File ovmf-bsc1094291-update-openssl-1.0.2o.patch of Package ovmf.6568

Overview Repositories Revisions Requests Users Attributes Meta

File ovmf-bsc1094291-update-openssl-1.0.2o.patch of Package ovmf.6568

From ccebe08b0bfbd4727f05ae3bc6e07f0bfe462065 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Tue, 22 May 2018 16:16:16 +0800
Subject: [PATCH] Update openssl to 1.0.2o

---
 CryptoPkg/CryptoPkg.dec                            |   2 +-
 ...ssl-1.0.2k.patch => EDKII_openssl-1.0.2o.patch} | 204 +++++----------------
 CryptoPkg/Library/OpensslLib/Install.sh            |   2 +-
 CryptoPkg/Library/OpensslLib/OpensslLib.inf        |   2 +-
 4 files changed, 53 insertions(+), 157 deletions(-)
 rename CryptoPkg/Library/OpensslLib/{EDKII_openssl-1.0.2k.patch => EDKII_openssl-1.0.2o.patch} (90%)

diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index ac1073c..b41ce39 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -24,7 +24,7 @@
 
 [Includes]
   Include
-  Library/OpensslLib/openssl-1.0.2k/include
+  Library/OpensslLib/openssl-1.0.2o/include
 
 [LibraryClasses]
   ##  @libraryclass  Provides basic library functions for cryptographic primitives.
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2o.patch
similarity index 90%
rename from CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch
rename to CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2o.patch
index cc0ce68..cd63f0e 100644
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2o.patch
@@ -1,5 +1,5 @@
 diff --git a/Configure b/Configure
-index 5da7cad..c2cc9c5 100755
+index 744b493..ac21c6f 100755
 --- a/Configure
 +++ b/Configure
 @@ -611,6 +611,9 @@ my %table=(
@@ -22,10 +22,10 @@ index 5da7cad..c2cc9c5 100755
  	$disabled{"gost"} = "forced";
  	}
 diff --git a/apps/apps.c b/apps/apps.c
-index c487bd9..64ade15 100644
+index c5a5152..3ef0e78 100644
 --- a/apps/apps.c
 +++ b/apps/apps.c
-@@ -2386,6 +2386,8 @@ int args_verify(char ***pargs, int *pargc,
+@@ -2390,6 +2390,8 @@ int args_verify(char ***pargs, int *pargc,
          flags |= X509_V_FLAG_PARTIAL_CHAIN;
      else if (!strcmp(arg, "-no_alt_chains"))
          flags |= X509_V_FLAG_NO_ALT_CHAINS;
@@ -35,7 +35,7 @@ index c487bd9..64ade15 100644
          flags |= X509_V_FLAG_ALLOW_PROXY_CERTS;
      else
 diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
-index 2d562f9..91203b7 100644
+index 95f0416..d16f458 100644
 --- a/crypto/asn1/a_strex.c
 +++ b/crypto/asn1/a_strex.c
 @@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)
@@ -254,7 +254,7 @@ index d5a5514..bede55c 100644
          goto err;
  
 diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
-index 8177fd2..4dab3bb 100644
+index e911e15..5104656 100644
 --- a/crypto/bn/bn_prime.c
 +++ b/crypto/bn/bn_prime.c
 @@ -131,7 +131,7 @@
@@ -298,7 +298,7 @@ index 8177fd2..4dab3bb 100644
      if (ctx != NULL) {
          BN_CTX_end(ctx);
          BN_CTX_free(ctx);
-@@ -376,10 +381,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+@@ -364,10 +369,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
      return 1;
  }
  
@@ -311,7 +311,7 @@ index 8177fd2..4dab3bb 100644
  
   again:
 diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
-index 8d926d5..c29e97d 100644
+index fe49113..9efc453 100644
 --- a/crypto/conf/conf.h
 +++ b/crypto/conf/conf.h
 @@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md);
@@ -367,10 +367,10 @@ index 8d926d5..c29e97d 100644
  void CONF_modules_finish(void);
  void CONF_modules_free(void);
 diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
-index 68c77ce..3d308c7 100644
+index 6237f6a..5b461eb 100644
 --- a/crypto/conf/conf_def.c
 +++ b/crypto/conf/conf_def.c
-@@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf)
+@@ -188,6 +188,10 @@ static int def_destroy_data(CONF *conf)
  
  static int def_load(CONF *conf, const char *name, long *line)
  {
@@ -381,7 +381,7 @@ index 68c77ce..3d308c7 100644
      int ret;
      BIO *in = NULL;
  
-@@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line)
+@@ -208,6 +212,7 @@ static int def_load(CONF *conf, const char *name, long *line)
      BIO_free(in);
  
      return ret;
@@ -426,7 +426,7 @@ index 5281384..952b545 100644
  #ifndef OPENSSL_NO_FP_API
  int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
 diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
-index e0c9a67..13d93ea 100644
+index e2a9a81..262e4db 100644
 --- a/crypto/conf/conf_mod.c
 +++ b/crypto/conf/conf_mod.c
 @@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
@@ -462,7 +462,7 @@ index c042cf2..a25b636 100644
  }
  
 diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
-index 1925428..da4b34d 100644
+index 5fab45b..9079396 100644
 --- a/crypto/cryptlib.c
 +++ b/crypto/cryptlib.c
 @@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void)
@@ -492,7 +492,7 @@ index 1925428..da4b34d 100644
          OPENSSL_free(pointer);
      }
  }
-@@ -670,6 +670,7 @@ unsigned long *OPENSSL_ia32cap_loc(void)
+@@ -677,6 +677,7 @@ unsigned long *OPENSSL_ia32cap_loc(void)
  }
  
  # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
@@ -500,7 +500,7 @@ index 1925428..da4b34d 100644
  #  define OPENSSL_CPUID_SETUP
  #  if defined(_WIN32)
  typedef unsigned __int64 IA32CAP;
-@@ -980,11 +981,13 @@ void OPENSSL_showfatal(const char *fmta, ...)
+@@ -987,11 +988,13 @@ void OPENSSL_showfatal(const char *fmta, ...)
  #else
  void OPENSSL_showfatal(const char *fmta, ...)
  {
@@ -514,7 +514,7 @@ index 1925428..da4b34d 100644
  }
  
  int OPENSSL_isservice(void)
-@@ -1011,10 +1014,12 @@ void OpenSSLDie(const char *file, int line, const char *assertion)
+@@ -1018,10 +1021,12 @@ void OpenSSLDie(const char *file, int line, const char *assertion)
  #endif
  }
  
@@ -642,38 +642,11 @@ index 01e275f..7633139 100644
  int DES_read_password(DES_cblock *key, const char *prompt, int verify)
  {
      int ok;
-diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile
-index 46fa5ac..cc366ec 100644
---- a/crypto/dh/Makefile
-+++ b/crypto/dh/Makefile
-@@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
- dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
- dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
- dh_gen.o: ../cryptlib.h dh_gen.c
--dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
- dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
- dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
- dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
-index a5bd901..6488879 100644
+index 80b28fb..6527500 100644
 --- a/crypto/dh/dh.h
 +++ b/crypto/dh/dh.h
-@@ -240,11 +240,13 @@ DH *DH_get_1024_160(void);
- DH *DH_get_2048_224(void);
- DH *DH_get_2048_256(void);
- 
-+# ifndef OPENSSL_NO_CMS
- /* RFC2631 KDF */
- int DH_KDF_X9_42(unsigned char *out, size_t outlen,
-                  const unsigned char *Z, size_t Zlen,
-                  ASN1_OBJECT *key_oid,
-                  const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
-+# endif
- 
- # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
-         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
-@@ -337,7 +339,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+@@ -356,7 +356,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
  
  /* KDF types */
  # define EVP_PKEY_DH_KDF_NONE                            1
@@ -683,70 +656,6 @@ index a5bd901..6488879 100644
  
  /* BEGIN ERROR CODES */
  /*
-diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
-index a882cb2..aace5fb 100644
---- a/crypto/dh/dh_kdf.c
-+++ b/crypto/dh/dh_kdf.c
-@@ -51,6 +51,9 @@
-  * ====================================================================
-  */
- 
-+#include <e_os.h>
-+
-+#ifndef OPENSSL_NO_CMS
- #include <string.h>
- #include <openssl/dh.h>
- #include <openssl/evp.h>
-@@ -58,6 +61,7 @@
- #include <openssl/cms.h>
- 
- /* Key derivation from X9.42/RFC2631 */
-+/* Uses CMS functions, hence the #ifdef wrapper. */
- 
- #define DH_KDF_MAX      (1L << 30)
- 
-@@ -185,3 +189,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
-     EVP_MD_CTX_cleanup(&mctx);
-     return rv;
- }
-+#endif
-diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
-index b58e3fa..926be98 100644
---- a/crypto/dh/dh_pmeth.c
-+++ b/crypto/dh/dh_pmeth.c
-@@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-     case EVP_PKEY_CTRL_DH_KDF_TYPE:
-         if (p1 == -2)
-             return dctx->kdf_type;
-+#ifdef OPENSSL_NO_CMS
-+        if (p1 != EVP_PKEY_DH_KDF_NONE)
-+#else
-         if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
-+#endif
-             return -2;
-         dctx->kdf_type = p1;
-         return 1;
-@@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
-             return ret;
-         *keylen = ret;
-         return 1;
--    } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
-+    }
-+#ifndef OPENSSL_NO_CMS
-+    else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
-         unsigned char *Z = NULL;
-         size_t Zlen = 0;
-         if (!dctx->kdf_outlen || !dctx->kdf_oid)
-@@ -479,7 +485,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
-         }
-         return ret;
-     }
--    return 1;
-+#endif
-+    return 0;
- }
- 
- const EVP_PKEY_METHOD dh_pkey_meth = {
 diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
 index 46f163b..b4a72a0 100644
 --- a/crypto/engine/eng_int.h
@@ -784,7 +693,7 @@ index 34b0029..cf622bb 100644
  #define TEST_ENG_OPENSSL_RC4_P_INIT
  /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
 diff --git a/crypto/err/err.h b/crypto/err/err.h
-index 585aa8b..04c6cfc 100644
+index f423656..bec2ab1 100644
 --- a/crypto/err/err.h
 +++ b/crypto/err/err.h
 @@ -200,39 +200,39 @@ typedef struct err_state_st {
@@ -861,7 +770,7 @@ index 585aa8b..04c6cfc 100644
  /*
   * Borland C seems too stupid to be able to shift and do longs in the
 diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
-index d258ef8..376f260 100644
+index cf1de15..106ba30 100644
 --- a/crypto/evp/evp.h
 +++ b/crypto/evp/evp.h
 @@ -602,11 +602,13 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
@@ -879,7 +788,7 @@ index d258ef8..376f260 100644
  int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
                     const unsigned char *salt, const unsigned char *data,
 diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
-index 5be9e33..63c8866 100644
+index cdffe1c..595a8c4 100644
 --- a/crypto/evp/evp_key.c
 +++ b/crypto/evp/evp_key.c
 @@ -63,6 +63,7 @@
@@ -890,8 +799,8 @@ index 5be9e33..63c8866 100644
  /* should be init to zeros. */
  static char prompt_string[80];
  
-@@ -117,6 +118,7 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
-     OPENSSL_cleanse(buff, BUFSIZ);
+@@ -119,6 +120,7 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
+     UI_free(ui);
      return ret;
  }
 +#endif /* OPENSSL_NO_UI */
@@ -972,7 +881,7 @@ index aac72fb..d271ec8 100644
  EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
  int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
 diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
-index c82b3c0..56c77b1 100644
+index 4d5f053..0592cc6 100644
 --- a/crypto/pem/pem_lib.c
 +++ b/crypto/pem/pem_lib.c
 @@ -84,7 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix);
@@ -985,7 +894,7 @@ index c82b3c0..56c77b1 100644
       * We should not ever call the default callback routine from windows.
       */
 diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
-index 5747c73..9edca4d 100644
+index daf210f..9b018ca 100644
 --- a/crypto/pem/pem_pk8.c
 +++ b/crypto/pem/pem_pk8.c
 @@ -69,9 +69,11 @@
@@ -1102,7 +1011,7 @@ index dc9b484..e75c4b2 100644
 +    return ret;
  }
 diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
-index 737aebf..f23f348 100644
+index 66fb14c..5526d12 100644
 --- a/crypto/rand/rand_egd.c
 +++ b/crypto/rand/rand_egd.c
 @@ -95,7 +95,7 @@
@@ -1115,7 +1024,7 @@ index 737aebf..f23f348 100644
  {
      return (-1);
 diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
-index 6c5b65d..11ee152 100644
+index 097e409..fb0304e 100644
 --- a/crypto/rand/rand_unix.c
 +++ b/crypto/rand/rand_unix.c
 @@ -116,7 +116,7 @@
@@ -1151,10 +1060,10 @@ index 028892a..4ed4bfe 100644
  /* This method ignores the configured seed and fails for an unknown user. */
  SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
 diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
-index a8ec52a..ce20804 100644
+index c8bc7a9..7fd29e0 100644
 --- a/crypto/srp/srp_vfy.c
 +++ b/crypto/srp/srp_vfy.c
-@@ -228,6 +228,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
+@@ -231,6 +231,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
      return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));
  }
  
@@ -1162,7 +1071,7 @@ index a8ec52a..ce20804 100644
  static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
                                 const char *v)
  {
-@@ -254,6 +255,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
+@@ -257,6 +258,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
      vinfo->v = NULL;
      return 0;
  }
@@ -1170,7 +1079,7 @@ index a8ec52a..ce20804 100644
  
  static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
  {
-@@ -312,6 +314,7 @@ int SRP_VBASE_free(SRP_VBASE *vb)
+@@ -315,6 +317,7 @@ int SRP_VBASE_free(SRP_VBASE *vb)
      return 0;
  }
  
@@ -1178,7 +1087,7 @@ index a8ec52a..ce20804 100644
  static SRP_gN_cache *SRP_gN_new_init(const char *ch)
  {
      unsigned char tmp[MAX_LEN];
-@@ -346,6 +349,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache)
+@@ -349,6 +352,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache)
      BN_free(gN_cache->bn);
      OPENSSL_free(gN_cache);
  }
@@ -1186,7 +1095,7 @@ index a8ec52a..ce20804 100644
  
  static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
  {
-@@ -362,6 +366,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
+@@ -365,6 +369,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
      return SRP_get_default_gN(id);
  }
  
@@ -1194,7 +1103,7 @@ index a8ec52a..ce20804 100644
  static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
  {
      int i;
-@@ -503,6 +508,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
+@@ -506,6 +511,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
      return error_code;
  
  }
@@ -1451,7 +1360,7 @@ index 0f29011..80dd40e 100644
                             int verify)
  {
 diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
-index bbc3189..29695f9 100644
+index 6f0209a..927f045 100644
 --- a/crypto/x509/by_dir.c
 +++ b/crypto/x509/by_dir.c
 @@ -69,6 +69,8 @@
@@ -1463,7 +1372,7 @@ index bbc3189..29695f9 100644
  #include <openssl/lhash.h>
  #include <openssl/x509.h>
  
-@@ -438,3 +440,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
+@@ -439,3 +441,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
          BUF_MEM_free(b);
      return (ok);
  }
@@ -1551,7 +1460,7 @@ index 34cad53..12f12a7 100644
              val_len = strlen(val->value + 5);
              tmp_data = OPENSSL_realloc((*policy)->data,
 diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c
-index 0b7c681..1895b8f 100644
+index 87a6ae1..7c99f21 100644
 --- a/crypto/x509v3/v3_scts.c
 +++ b/crypto/x509v3/v3_scts.c
 @@ -61,6 +61,7 @@
@@ -1635,12 +1544,12 @@ index f4a8358..94d3293 100644
  /* Error codes for the ZENCOD functions. */
  
 diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
-index 44792f9..7f95d58 100644
+index 10399ec..ec99851 100644
 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
 +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
-@@ -203,6 +203,10 @@ chain found is not trusted, then OpenSSL will continue to check to see if an
- alternative chain can be found that is trusted. With this flag set the behaviour
- will match that of OpenSSL versions prior to 1.0.2b.
+@@ -224,6 +224,10 @@ becomes the trust-anchor.
+ Thus, even when an intermediate certificate is found in the trust store, the
+ verified chain passed to callbacks may still be anchored by a root CA.
  
 +The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period
 +of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time()
@@ -1650,7 +1559,7 @@ index 44792f9..7f95d58 100644
  
  The above functions should be used to manipulate verification parameters
 diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod
-index dc0e939..fe123bb 100644
+index 30c19b8..250b9e2 100644
 --- a/doc/crypto/threads.pod
 +++ b/doc/crypto/threads.pod
 @@ -51,15 +51,15 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
@@ -1863,18 +1772,18 @@ index f6b3ff2..1dcbe36 100755
  		     SEED,-
  		     SHA,-
 diff --git a/ssl/d1_both.c b/ssl/d1_both.c
-index 9bc6153..b5648eb 100644
+index e6bc761..f25825a 100644
 --- a/ssl/d1_both.c
 +++ b/ssl/d1_both.c
-@@ -1068,7 +1068,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
- int dtls1_read_failed(SSL *s, int code)
+@@ -1076,7 +1076,7 @@ int dtls1_read_failed(SSL *s, int code)
  {
      if (code > 0) {
+ #ifdef TLS_DEBUG
 -        fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
 +        fprintf(stderr, "dtls1_read_failed(); invalid state reached\n");
+ #endif
          return 1;
      }
- 
 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
 index 499f0e8..5672f99 100644
 --- a/ssl/ssl_asn1.c
@@ -1915,10 +1824,10 @@ index 499f0e8..5672f99 100644
              os.data = NULL;
              os.length = 0;
 diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
-index 1be6fb0..cbec97c 100644
+index 363d2b2..9f43f28 100644
 --- a/ssl/ssl_cert.c
 +++ b/ssl/ssl_cert.c
-@@ -855,12 +855,12 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
+@@ -856,12 +856,12 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
      return (add_client_CA(&(ctx->client_CA), x));
  }
  
@@ -1932,7 +1841,7 @@ index 1be6fb0..cbec97c 100644
  /**
   * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
   * it doesn't really have anything to do with clients (except that a common use
-@@ -928,7 +928,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
+@@ -929,7 +929,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
          ERR_clear_error();
      return (ret);
  }
@@ -1940,7 +1849,7 @@ index 1be6fb0..cbec97c 100644
  
  /**
   * Add a file of certs to a stack.
-@@ -1048,6 +1047,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+@@ -1049,6 +1048,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
      CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
      return ret;
  }
@@ -1987,7 +1896,7 @@ index 8d3709d..2bb403b 100644
  
  static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
 diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
-index b6d1ee9..75f38cd 100644
+index 50491ff..e04d7d0 100644
 --- a/ssl/t1_enc.c
 +++ b/ssl/t1_enc.c
 @@ -779,9 +779,7 @@ int tls1_enc(SSL *s, int send)
@@ -2019,19 +1928,6 @@ index baa3b59..1ee3f02 100644
  system ("$ossl_path no-ec > $null_path");
  if ($? == 0)
  	{
-diff --git a/util/libeay.num b/util/libeay.num
-index 2094ab3..992abb2 100755
---- a/util/libeay.num
-+++ b/util/libeay.num
-@@ -4370,7 +4370,7 @@ DH_compute_key_padded                   4732	EXIST::FUNCTION:DH
- ECDSA_METHOD_set_sign                   4733	EXIST::FUNCTION:ECDSA
- CMS_RecipientEncryptedKey_cert_cmp      4734	EXIST:!VMS:FUNCTION:CMS
- CMS_RecipEncryptedKey_cert_cmp          4734	EXIST:VMS:FUNCTION:CMS
--DH_KDF_X9_42                            4735	EXIST::FUNCTION:DH
-+DH_KDF_X9_42                            4735	EXIST::FUNCTION:CMS,DH
- RSA_OAEP_PARAMS_free                    4736	EXIST::FUNCTION:RSA
- EVP_des_ede3_wrap                       4737	EXIST::FUNCTION:DES
- RSA_OAEP_PARAMS_it                      4738	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
 diff --git a/util/mkdef.pl b/util/mkdef.pl
 index b9b159a..9841498 100755
 --- a/util/mkdef.pl
diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh
index cdf2595..f7a8e02 100755
--- a/CryptoPkg/Library/OpensslLib/Install.sh
+++ b/CryptoPkg/Library/OpensslLib/Install.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-cd openssl-1.0.2k
+cd openssl-1.0.2o
 cp ../opensslconf.h           crypto
 mkdir -p                      include/openssl
 cp e_os2.h                    include/openssl
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 2845719..ff6e645 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -20,7 +20,7 @@
   MODULE_TYPE                    = BASE
   VERSION_STRING                 = 1.0
   LIBRARY_CLASS                  = OpensslLib
-  DEFINE OPENSSL_PATH            = openssl-1.0.2k
+  DEFINE OPENSSL_PATH            = openssl-1.0.2o
   DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
 
 #
-- 
2.16.3

Places

File ovmf-bsc1094291-update-openssl-1.0.2o.patch of Package ovmf.6568

Places