Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
ovmf.6568
ovmf-bsc1013603-update-openssl-1.0.2j.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ovmf-bsc1013603-update-openssl-1.0.2j.patch of Package ovmf.6568
From cd15370bf68552ad3ac102902e6beee963a4e1cc Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel <ard.biesheuvel@linaro.org> Date: Sun, 17 Jul 2016 11:57:45 +0200 Subject: [PATCH 1/7] CryptoPkg: set new define to avoid MS ABI VA_LIST on GCC/X64 Set the #define NO_MSABI_VA_FUNCS that will be introduced in a subsequent patch to avoid the use of the MS ABI in variadic functions. In EDK2, such functions normally require the EFIAPI modifier to be used, but for external libraries such as OpenSSL, which lack these annotations, it is easier to simply revert to the default SysV style VA_LIST ABI. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Tested-By: Liming Gao <liming.gao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> (cherry picked from commit b2dc04a87fab89307240dc0f30b9a23bb5726c81) --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 361d30eeda..e6832b76dc 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -509,7 +509,7 @@ [BuildOptions] INTEL:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w - GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -UNO_BUILTIN_VA_FUNCS + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -UNO_BUILTIN_VA_FUNCS -DNO_MSABI_VA_FUNCS GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -w GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -w -- 2.11.0 From df99bd27d4c5b93a93bc37b937a4a6097af6929d Mon Sep 17 00:00:00 2001 From: "Shi, Steven" <steven.shi@intel.com> Date: Sat, 16 Jul 2016 00:16:08 +0200 Subject: [PATCH 2/7] MdePkg: Enable new MS VA intrinsics for GNUC x86 64bits build Both GCC and LLVM 3.8 64bits support new variable argument (VA) intrinsics for Microsoft ABI, enable these new VA intrinsics for GNUC family 64bits code build. These VA intrinsics are only permitted use in 64bits code, so not use them in 32bits code build. The original 32bits GNU VA intrinsics has the same calling convention as MS, so we don't need change them. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Steven Shi <steven.shi@intel.com> [ardb: update CPP logic so that the change only applies to X64] Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Tested-By: Liming Gao <liming.gao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> (cherry picked from commit 48d5f9a551a93acb45f272dda879b0ab5a504e36) --- MdePkg/Include/Base.h | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/MdePkg/Include/Base.h b/MdePkg/Include/Base.h index 89b2aed072..8de293a2b9 100644 --- a/MdePkg/Include/Base.h +++ b/MdePkg/Include/Base.h @@ -479,6 +479,30 @@ struct _LIST_ENTRY { #define VA_COPY(Dest, Start) __va_copy (Dest, Start) #elif defined(__GNUC__) && !defined(NO_BUILTIN_VA_FUNCS) + +#if defined(MDE_CPU_X64) && !defined(NO_MSABI_VA_FUNCS) +// +// X64 only. Use MS ABI version of GCC built-in macros for variable argument lists. +// +/// +/// Both GCC and LLVM 3.8 for X64 support new variable argument intrinsics for Microsoft ABI +/// + +/// +/// Variable used to traverse the list of arguments. This type can vary by +/// implementation and could be an array or structure. +/// +typedef __builtin_ms_va_list VA_LIST; + +#define VA_START(Marker, Parameter) __builtin_ms_va_start (Marker, Parameter) + +#define VA_ARG(Marker, TYPE) ((sizeof (TYPE) < sizeof (UINTN)) ? (TYPE)(__builtin_va_arg (Marker, UINTN)) : (TYPE)(__builtin_va_arg (Marker, TYPE))) + +#define VA_END(Marker) __builtin_ms_va_end (Marker) + +#define VA_COPY(Dest, Start) __builtin_ms_va_copy (Dest, Start) + +#else // // Use GCC built-in macros for variable argument lists. // @@ -497,6 +521,8 @@ typedef __builtin_va_list VA_LIST; #define VA_COPY(Dest, Start) __builtin_va_copy (Dest, Start) +#endif + #else /// /// Variable used to traverse the list of arguments. This type can vary by -- 2.11.0 From da80c9184b8ed38f6ccbc1b31b8b0f1d306e9e0d Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel <ard.biesheuvel@linaro.org> Date: Sun, 17 Jul 2016 12:11:32 +0200 Subject: [PATCH 3/7] EdkCompatibilityPkg: Enable new MS VA intrinsics for GNUC x86 64bits build Align EdkCompatibilityPkg with this change from MdePkg Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Tested-By: Liming Gao <liming.gao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> (cherry picked from commit 0676c285ba518ae81ca7f06278d4cc4958660864) --- EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h b/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h index 94b93ea4d1..cd32553105 100644 --- a/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h +++ b/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h @@ -93,6 +93,30 @@ Abstract: #define VA_COPY(Dest, Start) __va_copy (Dest, Start) #elif defined(__GNUC__) && !defined(NO_BUILTIN_VA_FUNCS) + +#if defined(MDE_CPU_X64) && !defined(NO_MSABI_VA_FUNCS) +// +// X64 only. Use MS ABI version of GCC built-in macros for variable argument lists. +// +/// +/// Both GCC and LLVM 3.8 for X64 support new variable argument intrinsics for Microsoft ABI +/// + +/// +/// Variable used to traverse the list of arguments. This type can vary by +/// implementation and could be an array or structure. +/// +typedef __builtin_ms_va_list VA_LIST; + +#define VA_START(Marker, Parameter) __builtin_ms_va_start (Marker, Parameter) + +#define VA_ARG(Marker, TYPE) ((sizeof (TYPE) < sizeof (UINTN)) ? (TYPE)(__builtin_va_arg (Marker, UINTN)) : (TYPE)(__builtin_va_arg (Marker, TYPE))) + +#define VA_END(Marker) __builtin_ms_va_end (Marker) + +#define VA_COPY(Dest, Start) __builtin_ms_va_copy (Dest, Start) + +#else // // Use GCC built-in macros for variable argument lists. // @@ -111,6 +135,8 @@ typedef __builtin_va_list VA_LIST; #define VA_COPY(Dest, Start) __builtin_va_copy (Dest, Start) +#endif + #else #ifndef VA_START -- 2.11.0 From 5e3d434db60440633cbc28d1d83ed5d7f2130515 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel <ard.biesheuvel@linaro.org> Date: Sat, 16 Jul 2016 00:16:09 +0200 Subject: [PATCH 4/7] BaseTools/tools_def: enable Os optimization for GCC X64 builds Now that we switched to the __builtin_ms_va_list VA_LIST type for GCC/X64, we can trust the compiler to do the right thing even under optimization, and so we can enable -Os optimization all the way back to GCC44, and drop the -D define that prevents the use of the __builtin VA_LIST types. Note that this requires the -maccumulate-outgoing-args switch as well. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Tested-By: Liming Gao <liming.gao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> (cherry picked from commit 247093f45d94a3956cdd15c357fe7d6dca878df9) --- BaseTools/Conf/tools_def.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template index 2065fa3499..a7da674161 100644 --- a/BaseTools/Conf/tools_def.template +++ b/BaseTools/Conf/tools_def.template @@ -4353,7 +4353,7 @@ DEFINE GCC_AARCH64_RC_FLAGS = -I binary -O elf64-littleaarch64 -B aarch64 DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -c -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -DNO_BUILTIN_VA_FUNCS -mno-red-zone -Wno-address -mcmodel=large -fno-asynchronous-unwind-tables +DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -Os -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=large -fno-asynchronous-unwind-tables DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -n -q --gc-sections -z common-page-size=0x20 DEFINE GCC44_IA32_X64_ASLDLINK_FLAGS = DEF(GCC44_IA32_X64_DLINK_COMMON) --entry ReferenceAcpiTable -u ReferenceAcpiTable DEFINE GCC44_IA32_X64_DLINK_FLAGS = DEF(GCC44_IA32_X64_DLINK_COMMON) --entry $(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Map $(DEST_DIR_DEBUG)/$(BASE_NAME).map -- 2.11.0 From ce5527cf143e8e48aa3a53da99c0b2f743420872 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel <ard.biesheuvel@linaro.org> Date: Sun, 17 Jul 2016 12:12:16 +0200 Subject: [PATCH 5/7] MdePkg CryptoPkg EdkCompatibilityPkg: retire NO_BUILTIN_VA_FUNCS define This is never set anymore, so unsetting it or testing whether it is unset no longer makes any sense. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Tested-By: Liming Gao <liming.gao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> (cherry picked from commit 17ab1ec5accc866b77446f4e336e982bb5e1cc9f) --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +- EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h | 2 +- MdePkg/Include/Base.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index e6832b76dc..6cf817b866 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -509,7 +509,7 @@ [BuildOptions] INTEL:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w - GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -UNO_BUILTIN_VA_FUNCS -DNO_MSABI_VA_FUNCS + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -DNO_MSABI_VA_FUNCS GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -w GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -w diff --git a/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h b/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h index cd32553105..3596233eac 100644 --- a/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h +++ b/EdkCompatibilityPkg/Foundation/Include/EfiStdArg.h @@ -92,7 +92,7 @@ Abstract: #define VA_COPY(Dest, Start) __va_copy (Dest, Start) -#elif defined(__GNUC__) && !defined(NO_BUILTIN_VA_FUNCS) +#elif defined(__GNUC__) #if defined(MDE_CPU_X64) && !defined(NO_MSABI_VA_FUNCS) // diff --git a/MdePkg/Include/Base.h b/MdePkg/Include/Base.h index 8de293a2b9..b36b069f05 100644 --- a/MdePkg/Include/Base.h +++ b/MdePkg/Include/Base.h @@ -478,7 +478,7 @@ struct _LIST_ENTRY { #define VA_COPY(Dest, Start) __va_copy (Dest, Start) -#elif defined(__GNUC__) && !defined(NO_BUILTIN_VA_FUNCS) +#elif defined(__GNUC__) #if defined(MDE_CPU_X64) && !defined(NO_MSABI_VA_FUNCS) // -- 2.11.0 From 0f68c97b60212cb61fcd061eeb285c72af8914db Mon Sep 17 00:00:00 2001 From: Thomas Huth <thuth@redhat.com> Date: Sat, 6 Aug 2016 04:50:50 +0800 Subject: [PATCH 6/7] CryptoPkg: Fix capitalization of path name in Patch-HOWTO.txt It's "OpensslLib", not "OpenSslLib" - not a big issue, but the typo is annoying when trying to copy-n-paste the path name to use it on the command line on Linux. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com> (cherry picked from commit 34a4babec8df5c1f5bf86f1cc83b3cc20016c62c) --- CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt index f8367363a9..91098b93f5 100644 --- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt +++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt @@ -32,7 +32,7 @@ cryptography. This patch will enable openssl building under UEFI environment. "openssl-1.0.2h.tar.gz" or rename the local downloaded file with ".tar.tar" extension to ".tar.gz". -2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2h +2. Extract TAR into CryptoPkg/Library/OpensslLib/openssl-1.0.2h NOTE: If you use WinZip to unpack the openssl source in Windows, please uncheck the WinZip smart CR/LF conversion option (WINZIP: Options --> -- 2.11.0 From 6f76e7527b73cd6d1dfe4dce256a03f334acebb8 Mon Sep 17 00:00:00 2001 From: Qin Long <qin.long@intel.com> Date: Tue, 27 Sep 2016 16:54:04 +0800 Subject: [PATCH 7/7] CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2j Two official releases (OpenSSL 1.0.2i and 1.0.2j) were available with several severity fixes at 22-Sep-2016 and 26-Sep-2016. Refer to https://www.openssl.org/news/secadv/20160922.txt and https://www.openssl.org/news/secadv/20160926.txt. This patch is to upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to catch the latest release 1.0.2j. Cc: Ting Ye <ting.ye@intel.com> Cc: David Woodhouse <David.Woodhouse@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> (cherry picked from commit dab62c5ec8a88def3ee99c04d644720cb201de08) --- CryptoPkg/CryptoPkg.dec | 2 +- ...ssl-1.0.2h.patch => EDKII_openssl-1.0.2j.patch} | 171 ++++++--------------- CryptoPkg/Library/OpensslLib/Install.cmd | 2 +- CryptoPkg/Library/OpensslLib/Install.sh | 2 +- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +- CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 26 ++-- 6 files changed, 62 insertions(+), 143 deletions(-) rename CryptoPkg/Library/OpensslLib/{EDKII_openssl-1.0.2h.patch => EDKII_openssl-1.0.2j.patch} (92%) diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index c0885bb089..80579b7db8 100644 --- a/CryptoPkg/CryptoPkg.dec +++ b/CryptoPkg/CryptoPkg.dec @@ -24,7 +24,7 @@ [Defines] [Includes] Include - Library/OpensslLib/openssl-1.0.2h/include + Library/OpensslLib/openssl-1.0.2j/include [LibraryClasses] ## @libraryclass Provides basic library functions for cryptographic primitives. diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2h.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2j.patch similarity index 92% rename from CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2h.patch rename to CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2j.patch index 559fc67144..ecd13a9d5f 100644 --- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2h.patch +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2j.patch @@ -1,5 +1,5 @@ diff --git a/Configure b/Configure -index c98107a..c122709 100755 +index c39f71a..98dd1d0 100755 --- a/Configure +++ b/Configure @@ -609,6 +609,9 @@ my %table=( @@ -12,7 +12,7 @@ index c98107a..c122709 100755 # UWIN "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", -@@ -1088,7 +1091,7 @@ if (defined($disabled{"tls1"})) +@@ -1083,7 +1086,7 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"}) } if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) @@ -22,20 +22,20 @@ index c98107a..c122709 100755 $disabled{"gost"} = "forced"; } diff --git a/apps/apps.c b/apps/apps.c -index b1dd970..8278c28 100644 +index 9fdc3e0..6c183b0 100644 --- a/apps/apps.c +++ b/apps/apps.c -@@ -2374,6 +2374,8 @@ int args_verify(char ***pargs, int *pargc, +@@ -2375,6 +2375,8 @@ int args_verify(char ***pargs, int *pargc, flags |= X509_V_FLAG_PARTIAL_CHAIN; else if (!strcmp(arg, "-no_alt_chains")) flags |= X509_V_FLAG_NO_ALT_CHAINS; + else if (!strcmp(arg, "-no_check_time")) + flags |= X509_V_FLAG_NO_CHECK_TIME; + else if (!strcmp(arg, "-allow_proxy_certs")) + flags |= X509_V_FLAG_ALLOW_PROXY_CERTS; else - return 0; - diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c -index 35fd44c..9f39bff 100644 +index 2d562f9..91203b7 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len) @@ -426,7 +426,7 @@ index 5281384..952b545 100644 #ifndef OPENSSL_NO_FP_API int NCONF_load_fp(CONF *conf, FILE *fp, long *eline) diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c -index 9acfca4..5e0a482 100644 +index e0c9a67..13d93ea 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname, @@ -747,21 +747,6 @@ index b58e3fa..926be98 100644 } const EVP_PKEY_METHOD dh_pkey_meth = { -diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c -index 83e208c..4869098 100644 ---- a/crypto/ec/ec_ameth.c -+++ b/crypto/ec/ec_ameth.c -@@ -67,8 +67,10 @@ - #include <openssl/asn1t.h> - #include "asn1_locl.h" - -+#ifndef OPENSSL_NO_CMS - static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); - static int ecdh_cms_encrypt(CMS_RecipientInfo *ri); -+#endif - - static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) - { diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h index 46f163b..b4a72a0 100644 --- a/crypto/engine/eng_int.h @@ -943,7 +928,7 @@ index 7a1c85d..7162c0f 100644 #undef BN_LLONG diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h -index d3b23fc..5df6ffd 100644 +index aac72fb..d271ec8 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ @@ -987,7 +972,7 @@ index d3b23fc..5df6ffd 100644 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c -index fe881d6..e25cc68 100644 +index c82b3c0..56c77b1 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -84,7 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix); @@ -1130,7 +1115,7 @@ index 737aebf..f23f348 100644 { return (-1); diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c -index 266111e..f60fac6 100644 +index 6c5b65d..11ee152 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -116,7 +116,7 @@ @@ -1151,71 +1136,6 @@ index 266111e..f60fac6 100644 int RAND_poll(void) { return 0; -diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c -index 4e06218..ddead3d 100644 ---- a/crypto/rsa/rsa_ameth.c -+++ b/crypto/rsa/rsa_ameth.c -@@ -68,10 +68,12 @@ - #endif - #include "asn1_locl.h" - -+#ifndef OPENSSL_NO_CMS - static int rsa_cms_sign(CMS_SignerInfo *si); - static int rsa_cms_verify(CMS_SignerInfo *si); - static int rsa_cms_decrypt(CMS_RecipientInfo *ri); - static int rsa_cms_encrypt(CMS_RecipientInfo *ri); -+#endif - - static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) - { -@@ -665,6 +667,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, - return rv; - } - -+#ifndef OPENSSL_NO_CMS - static int rsa_cms_verify(CMS_SignerInfo *si) - { - int nid, nid2; -@@ -683,6 +686,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si) - } - return 0; - } -+#endif - - /* - * Customised RSA item verification routine. This is called when a signature -@@ -705,6 +709,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - return -1; - } - -+#ifndef OPENSSL_NO_CMS - static int rsa_cms_sign(CMS_SignerInfo *si) - { - int pad_mode = RSA_PKCS1_PADDING; -@@ -729,6 +734,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si) - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os); - return 1; - } -+#endif - - static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - X509_ALGOR *alg1, X509_ALGOR *alg2, -@@ -762,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - return 2; - } - -+#ifndef OPENSSL_NO_CMS - static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, - X509_ALGOR **pmaskHash) - { -@@ -920,6 +927,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) - ASN1_STRING_free(os); - return rv; - } -+#endif - - const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { - { diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h index 028892a..4ed4bfe 100644 --- a/crypto/srp/srp.h @@ -1231,10 +1151,10 @@ index 028892a..4ed4bfe 100644 /* This method ignores the configured seed and fails for an unknown user. */ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c -index 26ad3e0..6be4cf2 100644 +index a8ec52a..ce20804 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c -@@ -225,6 +225,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id, +@@ -228,6 +228,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id, return (info == NULL || NULL != (vinfo->info = BUF_strdup(info))); } @@ -1242,15 +1162,15 @@ index 26ad3e0..6be4cf2 100644 static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s, const char *v) { -@@ -239,6 +240,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s, - len = t_fromb64(tmp, s); - return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL); +@@ -254,6 +255,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s, + vinfo->v = NULL; + return 0; } +#endif static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v) { -@@ -297,6 +299,7 @@ int SRP_VBASE_free(SRP_VBASE *vb) +@@ -312,6 +314,7 @@ int SRP_VBASE_free(SRP_VBASE *vb) return 0; } @@ -1258,7 +1178,7 @@ index 26ad3e0..6be4cf2 100644 static SRP_gN_cache *SRP_gN_new_init(const char *ch) { unsigned char tmp[MAX_LEN]; -@@ -328,6 +331,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache) +@@ -346,6 +349,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache) BN_free(gN_cache->bn); OPENSSL_free(gN_cache); } @@ -1266,7 +1186,7 @@ index 26ad3e0..6be4cf2 100644 static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab) { -@@ -344,6 +348,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab) +@@ -362,6 +366,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab) return SRP_get_default_gN(id); } @@ -1274,7 +1194,7 @@ index 26ad3e0..6be4cf2 100644 static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch) { int i; -@@ -485,6 +490,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) +@@ -503,6 +508,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) return error_code; } @@ -1283,7 +1203,7 @@ index 26ad3e0..6be4cf2 100644 static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username) { diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h -index 16eccbb..a9fe40e 100644 +index 2daa1b2..5205bc5 100644 --- a/crypto/ts/ts.h +++ b/crypto/ts/ts.h @@ -281,8 +281,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); @@ -1342,7 +1262,7 @@ index 16eccbb..a9fe40e 100644 TS_ACCURACY *TS_ACCURACY_new(void); void TS_ACCURACY_free(TS_ACCURACY *a); -@@ -728,15 +736,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); +@@ -731,15 +739,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); * ts/ts_conf.c */ @@ -1361,7 +1281,7 @@ index 16eccbb..a9fe40e 100644 int TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert, TS_RESP_CTX *ctx); int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, -@@ -744,6 +755,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, +@@ -747,6 +758,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, int TS_CONF_set_signer_key(CONF *conf, const char *section, const char *key, const char *pass, TS_RESP_CTX *ctx); @@ -1369,7 +1289,7 @@ index 16eccbb..a9fe40e 100644 int TS_CONF_set_def_policy(CONF *conf, const char *section, const char *policy, TS_RESP_CTX *ctx); int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); -@@ -784,6 +796,11 @@ void ERR_load_TS_strings(void); +@@ -787,6 +799,11 @@ void ERR_load_TS_strings(void); # define TS_F_TS_CHECK_SIGNING_CERTS 103 # define TS_F_TS_CHECK_STATUS_INFO 104 # define TS_F_TS_COMPUTE_IMPRINT 145 @@ -1381,7 +1301,7 @@ index 16eccbb..a9fe40e 100644 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 # define TS_F_TS_GET_STATUS_TEXT 105 # define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 -@@ -822,6 +839,8 @@ void ERR_load_TS_strings(void); +@@ -825,6 +842,8 @@ void ERR_load_TS_strings(void); /* Reason codes. */ # define TS_R_BAD_PKCS7_TYPE 132 # define TS_R_BAD_TYPE 133 @@ -1390,7 +1310,7 @@ index 16eccbb..a9fe40e 100644 # define TS_R_CERTIFICATE_VERIFY_ERROR 100 # define TS_R_COULD_NOT_SET_ENGINE 127 # define TS_R_COULD_NOT_SET_TIME 115 -@@ -854,6 +873,8 @@ void ERR_load_TS_strings(void); +@@ -857,6 +876,8 @@ void ERR_load_TS_strings(void); # define TS_R_UNACCEPTABLE_POLICY 125 # define TS_R_UNSUPPORTED_MD_ALGORITHM 126 # define TS_R_UNSUPPORTED_VERSION 113 @@ -1531,7 +1451,7 @@ index 0f29011..80dd40e 100644 int verify) { diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c -index 9ee8f8d..64b052e 100644 +index bbc3189..29695f9 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -69,6 +69,8 @@ @@ -1543,17 +1463,17 @@ index 9ee8f8d..64b052e 100644 #include <openssl/lhash.h> #include <openssl/x509.h> -@@ -434,3 +436,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, +@@ -438,3 +440,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, BUF_MEM_free(b); return (ok); } + +#endif /* OPENSSL_NO_STDIO */ diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 4d34dba..25e8a89 100644 +index 8334b3f..d075f66 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c -@@ -950,6 +950,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) +@@ -1064,6 +1064,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) ctx->current_crl = crl; if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) ptime = &ctx->param->check_time; @@ -1562,7 +1482,7 @@ index 4d34dba..25e8a89 100644 else ptime = NULL; -@@ -1673,6 +1675,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) +@@ -1805,6 +1807,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) ptime = &ctx->param->check_time; @@ -1572,10 +1492,10 @@ index 4d34dba..25e8a89 100644 ptime = NULL; diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h -index 2663e1c..3790ef5 100644 +index 5062682..e90d931 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h -@@ -438,6 +438,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); +@@ -443,6 +443,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); * will force the behaviour to match that of previous versions. */ # define X509_V_FLAG_NO_ALT_CHAINS 0x100000 @@ -1584,11 +1504,10 @@ index 2663e1c..3790ef5 100644 # define X509_VP_FLAG_DEFAULT 0x1 # define X509_VP_FLAG_OVERWRITE 0x2 -@@ -490,9 +492,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); - X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); +@@ -496,8 +498,10 @@ X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); -- + +#ifndef OPENSSL_NO_STDIO X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); @@ -1944,10 +1863,10 @@ index f6b3ff2..1dcbe36 100755 SEED,- SHA,- diff --git a/ssl/d1_both.c b/ssl/d1_both.c -index 5d26c94..ee3f49b 100644 +index 9bc6153..b5648eb 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c -@@ -1053,7 +1053,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) +@@ -1068,7 +1068,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) int dtls1_read_failed(SSL *s, int code) { if (code > 0) { @@ -1957,7 +1876,7 @@ index 5d26c94..ee3f49b 100644 } diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c -index 35cc27c..a1f5335 100644 +index 499f0e8..5672f99 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -418,7 +418,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, @@ -1992,9 +1911,9 @@ index 35cc27c..a1f5335 100644 c.error = SSL_R_BAD_LENGTH; - c.line = __LINE__; + c.line = OPENSSL_LINE; - goto err; - } else { - ret->sid_ctx_length = os.length; + OPENSSL_free(os.data); + os.data = NULL; + os.length = 0; diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index f48ebae..ac4f08c 100644 --- a/ssl/ssl_cert.c @@ -2068,10 +1987,10 @@ index 8d3709d..2bb403b 100644 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c -index 514fcb3..2a54cc9 100644 +index b6d1ee9..75f38cd 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c -@@ -780,9 +780,7 @@ int tls1_enc(SSL *s, int send) +@@ -779,9 +779,7 @@ int tls1_enc(SSL *s, int send) * we can't write into the input stream: Can this ever * happen?? (steve) */ @@ -2152,7 +2071,7 @@ index b9b159a..9841498 100755 if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } if ($keyword eq "PSK" && $no_psk) { return 0; } diff --git a/util/mkerr.pl b/util/mkerr.pl -index 09ebebe..cd57ade 100644 +index c197f3a..97b295c 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -89,7 +89,7 @@ Options: @@ -2164,7 +2083,7 @@ index 09ebebe..cd57ade 100644 while the code facilitates the use of these in an environment where the error support routines are dynamically loaded at runtime. -@@ -474,7 +474,7 @@ EOF +@@ -482,7 +482,7 @@ EOF ${staticloader}void ERR_load_${lib}_strings(void); ${staticloader}void ERR_unload_${lib}_strings(void); ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line); diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd b/CryptoPkg/Library/OpensslLib/Install.cmd index 83d04d7180..3d86bc78d0 100755 --- a/CryptoPkg/Library/OpensslLib/Install.cmd +++ b/CryptoPkg/Library/OpensslLib/Install.cmd @@ -1,4 +1,4 @@ -cd openssl-1.0.2h +cd openssl-1.0.2j copy ..\opensslconf.h crypto if not exist include\openssl mkdir include\openssl copy e_os2.h include\openssl diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh index 95963ff662..e6703d1b78 100755 --- a/CryptoPkg/Library/OpensslLib/Install.sh +++ b/CryptoPkg/Library/OpensslLib/Install.sh @@ -1,6 +1,6 @@ #!/bin/sh -cd openssl-1.0.2h +cd openssl-1.0.2j cp ../opensslconf.h crypto mkdir -p include/openssl cp e_os2.h include/openssl diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 6cf817b866..09b48466b6 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -20,7 +20,7 @@ [Defines] MODULE_TYPE = BASE VERSION_STRING = 1.0 LIBRARY_CLASS = OpensslLib - DEFINE OPENSSL_PATH = openssl-1.0.2h + DEFINE OPENSSL_PATH = openssl-1.0.2j DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE # diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt index 91098b93f5..d7e3d9e875 100644 --- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt +++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt @@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building under UEFI environment. ================================================================================ OpenSSL-Version ================================================================================ - Current supported OpenSSL version for UEFI Crypto Library is 1.0.2h. - http://www.openssl.org/source/openssl-1.0.2h.tar.gz + Current supported OpenSSL version for UEFI Crypto Library is 1.0.2j. + http://www.openssl.org/source/openssl-1.0.2j.tar.gz ================================================================================ HOW to Install Openssl for UEFI Building ================================================================================ -1. Download OpenSSL 1.0.2h from official website: - http://www.openssl.org/source/openssl-1.0.2h.tar.gz +1. Download OpenSSL 1.0.2j from official website: + http://www.openssl.org/source/openssl-1.0.2j.tar.gz - NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2h.tar.tar. - When you do the download, rename the "openssl-1.0.2h.tar.tar" to - "openssl-1.0.2h.tar.gz" or rename the local downloaded file with ".tar.tar" + NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2j.tar.tar. + When you do the download, rename the "openssl-1.0.2j.tar.tar" to + "openssl-1.0.2j.tar.gz" or rename the local downloaded file with ".tar.tar" extension to ".tar.gz". -2. Extract TAR into CryptoPkg/Library/OpensslLib/openssl-1.0.2h +2. Extract TAR into CryptoPkg/Library/OpensslLib/openssl-1.0.2j NOTE: If you use WinZip to unpack the openssl source in Windows, please uncheck the WinZip smart CR/LF conversion option (WINZIP: Options --> Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion"). -3. Apply this patch: EDKII_openssl-1.0.2h.patch, and make installation +3. Apply this patch: EDKII_openssl-1.0.2j.patch, and make installation For Windows Environment: ------------------------ 1) Make sure the patch utility has been installed in your machine. Install Cygwin or get the patch utility binary from http://gnuwin32.sourceforge.net/packages/patch.htm - 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2h - 3) patch -p1 -i ..\EDKII_openssl-1.0.2h.patch + 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2j + 3) patch -p1 -i ..\EDKII_openssl-1.0.2j.patch 4) cd .. 5) Install.cmd @@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment. ----------------------- 1) Make sure the patch utility has been installed in your machine. Patch utility is available from http://directory.fsf.org/project/patch/ - 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2h - 3) patch -p1 -i ../EDKII_openssl-1.0.2h.patch + 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2j + 3) patch -p1 -i ../EDKII_openssl-1.0.2j.patch 4) cd .. 5) ./Install.sh -- 2.11.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor