tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2h 

OpenSSL 1.0.2h was released with several severity fixes at
03-May-2016 (https://www.openssl.org/news/secadv/20160503.txt).
Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to
catch the latest release 1.0.2h.

Cc: Ting Ye <ting.ye@intel.com>
Cc: David Woodhouse <David.Woodhouse@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
Qin Long 2016-07-13 13:27:11 +08:00
parent 6558fd7311
commit 8ff7187cfd
6 changed files with 62 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CryptoPkg/CryptoPkg.dec
View File

@ -24,7 +24,7 @@
[Includes]
Include
Library/OpensslLib/openssl-1.0.2g/include
Library/OpensslLib/openssl-1.0.2h/include
[LibraryClasses]
## @libraryclass Provides basic library functions for cryptographic primitives.

97
CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2g.patch → CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2h.patch
View File

@ -254,7 +254,7 @@ index d5a5514..bede55c 100644
goto err;
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 1d25687..e933ead 100644
index 1d25687..ad641c3 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -131,7 +131,7 @@
@ -277,7 +277,7 @@ index 1d25687..e933ead 100644
+ mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES);
+ if (mods == NULL)
+ goto err;
+ goto err;
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
@ -311,7 +311,7 @@ index 1d25687..e933ead 100644
again:
diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
index 8d926d5..41cf38e 100644
index 8d926d5..c29e97d 100644
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md);
@ -329,9 +329,9 @@ index 8d926d5..41cf38e 100644
long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
const char *name);
void CONF_free(LHASH_OF(CONF_VALUE) *conf);
+#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
+#endif
+# endif
int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
void OPENSSL_config(const char *config_name);
@ -349,9 +349,9 @@ index 8d926d5..41cf38e 100644
char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
long *result);
+#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
int NCONF_dump_fp(const CONF *conf, FILE *out);
+#endif
+# endif
int NCONF_dump_bio(const CONF *conf, BIO *out);
# if 0 /* The following function has no error
@ -359,10 +359,10 @@ index 8d926d5..41cf38e 100644
int CONF_modules_load(const CONF *cnf, const char *appname,
unsigned long flags);
+#ifndef OPENSSL_NO_STDIO
+# ifndef OPENSSL_NO_STDIO
int CONF_modules_load_file(const char *filename, const char *appname,
unsigned long flags);
+#endif
+# endif
void CONF_modules_unload(int all);
void CONF_modules_finish(void);
void CONF_modules_free(void);
@ -684,10 +684,10 @@ index a5bd901..6488879 100644
/* BEGIN ERROR CODES */
/*
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index a882cb2..4eddb9a 100644
index a882cb2..aace5fb 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -51,13 +51,18 @@
@@ -51,6 +51,9 @@
* ====================================================================
*/
@ -697,22 +697,21 @@ index a882cb2..4eddb9a 100644
#include <string.h>
#include <openssl/dh.h>
#include <openssl/evp.h>
#include <openssl/asn1.h>
@@ -58,6 +61,7 @@
#include <openssl/cms.h>
+
/* Key derivation from X9.42/RFC2631 */
+/* Uses CMS functions, hence the #ifdef wrapper. */
#define DH_KDF_MAX (1L << 30)
@@ -185,3 +190,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
@@ -185,3 +189,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
EVP_MD_CTX_cleanup(&mctx);
return rv;
}
+#endif
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index b58e3fa..c6288f6 100644
index b58e3fa..926be98 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
@ -727,7 +726,7 @@ index b58e3fa..c6288f6 100644
return -2;
dctx->kdf_type = p1;
return 1;
@@ -448,7 +452,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
@@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
return ret;
*keylen = ret;
return 1;
@ -735,11 +734,10 @@ index b58e3fa..c6288f6 100644
+ }
+#ifndef OPENSSL_NO_CMS
+ else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
+
unsigned char *Z = NULL;
size_t Zlen = 0;
if (!dctx->kdf_outlen || !dctx->kdf_oid)
@@ -479,7 +486,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
@@ -479,7 +485,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
}
return ret;
}
@ -945,7 +943,7 @@ index 7a1c85d..7162c0f 100644
#undef BN_LLONG
diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
index d3b23fc..87b0b6a 100644
index d3b23fc..5df6ffd 100644
--- a/crypto/pem/pem.h
+++ b/crypto/pem/pem.h
@@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
@ -980,17 +978,16 @@ index d3b23fc..87b0b6a 100644
int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
char *kstr, int klen,
pem_password_cb *cb, void *u);
@@ -510,7 +514,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
@@ -510,6 +514,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
char *kstr, int klen, pem_password_cb *cd,
void *u);
-
+#endif
EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index a29821a..5525efd 100644
index fe881d6..e25cc68 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -84,7 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix);
@ -1003,38 +1000,35 @@ index a29821a..5525efd 100644
* We should not ever call the default callback routine from windows.
*/
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 5747c73..fe465cc 100644
index 5747c73..9edca4d 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -69,10 +69,12 @@
@@ -69,9 +69,11 @@
static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
int nid, const EVP_CIPHER *enc,
char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#ifndef OPENSSL_NO_FP_API
static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
int nid, const EVP_CIPHER *enc,
char *kstr, int klen, pem_password_cb *cb, void *u);
-
+#endif
/*
* These functions write a private key in PKCS#8 format: it is a "drop in"
* replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index dc9b484..0bc3d43 100644
index dc9b484..e75c4b2 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -64,6 +64,9 @@
@@ -64,6 +64,8 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
+
+#define BUFFERSIZE 4096
+
static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
@@ -254,7 +257,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
@@ -254,7 +256,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
@ -1043,7 +1037,7 @@ index dc9b484..0bc3d43 100644
int i, j = 0, k, ret = 0;
BIO *p7bio = NULL;
BIO *tmpin = NULL, *tmpout = NULL;
@@ -373,8 +376,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
@@ -373,8 +375,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
tmpout = out;
/* We now have to 'read' from p7bio to calculate digests etc. */
@ -1057,7 +1051,7 @@ index dc9b484..0bc3d43 100644
if (i <= 0)
break;
if (tmpout)
@@ -405,6 +412,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
@@ -405,6 +411,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
ret = 1;
err:
@ -1065,7 +1059,7 @@ index dc9b484..0bc3d43 100644
if (tmpin == indata) {
if (indata)
BIO_pop(p7bio);
@@ -523,7 +531,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
@@ -523,7 +530,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
{
BIO *tmpmem;
int ret, i;
@ -1074,7 +1068,7 @@ index dc9b484..0bc3d43 100644
if (!p7) {
PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
@@ -567,24 +575,29 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
@@ -567,24 +574,30 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
}
BIO_free_all(bread);
return ret;
@ -1116,6 +1110,7 @@ index dc9b484..0bc3d43 100644
- BIO_free_all(tmpmem);
- return ret;
}
+
+err:
+ OPENSSL_free(buf);
+ BIO_free_all(tmpmem);
@ -1222,20 +1217,19 @@ index 4e06218..ddead3d 100644
const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
{
diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h
index 028892a..713fc54 100644
index 028892a..4ed4bfe 100644
--- a/crypto/srp/srp.h
+++ b/crypto/srp/srp.h
@@ -119,8 +119,9 @@ DECLARE_STACK_OF(SRP_gN)
@@ -119,7 +119,9 @@ DECLARE_STACK_OF(SRP_gN)
SRP_VBASE *SRP_VBASE_new(char *seed_key);
int SRP_VBASE_free(SRP_VBASE *vb);
+#ifndef OPENSSL_NO_STDIO
int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
-
+#endif
/* This method ignores the configured seed and fails for an unknown user. */
SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 26ad3e0..6be4cf2 100644
--- a/crypto/srp/srp_vfy.c
@ -1950,7 +1944,7 @@ index f6b3ff2..1dcbe36 100755
SEED,-
SHA,-
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index d1fc716..d5f661a 100644
index 5d26c94..ee3f49b 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1053,7 +1053,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
@ -2002,15 +1996,14 @@ index 35cc27c..a1f5335 100644
} else {
ret->sid_ctx_length = os.length;
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index a73f866..d534c0a 100644
index f48ebae..ac4f08c 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -855,12 +855,13 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
@@ -857,12 +857,12 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
return (add_client_CA(&(ctx->client_CA), x));
}
+#ifndef OPENSSL_NO_STDIO
+
static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
{
return (X509_NAME_cmp(*a, *b));
@ -2020,7 +2013,7 @@ index a73f866..d534c0a 100644
/**
* Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
* it doesn't really have anything to do with clients (except that a common use
@@ -928,7 +929,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
@@ -930,7 +930,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
ERR_clear_error();
return (ret);
}
@ -2028,7 +2021,7 @@ index a73f866..d534c0a 100644
/**
* Add a file of certs to a stack.
@@ -1048,6 +1048,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
@@ -1050,6 +1049,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
return ret;
}
@ -2108,7 +2101,7 @@ index baa3b59..1ee3f02 100644
if ($? == 0)
{
diff --git a/util/libeay.num b/util/libeay.num
index e5b3c6e..8d4185c 100755
index 2094ab3..992abb2 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -4370,7 +4370,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH
@ -2121,7 +2114,7 @@ index e5b3c6e..8d4185c 100755
EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES
RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
diff --git a/util/mkdef.pl b/util/mkdef.pl
index c57c7f7..d4c3386 100755
index b9b159a..9841498 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -97,6 +97,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
@ -2133,7 +2126,7 @@ index c57c7f7..d4c3386 100755
# RFC3779
"RFC3779",
# TLS
@@ -142,7 +144,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
@@ -144,7 +146,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
@ -2141,8 +2134,8 @@ index c57c7f7..d4c3386 100755
+my $no_sct; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
my $no_unit_test; my $no_ssl3_method;
@@ -233,6 +235,7 @@ foreach (@ARGV, split(/ /, $options))
my $no_unit_test; my $no_ssl3_method; my $no_ssl2_method;
@@ -235,6 +237,7 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-engine$/) { $no_engine=1; }
elsif (/^no-hw$/) { $no_hw=1; }
elsif (/^no-gmp$/) { $no_gmp=1; }
@ -2150,7 +2143,7 @@ index c57c7f7..d4c3386 100755
elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
elsif (/^no-tlsext$/) { $no_tlsext=1; }
elsif (/^no-cms$/) { $no_cms=1; }
@@ -1206,6 +1209,7 @@ sub is_valid
@@ -1209,6 +1212,7 @@ sub is_valid
if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
if ($keyword eq "GMP" && $no_gmp) { return 0; }

2
CryptoPkg/Library/OpensslLib/Install.cmd
View File

@ -1,4 +1,4 @@
cd openssl-1.0.2g
cd openssl-1.0.2h
copy ..\opensslconf.h crypto
if not exist include\openssl mkdir include\openssl
copy e_os2.h include\openssl

2
CryptoPkg/Library/OpensslLib/Install.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh
cd openssl-1.0.2g
cd openssl-1.0.2h
cp ../opensslconf.h crypto
mkdir -p include/openssl
cp e_os2.h include/openssl

2
CryptoPkg/Library/OpensslLib/OpensslLib.inf
View File

@ -20,7 +20,7 @@
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
DEFINE OPENSSL_PATH = openssl-1.0.2g
DEFINE OPENSSL_PATH = openssl-1.0.2h
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
#

26
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
View File

@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building under UEFI environment.
================================================================================
OpenSSL-Version
================================================================================
Current supported OpenSSL version for UEFI Crypto Library is 1.0.2g.
http://www.openssl.org/source/openssl-1.0.2g.tar.gz
Current supported OpenSSL version for UEFI Crypto Library is 1.0.2h.
http://www.openssl.org/source/openssl-1.0.2h.tar.gz
================================================================================
HOW to Install Openssl for UEFI Building
================================================================================
1. Download OpenSSL 1.0.2g from official website:
http://www.openssl.org/source/openssl-1.0.2g.tar.gz
1. Download OpenSSL 1.0.2h from official website:
http://www.openssl.org/source/openssl-1.0.2h.tar.gz
NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2g.tar.tar.
When you do the download, rename the "openssl-1.0.2g.tar.tar" to
"openssl-1.0.2g.tar.gz" or rename the local downloaded file with ".tar.tar"
NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2h.tar.tar.
When you do the download, rename the "openssl-1.0.2h.tar.tar" to
"openssl-1.0.2h.tar.gz" or rename the local downloaded file with ".tar.tar"
extension to ".tar.gz".
2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2g
2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2h
NOTE: If you use WinZip to unpack the openssl source in Windows, please
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
3. Apply this patch: EDKII_openssl-1.0.2g.patch, and make installation
3. Apply this patch: EDKII_openssl-1.0.2h.patch, and make installation
For Windows Environment:
------------------------
1) Make sure the patch utility has been installed in your machine.
Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm
2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2g
3) patch -p1 -i ..\EDKII_openssl-1.0.2g.patch
2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2h
3) patch -p1 -i ..\EDKII_openssl-1.0.2h.patch
4) cd ..
5) Install.cmd
@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment.
-----------------------
1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/
2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2g
3) patch -p1 -i ../EDKII_openssl-1.0.2g.patch
2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2h
3) patch -p1 -i ../EDKII_openssl-1.0.2h.patch
4) cd ..
5) ./Install.sh