 20 10:41:46 2014 -0700
@@ -0,0 +1,66 @@
+# This patch was developed in-house
+# Patch submitted to upstream 
+--- openssl-1.0.1h/crypto/ocsp/ocsp_ht.c.~1~	Tue Jun 10 12:56:08 2014
++++ openssl-1.0.1h/crypto/ocsp/ocsp_ht.c	Tue Jun 10 12:55:30 2014
[email protected]@ -158,8 +158,15 @@
+ 
+ 	OCSP_REQ_CTX *rctx;
+ 	rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
++	if (!rctx)
++		return 0;
+ 	rctx->state = OHS_ERROR;
+ 	rctx->mem = BIO_new(BIO_s_mem());
++	if (!rctx->mem)
++		{
++		OCSP_REQ_CTX_free(rctx);
++		return 0;
++		}
+ 	rctx->io = io;
+ 	rctx->asn1_len = 0;
+ 	if (maxline > 0)
[email protected]@ -168,15 +175,24 @@
+ 		rctx->iobuflen = OCSP_MAX_LINE_LEN;
+ 	rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
+ 	if (!rctx->iobuf)
++		{
++		OCSP_REQ_CTX_free(rctx);
+ 		return 0;
++		}
+ 	if (!path)
+ 		path = "/";
+ 
+         if (BIO_printf(rctx->mem, post_hdr, path) <= 0)
++		{
++		OCSP_REQ_CTX_free(rctx);
+ 		return 0;
++		}
+ 
+ 	if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
++		{
++		OCSP_REQ_CTX_free(rctx);
+ 		return 0;
++		}
+ 
+ 	return rctx;
+ 	}
[email protected]@ -490,6 +506,9 @@
+ 
+ 	ctx = OCSP_sendreq_new(b, path, req, -1);
+ 
++	if (!ctx)
++		return NULL;
++
+ 	do
+ 		{
+ 		rv = OCSP_sendreq_nbio(&resp, ctx);
+--- openssl-1.0.1h/ssl/d1_both.c.~1~	Tue Jun  3 14:16:25 2014
++++ openssl-1.0.1h/ssl/d1_both.c	Tue Jun  3 14:17:26 2014
[email protected]@ -1172,6 +1172,8 @@
+ 
+ 	frag = dtls1_hm_fragment_new(s->init_num, 0);
+ 
++	if (!frag)
++		return 0;
+ 	memcpy(frag->fragment, s->init_buf->data, s->init_num);
+ 
+ 	if ( is_ccs)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1/patches/39_parfait_fixes.patch	Fri Jun 20 10:41:46 2014 -0700
@@ -0,0 +1,66 @@
+# This patch was developed in-house
+# Patch submitted to upstream 
+--- openssl-1.0.1h/crypto/ocsp/ocsp_ht.c.~1~	Tue Jun 10 12:56:08 2014
++++ openssl-1.0.1h/crypto/ocsp/ocsp_ht.c	Tue Jun 10 12:55:30 2014
[email protected]@ -158,8 +158,15 @@
+ 
+ 	OCSP_REQ_CTX *rctx;
+ 	rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
++	if (!rctx)
++		return 0;
+ 	rctx->state = OHS_ERROR;
+ 	rctx->mem = BIO_new(BIO_s_mem());
++	if (!rctx->mem)
++		{
++		OCSP_REQ_CTX_free(rctx);
++		return 0;
++		}
+ 	rctx->io = io;
+ 	rctx->asn1_len = 0;
+ 	if (maxline > 0)
[email protected]@ -168,15 +175,24 @@
+ 		rctx->iobuflen = OCSP_MAX_LINE_LEN;
+ 	rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
+ 	if (!rctx->iobuf)
++		{
++		OCSP_REQ_CTX_free(rctx);
+ 		return 0;
++		}
+ 	if (!path)
+ 		path = "/";
+ 
+         if (BIO_printf(rctx->mem, post_hdr, path) <= 0)
++		{
++		OCSP_REQ_CTX_free(rctx);
+ 		return 0;
++		}
+ 
+ 	if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
++		{
++		OCSP_REQ_CTX_free(rctx);
+ 		return 0;
++		}
+ 
+ 	return rctx;
+ 	}
[email protected]@ -490,6 +506,9 @@
+ 
+ 	ctx = OCSP_sendreq_new(b, path, req, -1);
+ 
++	if (!ctx)
++		return NULL;
++
+ 	do
+ 		{
+ 		rv = OCSP_sendreq_nbio(&resp, ctx);
+--- openssl-1.0.1h/ssl/d1_both.c.~1~	Thu May 29 13:07:00 2014
++++ openssl-1.0.1h/ssl/d1_both.c	Thu May 29 13:07:45 2014
[email protected]@ -1172,6 +1172,8 @@
+ 
+ 	frag = dtls1_hm_fragment_new(s->init_num, 0);
+ 
++	if (!frag)
++		return 0;
+ 	memcpy(frag->fragment, s->init_buf->data, s->init_num);
+ 
+ 	if ( is_ccs)