Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
ovmf.6568
ovmf-bsc1094291-update-openssl-1.0.2o.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ovmf-bsc1094291-update-openssl-1.0.2o.patch of Package ovmf.6568
From ccebe08b0bfbd4727f05ae3bc6e07f0bfe462065 Mon Sep 17 00:00:00 2001 From: Gary Lin <glin@suse.com> Date: Tue, 22 May 2018 16:16:16 +0800 Subject: [PATCH] Update openssl to 1.0.2o --- CryptoPkg/CryptoPkg.dec | 2 +- ...ssl-1.0.2k.patch => EDKII_openssl-1.0.2o.patch} | 204 +++++---------------- CryptoPkg/Library/OpensslLib/Install.sh | 2 +- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +- 4 files changed, 53 insertions(+), 157 deletions(-) rename CryptoPkg/Library/OpensslLib/{EDKII_openssl-1.0.2k.patch => EDKII_openssl-1.0.2o.patch} (90%) diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index ac1073c..b41ce39 100644 --- a/CryptoPkg/CryptoPkg.dec +++ b/CryptoPkg/CryptoPkg.dec @@ -24,7 +24,7 @@ [Includes] Include - Library/OpensslLib/openssl-1.0.2k/include + Library/OpensslLib/openssl-1.0.2o/include [LibraryClasses] ## @libraryclass Provides basic library functions for cryptographic primitives. diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2o.patch similarity index 90% rename from CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch rename to CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2o.patch index cc0ce68..cd63f0e 100644 --- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2o.patch @@ -1,5 +1,5 @@ diff --git a/Configure b/Configure -index 5da7cad..c2cc9c5 100755 +index 744b493..ac21c6f 100755 --- a/Configure +++ b/Configure @@ -611,6 +611,9 @@ my %table=( @@ -22,10 +22,10 @@ index 5da7cad..c2cc9c5 100755 $disabled{"gost"} = "forced"; } diff --git a/apps/apps.c b/apps/apps.c -index c487bd9..64ade15 100644 +index c5a5152..3ef0e78 100644 --- a/apps/apps.c +++ b/apps/apps.c -@@ -2386,6 +2386,8 @@ int args_verify(char ***pargs, int *pargc, +@@ -2390,6 +2390,8 @@ int args_verify(char ***pargs, int *pargc, flags |= X509_V_FLAG_PARTIAL_CHAIN; else if (!strcmp(arg, "-no_alt_chains")) flags |= X509_V_FLAG_NO_ALT_CHAINS; @@ -35,7 +35,7 @@ index c487bd9..64ade15 100644 flags |= X509_V_FLAG_ALLOW_PROXY_CERTS; else diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c -index 2d562f9..91203b7 100644 +index 95f0416..d16f458 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len) @@ -254,7 +254,7 @@ index d5a5514..bede55c 100644 goto err; diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c -index 8177fd2..4dab3bb 100644 +index e911e15..5104656 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -131,7 +131,7 @@ @@ -298,7 +298,7 @@ index 8177fd2..4dab3bb 100644 if (ctx != NULL) { BN_CTX_end(ctx); BN_CTX_free(ctx); -@@ -376,10 +381,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, +@@ -364,10 +369,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, return 1; } @@ -311,7 +311,7 @@ index 8177fd2..4dab3bb 100644 again: diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h -index 8d926d5..c29e97d 100644 +index fe49113..9efc453 100644 --- a/crypto/conf/conf.h +++ b/crypto/conf/conf.h @@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md); @@ -367,10 +367,10 @@ index 8d926d5..c29e97d 100644 void CONF_modules_finish(void); void CONF_modules_free(void); diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c -index 68c77ce..3d308c7 100644 +index 6237f6a..5b461eb 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c -@@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf) +@@ -188,6 +188,10 @@ static int def_destroy_data(CONF *conf) static int def_load(CONF *conf, const char *name, long *line) { @@ -381,7 +381,7 @@ index 68c77ce..3d308c7 100644 int ret; BIO *in = NULL; -@@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line) +@@ -208,6 +212,7 @@ static int def_load(CONF *conf, const char *name, long *line) BIO_free(in); return ret; @@ -426,7 +426,7 @@ index 5281384..952b545 100644 #ifndef OPENSSL_NO_FP_API int NCONF_load_fp(CONF *conf, FILE *fp, long *eline) diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c -index e0c9a67..13d93ea 100644 +index e2a9a81..262e4db 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname, @@ -462,7 +462,7 @@ index c042cf2..a25b636 100644 } diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c -index 1925428..da4b34d 100644 +index 5fab45b..9079396 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void) @@ -492,7 +492,7 @@ index 1925428..da4b34d 100644 OPENSSL_free(pointer); } } -@@ -670,6 +670,7 @@ unsigned long *OPENSSL_ia32cap_loc(void) +@@ -677,6 +677,7 @@ unsigned long *OPENSSL_ia32cap_loc(void) } # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) @@ -500,7 +500,7 @@ index 1925428..da4b34d 100644 # define OPENSSL_CPUID_SETUP # if defined(_WIN32) typedef unsigned __int64 IA32CAP; -@@ -980,11 +981,13 @@ void OPENSSL_showfatal(const char *fmta, ...) +@@ -987,11 +988,13 @@ void OPENSSL_showfatal(const char *fmta, ...) #else void OPENSSL_showfatal(const char *fmta, ...) { @@ -514,7 +514,7 @@ index 1925428..da4b34d 100644 } int OPENSSL_isservice(void) -@@ -1011,10 +1014,12 @@ void OpenSSLDie(const char *file, int line, const char *assertion) +@@ -1018,10 +1021,12 @@ void OpenSSLDie(const char *file, int line, const char *assertion) #endif } @@ -642,38 +642,11 @@ index 01e275f..7633139 100644 int DES_read_password(DES_cblock *key, const char *prompt, int verify) { int ok; -diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile -index 46fa5ac..cc366ec 100644 ---- a/crypto/dh/Makefile -+++ b/crypto/dh/Makefile -@@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h - dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h - dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h - dh_gen.o: ../cryptlib.h dh_gen.c --dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h - dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h - dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h - dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h -index a5bd901..6488879 100644 +index 80b28fb..6527500 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h -@@ -240,11 +240,13 @@ DH *DH_get_1024_160(void); - DH *DH_get_2048_224(void); - DH *DH_get_2048_256(void); - -+# ifndef OPENSSL_NO_CMS - /* RFC2631 KDF */ - int DH_KDF_X9_42(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - ASN1_OBJECT *key_oid, - const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); -+# endif - - # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ -@@ -337,7 +339,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, +@@ -356,7 +356,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, /* KDF types */ # define EVP_PKEY_DH_KDF_NONE 1 @@ -683,70 +656,6 @@ index a5bd901..6488879 100644 /* BEGIN ERROR CODES */ /* -diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c -index a882cb2..aace5fb 100644 ---- a/crypto/dh/dh_kdf.c -+++ b/crypto/dh/dh_kdf.c -@@ -51,6 +51,9 @@ - * ==================================================================== - */ - -+#include <e_os.h> -+ -+#ifndef OPENSSL_NO_CMS - #include <string.h> - #include <openssl/dh.h> - #include <openssl/evp.h> -@@ -58,6 +61,7 @@ - #include <openssl/cms.h> - - /* Key derivation from X9.42/RFC2631 */ -+/* Uses CMS functions, hence the #ifdef wrapper. */ - - #define DH_KDF_MAX (1L << 30) - -@@ -185,3 +189,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, - EVP_MD_CTX_cleanup(&mctx); - return rv; - } -+#endif -diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c -index b58e3fa..926be98 100644 ---- a/crypto/dh/dh_pmeth.c -+++ b/crypto/dh/dh_pmeth.c -@@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - case EVP_PKEY_CTRL_DH_KDF_TYPE: - if (p1 == -2) - return dctx->kdf_type; -+#ifdef OPENSSL_NO_CMS -+ if (p1 != EVP_PKEY_DH_KDF_NONE) -+#else - if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42) -+#endif - return -2; - dctx->kdf_type = p1; - return 1; -@@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - return ret; - *keylen = ret; - return 1; -- } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { -+ } -+#ifndef OPENSSL_NO_CMS -+ else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { - unsigned char *Z = NULL; - size_t Zlen = 0; - if (!dctx->kdf_outlen || !dctx->kdf_oid) -@@ -479,7 +485,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - } - return ret; - } -- return 1; -+#endif -+ return 0; - } - - const EVP_PKEY_METHOD dh_pkey_meth = { diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h index 46f163b..b4a72a0 100644 --- a/crypto/engine/eng_int.h @@ -784,7 +693,7 @@ index 34b0029..cf622bb 100644 #define TEST_ENG_OPENSSL_RC4_P_INIT /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */ diff --git a/crypto/err/err.h b/crypto/err/err.h -index 585aa8b..04c6cfc 100644 +index f423656..bec2ab1 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -200,39 +200,39 @@ typedef struct err_state_st { @@ -861,7 +770,7 @@ index 585aa8b..04c6cfc 100644 /* * Borland C seems too stupid to be able to shift and do longs in the diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h -index d258ef8..376f260 100644 +index cf1de15..106ba30 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -602,11 +602,13 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); @@ -879,7 +788,7 @@ index d258ef8..376f260 100644 int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, const unsigned char *salt, const unsigned char *data, diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c -index 5be9e33..63c8866 100644 +index cdffe1c..595a8c4 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -63,6 +63,7 @@ @@ -890,8 +799,8 @@ index 5be9e33..63c8866 100644 /* should be init to zeros. */ static char prompt_string[80]; -@@ -117,6 +118,7 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, - OPENSSL_cleanse(buff, BUFSIZ); +@@ -119,6 +120,7 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, + UI_free(ui); return ret; } +#endif /* OPENSSL_NO_UI */ @@ -972,7 +881,7 @@ index aac72fb..d271ec8 100644 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c -index c82b3c0..56c77b1 100644 +index 4d5f053..0592cc6 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -84,7 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix); @@ -985,7 +894,7 @@ index c82b3c0..56c77b1 100644 * We should not ever call the default callback routine from windows. */ diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c -index 5747c73..9edca4d 100644 +index daf210f..9b018ca 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -69,9 +69,11 @@ @@ -1102,7 +1011,7 @@ index dc9b484..e75c4b2 100644 + return ret; } diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c -index 737aebf..f23f348 100644 +index 66fb14c..5526d12 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -95,7 +95,7 @@ @@ -1115,7 +1024,7 @@ index 737aebf..f23f348 100644 { return (-1); diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c -index 6c5b65d..11ee152 100644 +index 097e409..fb0304e 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -116,7 +116,7 @@ @@ -1151,10 +1060,10 @@ index 028892a..4ed4bfe 100644 /* This method ignores the configured seed and fails for an unknown user. */ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c -index a8ec52a..ce20804 100644 +index c8bc7a9..7fd29e0 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c -@@ -228,6 +228,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id, +@@ -231,6 +231,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id, return (info == NULL || NULL != (vinfo->info = BUF_strdup(info))); } @@ -1162,7 +1071,7 @@ index a8ec52a..ce20804 100644 static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s, const char *v) { -@@ -254,6 +255,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s, +@@ -257,6 +258,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s, vinfo->v = NULL; return 0; } @@ -1170,7 +1079,7 @@ index a8ec52a..ce20804 100644 static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v) { -@@ -312,6 +314,7 @@ int SRP_VBASE_free(SRP_VBASE *vb) +@@ -315,6 +317,7 @@ int SRP_VBASE_free(SRP_VBASE *vb) return 0; } @@ -1178,7 +1087,7 @@ index a8ec52a..ce20804 100644 static SRP_gN_cache *SRP_gN_new_init(const char *ch) { unsigned char tmp[MAX_LEN]; -@@ -346,6 +349,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache) +@@ -349,6 +352,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache) BN_free(gN_cache->bn); OPENSSL_free(gN_cache); } @@ -1186,7 +1095,7 @@ index a8ec52a..ce20804 100644 static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab) { -@@ -362,6 +366,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab) +@@ -365,6 +369,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab) return SRP_get_default_gN(id); } @@ -1194,7 +1103,7 @@ index a8ec52a..ce20804 100644 static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch) { int i; -@@ -503,6 +508,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) +@@ -506,6 +511,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) return error_code; } @@ -1451,7 +1360,7 @@ index 0f29011..80dd40e 100644 int verify) { diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c -index bbc3189..29695f9 100644 +index 6f0209a..927f045 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -69,6 +69,8 @@ @@ -1463,7 +1372,7 @@ index bbc3189..29695f9 100644 #include <openssl/lhash.h> #include <openssl/x509.h> -@@ -438,3 +440,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, +@@ -439,3 +441,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, BUF_MEM_free(b); return (ok); } @@ -1551,7 +1460,7 @@ index 34cad53..12f12a7 100644 val_len = strlen(val->value + 5); tmp_data = OPENSSL_realloc((*policy)->data, diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c -index 0b7c681..1895b8f 100644 +index 87a6ae1..7c99f21 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -61,6 +61,7 @@ @@ -1635,12 +1544,12 @@ index f4a8358..94d3293 100644 /* Error codes for the ZENCOD functions. */ diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod -index 44792f9..7f95d58 100644 +index 10399ec..ec99851 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod -@@ -203,6 +203,10 @@ chain found is not trusted, then OpenSSL will continue to check to see if an - alternative chain can be found that is trusted. With this flag set the behaviour - will match that of OpenSSL versions prior to 1.0.2b. +@@ -224,6 +224,10 @@ becomes the trust-anchor. + Thus, even when an intermediate certificate is found in the trust store, the + verified chain passed to callbacks may still be anchored by a root CA. +The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period +of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time() @@ -1650,7 +1559,7 @@ index 44792f9..7f95d58 100644 The above functions should be used to manipulate verification parameters diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod -index dc0e939..fe123bb 100644 +index 30c19b8..250b9e2 100644 --- a/doc/crypto/threads.pod +++ b/doc/crypto/threads.pod @@ -51,15 +51,15 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support @@ -1863,18 +1772,18 @@ index f6b3ff2..1dcbe36 100755 SEED,- SHA,- diff --git a/ssl/d1_both.c b/ssl/d1_both.c -index 9bc6153..b5648eb 100644 +index e6bc761..f25825a 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c -@@ -1068,7 +1068,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) - int dtls1_read_failed(SSL *s, int code) +@@ -1076,7 +1076,7 @@ int dtls1_read_failed(SSL *s, int code) { if (code > 0) { + #ifdef TLS_DEBUG - fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__); + fprintf(stderr, "dtls1_read_failed(); invalid state reached\n"); + #endif return 1; } - diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 499f0e8..5672f99 100644 --- a/ssl/ssl_asn1.c @@ -1915,10 +1824,10 @@ index 499f0e8..5672f99 100644 os.data = NULL; os.length = 0; diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c -index 1be6fb0..cbec97c 100644 +index 363d2b2..9f43f28 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c -@@ -855,12 +855,12 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) +@@ -856,12 +856,12 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) return (add_client_CA(&(ctx->client_CA), x)); } @@ -1932,7 +1841,7 @@ index 1be6fb0..cbec97c 100644 /** * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; * it doesn't really have anything to do with clients (except that a common use -@@ -928,7 +928,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) +@@ -929,7 +929,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) ERR_clear_error(); return (ret); } @@ -1940,7 +1849,7 @@ index 1be6fb0..cbec97c 100644 /** * Add a file of certs to a stack. -@@ -1048,6 +1047,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, +@@ -1049,6 +1048,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); return ret; } @@ -1987,7 +1896,7 @@ index 8d3709d..2bb403b 100644 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c -index b6d1ee9..75f38cd 100644 +index 50491ff..e04d7d0 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -779,9 +779,7 @@ int tls1_enc(SSL *s, int send) @@ -2019,19 +1928,6 @@ index baa3b59..1ee3f02 100644 system ("$ossl_path no-ec > $null_path"); if ($? == 0) { -diff --git a/util/libeay.num b/util/libeay.num -index 2094ab3..992abb2 100755 ---- a/util/libeay.num -+++ b/util/libeay.num -@@ -4370,7 +4370,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH - ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA - CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS - CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS --DH_KDF_X9_42 4735 EXIST::FUNCTION:DH -+DH_KDF_X9_42 4735 EXIST::FUNCTION:CMS,DH - RSA_OAEP_PARAMS_free 4736 EXIST::FUNCTION:RSA - EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES - RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA diff --git a/util/mkdef.pl b/util/mkdef.pl index b9b159a..9841498 100755 --- a/util/mkdef.pl diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh index cdf2595..f7a8e02 100755 --- a/CryptoPkg/Library/OpensslLib/Install.sh +++ b/CryptoPkg/Library/OpensslLib/Install.sh @@ -1,6 +1,6 @@ #!/bin/sh -cd openssl-1.0.2k +cd openssl-1.0.2o cp ../opensslconf.h crypto mkdir -p include/openssl cp e_os2.h include/openssl diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 2845719..ff6e645 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -20,7 +20,7 @@ MODULE_TYPE = BASE VERSION_STRING = 1.0 LIBRARY_CLASS = OpensslLib - DEFINE OPENSSL_PATH = openssl-1.0.2k + DEFINE OPENSSL_PATH = openssl-1.0.2o DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE # -- 2.16.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor