24703781 Upgrade OpenSSL version to 1.0.2i
24703800 problem in LIBRARY/OPENSSL
24703856 problem in LIBRARY/OPENSSL
24703866 problem in LIBRARY/OPENSSL
24703911 problem in LIBRARY/OPENSSL
24703934 problem in LIBRARY/OPENSSL
24703939 problem in LIBRARY/OPENSSL
--- a/components/openssl/common/patches/039-internal_tests.patch Fri Sep 23 08:18:05 2016 -0700
+++ b/components/openssl/common/patches/039-internal_tests.patch Fri Sep 23 12:03:45 2016 -0700
@@ -6,12 +6,12 @@
#
--- a/test/Makefile.orig Thu Apr 2 12:11:12 2015
+++ b/test/Makefile Thu Apr 2 12:11:21 2015
-@@ -146,7 +146,7 @@
+@@ -156,7 +156,7 @@
test_rand test_bn test_ec test_ecdsa test_ecdh \
test_enc test_x509 test_rsa test_crl test_sid \
test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
- test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
+ test_ss test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
- test_constant_time test_verify_extra test_clienthello
-
+ test_constant_time test_verify_extra test_clienthello test_sslv2conftest \
+ test_dtls test_bad_dtls
--- a/components/openssl/common/patches/041_rm_sslv2_v3.patch Fri Sep 23 08:18:05 2016 -0700
+++ b/components/openssl/common/patches/041_rm_sslv2_v3.patch Fri Sep 23 12:03:45 2016 -0700
@@ -1,54 +1,6 @@
#
# This was developed in house. Not applicable to the upstream.
#
---- openssl-1.0.1/ssl/s2_meth.c Fri May 8 09:38:33 2015
-+++ openssl-1.0.1/ssl/s2_meth.c.new Fri May 8 09:51:53 2015
-@@ -74,6 +74,13 @@
- ssl2_accept, ssl2_connect, ssl2_get_method)
- #else /* !OPENSSL_NO_SSL2 */
-
-+/* stub function */
-+const SSL_METHOD *
-+SSLv2_method(void)
-+{
-+ return (NULL);
-+}
-+
- # if PEDANTIC
- static void *dummy = &dummy;
- # endif
---- openssl-1.0.1/ssl/s2_clnt.c Fri May 8 09:37:51 2015
-+++ openssl-1.0.1/ssl/s2_clnt.c.new Fri May 8 09:53:12 2015
-@@ -1087,6 +1087,13 @@
- }
- #else /* !OPENSSL_NO_SSL2 */
-
-+/* stub function */
-+const SSL_METHOD *
-+SSLv2_client_method(void)
-+{
-+ return (NULL);
-+}
-+
- # if PEDANTIC
- static void *dummy = &dummy;
- # endif
---- openssl-1.0.1/ssl/s2_srvr.c Fri May 8 09:38:02 2015
-+++ openssl-1.0.1/ssl/s2_srvr.c.new Fri May 8 09:53:43 2015
-@@ -1148,6 +1148,13 @@
- }
- #else /* !OPENSSL_NO_SSL2 */
-
-+/* stub function */
-+const SSL_METHOD *
-+SSLv2_server_method(void)
-+{
-+ return (NULL);
-+}
-+
- # if PEDANTIC
- static void *dummy = &dummy;
- # endif
--- openssl-1.0.1/ssl/ssl.h Tue May 26 11:13:15 2015
+++ openssl-1.0.1/ssl/ssl.h.new Tue May 26 11:32:09 2015
@@ -2345,10 +2345,23 @@
--- a/components/openssl/common/patches/047-CVE-2016-2177.patch Fri Sep 23 08:18:05 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,237 +0,0 @@
-# The patch is based on the following commit from the upstream:
-# https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7
-# The fix is patched until the new version becomes available
-# from the upstream.
---- a/ssl/s3_srvr.c
-+++ b/ssl/s3_srvr.c
-@@ -989,7 +989,7 @@ int ssl3_get_client_hello(SSL *s)
-
- session_length = *(p + SSL3_RANDOM_SIZE);
-
-- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
-+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -1007,7 +1007,7 @@ int ssl3_get_client_hello(SSL *s)
- /* get the session-id */
- j = *(p++);
-
-- if (p + j > d + n) {
-+ if ((d + n) - p < j) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -1063,14 +1063,14 @@ int ssl3_get_client_hello(SSL *s)
-
- if (SSL_IS_DTLS(s)) {
- /* cookie stuff */
-- if (p + 1 > d + n) {
-+ if ((d + n) - p < 1) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
- cookie_len = *(p++);
-
-- if (p + cookie_len > d + n) {
-+ if ((d + n ) - p < cookie_len) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -1140,7 +1140,7 @@ int ssl3_get_client_hello(SSL *s)
- }
- }
-
-- if (p + 2 > d + n) {
-+ if ((d + n ) - p < 2) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -1154,7 +1154,7 @@ int ssl3_get_client_hello(SSL *s)
- }
-
- /* i bytes of cipher data + 1 byte for compression length later */
-- if ((p + i + 1) > (d + n)) {
-+ if ((d + n) - p < i + 1) {
- /* not enough data */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-@@ -1220,7 +1220,7 @@ int ssl3_get_client_hello(SSL *s)
-
- /* compression */
- i = *(p++);
-- if ((p + i) > (d + n)) {
-+ if ((d + n) - p < i) {
- /* not enough data */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
- int r;
- #endif
-
-- if (session_id + len > limit) {
-+ if (limit - session_id < len) {
- fatal = 1;
- goto err;
- }
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- 0x02, 0x03, /* SHA-1/ECDSA */
- };
-
-- if (data >= (limit - 2))
-+ if (limit - data <= 2)
- return;
- data += 2;
-
-- if (data > (limit - 4))
-+ if (limit - data < 4)
- return;
- n2s(data, type);
- n2s(data, size);
-@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- if (type != TLSEXT_TYPE_server_name)
- return;
-
-- if (data + size > limit)
-+ if (limit - data < size)
- return;
- data += size;
-
-@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- const size_t len1 = sizeof(kSafariExtensionsBlock);
- const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
-
-- if (data + len1 + len2 != limit)
-+ if (limit - data != (int)(len1 + len2))
- return;
- if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
- return;
-@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- } else {
- const size_t len = sizeof(kSafariExtensionsBlock);
-
-- if (data + len != limit)
-+ if (limit - data != (int)(len))
- return;
- if (memcmp(data, kSafariExtensionsBlock, len) != 0)
- return;
-@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
- if (data == limit)
- goto ri_check;
-
-- if (data > (limit - 2))
-+ if (limit - data < 2)
- goto err;
-
- n2s(data, len);
-
-- if (data + len != limit)
-+ if (limit - data != len)
- goto err;
-
-- while (data <= (limit - 4)) {
-+ while (limit - data >= 4) {
- n2s(data, type);
- n2s(data, size);
-
-- if (data + size > (limit))
-+ if (limit - data < size)
- goto err;
- # if 0
- fprintf(stderr, "Received extension type %d size %d\n", type, size);
-@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
- if (s->hit || s->cert->srv_ext.meths_count == 0)
- return 1;
-
-- if (data >= limit - 2)
-+ if (limit - data <= 2)
- return 1;
- n2s(data, len);
-
-- if (data > limit - len)
-+ if (limit - data < len)
- return 1;
-
-- while (data <= limit - 4) {
-+ while (limit - data >= 4) {
- n2s(data, type);
- n2s(data, size);
-
-- if (data + size > limit)
-+ if (limit - data < size)
- return 1;
- if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
- return 0;
-@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
- SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
- # endif
-
-- if (data >= (d + n - 2))
-+ if ((d + n) - data <= 2)
- goto ri_check;
-
- n2s(data, length);
-- if (data + length != d + n) {
-+ if ((d + n) - data != length) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
-
-- while (data <= (d + n - 4)) {
-+ while ((d + n) - data >= 4) {
- n2s(data, type);
- n2s(data, size);
-
-- if (data + size > (d + n))
-+ if ((d + n) - data < size)
- goto ri_check;
-
- if (s->tlsext_debug_cb)
-@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
- /* Skip past DTLS cookie */
- if (SSL_IS_DTLS(s)) {
- i = *(p++);
-- p += i;
-- if (p >= limit)
-+
-+ if (limit - p <= i)
- return -1;
-+
-+ p += i;
- }
- /* Skip past cipher list */
- n2s(p, i);
-- p += i;
-- if (p >= limit)
-+ if (limit - p <= i)
- return -1;
-+ p += i;
-+
- /* Skip past compression algorithm list */
- i = *(p++);
-- p += i;
-- if (p > limit)
-+ if (limit - p < i)
- return -1;
-+ p += i;
-+
- /* Now at start of extensions */
-- if ((p + 2) >= limit)
-+ if (limit - p <= 2)
- return 0;
- n2s(p, i);
-- while ((p + 4) <= limit) {
-+ while (limit - p >= 4) {
- unsigned short type, size;
- n2s(p, type);
- n2s(p, size);
-- if (p + size > limit)
-+ if (limit - p < size)
- return 0;
- if (type == TLSEXT_TYPE_session_ticket) {
- int r;
--- a/components/openssl/common/patches/048-CVE-2016-2178.patch Fri Sep 23 08:18:05 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-# The patch is based on the following commit from the upstream:
-# https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2
-# The fix is patched until the new version becomes available
-# from the upstream.
---- a/crypto/dsa/dsa_ossl.c 2016-06-20 08:06:46.793733045 -0700
-+++ b/crypto/dsa/dsa_ossl.c 2016-06-20 08:07:42.133601060 -0700
-@@ -248,9 +248,6 @@
- if (!BN_rand_range(&k, dsa->q))
- goto err;
- while (BN_is_zero(&k)) ;
-- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-- BN_set_flags(&k, BN_FLG_CONSTTIME);
-- }
-
- if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
- if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-@@ -282,6 +279,11 @@
- } else {
- K = &k;
- }
-+
-+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-+ BN_set_flags(K, BN_FLG_CONSTTIME);
-+ }
-+
- DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
- dsa->method_mont_p);
- if (!BN_mod(r, r, dsa->q, ctx))
--- a/components/openssl/common/patches/049-use-srln.patch Fri Sep 23 08:18:05 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,86 +0,0 @@
-# This patch fixes the invalid use of 64-bit instruction (srlx) by 32-bit
-# applications. This patch is from the following commit in the upstream:
-# https://github.com/openssl/openssl/commit/f198cc43a0eca4bf1a8e7f60c51af560f4346dc8
---- a/crypto/des/asm/dest4-sparcv9.pl 2016-08-04 14:20:26.610683970 -0700
-+++ b/crypto/des/asm/dest4-sparcv9.pl 2016-08-04 14:22:33.339076315 -0700
-@@ -96,7 +96,7 @@
- des_t4_cbc_encrypt:
- cmp $len, 0
- be,pn $::size_t_cc, .Lcbc_abort
-- nop
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
- ld [$ivec + 0], %f0 ! load ivec
- ld [$ivec + 4], %f1
-
-@@ -197,7 +197,7 @@
- des_t4_cbc_decrypt:
- cmp $len, 0
- be,pn $::size_t_cc, .Lcbc_abort
-- nop
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
- ld [$ivec + 0], %f2 ! load ivec
- ld [$ivec + 4], %f3
-
-@@ -305,7 +305,7 @@
- des_t4_ede3_cbc_encrypt:
- cmp $len, 0
- be,pn $::size_t_cc, .Lcbc_abort
-- nop
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
- ld [$ivec + 0], %f0 ! load ivec
- ld [$ivec + 4], %f1
-
-@@ -457,7 +457,7 @@
- des_t4_ede3_cbc_decrypt:
- cmp $len, 0
- be,pn $::size_t_cc, .Lcbc_abort
-- nop
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
- ld [$ivec + 0], %f2 ! load ivec
- ld [$ivec + 4], %f3
-
---- a/crypto/modes/asm/ghash-sparcv9.pl 2016-08-04 14:22:59.021798885 -0700
-+++ b/crypto/modes/asm/ghash-sparcv9.pl 2016-08-04 14:24:07.947062045 -0700
-@@ -445,6 +445,8 @@
- .align 32
- gcm_ghash_vis3:
- save %sp,-$frame,%sp
-+ nop
-+ srl $len,0,$len ! needed on v8+, "nop" on v9
-
- ldx [$Xip+8],$C2 ! load Xi
- ldx [$Xip+0],$C3
---- a/crypto/perlasm/sparcv9_modes.pl 2016-08-04 14:24:29.877624460 -0700
-+++ b/crypto/perlasm/sparcv9_modes.pl 2016-08-04 14:27:18.552931245 -0700
-@@ -37,6 +37,7 @@
- save %sp, -$::frame, %sp
- cmp $len, 0
- be,pn $::size_t_cc, .L${bits}_cbc_enc_abort
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
- sub $inp, $out, $blk_init ! $inp!=$out
- ___
- $::code.=<<___ if (!$::evp);
-@@ -254,6 +255,7 @@
- save %sp, -$::frame, %sp
- cmp $len, 0
- be,pn $::size_t_cc, .L${bits}_cbc_dec_abort
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
- sub $inp, $out, $blk_init ! $inp!=$out
- ___
- $::code.=<<___ if (!$::evp);
-@@ -613,6 +615,7 @@
- .align 32
- ${alg}${bits}_t4_ctr32_encrypt:
- save %sp, -$::frame, %sp
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
-
- prefetch [$inp], 20
- prefetch [$inp + 63], 20
-@@ -916,6 +919,7 @@
- .align 32
- ${alg}${bits}_t4_xts_${dir}crypt:
- save %sp, -$::frame-16, %sp
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
-
- mov $ivec, %o0
- add %fp, $::bias-16, %o1
--- a/components/openssl/common/patches/052-CVE-2016-6302.patch Fri Sep 23 08:18:05 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,30 +0,0 @@
-# The patch is based on the following commit from the upstream:
-# https://github.com/openssl/openssl/commit/baaabfd8fdcec04a691695fad9a664bea43202b6
-# The fix is patched until the new version becomes available
-# from the upstream.
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -3401,9 +3401,7 @@
- HMAC_CTX hctx;
- EVP_CIPHER_CTX ctx;
- SSL_CTX *tctx = s->initial_ctx;
-- /* Need at least keyname + iv + some encrypted data */
-- if (eticklen < 48)
-- return 2;
-+
- /* Initialize session ticket encryption and HMAC contexts */
- HMAC_CTX_init(&hctx);
- EVP_CIPHER_CTX_init(&ctx);
-@@ -3437,6 +3435,12 @@
- if (mlen < 0) {
- goto err;
- }
-+ /* Sanity check ticket length: must exceed keyname + IV + HMAC */
-+ if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) {
-+ HMAC_CTX_cleanup(&hctx);
-+ EVP_CIPHER_CTX_cleanup(&ctx);
-+ return 2;
-+ }
- eticklen -= mlen;
- /* Check HMAC of encrypted ticket */
- if (HMAC_Update(&hctx, etick, eticklen) <= 0
--- a/components/openssl/common/patches/053-large-crl.patch Fri Sep 23 08:18:05 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
-# The patch is based on the following commit from the upstream:
-# https://github.com/openssl/openssl/commit/a1eef756cc1948e
-# The fix is patched until the new version becomes available
-# from the upstream.
---- a/crypto/asn1/x_name.c
-+++ b/crypto/asn1/x_name.c
-@@ -199,10 +199,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
- int i, j, ret;
- STACK_OF(X509_NAME_ENTRY) *entries;
- X509_NAME_ENTRY *entry;
-- if (len > X509_NAME_MAX) {
-- ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
-- return 0;
-- }
-+ if (len > X509_NAME_MAX)
-+ len = X509_NAME_MAX;
- q = p;
-
- /* Get internal representation of Name */
--- a/components/openssl/openssl-default/Makefile Fri Sep 23 08:18:05 2016 -0700
+++ b/components/openssl/openssl-default/Makefile Fri Sep 23 12:03:45 2016 -0700
@@ -30,19 +30,19 @@
# When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too.
# For more information about wanboot-openssl testing, please refer to
# ../README.
-COMPONENT_VERSION = 1.0.2h
+COMPONENT_VERSION = 1.0.2i
# Version for IPS. It is easier to do it manually than convert the letter to a
# number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.2.8
+IPS_COMPONENT_VERSION = 1.0.2.9
COMPONENT_PROJECT_URL= http://www.openssl.org/
COMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919
+ sha256:9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f
COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= library/openssl
-TPNO= 28137
+TPNO= 31795
# Clone the patch files to the patches-all dir.
# COPY_COMMON_FILES is there so that rsync is called as soon as
@@ -112,7 +112,7 @@
CONFIGURE_OPTIONS += no-gost
# Disable SSLv2 and SSLv3 protocols
-CONFIGURE_OPTIONS += no-ssl2 no-ssl2-method
+CONFIGURE_OPTIONS += no-ssl2
CONFIGURE_OPTIONS += no-ssl3 no-ssl3-method
# We use both no-whirlpool and no-whrlpool since there is an inconsistency in
--- a/components/openssl/openssl-default/openssl-default.license Fri Sep 23 08:18:05 2016 -0700
+++ b/components/openssl/openssl-default/openssl-default.license Fri Sep 23 12:03:45 2016 -0700
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
--- a/components/openssl/openssl-default/patches/102-wanboot.patch Fri Sep 23 08:18:05 2016 -0700
+++ b/components/openssl/openssl-default/patches/102-wanboot.patch Fri Sep 23 12:03:45 2016 -0700
@@ -298,18 +298,6 @@
{
--- openssl-1.0.0e/crypto/rand/randfile.c 2011-03-19 02:44:37.000000000 -0700
+++ openssl-1.0.0e_patched/crypto/rand/randfile.c 2011-12-13 05:26:51.884824200 -0800
-@@ -57,9 +57,11 @@
- */
-
- /* We need to define this to get macros like S_IFBLK and S_IFCHR */
-+#ifndef _BOOT
- #if !defined(OPENSSL_SYS_VXWORKS)
- # define _XOPEN_SOURCE 500
- #endif
-+#endif /* _BOOT */
-
- #include <errno.h>
- #include <stdio.h>
@@ -191,6 +193,7 @@
return (ret);
}
@@ -459,8 +447,8 @@
+#ifndef _BOOT
.global _sparcv9_vis1_instrument_bus
+ .weak _sparcv9_vis1_instrument_bus
.align 8
- _sparcv9_vis1_instrument_bus:
@@ -501,3 +502,7 @@
nop
call OPENSSL_cpuid_setup
--- a/components/openssl/openssl-fips-140/Makefile Fri Sep 23 08:18:05 2016 -0700
+++ b/components/openssl/openssl-fips-140/Makefile Fri Sep 23 12:03:45 2016 -0700
@@ -35,18 +35,18 @@
# is the FIPS module version. The COMPONENT_VERSION changes with the core
# OpenSSL version, but the IPS_COMPONENT_VERSION is purposely only to change if
# the FIPS module version changes.
-COMPONENT_VERSION = 1.0.2h
+COMPONENT_VERSION = 1.0.2i
IPS_COMPONENT_VERSION = 2.0.12
COMPONENT_PROJECT_URL= http://www.openssl.org/
COMPONENT_SRC_NAME = openssl
COMPONENT_SRC = $(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919
+ sha256:9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f
COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= library/openssl
-TPNO= 28137
+TPNO= 31795
# Clone the patch files to the patches-all dir.
# COPY_COMMON_FILES is there so that rsync is called as soon as
@@ -113,7 +113,7 @@
CONFIGURE_OPTIONS += no-seed
# Disable SSLv2 and SSLv3 protocols
-CONFIGURE_OPTIONS += no-ssl2 no-ssl2-method
+CONFIGURE_OPTIONS += no-ssl2
CONFIGURE_OPTIONS += no-ssl3 no-ssl3-method
# We define our own compiler and linker option sets for Solaris. See Configure
--- a/components/openssl/openssl-fips-140/openssl-fips-140.license Fri Sep 23 08:18:05 2016 -0700
+++ b/components/openssl/openssl-fips-140/openssl-fips-140.license Fri Sep 23 12:03:45 2016 -0700
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
--- a/components/openssl/openssl-fips-140/patches/203-multi-definition.patch Fri Sep 23 08:18:05 2016 -0700
+++ b/components/openssl/openssl-fips-140/patches/203-multi-definition.patch Fri Sep 23 12:03:45 2016 -0700
@@ -4,15 +4,15 @@
#
--- openssl-0.9.8m/crypto/sparccpuid.S Mon Jun 29 19:28:02 2015
+++ openssl-0.9.8m/crypto/sparccpuid.S Mon Jun 29 19:28:02 2015
-@@ -400,6 +400,8 @@
+@@ -428,6 +428,8 @@
.type OPENSSL_cleanse,#function
.size OPENSSL_cleanse,.-OPENSSL_cleanse
+
+#if 0
.global _sparcv9_vis1_instrument_bus
+ .weak _sparcv9_vis1_instrument_bus
.align 8
- _sparcv9_vis1_instrument_bus:
@@ -496,6 +498,8 @@
.type _sparcv9_vis1_instrument_bus2,#function
.size _sparcv9_vis1_instrument_bus2,.-_sparcv9_vis1_instrument_bus2