File ovmf-bsc1013603-update-openssl-1.0.2j.patch of Package ovmf.6358

From cd15370bf68552ad3ac102902e6beee963a4e1cc Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Sun, 17 Jul 2016 11:57:45 +0200
Subject: [PATCH 1/7] CryptoPkg: set new define to avoid MS ABI VA_LIST on
 GCC/X64

Set the #define NO_MSABI_VA_FUNCS that will be introduced in a subsequent
patch to avoid the use of the MS ABI in variadic functions. In EDK2, such
functions normally require the EFIAPI modifier to be used, but for external
libraries such as OpenSSL, which lack these annotations, it is easier to
simply revert to the default SysV style VA_LIST ABI.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-By: Liming Gao <liming.gao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
(cherry picked from commit b2dc04a87fab89307240dc0f30b9a23bb5726c81)
---
 CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 361d30eeda..e6832b76dc 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -509,7 +509,7 @@ [BuildOptions]
   INTEL:*_*_IPF_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
 
   GCC:*_*_IA32_CC_FLAGS     = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w
-  GCC:*_*_X64_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -UNO_BUILTIN_VA_FUNCS
+  GCC:*_*_X64_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -UNO_BUILTIN_VA_FUNCS -DNO_MSABI_VA_FUNCS
   GCC:*_*_IPF_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w
   GCC:*_*_ARM_CC_FLAGS      = $(OPENSSL_FLAGS) -w
   GCC:*_*_AARCH64_CC_FLAGS  = $(OPENSSL_FLAGS) -w
-- 
2.11.0


From df99bd27d4c5b93a93bc37b937a4a6097af6929d Mon Sep 17 00:00:00 2001
From: "Shi, Steven" <steven.shi@intel.com>
Date: Sat, 16 Jul 2016 00:16:08 +0200
Subject: [PATCH 2/7] MdePkg: Enable new MS VA intrinsics for GNUC x86 64bits
 build

Both GCC and LLVM 3.8 64bits support new variable argument (VA)
intrinsics for Microsoft ABI, enable these new VA intrinsics for
GNUC family 64bits code build. These VA intrinsics are only
permitted use in 64bits code, so not use them in 32bits code build.
The original 32bits GNU VA intrinsics has the same calling convention
as MS, so we don't need change them.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Steven Shi <steven.shi@intel.com>

[ardb: update CPP logic so that the change only applies to X64]
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-By: Liming Gao <liming.gao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

(cherry picked from commit 48d5f9a551a93acb45f272dda879b0ab5a504e36)
---
 MdePkg/Include/Base.h | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/MdePkg/Include/Base.h b/MdePkg/Include/Base.h
index 89b2aed072..8de293a2b9 100644
--- a/MdePkg/Include/Base.h
+++ b/MdePkg/Include/Base.h
@@ -479,6 +479,30 @@ struct _LIST_ENTRY {
 #define VA_COPY(Dest, Start)          __va_copy (Dest, Start)
 
 #elif defined(__GNUC__) && !defined(NO_BUILTIN_VA_FUNCS)
+
+#if defined(MDE_CPU_X64) && !defined(NO_MSABI_VA_FUNCS)
+//
+// X64 only. Use MS ABI version of GCC built-in macros for variable argument lists.
+//
+///
+/// Both GCC and LLVM 3.8 for X64 support new variable argument intrinsics for Microsoft ABI
+///
+
+///
+/// Variable used to traverse the list of arguments. This type can vary by
+/// implementation and could be an array or structure.
+///
+typedef __builtin_ms_va_list VA_LIST;
+
+#define VA_START(Marker, Parameter)  __builtin_ms_va_start (Marker, Parameter)
+
+#define VA_ARG(Marker, TYPE)         ((sizeof (TYPE) < sizeof (UINTN)) ? (TYPE)(__builtin_va_arg (Marker, UINTN)) : (TYPE)(__builtin_va_arg (Marker, TYPE)))
+
+#define VA_END(Marker)               __builtin_ms_va_end (Marker)
+
+#define VA_COPY(Dest, Start)         __builtin_ms_va_copy (Dest, Start)
+
+#else
 //
 // Use GCC built-in macros for variable argument lists.
 //
@@ -497,6 +521,8 @@ typedef __builtin_va_list VA_LIST;
 
 #define VA_COPY(Dest, Start)         __builtin_va_copy (Dest, Start)
 
+#endif
+
 #else
 ///
 /// Variable used to traverse the list of arguments. This type can vary by
-- 
2.11.0


From da80c9184b8ed38f6ccbc1b31b8b0f1d306e9e0d Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Sun, 17 Jul 2016 12:11:32 +0200
Subject: [PATCH 3/7] EdkCompatibilityPkg: Enable new MS VA intrinsics for GNUC
 x86 64bits build

Align EdkCompatibilityPkg with this change from MdePkg

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-By: Liming Gao <liming.gao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
(cherry picked from commit 0676c285ba518ae81ca7f06278d4cc4958660864)
---
 EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h | 26 ++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h b/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h
index 94b93ea4d1..cd32553105 100644
--- a/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h
+++ b/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h
@@ -93,6 +93,30 @@ Abstract:
 #define VA_COPY(Dest, Start)          __va_copy (Dest, Start)
 
 #elif defined(__GNUC__) && !defined(NO_BUILTIN_VA_FUNCS)
+
+#if defined(MDE_CPU_X64) && !defined(NO_MSABI_VA_FUNCS)
+//
+// X64 only. Use MS ABI version of GCC built-in macros for variable argument lists.
+//
+///
+/// Both GCC and LLVM 3.8 for X64 support new variable argument intrinsics for Microsoft ABI
+///
+
+///
+/// Variable used to traverse the list of arguments. This type can vary by
+/// implementation and could be an array or structure.
+///
+typedef __builtin_ms_va_list VA_LIST;
+
+#define VA_START(Marker, Parameter)  __builtin_ms_va_start (Marker, Parameter)
+
+#define VA_ARG(Marker, TYPE)         ((sizeof (TYPE) < sizeof (UINTN)) ? (TYPE)(__builtin_va_arg (Marker, UINTN)) : (TYPE)(__builtin_va_arg (Marker, TYPE)))
+
+#define VA_END(Marker)               __builtin_ms_va_end (Marker)
+
+#define VA_COPY(Dest, Start)         __builtin_ms_va_copy (Dest, Start)
+
+#else
 //
 // Use GCC built-in macros for variable argument lists.
 //
@@ -111,6 +135,8 @@ typedef __builtin_va_list VA_LIST;
 
 #define VA_COPY(Dest, Start)         __builtin_va_copy (Dest, Start)
 
+#endif
+
 #else
 
 #ifndef VA_START
-- 
2.11.0


From 5e3d434db60440633cbc28d1d83ed5d7f2130515 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Sat, 16 Jul 2016 00:16:09 +0200
Subject: [PATCH 4/7] BaseTools/tools_def: enable Os optimization for GCC X64
 builds

Now that we switched to the __builtin_ms_va_list VA_LIST type for
GCC/X64, we can trust the compiler to do the right thing even under
optimization, and so we can enable -Os optimization all the way back
to GCC44, and drop the -D define that prevents the use of the __builtin
VA_LIST types. Note that this requires the -maccumulate-outgoing-args
switch as well.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-By: Liming Gao <liming.gao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
(cherry picked from commit 247093f45d94a3956cdd15c357fe7d6dca878df9)
---
 BaseTools/Conf/tools_def.template | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
index 2065fa3499..a7da674161 100644
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -4353,7 +4353,7 @@ DEFINE GCC_AARCH64_RC_FLAGS        = -I binary -O elf64-littleaarch64 -B aarch64
 
 DEFINE GCC44_ALL_CC_FLAGS            = -g -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -c -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
 DEFINE GCC44_IA32_CC_FLAGS           = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables
-DEFINE GCC44_X64_CC_FLAGS            = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -DNO_BUILTIN_VA_FUNCS -mno-red-zone -Wno-address -mcmodel=large -fno-asynchronous-unwind-tables
+DEFINE GCC44_X64_CC_FLAGS            = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -Os -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=large -fno-asynchronous-unwind-tables
 DEFINE GCC44_IA32_X64_DLINK_COMMON   = -nostdlib -n -q --gc-sections -z common-page-size=0x20
 DEFINE GCC44_IA32_X64_ASLDLINK_FLAGS = DEF(GCC44_IA32_X64_DLINK_COMMON) --entry ReferenceAcpiTable -u ReferenceAcpiTable
 DEFINE GCC44_IA32_X64_DLINK_FLAGS    = DEF(GCC44_IA32_X64_DLINK_COMMON) --entry $(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
-- 
2.11.0


From ce5527cf143e8e48aa3a53da99c0b2f743420872 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Sun, 17 Jul 2016 12:12:16 +0200
Subject: [PATCH 5/7] MdePkg CryptoPkg EdkCompatibilityPkg: retire
 NO_BUILTIN_VA_FUNCS define

This is never set anymore, so unsetting it or testing whether it is unset
no longer makes any sense.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-By: Liming Gao <liming.gao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
(cherry picked from commit 17ab1ec5accc866b77446f4e336e982bb5e1cc9f)
---
 CryptoPkg/Library/OpensslLib/OpensslLib.inf        | 2 +-
 EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h | 2 +-
 MdePkg/Include/Base.h                              | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index e6832b76dc..6cf817b866 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -509,7 +509,7 @@ [BuildOptions]
   INTEL:*_*_IPF_CC_FLAGS    = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
 
   GCC:*_*_IA32_CC_FLAGS     = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w
-  GCC:*_*_X64_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -UNO_BUILTIN_VA_FUNCS -DNO_MSABI_VA_FUNCS
+  GCC:*_*_X64_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -DNO_MSABI_VA_FUNCS
   GCC:*_*_IPF_CC_FLAGS      = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w
   GCC:*_*_ARM_CC_FLAGS      = $(OPENSSL_FLAGS) -w
   GCC:*_*_AARCH64_CC_FLAGS  = $(OPENSSL_FLAGS) -w
diff --git a/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h b/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h
index cd32553105..3596233eac 100644
--- a/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h
+++ b/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h
@@ -92,7 +92,7 @@ Abstract:
 
 #define VA_COPY(Dest, Start)          __va_copy (Dest, Start)
 
-#elif defined(__GNUC__) && !defined(NO_BUILTIN_VA_FUNCS)
+#elif defined(__GNUC__)
 
 #if defined(MDE_CPU_X64) && !defined(NO_MSABI_VA_FUNCS)
 //
diff --git a/MdePkg/Include/Base.h b/MdePkg/Include/Base.h
index 8de293a2b9..b36b069f05 100644
--- a/MdePkg/Include/Base.h
+++ b/MdePkg/Include/Base.h
@@ -478,7 +478,7 @@ struct _LIST_ENTRY {
 
 #define VA_COPY(Dest, Start)          __va_copy (Dest, Start)
 
-#elif defined(__GNUC__) && !defined(NO_BUILTIN_VA_FUNCS)
+#elif defined(__GNUC__)
 
 #if defined(MDE_CPU_X64) && !defined(NO_MSABI_VA_FUNCS)
 //
-- 
2.11.0


From 0f68c97b60212cb61fcd061eeb285c72af8914db Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Sat, 6 Aug 2016 04:50:50 +0800
Subject: [PATCH 6/7] CryptoPkg: Fix capitalization of path name in
 Patch-HOWTO.txt

It's "OpensslLib", not "OpenSslLib" - not a big issue, but the
typo is annoying when trying to copy-n-paste the path name to
use it on the command line on Linux.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>
(cherry picked from commit 34a4babec8df5c1f5bf86f1cc83b3cc20016c62c)
---
 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
index f8367363a9..91098b93f5 100644
--- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
+++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
@@ -32,7 +32,7 @@ cryptography. This patch will enable openssl building under UEFI environment.
           "openssl-1.0.2h.tar.gz" or rename the local downloaded file with ".tar.tar"
           extension to ".tar.gz".
 
-2.  Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2h
+2.  Extract TAR into CryptoPkg/Library/OpensslLib/openssl-1.0.2h
 
     NOTE: If you use WinZip to unpack the openssl source in Windows, please
           uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
-- 
2.11.0


From 6f76e7527b73cd6d1dfe4dce256a03f334acebb8 Mon Sep 17 00:00:00 2001
From: Qin Long <qin.long@intel.com>
Date: Tue, 27 Sep 2016 16:54:04 +0800
Subject: [PATCH 7/7] CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2j

Two official releases (OpenSSL 1.0.2i and 1.0.2j) were available
with several severity fixes at 22-Sep-2016 and 26-Sep-2016.
Refer to
https://www.openssl.org/news/secadv/20160922.txt and
https://www.openssl.org/news/secadv/20160926.txt.
This patch is to upgrade the supported OpenSSL version in
CryptoPkg/OpensslLib to catch the latest release 1.0.2j.

Cc: Ting Ye <ting.ye@intel.com>
Cc: David Woodhouse <David.Woodhouse@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit dab62c5ec8a88def3ee99c04d644720cb201de08)
---
 CryptoPkg/CryptoPkg.dec                            |   2 +-
 ...ssl-1.0.2h.patch => EDKII_openssl-1.0.2j.patch} | 171 ++++++---------------
 CryptoPkg/Library/OpensslLib/Install.cmd           |   2 +-
 CryptoPkg/Library/OpensslLib/Install.sh            |   2 +-
 CryptoPkg/Library/OpensslLib/OpensslLib.inf        |   2 +-
 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt       |  26 ++--
 6 files changed, 62 insertions(+), 143 deletions(-)
 rename CryptoPkg/Library/OpensslLib/{EDKII_openssl-1.0.2h.patch => EDKII_openssl-1.0.2j.patch} (92%)

diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index c0885bb089..80579b7db8 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -24,7 +24,7 @@ [Defines]
 
 [Includes]
   Include
-  Library/OpensslLib/openssl-1.0.2h/include
+  Library/OpensslLib/openssl-1.0.2j/include
 
 [LibraryClasses]
   ##  @libraryclass  Provides basic library functions for cryptographic primitives.
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2h.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2j.patch
similarity index 92%
rename from CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2h.patch
rename to CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2j.patch
index 559fc67144..ecd13a9d5f 100644
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2h.patch
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2j.patch
@@ -1,5 +1,5 @@
 diff --git a/Configure b/Configure
-index c98107a..c122709 100755
+index c39f71a..98dd1d0 100755
 --- a/Configure
 +++ b/Configure
 @@ -609,6 +609,9 @@ my %table=(
@@ -12,7 +12,7 @@ index c98107a..c122709 100755
  # UWIN 
  "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
  
-@@ -1088,7 +1091,7 @@ if (defined($disabled{"tls1"}))
+@@ -1083,7 +1086,7 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"})
  	}
  
  if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
@@ -22,20 +22,20 @@ index c98107a..c122709 100755
  	$disabled{"gost"} = "forced";
  	}
 diff --git a/apps/apps.c b/apps/apps.c
-index b1dd970..8278c28 100644
+index 9fdc3e0..6c183b0 100644
 --- a/apps/apps.c
 +++ b/apps/apps.c
-@@ -2374,6 +2374,8 @@ int args_verify(char ***pargs, int *pargc,
+@@ -2375,6 +2375,8 @@ int args_verify(char ***pargs, int *pargc,
          flags |= X509_V_FLAG_PARTIAL_CHAIN;
      else if (!strcmp(arg, "-no_alt_chains"))
          flags |= X509_V_FLAG_NO_ALT_CHAINS;
 +    else if (!strcmp(arg, "-no_check_time"))
 +        flags |= X509_V_FLAG_NO_CHECK_TIME;
+     else if (!strcmp(arg, "-allow_proxy_certs"))
+         flags |= X509_V_FLAG_ALLOW_PROXY_CERTS;
      else
-         return 0;
- 
 diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
-index 35fd44c..9f39bff 100644
+index 2d562f9..91203b7 100644
 --- a/crypto/asn1/a_strex.c
 +++ b/crypto/asn1/a_strex.c
 @@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)
@@ -426,7 +426,7 @@ index 5281384..952b545 100644
  #ifndef OPENSSL_NO_FP_API
  int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
 diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
-index 9acfca4..5e0a482 100644
+index e0c9a67..13d93ea 100644
 --- a/crypto/conf/conf_mod.c
 +++ b/crypto/conf/conf_mod.c
 @@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
@@ -747,21 +747,6 @@ index b58e3fa..926be98 100644
  }
  
  const EVP_PKEY_METHOD dh_pkey_meth = {
-diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
-index 83e208c..4869098 100644
---- a/crypto/ec/ec_ameth.c
-+++ b/crypto/ec/ec_ameth.c
-@@ -67,8 +67,10 @@
- #include <openssl/asn1t.h>
- #include "asn1_locl.h"
- 
-+#ifndef OPENSSL_NO_CMS
- static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
- static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
-+#endif
- 
- static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
- {
 diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
 index 46f163b..b4a72a0 100644
 --- a/crypto/engine/eng_int.h
@@ -943,7 +928,7 @@ index 7a1c85d..7162c0f 100644
  #undef BN_LLONG
  
 diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
-index d3b23fc..5df6ffd 100644
+index aac72fb..d271ec8 100644
 --- a/crypto/pem/pem.h
 +++ b/crypto/pem/pem.h
 @@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
@@ -987,7 +972,7 @@ index d3b23fc..5df6ffd 100644
  EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
  int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
 diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
-index fe881d6..e25cc68 100644
+index c82b3c0..56c77b1 100644
 --- a/crypto/pem/pem_lib.c
 +++ b/crypto/pem/pem_lib.c
 @@ -84,7 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix);
@@ -1130,7 +1115,7 @@ index 737aebf..f23f348 100644
  {
      return (-1);
 diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
-index 266111e..f60fac6 100644
+index 6c5b65d..11ee152 100644
 --- a/crypto/rand/rand_unix.c
 +++ b/crypto/rand/rand_unix.c
 @@ -116,7 +116,7 @@
@@ -1151,71 +1136,6 @@ index 266111e..f60fac6 100644
  int RAND_poll(void)
  {
      return 0;
-diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
-index 4e06218..ddead3d 100644
---- a/crypto/rsa/rsa_ameth.c
-+++ b/crypto/rsa/rsa_ameth.c
-@@ -68,10 +68,12 @@
- #endif
- #include "asn1_locl.h"
- 
-+#ifndef OPENSSL_NO_CMS
- static int rsa_cms_sign(CMS_SignerInfo *si);
- static int rsa_cms_verify(CMS_SignerInfo *si);
- static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
- static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
-+#endif
- 
- static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
- {
-@@ -665,6 +667,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
-     return rv;
- }
- 
-+#ifndef OPENSSL_NO_CMS
- static int rsa_cms_verify(CMS_SignerInfo *si)
- {
-     int nid, nid2;
-@@ -683,6 +686,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
-     }
-     return 0;
- }
-+#endif
- 
- /*
-  * Customised RSA item verification routine. This is called when a signature
-@@ -705,6 +709,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-     return -1;
- }
- 
-+#ifndef OPENSSL_NO_CMS
- static int rsa_cms_sign(CMS_SignerInfo *si)
- {
-     int pad_mode = RSA_PKCS1_PADDING;
-@@ -729,6 +734,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
-     X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
-     return 1;
- }
-+#endif
- 
- static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-                          X509_ALGOR *alg1, X509_ALGOR *alg2,
-@@ -762,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-     return 2;
- }
- 
-+#ifndef OPENSSL_NO_CMS
- static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
-                                         X509_ALGOR **pmaskHash)
- {
-@@ -920,6 +927,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
-         ASN1_STRING_free(os);
-     return rv;
- }
-+#endif
- 
- const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
-     {
 diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h
 index 028892a..4ed4bfe 100644
 --- a/crypto/srp/srp.h
@@ -1231,10 +1151,10 @@ index 028892a..4ed4bfe 100644
  /* This method ignores the configured seed and fails for an unknown user. */
  SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
 diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
-index 26ad3e0..6be4cf2 100644
+index a8ec52a..ce20804 100644
 --- a/crypto/srp/srp_vfy.c
 +++ b/crypto/srp/srp_vfy.c
-@@ -225,6 +225,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
+@@ -228,6 +228,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
      return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));
  }
  
@@ -1242,15 +1162,15 @@ index 26ad3e0..6be4cf2 100644
  static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
                                 const char *v)
  {
-@@ -239,6 +240,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
-     len = t_fromb64(tmp, s);
-     return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);
+@@ -254,6 +255,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
+     vinfo->v = NULL;
+     return 0;
  }
 +#endif
  
  static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
  {
-@@ -297,6 +299,7 @@ int SRP_VBASE_free(SRP_VBASE *vb)
+@@ -312,6 +314,7 @@ int SRP_VBASE_free(SRP_VBASE *vb)
      return 0;
  }
  
@@ -1258,7 +1178,7 @@ index 26ad3e0..6be4cf2 100644
  static SRP_gN_cache *SRP_gN_new_init(const char *ch)
  {
      unsigned char tmp[MAX_LEN];
-@@ -328,6 +331,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache)
+@@ -346,6 +349,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache)
      BN_free(gN_cache->bn);
      OPENSSL_free(gN_cache);
  }
@@ -1266,7 +1186,7 @@ index 26ad3e0..6be4cf2 100644
  
  static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
  {
-@@ -344,6 +348,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
+@@ -362,6 +366,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
      return SRP_get_default_gN(id);
  }
  
@@ -1274,7 +1194,7 @@ index 26ad3e0..6be4cf2 100644
  static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
  {
      int i;
-@@ -485,6 +490,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
+@@ -503,6 +508,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
      return error_code;
  
  }
@@ -1283,7 +1203,7 @@ index 26ad3e0..6be4cf2 100644
  static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username)
  {
 diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h
-index 16eccbb..a9fe40e 100644
+index 2daa1b2..5205bc5 100644
 --- a/crypto/ts/ts.h
 +++ b/crypto/ts/ts.h
 @@ -281,8 +281,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
@@ -1342,7 +1262,7 @@ index 16eccbb..a9fe40e 100644
  
  TS_ACCURACY *TS_ACCURACY_new(void);
  void TS_ACCURACY_free(TS_ACCURACY *a);
-@@ -728,15 +736,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
+@@ -731,15 +739,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
   * ts/ts_conf.c
   */
  
@@ -1361,7 +1281,7 @@ index 16eccbb..a9fe40e 100644
  int TS_CONF_set_signer_cert(CONF *conf, const char *section,
                              const char *cert, TS_RESP_CTX *ctx);
  int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
-@@ -744,6 +755,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
+@@ -747,6 +758,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
  int TS_CONF_set_signer_key(CONF *conf, const char *section,
                             const char *key, const char *pass,
                             TS_RESP_CTX *ctx);
@@ -1369,7 +1289,7 @@ index 16eccbb..a9fe40e 100644
  int TS_CONF_set_def_policy(CONF *conf, const char *section,
                             const char *policy, TS_RESP_CTX *ctx);
  int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
-@@ -784,6 +796,11 @@ void ERR_load_TS_strings(void);
+@@ -787,6 +799,11 @@ void ERR_load_TS_strings(void);
  # define TS_F_TS_CHECK_SIGNING_CERTS                      103
  # define TS_F_TS_CHECK_STATUS_INFO                        104
  # define TS_F_TS_COMPUTE_IMPRINT                          145
@@ -1381,7 +1301,7 @@ index 16eccbb..a9fe40e 100644
  # define TS_F_TS_CONF_SET_DEFAULT_ENGINE                  146
  # define TS_F_TS_GET_STATUS_TEXT                          105
  # define TS_F_TS_MSG_IMPRINT_SET_ALGO                     118
-@@ -822,6 +839,8 @@ void ERR_load_TS_strings(void);
+@@ -825,6 +842,8 @@ void ERR_load_TS_strings(void);
  /* Reason codes. */
  # define TS_R_BAD_PKCS7_TYPE                              132
  # define TS_R_BAD_TYPE                                    133
@@ -1390,7 +1310,7 @@ index 16eccbb..a9fe40e 100644
  # define TS_R_CERTIFICATE_VERIFY_ERROR                    100
  # define TS_R_COULD_NOT_SET_ENGINE                        127
  # define TS_R_COULD_NOT_SET_TIME                          115
-@@ -854,6 +873,8 @@ void ERR_load_TS_strings(void);
+@@ -857,6 +876,8 @@ void ERR_load_TS_strings(void);
  # define TS_R_UNACCEPTABLE_POLICY                         125
  # define TS_R_UNSUPPORTED_MD_ALGORITHM                    126
  # define TS_R_UNSUPPORTED_VERSION                         113
@@ -1531,7 +1451,7 @@ index 0f29011..80dd40e 100644
                             int verify)
  {
 diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
-index 9ee8f8d..64b052e 100644
+index bbc3189..29695f9 100644
 --- a/crypto/x509/by_dir.c
 +++ b/crypto/x509/by_dir.c
 @@ -69,6 +69,8 @@
@@ -1543,17 +1463,17 @@ index 9ee8f8d..64b052e 100644
  #include <openssl/lhash.h>
  #include <openssl/x509.h>
  
-@@ -434,3 +436,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
+@@ -438,3 +440,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
          BUF_MEM_free(b);
      return (ok);
  }
 +
 +#endif /* OPENSSL_NO_STDIO */
 diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 4d34dba..25e8a89 100644
+index 8334b3f..d075f66 100644
 --- a/crypto/x509/x509_vfy.c
 +++ b/crypto/x509/x509_vfy.c
-@@ -950,6 +950,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
+@@ -1064,6 +1064,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
          ctx->current_crl = crl;
      if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
          ptime = &ctx->param->check_time;
@@ -1562,7 +1482,7 @@ index 4d34dba..25e8a89 100644
      else
          ptime = NULL;
  
-@@ -1673,6 +1675,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
+@@ -1805,6 +1807,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
  
      if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
          ptime = &ctx->param->check_time;
@@ -1572,10 +1492,10 @@ index 4d34dba..25e8a89 100644
          ptime = NULL;
  
 diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
-index 2663e1c..3790ef5 100644
+index 5062682..e90d931 100644
 --- a/crypto/x509/x509_vfy.h
 +++ b/crypto/x509/x509_vfy.h
-@@ -438,6 +438,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
+@@ -443,6 +443,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
   * will force the behaviour to match that of previous versions.
   */
  # define X509_V_FLAG_NO_ALT_CHAINS               0x100000
@@ -1584,11 +1504,10 @@ index 2663e1c..3790ef5 100644
  
  # define X509_VP_FLAG_DEFAULT                    0x1
  # define X509_VP_FLAG_OVERWRITE                  0x2
-@@ -490,9 +492,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
- X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
+@@ -496,8 +498,10 @@ X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
  
  X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
--
+ 
 +#ifndef OPENSSL_NO_STDIO
  X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
  X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
@@ -1944,10 +1863,10 @@ index f6b3ff2..1dcbe36 100755
  		     SEED,-
  		     SHA,-
 diff --git a/ssl/d1_both.c b/ssl/d1_both.c
-index 5d26c94..ee3f49b 100644
+index 9bc6153..b5648eb 100644
 --- a/ssl/d1_both.c
 +++ b/ssl/d1_both.c
-@@ -1053,7 +1053,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
+@@ -1068,7 +1068,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
  int dtls1_read_failed(SSL *s, int code)
  {
      if (code > 0) {
@@ -1957,7 +1876,7 @@ index 5d26c94..ee3f49b 100644
      }
  
 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
-index 35cc27c..a1f5335 100644
+index 499f0e8..5672f99 100644
 --- a/ssl/ssl_asn1.c
 +++ b/ssl/ssl_asn1.c
 @@ -418,7 +418,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
@@ -1992,9 +1911,9 @@ index 35cc27c..a1f5335 100644
              c.error = SSL_R_BAD_LENGTH;
 -            c.line = __LINE__;
 +            c.line = OPENSSL_LINE;
-             goto err;
-         } else {
-             ret->sid_ctx_length = os.length;
+             OPENSSL_free(os.data);
+             os.data = NULL;
+             os.length = 0;
 diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
 index f48ebae..ac4f08c 100644
 --- a/ssl/ssl_cert.c
@@ -2068,10 +1987,10 @@ index 8d3709d..2bb403b 100644
  
  static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
 diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
-index 514fcb3..2a54cc9 100644
+index b6d1ee9..75f38cd 100644
 --- a/ssl/t1_enc.c
 +++ b/ssl/t1_enc.c
-@@ -780,9 +780,7 @@ int tls1_enc(SSL *s, int send)
+@@ -779,9 +779,7 @@ int tls1_enc(SSL *s, int send)
                       * we can't write into the input stream: Can this ever
                       * happen?? (steve)
                       */
@@ -2152,7 +2071,7 @@ index b9b159a..9841498 100755
  			if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
  			if ($keyword eq "PSK" && $no_psk) { return 0; }
 diff --git a/util/mkerr.pl b/util/mkerr.pl
-index 09ebebe..cd57ade 100644
+index c197f3a..97b295c 100644
 --- a/util/mkerr.pl
 +++ b/util/mkerr.pl
 @@ -89,7 +89,7 @@ Options:
@@ -2164,7 +2083,7 @@ index 09ebebe..cd57ade 100644
                  while the code facilitates the use of these in an environment
                  where the error support routines are dynamically loaded at 
                  runtime.
-@@ -474,7 +474,7 @@ EOF
+@@ -482,7 +482,7 @@ EOF
  ${staticloader}void ERR_load_${lib}_strings(void);
  ${staticloader}void ERR_unload_${lib}_strings(void);
  ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd b/CryptoPkg/Library/OpensslLib/Install.cmd
index 83d04d7180..3d86bc78d0 100755
--- a/CryptoPkg/Library/OpensslLib/Install.cmd
+++ b/CryptoPkg/Library/OpensslLib/Install.cmd
@@ -1,4 +1,4 @@
-cd openssl-1.0.2h
+cd openssl-1.0.2j
 copy ..\opensslconf.h           crypto
 if not exist include\openssl mkdir include\openssl
 copy e_os2.h                    include\openssl
diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh
index 95963ff662..e6703d1b78 100755
--- a/CryptoPkg/Library/OpensslLib/Install.sh
+++ b/CryptoPkg/Library/OpensslLib/Install.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-cd openssl-1.0.2h
+cd openssl-1.0.2j
 cp ../opensslconf.h           crypto
 mkdir -p                      include/openssl
 cp e_os2.h                    include/openssl
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 6cf817b866..09b48466b6 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -20,7 +20,7 @@ [Defines]
   MODULE_TYPE                    = BASE
   VERSION_STRING                 = 1.0
   LIBRARY_CLASS                  = OpensslLib
-  DEFINE OPENSSL_PATH            = openssl-1.0.2h
+  DEFINE OPENSSL_PATH            = openssl-1.0.2j
   DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
 
 #
diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
index 91098b93f5..d7e3d9e875 100644
--- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
+++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
@@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building under UEFI environment.
 ================================================================================
                                 OpenSSL-Version
 ================================================================================
-  Current supported OpenSSL version for UEFI Crypto Library is 1.0.2h.
-    http://www.openssl.org/source/openssl-1.0.2h.tar.gz
+  Current supported OpenSSL version for UEFI Crypto Library is 1.0.2j.
+    http://www.openssl.org/source/openssl-1.0.2j.tar.gz
 
 
 ================================================================================
                       HOW to Install Openssl for UEFI Building
 ================================================================================
-1.  Download OpenSSL 1.0.2h from official website:
-    http://www.openssl.org/source/openssl-1.0.2h.tar.gz
+1.  Download OpenSSL 1.0.2j from official website:
+    http://www.openssl.org/source/openssl-1.0.2j.tar.gz
 
-    NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2h.tar.tar.
-          When you do the download, rename the "openssl-1.0.2h.tar.tar" to
-          "openssl-1.0.2h.tar.gz" or rename the local downloaded file with ".tar.tar"
+    NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2j.tar.tar.
+          When you do the download, rename the "openssl-1.0.2j.tar.tar" to
+          "openssl-1.0.2j.tar.gz" or rename the local downloaded file with ".tar.tar"
           extension to ".tar.gz".
 
-2.  Extract TAR into CryptoPkg/Library/OpensslLib/openssl-1.0.2h
+2.  Extract TAR into CryptoPkg/Library/OpensslLib/openssl-1.0.2j
 
     NOTE: If you use WinZip to unpack the openssl source in Windows, please
           uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
           Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
 
-3.  Apply this patch: EDKII_openssl-1.0.2h.patch, and make installation
+3.  Apply this patch: EDKII_openssl-1.0.2j.patch, and make installation
 
     For Windows Environment:
     ------------------------
     1) Make sure the patch utility has been installed in your machine.
        Install Cygwin or get the patch utility binary from
           http://gnuwin32.sourceforge.net/packages/patch.htm
-    2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2h
-    3) patch -p1 -i ..\EDKII_openssl-1.0.2h.patch
+    2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2j
+    3) patch -p1 -i ..\EDKII_openssl-1.0.2j.patch
     4) cd ..
     5) Install.cmd
 
@@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment.
     -----------------------
     1) Make sure the patch utility has been installed in your machine.
        Patch utility is available from http://directory.fsf.org/project/patch/
-    2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2h
-    3) patch -p1 -i ../EDKII_openssl-1.0.2h.patch
+    2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2j
+    3) patch -p1 -i ../EDKII_openssl-1.0.2j.patch
     4) cd ..
     5) ./Install.sh
 
-- 
2.11.0
openSUSE Build Service is sponsored by