tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-23 05:34:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

Upgrade to OpenSSL-0.9.8zf (released on 19-MAR-2015).

Browse Source 
Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17072 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Long Qin 2015-03-25 08:13:32 +00:00 committed by qlong
parent 602adebbe6
commit 785d183b4e
6 changed files with 295 additions and 297 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

281
CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8ze.patch
View File

@ -1,281 +0,0 @@
Index: crypto/bio/bss_file.c
===================================================================
--- crypto/bio/bss_file.c (revision 1)
+++ crypto/bio/bss_file.c (working copy)
@@ -428,6 +428,23 @@
return(ret);
}
+#else
+
+BIO_METHOD *BIO_s_file(void)
+ {
+ return NULL;
+ }
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+ {
+ return NULL;
+ }
+
+BIO *BIO_new_fp(FILE *stream, int close_flag)
+ {
+ return NULL;
+ }
+
#endif /* OPENSSL_NO_STDIO */
#endif /* HEADER_BSS_FILE_C */
Index: crypto/crypto.h
===================================================================
--- crypto/crypto.h (revision 1)
+++ crypto/crypto.h (working copy)
@@ -235,15 +235,15 @@
#ifndef OPENSSL_NO_LOCKING
#ifndef CRYPTO_w_lock
#define CRYPTO_w_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
#define CRYPTO_w_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
#define CRYPTO_r_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
#define CRYPTO_r_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
#define CRYPTO_add(addr,amount,type) \
- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+ CRYPTO_add_lock(addr,amount,type,NULL,0)
#endif
#else
#define CRYPTO_w_lock(a)
@@ -361,19 +361,19 @@
#define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
#define is_MemCheck_on() CRYPTO_is_mem_check_on()
-#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
-#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
+#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
+#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
#define OPENSSL_realloc(addr,num) \
- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
#define OPENSSL_realloc_clean(addr,old_num,num) \
- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
#define OPENSSL_remalloc(addr,num) \
- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
#define OPENSSL_freeFunc CRYPTO_free
#define OPENSSL_free(addr) CRYPTO_free(addr)
#define OPENSSL_malloc_locked(num) \
- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
+ CRYPTO_malloc_locked((int)num,NULL,0)
#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
@@ -487,7 +487,7 @@
long CRYPTO_get_mem_debug_options(void);
#define CRYPTO_push_info(info) \
- CRYPTO_push_info_(info, __FILE__, __LINE__);
+ CRYPTO_push_info_(info, NULL, 0);
int CRYPTO_push_info_(const char *info, const char *file, int line);
int CRYPTO_pop_info(void);
int CRYPTO_remove_all_info(void);
@@ -528,17 +528,17 @@
/* die if we have to */
void OpenSSLDie(const char *file,int line,const char *assertion);
-#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
+#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
unsigned long *OPENSSL_ia32cap_loc(void);
#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
int OPENSSL_isservice(void);
#ifdef OPENSSL_FIPS
-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
alg " previous FIPS forbidden algorithm error ignored");
-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
+#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
#alg " Algorithm forbidden in FIPS mode");
#ifdef OPENSSL_FIPS_STRICT
Index: crypto/err/err.c
===================================================================
--- crypto/err/err.c (revision 1)
+++ crypto/err/err.c (working copy)
@@ -313,7 +313,12 @@
es->err_data_flags[i]=flags;
}
+/* Add EFIAPI for UEFI version. */
+#if defined(OPENSSL_SYS_UEFI)
+void EFIAPI ERR_add_error_data(int num, ...)
+#else
void ERR_add_error_data(int num, ...)
+#endif
{
va_list args;
int i,n,s;
Index: crypto/err/err.h
===================================================================
--- crypto/err/err.h (revision 1)
+++ crypto/err/err.h (working copy)
@@ -286,8 +286,14 @@
#endif
#ifndef OPENSSL_NO_BIO
void ERR_print_errors(BIO *bp);
+
+/* Add EFIAPI for UEFI version. */
+#if defined(OPENSSL_SYS_UEFI)
+void EFIAPI ERR_add_error_data(int num, ...);
+#else
void ERR_add_error_data(int num, ...);
#endif
+#endif
void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
void ERR_load_ERR_strings(void);
Index: crypto/opensslconf.h
===================================================================
--- crypto/opensslconf.h (revision 1)
+++ crypto/opensslconf.h (working copy)
@@ -162,6 +162,9 @@
/* The prime number generation stuff may not work when
* EIGHT_BIT but I don't care since I've only used this mode
* for debuging the bignum libraries */
+
+/* Bypass following definition for UEFI version. */
+#if !defined(OPENSSL_SYS_UEFI)
#undef SIXTY_FOUR_BIT_LONG
#undef SIXTY_FOUR_BIT
#define THIRTY_TWO_BIT
@@ -169,6 +172,8 @@
#undef EIGHT_BIT
#endif
+#endif
+
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
#define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20
Index: crypto/pkcs7/pk7_smime.c
===================================================================
--- crypto/pkcs7/pk7_smime.c (revision 1)
+++ crypto/pkcs7/pk7_smime.c (working copy)
@@ -88,7 +88,10 @@
if (!PKCS7_content_new(p7, NID_pkcs7_data))
goto err;
- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
+ /*
+ NOTE: Update to SHA-256 digest algorithm for UEFI version.
+ */
+ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {
PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
goto err;
}
@@ -173,7 +176,8 @@
STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
- char buf[4096];
+ char *buf = NULL;
+ int bufsiz;
int i, j=0, k, ret = 0;
BIO *p7bio;
BIO *tmpin, *tmpout;
@@ -284,10 +288,16 @@
BIO_set_mem_eof_return(tmpout, 0);
} else tmpout = out;
+ bufsiz = 4096;
+ buf = OPENSSL_malloc (bufsiz);
+ if (buf == NULL) {
+ goto err;
+ }
+
/* We now have to 'read' from p7bio to calculate digests etc. */
for (;;)
{
- i=BIO_read(p7bio,buf,sizeof(buf));
+ i=BIO_read(p7bio,buf,bufsiz);
if (i <= 0) break;
if (tmpout) BIO_write(tmpout, buf, i);
}
@@ -326,6 +336,10 @@
sk_X509_free(signers);
+ if (buf != NULL) {
+ OPENSSL_free (buf);
+ }
+
return ret;
}
Index: crypto/rand/rand_egd.c
===================================================================
--- crypto/rand/rand_egd.c (revision 1)
+++ crypto/rand/rand_egd.c (working copy)
@@ -95,7 +95,7 @@
* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
*/
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
{
return(-1);
Index: crypto/rand/rand_unix.c
===================================================================
--- crypto/rand/rand_unix.c (revision 1)
+++ crypto/rand/rand_unix.c (working copy)
@@ -116,7 +116,7 @@
#include <openssl/rand.h>
#include "rand_lcl.h"
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
#include <sys/types.h>
#include <sys/time.h>
@@ -322,7 +322,7 @@
#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
-#if defined(OPENSSL_SYS_VXWORKS)
+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
int RAND_poll(void)
{
return 0;
Index: crypto/x509/x509_vfy.c
===================================================================
--- crypto/x509/x509_vfy.c (revision 1)
+++ crypto/x509/x509_vfy.c (working copy)
@@ -899,6 +899,10 @@
static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
{
+#if defined(OPENSSL_SYS_UEFI)
+ /* Bypass Certificate Time Checking for UEFI version. */
+ return 1;
+#else
time_t *ptime;
int i;
@@ -942,6 +946,7 @@
}
return 1;
+#endif
}
static int internal_verify(X509_STORE_CTX *ctx)

279
CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch Normal file
View File

@ -0,0 +1,279 @@
Index: crypto/bio/bss_file.c
===================================================================
--- crypto/bio/bss_file.c (revision 1)
+++ crypto/bio/bss_file.c (working copy)
@@ -418,6 +418,23 @@
return (ret);
}
+#else
+
+BIO_METHOD *BIO_s_file(void)
+{
+ return NULL;
+}
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+{
+ return NULL;
+}
+
+BIO *BIO_new_fp(FILE *stream, int close_flag)
+{
+ return NULL;
+}
+
# endif /* OPENSSL_NO_STDIO */
#endif /* HEADER_BSS_FILE_C */
Index: crypto/crypto.h
===================================================================
--- crypto/crypto.h (revision 1)
+++ crypto/crypto.h (working copy)
@@ -239,15 +239,15 @@
# ifndef OPENSSL_NO_LOCKING
# ifndef CRYPTO_w_lock
# define CRYPTO_w_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
# define CRYPTO_w_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
# define CRYPTO_r_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
# define CRYPTO_r_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
# define CRYPTO_add(addr,amount,type) \
- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+ CRYPTO_add_lock(addr,amount,type,NULL,0)
# endif
# else
# define CRYPTO_w_lock(a)
@@ -374,19 +374,19 @@
# define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
# define is_MemCheck_on() CRYPTO_is_mem_check_on()
-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
+# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
# define OPENSSL_realloc(addr,num) \
- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
# define OPENSSL_realloc_clean(addr,old_num,num) \
- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
# define OPENSSL_remalloc(addr,num) \
- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
# define OPENSSL_freeFunc CRYPTO_free
# define OPENSSL_free(addr) CRYPTO_free(addr)
# define OPENSSL_malloc_locked(num) \
- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
+ CRYPTO_malloc_locked((int)num,NULL,0)
# define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
const char *SSLeay_version(int type);
@@ -531,7 +531,7 @@
long CRYPTO_get_mem_debug_options(void);
# define CRYPTO_push_info(info) \
- CRYPTO_push_info_(info, __FILE__, __LINE__);
+ CRYPTO_push_info_(info, NULL, 0);
int CRYPTO_push_info_(const char *info, const char *file, int line);
int CRYPTO_pop_info(void);
int CRYPTO_remove_all_info(void);
@@ -578,7 +578,7 @@
/* die if we have to */
void OpenSSLDie(const char *file, int line, const char *assertion);
-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
unsigned long *OPENSSL_ia32cap_loc(void);
# define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
@@ -585,10 +585,10 @@
int OPENSSL_isservice(void);
# ifdef OPENSSL_FIPS
-# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
+# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
alg " previous FIPS forbidden algorithm error ignored");
-# define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
+# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
#alg " Algorithm forbidden in FIPS mode");
# ifdef OPENSSL_FIPS_STRICT
Index: crypto/err/err.c
===================================================================
--- crypto/err/err.c (revision 1)
+++ crypto/err/err.c (working copy)
@@ -321,7 +321,12 @@
es->err_data_flags[i] = flags;
}
+/* Add EFIAPI for UEFI version. */
+#if defined(OPENSSL_SYS_UEFI)
+void EFIAPI ERR_add_error_data(int num, ...)
+#else
void ERR_add_error_data(int num, ...)
+#endif
{
va_list args;
int i, n, s;
Index: crypto/err/err.h
===================================================================
--- crypto/err/err.h (revision 1)
+++ crypto/err/err.h (working copy)
@@ -285,7 +285,13 @@
# endif
# ifndef OPENSSL_NO_BIO
void ERR_print_errors(BIO *bp);
+
+/* Add EFIAPI for UEFI version. */
+#if defined(OPENSSL_SYS_UEFI)
+void EFIAPI ERR_add_error_data(int num, ...);
+#else
void ERR_add_error_data(int num, ...);
+#endif
# endif
void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
Index: crypto/opensslconf.h
===================================================================
--- crypto/opensslconf.h (revision 1)
+++ crypto/opensslconf.h (working copy)
@@ -162,6 +162,9 @@
/* The prime number generation stuff may not work when
* EIGHT_BIT but I don't care since I've only used this mode
* for debuging the bignum libraries */
+
+/* Bypass following definition for UEFI version. */
+#if !defined(OPENSSL_SYS_UEFI)
#undef SIXTY_FOUR_BIT_LONG
#undef SIXTY_FOUR_BIT
#define THIRTY_TWO_BIT
@@ -169,6 +172,8 @@
#undef EIGHT_BIT
#endif
+#endif
+
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
#define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20
Index: crypto/pkcs7/pk7_smime.c
===================================================================
--- crypto/pkcs7/pk7_smime.c (revision 1)
+++ crypto/pkcs7/pk7_smime.c (working copy)
@@ -90,7 +90,14 @@
if (!PKCS7_content_new(p7, NID_pkcs7_data))
goto err;
+#if defined(OPENSSL_SYS_UEFI)
+ /*
+ * NOTE: Update to SHA-256 digest algorithm for UEFI version.
+ */
+ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha256()))) {
+#else
if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) {
+#endif
PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
goto err;
}
@@ -175,7 +182,8 @@
STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
- char buf[4096];
+ char *buf = NULL;
+ int bufsiz;
int i, j = 0, k, ret = 0;
BIO *p7bio;
BIO *tmpin, *tmpout;
@@ -286,6 +294,12 @@
} else
tmpout = out;
+ bufsiz = 4096;
+ buf = OPENSSL_malloc (bufsiz);
+ if (buf == NULL) {
+ goto err;
+ }
+
/* We now have to 'read' from p7bio to calculate digests etc. */
for (;;) {
i = BIO_read(p7bio, buf, sizeof(buf));
@@ -328,6 +342,10 @@
sk_X509_free(signers);
+ if (buf != NULL) {
+ OPENSSL_free (buf);
+ }
+
return ret;
}
Index: crypto/rand/rand_egd.c
===================================================================
--- crypto/rand/rand_egd.c (revision 1)
+++ crypto/rand/rand_egd.c (working copy)
@@ -95,7 +95,7 @@
* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
*/
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
{
return (-1);
Index: crypto/rand/rand_unix.c
===================================================================
--- crypto/rand/rand_unix.c (revision 1)
+++ crypto/rand/rand_unix.c (working copy)
@@ -116,7 +116,7 @@
#include <openssl/rand.h>
#include "rand_lcl.h"
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
# include <sys/types.h>
# include <sys/time.h>
@@ -332,7 +332,7 @@
* defined(OPENSSL_SYS_VXWORKS) ||
* defined(OPENSSL_SYS_NETWARE)) */
-#if defined(OPENSSL_SYS_VXWORKS)
+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
int RAND_poll(void)
{
return 0;
Index: crypto/x509/x509_vfy.c
===================================================================
--- crypto/x509/x509_vfy.c (revision 1)
+++ crypto/x509/x509_vfy.c (working copy)
@@ -871,6 +871,10 @@
static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
{
+#if defined(OPENSSL_SYS_UEFI)
+ /* Bypass Certificate Time Checking for UEFI version. */
+ return 1;
+#else
time_t *ptime;
int i;
@@ -910,6 +914,7 @@
}
return 1;
+#endif
}
static int internal_verify(X509_STORE_CTX *ctx)

2
CryptoPkg/Library/OpensslLib/Install.cmd
View File

@ -1,4 +1,4 @@
cd openssl-0.9.8ze cd openssl-0.9.8zf
copy e_os2.h ..\..\..\Include\openssl copy e_os2.h ..\..\..\Include\openssl
copy crypto\crypto.h ..\..\..\Include\openssl copy crypto\crypto.h ..\..\..\Include\openssl
copy crypto\tmdiff.h ..\..\..\Include\openssl copy crypto\tmdiff.h ..\..\..\Include\openssl

2
CryptoPkg/Library/OpensslLib/Install.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
cd openssl-0.9.8ze cd openssl-0.9.8zf
cp e_os2.h ../../../Include/openssl cp e_os2.h ../../../Include/openssl
cp crypto/crypto.h ../../../Include/openssl cp crypto/crypto.h ../../../Include/openssl
cp crypto/tmdiff.h ../../../Include/openssl cp crypto/tmdiff.h ../../../Include/openssl

2
CryptoPkg/Library/OpensslLib/OpensslLib.inf
View File

@ -20,7 +20,7 @@
MODULE_TYPE = BASE MODULE_TYPE = BASE
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib LIBRARY_CLASS = OpensslLib
DEFINE OPENSSL_PATH = openssl-0.9.8ze DEFINE OPENSSL_PATH = openssl-0.9.8zf
DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_MD2 -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ENGINE DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_MD2 -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ENGINE

26
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
View File

@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building under UEFI environment.
================================================================================ ================================================================================
OpenSSL-Version OpenSSL-Version
================================================================================ ================================================================================
Current supported OpenSSL version for UEFI Crypto Library is 0.9.8ze. Current supported OpenSSL version for UEFI Crypto Library is 0.9.8zf.
http://www.openssl.org/source/openssl-0.9.8ze.tar.gz http://www.openssl.org/source/openssl-0.9.8zf.tar.gz
================================================================================ ================================================================================
HOW to Install Openssl for UEFI Building HOW to Install Openssl for UEFI Building
================================================================================ ================================================================================
1. Download OpenSSL 0.9.8ze from official website: 1. Download OpenSSL 0.9.8zf from official website:
http://www.openssl.org/source/openssl-0.9.8ze.tar.gz http://www.openssl.org/source/openssl-0.9.8zf.tar.gz
NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8ze.tar.tar. NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8zf.tar.tar.
When you do the download, rename the "openssl-0.9.8ze.tar.tar" to When you do the download, rename the "openssl-0.9.8zf.tar.tar" to
"openssl-0.9.8ze.tar.gz" or rename the local downloaded file with ".tar.tar" "openssl-0.9.8zf.tar.gz" or rename the local downloaded file with ".tar.tar"
extension to ".tar.gz". extension to ".tar.gz".
2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8ze 2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8zf
NOTE: If you use WinZip to unpack the openssl source in Windows, please NOTE: If you use WinZip to unpack the openssl source in Windows, please
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options --> uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion"). Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
3. Apply this patch: EDKII_openssl-0.9.8ze.patch, and make installation 3. Apply this patch: EDKII_openssl-0.9.8zf.patch, and make installation
For Windows Environment: For Windows Environment:
------------------------ ------------------------
1) Make sure the patch utility has been installed in your machine. 1) Make sure the patch utility has been installed in your machine.
Install Cygwin or get the patch utility binary from Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm http://gnuwin32.sourceforge.net/packages/patch.htm
2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8ze 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8zf
3) patch -p0 -i ..\EDKII_openssl-0.9.8ze.patch 3) patch -p0 -i ..\EDKII_openssl-0.9.8zf.patch
4) cd .. 4) cd ..
5) Install.cmd 5) Install.cmd
@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment.
----------------------- -----------------------
1) Make sure the patch utility has been installed in your machine. 1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/ Patch utility is available from http://directory.fsf.org/project/patch/
2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8ze 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8zf
3) patch -p0 -i ../EDKII_openssl-0.9.8ze.patch 3) patch -p0 -i ../EDKII_openssl-0.9.8zf.patch
4) cd .. 4) cd ..
5) ./Install.sh 5) ./Install.sh