diff options
| author | Qin Long <qin.long@intel.com> | 2015-12-11 02:29:05 +0000 |
|---|---|---|
| committer | qlong <qlong@Edk2> | 2015-12-11 02:29:05 +0000 |
| commit | 65202874a4a0e576f5d18287a9e4821440faeec4 (patch) | |
| tree | e8aa1a696e28d9d8a6cdbace390b395456fac2b8 | |
| parent | 0d12e6a0033dd24c670446a7c685c6029d108e7e (diff) | |
| download | edk2-65202874a4a0e576f5d18287a9e4821440faeec4.zip edk2-65202874a4a0e576f5d18287a9e4821440faeec4.tar.gz edk2-65202874a4a0e576f5d18287a9e4821440faeec4.tar.bz2 | |
CryptoPkg/OpensslLib: upgrade OpenSSL version to 1.0.2e
OpenSSL has released version 1.0.2e with security fixes.
Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib
from 1.0.2d to 1.0.2e.
(Note: This is based on Ard's previous patch with extra fix
https://rt.openssl.org/Ticket/Display.html?id=4175)
Contributed-under: TianoCore Contribution Agreement 1.0
Singed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19218 6f19259b-4bc3-4df7-8a09-765794883524
| -rw-r--r-- | CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2e.patch (renamed from CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch) | 31 | ||||
| -rwxr-xr-x | CryptoPkg/Library/OpensslLib/Install.cmd | 2 | ||||
| -rwxr-xr-x | CryptoPkg/Library/OpensslLib/Install.sh | 2 | ||||
| -rw-r--r-- | CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 | ||||
| -rw-r--r-- | CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 26 |
5 files changed, 38 insertions, 25 deletions
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2e.patch index 6be397b..e4eaff6 100644 --- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2e.patch @@ -16,7 +16,7 @@ diff U3 crypto/bio/bio.h crypto/bio/bio.h diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c
--- crypto/bio/bss_file.c Thu Jun 11 21:01:06 2015
+++ crypto/bio/bss_file.c Fri Jun 12 11:01:28 2015
-@@ -460,6 +460,23 @@
+@@ -467,6 +467,23 @@
return (ret);
}
@@ -83,9 +83,22 @@ diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c + char *buf = NULL;
+ int bufsiz;
int i, j = 0, k, ret = 0;
- BIO *p7bio;
- BIO *tmpin, *tmpout;
-@@ -365,9 +366,14 @@
+ BIO *p7bio = NULL;
+ BIO *tmpin = NULL, *tmpout = NULL;
+@@ -275,12 +276,6 @@
+ return 0;
+ }
+
+- /* Check for data and content: two sets of data */
+- if (!PKCS7_get_detached(p7) && indata) {
+- PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
+- return 0;
+- }
+-
+ sinfos = PKCS7_get_signer_info(p7);
+
+ if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
+@@ -355,9 +350,14 @@
} else
tmpout = out;
@@ -101,17 +114,17 @@ diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c if (i <= 0)
break;
if (tmpout)
-@@ -406,6 +412,10 @@
+@@ -394,6 +394,10 @@
+ }
BIO_free_all(p7bio);
-
sk_X509_free(signers);
+
+ if (buf != NULL) {
+ OPENSSL_free(buf);
+ }
-
return ret;
}
+
diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c
--- crypto/rand/rand_unix.c Thu Jun 11 21:01:06 2015
+++ crypto/rand/rand_unix.c Fri Jun 12 10:51:21 2015
@@ -210,7 +223,7 @@ diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
--- crypto/x509/x509_vfy.c Thu Jun 11 21:52:58 2015
+++ crypto/x509/x509_vfy.c Fri Jun 12 11:29:37 2015
-@@ -935,6 +935,8 @@
+@@ -940,6 +940,8 @@
ctx->current_crl = crl;
if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
ptime = &ctx->param->check_time;
@@ -219,7 +232,7 @@ diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c else
ptime = NULL;
-@@ -1658,6 +1660,8 @@
+@@ -1663,6 +1665,8 @@
if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
ptime = &ctx->param->check_time;
diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd b/CryptoPkg/Library/OpensslLib/Install.cmd index ef0a4bd..b9b6fc6 100755 --- a/CryptoPkg/Library/OpensslLib/Install.cmd +++ b/CryptoPkg/Library/OpensslLib/Install.cmd @@ -1,4 +1,4 @@ -cd openssl-1.0.2d
+cd openssl-1.0.2e
copy e_os2.h ..\..\..\Include\openssl
copy crypto\crypto.h ..\..\..\Include\openssl
copy crypto\opensslv.h ..\..\..\Include\openssl
diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh index 877e775..5434395 100755 --- a/CryptoPkg/Library/OpensslLib/Install.sh +++ b/CryptoPkg/Library/OpensslLib/Install.sh @@ -1,6 +1,6 @@ #!/bin/sh -cd openssl-1.0.2d +cd openssl-1.0.2e cp e_os2.h ../../../Include/openssl cp crypto/crypto.h ../../../Include/openssl cp crypto/opensslv.h ../../../Include/openssl diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index b54a173..216c1bb 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -20,7 +20,7 @@ MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
- DEFINE OPENSSL_PATH = openssl-1.0.2d
+ DEFINE OPENSSL_PATH = openssl-1.0.2e
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
#
diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt index 59e74ee..f575d71 100644 --- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt +++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt @@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building under UEFI environment. ================================================================================
OpenSSL-Version
================================================================================
- Current supported OpenSSL version for UEFI Crypto Library is 1.0.2d.
- http://www.openssl.org/source/openssl-1.0.2d.tar.gz
+ Current supported OpenSSL version for UEFI Crypto Library is 1.0.2e.
+ http://www.openssl.org/source/openssl-1.0.2e.tar.gz
================================================================================
HOW to Install Openssl for UEFI Building
================================================================================
-1. Download OpenSSL 1.0.2d from official website:
- http://www.openssl.org/source/openssl-1.0.2d.tar.gz
+1. Download OpenSSL 1.0.2e from official website:
+ http://www.openssl.org/source/openssl-1.0.2e.tar.gz
- NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2d.tar.tar.
- When you do the download, rename the "openssl-1.0.2d.tar.tar" to
- "openssl-1.0.2d.tar.gz" or rename the local downloaded file with ".tar.tar"
+ NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2e.tar.tar.
+ When you do the download, rename the "openssl-1.0.2e.tar.tar" to
+ "openssl-1.0.2e.tar.gz" or rename the local downloaded file with ".tar.tar"
extension to ".tar.gz".
-2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2d
+2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2e
NOTE: If you use WinZip to unpack the openssl source in Windows, please
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
-3. Apply this patch: EDKII_openssl-1.0.2d.patch, and make installation
+3. Apply this patch: EDKII_openssl-1.0.2e.patch, and make installation
For Windows Environment:
------------------------
1) Make sure the patch utility has been installed in your machine.
Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm
- 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2d
- 3) patch -p0 -i ..\EDKII_openssl-1.0.2d.patch
+ 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2e
+ 3) patch -p0 -i ..\EDKII_openssl-1.0.2e.patch
4) cd ..
5) Install.cmd
@@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment. -----------------------
1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/
- 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2d
- 3) patch -p0 -i ../EDKII_openssl-1.0.2d.patch
+ 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2e
+ 3) patch -p0 -i ../EDKII_openssl-1.0.2e.patch
4) cd ..
5) ./Install.sh
|