tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Upgrade to OpenSSL-0.9.8zf (released on 19-MAR-2015). 

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17072 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Long Qin 2015-03-25 08:13:32 +00:00 committed by qlong
parent 602adebbe6
commit 785d183b4e
6 changed files with 295 additions and 297 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

281
CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8ze.patch
View File

@ -1,281 +0,0 @@
Index: crypto/bio/bss_file.c
===================================================================
--- crypto/bio/bss_file.c (revision 1)
+++ crypto/bio/bss_file.c (working copy)
@@ -428,6 +428,23 @@
return(ret);
}
+#else
+
+BIO_METHOD *BIO_s_file(void)
+ {
+ return NULL;
+ }
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+ {
+ return NULL;
+ }
+
+BIO *BIO_new_fp(FILE *stream, int close_flag)
+ {
+ return NULL;
+ }
+
#endif /* OPENSSL_NO_STDIO */
#endif /* HEADER_BSS_FILE_C */
Index: crypto/crypto.h
===================================================================
--- crypto/crypto.h (revision 1)
+++ crypto/crypto.h (working copy)
@@ -235,15 +235,15 @@
#ifndef OPENSSL_NO_LOCKING
#ifndef CRYPTO_w_lock
#define CRYPTO_w_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
#define CRYPTO_w_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
#define CRYPTO_r_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
#define CRYPTO_r_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
#define CRYPTO_add(addr,amount,type) \
- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+ CRYPTO_add_lock(addr,amount,type,NULL,0)
#endif
#else
#define CRYPTO_w_lock(a)
@@ -361,19 +361,19 @@
#define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
#define is_MemCheck_on() CRYPTO_is_mem_check_on()
-#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
-#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
+#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
+#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
#define OPENSSL_realloc(addr,num) \
- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
#define OPENSSL_realloc_clean(addr,old_num,num) \
- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
#define OPENSSL_remalloc(addr,num) \
- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
#define OPENSSL_freeFunc CRYPTO_free
#define OPENSSL_free(addr) CRYPTO_free(addr)
#define OPENSSL_malloc_locked(num) \
- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
+ CRYPTO_malloc_locked((int)num,NULL,0)
#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
@@ -487,7 +487,7 @@
long CRYPTO_get_mem_debug_options(void);
#define CRYPTO_push_info(info) \
- CRYPTO_push_info_(info, __FILE__, __LINE__);
+ CRYPTO_push_info_(info, NULL, 0);
int CRYPTO_push_info_(const char *info, const char *file, int line);
int CRYPTO_pop_info(void);
int CRYPTO_remove_all_info(void);
@@ -528,17 +528,17 @@
/* die if we have to */
void OpenSSLDie(const char *file,int line,const char *assertion);
-#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
+#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
unsigned long *OPENSSL_ia32cap_loc(void);
#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
int OPENSSL_isservice(void);
#ifdef OPENSSL_FIPS
-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
alg " previous FIPS forbidden algorithm error ignored");
-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
+#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
#alg " Algorithm forbidden in FIPS mode");
#ifdef OPENSSL_FIPS_STRICT
Index: crypto/err/err.c
===================================================================
--- crypto/err/err.c (revision 1)
+++ crypto/err/err.c (working copy)
@@ -313,7 +313,12 @@
es->err_data_flags[i]=flags;
}
+/* Add EFIAPI for UEFI version. */
+#if defined(OPENSSL_SYS_UEFI)
+void EFIAPI ERR_add_error_data(int num, ...)
+#else
void ERR_add_error_data(int num, ...)
+#endif
{
va_list args;
int i,n,s;
Index: crypto/err/err.h
===================================================================
--- crypto/err/err.h (revision 1)
+++ crypto/err/err.h (working copy)
@@ -286,8 +286,14 @@
#endif
#ifndef OPENSSL_NO_BIO
void ERR_print_errors(BIO *bp);
+
+/* Add EFIAPI for UEFI version. */
+#if defined(OPENSSL_SYS_UEFI)
+void EFIAPI ERR_add_error_data(int num, ...);
+#else
void ERR_add_error_data(int num, ...);
#endif
+#endif
void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
void ERR_load_ERR_strings(void);
Index: crypto/opensslconf.h
===================================================================
--- crypto/opensslconf.h (revision 1)
+++ crypto/opensslconf.h (working copy)
@@ -162,6 +162,9 @@
/* The prime number generation stuff may not work when
* EIGHT_BIT but I don't care since I've only used this mode
* for debuging the bignum libraries */
+
+/* Bypass following definition for UEFI version. */
+#if !defined(OPENSSL_SYS_UEFI)
#undef SIXTY_FOUR_BIT_LONG
#undef SIXTY_FOUR_BIT
#define THIRTY_TWO_BIT
@@ -169,6 +172,8 @@
#undef EIGHT_BIT
#endif
+#endif
+
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
#define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20
Index: crypto/pkcs7/pk7_smime.c
===================================================================
--- crypto/pkcs7/pk7_smime.c (revision 1)
+++ crypto/pkcs7/pk7_smime.c (working copy)
@@ -88,7 +88,10 @@
if (!PKCS7_content_new(p7, NID_pkcs7_data))
goto err;
- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
+ /*
+ NOTE: Update to SHA-256 digest algorithm for UEFI version.
+ */
+ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {
PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
goto err;
}
@@ -173,7 +176,8 @@
STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
- char buf[4096];
+ char *buf = NULL;
+ int bufsiz;
int i, j=0, k, ret = 0;
BIO *p7bio;
BIO *tmpin, *tmpout;
@@ -284,10 +288,16 @@
BIO_set_mem_eof_return(tmpout, 0);
} else tmpout = out;
+ bufsiz = 4096;
+ buf = OPENSSL_malloc (bufsiz);
+ if (buf == NULL) {
+ goto err;
+ }
+
/* We now have to 'read' from p7bio to calculate digests etc. */
for (;;)
{
- i=BIO_read(p7bio,buf,sizeof(buf));
+ i=BIO_read(p7bio,buf,bufsiz);
if (i <= 0) break;
if (tmpout) BIO_write(tmpout, buf, i);
}
@@ -326,6 +336,10 @@
sk_X509_free(signers);
+ if (buf != NULL) {
+ OPENSSL_free (buf);
+ }
+
return ret;
}
Index: crypto/rand/rand_egd.c
===================================================================
--- crypto/rand/rand_egd.c (revision 1)
+++ crypto/rand/rand_egd.c (working copy)
@@ -95,7 +95,7 @@
* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
*/
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
{
return(-1);
Index: crypto/rand/rand_unix.c
===================================================================
--- crypto/rand/rand_unix.c (revision 1)
+++ crypto/rand/rand_unix.c (working copy)
@@ -116,7 +116,7 @@
#include <openssl/rand.h>
#include "rand_lcl.h"
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
#include <sys/types.h>
#include <sys/time.h>
@@ -322,7 +322,7 @@
#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
-#if defined(OPENSSL_SYS_VXWORKS)
+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
int RAND_poll(void)
{
return 0;
Index: crypto/x509/x509_vfy.c
===================================================================
--- crypto/x509/x509_vfy.c (revision 1)
+++ crypto/x509/x509_vfy.c (working copy)
@@ -899,6 +899,10 @@
static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
{
+#if defined(OPENSSL_SYS_UEFI)
+ /* Bypass Certificate Time Checking for UEFI version. */
+ return 1;
+#else
time_t *ptime;
int i;
@@ -942,6 +946,7 @@
}
return 1;
+#endif
}
static int internal_verify(X509_STORE_CTX *ctx)

279
CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch Normal file
View File

@ -0,0 +1,279 @@
Index: crypto/bio/bss_file.c
===================================================================
--- crypto/bio/bss_file.c (revision 1)
+++ crypto/bio/bss_file.c (working copy)
@@ -418,6 +418,23 @@
return (ret);
}
+#else
+
+BIO_METHOD *BIO_s_file(void)
+{
+ return NULL;
+}
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+{
+ return NULL;
+}
+
+BIO *BIO_new_fp(FILE *stream, int close_flag)
+{
+ return NULL;
+}
+
# endif /* OPENSSL_NO_STDIO */
#endif /* HEADER_BSS_FILE_C */
Index: crypto/crypto.h
===================================================================
--- crypto/crypto.h (revision 1)
+++ crypto/crypto.h (working copy)
@@ -239,15 +239,15 @@
# ifndef OPENSSL_NO_LOCKING
# ifndef CRYPTO_w_lock
# define CRYPTO_w_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
# define CRYPTO_w_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
# define CRYPTO_r_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
# define CRYPTO_r_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
# define CRYPTO_add(addr,amount,type) \
- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+ CRYPTO_add_lock(addr,amount,type,NULL,0)
# endif
# else
# define CRYPTO_w_lock(a)
@@ -374,19 +374,19 @@
# define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
# define is_MemCheck_on() CRYPTO_is_mem_check_on()
-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
+# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
# define OPENSSL_realloc(addr,num) \
- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
# define OPENSSL_realloc_clean(addr,old_num,num) \
- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
# define OPENSSL_remalloc(addr,num) \
- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
# define OPENSSL_freeFunc CRYPTO_free
# define OPENSSL_free(addr) CRYPTO_free(addr)
# define OPENSSL_malloc_locked(num) \
- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
+ CRYPTO_malloc_locked((int)num,NULL,0)
# define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
const char *SSLeay_version(int type);
@@ -531,7 +531,7 @@
long CRYPTO_get_mem_debug_options(void);
# define CRYPTO_push_info(info) \
- CRYPTO_push_info_(info, __FILE__, __LINE__);
+ CRYPTO_push_info_(info, NULL, 0);
int CRYPTO_push_info_(const char *info, const char *file, int line);
int CRYPTO_pop_info(void);
int CRYPTO_remove_all_info(void);
@@ -578,7 +578,7 @@
/* die if we have to */
void OpenSSLDie(const char *file, int line, const char *assertion);
-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
unsigned long *OPENSSL_ia32cap_loc(void);
# define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
@@ -585,10 +585,10 @@
int OPENSSL_isservice(void);
# ifdef OPENSSL_FIPS
-# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
+# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
alg " previous FIPS forbidden algorithm error ignored");
-# define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
+# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
#alg " Algorithm forbidden in FIPS mode");
# ifdef OPENSSL_FIPS_STRICT
Index: crypto/err/err.c
===================================================================
--- crypto/err/err.c (revision 1)
+++ crypto/err/err.c (working copy)
@@ -321,7 +321,12 @@
es->err_data_flags[i] = flags;
}
+/* Add EFIAPI for UEFI version. */
+#if defined(OPENSSL_SYS_UEFI)
+void EFIAPI ERR_add_error_data(int num, ...)
+#else
void ERR_add_error_data(int num, ...)
+#endif
{
va_list args;
int i, n, s;
Index: crypto/err/err.h
===================================================================
--- crypto/err/err.h (revision 1)
+++ crypto/err/err.h (working copy)
@@ -285,7 +285,13 @@
# endif
# ifndef OPENSSL_NO_BIO
void ERR_print_errors(BIO *bp);
+
+/* Add EFIAPI for UEFI version. */
+#if defined(OPENSSL_SYS_UEFI)
+void EFIAPI ERR_add_error_data(int num, ...);
+#else
void ERR_add_error_data(int num, ...);
+#endif
# endif
void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
Index: crypto/opensslconf.h
===================================================================
--- crypto/opensslconf.h (revision 1)
+++ crypto/opensslconf.h (working copy)
@@ -162,6 +162,9 @@
/* The prime number generation stuff may not work when
* EIGHT_BIT but I don't care since I've only used this mode
* for debuging the bignum libraries */
+
+/* Bypass following definition for UEFI version. */
+#if !defined(OPENSSL_SYS_UEFI)
#undef SIXTY_FOUR_BIT_LONG
#undef SIXTY_FOUR_BIT
#define THIRTY_TWO_BIT
@@ -169,6 +172,8 @@
#undef EIGHT_BIT
#endif
+#endif
+
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
#define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20
Index: crypto/pkcs7/pk7_smime.c
===================================================================
--- crypto/pkcs7/pk7_smime.c (revision 1)
+++ crypto/pkcs7/pk7_smime.c (working copy)
@@ -90,7 +90,14 @@
if (!PKCS7_content_new(p7, NID_pkcs7_data))
goto err;
+#if defined(OPENSSL_SYS_UEFI)
+ /*
+ * NOTE: Update to SHA-256 digest algorithm for UEFI version.
+ */
+ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha256()))) {
+#else
if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) {
+#endif
PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
goto err;
}
@@ -175,7 +182,8 @@
STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
- char buf[4096];
+ char *buf = NULL;
+ int bufsiz;
int i, j = 0, k, ret = 0;
BIO *p7bio;
BIO *tmpin, *tmpout;
@@ -286,6 +294,12 @@
} else
tmpout = out;
+ bufsiz = 4096;
+ buf = OPENSSL_malloc (bufsiz);
+ if (buf == NULL) {
+ goto err;
+ }
+
/* We now have to 'read' from p7bio to calculate digests etc. */
for (;;) {
i = BIO_read(p7bio, buf, sizeof(buf));
@@ -328,6 +342,10 @@
sk_X509_free(signers);
+ if (buf != NULL) {
+ OPENSSL_free (buf);
+ }
+
return ret;
}
Index: crypto/rand/rand_egd.c
===================================================================
--- crypto/rand/rand_egd.c (revision 1)
+++ crypto/rand/rand_egd.c (working copy)
@@ -95,7 +95,7 @@
* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
*/
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
{
return (-1);
Index: crypto/rand/rand_unix.c
===================================================================
--- crypto/rand/rand_unix.c (revision 1)
+++ crypto/rand/rand_unix.c (working copy)
@@ -116,7 +116,7 @@
#include <openssl/rand.h>
#include "rand_lcl.h"
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
# include <sys/types.h>
# include <sys/time.h>
@@ -332,7 +332,7 @@
* defined(OPENSSL_SYS_VXWORKS) ||
* defined(OPENSSL_SYS_NETWARE)) */
-#if defined(OPENSSL_SYS_VXWORKS)
+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
int RAND_poll(void)
{
return 0;
Index: crypto/x509/x509_vfy.c
===================================================================
--- crypto/x509/x509_vfy.c (revision 1)
+++ crypto/x509/x509_vfy.c (working copy)
@@ -871,6 +871,10 @@
static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
{
+#if defined(OPENSSL_SYS_UEFI)
+ /* Bypass Certificate Time Checking for UEFI version. */
+ return 1;
+#else
time_t *ptime;
int i;
@@ -910,6 +914,7 @@
}
return 1;
+#endif
}
static int internal_verify(X509_STORE_CTX *ctx)

2
CryptoPkg/Library/OpensslLib/Install.cmd
View File

@ -1,4 +1,4 @@
cd openssl-0.9.8ze
cd openssl-0.9.8zf
copy e_os2.h ..\..\..\Include\openssl
copy crypto\crypto.h ..\..\..\Include\openssl
copy crypto\tmdiff.h ..\..\..\Include\openssl

2
CryptoPkg/Library/OpensslLib/Install.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh
cd openssl-0.9.8ze
cd openssl-0.9.8zf
cp e_os2.h ../../../Include/openssl
cp crypto/crypto.h ../../../Include/openssl
cp crypto/tmdiff.h ../../../Include/openssl

2
CryptoPkg/Library/OpensslLib/OpensslLib.inf
View File

@ -20,7 +20,7 @@
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
DEFINE OPENSSL_PATH = openssl-0.9.8ze
DEFINE OPENSSL_PATH = openssl-0.9.8zf
DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_MD2 -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ENGINE

26
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
View File

@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building under UEFI environment.
================================================================================
OpenSSL-Version
================================================================================
Current supported OpenSSL version for UEFI Crypto Library is 0.9.8ze.
http://www.openssl.org/source/openssl-0.9.8ze.tar.gz
Current supported OpenSSL version for UEFI Crypto Library is 0.9.8zf.
http://www.openssl.org/source/openssl-0.9.8zf.tar.gz
================================================================================
HOW to Install Openssl for UEFI Building
================================================================================
1. Download OpenSSL 0.9.8ze from official website:
http://www.openssl.org/source/openssl-0.9.8ze.tar.gz
1. Download OpenSSL 0.9.8zf from official website:
http://www.openssl.org/source/openssl-0.9.8zf.tar.gz
NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8ze.tar.tar.
When you do the download, rename the "openssl-0.9.8ze.tar.tar" to
"openssl-0.9.8ze.tar.gz" or rename the local downloaded file with ".tar.tar"
NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8zf.tar.tar.
When you do the download, rename the "openssl-0.9.8zf.tar.tar" to
"openssl-0.9.8zf.tar.gz" or rename the local downloaded file with ".tar.tar"
extension to ".tar.gz".
2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8ze
2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8zf
NOTE: If you use WinZip to unpack the openssl source in Windows, please
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
3. Apply this patch: EDKII_openssl-0.9.8ze.patch, and make installation
3. Apply this patch: EDKII_openssl-0.9.8zf.patch, and make installation
For Windows Environment:
------------------------
1) Make sure the patch utility has been installed in your machine.
Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm
2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8ze
3) patch -p0 -i ..\EDKII_openssl-0.9.8ze.patch
2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8zf
3) patch -p0 -i ..\EDKII_openssl-0.9.8zf.patch
4) cd ..
5) Install.cmd
@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment.
-----------------------
1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/
2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8ze
3) patch -p0 -i ../EDKII_openssl-0.9.8ze.patch
2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8zf
3) patch -p0 -i ../EDKII_openssl-0.9.8zf.patch
4) cd ..
5) ./Install.sh