Revision: 15802
http://sourceforge.net/p/edk2/code/15802
Author: qlong
Date: 2014-08-14 10:16:57 +0000 (Thu, 14 Aug 2014)
Log Message:
-----------
OpenSSL 0.9.8zb was released at 06-Aug-2014, including bug and security fixes.
This patch is to catch the latest OpenSSL release.
NOTE: The content of EDKII_openssl-0.9.8zb.patch is same with the old
EDKII_openssl-0.9.8za.patch, and the extra changes
are only name / directory modifications.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long, Qin <[email protected]>
Reviewed-by: Ye, Ting <[email protected]>
Reviewed-by: Fu, Siyuan <[email protected]>
Modified Paths:
--------------
trunk/edk2/CryptoPkg/Library/OpensslLib/Install.cmd
trunk/edk2/CryptoPkg/Library/OpensslLib/Install.sh
trunk/edk2/CryptoPkg/Library/OpensslLib/OpensslLib.inf
trunk/edk2/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
Added Paths:
-----------
trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zb.patch
Removed Paths:
-------------
trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8za.patch
Deleted: trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8za.patch
===================================================================
--- trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8za.patch
2014-08-14 06:31:34 UTC (rev 15801)
+++ trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8za.patch
2014-08-14 10:16:57 UTC (rev 15802)
@@ -1,281 +0,0 @@
-Index: crypto/bio/bss_file.c
-===================================================================
---- crypto/bio/bss_file.c (revision 1)
-+++ crypto/bio/bss_file.c (working copy)
-@@ -428,6 +428,23 @@
- return(ret);
- }
-
-+#else
-+
-+BIO_METHOD *BIO_s_file(void)
-+ {
-+ return NULL;
-+ }
-+
-+BIO *BIO_new_file(const char *filename, const char *mode)
-+ {
-+ return NULL;
-+ }
-+
-+BIO *BIO_new_fp(FILE *stream, int close_flag)
-+ {
-+ return NULL;
-+ }
-+
- #endif /* OPENSSL_NO_STDIO */
-
- #endif /* HEADER_BSS_FILE_C */
-Index: crypto/crypto.h
-===================================================================
---- crypto/crypto.h (revision 1)
-+++ crypto/crypto.h (working copy)
-@@ -235,15 +235,15 @@
- #ifndef OPENSSL_NO_LOCKING
- #ifndef CRYPTO_w_lock
- #define CRYPTO_w_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
- #define CRYPTO_w_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
- #define CRYPTO_r_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
- #define CRYPTO_r_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
- #define CRYPTO_add(addr,amount,type) \
-- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-+ CRYPTO_add_lock(addr,amount,type,NULL,0)
- #endif
- #else
- #define CRYPTO_w_lock(a)
-@@ -361,19 +361,19 @@
- #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
- #define is_MemCheck_on() CRYPTO_is_mem_check_on()
-
--#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
--#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
-+#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
-+#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
- #define OPENSSL_realloc(addr,num) \
-- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
- #define OPENSSL_realloc_clean(addr,old_num,num) \
-- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
- #define OPENSSL_remalloc(addr,num) \
-- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
- #define OPENSSL_freeFunc CRYPTO_free
- #define OPENSSL_free(addr) CRYPTO_free(addr)
-
- #define OPENSSL_malloc_locked(num) \
-- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-+ CRYPTO_malloc_locked((int)num,NULL,0)
- #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
-
-
-@@ -487,7 +487,7 @@
- long CRYPTO_get_mem_debug_options(void);
-
- #define CRYPTO_push_info(info) \
-- CRYPTO_push_info_(info, __FILE__, __LINE__);
-+ CRYPTO_push_info_(info, NULL, 0);
- int CRYPTO_push_info_(const char *info, const char *file, int line);
- int CRYPTO_pop_info(void);
- int CRYPTO_remove_all_info(void);
-@@ -528,17 +528,17 @@
-
- /* die if we have to */
- void OpenSSLDie(const char *file,int line,const char *assertion);
--#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__,
__LINE__, #e),1))
-+#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
-
- unsigned long *OPENSSL_ia32cap_loc(void);
- #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
- int OPENSSL_isservice(void);
-
- #ifdef OPENSSL_FIPS
--#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
-+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
- alg " previous FIPS forbidden algorithm error ignored");
-
--#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
-+#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
- #alg " Algorithm forbidden in FIPS mode");
-
- #ifdef OPENSSL_FIPS_STRICT
-Index: crypto/err/err.c
-===================================================================
---- crypto/err/err.c (revision 1)
-+++ crypto/err/err.c (working copy)
-@@ -313,7 +313,12 @@
- es->err_data_flags[i]=flags;
- }
-
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...)
-+#else
- void ERR_add_error_data(int num, ...)
-+#endif
- {
- va_list args;
- int i,n,s;
-Index: crypto/err/err.h
-===================================================================
---- crypto/err/err.h (revision 1)
-+++ crypto/err/err.h (working copy)
-@@ -286,8 +286,14 @@
- #endif
- #ifndef OPENSSL_NO_BIO
- void ERR_print_errors(BIO *bp);
-+
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...);
-+#else
- void ERR_add_error_data(int num, ...);
- #endif
-+#endif
- void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
- void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
- void ERR_load_ERR_strings(void);
-Index: crypto/opensslconf.h
-===================================================================
---- crypto/opensslconf.h (revision 1)
-+++ crypto/opensslconf.h (working copy)
-@@ -162,6 +162,9 @@
- /* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-+
-+/* Bypass following definition for UEFI version. */
-+#if !defined(OPENSSL_SYS_UEFI)
- #undef SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
- #define THIRTY_TWO_BIT
-@@ -169,6 +172,8 @@
- #undef EIGHT_BIT
- #endif
-
-+#endif
-+
- #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
- #define CONFIG_HEADER_RC4_LOCL_H
- /* if this is defined data[i] is used instead of *data, this is a %20
-Index: crypto/pkcs7/pk7_smime.c
-===================================================================
---- crypto/pkcs7/pk7_smime.c (revision 1)
-+++ crypto/pkcs7/pk7_smime.c (working copy)
-@@ -88,7 +88,10 @@
- if (!PKCS7_content_new(p7, NID_pkcs7_data))
- goto err;
-
-- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
-+ /*
-+ NOTE: Update to SHA-256 digest algorithm for UEFI version.
-+ */
-+ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {
- PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
- goto err;
- }
-@@ -173,7 +176,8 @@
- STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
- PKCS7_SIGNER_INFO *si;
- X509_STORE_CTX cert_ctx;
-- char buf[4096];
-+ char *buf = NULL;
-+ int bufsiz;
- int i, j=0, k, ret = 0;
- BIO *p7bio;
- BIO *tmpin, *tmpout;
-@@ -284,10 +288,16 @@
- BIO_set_mem_eof_return(tmpout, 0);
- } else tmpout = out;
-
-+ bufsiz = 4096;
-+ buf = OPENSSL_malloc (bufsiz);
-+ if (buf == NULL) {
-+ goto err;
-+ }
-+
- /* We now have to 'read' from p7bio to calculate digests etc. */
- for (;;)
- {
-- i=BIO_read(p7bio,buf,sizeof(buf));
-+ i=BIO_read(p7bio,buf,bufsiz);
- if (i <= 0) break;
- if (tmpout) BIO_write(tmpout, buf, i);
- }
-@@ -326,6 +336,10 @@
-
- sk_X509_free(signers);
-
-+ if (buf != NULL) {
-+ OPENSSL_free (buf);
-+ }
-+
- return ret;
- }
-
-Index: crypto/rand/rand_egd.c
-===================================================================
---- crypto/rand/rand_egd.c (revision 1)
-+++ crypto/rand/rand_egd.c (working copy)
-@@ -95,7 +95,7 @@
- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
- */
-
--#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) ||
defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
-+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) ||
defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) ||
defined(OPENSSL_SYS_UEFI)
- int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
- {
- return(-1);
-Index: crypto/rand/rand_unix.c
-===================================================================
---- crypto/rand/rand_unix.c (revision 1)
-+++ crypto/rand/rand_unix.c (working copy)
-@@ -116,7 +116,7 @@
- #include <openssl/rand.h>
- #include "rand_lcl.h"
-
--#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
-+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) ||
defined(OPENSSL_SYS_UEFI))
-
- #include <sys/types.h>
- #include <sys/time.h>
-@@ -322,7 +322,7 @@
- #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
-
-
--#if defined(OPENSSL_SYS_VXWORKS)
-+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
- int RAND_poll(void)
- {
- return 0;
-Index: crypto/x509/x509_vfy.c
-===================================================================
---- crypto/x509/x509_vfy.c (revision 1)
-+++ crypto/x509/x509_vfy.c (working copy)
-@@ -899,6 +899,10 @@
-
- static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
- {
-+#if defined(OPENSSL_SYS_UEFI)
-+ /* Bypass Certificate Time Checking for UEFI version. */
-+ return 1;
-+#else
- time_t *ptime;
- int i;
-
-@@ -942,6 +946,7 @@
- }
-
- return 1;
-+#endif
- }
-
- static int internal_verify(X509_STORE_CTX *ctx)
Added: trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zb.patch
===================================================================
--- trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zb.patch
(rev 0)
+++ trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zb.patch
2014-08-14 10:16:57 UTC (rev 15802)
@@ -0,0 +1,281 @@
+Index: crypto/bio/bss_file.c
+===================================================================
+--- crypto/bio/bss_file.c (revision 1)
++++ crypto/bio/bss_file.c (working copy)
+@@ -428,6 +428,23 @@
+ return(ret);
+ }
+
++#else
++
++BIO_METHOD *BIO_s_file(void)
++ {
++ return NULL;
++ }
++
++BIO *BIO_new_file(const char *filename, const char *mode)
++ {
++ return NULL;
++ }
++
++BIO *BIO_new_fp(FILE *stream, int close_flag)
++ {
++ return NULL;
++ }
++
+ #endif /* OPENSSL_NO_STDIO */
+
+ #endif /* HEADER_BSS_FILE_C */
+Index: crypto/crypto.h
+===================================================================
+--- crypto/crypto.h (revision 1)
++++ crypto/crypto.h (working copy)
+@@ -235,15 +235,15 @@
+ #ifndef OPENSSL_NO_LOCKING
+ #ifndef CRYPTO_w_lock
+ #define CRYPTO_w_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
+ #define CRYPTO_w_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
+ #define CRYPTO_r_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
+ #define CRYPTO_r_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
+ #define CRYPTO_add(addr,amount,type) \
+- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
++ CRYPTO_add_lock(addr,amount,type,NULL,0)
+ #endif
+ #else
+ #define CRYPTO_w_lock(a)
+@@ -361,19 +361,19 @@
+ #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
+ #define is_MemCheck_on() CRYPTO_is_mem_check_on()
+
+-#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
+-#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
++#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
++#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
+ #define OPENSSL_realloc(addr,num) \
+- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
+ #define OPENSSL_realloc_clean(addr,old_num,num) \
+- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
+ #define OPENSSL_remalloc(addr,num) \
+- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
+ #define OPENSSL_freeFunc CRYPTO_free
+ #define OPENSSL_free(addr) CRYPTO_free(addr)
+
+ #define OPENSSL_malloc_locked(num) \
+- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
++ CRYPTO_malloc_locked((int)num,NULL,0)
+ #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
+
+
+@@ -487,7 +487,7 @@
+ long CRYPTO_get_mem_debug_options(void);
+
+ #define CRYPTO_push_info(info) \
+- CRYPTO_push_info_(info, __FILE__, __LINE__);
++ CRYPTO_push_info_(info, NULL, 0);
+ int CRYPTO_push_info_(const char *info, const char *file, int line);
+ int CRYPTO_pop_info(void);
+ int CRYPTO_remove_all_info(void);
+@@ -528,17 +528,17 @@
+
+ /* die if we have to */
+ void OpenSSLDie(const char *file,int line,const char *assertion);
+-#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__,
__LINE__, #e),1))
++#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
+
+ unsigned long *OPENSSL_ia32cap_loc(void);
+ #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
+ int OPENSSL_isservice(void);
+
+ #ifdef OPENSSL_FIPS
+-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
++#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
+ alg " previous FIPS forbidden algorithm error ignored");
+
+-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
++#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
+ #alg " Algorithm forbidden in FIPS mode");
+
+ #ifdef OPENSSL_FIPS_STRICT
+Index: crypto/err/err.c
+===================================================================
+--- crypto/err/err.c (revision 1)
++++ crypto/err/err.c (working copy)
+@@ -313,7 +313,12 @@
+ es->err_data_flags[i]=flags;
+ }
+
++/* Add EFIAPI for UEFI version. */
++#if defined(OPENSSL_SYS_UEFI)
++void EFIAPI ERR_add_error_data(int num, ...)
++#else
+ void ERR_add_error_data(int num, ...)
++#endif
+ {
+ va_list args;
+ int i,n,s;
+Index: crypto/err/err.h
+===================================================================
+--- crypto/err/err.h (revision 1)
++++ crypto/err/err.h (working copy)
+@@ -286,8 +286,14 @@
+ #endif
+ #ifndef OPENSSL_NO_BIO
+ void ERR_print_errors(BIO *bp);
++
++/* Add EFIAPI for UEFI version. */
++#if defined(OPENSSL_SYS_UEFI)
++void EFIAPI ERR_add_error_data(int num, ...);
++#else
+ void ERR_add_error_data(int num, ...);
+ #endif
++#endif
+ void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
+ void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
+ void ERR_load_ERR_strings(void);
+Index: crypto/opensslconf.h
+===================================================================
+--- crypto/opensslconf.h (revision 1)
++++ crypto/opensslconf.h (working copy)
+@@ -162,6 +162,9 @@
+ /* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
++
++/* Bypass following definition for UEFI version. */
++#if !defined(OPENSSL_SYS_UEFI)
+ #undef SIXTY_FOUR_BIT_LONG
+ #undef SIXTY_FOUR_BIT
+ #define THIRTY_TWO_BIT
+@@ -169,6 +172,8 @@
+ #undef EIGHT_BIT
+ #endif
+
++#endif
++
+ #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+ #define CONFIG_HEADER_RC4_LOCL_H
+ /* if this is defined data[i] is used instead of *data, this is a %20
+Index: crypto/pkcs7/pk7_smime.c
+===================================================================
+--- crypto/pkcs7/pk7_smime.c (revision 1)
++++ crypto/pkcs7/pk7_smime.c (working copy)
+@@ -88,7 +88,10 @@
+ if (!PKCS7_content_new(p7, NID_pkcs7_data))
+ goto err;
+
+- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
++ /*
++ NOTE: Update to SHA-256 digest algorithm for UEFI version.
++ */
++ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+ goto err;
+ }
+@@ -173,7 +176,8 @@
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ X509_STORE_CTX cert_ctx;
+- char buf[4096];
++ char *buf = NULL;
++ int bufsiz;
+ int i, j=0, k, ret = 0;
+ BIO *p7bio;
+ BIO *tmpin, *tmpout;
+@@ -284,10 +288,16 @@
+ BIO_set_mem_eof_return(tmpout, 0);
+ } else tmpout = out;
+
++ bufsiz = 4096;
++ buf = OPENSSL_malloc (bufsiz);
++ if (buf == NULL) {
++ goto err;
++ }
++
+ /* We now have to 'read' from p7bio to calculate digests etc. */
+ for (;;)
+ {
+- i=BIO_read(p7bio,buf,sizeof(buf));
++ i=BIO_read(p7bio,buf,bufsiz);
+ if (i <= 0) break;
+ if (tmpout) BIO_write(tmpout, buf, i);
+ }
+@@ -326,6 +336,10 @@
+
+ sk_X509_free(signers);
+
++ if (buf != NULL) {
++ OPENSSL_free (buf);
++ }
++
+ return ret;
+ }
+
+Index: crypto/rand/rand_egd.c
+===================================================================
+--- crypto/rand/rand_egd.c (revision 1)
++++ crypto/rand/rand_egd.c (working copy)
+@@ -95,7 +95,7 @@
+ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
+ */
+
+-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) ||
defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
++#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) ||
defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) ||
defined(OPENSSL_SYS_UEFI)
+ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+ {
+ return(-1);
+Index: crypto/rand/rand_unix.c
+===================================================================
+--- crypto/rand/rand_unix.c (revision 1)
++++ crypto/rand/rand_unix.c (working copy)
+@@ -116,7 +116,7 @@
+ #include <openssl/rand.h>
+ #include "rand_lcl.h"
+
+-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) ||
defined(OPENSSL_SYS_UEFI))
+
+ #include <sys/types.h>
+ #include <sys/time.h>
+@@ -322,7 +322,7 @@
+ #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
+
+
+-#if defined(OPENSSL_SYS_VXWORKS)
++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+ int RAND_poll(void)
+ {
+ return 0;
+Index: crypto/x509/x509_vfy.c
+===================================================================
+--- crypto/x509/x509_vfy.c (revision 1)
++++ crypto/x509/x509_vfy.c (working copy)
+@@ -899,6 +899,10 @@
+
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
+ {
++#if defined(OPENSSL_SYS_UEFI)
++ /* Bypass Certificate Time Checking for UEFI version. */
++ return 1;
++#else
+ time_t *ptime;
+ int i;
+
+@@ -942,6 +946,7 @@
+ }
+
+ return 1;
++#endif
+ }
+
+ static int internal_verify(X509_STORE_CTX *ctx)
Modified: trunk/edk2/CryptoPkg/Library/OpensslLib/Install.cmd
===================================================================
--- trunk/edk2/CryptoPkg/Library/OpensslLib/Install.cmd 2014-08-14 06:31:34 UTC
(rev 15801)
+++ trunk/edk2/CryptoPkg/Library/OpensslLib/Install.cmd 2014-08-14 10:16:57 UTC
(rev 15802)
@@ -1,4 +1,4 @@
-cd openssl-0.9.8za
+cd openssl-0.9.8zb
copy e_os2.h ..\..\..\Include\openssl
copy crypto\crypto.h ..\..\..\Include\openssl
copy crypto\tmdiff.h ..\..\..\Include\openssl
Modified: trunk/edk2/CryptoPkg/Library/OpensslLib/Install.sh
===================================================================
--- trunk/edk2/CryptoPkg/Library/OpensslLib/Install.sh 2014-08-14 06:31:34 UTC
(rev 15801)
+++ trunk/edk2/CryptoPkg/Library/OpensslLib/Install.sh 2014-08-14 10:16:57 UTC
(rev 15802)
@@ -1,6 +1,6 @@
#!/bin/sh
-cd openssl-0.9.8za
+cd openssl-0.9.8zb
cp e_os2.h ../../../Include/openssl
cp crypto/crypto.h ../../../Include/openssl
cp crypto/tmdiff.h ../../../Include/openssl
Modified: trunk/edk2/CryptoPkg/Library/OpensslLib/OpensslLib.inf
===================================================================
--- trunk/edk2/CryptoPkg/Library/OpensslLib/OpensslLib.inf 2014-08-14
06:31:34 UTC (rev 15801)
+++ trunk/edk2/CryptoPkg/Library/OpensslLib/OpensslLib.inf 2014-08-14
10:16:57 UTC (rev 15802)
@@ -19,7 +19,7 @@
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
- DEFINE OPENSSL_PATH = openssl-0.9.8za
+ DEFINE OPENSSL_PATH = openssl-0.9.8zb
DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI
-DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2
-DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG
-DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE
-DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API
-DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_MD2
-DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW
-DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED
-DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF
-DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC
-DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ENGINE
Modified: trunk/edk2/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
===================================================================
--- trunk/edk2/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt 2014-08-14
06:31:34 UTC (rev 15801)
+++ trunk/edk2/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt 2014-08-14
10:16:57 UTC (rev 15802)
@@ -17,36 +17,36 @@
================================================================================
OpenSSL-Version
================================================================================
- Current supported OpenSSL version for UEFI Crypto Library is 0.9.8za.
- http://www.openssl.org/source/openssl-0.9.8za.tar.gz
+ Current supported OpenSSL version for UEFI Crypto Library is 0.9.8zb.
+ http://www.openssl.org/source/openssl-0.9.8zb.tar.gz
================================================================================
HOW to Install Openssl for UEFI Building
================================================================================
-1. Download OpenSSL 0.9.8za from official website:
- http://www.openssl.org/source/openssl-0.9.8za.tar.gz
+1. Download OpenSSL 0.9.8zb from official website:
+ http://www.openssl.org/source/openssl-0.9.8zb.tar.gz
- NOTE: Some web browsers may rename the downloaded TAR file to
openssl-0.9.8za.tar.tar.
- When you do the download, rename the "openssl-0.9.8za.tar.tar" to
- "openssl-0.9.8za.tar.gz" or rename the local downloaded file with
".tar.tar"
+ NOTE: Some web browsers may rename the downloaded TAR file to
openssl-0.9.8zb.tar.tar.
+ When you do the download, rename the "openssl-0.9.8zb.tar.tar" to
+ "openssl-0.9.8zb.tar.gz" or rename the local downloaded file with
".tar.tar"
extension to ".tar.gz".
-2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8za
+2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8zb
NOTE: If you use WinZip to unpack the openssl source in Windows, please
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options
-->
Configuration --> Miscellaneous --> "TAR file smart CR/LF
conversion").
-3. Apply this patch: EDKII_openssl-0.9.8za.patch, and make installation
+3. Apply this patch: EDKII_openssl-0.9.8zb.patch, and make installation
For Windows Environment:
------------------------
1) Make sure the patch utility has been installed in your machine.
Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm
- 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8za
- 3) patch -p0 -i ..\EDKII_openssl-0.9.8za.patch
+ 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8zb
+ 3) patch -p0 -i ..\EDKII_openssl-0.9.8zb.patch
4) cd ..
5) Install.cmd
@@ -54,8 +54,8 @@
-----------------------
1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/
- 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8za
- 3) patch -p0 -i ../EDKII_openssl-0.9.8za.patch
+ 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8zb
+ 3) patch -p0 -i ../EDKII_openssl-0.9.8zb.patch
4) cd ..
5) ./Install.sh
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
