Upstream OpenSSL has released version 1.0.2e with security fixes, and has pulled
the previous version from the download servers. So upgrade our OpensslLib glue
from 1.0.2d to 1.0.2e.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org>
---
CryptoPkg/Library/OpensslLib/{EDKII_openssl-1.0.2d.patch =>
EDKII_openssl-1.0.2e.patch} | 18 +++++++-------
CryptoPkg/Library/OpensslLib/Install.cmd
| 2 +-
CryptoPkg/Library/OpensslLib/Install.sh
| 2 +-
CryptoPkg/Library/OpensslLib/OpensslLib.inf
| 2 +-
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
| 26 ++++++++++----------
5 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2e.patch
similarity index 95%
rename from CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
rename to CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2e.patch
index 6be397b8b959..e4a85bf95df3 100644
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2e.patch
@@ -16,7 +16,7 @@ diff U3 crypto/bio/bio.h crypto/bio/bio.h
diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c
--- crypto/bio/bss_file.c Thu Jun 11 21:01:06 2015
+++ crypto/bio/bss_file.c Fri Jun 12 11:01:28 2015
-@@ -460,6 +460,23 @@
+@@ -467,6 +467,23 @@
return (ret);
}
@@ -83,9 +83,9 @@ diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
+ char *buf = NULL;
+ int bufsiz;
int i, j = 0, k, ret = 0;
- BIO *p7bio;
- BIO *tmpin, *tmpout;
-@@ -365,9 +366,14 @@
+ BIO *p7bio = NULL;
+ BIO *tmpin = NULL, *tmpout = NULL;
+@@ -355,9 +356,14 @@
} else
tmpout = out;
@@ -101,17 +101,17 @@ diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
if (i <= 0)
break;
if (tmpout)
-@@ -406,6 +412,10 @@
+@@ -394,6 +400,10 @@
+ }
BIO_free_all(p7bio);
-
sk_X509_free(signers);
+
+ if (buf != NULL) {
+ OPENSSL_free(buf);
+ }
-
return ret;
}
+
diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c
--- crypto/rand/rand_unix.c Thu Jun 11 21:01:06 2015
+++ crypto/rand/rand_unix.c Fri Jun 12 10:51:21 2015
@@ -210,7 +210,7 @@ diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c
diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
--- crypto/x509/x509_vfy.c Thu Jun 11 21:52:58 2015
+++ crypto/x509/x509_vfy.c Fri Jun 12 11:29:37 2015
-@@ -935,6 +935,8 @@
+@@ -940,6 +940,8 @@
ctx->current_crl = crl;
if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
ptime = &ctx->param->check_time;
@@ -219,7 +219,7 @@ diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
else
ptime = NULL;
-@@ -1658,6 +1660,8 @@
+@@ -1663,6 +1665,8 @@
if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
ptime = &ctx->param->check_time;
diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd
b/CryptoPkg/Library/OpensslLib/Install.cmd
index ef0a4bdcebc9..b9b6fc6f7094 100755
--- a/CryptoPkg/Library/OpensslLib/Install.cmd
+++ b/CryptoPkg/Library/OpensslLib/Install.cmd
@@ -1,4 +1,4 @@
-cd openssl-1.0.2d
+cd openssl-1.0.2e
copy e_os2.h ..\..\..\Include\openssl
copy crypto\crypto.h ..\..\..\Include\openssl
copy crypto\opensslv.h ..\..\..\Include\openssl
diff --git a/CryptoPkg/Library/OpensslLib/Install.sh
b/CryptoPkg/Library/OpensslLib/Install.sh
index 877e775b81af..543439529448 100755
--- a/CryptoPkg/Library/OpensslLib/Install.sh
+++ b/CryptoPkg/Library/OpensslLib/Install.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-cd openssl-1.0.2d
+cd openssl-1.0.2e
cp e_os2.h ../../../Include/openssl
cp crypto/crypto.h ../../../Include/openssl
cp crypto/opensslv.h ../../../Include/openssl
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index a6d511e83922..a1dcc3257fa8 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -20,7 +20,7 @@ [Defines]
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
- DEFINE OPENSSL_PATH = openssl-1.0.2d
+ DEFINE OPENSSL_PATH = openssl-1.0.2e
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT
-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
#
diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
index 59e74ee9b0d9..f575d7147bdf 100644
--- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
+++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
@@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building under
UEFI environment.
================================================================================
OpenSSL-Version
================================================================================
- Current supported OpenSSL version for UEFI Crypto Library is 1.0.2d.
- http://www.openssl.org/source/openssl-1.0.2d.tar.gz
+ Current supported OpenSSL version for UEFI Crypto Library is 1.0.2e.
+ http://www.openssl.org/source/openssl-1.0.2e.tar.gz
================================================================================
HOW to Install Openssl for UEFI Building
================================================================================
-1. Download OpenSSL 1.0.2d from official website:
- http://www.openssl.org/source/openssl-1.0.2d.tar.gz
+1. Download OpenSSL 1.0.2e from official website:
+ http://www.openssl.org/source/openssl-1.0.2e.tar.gz
- NOTE: Some web browsers may rename the downloaded TAR file to
openssl-1.0.2d.tar.tar.
- When you do the download, rename the "openssl-1.0.2d.tar.tar" to
- "openssl-1.0.2d.tar.gz" or rename the local downloaded file with
".tar.tar"
+ NOTE: Some web browsers may rename the downloaded TAR file to
openssl-1.0.2e.tar.tar.
+ When you do the download, rename the "openssl-1.0.2e.tar.tar" to
+ "openssl-1.0.2e.tar.gz" or rename the local downloaded file with
".tar.tar"
extension to ".tar.gz".
-2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2d
+2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2e
NOTE: If you use WinZip to unpack the openssl source in Windows, please
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
Configuration --> Miscellaneous --> "TAR file smart CR/LF
conversion").
-3. Apply this patch: EDKII_openssl-1.0.2d.patch, and make installation
+3. Apply this patch: EDKII_openssl-1.0.2e.patch, and make installation
For Windows Environment:
------------------------
1) Make sure the patch utility has been installed in your machine.
Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm
- 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2d
- 3) patch -p0 -i ..\EDKII_openssl-1.0.2d.patch
+ 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2e
+ 3) patch -p0 -i ..\EDKII_openssl-1.0.2e.patch
4) cd ..
5) Install.cmd
@@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under
UEFI environment.
-----------------------
1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/
- 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2d
- 3) patch -p0 -i ../EDKII_openssl-1.0.2d.patch
+ 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2e
+ 3) patch -p0 -i ../EDKII_openssl-1.0.2e.patch
4) cd ..
5) ./Install.sh
--
1.9.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
