[edk2] CryptoPkg: update OpenSSL dependency to version 1.0.2d

Message ID 1436511256-31215-1-git-send-email-ard.biesheuvel@linaro.org
State New
Headers show

Commit Message

Ard Biesheuvel July 10, 2015, 6:54 a.m.
Upstream OpenSSL version 1.0.2c contained a fatal flaw
[CVE-2015-1793] and is no longer available from the openssl.org
download servers. So upgrade to its replacement, version 1.0.2d.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 CryptoPkg/Library/OpensslLib/{EDKII_openssl-1.0.2c.patch => EDKII_openssl-1.0.2d.patch} |  4 +--
 CryptoPkg/Library/OpensslLib/Install.cmd                                                |  2 +-
 CryptoPkg/Library/OpensslLib/Install.sh                                                 |  2 +-
 CryptoPkg/Library/OpensslLib/OpensslLib.inf                                             |  2 +-
 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt                                            | 26 ++++++++++----------
 5 files changed, 18 insertions(+), 18 deletions(-)

Comments

Ard Biesheuvel July 10, 2015, 9:21 a.m. | #1
On 10 July 2015 at 09:53, Ye, Ting <ting.ye@intel.com> wrote:
> Looks good to me.
> Reviewed-by: Ye Ting <ting.ye@intel.com>
>

@Qin: are you ok with this patch? I would like to get it submitted
asap to fix our automated build (it is broken because 1.0.2c is no
longer available for download)

Thanks,
Ard.


> -----Original Message-----
> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
> Sent: Friday, July 10, 2015 2:54 PM
> To: edk2-devel@lists.sourceforge.net; Long, Qin; Dong, Guo; Ye, Ting
> Cc: Justen, Jordan L; Gao, Liming; Ard Biesheuvel
> Subject: [PATCH] CryptoPkg: update OpenSSL dependency to version 1.0.2d
>
> Upstream OpenSSL version 1.0.2c contained a fatal flaw
> [CVE-2015-1793] and is no longer available from the openssl.org
> download servers. So upgrade to its replacement, version 1.0.2d.
>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
>  CryptoPkg/Library/OpensslLib/{EDKII_openssl-1.0.2c.patch => EDKII_openssl-1.0.2d.patch} |  4 +--
>  CryptoPkg/Library/OpensslLib/Install.cmd                                                |  2 +-
>  CryptoPkg/Library/OpensslLib/Install.sh                                                 |  2 +-
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf                                             |  2 +-
>  CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt                                            | 26 ++++++++++----------
>  5 files changed, 18 insertions(+), 18 deletions(-)
>
> diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2c.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
> similarity index 96%
> rename from CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2c.patch
> rename to CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
> index 0d9575e94aef..72e5f3da54c4 100644
> --- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2c.patch
> +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
> @@ -210,7 +210,7 @@ diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c
>  diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
>  --- crypto/x509/x509_vfy.c     Thu Jun 11 21:52:58 2015
>  +++ crypto/x509/x509_vfy.c     Fri Jun 12 11:29:37 2015
> -@@ -1647,6 +1647,10 @@
> +@@ -1653,6 +1653,10 @@
>
>   static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
>   {
> @@ -221,7 +221,7 @@ diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
>       time_t *ptime;
>       int i;
>
> -@@ -1686,6 +1690,7 @@
> +@@ -1692,6 +1696,7 @@
>       }
>
>       return 1;
> diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd b/CryptoPkg/Library/OpensslLib/Install.cmd
> index f8d8582d9ef6..ef0a4bdcebc9 100755
> --- a/CryptoPkg/Library/OpensslLib/Install.cmd
> +++ b/CryptoPkg/Library/OpensslLib/Install.cmd
> @@ -1,4 +1,4 @@
> -cd openssl-1.0.2c
> +cd openssl-1.0.2d
>  copy e_os2.h                    ..\..\..\Include\openssl
>  copy crypto\crypto.h            ..\..\..\Include\openssl
>  copy crypto\opensslv.h          ..\..\..\Include\openssl
> diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh
> index 087655d50e2a..877e775b81af 100755
> --- a/CryptoPkg/Library/OpensslLib/Install.sh
> +++ b/CryptoPkg/Library/OpensslLib/Install.sh
> @@ -1,6 +1,6 @@
>  #!/bin/sh
>
> -cd openssl-1.0.2c
> +cd openssl-1.0.2d
>  cp e_os2.h                    ../../../Include/openssl
>  cp crypto/crypto.h            ../../../Include/openssl
>  cp crypto/opensslv.h          ../../../Include/openssl
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> index dbf8a9621732..28d3aec00e2a 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> @@ -20,7 +20,7 @@ [Defines]
>    MODULE_TYPE                    = BASE
>    VERSION_STRING                 = 1.0
>    LIBRARY_CLASS                  = OpensslLib
> -  DEFINE OPENSSL_PATH            = openssl-1.0.2c
> +  DEFINE OPENSSL_PATH            = openssl-1.0.2d
>    DEFINE OPENSSL_FLAGS           = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
>    DEFINE OPENSSL_EXFLAGS         = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP -DOPENSSL_NO_ENGINE
>
> diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
> index 0ea7b8aa0ba5..59e74ee9b0d9 100644
> --- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
> +++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
> @@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building under UEFI environment.
>  ================================================================================
>                                  OpenSSL-Version
>  ================================================================================
> -  Current supported OpenSSL version for UEFI Crypto Library is 1.0.2c.
> -    http://www.openssl.org/source/openssl-1.0.2c.tar.gz
> +  Current supported OpenSSL version for UEFI Crypto Library is 1.0.2d.
> +    http://www.openssl.org/source/openssl-1.0.2d.tar.gz
>
>
>  ================================================================================
>                        HOW to Install Openssl for UEFI Building
>  ================================================================================
> -1.  Download OpenSSL 1.0.2c from official website:
> -    http://www.openssl.org/source/openssl-1.0.2c.tar.gz
> +1.  Download OpenSSL 1.0.2d from official website:
> +    http://www.openssl.org/source/openssl-1.0.2d.tar.gz
>
> -    NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2c.tar.tar.
> -          When you do the download, rename the "openssl-1.0.2c.tar.tar" to
> -          "openssl-1.0.2c.tar.gz" or rename the local downloaded file with ".tar.tar"
> +    NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2d.tar.tar.
> +          When you do the download, rename the "openssl-1.0.2d.tar.tar" to
> +          "openssl-1.0.2d.tar.gz" or rename the local downloaded file with ".tar.tar"
>            extension to ".tar.gz".
>
> -2.  Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2c
> +2.  Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2d
>
>      NOTE: If you use WinZip to unpack the openssl source in Windows, please
>            uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
>            Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
>
> -3.  Apply this patch: EDKII_openssl-1.0.2c.patch, and make installation
> +3.  Apply this patch: EDKII_openssl-1.0.2d.patch, and make installation
>
>      For Windows Environment:
>      ------------------------
>      1) Make sure the patch utility has been installed in your machine.
>         Install Cygwin or get the patch utility binary from
>            http://gnuwin32.sourceforge.net/packages/patch.htm
> -    2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2c
> -    3) patch -p0 -i ..\EDKII_openssl-1.0.2c.patch
> +    2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2d
> +    3) patch -p0 -i ..\EDKII_openssl-1.0.2d.patch
>      4) cd ..
>      5) Install.cmd
>
> @@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment.
>      -----------------------
>      1) Make sure the patch utility has been installed in your machine.
>         Patch utility is available from http://directory.fsf.org/project/patch/
> -    2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2c
> -    3) patch -p0 -i ../EDKII_openssl-1.0.2c.patch
> +    2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2d
> +    3) patch -p0 -i ../EDKII_openssl-1.0.2d.patch
>      4) cd ..
>      5) ./Install.sh
>
> --
> 1.9.1
>

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
Ard Biesheuvel July 12, 2015, 6:59 p.m. | #2
On 12 July 2015 at 19:34, Long, Qin <qin.long@intel.com> wrote:
> Ard,
>
> This looks good to me. (And thanks for doing this. I was out of office this week, so sorry for late response.)
>
> Reviewed-by: Qin Long <qin.long@intel.com>
>

Thanks! Committed as SVN r17928

Regards,
Ard.

> -----Original Message-----
> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
> Sent: Friday, July 10, 2015 5:21 PM
> To: Long, Qin
> Cc: edk2-devel@lists.sourceforge.net; Ye, Ting; Dong, Guo; Justen, Jordan L; Gao, Liming
> Subject: Re: [PATCH] CryptoPkg: update OpenSSL dependency to version 1.0.2d
>
> On 10 July 2015 at 09:53, Ye, Ting <ting.ye@intel.com> wrote:
>> Looks good to me.
>> Reviewed-by: Ye Ting <ting.ye@intel.com>
>>
>
> @Qin: are you ok with this patch? I would like to get it submitted asap to fix our automated build (it is broken because 1.0.2c is no longer available for download)
>
> Thanks,
> Ard.
>
>
>> -----Original Message-----
>> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
>> Sent: Friday, July 10, 2015 2:54 PM
>> To: edk2-devel@lists.sourceforge.net; Long, Qin; Dong, Guo; Ye, Ting
>> Cc: Justen, Jordan L; Gao, Liming; Ard Biesheuvel
>> Subject: [PATCH] CryptoPkg: update OpenSSL dependency to version
>> 1.0.2d
>>
>> Upstream OpenSSL version 1.0.2c contained a fatal flaw [CVE-2015-1793]
>> and is no longer available from the openssl.org download servers. So
>> upgrade to its replacement, version 1.0.2d.
>>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> ---
>>  CryptoPkg/Library/OpensslLib/{EDKII_openssl-1.0.2c.patch => EDKII_openssl-1.0.2d.patch} |  4 +--
>>  CryptoPkg/Library/OpensslLib/Install.cmd                                                |  2 +-
>>  CryptoPkg/Library/OpensslLib/Install.sh                                                 |  2 +-
>>  CryptoPkg/Library/OpensslLib/OpensslLib.inf                                             |  2 +-
>>  CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt                                            | 26 ++++++++++----------
>>  5 files changed, 18 insertions(+), 18 deletions(-)
>>
>> diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2c.patch
>> b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
>> similarity index 96%
>> rename from CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2c.patch
>> rename to CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
>> index 0d9575e94aef..72e5f3da54c4 100644
>> --- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2c.patch
>> +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
>> @@ -210,7 +210,7 @@ diff U3 crypto/rsa/rsa_ameth.c
>> crypto/rsa/rsa_ameth.c  diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
>>  --- crypto/x509/x509_vfy.c     Thu Jun 11 21:52:58 2015
>>  +++ crypto/x509/x509_vfy.c     Fri Jun 12 11:29:37 2015
>> -@@ -1647,6 +1647,10 @@
>> +@@ -1653,6 +1653,10 @@
>>
>>   static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
>>   {
>> @@ -221,7 +221,7 @@ diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
>>       time_t *ptime;
>>       int i;
>>
>> -@@ -1686,6 +1690,7 @@
>> +@@ -1692,6 +1696,7 @@
>>       }
>>
>>       return 1;
>> diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd
>> b/CryptoPkg/Library/OpensslLib/Install.cmd
>> index f8d8582d9ef6..ef0a4bdcebc9 100755
>> --- a/CryptoPkg/Library/OpensslLib/Install.cmd
>> +++ b/CryptoPkg/Library/OpensslLib/Install.cmd
>> @@ -1,4 +1,4 @@
>> -cd openssl-1.0.2c
>> +cd openssl-1.0.2d
>>  copy e_os2.h                    ..\..\..\Include\openssl
>>  copy crypto\crypto.h            ..\..\..\Include\openssl
>>  copy crypto\opensslv.h          ..\..\..\Include\openssl
>> diff --git a/CryptoPkg/Library/OpensslLib/Install.sh
>> b/CryptoPkg/Library/OpensslLib/Install.sh
>> index 087655d50e2a..877e775b81af 100755
>> --- a/CryptoPkg/Library/OpensslLib/Install.sh
>> +++ b/CryptoPkg/Library/OpensslLib/Install.sh
>> @@ -1,6 +1,6 @@
>>  #!/bin/sh
>>
>> -cd openssl-1.0.2c
>> +cd openssl-1.0.2d
>>  cp e_os2.h                    ../../../Include/openssl
>>  cp crypto/crypto.h            ../../../Include/openssl
>>  cp crypto/opensslv.h          ../../../Include/openssl
>> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
>> b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
>> index dbf8a9621732..28d3aec00e2a 100644
>> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
>> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
>> @@ -20,7 +20,7 @@ [Defines]
>>    MODULE_TYPE                    = BASE
>>    VERSION_STRING                 = 1.0
>>    LIBRARY_CLASS                  = OpensslLib
>> -  DEFINE OPENSSL_PATH            = openssl-1.0.2c
>> +  DEFINE OPENSSL_PATH            = openssl-1.0.2d
>>    DEFINE OPENSSL_FLAGS           = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
>>    DEFINE OPENSSL_EXFLAGS         = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP -DOPENSSL_NO_ENGINE
>>
>> diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
>> b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
>> index 0ea7b8aa0ba5..59e74ee9b0d9 100644
>> --- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
>> +++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
>> @@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building under UEFI environment.
>>  ================================================================================
>>                                  OpenSSL-Version
>> ======================================================================
>> ==========
>> -  Current supported OpenSSL version for UEFI Crypto Library is 1.0.2c.
>> -    http://www.openssl.org/source/openssl-1.0.2c.tar.gz
>> +  Current supported OpenSSL version for UEFI Crypto Library is 1.0.2d.
>> +    http://www.openssl.org/source/openssl-1.0.2d.tar.gz
>>
>>
>>  ================================================================================
>>                        HOW to Install Openssl for UEFI Building
>> ======================================================================
>> ========== -1.  Download OpenSSL 1.0.2c from official website:
>> -    http://www.openssl.org/source/openssl-1.0.2c.tar.gz
>> +1.  Download OpenSSL 1.0.2d from official website:
>> +    http://www.openssl.org/source/openssl-1.0.2d.tar.gz
>>
>> -    NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2c.tar.tar.
>> -          When you do the download, rename the "openssl-1.0.2c.tar.tar" to
>> -          "openssl-1.0.2c.tar.gz" or rename the local downloaded file with ".tar.tar"
>> +    NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2d.tar.tar.
>> +          When you do the download, rename the "openssl-1.0.2d.tar.tar" to
>> +          "openssl-1.0.2d.tar.gz" or rename the local downloaded file with ".tar.tar"
>>            extension to ".tar.gz".
>>
>> -2.  Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2c
>> +2.  Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2d
>>
>>      NOTE: If you use WinZip to unpack the openssl source in Windows, please
>>            uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
>>            Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
>>
>> -3.  Apply this patch: EDKII_openssl-1.0.2c.patch, and make
>> installation
>> +3.  Apply this patch: EDKII_openssl-1.0.2d.patch, and make
>> +installation
>>
>>      For Windows Environment:
>>      ------------------------
>>      1) Make sure the patch utility has been installed in your machine.
>>         Install Cygwin or get the patch utility binary from
>>            http://gnuwin32.sourceforge.net/packages/patch.htm
>> -    2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2c
>> -    3) patch -p0 -i ..\EDKII_openssl-1.0.2c.patch
>> +    2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2d
>> +    3) patch -p0 -i ..\EDKII_openssl-1.0.2d.patch
>>      4) cd ..
>>      5) Install.cmd
>>
>> @@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment.
>>      -----------------------
>>      1) Make sure the patch utility has been installed in your machine.
>>         Patch utility is available from http://directory.fsf.org/project/patch/
>> -    2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2c
>> -    3) patch -p0 -i ../EDKII_openssl-1.0.2c.patch
>> +    2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2d
>> +    3) patch -p0 -i ../EDKII_openssl-1.0.2d.patch
>>      4) cd ..
>>      5) ./Install.sh
>>
>> --
>> 1.9.1
>>

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/

Patch hide | download patch | download mbox

diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2c.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
similarity index 96%
rename from CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2c.patch
rename to CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
index 0d9575e94aef..72e5f3da54c4 100644
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2c.patch
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
@@ -210,7 +210,7 @@  diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c
 diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
 --- crypto/x509/x509_vfy.c	Thu Jun 11 21:52:58 2015
 +++ crypto/x509/x509_vfy.c	Fri Jun 12 11:29:37 2015
-@@ -1647,6 +1647,10 @@
+@@ -1653,6 +1653,10 @@
  
  static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
  {
@@ -221,7 +221,7 @@  diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
      time_t *ptime;
      int i;
  
-@@ -1686,6 +1690,7 @@
+@@ -1692,6 +1696,7 @@
      }
  
      return 1;
diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd b/CryptoPkg/Library/OpensslLib/Install.cmd
index f8d8582d9ef6..ef0a4bdcebc9 100755
--- a/CryptoPkg/Library/OpensslLib/Install.cmd
+++ b/CryptoPkg/Library/OpensslLib/Install.cmd
@@ -1,4 +1,4 @@ 
-cd openssl-1.0.2c
+cd openssl-1.0.2d
 copy e_os2.h                    ..\..\..\Include\openssl
 copy crypto\crypto.h            ..\..\..\Include\openssl
 copy crypto\opensslv.h          ..\..\..\Include\openssl
diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh
index 087655d50e2a..877e775b81af 100755
--- a/CryptoPkg/Library/OpensslLib/Install.sh
+++ b/CryptoPkg/Library/OpensslLib/Install.sh
@@ -1,6 +1,6 @@ 
 #!/bin/sh
 
-cd openssl-1.0.2c
+cd openssl-1.0.2d
 cp e_os2.h                    ../../../Include/openssl
 cp crypto/crypto.h            ../../../Include/openssl
 cp crypto/opensslv.h          ../../../Include/openssl
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index dbf8a9621732..28d3aec00e2a 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -20,7 +20,7 @@  [Defines]
   MODULE_TYPE                    = BASE
   VERSION_STRING                 = 1.0
   LIBRARY_CLASS                  = OpensslLib
-  DEFINE OPENSSL_PATH            = openssl-1.0.2c
+  DEFINE OPENSSL_PATH            = openssl-1.0.2d
   DEFINE OPENSSL_FLAGS           = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
   DEFINE OPENSSL_EXFLAGS         = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP -DOPENSSL_NO_ENGINE
 
diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
index 0ea7b8aa0ba5..59e74ee9b0d9 100644
--- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
+++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
@@ -17,36 +17,36 @@  cryptography. This patch will enable openssl building under UEFI environment.
 ================================================================================
                                 OpenSSL-Version
 ================================================================================
-  Current supported OpenSSL version for UEFI Crypto Library is 1.0.2c.
-    http://www.openssl.org/source/openssl-1.0.2c.tar.gz
+  Current supported OpenSSL version for UEFI Crypto Library is 1.0.2d.
+    http://www.openssl.org/source/openssl-1.0.2d.tar.gz
 
 
 ================================================================================
                       HOW to Install Openssl for UEFI Building
 ================================================================================
-1.  Download OpenSSL 1.0.2c from official website:
-    http://www.openssl.org/source/openssl-1.0.2c.tar.gz
+1.  Download OpenSSL 1.0.2d from official website:
+    http://www.openssl.org/source/openssl-1.0.2d.tar.gz
 
-    NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2c.tar.tar.
-          When you do the download, rename the "openssl-1.0.2c.tar.tar" to
-          "openssl-1.0.2c.tar.gz" or rename the local downloaded file with ".tar.tar"
+    NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2d.tar.tar.
+          When you do the download, rename the "openssl-1.0.2d.tar.tar" to
+          "openssl-1.0.2d.tar.gz" or rename the local downloaded file with ".tar.tar"
           extension to ".tar.gz".
 
-2.  Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2c
+2.  Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2d
 
     NOTE: If you use WinZip to unpack the openssl source in Windows, please
           uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
           Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
 
-3.  Apply this patch: EDKII_openssl-1.0.2c.patch, and make installation
+3.  Apply this patch: EDKII_openssl-1.0.2d.patch, and make installation
 
     For Windows Environment:
     ------------------------
     1) Make sure the patch utility has been installed in your machine.
        Install Cygwin or get the patch utility binary from
           http://gnuwin32.sourceforge.net/packages/patch.htm
-    2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2c
-    3) patch -p0 -i ..\EDKII_openssl-1.0.2c.patch
+    2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2d
+    3) patch -p0 -i ..\EDKII_openssl-1.0.2d.patch
     4) cd ..
     5) Install.cmd
 
@@ -54,8 +54,8 @@  cryptography. This patch will enable openssl building under UEFI environment.
     -----------------------
     1) Make sure the patch utility has been installed in your machine.
        Patch utility is available from http://directory.fsf.org/project/patch/
-    2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2c
-    3) patch -p0 -i ../EDKII_openssl-1.0.2c.patch
+    2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2d
+    3) patch -p0 -i ../EDKII_openssl-1.0.2d.patch
     4) cd ..
     5) ./Install.sh