mirror of https://github.com/acidanthera/audk.git
Upgrade openssl version to 0.98w.
Signed-off by: Ye Ting <ting.ye@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13289 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
7c9fbd79d1
commit
5359174326
|
@ -1,6 +1,8 @@
|
||||||
--- crypto/bio/bss_file.c Thu Jan 15 17:14:12 1970
|
Index: crypto/bio/bss_file.c
|
||||||
+++ crypto/bio/bss_file.c Thu Jan 15 17:14:12 1970
|
===================================================================
|
||||||
@@ -421,6 +421,23 @@
|
--- crypto/bio/bss_file.c (revision 1)
|
||||||
|
+++ crypto/bio/bss_file.c (working copy)
|
||||||
|
@@ -428,6 +428,23 @@
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -24,8 +26,10 @@
|
||||||
#endif /* OPENSSL_NO_STDIO */
|
#endif /* OPENSSL_NO_STDIO */
|
||||||
|
|
||||||
#endif /* HEADER_BSS_FILE_C */
|
#endif /* HEADER_BSS_FILE_C */
|
||||||
--- crypto/err/err.c
|
Index: crypto/err/err.c
|
||||||
+++ crypto/err/err.c
|
===================================================================
|
||||||
|
--- crypto/err/err.c (revision 1)
|
||||||
|
+++ crypto/err/err.c (working copy)
|
||||||
@@ -313,7 +313,12 @@
|
@@ -313,7 +313,12 @@
|
||||||
es->err_data_flags[i]=flags;
|
es->err_data_flags[i]=flags;
|
||||||
}
|
}
|
||||||
|
@ -39,8 +43,10 @@
|
||||||
{
|
{
|
||||||
va_list args;
|
va_list args;
|
||||||
int i,n,s;
|
int i,n,s;
|
||||||
--- crypto/err/err.h
|
Index: crypto/err/err.h
|
||||||
+++ crypto/err/err.h
|
===================================================================
|
||||||
|
--- crypto/err/err.h (revision 1)
|
||||||
|
+++ crypto/err/err.h (working copy)
|
||||||
@@ -286,8 +286,14 @@
|
@@ -286,8 +286,14 @@
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_BIO
|
#ifndef OPENSSL_NO_BIO
|
||||||
|
@ -56,8 +62,10 @@
|
||||||
void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
|
void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
|
||||||
void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
|
void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
|
||||||
void ERR_load_ERR_strings(void);
|
void ERR_load_ERR_strings(void);
|
||||||
--- crypto/opensslconf.h
|
Index: crypto/opensslconf.h
|
||||||
+++ crypto/opensslconf.h
|
===================================================================
|
||||||
|
--- crypto/opensslconf.h (revision 1)
|
||||||
|
+++ crypto/opensslconf.h (working copy)
|
||||||
@@ -162,6 +162,9 @@
|
@@ -162,6 +162,9 @@
|
||||||
/* The prime number generation stuff may not work when
|
/* The prime number generation stuff may not work when
|
||||||
* EIGHT_BIT but I don't care since I've only used this mode
|
* EIGHT_BIT but I don't care since I've only used this mode
|
||||||
|
@ -77,8 +85,10 @@
|
||||||
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
|
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
|
||||||
#define CONFIG_HEADER_RC4_LOCL_H
|
#define CONFIG_HEADER_RC4_LOCL_H
|
||||||
/* if this is defined data[i] is used instead of *data, this is a %20
|
/* if this is defined data[i] is used instead of *data, this is a %20
|
||||||
--- crypto/pkcs7/pk7_smime.c 2009-03-15 21:36:02.000000000 +0800
|
Index: crypto/pkcs7/pk7_smime.c
|
||||||
+++ crypto/pkcs7/pk7_smime.c 2011-09-13 14:11:36.019454700 +0800
|
===================================================================
|
||||||
|
--- crypto/pkcs7/pk7_smime.c (revision 1)
|
||||||
|
+++ crypto/pkcs7/pk7_smime.c (working copy)
|
||||||
@@ -88,7 +88,10 @@
|
@@ -88,7 +88,10 @@
|
||||||
if (!PKCS7_content_new(p7, NID_pkcs7_data))
|
if (!PKCS7_content_new(p7, NID_pkcs7_data))
|
||||||
goto err;
|
goto err;
|
||||||
|
@ -91,8 +101,10 @@
|
||||||
PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
|
PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
--- crypto/rand/rand_egd.c Thu Jan 15 17:14:12 1970
|
Index: crypto/rand/rand_egd.c
|
||||||
+++ crypto/rand/rand_egd.c Thu Jan 15 17:14:12 1970
|
===================================================================
|
||||||
|
--- crypto/rand/rand_egd.c (revision 1)
|
||||||
|
+++ crypto/rand/rand_egd.c (working copy)
|
||||||
@@ -95,7 +95,7 @@
|
@@ -95,7 +95,7 @@
|
||||||
* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
|
* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
|
||||||
*/
|
*/
|
||||||
|
@ -102,8 +114,10 @@
|
||||||
int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
|
int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
|
||||||
{
|
{
|
||||||
return(-1);
|
return(-1);
|
||||||
--- crypto/rand/rand_unix.c Thu Jan 15 17:14:12 1970
|
Index: crypto/rand/rand_unix.c
|
||||||
+++ crypto/rand/rand_unix.c Thu Jan 15 17:14:12 1970
|
===================================================================
|
||||||
|
--- crypto/rand/rand_unix.c (revision 1)
|
||||||
|
+++ crypto/rand/rand_unix.c (working copy)
|
||||||
@@ -116,7 +116,7 @@
|
@@ -116,7 +116,7 @@
|
||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
#include "rand_lcl.h"
|
#include "rand_lcl.h"
|
||||||
|
@ -122,14 +136,15 @@
|
||||||
int RAND_poll(void)
|
int RAND_poll(void)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
--- crypto/x509/x509_vfy.c Thu Jan 15 17:14:12 1970
|
Index: crypto/x509/x509_vfy.c
|
||||||
+++ crypto/x509/x509_vfy.c Thu Jan 15 17:14:12 1970
|
===================================================================
|
||||||
@@ -391,7 +391,12 @@
|
--- crypto/x509/x509_vfy.c (revision 1)
|
||||||
|
+++ crypto/x509/x509_vfy.c (working copy)
|
||||||
|
@@ -386,7 +386,11 @@
|
||||||
|
|
||||||
static int check_chain_extensions(X509_STORE_CTX *ctx)
|
static int check_chain_extensions(X509_STORE_CTX *ctx)
|
||||||
{
|
{
|
||||||
-#ifdef OPENSSL_NO_CHAIN_VERIFY
|
-#ifdef OPENSSL_NO_CHAIN_VERIFY
|
||||||
+//#ifdef OPENSSL_NO_CHAIN_VERIFY
|
|
||||||
+#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)
|
+#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)
|
||||||
+ /*
|
+ /*
|
||||||
+ NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting
|
+ NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting
|
||||||
|
@ -138,7 +153,7 @@
|
||||||
return 1;
|
return 1;
|
||||||
#else
|
#else
|
||||||
int i, ok=0, must_be_ca, plen = 0;
|
int i, ok=0, must_be_ca, plen = 0;
|
||||||
@@ -904,6 +909,10 @@
|
@@ -899,6 +903,10 @@
|
||||||
|
|
||||||
static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
|
static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
|
||||||
{
|
{
|
||||||
|
@ -149,11 +164,11 @@
|
||||||
time_t *ptime;
|
time_t *ptime;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
@@ -947,6 +956,7 @@
|
@@ -942,6 +950,7 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
+#endif
|
+#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static int internal_verify(X509_STORE_CTX *ctx)
|
static int internal_verify(X509_STORE_CTX *ctx)
|
|
@ -1,4 +1,4 @@
|
||||||
cd openssl-0.9.8l
|
cd openssl-0.9.8w
|
||||||
copy e_os2.h ..\..\..\Include\openssl
|
copy e_os2.h ..\..\..\Include\openssl
|
||||||
copy crypto\crypto.h ..\..\..\Include\openssl
|
copy crypto\crypto.h ..\..\..\Include\openssl
|
||||||
copy crypto\tmdiff.h ..\..\..\Include\openssl
|
copy crypto\tmdiff.h ..\..\..\Include\openssl
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
cd openssl-0.9.8l
|
cd openssl-0.9.8w
|
||||||
cp e_os2.h ../../../Include/openssl
|
cp e_os2.h ../../../Include/openssl
|
||||||
cp crypto/crypto.h ../../../Include/openssl
|
cp crypto/crypto.h ../../../Include/openssl
|
||||||
cp crypto/tmdiff.h ../../../Include/openssl
|
cp crypto/tmdiff.h ../../../Include/openssl
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
## @file
|
## @file
|
||||||
# OpenSSL Library implementation.
|
# OpenSSL Library implementation.
|
||||||
#
|
#
|
||||||
# Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
|
# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||||
# This program and the accompanying materials
|
# This program and the accompanying materials
|
||||||
# are licensed and made available under the terms and conditions of the BSD License
|
# are licensed and made available under the terms and conditions of the BSD License
|
||||||
# which accompanies this distribution. The full text of the license may be found at
|
# which accompanies this distribution. The full text of the license may be found at
|
||||||
|
@ -19,7 +19,7 @@
|
||||||
MODULE_TYPE = BASE
|
MODULE_TYPE = BASE
|
||||||
VERSION_STRING = 1.0
|
VERSION_STRING = 1.0
|
||||||
LIBRARY_CLASS = OpensslLib
|
LIBRARY_CLASS = OpensslLib
|
||||||
DEFINE OPENSSL_PATH = openssl-0.9.8l
|
DEFINE OPENSSL_PATH = openssl-0.9.8w
|
||||||
DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
|
DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
|
||||||
DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED
|
DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED
|
||||||
|
|
||||||
|
|
|
@ -17,45 +17,45 @@ cryptography. This patch will enable openssl building under UEFI environment.
|
||||||
================================================================================
|
================================================================================
|
||||||
OpenSSL-Version
|
OpenSSL-Version
|
||||||
================================================================================
|
================================================================================
|
||||||
Current supported OpenSSL version for UEFI Crypto Library is 0.9.8l.
|
Current supported OpenSSL version for UEFI Crypto Library is 0.9.8w.
|
||||||
http://www.openssl.org/source/openssl-0.9.8l.tar.gz
|
http://www.openssl.org/source/openssl-0.9.8w.tar.gz
|
||||||
|
|
||||||
|
|
||||||
================================================================================
|
================================================================================
|
||||||
HOW to Install Openssl for UEFI Building
|
HOW to Install Openssl for UEFI Building
|
||||||
================================================================================
|
================================================================================
|
||||||
1. Download OpenSSL 0.9.8l from official website:
|
1. Download OpenSSL 0.9.8w from official website:
|
||||||
http://www.openssl.org/source/openssl-0.9.8l.tar.gz
|
http://www.openssl.org/source/openssl-0.9.8w.tar.gz
|
||||||
|
|
||||||
NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8l.tar.tar.
|
NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8w.tar.tar.
|
||||||
When you do the download, rename the "openssl-0.9.8l.tar.tar" to
|
When you do the download, rename the "openssl-0.9.8w.tar.tar" to
|
||||||
"openssl-0.9.8l.tar.gz" or rename the local downloaded file with ".tar.tar"
|
"openssl-0.9.8w.tar.gz" or rename the local downloaded file with ".tar.tar"
|
||||||
extension to ".tar.gz".
|
extension to ".tar.gz".
|
||||||
|
|
||||||
2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8l
|
2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8w
|
||||||
|
|
||||||
NOTE: If you use WinZip to unpack the openssl source in Windows, please
|
NOTE: If you use WinZip to unpack the openssl source in Windows, please
|
||||||
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
|
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
|
||||||
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
|
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
|
||||||
|
|
||||||
3. Apply this patch: EDKII_openssl-0.9.8l.patch, and make installation
|
3. Apply this patch: EDKII_openssl-0.9.8w.patch, and make installation
|
||||||
|
|
||||||
For Windows Environment:
|
For Windows Environment:
|
||||||
------------------------
|
------------------------
|
||||||
1) Make sure the patch utility has been installed in your machine.
|
1) Make sure the patch utility has been installed in your machine.
|
||||||
Install Cygwin or get the patch utility binary from
|
Install Cygwin or get the patch utility binary from
|
||||||
http://gnuwin32.sourceforge.net/packages/patch.htm
|
http://gnuwin32.sourceforge.net/packages/patch.htm
|
||||||
2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8l
|
2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8w
|
||||||
3) patch -p0 -i ..\EDKII_openssl-0.9.8l.patch
|
3) patch -p0 -i ..\EDKII_openssl-0.9.8w.patch
|
||||||
4) cd ..
|
4) cd ..
|
||||||
5) install.cmd
|
5) Install.cmd
|
||||||
|
|
||||||
For Linux* Environment:
|
For Linux* Environment:
|
||||||
-----------------------
|
-----------------------
|
||||||
1) Make sure the patch utility has been installed in your machine.
|
1) Make sure the patch utility has been installed in your machine.
|
||||||
Patch utility is available from http://directory.fsf.org/project/patch/
|
Patch utility is available from http://directory.fsf.org/project/patch/
|
||||||
2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8l
|
2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8w
|
||||||
3) patch -p0 -i ../EDKII_openssl-0.9.8l.patch
|
3) patch -p0 -i ../EDKII_openssl-0.9.8w.patch
|
||||||
4) cd ..
|
4) cd ..
|
||||||
5) ./install.sh
|
5) ./Install.sh
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue