This is never set anymore, so unsetting it or testing whether it is unset
no longer makes any sense.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-By: Liming Gao <liming.gao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Set the #define NO_MSABI_VA_FUNCS that will be introduced in a subsequent
patch to avoid the use of the MS ABI in variadic functions. In EDK2, such
functions normally require the EFIAPI modifier to be used, but for external
libraries such as OpenSSL, which lack these annotations, it is easier to
simply revert to the default SysV style VA_LIST ABI.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-By: Liming Gao <liming.gao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
OpenSSL 1.0.2h was released with several severity fixes at
03-May-2016 (https://www.openssl.org/news/secadv/20160503.txt).
Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to
catch the latest release 1.0.2h.
Cc: Ting Ye <ting.ye@intel.com>
Cc: David Woodhouse <David.Woodhouse@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Getting openssl 1.0.2g building with ARM RVCT requires a change to
ignore an unset variable used before set was necessary.
(NOTE: This was fixed in OpenSSL 1.1 HEAD with commit
d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.)
corrects x509_vfy.c(875): error C3017: ok may be used before being set
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eugene Cohen <eugene@hp.com>
Reviewed-by: Qin Long <qin.long@intel.com>
OpenSSL 1.0.2g was released with several severity fixes at
01-Mar-2016(https://www.openssl.org/news/secadv/20160301.txt).
Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to
catch the latest release 1.0.2g.
(NOTE: RT4175 from David Woodhouse was included in 1.0.2g. The
new-generated patch will remove this part. And the line
endings were still kept as before in this version for
consistency)
CC: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
OpenSSL 1.1 (as well as our backport to 1.0.2) now allows us to run its
standard Configure script and import the result into the EDK II source
repository for others to build natively. The opensslconf.h file and the
list of files in OpensslLib.inf don't need to be managed manually.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Tested-by: Qin Long <qin.long@intel.com>
OpenSSL has released version 1.0.2f with two security fixes
(http://www.openssl.org/news/secadv/20160128.txt) at 28-Jan-2016.
Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib
to catch the latest release 1.0.2f.
(NOTE: The patch file was just re-generated, and no new source
changes was introduced for 1.0.2f enabling)
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
The RVCT compiler chokes on a couple of issues in upstream OpenSSL that
can be confirmed to be non-issues by inspection. So just ignore these
warnings entirely.
Also, move the dummy -J system include from CryptoPkg.dsc to the various
.INF files, since it will not be picked up when building the CryptoPkg
libraries from a platform .DSC
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19328 6f19259b-4bc3-4df7-8a09-765794883524
OpenSSL has released version 1.0.2e with security fixes.
Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib
from 1.0.2d to 1.0.2e.
(Note: This is based on Ard's previous patch with extra fix
https://rt.openssl.org/Ticket/Display.html?id=4175)
Contributed-under: TianoCore Contribution Agreement 1.0
Singed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19218 6f19259b-4bc3-4df7-8a09-765794883524
This comments out the pqueue and ts_* source files from the OpensslLib
build, since they have no users.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19147 6f19259b-4bc3-4df7-8a09-765794883524
UEFI on 32-bit ARM does not allow the use of hardware floating point,
so in order to be able to run OpenSslLib, we need to fulfil its
floating point arithmetic dependencies using a software library.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19033 6f19259b-4bc3-4df7-8a09-765794883524
Putting these on the command line as we do at the moment means that they
are *only* visible when actually building the OpenSSL code itself. When
building other things like BaseCryptLib, they were missing. Which could
lead to discrepancies in structures defined by the header files, between
the OpenSSL code and the EDK II code which calls it.
Move the definitions into opensslconf.h where they would normally live
in a standard build of OpenSSL.
Note: Do *not* set OPENSSL_NO_LHASH or OPENSSL_NO_OCSP since those weren't
effectively disabled before; the directories was still being included in
the build. If we actually disable then, the build breaks. We can hopefully
fix at least OCSP upstream later, but one thing at a time...
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18708 6f19259b-4bc3-4df7-8a09-765794883524
OpenSSL ought to work this out for itself when OPENSSL_SYS_UEFI is set.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18707 6f19259b-4bc3-4df7-8a09-765794883524
We were manually setting -DSIXTY_FOUR_BIT_LONG or -DTHIRTY_TWO_BIT on
the compiler command line when building OpensslLib itself, but not when
building BaseCryptLib.
But when building BaseCryptLib, we weren't setting OPENSSL_SYS_UEFI
*either*. This meant that *that* build was picking up the definition
from <openssl/opensslconf.h>, and was thus *different* to the version
the library was built with, in some cases.
So set OPENSSL_SYS_UEFI consistently in OpensslSupport.h and *also*
define either SIXTY_FOUR_BIT or THIRTY_TWO_BIT there too.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18706 6f19259b-4bc3-4df7-8a09-765794883524
Instead of patching OpenSSL to add EFIAPI to the one varargs function we
actually *noticed* breakage in, let's fix the problem in a more coherent
way by undefining NO_BUILTIN_VA_FUNCS.
That way, the VA_START and similar macros will actually do the right
thing for non-EFIAPI functions, which is to use the GCC builtins.
It's still fairly broken elsewhere in the tree, with the VA_START macro
being used from both EFIAPI and non-EFIAPI functions — and being broken
in the latter case. We probably ought to make EFIAPI a no-op everywhere
and add -mabi=ms to the GCC builds. But that's a project for another day.
For now, just fix the OpenSSL build in a cleaner fashion.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18705 6f19259b-4bc3-4df7-8a09-765794883524
Upstream OpenSSL version 1.0.2c contained a fatal flaw
[CVE-2015-1793] and is no longer available from the openssl.org
download servers. So upgrade to its replacement, version 1.0.2d.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17928 6f19259b-4bc3-4df7-8a09-765794883524
1. Usage information in INF file comment blocks are either incomplete or incorrect.
This includes usage information for Protocols/PPIs/GUIDs/PCDs/HOBs/Events/BootModes.
The syntax for usage information in comment blocks is defined in the EDK II Module Information (INF) Specification
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15954 6f19259b-4bc3-4df7-8a09-765794883524
Update RVCT compile options for the CryptoPkg to compile.
Add support for stack protector with BaseStackCheckLib to link.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Reviewed-By: Olivier Martin <olivier.martin@arm.com>
Reviewed-By: Long, Qin <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15911 6f19259b-4bc3-4df7-8a09-765794883524
This patch is to catch the latest OpenSSL release.
NOTE: The content of EDKII_openssl-0.9.8zb.patch is same with the old EDKII_openssl-0.9.8za.patch, and the extra changes
are only name / directory modifications.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long, Qin <qin.long@intel.com>
Reviewed-by: Ye, Ting <ting.ye@intel.com>
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15802 6f19259b-4bc3-4df7-8a09-765794883524
The changes are:
1. Add RVCT ARM build target
2. Add suppression of warnings to get openssl building (1295,550,1293,111,68,177,223,144,513,188)
3. Remove architectures that RVCT cannot build for (IA32, X64, and IPF)
4. Add the -DOPENSSL_NO_MD2 flag to prevent link errors from MD2 references; the comments in the .inf assumes that this flag exists but it wasn’t actually set
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eugene Cohen <eugene@hp.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15767 6f19259b-4bc3-4df7-8a09-765794883524
Main changes include:
1. Update the patch file for 0.9.8za;
2. Update the install scripts to align the path for 0.9.8za;
3. OpensslLib.inf : Update the OPENSSL_PATH for 0.9.8za; enable more OPENSLL FLAGS to disable those un-used algorithms for better build performance and size;
4. Update the HOWTO file to align new OpenSSL version.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long, Qin <qin.long@intel.com>
Reviewed-by: Ye, Ting <ting.ye@intel.com>
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15638 6f19259b-4bc3-4df7-8a09-765794883524
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Andrew Fish <afish@apple.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15560 6f19259b-4bc3-4df7-8a09-765794883524
2. Fix potential system hang issue in X509_STORE_CTX_cleanup.
3. Fix potential overflow when convert UINTN to INT.
4. Update Pkcs7Sign() to output stripped PKCS#7 SignedData.
5. Update Pkcs7Verify() to support both wrapped/stripped PKCS#7 SignedData.
Signed-off-by: tye
Reviewed-by: xdu2
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12593 6f19259b-4bc3-4df7-8a09-765794883524
2. Add new MD4 hash supports;
3. Add corresponding test case in Cryptest utility;
4. Fix MACRO definition issue in OpensslLib.inf and parameter checking issues in some wrapper implementations.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11214 6f19259b-4bc3-4df7-8a09-765794883524
Ard Biesheuvel
Qin Long
Eugene Cohen
Liming Gao
David Woodhouse
Dong, Guo
Ronald Cron
Andrew Fish
tye1
li-elvin
lgao4
lzeng14
qlong
vanjeff
hhtian