tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-25 14:44:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2k

Browse Source 
v2:
Re-generate the patch after the new OpensslLibCrypto instance.

OpenSSL 1.0.2k was released with several severity fixes at
26-Jan-2017 (https://www.openssl.org/news/secadv/20170126.txt).
This patch is to upgrade the supported OpenSSL version in
CryptoPkg/OpensslLib to catch the latest release 1.0.2k.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
Qin Long 2017-02-27 14:46:07 +08:00
parent 40f4246589
commit 14e3b94964
7 changed files with 36 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CryptoPkg/CryptoPkg.dec
View File

@ -4,7 +4,7 @@
# This Package provides cryptographic-related libraries for UEFI security modules. # This Package provides cryptographic-related libraries for UEFI security modules.
# It also provides a test application to test libraries. # It also provides a test application to test libraries.
# #
# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -24,7 +24,7 @@
[Includes] [Includes]
Include Include
Library/OpensslLib/openssl-1.0.2j/include Library/OpensslLib/openssl-1.0.2k/include
[LibraryClasses] [LibraryClasses]
## @libraryclass Provides basic library functions for cryptographic primitives. ## @libraryclass Provides basic library functions for cryptographic primitives.

26
CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2j.patch → CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch
View File

@ -1,8 +1,8 @@
diff --git a/Configure b/Configure diff --git a/Configure b/Configure
index c39f71a..98dd1d0 100755 index 5da7cad..c2cc9c5 100755
--- a/Configure --- a/Configure
+++ b/Configure +++ b/Configure
@@ -609,6 +609,9 @@ my %table=( @@ -611,6 +611,9 @@ my %table=(
# with itself, Applink is never engaged and can as well be omitted. # with itself, Applink is never engaged and can as well be omitted.
"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
@ -12,7 +12,7 @@ index c39f71a..98dd1d0 100755
# UWIN # UWIN
"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
@@ -1083,7 +1086,7 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"}) @@ -1085,7 +1088,7 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"})
} }
if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
@ -22,10 +22,10 @@ index c39f71a..98dd1d0 100755
$disabled{"gost"} = "forced"; $disabled{"gost"} = "forced";
} }
diff --git a/apps/apps.c b/apps/apps.c diff --git a/apps/apps.c b/apps/apps.c
index 9fdc3e0..6c183b0 100644 index c487bd9..64ade15 100644
--- a/apps/apps.c --- a/apps/apps.c
+++ b/apps/apps.c +++ b/apps/apps.c
@@ -2375,6 +2375,8 @@ int args_verify(char ***pargs, int *pargc, @@ -2386,6 +2386,8 @@ int args_verify(char ***pargs, int *pargc,
flags |= X509_V_FLAG_PARTIAL_CHAIN; flags |= X509_V_FLAG_PARTIAL_CHAIN;
else if (!strcmp(arg, "-no_alt_chains")) else if (!strcmp(arg, "-no_alt_chains"))
flags |= X509_V_FLAG_NO_ALT_CHAINS; flags |= X509_V_FLAG_NO_ALT_CHAINS;
@ -254,7 +254,7 @@ index d5a5514..bede55c 100644
goto err; goto err;
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 1d25687..ad641c3 100644 index 8177fd2..4dab3bb 100644
--- a/crypto/bn/bn_prime.c --- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c
@@ -131,7 +131,7 @@ @@ -131,7 +131,7 @@
@ -298,7 +298,7 @@ index 1d25687..ad641c3 100644
if (ctx != NULL) { if (ctx != NULL) {
BN_CTX_end(ctx); BN_CTX_end(ctx);
BN_CTX_free(ctx); BN_CTX_free(ctx);
@@ -375,10 +380,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, @@ -376,10 +381,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
return 1; return 1;
} }
@ -861,7 +861,7 @@ index 585aa8b..04c6cfc 100644
/* /*
* Borland C seems too stupid to be able to shift and do longs in the * Borland C seems too stupid to be able to shift and do longs in the
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 39ab793..ad1e350 100644 index d258ef8..376f260 100644
--- a/crypto/evp/evp.h --- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h +++ b/crypto/evp/evp.h
@@ -602,11 +602,13 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); @@ -602,11 +602,13 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
@ -1470,7 +1470,7 @@ index bbc3189..29695f9 100644
+ +
+#endif /* OPENSSL_NO_STDIO */ +#endif /* OPENSSL_NO_STDIO */
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 8334b3f..d075f66 100644 index b147201..5bf3f07 100644
--- a/crypto/x509/x509_vfy.c --- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c
@@ -1064,6 +1064,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) @@ -1064,6 +1064,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
@ -1915,10 +1915,10 @@ index 499f0e8..5672f99 100644
os.data = NULL; os.data = NULL;
os.length = 0; os.length = 0;
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index f48ebae..ac4f08c 100644 index 1be6fb0..cbec97c 100644
--- a/ssl/ssl_cert.c --- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c
@@ -857,12 +857,12 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) @@ -855,12 +855,12 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
return (add_client_CA(&(ctx->client_CA), x)); return (add_client_CA(&(ctx->client_CA), x));
} }
@ -1932,7 +1932,7 @@ index f48ebae..ac4f08c 100644
/** /**
* Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
* it doesn't really have anything to do with clients (except that a common use * it doesn't really have anything to do with clients (except that a common use
@@ -930,7 +930,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) @@ -928,7 +928,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
ERR_clear_error(); ERR_clear_error();
return (ret); return (ret);
} }
@ -1940,7 +1940,7 @@ index f48ebae..ac4f08c 100644
/** /**
* Add a file of certs to a stack. * Add a file of certs to a stack.
@@ -1050,6 +1049,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, @@ -1048,6 +1047,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
return ret; return ret;
} }

2
CryptoPkg/Library/OpensslLib/Install.cmd
View File

@ -1,4 +1,4 @@
cd openssl-1.0.2j cd openssl-1.0.2k
copy ..\opensslconf.h crypto copy ..\opensslconf.h crypto
if not exist include\openssl mkdir include\openssl if not exist include\openssl mkdir include\openssl
copy e_os2.h include\openssl copy e_os2.h include\openssl

2
CryptoPkg/Library/OpensslLib/Install.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
cd openssl-1.0.2j cd openssl-1.0.2k
cp ../opensslconf.h crypto cp ../opensslconf.h crypto
mkdir -p include/openssl mkdir -p include/openssl
cp e_os2.h include/openssl cp e_os2.h include/openssl

6
CryptoPkg/Library/OpensslLib/OpensslLib.inf
View File

@ -1,7 +1,7 @@
## @file ## @file
# This module provides openSSL Library implementation. # This module provides openSSL Library implementation.
# #
# Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -20,7 +20,7 @@
MODULE_TYPE = BASE MODULE_TYPE = BASE
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib LIBRARY_CLASS = OpensslLib
DEFINE OPENSSL_PATH = openssl-1.0.2j DEFINE OPENSSL_PATH = openssl-1.0.2k
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
# #
@ -551,7 +551,7 @@
# C4702: Potentially uninitialized local variable name used # C4702: Potentially uninitialized local variable name used
# C4311: pointer truncation from 'type' to 'type' # C4311: pointer truncation from 'type' to 'type'
# #
MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4244 /wd4245 /wd4701 /wd4702 /wd4706 MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4244 /wd4245 /wd4267 /wd4701 /wd4702 /wd4706
MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706 /wd4311 MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706 /wd4311
MSFT:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706 MSFT:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706

6
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
View File

@ -1,7 +1,7 @@
## @file ## @file
# This module provides openSSL Library implementation. # This module provides openSSL Library implementation.
# #
# Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -20,7 +20,7 @@
MODULE_TYPE = BASE MODULE_TYPE = BASE
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib LIBRARY_CLASS = OpensslLib
DEFINE OPENSSL_PATH = openssl-1.0.2j DEFINE OPENSSL_PATH = openssl-1.0.2k
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
# #
@ -501,7 +501,7 @@
# C4702: Potentially uninitialized local variable name used # C4702: Potentially uninitialized local variable name used
# C4311: pointer truncation from 'type' to 'type' # C4311: pointer truncation from 'type' to 'type'
# #
MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4244 /wd4245 /wd4701 /wd4702 /wd4706 MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4244 /wd4245 /wd4267 /wd4701 /wd4702 /wd4706
MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706 /wd4311 MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706 /wd4311
MSFT:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706 MSFT:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706

26
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
View File

@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building under UEFI environment.
================================================================================ ================================================================================
OpenSSL-Version OpenSSL-Version
================================================================================ ================================================================================
Current supported OpenSSL version for UEFI Crypto Library is 1.0.2j. Current supported OpenSSL version for UEFI Crypto Library is 1.0.2k.
http://www.openssl.org/source/openssl-1.0.2j.tar.gz http://www.openssl.org/source/openssl-1.0.2k.tar.gz
================================================================================ ================================================================================
HOW to Install Openssl for UEFI Building HOW to Install Openssl for UEFI Building
================================================================================ ================================================================================
1. Download OpenSSL 1.0.2j from official website: 1. Download OpenSSL 1.0.2k from official website:
http://www.openssl.org/source/openssl-1.0.2j.tar.gz http://www.openssl.org/source/openssl-1.0.2k.tar.gz
NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2j.tar.tar. NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2k.tar.tar.
When you do the download, rename the "openssl-1.0.2j.tar.tar" to When you do the download, rename the "openssl-1.0.2k.tar.tar" to
"openssl-1.0.2j.tar.gz" or rename the local downloaded file with ".tar.tar" "openssl-1.0.2k.tar.gz" or rename the local downloaded file with ".tar.tar"
extension to ".tar.gz". extension to ".tar.gz".
2. Extract TAR into CryptoPkg/Library/OpensslLib/openssl-1.0.2j 2. Extract TAR into CryptoPkg/Library/OpensslLib/openssl-1.0.2k
NOTE: If you use WinZip to unpack the openssl source in Windows, please NOTE: If you use WinZip to unpack the openssl source in Windows, please
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options --> uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion"). Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
3. Apply this patch: EDKII_openssl-1.0.2j.patch, and make installation 3. Apply this patch: EDKII_openssl-1.0.2k.patch, and make installation
For Windows Environment: For Windows Environment:
------------------------ ------------------------
1) Make sure the patch utility has been installed in your machine. 1) Make sure the patch utility has been installed in your machine.
Install Cygwin or get the patch utility binary from Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm http://gnuwin32.sourceforge.net/packages/patch.htm
2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2j 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2k
3) patch -p1 -i ..\EDKII_openssl-1.0.2j.patch 3) patch -p1 -i ..\EDKII_openssl-1.0.2k.patch
4) cd .. 4) cd ..
5) Install.cmd 5) Install.cmd
@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment.
----------------------- -----------------------
1) Make sure the patch utility has been installed in your machine. 1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/ Patch utility is available from http://directory.fsf.org/project/patch/
2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2j 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2k
3) patch -p1 -i ../EDKII_openssl-1.0.2j.patch 3) patch -p1 -i ../EDKII_openssl-1.0.2k.patch
4) cd .. 4) cd ..
5) ./Install.sh 5) ./Install.sh