Upgrade openssl version to 0.98w.

Signed-off by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13289 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
tye1 2012-05-07 10:29:58 +00:00
parent 7c9fbd79d1
commit 5359174326
5 changed files with 56 additions and 41 deletions

View File

@ -1,6 +1,8 @@
--- crypto/bio/bss_file.c Thu Jan 15 17:14:12 1970 Index: crypto/bio/bss_file.c
+++ crypto/bio/bss_file.c Thu Jan 15 17:14:12 1970 ===================================================================
@@ -421,6 +421,23 @@ --- crypto/bio/bss_file.c (revision 1)
+++ crypto/bio/bss_file.c (working copy)
@@ -428,6 +428,23 @@
return(ret); return(ret);
} }
@ -24,8 +26,10 @@
#endif /* OPENSSL_NO_STDIO */ #endif /* OPENSSL_NO_STDIO */
#endif /* HEADER_BSS_FILE_C */ #endif /* HEADER_BSS_FILE_C */
--- crypto/err/err.c Index: crypto/err/err.c
+++ crypto/err/err.c ===================================================================
--- crypto/err/err.c (revision 1)
+++ crypto/err/err.c (working copy)
@@ -313,7 +313,12 @@ @@ -313,7 +313,12 @@
es->err_data_flags[i]=flags; es->err_data_flags[i]=flags;
} }
@ -39,8 +43,10 @@
{ {
va_list args; va_list args;
int i,n,s; int i,n,s;
--- crypto/err/err.h Index: crypto/err/err.h
+++ crypto/err/err.h ===================================================================
--- crypto/err/err.h (revision 1)
+++ crypto/err/err.h (working copy)
@@ -286,8 +286,14 @@ @@ -286,8 +286,14 @@
#endif #endif
#ifndef OPENSSL_NO_BIO #ifndef OPENSSL_NO_BIO
@ -56,8 +62,10 @@
void ERR_load_strings(int lib,ERR_STRING_DATA str[]); void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
void ERR_unload_strings(int lib,ERR_STRING_DATA str[]); void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
void ERR_load_ERR_strings(void); void ERR_load_ERR_strings(void);
--- crypto/opensslconf.h Index: crypto/opensslconf.h
+++ crypto/opensslconf.h ===================================================================
--- crypto/opensslconf.h (revision 1)
+++ crypto/opensslconf.h (working copy)
@@ -162,6 +162,9 @@ @@ -162,6 +162,9 @@
/* The prime number generation stuff may not work when /* The prime number generation stuff may not work when
* EIGHT_BIT but I don't care since I've only used this mode * EIGHT_BIT but I don't care since I've only used this mode
@ -77,8 +85,10 @@
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
#define CONFIG_HEADER_RC4_LOCL_H #define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20 /* if this is defined data[i] is used instead of *data, this is a %20
--- crypto/pkcs7/pk7_smime.c 2009-03-15 21:36:02.000000000 +0800 Index: crypto/pkcs7/pk7_smime.c
+++ crypto/pkcs7/pk7_smime.c 2011-09-13 14:11:36.019454700 +0800 ===================================================================
--- crypto/pkcs7/pk7_smime.c (revision 1)
+++ crypto/pkcs7/pk7_smime.c (working copy)
@@ -88,7 +88,10 @@ @@ -88,7 +88,10 @@
if (!PKCS7_content_new(p7, NID_pkcs7_data)) if (!PKCS7_content_new(p7, NID_pkcs7_data))
goto err; goto err;
@ -91,8 +101,10 @@
PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
goto err; goto err;
} }
--- crypto/rand/rand_egd.c Thu Jan 15 17:14:12 1970 Index: crypto/rand/rand_egd.c
+++ crypto/rand/rand_egd.c Thu Jan 15 17:14:12 1970 ===================================================================
--- crypto/rand/rand_egd.c (revision 1)
+++ crypto/rand/rand_egd.c (working copy)
@@ -95,7 +95,7 @@ @@ -95,7 +95,7 @@
* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
*/ */
@ -102,8 +114,10 @@
int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
{ {
return(-1); return(-1);
--- crypto/rand/rand_unix.c Thu Jan 15 17:14:12 1970 Index: crypto/rand/rand_unix.c
+++ crypto/rand/rand_unix.c Thu Jan 15 17:14:12 1970 ===================================================================
--- crypto/rand/rand_unix.c (revision 1)
+++ crypto/rand/rand_unix.c (working copy)
@@ -116,7 +116,7 @@ @@ -116,7 +116,7 @@
#include <openssl/rand.h> #include <openssl/rand.h>
#include "rand_lcl.h" #include "rand_lcl.h"
@ -122,14 +136,15 @@
int RAND_poll(void) int RAND_poll(void)
{ {
return 0; return 0;
--- crypto/x509/x509_vfy.c Thu Jan 15 17:14:12 1970 Index: crypto/x509/x509_vfy.c
+++ crypto/x509/x509_vfy.c Thu Jan 15 17:14:12 1970 ===================================================================
@@ -391,7 +391,12 @@ --- crypto/x509/x509_vfy.c (revision 1)
+++ crypto/x509/x509_vfy.c (working copy)
@@ -386,7 +386,11 @@
static int check_chain_extensions(X509_STORE_CTX *ctx) static int check_chain_extensions(X509_STORE_CTX *ctx)
{ {
-#ifdef OPENSSL_NO_CHAIN_VERIFY -#ifdef OPENSSL_NO_CHAIN_VERIFY
+//#ifdef OPENSSL_NO_CHAIN_VERIFY
+#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI) +#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)
+ /* + /*
+ NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting + NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting
@ -138,7 +153,7 @@
return 1; return 1;
#else #else
int i, ok=0, must_be_ca, plen = 0; int i, ok=0, must_be_ca, plen = 0;
@@ -904,6 +909,10 @@ @@ -899,6 +903,10 @@
static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
{ {
@ -149,11 +164,11 @@
time_t *ptime; time_t *ptime;
int i; int i;
@@ -947,6 +956,7 @@ @@ -942,6 +950,7 @@
} }
return 1; return 1;
+#endif +#endif
} }
static int internal_verify(X509_STORE_CTX *ctx) static int internal_verify(X509_STORE_CTX *ctx)

View File

@ -1,4 +1,4 @@
cd openssl-0.9.8l cd openssl-0.9.8w
copy e_os2.h ..\..\..\Include\openssl copy e_os2.h ..\..\..\Include\openssl
copy crypto\crypto.h ..\..\..\Include\openssl copy crypto\crypto.h ..\..\..\Include\openssl
copy crypto\tmdiff.h ..\..\..\Include\openssl copy crypto\tmdiff.h ..\..\..\Include\openssl

View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
cd openssl-0.9.8l cd openssl-0.9.8w
cp e_os2.h ../../../Include/openssl cp e_os2.h ../../../Include/openssl
cp crypto/crypto.h ../../../Include/openssl cp crypto/crypto.h ../../../Include/openssl
cp crypto/tmdiff.h ../../../Include/openssl cp crypto/tmdiff.h ../../../Include/openssl

View File

@ -1,7 +1,7 @@
## @file ## @file
# OpenSSL Library implementation. # OpenSSL Library implementation.
# #
# Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -19,7 +19,7 @@
MODULE_TYPE = BASE MODULE_TYPE = BASE
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib LIBRARY_CLASS = OpensslLib
DEFINE OPENSSL_PATH = openssl-0.9.8l DEFINE OPENSSL_PATH = openssl-0.9.8w
DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED

View File

@ -17,45 +17,45 @@ cryptography. This patch will enable openssl building under UEFI environment.
================================================================================ ================================================================================
OpenSSL-Version OpenSSL-Version
================================================================================ ================================================================================
Current supported OpenSSL version for UEFI Crypto Library is 0.9.8l. Current supported OpenSSL version for UEFI Crypto Library is 0.9.8w.
http://www.openssl.org/source/openssl-0.9.8l.tar.gz http://www.openssl.org/source/openssl-0.9.8w.tar.gz
================================================================================ ================================================================================
HOW to Install Openssl for UEFI Building HOW to Install Openssl for UEFI Building
================================================================================ ================================================================================
1. Download OpenSSL 0.9.8l from official website: 1. Download OpenSSL 0.9.8w from official website:
http://www.openssl.org/source/openssl-0.9.8l.tar.gz http://www.openssl.org/source/openssl-0.9.8w.tar.gz
NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8l.tar.tar. NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8w.tar.tar.
When you do the download, rename the "openssl-0.9.8l.tar.tar" to When you do the download, rename the "openssl-0.9.8w.tar.tar" to
"openssl-0.9.8l.tar.gz" or rename the local downloaded file with ".tar.tar" "openssl-0.9.8w.tar.gz" or rename the local downloaded file with ".tar.tar"
extension to ".tar.gz". extension to ".tar.gz".
2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8l 2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8w
NOTE: If you use WinZip to unpack the openssl source in Windows, please NOTE: If you use WinZip to unpack the openssl source in Windows, please
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options --> uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion"). Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
3. Apply this patch: EDKII_openssl-0.9.8l.patch, and make installation 3. Apply this patch: EDKII_openssl-0.9.8w.patch, and make installation
For Windows Environment: For Windows Environment:
------------------------ ------------------------
1) Make sure the patch utility has been installed in your machine. 1) Make sure the patch utility has been installed in your machine.
Install Cygwin or get the patch utility binary from Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm http://gnuwin32.sourceforge.net/packages/patch.htm
2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8l 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8w
3) patch -p0 -i ..\EDKII_openssl-0.9.8l.patch 3) patch -p0 -i ..\EDKII_openssl-0.9.8w.patch
4) cd .. 4) cd ..
5) install.cmd 5) Install.cmd
For Linux* Environment: For Linux* Environment:
----------------------- -----------------------
1) Make sure the patch utility has been installed in your machine. 1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/ Patch utility is available from http://directory.fsf.org/project/patch/
2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8l 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8w
3) patch -p0 -i ../EDKII_openssl-0.9.8l.patch 3) patch -p0 -i ../EDKII_openssl-0.9.8w.patch
4) cd .. 4) cd ..
5) ./install.sh 5) ./Install.sh