From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 75EF58214C for ; Fri, 24 Feb 2017 16:49:05 -0800 (PST) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Feb 2017 16:49:04 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,202,1484035200"; d="scan'208";a="52564404" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga002.jf.intel.com with ESMTP; 24 Feb 2017 16:49:04 -0800 Received: from fmsmsx155.amr.corp.intel.com (10.18.116.71) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.248.2; Fri, 24 Feb 2017 16:49:04 -0800 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by FMSMSX155.amr.corp.intel.com (10.18.116.71) with Microsoft SMTP Server (TLS) id 14.3.248.2; Fri, 24 Feb 2017 16:49:03 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.20]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.132]) with mapi id 14.03.0248.002; Sat, 25 Feb 2017 08:49:01 +0800 From: "Long, Qin" To: Laszlo Ersek , "edk2-devel@lists.01.org" CC: "Ye, Ting" , "Wu, Jiaxin" Thread-Topic: [Patch] CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2k Thread-Index: AQHSjqODd69wBw+PNEikAiIak2/V4KF4KfVggAAeRQCAAJjwsA== Date: Sat, 25 Feb 2017 00:49:00 +0000 Message-ID: References: <20170224133919.7776-1-qin.long@intel.com> <9272191d-ae65-8a77-2d5c-dce35ad48b49@redhat.com> In-Reply-To: <9272191d-ae65-8a77-2d5c-dce35ad48b49@redhat.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch] CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2k X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2017 00:49:05 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: Laszlo Ersek [mailto:lersek@redhat.com] > Sent: Saturday, February 25, 2017 7:29 AM > To: Long, Qin ; edk2-devel@lists.01.org devel@ml01.01.org> > Cc: Ye, Ting ; Wu, Jiaxin > Subject: Re: [Patch] CryptoPkg/OpensslLib: Upgrade OpenSSL version to > 1.0.2k >=20 > On 02/24/17 14:52, Long, Qin wrote: > > Laszlo, > > > > This upgrade may have some conflicts with your last patch series. It co= uld > be resolved /merged easily. > > It will be better to have your validations based on this new openssl ve= rsion. >=20 > Why will it be better? Never mind. It's not the try to have any earlier integration.=20 Just in case that you would like to catch more latest openssl release befor= e any deadline you mentioned. :-) I will create the new patch after your patch was done. >=20 > > (And I just noticed two changes (ssl_conf.c & NO_PQUEUE) were > > duplicated in this patch.) >=20 > Well, technically, I posted those patches first (two versions, actually),= and > they are mostly reviewed by now (thanks to you as well). > So I think they should go in first, and this is the patch that should be = rebased. >=20 > Patches that are already on the list (and are ready to be merged > especially) should not be pre-empted by more recently posted patches > (especially if they still need review and/or testing). Of cause. The duplication part was generated by my mistake. I will submit the V2. >=20 > Thanks, > Laszlo >=20 > > > > > > Best Regards & Thanks, > > LONG, Qin > > > >> -----Original Message----- > >> From: Long, Qin > >> Sent: Friday, February 24, 2017 9:39 PM > >> To: edk2-devel@lists.01.org; Long, Qin > >> Cc: Ye, Ting ; Wu, Jiaxin ; > >> lersek@redhat.com > >> Subject: [Patch] CryptoPkg/OpensslLib: Upgrade OpenSSL version to > >> 1.0.2k > >> > >> OpenSSL 1.0.2k was released with several severity fixes at > >> 26-Jan-2017 (https://www.openssl.org/news/secadv/20170126.txt). > >> This patch is to upgrade the supported OpenSSL version in > >> CryptoPkg/OpensslLib to catch the latest release 1.0.2k. > >> > >> Cc: Ye Ting > >> Cc: Wu Jiaxin > >> Cc: Laszlo Ersek > >> Contributed-under: TianoCore Contribution Agreement 1.0 > >> Signed-off-by: Qin Long > >> --- > >> CryptoPkg/CryptoPkg.dec | 4 ++-- > >> ...ssl-1.0.2j.patch =3D> EDKII_openssl-1.0.2k.patch} | 26 > >> +++++++++++---------- > >> - > >> CryptoPkg/Library/OpensslLib/Install.cmd | 2 +- > >> CryptoPkg/Library/OpensslLib/Install.sh | 2 +- > >> CryptoPkg/Library/OpensslLib/OpensslLib.inf | 7 +++--- > >> CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 26 +++++++++++--= - > --- > >> ----- > >> CryptoPkg/Library/OpensslLib/opensslconf.h | 6 ----- > >> 7 files changed, 34 insertions(+), 39 deletions(-) rename > >> CryptoPkg/Library/OpensslLib/{EDKII_openssl-1.0.2j.patch =3D> > >> EDKII_openssl- 1.0.2k.patch} (96%) > >> > >> diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index > >> eee26cbccc..27c832707a 100644 > >> --- a/CryptoPkg/CryptoPkg.dec > >> +++ b/CryptoPkg/CryptoPkg.dec > >> @@ -4,7 +4,7 @@ > >> # This Package provides cryptographic-related libraries for UEFI > >> security modules. > >> # It also provides a test application to test libraries. > >> # > >> -# Copyright (c) 2009 - 2016, Intel Corporation. All rights > >> reserved.
> >> +# Copyright (c) 2009 - 2017, Intel Corporation. All rights > >> +reserved.
> >> # This program and the accompanying materials # are licensed and > >> made available under the terms and conditions of the BSD License # > >> which accompanies this distribution. The full text of the license > >> may be found at @@ -24,7 +24,7 @@ > >> > >> [Includes] > >> Include > >> - Library/OpensslLib/openssl-1.0.2j/include > >> + Library/OpensslLib/openssl-1.0.2k/include > >> > >> [LibraryClasses] > >> ## @libraryclass Provides basic library functions for > >> cryptographic primitives. > >> diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2j.patch > >> b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch > >> similarity index 96% > >> rename from CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2j.patch > >> rename to CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch > >> index ecd13a9d5f..cc0ce6822e 100644 > >> --- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2j.patch > >> +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch > >> @@ -1,8 +1,8 @@ > >> diff --git a/Configure b/Configure > >> -index c39f71a..98dd1d0 100755 > >> +index 5da7cad..c2cc9c5 100755 > >> --- a/Configure > >> +++ b/Configure > >> -@@ -609,6 +609,9 @@ my %table=3D( > >> +@@ -611,6 +611,9 @@ my %table=3D( > >> # with itself, Applink is never engaged and can as well be omitted. > >> "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall - > >> DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::- > D_MT:MINGW64:- > >> lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT > >> EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:- > >> D_WINDLL:-mno-cygwin:.dll.a", > >> > >> @@ -12,7 +12,7 @@ index c39f71a..98dd1d0 100755 > >> # UWIN > >> "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG > >> ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", > >> > >> -@@ -1083,7 +1086,7 @@ if (defined($disabled{"md5"}) || > >> defined($disabled{"sha"}) > >> +@@ -1085,7 +1088,7 @@ if (defined($disabled{"md5"}) || > >> +defined($disabled{"sha"}) > >> } > >> > >> if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) @@ -22,10 > >> +22,10 @@ index c39f71a..98dd1d0 100755 > >> $disabled{"gost"} =3D "forced"; > >> } > >> diff --git a/apps/apps.c b/apps/apps.c -index 9fdc3e0..6c183b0 > >> 100644 > >> +index c487bd9..64ade15 100644 > >> --- a/apps/apps.c > >> +++ b/apps/apps.c > >> -@@ -2375,6 +2375,8 @@ int args_verify(char ***pargs, int *pargc, > >> +@@ -2386,6 +2386,8 @@ int args_verify(char ***pargs, int *pargc, > >> flags |=3D X509_V_FLAG_PARTIAL_CHAIN; > >> else if (!strcmp(arg, "-no_alt_chains")) > >> flags |=3D X509_V_FLAG_NO_ALT_CHAINS; @@ -254,7 +254,7 @@ > >> index d5a5514..bede55c 100644 > >> goto err; > >> > >> diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c -index > >> 1d25687..ad641c3 100644 > >> +index 8177fd2..4dab3bb 100644 > >> --- a/crypto/bn/bn_prime.c > >> +++ b/crypto/bn/bn_prime.c > >> @@ -131,7 +131,7 @@ > >> @@ -298,7 +298,7 @@ index 1d25687..ad641c3 100644 > >> if (ctx !=3D NULL) { > >> BN_CTX_end(ctx); > >> BN_CTX_free(ctx); > >> -@@ -375,10 +380,9 @@ static int witness(BIGNUM *w, const BIGNUM > *a, > >> const BIGNUM *a1, > >> +@@ -376,10 +381,9 @@ static int witness(BIGNUM *w, const BIGNUM > *a, > >> +const BIGNUM *a1, > >> return 1; > >> } > >> > >> @@ -861,7 +861,7 @@ index 585aa8b..04c6cfc 100644 > >> /* > >> * Borland C seems too stupid to be able to shift and do longs in > >> the diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h -index > >> 39ab793..ad1e350 100644 > >> +index d258ef8..376f260 100644 > >> --- a/crypto/evp/evp.h > >> +++ b/crypto/evp/evp.h > >> @@ -602,11 +602,13 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, > const > >> EVP_MD_CTX *in); @@ -1470,7 +1470,7 @@ index bbc3189..29695f9 > 100644 > >> + +#endif /* OPENSSL_NO_STDIO */ diff --git > >> + a/crypto/x509/x509_vfy.c > >> b/crypto/x509/x509_vfy.c -index 8334b3f..d075f66 100644 > >> +index b147201..5bf3f07 100644 > >> --- a/crypto/x509/x509_vfy.c > >> +++ b/crypto/x509/x509_vfy.c > >> @@ -1064,6 +1064,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, > >> X509_CRL *crl, int notify) @@ -1915,10 +1915,10 @@ index > >> 499f0e8..5672f99 > >> 100644 > >> os.data =3D NULL; > >> os.length =3D 0; > >> diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c -index f48ebae..ac4f08c > >> 100644 > >> +index 1be6fb0..cbec97c 100644 > >> --- a/ssl/ssl_cert.c > >> +++ b/ssl/ssl_cert.c > >> -@@ -857,12 +857,12 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 > >> *x) > >> +@@ -855,12 +855,12 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 > >> +*x) > >> return (add_client_CA(&(ctx->client_CA), x)); > >> } > >> > >> @@ -1932,7 +1932,7 @@ index f48ebae..ac4f08c 100644 > >> /** > >> * Load CA certs from a file into a ::STACK. Note that it is > >> somewhat misnamed; > >> * it doesn't really have anything to do with clients (except that > >> a common use -@@ -930,7 +930,6 @@ STACK_OF(X509_NAME) > >> *SSL_load_client_CA_file(const char *file) > >> +@@ -928,7 +928,6 @@ STACK_OF(X509_NAME) > >> *SSL_load_client_CA_file(const > >> +char *file) > >> ERR_clear_error(); > >> return (ret); > >> } > >> @@ -1940,7 +1940,7 @@ index f48ebae..ac4f08c 100644 > >> > >> /** > >> * Add a file of certs to a stack. > >> -@@ -1050,6 +1049,7 @@ int > >> SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, > >> +@@ -1048,6 +1047,7 @@ int > >> +SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, > >> CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); > >> return ret; > >> } > >> diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd > >> b/CryptoPkg/Library/OpensslLib/Install.cmd > >> index 093414d4b8..e040cda259 100755 > >> --- a/CryptoPkg/Library/OpensslLib/Install.cmd > >> +++ b/CryptoPkg/Library/OpensslLib/Install.cmd > >> @@ -1,4 +1,4 @@ > >> -cd openssl-1.0.2j > >> +cd openssl-1.0.2k > >> copy ..\opensslconf.h crypto > >> if not exist include\openssl mkdir include\openssl > >> copy e_os2.h include\openssl > >> diff --git a/CryptoPkg/Library/OpensslLib/Install.sh > >> b/CryptoPkg/Library/OpensslLib/Install.sh > >> index 7bd55f6ae3..40811e20a6 100755 > >> --- a/CryptoPkg/Library/OpensslLib/Install.sh > >> +++ b/CryptoPkg/Library/OpensslLib/Install.sh > >> @@ -1,6 +1,6 @@ > >> #!/bin/sh > >> > >> -cd openssl-1.0.2j > >> +cd openssl-1.0.2k > >> cp ../opensslconf.h crypto > >> mkdir -p include/openssl > >> cp e_os2.h include/openssl > >> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > >> b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > >> index c14e36d341..3acc397ace 100644 > >> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > >> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > >> @@ -1,7 +1,7 @@ > >> ## @file > >> # This module provides openSSL Library implementation. > >> # > >> -# Copyright (c) 2010 - 2016, Intel Corporation. All rights > >> reserved.
> >> +# Copyright (c) 2010 - 2017, Intel Corporation. All rights > >> +reserved.
> >> # This program and the accompanying materials # are licensed and > >> made available under the terms and conditions of the BSD License # > >> which accompanies this distribution. The full text of the license > >> may be found at @@ -20,7 +20,7 @@ > >> MODULE_TYPE =3D BASE > >> VERSION_STRING =3D 1.0 > >> LIBRARY_CLASS =3D OpensslLib > >> - DEFINE OPENSSL_PATH =3D openssl-1.0.2j > >> + DEFINE OPENSSL_PATH =3D openssl-1.0.2k > >> DEFINE OPENSSL_FLAGS =3D -DL_ENDIAN - > >> DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE - > >> D_CRT_NONSTDC_NO_DEPRECATE > >> > >> # > >> @@ -516,6 +516,7 @@ > >> $(OPENSSL_PATH)/ssl/ssl_asn1.c > >> $(OPENSSL_PATH)/ssl/ssl_txt.c > >> $(OPENSSL_PATH)/ssl/ssl_algs.c > >> + $(OPENSSL_PATH)/ssl/ssl_conf.c > >> $(OPENSSL_PATH)/ssl/bio_ssl.c > >> $(OPENSSL_PATH)/ssl/ssl_err.c > >> $(OPENSSL_PATH)/ssl/kssl.c > >> @@ -550,7 +551,7 @@ > >> # C4702: Potentially uninitialized local variable name used > >> # C4311: pointer truncation from 'type' to 'type' > >> # > >> - MSFT:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER > >> $(OPENSSL_FLAGS) /wd4244 /wd4245 /wd4701 /wd4702 /wd4706 > >> + MSFT:*_*_IA32_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER > >> $(OPENSSL_FLAGS) /wd4244 /wd4245 /wd4267 /wd4701 /wd4702 > /wd4706 > >> MSFT:*_*_X64_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER > >> $(OPENSSL_FLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 > /wd4305 > >> /wd4306 /wd4702 /wd4706 /wd4311 > >> MSFT:*_*_IPF_CC_FLAGS =3D -U_WIN32 -U_WIN64 -U_MSC_VER > >> $(OPENSSL_FLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 > /wd4305 > >> /wd4306 /wd4702 /wd4706 > >> > >> diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt > >> b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt > >> index d7e3d9e875..8418802ac7 100644 > >> --- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt > >> +++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt > >> @@ -17,36 +17,36 @@ cryptography. This patch will enable openssl > >> building under UEFI environment. > >> > >> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > >> OpenSSL-Version > >> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > >> - Current supported OpenSSL version for UEFI Crypto Library is 1.0.2j= . > >> - http://www.openssl.org/source/openssl-1.0.2j.tar.gz > >> + Current supported OpenSSL version for UEFI Crypto Library is 1.0.2k= . > >> + http://www.openssl.org/source/openssl-1.0.2k.tar.gz > >> > >> > >> > >> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > >> HOW to Install Openssl for UEFI Building > >> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > >> -1. Download OpenSSL 1.0.2j from official website: > >> - http://www.openssl.org/source/openssl-1.0.2j.tar.gz > >> +1. Download OpenSSL 1.0.2k from official website: > >> + http://www.openssl.org/source/openssl-1.0.2k.tar.gz > >> > >> - NOTE: Some web browsers may rename the downloaded TAR file to > >> openssl-1.0.2j.tar.tar. > >> - When you do the download, rename the "openssl-1.0.2j.tar.ta= r" to > >> - "openssl-1.0.2j.tar.gz" or rename the local downloaded file= with > >> ".tar.tar" > >> + NOTE: Some web browsers may rename the downloaded TAR file to > >> openssl-1.0.2k.tar.tar. > >> + When you do the download, rename the "openssl-1.0.2k.tar.ta= r" to > >> + "openssl-1.0.2k.tar.gz" or rename the local downloaded > >> + file with > >> ".tar.tar" > >> extension to ".tar.gz". > >> > >> -2. Extract TAR into CryptoPkg/Library/OpensslLib/openssl-1.0.2j > >> +2. Extract TAR into CryptoPkg/Library/OpensslLib/openssl-1.0.2k > >> > >> NOTE: If you use WinZip to unpack the openssl source in Windows, > please > >> uncheck the WinZip smart CR/LF conversion option (WINZIP: O= ptions > --> > >> Configuration --> Miscellaneous --> "TAR file smart CR/LF > conversion"). > >> > >> -3. Apply this patch: EDKII_openssl-1.0.2j.patch, and make > >> installation > >> +3. Apply this patch: EDKII_openssl-1.0.2k.patch, and make > >> +installation > >> > >> For Windows Environment: > >> ------------------------ > >> 1) Make sure the patch utility has been installed in your machine= . > >> Install Cygwin or get the patch utility binary from > >> http://gnuwin32.sourceforge.net/packages/patch.htm > >> - 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2j > >> - 3) patch -p1 -i ..\EDKII_openssl-1.0.2j.patch > >> + 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2k > >> + 3) patch -p1 -i ..\EDKII_openssl-1.0.2k.patch > >> 4) cd .. > >> 5) Install.cmd > >> > >> @@ -54,8 +54,8 @@ cryptography. This patch will enable openssl > >> building under UEFI environment. > >> ----------------------- > >> 1) Make sure the patch utility has been installed in your machine= . > >> Patch utility is available from http://directory.fsf.org/proje= ct/patch/ > >> - 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2j > >> - 3) patch -p1 -i ../EDKII_openssl-1.0.2j.patch > >> + 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2k > >> + 3) patch -p1 -i ../EDKII_openssl-1.0.2k.patch > >> 4) cd .. > >> 5) ./Install.sh > >> > >> diff --git a/CryptoPkg/Library/OpensslLib/opensslconf.h > >> b/CryptoPkg/Library/OpensslLib/opensslconf.h > >> index adcaa01d6b..e0054a45fc 100644 > >> --- a/CryptoPkg/Library/OpensslLib/opensslconf.h > >> +++ b/CryptoPkg/Library/OpensslLib/opensslconf.h > >> @@ -92,9 +92,6 @@ extern "C" { > >> #ifndef OPENSSL_NO_POSIX_IO > >> # define OPENSSL_NO_POSIX_IO > >> #endif > >> -#ifndef OPENSSL_NO_PQUEUE > >> -# define OPENSSL_NO_PQUEUE > >> -#endif > >> #ifndef OPENSSL_NO_RC2 > >> # define OPENSSL_NO_RC2 > >> #endif > >> @@ -263,9 +260,6 @@ extern "C" { > >> # if defined(OPENSSL_NO_POSIX_IO) && !defined(NO_POSIX_IO) # > >> define NO_POSIX_IO # endif -# if defined(OPENSSL_NO_PQUEUE) && > >> !defined(NO_PQUEUE) -# define NO_PQUEUE -# endif # if > >> defined(OPENSSL_NO_RC2) && !defined(NO_RC2) # define NO_RC2 # > >> endif > >> -- > >> 2.11.1.windows.1 > >