openssl-1.0.1c upgrade
Bug: 6478397
Change-Id: If231aadbeb92eba4383adf91969361102cdfad69
diff --git a/ThirdPartyProject.prop b/ThirdPartyProject.prop
index 5ce3971..efc713e 100644
--- a/ThirdPartyProject.prop
+++ b/ThirdPartyProject.prop
@@ -1,7 +1,7 @@
# Copyright 2010 Google Inc. All Rights Reserved.
#Fri Jul 16 10:03:09 PDT 2010
-currentVersion=1.0.1b
-version=1.0.1b
+currentVersion=1.0.1c
+version=1.0.1c
isNative=true
feedurl=http\://www.openssl.org/
name=openssl
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index 9e86557..71be359 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000102fL
+#define OPENSSL_VERSION_NUMBER 0x1000103fL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1b-fips 26 Apr 2012"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c-fips 10 May 2012"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1b 26 Apr 2012"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c 10 May 2012"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/ppccpuid.pl b/crypto/ppccpuid.pl
index 0677469..4ba736a 100755
--- a/crypto/ppccpuid.pl
+++ b/crypto/ppccpuid.pl
@@ -105,7 +105,7 @@
Little: mtctr r4
stb r0,0(r3)
addi r3,r3,1
- bdnz- \$-8
+ bdnz \$-8
blr
Lot: andi. r5,r3,3
beq Laligned
@@ -118,7 +118,7 @@
mtctr r5
stw r0,0(r3)
addi r3,r3,4
- bdnz- \$-8
+ bdnz \$-8
andi. r4,r4,3
bne Little
blr
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
index 9e86557..71be359 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000102fL
+#define OPENSSL_VERSION_NUMBER 0x1000103fL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1b-fips 26 Apr 2012"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c-fips 10 May 2012"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1b 26 Apr 2012"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c 10 May 2012"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/openssl.version b/openssl.version
index 777d72c..126c023 100644
--- a/openssl.version
+++ b/openssl.version
@@ -1,2 +1,2 @@
# also update ThirdPartyProject.prop
-OPENSSL_VERSION=1.0.1b
+OPENSSL_VERSION=1.0.1c
diff --git a/patches/README b/patches/README
index f7d886d..7fd8093 100644
--- a/patches/README
+++ b/patches/README
@@ -26,10 +26,6 @@
Support for JSSE implementation based on OpenSSL.
-npn.patch
-
-Transport Layer Security (TLS) Next Protocol Negotiation Extension
-
sha1_armv4_large.patch
This patch eliminates memory stores to addresses below SP.
diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c
index becbab9..07a5e97 100644
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -260,7 +260,7 @@
}
/* TLS 1.0 does not bound the number of padding bytes by the block size.
* All of them must have value 'padding_length'. */
- if (i > (int)rec->length)
+ if (i + bs > (int)rec->length)
{
/* Incorrect padding. SSLerr() and ssl3_alert are done
* by caller: we don't want to reveal whether this is
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 5898701..55deaaf 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -620,6 +620,11 @@
s->ssl_version < TLS1_VERSION)
return 1;
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ return 1;
+#endif
+
if (c->algorithm_enc == SSL_RC4 &&
c->algorithm_mac == SSL_MD5 &&
(evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 201ca9a..f7bdeb3 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -889,6 +889,8 @@
if (s->version >= TLS1_1_VERSION
&& EVP_CIPHER_CTX_mode(ds) == EVP_CIPH_CBC_MODE)
{
+ if (bs > (int)rec->length)
+ return -1;
rec->data += bs; /* skip the explicit IV */
rec->input += bs;
rec->length -= bs;