tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg/OpensslLib: upgrade OpenSSL version to 1.0.2e 

OpenSSL has released version 1.0.2e with security fixes.
Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib
from 1.0.2d to 1.0.2e.
(Note: This is based on Ard's previous patch with extra fix
       https://rt.openssl.org/Ticket/Display.html?id=4175)

Contributed-under: TianoCore Contribution Agreement 1.0
Singed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19218 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Qin Long 2015-12-11 02:29:05 +00:00 committed by qlong
parent 0d12e6a003
commit 65202874a4
5 changed files with 38 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch → CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2e.patch
View File

@ -16,7 +16,7 @@ diff U3 crypto/bio/bio.h crypto/bio/bio.h
diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c
--- crypto/bio/bss_file.c Thu Jun 11 21:01:06 2015 --- crypto/bio/bss_file.c Thu Jun 11 21:01:06 2015
+++ crypto/bio/bss_file.c Fri Jun 12 11:01:28 2015 +++ crypto/bio/bss_file.c Fri Jun 12 11:01:28 2015
@@ -460,6 +460,23 @@ @@ -467,6 +467,23 @@
return (ret); return (ret);
} }
@ -83,9 +83,22 @@ diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
+ char *buf = NULL; + char *buf = NULL;
+ int bufsiz; + int bufsiz;
int i, j = 0, k, ret = 0; int i, j = 0, k, ret = 0;
BIO *p7bio; BIO *p7bio = NULL;
BIO *tmpin, *tmpout; BIO *tmpin = NULL, *tmpout = NULL;
@@ -365,9 +366,14 @@ @@ -275,12 +276,6 @@
return 0;
}
- /* Check for data and content: two sets of data */
- if (!PKCS7_get_detached(p7) && indata) {
- PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
- return 0;
- }
-
sinfos = PKCS7_get_signer_info(p7);
if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
@@ -355,9 +350,14 @@
} else } else
tmpout = out; tmpout = out;
@ -101,17 +114,17 @@ diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
if (i <= 0) if (i <= 0)
break; break;
if (tmpout) if (tmpout)
@@ -406,6 +412,10 @@ @@ -394,6 +394,10 @@
}
BIO_free_all(p7bio); BIO_free_all(p7bio);
sk_X509_free(signers); sk_X509_free(signers);
+ +
+ if (buf != NULL) { + if (buf != NULL) {
+ OPENSSL_free(buf); + OPENSSL_free(buf);
+ } + }
return ret; return ret;
} }
diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c
--- crypto/rand/rand_unix.c Thu Jun 11 21:01:06 2015 --- crypto/rand/rand_unix.c Thu Jun 11 21:01:06 2015
+++ crypto/rand/rand_unix.c Fri Jun 12 10:51:21 2015 +++ crypto/rand/rand_unix.c Fri Jun 12 10:51:21 2015
@ -210,7 +223,7 @@ diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c
diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
--- crypto/x509/x509_vfy.c Thu Jun 11 21:52:58 2015 --- crypto/x509/x509_vfy.c Thu Jun 11 21:52:58 2015
+++ crypto/x509/x509_vfy.c Fri Jun 12 11:29:37 2015 +++ crypto/x509/x509_vfy.c Fri Jun 12 11:29:37 2015
@@ -935,6 +935,8 @@ @@ -940,6 +940,8 @@
ctx->current_crl = crl; ctx->current_crl = crl;
if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
ptime = &ctx->param->check_time; ptime = &ctx->param->check_time;
@ -219,7 +232,7 @@ diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
else else
ptime = NULL; ptime = NULL;
@@ -1658,6 +1660,8 @@ @@ -1663,6 +1665,8 @@
if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
ptime = &ctx->param->check_time; ptime = &ctx->param->check_time;

2
CryptoPkg/Library/OpensslLib/Install.cmd
View File

@ -1,4 +1,4 @@
cd openssl-1.0.2d cd openssl-1.0.2e
copy e_os2.h ..\..\..\Include\openssl copy e_os2.h ..\..\..\Include\openssl
copy crypto\crypto.h ..\..\..\Include\openssl copy crypto\crypto.h ..\..\..\Include\openssl
copy crypto\opensslv.h ..\..\..\Include\openssl copy crypto\opensslv.h ..\..\..\Include\openssl

2
CryptoPkg/Library/OpensslLib/Install.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
cd openssl-1.0.2d cd openssl-1.0.2e
cp e_os2.h ../../../Include/openssl cp e_os2.h ../../../Include/openssl
cp crypto/crypto.h ../../../Include/openssl cp crypto/crypto.h ../../../Include/openssl
cp crypto/opensslv.h ../../../Include/openssl cp crypto/opensslv.h ../../../Include/openssl

2
CryptoPkg/Library/OpensslLib/OpensslLib.inf
View File

@ -20,7 +20,7 @@
MODULE_TYPE = BASE MODULE_TYPE = BASE
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib LIBRARY_CLASS = OpensslLib
DEFINE OPENSSL_PATH = openssl-1.0.2d DEFINE OPENSSL_PATH = openssl-1.0.2e
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
# #

26
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
View File

@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building under UEFI environment.
================================================================================ ================================================================================
OpenSSL-Version OpenSSL-Version
================================================================================ ================================================================================
Current supported OpenSSL version for UEFI Crypto Library is 1.0.2d. Current supported OpenSSL version for UEFI Crypto Library is 1.0.2e.
http://www.openssl.org/source/openssl-1.0.2d.tar.gz http://www.openssl.org/source/openssl-1.0.2e.tar.gz
================================================================================ ================================================================================
HOW to Install Openssl for UEFI Building HOW to Install Openssl for UEFI Building
================================================================================ ================================================================================
1. Download OpenSSL 1.0.2d from official website: 1. Download OpenSSL 1.0.2e from official website:
http://www.openssl.org/source/openssl-1.0.2d.tar.gz http://www.openssl.org/source/openssl-1.0.2e.tar.gz
NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2d.tar.tar. NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2e.tar.tar.
When you do the download, rename the "openssl-1.0.2d.tar.tar" to When you do the download, rename the "openssl-1.0.2e.tar.tar" to
"openssl-1.0.2d.tar.gz" or rename the local downloaded file with ".tar.tar" "openssl-1.0.2e.tar.gz" or rename the local downloaded file with ".tar.tar"
extension to ".tar.gz". extension to ".tar.gz".
2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2d 2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2e
NOTE: If you use WinZip to unpack the openssl source in Windows, please NOTE: If you use WinZip to unpack the openssl source in Windows, please
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options --> uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion"). Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
3. Apply this patch: EDKII_openssl-1.0.2d.patch, and make installation 3. Apply this patch: EDKII_openssl-1.0.2e.patch, and make installation
For Windows Environment: For Windows Environment:
------------------------ ------------------------
1) Make sure the patch utility has been installed in your machine. 1) Make sure the patch utility has been installed in your machine.
Install Cygwin or get the patch utility binary from Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm http://gnuwin32.sourceforge.net/packages/patch.htm
2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2d 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2e
3) patch -p0 -i ..\EDKII_openssl-1.0.2d.patch 3) patch -p0 -i ..\EDKII_openssl-1.0.2e.patch
4) cd .. 4) cd ..
5) Install.cmd 5) Install.cmd
@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment.
----------------------- -----------------------
1) Make sure the patch utility has been installed in your machine. 1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/ Patch utility is available from http://directory.fsf.org/project/patch/
2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2d 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2e
3) patch -p0 -i ../EDKII_openssl-1.0.2d.patch 3) patch -p0 -i ../EDKII_openssl-1.0.2e.patch
4) cd .. 4) cd ..
5) ./Install.sh 5) ./Install.sh