From: Long, Qin Date: Tue, 8 Jul 2014 03:03:24 +0000 (+0000) Subject: Update OpenSSL from 0.9.8w to the latest 0.9.8za. X-Git-Tag: edk2-stable201903~11355 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=a6908c99aa48551616c25cf594862d3629ce91c0 Update OpenSSL from 0.9.8w to the latest 0.9.8za. Main changes include: 1. Update the patch file for 0.9.8za; 2. Update the install scripts to align the path for 0.9.8za; 3. OpensslLib.inf : Update the OPENSSL_PATH for 0.9.8za; enable more OPENSLL FLAGS to disable those un-used algorithms for better build performance and size; 4. Update the HOWTO file to align new OpenSSL version. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long, Qin Reviewed-by: Ye, Ting Reviewed-by: Fu, Siyuan Reviewed-by: Dong, Guo git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15638 6f19259b-4bc3-4df7-8a09-765794883524 --- diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch deleted file mode 100644 index c5f646ee96..0000000000 --- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch +++ /dev/null @@ -1,281 +0,0 @@ -Index: crypto/bio/bss_file.c -=================================================================== ---- crypto/bio/bss_file.c (revision 1) -+++ crypto/bio/bss_file.c (working copy) -@@ -428,6 +428,23 @@ - return(ret); - } - -+#else -+ -+BIO_METHOD *BIO_s_file(void) -+ { -+ return NULL; -+ } -+ -+BIO *BIO_new_file(const char *filename, const char *mode) -+ { -+ return NULL; -+ } -+ -+BIO *BIO_new_fp(FILE *stream, int close_flag) -+ { -+ return NULL; -+ } -+ - #endif /* OPENSSL_NO_STDIO */ - - #endif /* HEADER_BSS_FILE_C */ -Index: crypto/crypto.h -=================================================================== ---- crypto/crypto.h (revision 1) -+++ crypto/crypto.h (working copy) -@@ -235,15 +235,15 @@ - #ifndef OPENSSL_NO_LOCKING - #ifndef CRYPTO_w_lock - #define CRYPTO_w_lock(type) \ -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) - #define CRYPTO_w_unlock(type) \ -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) - #define CRYPTO_r_lock(type) \ -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) - #define CRYPTO_r_unlock(type) \ -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) - #define CRYPTO_add(addr,amount,type) \ -- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) -+ CRYPTO_add_lock(addr,amount,type,NULL,0) - #endif - #else - #define CRYPTO_w_lock(a) -@@ -361,19 +361,19 @@ - #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) - #define is_MemCheck_on() CRYPTO_is_mem_check_on() - --#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) --#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) -+#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) -+#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) - #define OPENSSL_realloc(addr,num) \ -- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) -+ CRYPTO_realloc((char *)addr,(int)num,NULL,0) - #define OPENSSL_realloc_clean(addr,old_num,num) \ -- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) -+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0) - #define OPENSSL_remalloc(addr,num) \ -- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) -+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0) - #define OPENSSL_freeFunc CRYPTO_free - #define OPENSSL_free(addr) CRYPTO_free(addr) - - #define OPENSSL_malloc_locked(num) \ -- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) -+ CRYPTO_malloc_locked((int)num,NULL,0) - #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) - - -@@ -487,7 +487,7 @@ - long CRYPTO_get_mem_debug_options(void); - - #define CRYPTO_push_info(info) \ -- CRYPTO_push_info_(info, __FILE__, __LINE__); -+ CRYPTO_push_info_(info, NULL, 0); - int CRYPTO_push_info_(const char *info, const char *file, int line); - int CRYPTO_pop_info(void); - int CRYPTO_remove_all_info(void); -@@ -528,17 +528,17 @@ - - /* die if we have to */ - void OpenSSLDie(const char *file,int line,const char *assertion); --#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) -+#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1)) - - unsigned long *OPENSSL_ia32cap_loc(void); - #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) - int OPENSSL_isservice(void); - - #ifdef OPENSSL_FIPS --#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ -+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \ - alg " previous FIPS forbidden algorithm error ignored"); - --#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ -+#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \ - #alg " Algorithm forbidden in FIPS mode"); - - #ifdef OPENSSL_FIPS_STRICT -Index: crypto/err/err.c -=================================================================== ---- crypto/err/err.c (revision 1) -+++ crypto/err/err.c (working copy) -@@ -313,7 +313,12 @@ - es->err_data_flags[i]=flags; - } - -+/* Add EFIAPI for UEFI version. */ -+#if defined(OPENSSL_SYS_UEFI) -+void EFIAPI ERR_add_error_data(int num, ...) -+#else - void ERR_add_error_data(int num, ...) -+#endif - { - va_list args; - int i,n,s; -Index: crypto/err/err.h -=================================================================== ---- crypto/err/err.h (revision 1) -+++ crypto/err/err.h (working copy) -@@ -286,8 +286,14 @@ - #endif - #ifndef OPENSSL_NO_BIO - void ERR_print_errors(BIO *bp); -+ -+/* Add EFIAPI for UEFI version. */ -+#if defined(OPENSSL_SYS_UEFI) -+void EFIAPI ERR_add_error_data(int num, ...); -+#else - void ERR_add_error_data(int num, ...); - #endif -+#endif - void ERR_load_strings(int lib,ERR_STRING_DATA str[]); - void ERR_unload_strings(int lib,ERR_STRING_DATA str[]); - void ERR_load_ERR_strings(void); -Index: crypto/opensslconf.h -=================================================================== ---- crypto/opensslconf.h (revision 1) -+++ crypto/opensslconf.h (working copy) -@@ -162,6 +162,9 @@ - /* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ -+ -+/* Bypass following definition for UEFI version. */ -+#if !defined(OPENSSL_SYS_UEFI) - #undef SIXTY_FOUR_BIT_LONG - #undef SIXTY_FOUR_BIT - #define THIRTY_TWO_BIT -@@ -169,6 +172,8 @@ - #undef EIGHT_BIT - #endif - -+#endif -+ - #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) - #define CONFIG_HEADER_RC4_LOCL_H - /* if this is defined data[i] is used instead of *data, this is a %20 -Index: crypto/pkcs7/pk7_smime.c -=================================================================== ---- crypto/pkcs7/pk7_smime.c (revision 1) -+++ crypto/pkcs7/pk7_smime.c (working copy) -@@ -88,7 +88,10 @@ - if (!PKCS7_content_new(p7, NID_pkcs7_data)) - goto err; - -- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) { -+ /* -+ NOTE: Update to SHA-256 digest algorithm for UEFI version. -+ */ -+ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) { - PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); - goto err; - } -@@ -173,7 +176,8 @@ - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; - PKCS7_SIGNER_INFO *si; - X509_STORE_CTX cert_ctx; -- char buf[4096]; -+ char *buf = NULL; -+ int bufsiz; - int i, j=0, k, ret = 0; - BIO *p7bio; - BIO *tmpin, *tmpout; -@@ -284,10 +288,16 @@ - BIO_set_mem_eof_return(tmpout, 0); - } else tmpout = out; - -+ bufsiz = 4096; -+ buf = OPENSSL_malloc (bufsiz); -+ if (buf == NULL) { -+ goto err; -+ } -+ - /* We now have to 'read' from p7bio to calculate digests etc. */ - for (;;) - { -- i=BIO_read(p7bio,buf,sizeof(buf)); -+ i=BIO_read(p7bio,buf,bufsiz); - if (i <= 0) break; - if (tmpout) BIO_write(tmpout, buf, i); - } -@@ -326,6 +336,10 @@ - - sk_X509_free(signers); - -+ if (buf != NULL) { -+ OPENSSL_free (buf); -+ } -+ - return ret; - } - -Index: crypto/rand/rand_egd.c -=================================================================== ---- crypto/rand/rand_egd.c (revision 1) -+++ crypto/rand/rand_egd.c (working copy) -@@ -95,7 +95,7 @@ - * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. - */ - --#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) -+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI) - int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) - { - return(-1); -Index: crypto/rand/rand_unix.c -=================================================================== ---- crypto/rand/rand_unix.c (revision 1) -+++ crypto/rand/rand_unix.c (working copy) -@@ -116,7 +116,7 @@ - #include - #include "rand_lcl.h" - --#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) -+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI)) - - #include - #include -@@ -322,7 +322,7 @@ - #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */ - - --#if defined(OPENSSL_SYS_VXWORKS) -+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) - int RAND_poll(void) - { - return 0; -Index: crypto/x509/x509_vfy.c -=================================================================== ---- crypto/x509/x509_vfy.c (revision 1) -+++ crypto/x509/x509_vfy.c (working copy) -@@ -899,6 +899,10 @@ - - static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) - { -+#if defined(OPENSSL_SYS_UEFI) -+ /* Bypass Certificate Time Checking for UEFI version. */ -+ return 1; -+#else - time_t *ptime; - int i; - -@@ -942,6 +946,7 @@ - } - - return 1; -+#endif - } - - static int internal_verify(X509_STORE_CTX *ctx) diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8za.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8za.patch new file mode 100644 index 0000000000..c5f646ee96 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8za.patch @@ -0,0 +1,281 @@ +Index: crypto/bio/bss_file.c +=================================================================== +--- crypto/bio/bss_file.c (revision 1) ++++ crypto/bio/bss_file.c (working copy) +@@ -428,6 +428,23 @@ + return(ret); + } + ++#else ++ ++BIO_METHOD *BIO_s_file(void) ++ { ++ return NULL; ++ } ++ ++BIO *BIO_new_file(const char *filename, const char *mode) ++ { ++ return NULL; ++ } ++ ++BIO *BIO_new_fp(FILE *stream, int close_flag) ++ { ++ return NULL; ++ } ++ + #endif /* OPENSSL_NO_STDIO */ + + #endif /* HEADER_BSS_FILE_C */ +Index: crypto/crypto.h +=================================================================== +--- crypto/crypto.h (revision 1) ++++ crypto/crypto.h (working copy) +@@ -235,15 +235,15 @@ + #ifndef OPENSSL_NO_LOCKING + #ifndef CRYPTO_w_lock + #define CRYPTO_w_lock(type) \ +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) + #define CRYPTO_w_unlock(type) \ +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) + #define CRYPTO_r_lock(type) \ +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) + #define CRYPTO_r_unlock(type) \ +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) + #define CRYPTO_add(addr,amount,type) \ +- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) ++ CRYPTO_add_lock(addr,amount,type,NULL,0) + #endif + #else + #define CRYPTO_w_lock(a) +@@ -361,19 +361,19 @@ + #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) + #define is_MemCheck_on() CRYPTO_is_mem_check_on() + +-#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) +-#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) ++#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) ++#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) + #define OPENSSL_realloc(addr,num) \ +- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) ++ CRYPTO_realloc((char *)addr,(int)num,NULL,0) + #define OPENSSL_realloc_clean(addr,old_num,num) \ +- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) ++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0) + #define OPENSSL_remalloc(addr,num) \ +- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) ++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0) + #define OPENSSL_freeFunc CRYPTO_free + #define OPENSSL_free(addr) CRYPTO_free(addr) + + #define OPENSSL_malloc_locked(num) \ +- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) ++ CRYPTO_malloc_locked((int)num,NULL,0) + #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) + + +@@ -487,7 +487,7 @@ + long CRYPTO_get_mem_debug_options(void); + + #define CRYPTO_push_info(info) \ +- CRYPTO_push_info_(info, __FILE__, __LINE__); ++ CRYPTO_push_info_(info, NULL, 0); + int CRYPTO_push_info_(const char *info, const char *file, int line); + int CRYPTO_pop_info(void); + int CRYPTO_remove_all_info(void); +@@ -528,17 +528,17 @@ + + /* die if we have to */ + void OpenSSLDie(const char *file,int line,const char *assertion); +-#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) ++#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1)) + + unsigned long *OPENSSL_ia32cap_loc(void); + #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) + int OPENSSL_isservice(void); + + #ifdef OPENSSL_FIPS +-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ ++#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \ + alg " previous FIPS forbidden algorithm error ignored"); + +-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ ++#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \ + #alg " Algorithm forbidden in FIPS mode"); + + #ifdef OPENSSL_FIPS_STRICT +Index: crypto/err/err.c +=================================================================== +--- crypto/err/err.c (revision 1) ++++ crypto/err/err.c (working copy) +@@ -313,7 +313,12 @@ + es->err_data_flags[i]=flags; + } + ++/* Add EFIAPI for UEFI version. */ ++#if defined(OPENSSL_SYS_UEFI) ++void EFIAPI ERR_add_error_data(int num, ...) ++#else + void ERR_add_error_data(int num, ...) ++#endif + { + va_list args; + int i,n,s; +Index: crypto/err/err.h +=================================================================== +--- crypto/err/err.h (revision 1) ++++ crypto/err/err.h (working copy) +@@ -286,8 +286,14 @@ + #endif + #ifndef OPENSSL_NO_BIO + void ERR_print_errors(BIO *bp); ++ ++/* Add EFIAPI for UEFI version. */ ++#if defined(OPENSSL_SYS_UEFI) ++void EFIAPI ERR_add_error_data(int num, ...); ++#else + void ERR_add_error_data(int num, ...); + #endif ++#endif + void ERR_load_strings(int lib,ERR_STRING_DATA str[]); + void ERR_unload_strings(int lib,ERR_STRING_DATA str[]); + void ERR_load_ERR_strings(void); +Index: crypto/opensslconf.h +=================================================================== +--- crypto/opensslconf.h (revision 1) ++++ crypto/opensslconf.h (working copy) +@@ -162,6 +162,9 @@ + /* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ ++ ++/* Bypass following definition for UEFI version. */ ++#if !defined(OPENSSL_SYS_UEFI) + #undef SIXTY_FOUR_BIT_LONG + #undef SIXTY_FOUR_BIT + #define THIRTY_TWO_BIT +@@ -169,6 +172,8 @@ + #undef EIGHT_BIT + #endif + ++#endif ++ + #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) + #define CONFIG_HEADER_RC4_LOCL_H + /* if this is defined data[i] is used instead of *data, this is a %20 +Index: crypto/pkcs7/pk7_smime.c +=================================================================== +--- crypto/pkcs7/pk7_smime.c (revision 1) ++++ crypto/pkcs7/pk7_smime.c (working copy) +@@ -88,7 +88,10 @@ + if (!PKCS7_content_new(p7, NID_pkcs7_data)) + goto err; + +- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) { ++ /* ++ NOTE: Update to SHA-256 digest algorithm for UEFI version. ++ */ ++ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + goto err; + } +@@ -173,7 +176,8 @@ + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + PKCS7_SIGNER_INFO *si; + X509_STORE_CTX cert_ctx; +- char buf[4096]; ++ char *buf = NULL; ++ int bufsiz; + int i, j=0, k, ret = 0; + BIO *p7bio; + BIO *tmpin, *tmpout; +@@ -284,10 +288,16 @@ + BIO_set_mem_eof_return(tmpout, 0); + } else tmpout = out; + ++ bufsiz = 4096; ++ buf = OPENSSL_malloc (bufsiz); ++ if (buf == NULL) { ++ goto err; ++ } ++ + /* We now have to 'read' from p7bio to calculate digests etc. */ + for (;;) + { +- i=BIO_read(p7bio,buf,sizeof(buf)); ++ i=BIO_read(p7bio,buf,bufsiz); + if (i <= 0) break; + if (tmpout) BIO_write(tmpout, buf, i); + } +@@ -326,6 +336,10 @@ + + sk_X509_free(signers); + ++ if (buf != NULL) { ++ OPENSSL_free (buf); ++ } ++ + return ret; + } + +Index: crypto/rand/rand_egd.c +=================================================================== +--- crypto/rand/rand_egd.c (revision 1) ++++ crypto/rand/rand_egd.c (working copy) +@@ -95,7 +95,7 @@ + * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. + */ + +-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) ++#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI) + int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) + { + return(-1); +Index: crypto/rand/rand_unix.c +=================================================================== +--- crypto/rand/rand_unix.c (revision 1) ++++ crypto/rand/rand_unix.c (working copy) +@@ -116,7 +116,7 @@ + #include + #include "rand_lcl.h" + +-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) ++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI)) + + #include + #include +@@ -322,7 +322,7 @@ + #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */ + + +-#if defined(OPENSSL_SYS_VXWORKS) ++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) + int RAND_poll(void) + { + return 0; +Index: crypto/x509/x509_vfy.c +=================================================================== +--- crypto/x509/x509_vfy.c (revision 1) ++++ crypto/x509/x509_vfy.c (working copy) +@@ -899,6 +899,10 @@ + + static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) + { ++#if defined(OPENSSL_SYS_UEFI) ++ /* Bypass Certificate Time Checking for UEFI version. */ ++ return 1; ++#else + time_t *ptime; + int i; + +@@ -942,6 +946,7 @@ + } + + return 1; ++#endif + } + + static int internal_verify(X509_STORE_CTX *ctx) diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd b/CryptoPkg/Library/OpensslLib/Install.cmd index a2a88e44e5..2889467ac9 100755 --- a/CryptoPkg/Library/OpensslLib/Install.cmd +++ b/CryptoPkg/Library/OpensslLib/Install.cmd @@ -1,4 +1,4 @@ -cd openssl-0.9.8w +cd openssl-0.9.8za copy e_os2.h ..\..\..\Include\openssl copy crypto\crypto.h ..\..\..\Include\openssl copy crypto\tmdiff.h ..\..\..\Include\openssl @@ -68,4 +68,4 @@ copy ssl\ssl23.h ..\..\..\Include\openssl copy ssl\tls1.h ..\..\..\Include\openssl copy ssl\dtls1.h ..\..\..\Include\openssl copy ssl\kssl.h ..\..\..\Include\openssl -cd .. \ No newline at end of file +cd .. diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh index 22183615a4..f004362b33 100755 --- a/CryptoPkg/Library/OpensslLib/Install.sh +++ b/CryptoPkg/Library/OpensslLib/Install.sh @@ -1,6 +1,6 @@ #!/bin/sh -cd openssl-0.9.8w +cd openssl-0.9.8za cp e_os2.h ../../../Include/openssl cp crypto/crypto.h ../../../Include/openssl cp crypto/tmdiff.h ../../../Include/openssl diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index ded563c3b4..1d28ae7f6a 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -1,7 +1,7 @@ ## @file # OpenSSL Library implementation. # -# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -19,9 +19,9 @@ MODULE_TYPE = BASE VERSION_STRING = 1.0 LIBRARY_CLASS = OpensslLib - DEFINE OPENSSL_PATH = openssl-0.9.8w + DEFINE OPENSSL_PATH = openssl-0.9.8za DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM - DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED + DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ENGINE # # OPENSSL_FLAGS is set to define the following flags to be compatible with @@ -77,8 +77,12 @@ $(OPENSSL_PATH)/crypto/o_dir.c $(OPENSSL_PATH)/crypto/o_init.c $(OPENSSL_PATH)/crypto/fips_err.c - $(OPENSSL_PATH)/crypto/md2/md2_dgst.c - $(OPENSSL_PATH)/crypto/md2/md2_one.c + + # + # DIsabled by OPENSSL_NO_MD2 + # + # $(OPENSSL_PATH)/crypto/md2/md2_dgst.c + # $(OPENSSL_PATH)/crypto/md2/md2_one.c $(OPENSSL_PATH)/crypto/md4/md4_dgst.c $(OPENSSL_PATH)/crypto/md4/md4_one.c $(OPENSSL_PATH)/crypto/md5/md5_dgst.c @@ -90,8 +94,13 @@ $(OPENSSL_PATH)/crypto/sha/sha256.c $(OPENSSL_PATH)/crypto/sha/sha512.c $(OPENSSL_PATH)/crypto/hmac/hmac.c - $(OPENSSL_PATH)/crypto/ripemd/rmd_dgst.c - $(OPENSSL_PATH)/crypto/ripemd/rmd_one.c + + # + # Disabled by OPENSSL_NO_RIPEMD + # + # $(OPENSSL_PATH)/crypto/ripemd/rmd_dgst.c + # $(OPENSSL_PATH)/crypto/ripemd/rmd_one.c + $(OPENSSL_PATH)/crypto/des/des_lib.c $(OPENSSL_PATH)/crypto/des/set_key.c $(OPENSSL_PATH)/crypto/des/ecb_enc.c @@ -119,29 +128,45 @@ $(OPENSSL_PATH)/crypto/des/des_old.c $(OPENSSL_PATH)/crypto/des/des_old2.c $(OPENSSL_PATH)/crypto/des/read2pwd.c - $(OPENSSL_PATH)/crypto/rc2/rc2_ecb.c - $(OPENSSL_PATH)/crypto/rc2/rc2_skey.c - $(OPENSSL_PATH)/crypto/rc2/rc2_cbc.c - $(OPENSSL_PATH)/crypto/rc2/rc2cfb64.c - $(OPENSSL_PATH)/crypto/rc2/rc2ofb64.c + + # + # Disabled by OPENSSL_NO_RC2 + # + # $(OPENSSL_PATH)/crypto/rc2/rc2_ecb.c + # $(OPENSSL_PATH)/crypto/rc2/rc2_skey.c + # $(OPENSSL_PATH)/crypto/rc2/rc2_cbc.c + # $(OPENSSL_PATH)/crypto/rc2/rc2cfb64.c + # $(OPENSSL_PATH)/crypto/rc2/rc2ofb64.c + $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c $(OPENSSL_PATH)/crypto/rc4/rc4_fblk.c - $(OPENSSL_PATH)/crypto/idea/i_cbc.c - $(OPENSSL_PATH)/crypto/idea/i_cfb64.c - $(OPENSSL_PATH)/crypto/idea/i_ofb64.c - $(OPENSSL_PATH)/crypto/idea/i_ecb.c - $(OPENSSL_PATH)/crypto/idea/i_skey.c - $(OPENSSL_PATH)/crypto/bf/bf_skey.c - $(OPENSSL_PATH)/crypto/bf/bf_ecb.c - $(OPENSSL_PATH)/crypto/bf/bf_enc.c - $(OPENSSL_PATH)/crypto/bf/bf_cfb64.c - $(OPENSSL_PATH)/crypto/bf/bf_ofb64.c - $(OPENSSL_PATH)/crypto/cast/c_skey.c - $(OPENSSL_PATH)/crypto/cast/c_ecb.c - $(OPENSSL_PATH)/crypto/cast/c_enc.c - $(OPENSSL_PATH)/crypto/cast/c_cfb64.c - $(OPENSSL_PATH)/crypto/cast/c_ofb64.c + + # + # Disabled by OPENSSL_NO_IDEA + # + # $(OPENSSL_PATH)/crypto/idea/i_cbc.c + # $(OPENSSL_PATH)/crypto/idea/i_cfb64.c + # $(OPENSSL_PATH)/crypto/idea/i_ofb64.c + # $(OPENSSL_PATH)/crypto/idea/i_ecb.c + # $(OPENSSL_PATH)/crypto/idea/i_skey.c + # + # Disabled by OPENSSL_NO_BF + # + # $(OPENSSL_PATH)/crypto/bf/bf_skey.c + # $(OPENSSL_PATH)/crypto/bf/bf_ecb.c + # $(OPENSSL_PATH)/crypto/bf/bf_enc.c + # $(OPENSSL_PATH)/crypto/bf/bf_cfb64.c + # $(OPENSSL_PATH)/crypto/bf/bf_ofb64.c + # + # Disabled by OPENSSL_NO_CAST + # + # $(OPENSSL_PATH)/crypto/cast/c_skey.c + # $(OPENSSL_PATH)/crypto/cast/c_ecb.c + # $(OPENSSL_PATH)/crypto/cast/c_enc.c + # $(OPENSSL_PATH)/crypto/cast/c_cfb64.c + # $(OPENSSL_PATH)/crypto/cast/c_ofb64.c + $(OPENSSL_PATH)/crypto/aes/aes_misc.c $(OPENSSL_PATH)/crypto/aes/aes_ecb.c $(OPENSSL_PATH)/crypto/aes/aes_cfb.c @@ -198,16 +223,21 @@ $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c $(OPENSSL_PATH)/crypto/rsa/rsa_eng.c - $(OPENSSL_PATH)/crypto/dsa/dsa_gen.c - $(OPENSSL_PATH)/crypto/dsa/dsa_key.c - $(OPENSSL_PATH)/crypto/dsa/dsa_lib.c - $(OPENSSL_PATH)/crypto/dsa/dsa_asn1.c - $(OPENSSL_PATH)/crypto/dsa/dsa_vrf.c - $(OPENSSL_PATH)/crypto/dsa/dsa_sign.c - $(OPENSSL_PATH)/crypto/dsa/dsa_err.c - $(OPENSSL_PATH)/crypto/dsa/dsa_ossl.c - $(OPENSSL_PATH)/crypto/dsa/dsa_depr.c - $(OPENSSL_PATH)/crypto/dsa/dsa_utl.c + + # + # Disabled by OPENSSL_NO_DSA + # + # $(OPENSSL_PATH)/crypto/dsa/dsa_gen.c + # $(OPENSSL_PATH)/crypto/dsa/dsa_key.c + # $(OPENSSL_PATH)/crypto/dsa/dsa_lib.c + # $(OPENSSL_PATH)/crypto/dsa/dsa_asn1.c + # $(OPENSSL_PATH)/crypto/dsa/dsa_vrf.c + # $(OPENSSL_PATH)/crypto/dsa/dsa_sign.c + # $(OPENSSL_PATH)/crypto/dsa/dsa_err.c + # $(OPENSSL_PATH)/crypto/dsa/dsa_ossl.c + # $(OPENSSL_PATH)/crypto/dsa/dsa_depr.c + # $(OPENSSL_PATH)/crypto/dsa/dsa_utl.c + $(OPENSSL_PATH)/crypto/dso/dso_dl.c $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c $(OPENSSL_PATH)/crypto/dso/dso_err.c @@ -223,30 +253,41 @@ $(OPENSSL_PATH)/crypto/dh/dh_check.c $(OPENSSL_PATH)/crypto/dh/dh_err.c $(OPENSSL_PATH)/crypto/dh/dh_depr.c - $(OPENSSL_PATH)/crypto/ec/ec_lib.c - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c - $(OPENSSL_PATH)/crypto/ec/ec_mult.c - $(OPENSSL_PATH)/crypto/ec/ec_err.c - $(OPENSSL_PATH)/crypto/ec/ec_curve.c - $(OPENSSL_PATH)/crypto/ec/ec_check.c - $(OPENSSL_PATH)/crypto/ec/ec_print.c - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c - $(OPENSSL_PATH)/crypto/ec/ec_key.c - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c - $(OPENSSL_PATH)/crypto/ec/ec2_mult.c - $(OPENSSL_PATH)/crypto/ecdh/ech_lib.c - $(OPENSSL_PATH)/crypto/ecdh/ech_ossl.c - $(OPENSSL_PATH)/crypto/ecdh/ech_key.c - $(OPENSSL_PATH)/crypto/ecdh/ech_err.c - $(OPENSSL_PATH)/crypto/ecdsa/ecs_lib.c - $(OPENSSL_PATH)/crypto/ecdsa/ecs_asn1.c - $(OPENSSL_PATH)/crypto/ecdsa/ecs_ossl.c - $(OPENSSL_PATH)/crypto/ecdsa/ecs_sign.c - $(OPENSSL_PATH)/crypto/ecdsa/ecs_vrf.c - $(OPENSSL_PATH)/crypto/ecdsa/ecs_err.c + + # + # Disabled by OPENSSL_NO_EC + # + # $(OPENSSL_PATH)/crypto/ec/ec_lib.c + # $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c + # $(OPENSSL_PATH)/crypto/ec/ecp_mont.c + # $(OPENSSL_PATH)/crypto/ec/ecp_nist.c + # $(OPENSSL_PATH)/crypto/ec/ec_cvt.c + # $(OPENSSL_PATH)/crypto/ec/ec_mult.c + # $(OPENSSL_PATH)/crypto/ec/ec_err.c + # $(OPENSSL_PATH)/crypto/ec/ec_curve.c + # $(OPENSSL_PATH)/crypto/ec/ec_check.c + # $(OPENSSL_PATH)/crypto/ec/ec_print.c + # $(OPENSSL_PATH)/crypto/ec/ec_asn1.c + # $(OPENSSL_PATH)/crypto/ec/ec_key.c + # $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c + # $(OPENSSL_PATH)/crypto/ec/ec2_mult.c + # + # Disabled by OPENSSL_NO_ECDH + # + # $(OPENSSL_PATH)/crypto/ecdh/ech_lib.c + # $(OPENSSL_PATH)/crypto/ecdh/ech_ossl.c + # $(OPENSSL_PATH)/crypto/ecdh/ech_key.c + # $(OPENSSL_PATH)/crypto/ecdh/ech_err.c + # + # Disabled by OPENSSL_NO_ECDSA + # + # $(OPENSSL_PATH)/crypto/ecdsa/ecs_lib.c + # $(OPENSSL_PATH)/crypto/ecdsa/ecs_asn1.c + # $(OPENSSL_PATH)/crypto/ecdsa/ecs_ossl.c + # $(OPENSSL_PATH)/crypto/ecdsa/ecs_sign.c + # $(OPENSSL_PATH)/crypto/ecdsa/ecs_vrf.c + # $(OPENSSL_PATH)/crypto/ecdsa/ecs_err.c + $(OPENSSL_PATH)/crypto/buffer/buffer.c $(OPENSSL_PATH)/crypto/buffer/buf_str.c $(OPENSSL_PATH)/crypto/buffer/buf_err.c @@ -523,38 +564,47 @@ $(OPENSSL_PATH)/crypto/comp/comp_err.c $(OPENSSL_PATH)/crypto/comp/c_rle.c $(OPENSSL_PATH)/crypto/comp/c_zlib.c - $(OPENSSL_PATH)/crypto/engine/eng_err.c - $(OPENSSL_PATH)/crypto/engine/eng_lib.c - $(OPENSSL_PATH)/crypto/engine/eng_list.c - $(OPENSSL_PATH)/crypto/engine/eng_init.c - $(OPENSSL_PATH)/crypto/engine/eng_ctrl.c - $(OPENSSL_PATH)/crypto/engine/eng_table.c - $(OPENSSL_PATH)/crypto/engine/eng_pkey.c - $(OPENSSL_PATH)/crypto/engine/eng_fat.c - $(OPENSSL_PATH)/crypto/engine/eng_all.c - $(OPENSSL_PATH)/crypto/engine/tb_rsa.c - $(OPENSSL_PATH)/crypto/engine/tb_dsa.c - $(OPENSSL_PATH)/crypto/engine/tb_ecdsa.c - $(OPENSSL_PATH)/crypto/engine/tb_dh.c - $(OPENSSL_PATH)/crypto/engine/tb_ecdh.c - $(OPENSSL_PATH)/crypto/engine/tb_rand.c - $(OPENSSL_PATH)/crypto/engine/tb_store.c - $(OPENSSL_PATH)/crypto/engine/tb_cipher.c - $(OPENSSL_PATH)/crypto/engine/tb_digest.c - $(OPENSSL_PATH)/crypto/engine/eng_openssl.c - $(OPENSSL_PATH)/crypto/engine/eng_cnf.c - $(OPENSSL_PATH)/crypto/engine/eng_dyn.c - $(OPENSSL_PATH)/crypto/engine/eng_cryptodev.c - $(OPENSSL_PATH)/crypto/engine/eng_padlock.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c - $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c + + # + # Disabled by OPENSSL_NO_ENGINE + # + # $(OPENSSL_PATH)/crypto/engine/eng_err.c + # $(OPENSSL_PATH)/crypto/engine/eng_lib.c + # $(OPENSSL_PATH)/crypto/engine/eng_list.c + # $(OPENSSL_PATH)/crypto/engine/eng_init.c + # $(OPENSSL_PATH)/crypto/engine/eng_ctrl.c + # $(OPENSSL_PATH)/crypto/engine/eng_table.c + # $(OPENSSL_PATH)/crypto/engine/eng_pkey.c + # $(OPENSSL_PATH)/crypto/engine/eng_fat.c + # $(OPENSSL_PATH)/crypto/engine/eng_all.c + # $(OPENSSL_PATH)/crypto/engine/tb_rsa.c + # $(OPENSSL_PATH)/crypto/engine/tb_dsa.c + # $(OPENSSL_PATH)/crypto/engine/tb_ecdsa.c + # $(OPENSSL_PATH)/crypto/engine/tb_dh.c + # $(OPENSSL_PATH)/crypto/engine/tb_ecdh.c + # $(OPENSSL_PATH)/crypto/engine/tb_rand.c + # $(OPENSSL_PATH)/crypto/engine/tb_store.c + # $(OPENSSL_PATH)/crypto/engine/tb_cipher.c + # $(OPENSSL_PATH)/crypto/engine/tb_digest.c + # $(OPENSSL_PATH)/crypto/engine/eng_openssl.c + # $(OPENSSL_PATH)/crypto/engine/eng_cnf.c + # $(OPENSSL_PATH)/crypto/engine/eng_dyn.c + # $(OPENSSL_PATH)/crypto/engine/eng_cryptodev.c + # $(OPENSSL_PATH)/crypto/engine/eng_padlock.c + + # + # Disabled by OPENSSL_NO_OCSP + # + # $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c + # $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c + # $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c + # $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c + # $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c + # $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c + # $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c + # $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c + # $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c + $(OPENSSL_PATH)/crypto/ui/ui_err.c $(OPENSSL_PATH)/crypto/ui/ui_lib.c diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt index 7641da8e4a..0d7c37f272 100644 --- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt +++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt @@ -17,36 +17,36 @@ cryptography. This patch will enable openssl building under UEFI environment. ================================================================================ OpenSSL-Version ================================================================================ - Current supported OpenSSL version for UEFI Crypto Library is 0.9.8w. - http://www.openssl.org/source/openssl-0.9.8w.tar.gz + Current supported OpenSSL version for UEFI Crypto Library is 0.9.8za. + http://www.openssl.org/source/openssl-0.9.8za.tar.gz ================================================================================ HOW to Install Openssl for UEFI Building ================================================================================ -1. Download OpenSSL 0.9.8w from official website: - http://www.openssl.org/source/openssl-0.9.8w.tar.gz +1. Download OpenSSL 0.9.8za from official website: + http://www.openssl.org/source/openssl-0.9.8za.tar.gz - NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8w.tar.tar. - When you do the download, rename the "openssl-0.9.8w.tar.tar" to - "openssl-0.9.8w.tar.gz" or rename the local downloaded file with ".tar.tar" + NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8za.tar.tar. + When you do the download, rename the "openssl-0.9.8za.tar.tar" to + "openssl-0.9.8za.tar.gz" or rename the local downloaded file with ".tar.tar" extension to ".tar.gz". -2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8w +2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8za NOTE: If you use WinZip to unpack the openssl source in Windows, please uncheck the WinZip smart CR/LF conversion option (WINZIP: Options --> Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion"). -3. Apply this patch: EDKII_openssl-0.9.8w.patch, and make installation +3. Apply this patch: EDKII_openssl-0.9.8za.patch, and make installation For Windows Environment: ------------------------ 1) Make sure the patch utility has been installed in your machine. Install Cygwin or get the patch utility binary from http://gnuwin32.sourceforge.net/packages/patch.htm - 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8w - 3) patch -p0 -i ..\EDKII_openssl-0.9.8w.patch + 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8za + 3) patch -p0 -i ..\EDKII_openssl-0.9.8za.patch 4) cd .. 5) Install.cmd @@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment. ----------------------- 1) Make sure the patch utility has been installed in your machine. Patch utility is available from http://directory.fsf.org/project/patch/ - 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8w - 3) patch -p0 -i ../EDKII_openssl-0.9.8w.patch + 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8za + 3) patch -p0 -i ../EDKII_openssl-0.9.8za.patch 4) cd .. 5) ./Install.sh