diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8l.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch similarity index 70% rename from CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8l.patch rename to CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch index d14b08e770..3b312482ee 100644 --- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8l.patch +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch @@ -1,6 +1,8 @@ ---- crypto/bio/bss_file.c Thu Jan 15 17:14:12 1970 -+++ crypto/bio/bss_file.c Thu Jan 15 17:14:12 1970 -@@ -421,6 +421,23 @@ +Index: crypto/bio/bss_file.c +=================================================================== +--- crypto/bio/bss_file.c (revision 1) ++++ crypto/bio/bss_file.c (working copy) +@@ -428,6 +428,23 @@ return(ret); } @@ -24,8 +26,10 @@ #endif /* OPENSSL_NO_STDIO */ #endif /* HEADER_BSS_FILE_C */ ---- crypto/err/err.c -+++ crypto/err/err.c +Index: crypto/err/err.c +=================================================================== +--- crypto/err/err.c (revision 1) ++++ crypto/err/err.c (working copy) @@ -313,7 +313,12 @@ es->err_data_flags[i]=flags; } @@ -39,8 +43,10 @@ { va_list args; int i,n,s; ---- crypto/err/err.h -+++ crypto/err/err.h +Index: crypto/err/err.h +=================================================================== +--- crypto/err/err.h (revision 1) ++++ crypto/err/err.h (working copy) @@ -286,8 +286,14 @@ #endif #ifndef OPENSSL_NO_BIO @@ -56,8 +62,10 @@ void ERR_load_strings(int lib,ERR_STRING_DATA str[]); void ERR_unload_strings(int lib,ERR_STRING_DATA str[]); void ERR_load_ERR_strings(void); ---- crypto/opensslconf.h -+++ crypto/opensslconf.h +Index: crypto/opensslconf.h +=================================================================== +--- crypto/opensslconf.h (revision 1) ++++ crypto/opensslconf.h (working copy) @@ -162,6 +162,9 @@ /* The prime number generation stuff may not work when * EIGHT_BIT but I don't care since I've only used this mode @@ -77,8 +85,10 @@ #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) #define CONFIG_HEADER_RC4_LOCL_H /* if this is defined data[i] is used instead of *data, this is a %20 ---- crypto/pkcs7/pk7_smime.c 2009-03-15 21:36:02.000000000 +0800 -+++ crypto/pkcs7/pk7_smime.c 2011-09-13 14:11:36.019454700 +0800 +Index: crypto/pkcs7/pk7_smime.c +=================================================================== +--- crypto/pkcs7/pk7_smime.c (revision 1) ++++ crypto/pkcs7/pk7_smime.c (working copy) @@ -88,7 +88,10 @@ if (!PKCS7_content_new(p7, NID_pkcs7_data)) goto err; @@ -91,8 +101,10 @@ PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); goto err; } ---- crypto/rand/rand_egd.c Thu Jan 15 17:14:12 1970 -+++ crypto/rand/rand_egd.c Thu Jan 15 17:14:12 1970 +Index: crypto/rand/rand_egd.c +=================================================================== +--- crypto/rand/rand_egd.c (revision 1) ++++ crypto/rand/rand_egd.c (working copy) @@ -95,7 +95,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ @@ -102,8 +114,10 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); ---- crypto/rand/rand_unix.c Thu Jan 15 17:14:12 1970 -+++ crypto/rand/rand_unix.c Thu Jan 15 17:14:12 1970 +Index: crypto/rand/rand_unix.c +=================================================================== +--- crypto/rand/rand_unix.c (revision 1) ++++ crypto/rand/rand_unix.c (working copy) @@ -116,7 +116,7 @@ #include #include "rand_lcl.h" @@ -122,14 +136,15 @@ int RAND_poll(void) { return 0; ---- crypto/x509/x509_vfy.c Thu Jan 15 17:14:12 1970 -+++ crypto/x509/x509_vfy.c Thu Jan 15 17:14:12 1970 -@@ -391,7 +391,12 @@ +Index: crypto/x509/x509_vfy.c +=================================================================== +--- crypto/x509/x509_vfy.c (revision 1) ++++ crypto/x509/x509_vfy.c (working copy) +@@ -386,7 +386,11 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) { -#ifdef OPENSSL_NO_CHAIN_VERIFY -+//#ifdef OPENSSL_NO_CHAIN_VERIFY +#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI) + /* + NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting @@ -138,7 +153,7 @@ return 1; #else int i, ok=0, must_be_ca, plen = 0; -@@ -904,6 +909,10 @@ +@@ -899,6 +903,10 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) { @@ -149,11 +164,11 @@ time_t *ptime; int i; -@@ -947,6 +956,7 @@ +@@ -942,6 +950,7 @@ } return 1; -+#endif ++#endif } static int internal_verify(X509_STORE_CTX *ctx) diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd b/CryptoPkg/Library/OpensslLib/Install.cmd index 8dd91c0ab1..a2a88e44e5 100644 --- a/CryptoPkg/Library/OpensslLib/Install.cmd +++ b/CryptoPkg/Library/OpensslLib/Install.cmd @@ -1,4 +1,4 @@ -cd openssl-0.9.8l +cd openssl-0.9.8w copy e_os2.h ..\..\..\Include\openssl copy crypto\crypto.h ..\..\..\Include\openssl copy crypto\tmdiff.h ..\..\..\Include\openssl diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh index 43b6cb4946..fa910b2d7d 100644 --- a/CryptoPkg/Library/OpensslLib/Install.sh +++ b/CryptoPkg/Library/OpensslLib/Install.sh @@ -1,6 +1,6 @@ #!/bin/sh -cd openssl-0.9.8l +cd openssl-0.9.8w cp e_os2.h ../../../Include/openssl cp crypto/crypto.h ../../../Include/openssl cp crypto/tmdiff.h ../../../Include/openssl diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 2034457367..e8bec20fb3 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -1,7 +1,7 @@ ## @file # OpenSSL Library implementation. # -# Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -19,7 +19,7 @@ MODULE_TYPE = BASE VERSION_STRING = 1.0 LIBRARY_CLASS = OpensslLib - DEFINE OPENSSL_PATH = openssl-0.9.8l + DEFINE OPENSSL_PATH = openssl-0.9.8w DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt index c35f88d55e..7641da8e4a 100644 --- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt +++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt @@ -17,45 +17,45 @@ cryptography. This patch will enable openssl building under UEFI environment. ================================================================================ OpenSSL-Version ================================================================================ - Current supported OpenSSL version for UEFI Crypto Library is 0.9.8l. - http://www.openssl.org/source/openssl-0.9.8l.tar.gz + Current supported OpenSSL version for UEFI Crypto Library is 0.9.8w. + http://www.openssl.org/source/openssl-0.9.8w.tar.gz ================================================================================ HOW to Install Openssl for UEFI Building ================================================================================ -1. Download OpenSSL 0.9.8l from official website: - http://www.openssl.org/source/openssl-0.9.8l.tar.gz +1. Download OpenSSL 0.9.8w from official website: + http://www.openssl.org/source/openssl-0.9.8w.tar.gz - NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8l.tar.tar. - When you do the download, rename the "openssl-0.9.8l.tar.tar" to - "openssl-0.9.8l.tar.gz" or rename the local downloaded file with ".tar.tar" + NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8w.tar.tar. + When you do the download, rename the "openssl-0.9.8w.tar.tar" to + "openssl-0.9.8w.tar.gz" or rename the local downloaded file with ".tar.tar" extension to ".tar.gz". -2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8l +2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8w NOTE: If you use WinZip to unpack the openssl source in Windows, please uncheck the WinZip smart CR/LF conversion option (WINZIP: Options --> Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion"). -3. Apply this patch: EDKII_openssl-0.9.8l.patch, and make installation +3. Apply this patch: EDKII_openssl-0.9.8w.patch, and make installation For Windows Environment: ------------------------ 1) Make sure the patch utility has been installed in your machine. Install Cygwin or get the patch utility binary from http://gnuwin32.sourceforge.net/packages/patch.htm - 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8l - 3) patch -p0 -i ..\EDKII_openssl-0.9.8l.patch + 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8w + 3) patch -p0 -i ..\EDKII_openssl-0.9.8w.patch 4) cd .. - 5) install.cmd + 5) Install.cmd For Linux* Environment: ----------------------- 1) Make sure the patch utility has been installed in your machine. Patch utility is available from http://directory.fsf.org/project/patch/ - 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8l - 3) patch -p0 -i ../EDKII_openssl-0.9.8l.patch + 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8w + 3) patch -p0 -i ../EDKII_openssl-0.9.8w.patch 4) cd .. - 5) ./install.sh + 5) ./Install.sh