Revision: 17072
http://sourceforge.net/p/edk2/code/17072
Author: qlong
Date: 2015-03-25 08:13:32 +0000 (Wed, 25 Mar 2015)
Log Message:
-----------
Upgrade to OpenSSL-0.9.8zf (released on 19-MAR-2015).
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long Qin <[email protected]>
Reviewed-by: Dong Guo <[email protected]>
Reviewed-by: Ye Ting <[email protected]>
Modified Paths:
--------------
trunk/edk2/CryptoPkg/Library/OpensslLib/Install.cmd
trunk/edk2/CryptoPkg/Library/OpensslLib/Install.sh
trunk/edk2/CryptoPkg/Library/OpensslLib/OpensslLib.inf
trunk/edk2/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
Added Paths:
-----------
trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
Removed Paths:
-------------
trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8ze.patch
Deleted: trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8ze.patch
===================================================================
--- trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8ze.patch
2015-03-25 01:51:23 UTC (rev 17071)
+++ trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8ze.patch
2015-03-25 08:13:32 UTC (rev 17072)
@@ -1,281 +0,0 @@
-Index: crypto/bio/bss_file.c
-===================================================================
---- crypto/bio/bss_file.c (revision 1)
-+++ crypto/bio/bss_file.c (working copy)
-@@ -428,6 +428,23 @@
- return(ret);
- }
-
-+#else
-+
-+BIO_METHOD *BIO_s_file(void)
-+ {
-+ return NULL;
-+ }
-+
-+BIO *BIO_new_file(const char *filename, const char *mode)
-+ {
-+ return NULL;
-+ }
-+
-+BIO *BIO_new_fp(FILE *stream, int close_flag)
-+ {
-+ return NULL;
-+ }
-+
- #endif /* OPENSSL_NO_STDIO */
-
- #endif /* HEADER_BSS_FILE_C */
-Index: crypto/crypto.h
-===================================================================
---- crypto/crypto.h (revision 1)
-+++ crypto/crypto.h (working copy)
-@@ -235,15 +235,15 @@
- #ifndef OPENSSL_NO_LOCKING
- #ifndef CRYPTO_w_lock
- #define CRYPTO_w_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
- #define CRYPTO_w_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
- #define CRYPTO_r_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
- #define CRYPTO_r_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
- #define CRYPTO_add(addr,amount,type) \
-- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-+ CRYPTO_add_lock(addr,amount,type,NULL,0)
- #endif
- #else
- #define CRYPTO_w_lock(a)
-@@ -361,19 +361,19 @@
- #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
- #define is_MemCheck_on() CRYPTO_is_mem_check_on()
-
--#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
--#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
-+#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
-+#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
- #define OPENSSL_realloc(addr,num) \
-- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
- #define OPENSSL_realloc_clean(addr,old_num,num) \
-- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
- #define OPENSSL_remalloc(addr,num) \
-- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
- #define OPENSSL_freeFunc CRYPTO_free
- #define OPENSSL_free(addr) CRYPTO_free(addr)
-
- #define OPENSSL_malloc_locked(num) \
-- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-+ CRYPTO_malloc_locked((int)num,NULL,0)
- #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
-
-
-@@ -487,7 +487,7 @@
- long CRYPTO_get_mem_debug_options(void);
-
- #define CRYPTO_push_info(info) \
-- CRYPTO_push_info_(info, __FILE__, __LINE__);
-+ CRYPTO_push_info_(info, NULL, 0);
- int CRYPTO_push_info_(const char *info, const char *file, int line);
- int CRYPTO_pop_info(void);
- int CRYPTO_remove_all_info(void);
-@@ -528,17 +528,17 @@
-
- /* die if we have to */
- void OpenSSLDie(const char *file,int line,const char *assertion);
--#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__,
__LINE__, #e),1))
-+#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
-
- unsigned long *OPENSSL_ia32cap_loc(void);
- #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
- int OPENSSL_isservice(void);
-
- #ifdef OPENSSL_FIPS
--#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
-+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
- alg " previous FIPS forbidden algorithm error ignored");
-
--#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
-+#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
- #alg " Algorithm forbidden in FIPS mode");
-
- #ifdef OPENSSL_FIPS_STRICT
-Index: crypto/err/err.c
-===================================================================
---- crypto/err/err.c (revision 1)
-+++ crypto/err/err.c (working copy)
-@@ -313,7 +313,12 @@
- es->err_data_flags[i]=flags;
- }
-
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...)
-+#else
- void ERR_add_error_data(int num, ...)
-+#endif
- {
- va_list args;
- int i,n,s;
-Index: crypto/err/err.h
-===================================================================
---- crypto/err/err.h (revision 1)
-+++ crypto/err/err.h (working copy)
-@@ -286,8 +286,14 @@
- #endif
- #ifndef OPENSSL_NO_BIO
- void ERR_print_errors(BIO *bp);
-+
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...);
-+#else
- void ERR_add_error_data(int num, ...);
- #endif
-+#endif
- void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
- void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
- void ERR_load_ERR_strings(void);
-Index: crypto/opensslconf.h
-===================================================================
---- crypto/opensslconf.h (revision 1)
-+++ crypto/opensslconf.h (working copy)
-@@ -162,6 +162,9 @@
- /* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-+
-+/* Bypass following definition for UEFI version. */
-+#if !defined(OPENSSL_SYS_UEFI)
- #undef SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
- #define THIRTY_TWO_BIT
-@@ -169,6 +172,8 @@
- #undef EIGHT_BIT
- #endif
-
-+#endif
-+
- #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
- #define CONFIG_HEADER_RC4_LOCL_H
- /* if this is defined data[i] is used instead of *data, this is a %20
-Index: crypto/pkcs7/pk7_smime.c
-===================================================================
---- crypto/pkcs7/pk7_smime.c (revision 1)
-+++ crypto/pkcs7/pk7_smime.c (working copy)
-@@ -88,7 +88,10 @@
- if (!PKCS7_content_new(p7, NID_pkcs7_data))
- goto err;
-
-- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
-+ /*
-+ NOTE: Update to SHA-256 digest algorithm for UEFI version.
-+ */
-+ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {
- PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
- goto err;
- }
-@@ -173,7 +176,8 @@
- STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
- PKCS7_SIGNER_INFO *si;
- X509_STORE_CTX cert_ctx;
-- char buf[4096];
-+ char *buf = NULL;
-+ int bufsiz;
- int i, j=0, k, ret = 0;
- BIO *p7bio;
- BIO *tmpin, *tmpout;
-@@ -284,10 +288,16 @@
- BIO_set_mem_eof_return(tmpout, 0);
- } else tmpout = out;
-
-+ bufsiz = 4096;
-+ buf = OPENSSL_malloc (bufsiz);
-+ if (buf == NULL) {
-+ goto err;
-+ }
-+
- /* We now have to 'read' from p7bio to calculate digests etc. */
- for (;;)
- {
-- i=BIO_read(p7bio,buf,sizeof(buf));
-+ i=BIO_read(p7bio,buf,bufsiz);
- if (i <= 0) break;
- if (tmpout) BIO_write(tmpout, buf, i);
- }
-@@ -326,6 +336,10 @@
-
- sk_X509_free(signers);
-
-+ if (buf != NULL) {
-+ OPENSSL_free (buf);
-+ }
-+
- return ret;
- }
-
-Index: crypto/rand/rand_egd.c
-===================================================================
---- crypto/rand/rand_egd.c (revision 1)
-+++ crypto/rand/rand_egd.c (working copy)
-@@ -95,7 +95,7 @@
- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
- */
-
--#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) ||
defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
-+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) ||
defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) ||
defined(OPENSSL_SYS_UEFI)
- int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
- {
- return(-1);
-Index: crypto/rand/rand_unix.c
-===================================================================
---- crypto/rand/rand_unix.c (revision 1)
-+++ crypto/rand/rand_unix.c (working copy)
-@@ -116,7 +116,7 @@
- #include <openssl/rand.h>
- #include "rand_lcl.h"
-
--#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
-+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) ||
defined(OPENSSL_SYS_UEFI))
-
- #include <sys/types.h>
- #include <sys/time.h>
-@@ -322,7 +322,7 @@
- #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
-
-
--#if defined(OPENSSL_SYS_VXWORKS)
-+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
- int RAND_poll(void)
- {
- return 0;
-Index: crypto/x509/x509_vfy.c
-===================================================================
---- crypto/x509/x509_vfy.c (revision 1)
-+++ crypto/x509/x509_vfy.c (working copy)
-@@ -899,6 +899,10 @@
-
- static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
- {
-+#if defined(OPENSSL_SYS_UEFI)
-+ /* Bypass Certificate Time Checking for UEFI version. */
-+ return 1;
-+#else
- time_t *ptime;
- int i;
-
-@@ -942,6 +946,7 @@
- }
-
- return 1;
-+#endif
- }
-
- static int internal_verify(X509_STORE_CTX *ctx)
Added: trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
===================================================================
--- trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
(rev 0)
+++ trunk/edk2/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
2015-03-25 08:13:32 UTC (rev 17072)
@@ -0,0 +1,279 @@
+Index: crypto/bio/bss_file.c
+===================================================================
+--- crypto/bio/bss_file.c (revision 1)
++++ crypto/bio/bss_file.c (working copy)
+@@ -418,6 +418,23 @@
+ return (ret);
+ }
+
++#else
++
++BIO_METHOD *BIO_s_file(void)
++{
++ return NULL;
++}
++
++BIO *BIO_new_file(const char *filename, const char *mode)
++{
++ return NULL;
++}
++
++BIO *BIO_new_fp(FILE *stream, int close_flag)
++{
++ return NULL;
++}
++
+ # endif /* OPENSSL_NO_STDIO */
+
+ #endif /* HEADER_BSS_FILE_C */
+Index: crypto/crypto.h
+===================================================================
+--- crypto/crypto.h (revision 1)
++++ crypto/crypto.h (working copy)
+@@ -239,15 +239,15 @@
+ # ifndef OPENSSL_NO_LOCKING
+ # ifndef CRYPTO_w_lock
+ # define CRYPTO_w_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
+ # define CRYPTO_w_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
+ # define CRYPTO_r_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
+ # define CRYPTO_r_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
+ # define CRYPTO_add(addr,amount,type) \
+- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
++ CRYPTO_add_lock(addr,amount,type,NULL,0)
+ # endif
+ # else
+ # define CRYPTO_w_lock(a)
+@@ -374,19 +374,19 @@
+ # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
+ # define is_MemCheck_on() CRYPTO_is_mem_check_on()
+
+-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
+-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
++# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
++# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
+ # define OPENSSL_realloc(addr,num) \
+- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
+ # define OPENSSL_realloc_clean(addr,old_num,num) \
+- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
+ # define OPENSSL_remalloc(addr,num) \
+- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
+ # define OPENSSL_freeFunc CRYPTO_free
+ # define OPENSSL_free(addr) CRYPTO_free(addr)
+
+ # define OPENSSL_malloc_locked(num) \
+- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
++ CRYPTO_malloc_locked((int)num,NULL,0)
+ # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
+
+ const char *SSLeay_version(int type);
+@@ -531,7 +531,7 @@
+ long CRYPTO_get_mem_debug_options(void);
+
+ # define CRYPTO_push_info(info) \
+- CRYPTO_push_info_(info, __FILE__, __LINE__);
++ CRYPTO_push_info_(info, NULL, 0);
+ int CRYPTO_push_info_(const char *info, const char *file, int line);
+ int CRYPTO_pop_info(void);
+ int CRYPTO_remove_all_info(void);
+@@ -578,7 +578,7 @@
+
+ /* die if we have to */
+ void OpenSSLDie(const char *file, int line, const char *assertion);
+-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__,
__LINE__, #e),1))
++# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
+
+ unsigned long *OPENSSL_ia32cap_loc(void);
+ # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
+@@ -585,10 +585,10 @@
+ int OPENSSL_isservice(void);
+
+ # ifdef OPENSSL_FIPS
+-# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
++# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
+ alg " previous FIPS forbidden algorithm error ignored");
+
+-# define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
++# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
+ #alg " Algorithm forbidden in FIPS mode");
+
+ # ifdef OPENSSL_FIPS_STRICT
+Index: crypto/err/err.c
+===================================================================
+--- crypto/err/err.c (revision 1)
++++ crypto/err/err.c (working copy)
+@@ -321,7 +321,12 @@
+ es->err_data_flags[i] = flags;
+ }
+
++/* Add EFIAPI for UEFI version. */
++#if defined(OPENSSL_SYS_UEFI)
++void EFIAPI ERR_add_error_data(int num, ...)
++#else
+ void ERR_add_error_data(int num, ...)
++#endif
+ {
+ va_list args;
+ int i, n, s;
+Index: crypto/err/err.h
+===================================================================
+--- crypto/err/err.h (revision 1)
++++ crypto/err/err.h (working copy)
+@@ -285,7 +285,13 @@
+ # endif
+ # ifndef OPENSSL_NO_BIO
+ void ERR_print_errors(BIO *bp);
++
++/* Add EFIAPI for UEFI version. */
++#if defined(OPENSSL_SYS_UEFI)
++void EFIAPI ERR_add_error_data(int num, ...);
++#else
+ void ERR_add_error_data(int num, ...);
++#endif
+ # endif
+ void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
+ void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
+Index: crypto/opensslconf.h
+===================================================================
+--- crypto/opensslconf.h (revision 1)
++++ crypto/opensslconf.h (working copy)
+@@ -162,6 +162,9 @@
+ /* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
++
++/* Bypass following definition for UEFI version. */
++#if !defined(OPENSSL_SYS_UEFI)
+ #undef SIXTY_FOUR_BIT_LONG
+ #undef SIXTY_FOUR_BIT
+ #define THIRTY_TWO_BIT
+@@ -169,6 +172,8 @@
+ #undef EIGHT_BIT
+ #endif
+
++#endif
++
+ #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+ #define CONFIG_HEADER_RC4_LOCL_H
+ /* if this is defined data[i] is used instead of *data, this is a %20
+Index: crypto/pkcs7/pk7_smime.c
+===================================================================
+--- crypto/pkcs7/pk7_smime.c (revision 1)
++++ crypto/pkcs7/pk7_smime.c (working copy)
+@@ -90,7 +90,14 @@
+ if (!PKCS7_content_new(p7, NID_pkcs7_data))
+ goto err;
+
++#if defined(OPENSSL_SYS_UEFI)
++ /*
++ * NOTE: Update to SHA-256 digest algorithm for UEFI version.
++ */
++ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha256()))) {
++#else
+ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) {
++#endif
+ PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+ goto err;
+ }
+@@ -175,7 +182,8 @@
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ X509_STORE_CTX cert_ctx;
+- char buf[4096];
++ char *buf = NULL;
++ int bufsiz;
+ int i, j = 0, k, ret = 0;
+ BIO *p7bio;
+ BIO *tmpin, *tmpout;
+@@ -286,6 +294,12 @@
+ } else
+ tmpout = out;
+
++ bufsiz = 4096;
++ buf = OPENSSL_malloc (bufsiz);
++ if (buf == NULL) {
++ goto err;
++ }
++
+ /* We now have to 'read' from p7bio to calculate digests etc. */
+ for (;;) {
+ i = BIO_read(p7bio, buf, sizeof(buf));
+@@ -328,6 +342,10 @@
+
+ sk_X509_free(signers);
+
++ if (buf != NULL) {
++ OPENSSL_free (buf);
++ }
++
+ return ret;
+ }
+
+Index: crypto/rand/rand_egd.c
+===================================================================
+--- crypto/rand/rand_egd.c (revision 1)
++++ crypto/rand/rand_egd.c (working copy)
+@@ -95,7 +95,7 @@
+ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
+ */
+
+-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) ||
defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
++#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) ||
defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) ||
defined(OPENSSL_SYS_UEFI)
+ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+ {
+ return (-1);
+Index: crypto/rand/rand_unix.c
+===================================================================
+--- crypto/rand/rand_unix.c (revision 1)
++++ crypto/rand/rand_unix.c (working copy)
+@@ -116,7 +116,7 @@
+ #include <openssl/rand.h>
+ #include "rand_lcl.h"
+
+-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) ||
defined(OPENSSL_SYS_UEFI))
+
+ # include <sys/types.h>
+ # include <sys/time.h>
+@@ -332,7 +332,7 @@
+ * defined(OPENSSL_SYS_VXWORKS) ||
+ * defined(OPENSSL_SYS_NETWARE)) */
+
+-#if defined(OPENSSL_SYS_VXWORKS)
++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+ int RAND_poll(void)
+ {
+ return 0;
+Index: crypto/x509/x509_vfy.c
+===================================================================
+--- crypto/x509/x509_vfy.c (revision 1)
++++ crypto/x509/x509_vfy.c (working copy)
+@@ -871,6 +871,10 @@
+
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
+ {
++#if defined(OPENSSL_SYS_UEFI)
++ /* Bypass Certificate Time Checking for UEFI version. */
++ return 1;
++#else
+ time_t *ptime;
+ int i;
+
+@@ -910,6 +914,7 @@
+ }
+
+ return 1;
++#endif
+ }
+
+ static int internal_verify(X509_STORE_CTX *ctx)
Modified: trunk/edk2/CryptoPkg/Library/OpensslLib/Install.cmd
===================================================================
--- trunk/edk2/CryptoPkg/Library/OpensslLib/Install.cmd 2015-03-25 01:51:23 UTC
(rev 17071)
+++ trunk/edk2/CryptoPkg/Library/OpensslLib/Install.cmd 2015-03-25 08:13:32 UTC
(rev 17072)
@@ -1,4 +1,4 @@
-cd openssl-0.9.8ze
+cd openssl-0.9.8zf
copy e_os2.h ..\..\..\Include\openssl
copy crypto\crypto.h ..\..\..\Include\openssl
copy crypto\tmdiff.h ..\..\..\Include\openssl
Modified: trunk/edk2/CryptoPkg/Library/OpensslLib/Install.sh
===================================================================
--- trunk/edk2/CryptoPkg/Library/OpensslLib/Install.sh 2015-03-25 01:51:23 UTC
(rev 17071)
+++ trunk/edk2/CryptoPkg/Library/OpensslLib/Install.sh 2015-03-25 08:13:32 UTC
(rev 17072)
@@ -1,6 +1,6 @@
#!/bin/sh
-cd openssl-0.9.8ze
+cd openssl-0.9.8zf
cp e_os2.h ../../../Include/openssl
cp crypto/crypto.h ../../../Include/openssl
cp crypto/tmdiff.h ../../../Include/openssl
Modified: trunk/edk2/CryptoPkg/Library/OpensslLib/OpensslLib.inf
===================================================================
--- trunk/edk2/CryptoPkg/Library/OpensslLib/OpensslLib.inf 2015-03-25
01:51:23 UTC (rev 17071)
+++ trunk/edk2/CryptoPkg/Library/OpensslLib/OpensslLib.inf 2015-03-25
08:13:32 UTC (rev 17072)
@@ -20,7 +20,7 @@
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
- DEFINE OPENSSL_PATH = openssl-0.9.8ze
+ DEFINE OPENSSL_PATH = openssl-0.9.8zf
DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI
-DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2
-DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG
-DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE
-DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API
-DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_MD2
-DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP
-DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD
-DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST
-DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH
-DOPENSSL_NO_ECDSA -DOPENSSL_NO_ENGINE
Modified: trunk/edk2/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
===================================================================
--- trunk/edk2/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt 2015-03-25
01:51:23 UTC (rev 17071)
+++ trunk/edk2/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt 2015-03-25
08:13:32 UTC (rev 17072)
@@ -17,36 +17,36 @@
================================================================================
OpenSSL-Version
================================================================================
- Current supported OpenSSL version for UEFI Crypto Library is 0.9.8ze.
- http://www.openssl.org/source/openssl-0.9.8ze.tar.gz
+ Current supported OpenSSL version for UEFI Crypto Library is 0.9.8zf.
+ http://www.openssl.org/source/openssl-0.9.8zf.tar.gz
================================================================================
HOW to Install Openssl for UEFI Building
================================================================================
-1. Download OpenSSL 0.9.8ze from official website:
- http://www.openssl.org/source/openssl-0.9.8ze.tar.gz
+1. Download OpenSSL 0.9.8zf from official website:
+ http://www.openssl.org/source/openssl-0.9.8zf.tar.gz
- NOTE: Some web browsers may rename the downloaded TAR file to
openssl-0.9.8ze.tar.tar.
- When you do the download, rename the "openssl-0.9.8ze.tar.tar" to
- "openssl-0.9.8ze.tar.gz" or rename the local downloaded file with
".tar.tar"
+ NOTE: Some web browsers may rename the downloaded TAR file to
openssl-0.9.8zf.tar.tar.
+ When you do the download, rename the "openssl-0.9.8zf.tar.tar" to
+ "openssl-0.9.8zf.tar.gz" or rename the local downloaded file with
".tar.tar"
extension to ".tar.gz".
-2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8ze
+2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8zf
NOTE: If you use WinZip to unpack the openssl source in Windows, please
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options
-->
Configuration --> Miscellaneous --> "TAR file smart CR/LF
conversion").
-3. Apply this patch: EDKII_openssl-0.9.8ze.patch, and make installation
+3. Apply this patch: EDKII_openssl-0.9.8zf.patch, and make installation
For Windows Environment:
------------------------
1) Make sure the patch utility has been installed in your machine.
Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm
- 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8ze
- 3) patch -p0 -i ..\EDKII_openssl-0.9.8ze.patch
+ 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8zf
+ 3) patch -p0 -i ..\EDKII_openssl-0.9.8zf.patch
4) cd ..
5) Install.cmd
@@ -54,8 +54,8 @@
-----------------------
1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/
- 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8ze
- 3) patch -p0 -i ../EDKII_openssl-0.9.8ze.patch
+ 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8zf
+ 3) patch -p0 -i ../EDKII_openssl-0.9.8zf.patch
4) cd ..
5) ./Install.sh
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
