On 02/18/16 09:44, Long, Qin wrote: > Thanks for raising this, Laszlo. > > Exactly, the posted patch series from David also included one 1.0.2f > enabling. The patch series will bring one direct / smooth supports for > EDKII-CryptoPkg with some patch integration in both EDKII and OpenSSL sides, > and also introduce some source generation mechanism for more native build > support. > > I will work on more validations based on David's post, and also work with > David on other possible updates (e.g. include file issue). This may need some > extra times. > > Before all patches were integrated, my plan is to have one 1.0.2f upgrade > firstly based on my last patch, which will not change any build process, and > just to catch the latest release for some requirements. > > (David, apology for my late feedback to your patch post.) > > Let me know if any concerns.
Works for me if it works for David. Thanks Laszlo > > > Best Regards & Thanks, > LONG, Qin > >> -----Original Message----- >> From: Laszlo Ersek [mailto:ler...@redhat.com] >> Sent: Thursday, February 18, 2016 4:00 PM >> To: Ye, Ting; Long, Qin; edk2-devel@lists.01.org; David Woodhouse >> Subject: Re: [edk2] [Patch] CryptoPkg/OpensslLib: Upgrade OpenSSL version >> to 1.0.2f >> >> On 02/18/16 06:59, Ye, Ting wrote: >>> Looks good to me. >>> >>> Reviewed-by: Ye Ting <ting...@intel.com> >> >> For now: >> >> Nacked-by: Laszlo Ersek <ler...@redhat.com> >> >> This is only a technical NACK -- I'd just like to make everyone aware that >> David has concurrently posted a patch series, that does the same, and >> significantly more: >> >> EDK2 vs. OpenSSL HEAD update >> http://thread.gmane.org/gmane.comp.bios.edk2.devel/7716 >> >> (In particular see [edk2] [PATCH 5/7] CryptoPkg/OpensslLib: Update to >> OpenSSL 1.0.2f.) >> >> We should figure out which of the two is the way forward -- before that >> happens, this patch should not be pushed. >> >> (I know Qin Long is aware of David's posting: David CC'd Qin Long. >> Still, let's connect the threads like this.) >> >> Thanks >> Laszlo >> >> >> >>> -----Original Message----- >>> From: Long, Qin >>> Sent: Thursday, February 18, 2016 12:33 AM >>> To: edk2-devel@lists.01.org; Ye, Ting >>> Subject: [Patch] CryptoPkg/OpensslLib: Upgrade OpenSSL version to >>> 1.0.2f >>> >>> OpenSSL has released version 1.0.2f with two security fixes >>> (http://www.openssl.org/news/secadv/20160128.txt) at 28-Jan-2016. >>> Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to catch >> the latest release 1.0.2f. >>> (NOTE: The patch file was just re-generated, and no new source >>> changes was introduced for 1.0.2f enabling) >>> >>> Contributed-under: TianoCore Contribution Agreement 1.0 >>> Signed-off-by: Qin Long <qin.l...@intel.com> >>> CC: Ting Ye <ting...@intel.com> >>> --- >>> ...ssl-1.0.2e.patch => EDKII_openssl-1.0.2f.patch} | 63 +++++++++++-------- >> --- >>> CryptoPkg/Library/OpensslLib/Install.cmd | 2 +- >>> CryptoPkg/Library/OpensslLib/Install.sh | 2 +- >>> CryptoPkg/Library/OpensslLib/OpensslLib.inf | 4 +- >>> CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 26 ++++----- >>> 5 files changed, 48 insertions(+), 49 deletions(-) rename >>> CryptoPkg/Library/OpensslLib/{EDKII_openssl-1.0.2e.patch => >>> EDKII_openssl-1.0.2f.patch} (89%) >>> >>> diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2e.patch >>> b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2f.patch >>> similarity index 89% >>> rename from CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2e.patch >>> rename to CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2f.patch >>> index e4eaff6..c42b776 100644 >>> --- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2e.patch >>> +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2f.patch >>> @@ -1,7 +1,7 @@ >>> diff U3 crypto/bio/bio.h crypto/bio/bio.h >>> ---- crypto/bio/bio.h Thu Jun 11 21:50:12 2015 >>> -+++ crypto/bio/bio.h Fri Jun 12 11:00:52 2015 >>> -@@ -646,10 +646,10 @@ >>> +--- crypto/bio/bio.h Thu Jan 28 21:56:08 2016 >>> ++++ crypto/bio/bio.h Wed Feb 17 16:43:40 2016 >>> +@@ -650,10 +650,10 @@ >>> int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, >>> asn1_ps_func **psuffix_free); >>> >>> @@ -14,8 +14,8 @@ diff U3 crypto/bio/bio.h crypto/bio/bio.h >>> # endif >>> BIO *BIO_new(BIO_METHOD *type); >>> diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c >>> ---- crypto/bio/bss_file.c Thu Jun 11 21:01:06 2015 >>> -+++ crypto/bio/bss_file.c Fri Jun 12 11:01:28 2015 >>> +--- crypto/bio/bss_file.c Thu Jan 28 21:38:30 2016 >>> ++++ crypto/bio/bss_file.c Wed Feb 17 16:01:02 2016 >>> @@ -467,6 +467,23 @@ >>> return (ret); >>> } >>> @@ -41,8 +41,8 @@ diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c >>> >>> #endif /* HEADER_BSS_FILE_C */ >>> diff U3 crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c >>> ---- crypto/dh/dh_pmeth.c Thu Jun 11 21:50:12 2015 >>> -+++ crypto/dh/dh_pmeth.c Fri Jun 12 11:08:48 2015 >>> +--- crypto/dh/dh_pmeth.c Thu Jan 28 21:56:08 2016 >>> ++++ crypto/dh/dh_pmeth.c Wed Feb 17 16:15:58 2016 >>> @@ -449,6 +449,9 @@ >>> *keylen = ret; >>> return 1; >>> @@ -62,8 +62,8 @@ diff U3 crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c >>> return 1; >>> } >>> diff U3 crypto/pem/pem.h crypto/pem/pem.h >>> ---- crypto/pem/pem.h Thu Jun 11 21:50:12 2015 >>> -+++ crypto/pem/pem.h Fri Jun 12 10:58:18 2015 >>> +--- crypto/pem/pem.h Thu Jan 28 21:56:08 2016 >>> ++++ crypto/pem/pem.h Wed Feb 17 15:56:26 2016 >>> @@ -324,6 +324,7 @@ >>> >>> # define DECLARE_PEM_read_fp(name, type) /**/ @@ -73,8 +73,8 @@ >> diff U3 crypto/pem/pem.h crypto/pem/pem.h >>> # else >>> >>> diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c >>> ---- crypto/pkcs7/pk7_smime.c Thu Jun 11 21:01:06 2015 >>> -+++ crypto/pkcs7/pk7_smime.c Fri Jun 12 11:23:38 2015 >>> +--- crypto/pkcs7/pk7_smime.c Thu Jan 28 21:56:08 2016 >>> ++++ crypto/pkcs7/pk7_smime.c Wed Feb 17 16:22:45 2016 >>> @@ -254,7 +254,8 @@ >>> STACK_OF(PKCS7_SIGNER_INFO) *sinfos; >>> PKCS7_SIGNER_INFO *si; >>> @@ -114,20 +114,19 @@ diff U3 crypto/pkcs7/pk7_smime.c >> crypto/pkcs7/pk7_smime.c >>> if (i <= 0) >>> break; >>> if (tmpout) >>> -@@ -394,6 +394,10 @@ >>> +@@ -394,6 +394,9 @@ >>> } >>> BIO_free_all(p7bio); >>> sk_X509_free(signers); >>> -+ >>> + if (buf != NULL) { >>> -+ OPENSSL_free(buf); >>> ++ OPENSSL_free(buf); >>> + } >>> return ret; >>> } >>> >>> diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c >>> ---- crypto/rand/rand_unix.c Thu Jun 11 21:01:06 2015 >>> -+++ crypto/rand/rand_unix.c Fri Jun 12 10:51:21 2015 >>> +--- crypto/rand/rand_unix.c Thu Jan 28 21:38:32 2016 >>> ++++ crypto/rand/rand_unix.c Wed Feb 17 15:40:02 2016 >>> @@ -116,7 +116,7 @@ >>> #include <openssl/rand.h> >>> #include "rand_lcl.h" >>> @@ -147,8 +146,8 @@ diff U3 crypto/rand/rand_unix.c >> crypto/rand/rand_unix.c >>> { >>> return 0; >>> diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c >>> ---- crypto/rsa/rsa_ameth.c Thu Jun 11 21:50:12 2015 >>> -+++ crypto/rsa/rsa_ameth.c Fri Jun 12 10:45:38 2015 >>> +--- crypto/rsa/rsa_ameth.c Thu Jan 28 21:56:08 2016 >>> ++++ crypto/rsa/rsa_ameth.c Wed Feb 17 15:09:46 2016 >>> @@ -68,10 +68,12 @@ >>> #endif >>> #include "asn1_locl.h" >>> @@ -221,8 +220,8 @@ diff U3 crypto/rsa/rsa_ameth.c >> crypto/rsa/rsa_ameth.c >>> const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { >>> { >>> diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c >>> ---- crypto/x509/x509_vfy.c Thu Jun 11 21:52:58 2015 >>> -+++ crypto/x509/x509_vfy.c Fri Jun 12 11:29:37 2015 >>> +--- crypto/x509/x509_vfy.c Thu Jan 28 21:56:08 2016 >>> ++++ crypto/x509/x509_vfy.c Wed Feb 17 16:09:58 2016 >>> @@ -940,6 +940,8 @@ >>> ctx->current_crl = crl; >>> if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) @@ -242,8 >> +241,8 @@ diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c >>> ptime = NULL; >>> >>> diff U3 crypto/x509/x509_vfy.h crypto/x509/x509_vfy.h >>> ---- crypto/x509/x509_vfy.h Thu Jul 09 19:57:16 2015 >>> -+++ crypto/x509/x509_vfy.h Thu Oct 29 14:05:57 2015 >>> +--- crypto/x509/x509_vfy.h Thu Jan 28 21:56:08 2016 >>> ++++ crypto/x509/x509_vfy.h Wed Feb 17 16:08:18 2016 >>> @@ -438,6 +438,8 @@ >>> * will force the behaviour to match that of previous versions. >>> */ >>> @@ -254,8 +253,8 @@ diff U3 crypto/x509/x509_vfy.h >> crypto/x509/x509_vfy.h >>> # define X509_VP_FLAG_DEFAULT 0x1 >>> # define X509_VP_FLAG_OVERWRITE 0x2 >>> diff U3 crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h >>> ---- crypto/x509v3/ext_dat.h Thu Jun 11 21:50:12 2015 >>> -+++ crypto/x509v3/ext_dat.h Fri Jun 12 11:11:03 2015 >>> +--- crypto/x509v3/ext_dat.h Thu Jan 28 21:56:08 2016 >>> ++++ crypto/x509v3/ext_dat.h Wed Feb 17 16:13:30 2016 >>> @@ -127,8 +127,10 @@ >>> &v3_idp, >>> &v3_alt[2], >>> @@ -268,8 +267,8 @@ diff U3 crypto/x509v3/ext_dat.h >>> crypto/x509v3/ext_dat.h >>> >>> /* Number of standard extensions */ >>> diff U3 crypto/crypto.h crypto/crypto.h >>> ---- crypto/crypto.h Thu Jun 11 21:01:06 2015 >>> -+++ crypto/crypto.h Fri Jun 12 11:33:27 2015 >>> +--- crypto/crypto.h Thu Jan 28 21:38:30 2016 >>> ++++ crypto/crypto.h Wed Feb 17 16:33:00 2016 >>> @@ -235,15 +235,15 @@ >>> # ifndef OPENSSL_NO_LOCKING >>> # ifndef CRYPTO_w_lock >>> @@ -353,8 +352,8 @@ diff U3 crypto/crypto.h crypto/crypto.h >>> >>> # else >>> diff U3 crypto/opensslconf.h crypto/opensslconf.h >>> ---- crypto/opensslconf.h Thu Jun 11 21:55:38 2015 >>> -+++ crypto/opensslconf.h Fri Jun 12 10:28:27 2015 >>> +--- crypto/opensslconf.h Thu Jan 28 21:57:22 2016 >>> ++++ crypto/opensslconf.h Wed Feb 17 14:58:26 2016 >>> @@ -5,15 +5,72 @@ >>> extern "C" { >>> #endif >>> @@ -675,8 +674,8 @@ diff U3 crypto/opensslconf.h crypto/opensslconf.h >>> #undef BN_LLONG >>> >>> diff U3 e_os.h e_os.h >>> ---- e_os.h Thu Jul 09 19:57:16 2015 >>> -+++ e_os.h Thu Oct 29 16:54:10 2015 >>> +--- e_os.h Thu Jan 28 21:56:08 2016 >>> ++++ e_os.h Wed Feb 17 15:52:08 2016 >>> @@ -136,7 +136,7 @@ >>> # define MSDOS >>> # endif >>> @@ -687,8 +686,8 @@ diff U3 e_os.h e_os.h >>> # endif >>> >>> diff U3 e_os2.h e_os2.h >>> ---- e_os2.h Thu Jul 09 19:57:16 2015 >>> -+++ e_os2.h Thu Oct 29 15:08:19 2015 >>> +--- e_os2.h Thu Jan 28 21:56:08 2016 >>> ++++ e_os2.h Wed Feb 17 15:53:08 2016 >>> @@ -97,7 +97,14 @@ >>> * For 32 bit environment, there seems to be the CygWin environment >> and then >>> * all the others that try to do the same thing Microsoft does... >>> diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd >>> b/CryptoPkg/Library/OpensslLib/Install.cmd >>> index b9b6fc6..a96501c 100755 >>> --- a/CryptoPkg/Library/OpensslLib/Install.cmd >>> +++ b/CryptoPkg/Library/OpensslLib/Install.cmd >>> @@ -1,4 +1,4 @@ >>> -cd openssl-1.0.2e >>> +cd openssl-1.0.2f >>> copy e_os2.h ..\..\..\Include\openssl >>> copy crypto\crypto.h ..\..\..\Include\openssl >>> copy crypto\opensslv.h ..\..\..\Include\openssl >>> diff --git a/CryptoPkg/Library/OpensslLib/Install.sh >>> b/CryptoPkg/Library/OpensslLib/Install.sh >>> index 5434395..76648cd 100755 >>> --- a/CryptoPkg/Library/OpensslLib/Install.sh >>> +++ b/CryptoPkg/Library/OpensslLib/Install.sh >>> @@ -1,6 +1,6 @@ >>> #!/bin/sh >>> >>> -cd openssl-1.0.2e >>> +cd openssl-1.0.2f >>> cp e_os2.h ../../../Include/openssl >>> cp crypto/crypto.h ../../../Include/openssl >>> cp crypto/opensslv.h ../../../Include/openssl >>> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf >>> b/CryptoPkg/Library/OpensslLib/OpensslLib.inf >>> index 54ac055..9b6e860 100644 >>> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf >>> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf >>> @@ -1,7 +1,7 @@ >>> ## @file >>> # This module provides openSSL Library implementation. >>> # >>> -# Copyright (c) 2010 - 2015, Intel Corporation. All rights >>> reserved.<BR> >>> +# Copyright (c) 2010 - 2016, Intel Corporation. All rights >>> +reserved.<BR> >>> # This program and the accompanying materials # are licensed and made >> available under the terms and conditions of the BSD License # which >> accompanies this distribution. The full text of the license may be found at >> @@ -20,7 +20,7 @@ >>> MODULE_TYPE = BASE >>> VERSION_STRING = 1.0 >>> LIBRARY_CLASS = OpensslLib >>> - DEFINE OPENSSL_PATH = openssl-1.0.2e >>> + DEFINE OPENSSL_PATH = openssl-1.0.2f >>> DEFINE OPENSSL_FLAGS = -DL_ENDIAN - >> DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE - >> D_CRT_NONSTDC_NO_DEPRECATE >>> >>> # >>> diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt >>> b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt >>> index f575d71..433f626 100644 >>> --- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt >>> +++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt >>> @@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building >> under UEFI environment. >>> >> ========================================================== >> ====================== >>> OpenSSL-Version >>> >> ========================================================== >> ============ >>> ========== >>> - Current supported OpenSSL version for UEFI Crypto Library is 1.0.2e. >>> - http://www.openssl.org/source/openssl-1.0.2e.tar.gz >>> + Current supported OpenSSL version for UEFI Crypto Library is 1.0.2f. >>> + http://www.openssl.org/source/openssl-1.0.2f.tar.gz >>> >>> >>> >> ========================================================== >> ====================== >>> HOW to Install Openssl for UEFI Building >>> >> ========================================================== >> ============ >>> ========== -1. Download OpenSSL 1.0.2e from official website: >>> - http://www.openssl.org/source/openssl-1.0.2e.tar.gz >>> +1. Download OpenSSL 1.0.2f from official website: >>> + http://www.openssl.org/source/openssl-1.0.2f.tar.gz >>> >>> - NOTE: Some web browsers may rename the downloaded TAR file to >> openssl-1.0.2e.tar.tar. >>> - When you do the download, rename the "openssl-1.0.2e.tar.tar" to >>> - "openssl-1.0.2e.tar.gz" or rename the local downloaded file with >> ".tar.tar" >>> + NOTE: Some web browsers may rename the downloaded TAR file to >> openssl-1.0.2f.tar.tar. >>> + When you do the download, rename the "openssl-1.0.2f.tar.tar" to >>> + "openssl-1.0.2f.tar.gz" or rename the local downloaded file with >> ".tar.tar" >>> extension to ".tar.gz". >>> >>> -2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2e >>> +2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2f >>> >>> NOTE: If you use WinZip to unpack the openssl source in Windows, >> please >>> uncheck the WinZip smart CR/LF conversion option (WINZIP: >>> Options - >> -> >>> Configuration --> Miscellaneous --> "TAR file smart CR/LF >> conversion"). >>> >>> -3. Apply this patch: EDKII_openssl-1.0.2e.patch, and make >>> installation >>> +3. Apply this patch: EDKII_openssl-1.0.2f.patch, and make >>> +installation >>> >>> For Windows Environment: >>> ------------------------ >>> 1) Make sure the patch utility has been installed in your machine. >>> Install Cygwin or get the patch utility binary from >>> http://gnuwin32.sourceforge.net/packages/patch.htm >>> - 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2e >>> - 3) patch -p0 -i ..\EDKII_openssl-1.0.2e.patch >>> + 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2f >>> + 3) patch -p0 -i ..\EDKII_openssl-1.0.2f.patch >>> 4) cd .. >>> 5) Install.cmd >>> >>> @@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building >> under UEFI environment. >>> ----------------------- >>> 1) Make sure the patch utility has been installed in your machine. >>> Patch utility is available from >>> http://directory.fsf.org/project/patch/ >>> - 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2e >>> - 3) patch -p0 -i ../EDKII_openssl-1.0.2e.patch >>> + 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2f >>> + 3) patch -p0 -i ../EDKII_openssl-1.0.2f.patch >>> 4) cd .. >>> 5) ./Install.sh >>> >>> -- >>> 2.7.0.windows.1 >>> >>> _______________________________________________ >>> edk2-devel mailing list >>> edk2-devel@lists.01.org >>> https://lists.01.org/mailman/listinfo/edk2-devel >>> > _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel