tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2g 

OpenSSL 1.0.2g was released with several severity fixes at
01-Mar-2016(https://www.openssl.org/news/secadv/20160301.txt).
Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to
catch the latest release 1.0.2g.
(NOTE: RT4175 from David Woodhouse was included in 1.0.2g. The
       new-generated patch will remove this part. And the line
       endings were still kept as before in this version for
       consistency)

CC: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
This commit is contained in:
Qin Long 2016-03-11 13:57:18 -08:00
parent f6326d1fba
commit ec3a1a11dc
7 changed files with 56 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CryptoPkg/CryptoPkg.dec
View File

@ -24,7 +24,7 @@
[Includes] [Includes]
Include Include
Library/OpensslLib/openssl-1.0.2f/include Library/OpensslLib/openssl-1.0.2g/include
[LibraryClasses] [LibraryClasses]
## @libraryclass Provides basic library functions for cryptographic primitives. ## @libraryclass Provides basic library functions for cryptographic primitives.

95
CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2f.patch → CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2g.patch
View File

@ -1,8 +1,8 @@
diff --git a/Configure b/Configure diff --git a/Configure b/Configure
index 4a715dc..b4a4781 100755 index c98107a..c122709 100755
--- a/Configure --- a/Configure
+++ b/Configure +++ b/Configure
@@ -605,6 +605,9 @@ my %table=( @@ -609,6 +609,9 @@ my %table=(
# with itself, Applink is never engaged and can as well be omitted. # with itself, Applink is never engaged and can as well be omitted.
"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
@ -12,7 +12,7 @@ index 4a715dc..b4a4781 100755
# UWIN # UWIN
"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
@@ -1082,7 +1085,7 @@ if (defined($disabled{"tls1"})) @@ -1088,7 +1091,7 @@ if (defined($disabled{"tls1"}))
} }
if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
@ -22,7 +22,7 @@ index 4a715dc..b4a4781 100755
$disabled{"gost"} = "forced"; $disabled{"gost"} = "forced";
} }
diff --git a/apps/apps.c b/apps/apps.c diff --git a/apps/apps.c b/apps/apps.c
index 2e77805..e21e759 100644 index b1dd970..8278c28 100644
--- a/apps/apps.c --- a/apps/apps.c
+++ b/apps/apps.c +++ b/apps/apps.c
@@ -2374,6 +2374,8 @@ int args_verify(char ***pargs, int *pargc, @@ -2374,6 +2374,8 @@ int args_verify(char ***pargs, int *pargc,
@ -462,7 +462,7 @@ index c042cf2..a25b636 100644
} }
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index c9f674b..39ead7f 100644 index 1925428..da4b34d 100644
--- a/crypto/cryptlib.c --- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c +++ b/crypto/cryptlib.c
@@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void) @@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void)
@ -525,7 +525,7 @@ index c9f674b..39ead7f 100644
} }
+#endif +#endif
int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) int CRYPTO_memcmp(const volatile void *in_a, const volatile void *in_b, size_t len)
{ {
diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h
index fba180a..3e3ea5e 100644 index fba180a..3e3ea5e 100644
@ -542,7 +542,7 @@ index fba180a..3e3ea5e 100644
#ifdef __cplusplus #ifdef __cplusplus
diff --git a/crypto/crypto.h b/crypto/crypto.h diff --git a/crypto/crypto.h b/crypto/crypto.h
index c450d7a..063d78e 100644 index 6c644ce..bea4ca1 100644
--- a/crypto/crypto.h --- a/crypto/crypto.h
+++ b/crypto/crypto.h +++ b/crypto/crypto.h
@@ -235,15 +235,15 @@ typedef struct openssl_item_st { @@ -235,15 +235,15 @@ typedef struct openssl_item_st {
@ -656,7 +656,7 @@ index 46fa5ac..cc366ec 100644
dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index 5498a9d..4a5c665 100644 index a5bd901..6488879 100644
--- a/crypto/dh/dh.h --- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h +++ b/crypto/dh/dh.h
@@ -240,11 +240,13 @@ DH *DH_get_1024_160(void); @@ -240,11 +240,13 @@ DH *DH_get_1024_160(void);
@ -1021,7 +1021,7 @@ index 5747c73..fe465cc 100644
* These functions write a private key in PKCS#8 format: it is a "drop in" * These functions write a private key in PKCS#8 format: it is a "drop in"
* replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc' * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index c4d3724..0bc3d43 100644 index dc9b484..0bc3d43 100644
--- a/crypto/pkcs7/pk7_smime.c --- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c
@@ -64,6 +64,9 @@ @@ -64,6 +64,9 @@
@ -1043,37 +1043,7 @@ index c4d3724..0bc3d43 100644
int i, j = 0, k, ret = 0; int i, j = 0, k, ret = 0;
BIO *p7bio = NULL; BIO *p7bio = NULL;
BIO *tmpin = NULL, *tmpout = NULL; BIO *tmpin = NULL, *tmpout = NULL;
@@ -274,12 +277,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, @@ -373,8 +376,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
return 0;
}
+#if 0
+ /*
+ * NB: this test commented out because some versions of Netscape
+ * illegally include zero length content when signing data. Also
+ * Microsoft Authenticode includes a SpcIndirectDataContent data
+ * structure which describes the content to be protected by the
+ * signature, rather than directly embedding that content. So
+ * Authenticode implementations are also expected to use
+ * PKCS7_verify() with explicit external data, on non-detached
+ * PKCS#7 signatures.
+ *
+ * In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been
+ * introduced to disable this sanity check. For the 1.0.2 branch
+ * this change is not acceptable, so the check remains completely
+ * commented out (as it has been for a long time).
+ */
/* Check for data and content: two sets of data */
if (!PKCS7_get_detached(p7) && indata) {
PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
return 0;
}
+#endif
sinfos = PKCS7_get_signer_info(p7);
@@ -356,8 +376,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
tmpout = out; tmpout = out;
/* We now have to 'read' from p7bio to calculate digests etc. */ /* We now have to 'read' from p7bio to calculate digests etc. */
@ -1087,7 +1057,7 @@ index c4d3724..0bc3d43 100644
if (i <= 0) if (i <= 0)
break; break;
if (tmpout) if (tmpout)
@@ -388,6 +412,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, @@ -405,6 +412,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
ret = 1; ret = 1;
err: err:
@ -1095,7 +1065,7 @@ index c4d3724..0bc3d43 100644
if (tmpin == indata) { if (tmpin == indata) {
if (indata) if (indata)
BIO_pop(p7bio); BIO_pop(p7bio);
@@ -506,7 +531,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) @@ -523,7 +531,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
{ {
BIO *tmpmem; BIO *tmpmem;
int ret, i; int ret, i;
@ -1104,7 +1074,7 @@ index c4d3724..0bc3d43 100644
if (!p7) { if (!p7) {
PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER); PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
@@ -550,24 +575,29 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) @@ -567,24 +575,29 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
} }
BIO_free_all(bread); BIO_free_all(bread);
return ret; return ret;
@ -1252,21 +1222,22 @@ index 4e06218..ddead3d 100644
const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
{ {
diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h
index d072536..73b945f 100644 index 028892a..713fc54 100644
--- a/crypto/srp/srp.h --- a/crypto/srp/srp.h
+++ b/crypto/srp/srp.h +++ b/crypto/srp/srp.h
@@ -114,7 +114,9 @@ DECLARE_STACK_OF(SRP_gN) @@ -119,8 +119,9 @@ DECLARE_STACK_OF(SRP_gN)
SRP_VBASE *SRP_VBASE_new(char *seed_key); SRP_VBASE *SRP_VBASE_new(char *seed_key);
int SRP_VBASE_free(SRP_VBASE *vb); int SRP_VBASE_free(SRP_VBASE *vb);
+#ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO
int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
-
+#endif +#endif
/* This method ignores the configured seed and fails for an unknown user. */
SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
char *SRP_create_verifier(const char *user, const char *pass, char **salt, /* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
char **verifier, const char *N, const char *g);
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index a3f1a8a..3fbb186 100644 index 26ad3e0..6be4cf2 100644
--- a/crypto/srp/srp_vfy.c --- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c
@@ -225,6 +225,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id, @@ -225,6 +225,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
@ -1285,7 +1256,7 @@ index a3f1a8a..3fbb186 100644
static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v) static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
{ {
@@ -279,6 +281,7 @@ int SRP_VBASE_free(SRP_VBASE *vb) @@ -297,6 +299,7 @@ int SRP_VBASE_free(SRP_VBASE *vb)
return 0; return 0;
} }
@ -1293,7 +1264,7 @@ index a3f1a8a..3fbb186 100644
static SRP_gN_cache *SRP_gN_new_init(const char *ch) static SRP_gN_cache *SRP_gN_new_init(const char *ch)
{ {
unsigned char tmp[MAX_LEN]; unsigned char tmp[MAX_LEN];
@@ -310,6 +313,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache) @@ -328,6 +331,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache)
BN_free(gN_cache->bn); BN_free(gN_cache->bn);
OPENSSL_free(gN_cache); OPENSSL_free(gN_cache);
} }
@ -1301,7 +1272,7 @@ index a3f1a8a..3fbb186 100644
static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab) static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
{ {
@@ -326,6 +330,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab) @@ -344,6 +348,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
return SRP_get_default_gN(id); return SRP_get_default_gN(id);
} }
@ -1309,13 +1280,13 @@ index a3f1a8a..3fbb186 100644
static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch) static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
{ {
int i; int i;
@@ -467,6 +472,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) @@ -485,6 +490,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
return error_code; return error_code;
} }
+#endif +#endif
SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username)
{ {
diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h
index 16eccbb..a9fe40e 100644 index 16eccbb..a9fe40e 100644
@ -1585,10 +1556,10 @@ index 9ee8f8d..64b052e 100644
+ +
+#endif /* OPENSSL_NO_STDIO */ +#endif /* OPENSSL_NO_STDIO */
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 0429767..7ddc21c 100644 index 4d34dba..25e8a89 100644
--- a/crypto/x509/x509_vfy.c --- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c
@@ -940,6 +940,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) @@ -950,6 +950,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
ctx->current_crl = crl; ctx->current_crl = crl;
if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
ptime = &ctx->param->check_time; ptime = &ctx->param->check_time;
@ -1597,7 +1568,7 @@ index 0429767..7ddc21c 100644
else else
ptime = NULL; ptime = NULL;
@@ -1663,6 +1665,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) @@ -1673,6 +1675,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
ptime = &ctx->param->check_time; ptime = &ctx->param->check_time;
@ -2066,10 +2037,10 @@ index a73f866..d534c0a 100644
/* Add a certificate to a BUF_MEM structure */ /* Add a certificate to a BUF_MEM structure */
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 5478840..c2ad7c9 100644 index 8d3709d..2bb403b 100644
--- a/ssl/ssl_conf.c --- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c
@@ -362,6 +362,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) @@ -370,6 +370,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
} }
@ -2077,7 +2048,7 @@ index 5478840..c2ad7c9 100644
static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value) static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
{ {
int rv = 1; int rv = 1;
@@ -428,7 +429,9 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) @@ -436,7 +437,9 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
BIO_free(in); BIO_free(in);
return rv > 0; return rv > 0;
} }
@ -2088,7 +2059,7 @@ index 5478840..c2ad7c9 100644
typedef struct { typedef struct {
int (*cmd) (SSL_CONF_CTX *cctx, const char *value); int (*cmd) (SSL_CONF_CTX *cctx, const char *value);
const char *str_file; const char *str_file;
@@ -454,12 +457,14 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { @@ -462,12 +465,14 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_STRING(CipherString, "cipher"), SSL_CONF_CMD_STRING(CipherString, "cipher"),
SSL_CONF_CMD_STRING(Protocol, NULL), SSL_CONF_CMD_STRING(Protocol, NULL),
SSL_CONF_CMD_STRING(Options, NULL), SSL_CONF_CMD_STRING(Options, NULL),
@ -2137,10 +2108,10 @@ index baa3b59..1ee3f02 100644
if ($? == 0) if ($? == 0)
{ {
diff --git a/util/libeay.num b/util/libeay.num diff --git a/util/libeay.num b/util/libeay.num
index 7f7487d..13b2e3a 100755 index e5b3c6e..8d4185c 100755
--- a/util/libeay.num --- a/util/libeay.num
+++ b/util/libeay.num +++ b/util/libeay.num
@@ -4368,7 +4368,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH @@ -4370,7 +4370,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH
ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA
CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS
CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS

2
CryptoPkg/Library/OpensslLib/Install.cmd
View File

@ -1,4 +1,4 @@
cd openssl-1.0.2f cd openssl-1.0.2g
copy ..\opensslconf.h crypto copy ..\opensslconf.h crypto
if not exist include\openssl mkdir include\openssl if not exist include\openssl mkdir include\openssl
copy e_os2.h include\openssl copy e_os2.h include\openssl

2
CryptoPkg/Library/OpensslLib/Install.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
cd openssl-1.0.2f cd openssl-1.0.2g
cp ../opensslconf.h crypto cp ../opensslconf.h crypto
mkdir -p include/openssl mkdir -p include/openssl
cp e_os2.h include/openssl cp e_os2.h include/openssl

2
CryptoPkg/Library/OpensslLib/OpensslLib.inf
View File

@ -20,7 +20,7 @@
MODULE_TYPE = BASE MODULE_TYPE = BASE
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib LIBRARY_CLASS = OpensslLib
DEFINE OPENSSL_PATH = openssl-1.0.2f DEFINE OPENSSL_PATH = openssl-1.0.2g
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
# #

26
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
View File

@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building under UEFI environment.
================================================================================ ================================================================================
OpenSSL-Version OpenSSL-Version
================================================================================ ================================================================================
Current supported OpenSSL version for UEFI Crypto Library is 1.0.2f. Current supported OpenSSL version for UEFI Crypto Library is 1.0.2g.
http://www.openssl.org/source/openssl-1.0.2f.tar.gz http://www.openssl.org/source/openssl-1.0.2g.tar.gz
================================================================================ ================================================================================
HOW to Install Openssl for UEFI Building HOW to Install Openssl for UEFI Building
================================================================================ ================================================================================
1. Download OpenSSL 1.0.2f from official website: 1. Download OpenSSL 1.0.2g from official website:
http://www.openssl.org/source/openssl-1.0.2f.tar.gz http://www.openssl.org/source/openssl-1.0.2g.tar.gz
NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2f.tar.tar. NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2g.tar.tar.
When you do the download, rename the "openssl-1.0.2f.tar.tar" to When you do the download, rename the "openssl-1.0.2g.tar.tar" to
"openssl-1.0.2f.tar.gz" or rename the local downloaded file with ".tar.tar" "openssl-1.0.2g.tar.gz" or rename the local downloaded file with ".tar.tar"
extension to ".tar.gz". extension to ".tar.gz".
2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2f 2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2g
NOTE: If you use WinZip to unpack the openssl source in Windows, please NOTE: If you use WinZip to unpack the openssl source in Windows, please
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options --> uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion"). Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
3. Apply this patch: EDKII_openssl-1.0.2f.patch, and make installation 3. Apply this patch: EDKII_openssl-1.0.2g.patch, and make installation
For Windows Environment: For Windows Environment:
------------------------ ------------------------
1) Make sure the patch utility has been installed in your machine. 1) Make sure the patch utility has been installed in your machine.
Install Cygwin or get the patch utility binary from Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm http://gnuwin32.sourceforge.net/packages/patch.htm
2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2f 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2g
3) patch -p1 -i ..\EDKII_openssl-1.0.2f.patch 3) patch -p1 -i ..\EDKII_openssl-1.0.2g.patch
4) cd .. 4) cd ..
5) Install.cmd 5) Install.cmd
@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment.
----------------------- -----------------------
1) Make sure the patch utility has been installed in your machine. 1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/ Patch utility is available from http://directory.fsf.org/project/patch/
2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2f 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2g
3) patch -p1 -i ../EDKII_openssl-1.0.2f.patch 3) patch -p1 -i ../EDKII_openssl-1.0.2g.patch
4) cd .. 4) cd ..
5) ./Install.sh 5) ./Install.sh

6
CryptoPkg/Library/OpensslLib/opensslconf.h
View File

@ -155,6 +155,9 @@ extern "C" {
#ifndef OPENSSL_NO_UNIT_TEST #ifndef OPENSSL_NO_UNIT_TEST
# define OPENSSL_NO_UNIT_TEST # define OPENSSL_NO_UNIT_TEST
#endif #endif
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
# define OPENSSL_NO_WEAK_SSL_CIPHERS
#endif
#ifndef OPENSSL_NO_WHIRLPOOL #ifndef OPENSSL_NO_WHIRLPOOL
# define OPENSSL_NO_WHIRLPOOL # define OPENSSL_NO_WHIRLPOOL
#endif #endif
@ -323,6 +326,9 @@ extern "C" {
# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) # if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
# define NO_UNIT_TEST # define NO_UNIT_TEST
# endif # endif
# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS)
# define NO_WEAK_SSL_CIPHERS
# endif
# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL) # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
# define NO_WHIRLPOOL # define NO_WHIRLPOOL
# endif # endif