--- a/components/openssl/README Fri Jul 18 01:00:43 2014 -0700
+++ b/components/openssl/README Fri Jul 18 06:53:27 2014 -0700
@@ -116,6 +116,10 @@
- implementation of atoi()
- avoid using ssl_fill_hello_random() in s3_clnt.c
+36_evp_leak.patch:
+Solaris-specific fix for mem leak caused by EVP_EncryptFinal_ex()
+and EVP_DecryptFinal_ex() not cleaning up properly.
+
openssl-t4-inline.sparc-patch
SPARC-only patch.
Add patch to support inline T4 instruction in OpenSSL upstream code until
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch Fri Jul 18 06:53:27 2014 -0700
@@ -0,0 +1,146 @@
+Patch developed in-house. Solaris-specific; not suitable for upstream.
+
+--- openssl-1.0.1f/crypto/evp/evp_enc.c.orig Mon Feb 11 07:26:04 2013
++++ openssl-1.0.1f/crypto/evp/evp_enc.c Mon Feb 3 16:40:48 2014
[email protected]@ -393,10 +393,14 @@
+ {
+ ret = M_do_cipher(ctx, out, NULL, 0);
+ if (ret < 0)
+- return 0;
++ {
++ ret = 0;
++ goto cleanup;
++ }
+ else
+ *outl = ret;
+- return 1;
++ ret = 1;
++ goto cleanup;
+ }
+
+ b=ctx->cipher->block_size;
[email protected]@ -404,7 +408,8 @@
+ if (b == 1)
+ {
+ *outl=0;
+- return 1;
++ ret = 1;
++ goto cleanup;
+ }
+ bl=ctx->buf_len;
+ if (ctx->flags & EVP_CIPH_NO_PADDING)
[email protected]@ -412,10 +417,12 @@
+ if(bl)
+ {
+ EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+- return 0;
++ ret = 0;
++ goto cleanup;
+ }
+ *outl = 0;
+- return 1;
++ ret = 1;
++ goto cleanup;
+ }
+
+ n=b-bl;
[email protected]@ -427,6 +434,12 @@
+ if(ret)
+ *outl=b;
+
++cleanup:
++ if (ctx->cipher->cleanup)
++ {
++ ctx->cipher->cleanup(ctx);
++ }
++
+ return ret;
+ }
+
[email protected]@ -500,7 +513,7 @@
+
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ {
+- int i,n;
++ int i,n,ret = 1;
+ unsigned int b;
+ *outl=0;
+
[email protected]@ -508,10 +521,14 @@
+ {
+ i = M_do_cipher(ctx, out, NULL, 0);
+ if (i < 0)
+- return 0;
++ {
++ ret = 0;
++ goto cleanup;
++ }
+ else
+ *outl = i;
+- return 1;
++ ret = 1;
++ goto cleanup;
+ }
+
+ b=ctx->cipher->block_size;
[email protected]@ -520,10 +537,12 @@
+ if(ctx->buf_len)
+ {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+- return 0;
++ ret = 0;
++ goto cleanup;
+ }
+ *outl = 0;
+- return 1;
++ ret = 1;
++ goto cleanup;
+ }
+ if (b > 1)
+ {
[email protected]@ -530,7 +549,8 @@
+ if (ctx->buf_len || !ctx->final_used)
+ {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+- return(0);
++ ret = 0;
++ goto cleanup;
+ }
+ OPENSSL_assert(b <= sizeof ctx->final);
+ n=ctx->final[b-1];
[email protected]@ -537,7 +557,8 @@
+ if (n == 0 || n > (int)b)
+ {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+- return(0);
++ ret = 0;
++ goto cleanup;
+ }
+ for (i=0; i<n; i++)
+ {
[email protected]@ -544,7 +565,8 @@
+ if (ctx->final[--b] != n)
+ {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+- return(0);
++ ret = 0;
++ goto cleanup;
+ }
+ }
+ n=ctx->cipher->block_size-n;
[email protected]@ -554,7 +576,14 @@
+ }
+ else
+ *outl=0;
+- return(1);
++
++cleanup:
++ if (ctx->cipher->cleanup)
++ {
++ ctx->cipher->cleanup(ctx);
++ }
++
++ return ret;
+ }
+
+ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1/patches/36_evp_leak.patch Fri Jul 18 06:53:27 2014 -0700
@@ -0,0 +1,146 @@
+Patch developed in-house. Solaris-specific; not suitable for upstream.
+
+--- openssl-1.0.1f/crypto/evp/evp_enc.c.orig Mon Feb 11 07:26:04 2013
++++ openssl-1.0.1f/crypto/evp/evp_enc.c Mon Feb 3 16:40:48 2014
[email protected]@ -393,10 +393,14 @@
+ {
+ ret = M_do_cipher(ctx, out, NULL, 0);
+ if (ret < 0)
+- return 0;
++ {
++ ret = 0;
++ goto cleanup;
++ }
+ else
+ *outl = ret;
+- return 1;
++ ret = 1;
++ goto cleanup;
+ }
+
+ b=ctx->cipher->block_size;
[email protected]@ -404,7 +408,8 @@
+ if (b == 1)
+ {
+ *outl=0;
+- return 1;
++ ret = 1;
++ goto cleanup;
+ }
+ bl=ctx->buf_len;
+ if (ctx->flags & EVP_CIPH_NO_PADDING)
[email protected]@ -412,10 +417,12 @@
+ if(bl)
+ {
+ EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+- return 0;
++ ret = 0;
++ goto cleanup;
+ }
+ *outl = 0;
+- return 1;
++ ret = 1;
++ goto cleanup;
+ }
+
+ n=b-bl;
[email protected]@ -427,6 +434,12 @@
+ if(ret)
+ *outl=b;
+
++cleanup:
++ if (ctx->cipher->cleanup)
++ {
++ ctx->cipher->cleanup(ctx);
++ }
++
+ return ret;
+ }
+
[email protected]@ -500,7 +513,7 @@
+
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ {
+- int i,n;
++ int i,n,ret = 1;
+ unsigned int b;
+ *outl=0;
+
[email protected]@ -508,10 +521,14 @@
+ {
+ i = M_do_cipher(ctx, out, NULL, 0);
+ if (i < 0)
+- return 0;
++ {
++ ret = 0;
++ goto cleanup;
++ }
+ else
+ *outl = i;
+- return 1;
++ ret = 1;
++ goto cleanup;
+ }
+
+ b=ctx->cipher->block_size;
[email protected]@ -520,10 +537,12 @@
+ if(ctx->buf_len)
+ {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+- return 0;
++ ret = 0;
++ goto cleanup;
+ }
+ *outl = 0;
+- return 1;
++ ret = 1;
++ goto cleanup;
+ }
+ if (b > 1)
+ {
[email protected]@ -530,7 +549,8 @@
+ if (ctx->buf_len || !ctx->final_used)
+ {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+- return(0);
++ ret = 0;
++ goto cleanup;
+ }
+ OPENSSL_assert(b <= sizeof ctx->final);
+ n=ctx->final[b-1];
[email protected]@ -537,7 +557,8 @@
+ if (n == 0 || n > (int)b)
+ {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+- return(0);
++ ret = 0;
++ goto cleanup;
+ }
+ for (i=0; i<n; i++)
+ {
[email protected]@ -544,7 +565,8 @@
+ if (ctx->final[--b] != n)
+ {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+- return(0);
++ ret = 0;
++ goto cleanup;
+ }
+ }
+ n=ctx->cipher->block_size-n;
[email protected]@ -554,7 +576,14 @@
+ }
+ else
+ *outl=0;
+- return(1);
++
++cleanup:
++ if (ctx->cipher->cleanup)
++ {
++ ctx->cipher->cleanup(ctx);
++ }
++
++ return ret;
+ }
+
+ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)