audk/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni

// /** @file
// This module provides openSSL Library implementation (libcrypto only, no libssl).
//
// This module provides OpenSSL Library implementation (libcrypto only, no libssl).
//
// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
// **/


#string STR_MODULE_ABSTRACT             #language en-US "OpenSSL Library implementation (libcrypto only, no libssl)"

#string STR_MODULE_DESCRIPTION          #language en-US "This module provides OpenSSL Library implementation (libcrypto only, no libssl)."
CryptoPkg/OpensslLib: introduce OpensslLibCrypto instance Commit 32387e0081db ("CryptoPkg: Enable ssl build in OpensslLib directly", 2016-12-14) pulls OpenSSL's libssl files into the "OpensslLib.inf" library instance unconditionally. If a platform doesn't include the TLS modules, such as - CryptoPkg/Library/TlsLib/TlsLib.inf - NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf - NetworkPkg/TlsDxe/TlsDxe.inf then the platform never actually uses the libssl functionality that gets built into "OpensslLib.inf". Tomas Hoger from Red Hat Product Security tells me that security evaluation is less demanding if we can actually exclude the libssl files from such OVMF builds that don't specify -D TLS_ENABLE (rather than just trust modules not to call libssl functions if we don't specify -D TLS_ENABLE). This patch introduces a parallel OpensslLib instance called "OpensslLibCrypto" that is appropriate for platform builds without TLS enablement. It does not build C source files in vain, and it eases security review -- all libssl vulnerabilities can be excluded at once. "OpensslLibCrypto.inf" is created as a copy of "OpensslLib.inf", modifying the BASE_NAME, MODULE_UNI_FILE and FILE_GUID defines. "process_files.sh" is extended to auto-generate the list of OpenSSL files for both library instances accordingly. This list is updated in "OpensslLibCrypto.inf" at once. "OpensslLibCrypto.uni" is introduced as a copy of "OpensslLib.uni", highlighting the difference. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Qin Long <qin.long@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Ting Ye <ting.ye@intel.com> Cc: Tomas Hoger <thoger@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> 2017-02-23 19:35:10 +01:00			`// /** @file`
			`// This module provides openSSL Library implementation (libcrypto only, no libssl).`
			`//`
			`// This module provides OpenSSL Library implementation (libcrypto only, no libssl).`
			`//`
CryptoPkg: Clean up source files 1. Do not use tab characters 2. No trailing white space in one line 3. All files must end with CRLF Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao <liming.gao@intel.com> 2018-06-27 11:32:13 +02:00			`// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>`
CryptoPkg/OpensslLib: introduce OpensslLibCrypto instance Commit 32387e0081db ("CryptoPkg: Enable ssl build in OpensslLib directly", 2016-12-14) pulls OpenSSL's libssl files into the "OpensslLib.inf" library instance unconditionally. If a platform doesn't include the TLS modules, such as - CryptoPkg/Library/TlsLib/TlsLib.inf - NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf - NetworkPkg/TlsDxe/TlsDxe.inf then the platform never actually uses the libssl functionality that gets built into "OpensslLib.inf". Tomas Hoger from Red Hat Product Security tells me that security evaluation is less demanding if we can actually exclude the libssl files from such OVMF builds that don't specify -D TLS_ENABLE (rather than just trust modules not to call libssl functions if we don't specify -D TLS_ENABLE). This patch introduces a parallel OpensslLib instance called "OpensslLibCrypto" that is appropriate for platform builds without TLS enablement. It does not build C source files in vain, and it eases security review -- all libssl vulnerabilities can be excluded at once. "OpensslLibCrypto.inf" is created as a copy of "OpensslLib.inf", modifying the BASE_NAME, MODULE_UNI_FILE and FILE_GUID defines. "process_files.sh" is extended to auto-generate the list of OpenSSL files for both library instances accordingly. This list is updated in "OpensslLibCrypto.inf" at once. "OpensslLibCrypto.uni" is introduced as a copy of "OpensslLib.uni", highlighting the difference. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Qin Long <qin.long@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Ting Ye <ting.ye@intel.com> Cc: Tomas Hoger <thoger@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> 2017-02-23 19:35:10 +01:00			`//`
CryptoPkg: Replace BSD License with BSD+Patent License https://bugzilla.tianocore.org/show_bug.cgi?id=1373 Replace BSD 2-Clause License with BSD+Patent License. This change is based on the following emails: https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html RFCs with detailed process for the license change: V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> 2019-04-04 01:03:30 +02:00			`// SPDX-License-Identifier: BSD-2-Clause-Patent`
CryptoPkg/OpensslLib: introduce OpensslLibCrypto instance Commit 32387e0081db ("CryptoPkg: Enable ssl build in OpensslLib directly", 2016-12-14) pulls OpenSSL's libssl files into the "OpensslLib.inf" library instance unconditionally. If a platform doesn't include the TLS modules, such as - CryptoPkg/Library/TlsLib/TlsLib.inf - NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf - NetworkPkg/TlsDxe/TlsDxe.inf then the platform never actually uses the libssl functionality that gets built into "OpensslLib.inf". Tomas Hoger from Red Hat Product Security tells me that security evaluation is less demanding if we can actually exclude the libssl files from such OVMF builds that don't specify -D TLS_ENABLE (rather than just trust modules not to call libssl functions if we don't specify -D TLS_ENABLE). This patch introduces a parallel OpensslLib instance called "OpensslLibCrypto" that is appropriate for platform builds without TLS enablement. It does not build C source files in vain, and it eases security review -- all libssl vulnerabilities can be excluded at once. "OpensslLibCrypto.inf" is created as a copy of "OpensslLib.inf", modifying the BASE_NAME, MODULE_UNI_FILE and FILE_GUID defines. "process_files.sh" is extended to auto-generate the list of OpenSSL files for both library instances accordingly. This list is updated in "OpensslLibCrypto.inf" at once. "OpensslLibCrypto.uni" is introduced as a copy of "OpensslLib.uni", highlighting the difference. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Qin Long <qin.long@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Ting Ye <ting.ye@intel.com> Cc: Tomas Hoger <thoger@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> 2017-02-23 19:35:10 +01:00			`//`
			`// **/`


			`#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation (libcrypto only, no libssl)"`

			`#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation (libcrypto only, no libssl)."`