BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507
Adding OpensslLibX64.inf and modifying process_files.pl to process this
file and generate the necessary assembly files.
Adding OpensslLibX64Gcc.inf to allow building with GCC toolchain.
ApiHooks.c contains a stub function for a Windows API call.
uefi-asm.conf contains the limited assembly configurations for OpenSSL.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Mike Kinney <michael.d.kinney@intel.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Christopher Zurcher <christopher.zurcher@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Update openssl from 1.1.1g to 1.1.1j. Current OpenSSL version
1.1.1g contains the vulnerabilities of CVE-2021-23841 and
CVE-2021-23840. The related vulnerable API EVP_DecryptUpdate
are used in drivers.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3266
Besides, the opensslconf.h automatically generated by process_files.pl.
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Liu Wei <weix.c.liu@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Upgrade openssl to 1.1.1g. the directory have been reorganized,
openssl moved crypto/include/internal to include/crypto folder.
So we change directory to match the re-organization.
The dso_conf.h and opensslconf.h will generated in UNIX format,
change process_files.pl to covent the EOL automatically.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
Convert file ending of the crypto created openssl config file -
opensslconf.h from '\n' to '\r\n' to make align the line ending and
pass the patch check.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
This patch is create by adding the setting "no_des" of
process_files.pl and running it thru perl.
It would remove the TDES from OpensslLib.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
This patch is create by adding the setting "no_rc4" of
process_files.pl and running it thru perl.
It would remove the ARC4 from OpensslLib.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
This patch is create by adding the setting "no_md4" of
process_files.pl and running it thru perl.
It would remove the MD4 from OpensslLib.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
This is enabling a future EVP implementation to utilize the
EVP_get_digestbyname() function.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Christopher J Zurcher <christopher.j.zurcher@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1926
This problem was found by Rebecca Cran <rebecca@bluestop.org>.
REF: https://edk2.groups.io/g/devel/topic/32100684
OpenSSL will automatically load a system config file which configures
default ssl options. In UEFI, It will cause TlsInitialize failed
without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature,
So disable it.
Re-run process_files.py to generate OpensslLib[Crypto].inf files.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Rebecca Cran <rebecca@bluestop.org>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Re-run process_files.py to generate OpensslLib[Crypto].inf.
CryptoPkg/Library/Include/openssl/opensslconf.h is coped from OpenSSL,
So keep the CR/LF style like OpenSSL source file.
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089
* Update OpenSSL submodule to OpenSSL_1_1_1b
OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687)
* Run process_files.pl script to regenerate OpensslLib[Crypto].inf
and opensslconf.h
* Remove -DNO_SYSLOG from OPENSSL_FLAGS in OpensslLib[Crypto].inf,
due to upstream OpenSSL commit cff55b90e95e("Cleaning UEFI
Build with additional OPENSSL_SYS_UEFI flags", 2017-03-29),
which was first released as part of OpenSSL_1_1_1.
* Starting with OpenSSL commit 8a8d9e1905(first release in
OpenSSL_1_1_1), the OpenSSL_version() function can no longer
return a pointer to the string literal "compiler: information
not available", in the case CFLAGS macro is not defined.
Instead, the function now has a hard dependency on the global
variable 'compiler_flags'. This variable is normally placed
by "util/mkbuildinf.pl" into "buildinf.h". In edk2 we don't
run that script whenever we build OpenSSL, therefore we
must provide our own dummy 'compiler_flags'.
* BUFSIZ is used by crypto/evp/evp_key.c(OpenSSL_1_1_1b)
And it is declared in stdio.h. So add it to CrtLibSupport.h.
Here's a discussion about this.
Ref: https://github.com/openssl/openssl/issues/8904
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1393
BZ#1089 (https://bugzilla.tianocore.org/show_bug.cgi?id=1089) requests
to upgrade the OpenSSL to the latest 1.1.1 release. Since OpenSSL-1.1.1
has many changes, more porting efforts and feature evaluation are needed.
This might lead to a situation that it cannot catch the Q1'19 stable tag.
One of the solution is upgrade current version (1.1.0h) to 1.1.0j.
According to following web page in openssl.org, all security issues
solved in 1.1.1 have been also back-ported to 1.1.0.j. This can make
sure that no security vulnerabilities left in edk2 master before 1.1.1.
https://www.openssl.org/news/vulnerabilities-1.1.1.html
Cc: Ting Ye <ting.ye@intel.com>
Cc: Gang Wei <gang.wei@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Gang Wei <gang.wei@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Moving the header files for openssl and CRT wrappers to the private
include section, since these files should be referenced by CryptoPkg
internally. This update was supported by new [Includes.Common.Private]
setting in Package DEC file.
The external consumer modules should only use the interfaces defined
in BaseCryptLib.h to access crypto functions. This change will be
helpful to immediately detect any illegal direct reference to internal
openssl headers.
The Perl script "process_files.pl" was also updated to reflect the new
private include path.
Cc: Gao Liming <liming.gao@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Christopher Zurcher
Liu Wei
Guomin Jiang
Zhichao Gao
Zurcher, Christopher J
Xiaoyu Lu
Jian J Wang
Long Qin