Discussion:
[edk2] [patch 0/3] *** Update OpenSSL support to 1.0.2a release ***
qlong
2015-06-10 02:21:20 UTC
Permalink
Update the EDKII crypto provider from openssl 0.9.8zf to 1.0.2a.
The OpenSSL Project announced that the support for version 0.9.8 will cease
on 31st December 2015. This patch updates the EDKII openssl support to the
latest 1.0.2 branch.
[V2]
Re-send the patch with few build issue fixes.

qlong (3):
[CryptoPkg] Remove the old patch file for openssl-0.9.8zf build, and
add the patch file for openssl-1.0.2a.
[CryptoPkg] Update INF file, installation scripts and HOWTO for
openssl-1.0.2a support.
[CryptoPkg] Updates some support header files and wrapper files to
support openssl-1.0.2a build, and correct some openssl API usages
when handling ASN.1 en/decoding.

CryptoPkg/Include/OpenSslSupport.h | 8 +-
.../Library/BaseCryptLib/Pk/CryptAuthenticode.c | 6 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c | 10 +-
.../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 13 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 12 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 8 +-
.../Library/OpensslLib/EDKII_openssl-0.9.8zf.patch | 279 ----------
.../Library/OpensslLib/EDKII_openssl-1.0.2a.patch | 358 ++++++++++++
CryptoPkg/Library/OpensslLib/Install.cmd | 146 ++---
CryptoPkg/Library/OpensslLib/Install.sh | 146 ++---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 620 ++++++++++++++-------
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 46 +-
12 files changed, 1002 insertions(+), 650 deletions(-)
delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
create mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
--
1.9.5.msysgit.1


------------------------------------------------------------------------------
qlong
2015-06-10 02:21:23 UTC
Permalink
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long, Qin <***@intel.com>
Signed-off-by: qlong <***@intel.com>
---
CryptoPkg/Include/OpenSslSupport.h | 8 +++++++-
CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c | 6 ++++--
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c | 10 +++++-----
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 13 +++++++------
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 12 ++++++++----
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 8 +++++---
6 files changed, 36 insertions(+), 21 deletions(-)

diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h
index ed889e9..b5a8b58 100644
--- a/CryptoPkg/Include/OpenSslSupport.h
+++ b/CryptoPkg/Include/OpenSslSupport.h
@@ -1,7 +1,7 @@
/** @file
Root include file to support building OpenSSL Crypto Library.

-Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -109,6 +109,11 @@ struct tm {
char *tm_zone; /* timezone abbreviation */
};

+struct timeval {
+ long tv_sec; /* time value, in seconds */
+ long tv_usec; /* time value, in microseconds */
+} timeval;
+
struct dirent {
UINT32 d_fileno; /* file number of entry */
UINT16 d_reclen; /* length of this record */
@@ -240,5 +245,6 @@ extern FILE *stdout;
#define assert(expression)
#define localtime(timer) NULL
#define gmtime_r(timer,result) (result = NULL)
+#define atoi(nptr) AsciiStrDecimalToUintn(nptr)

#endif
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
index 4ce2b06..9e93355 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
@@ -9,7 +9,7 @@
AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for
data structure.

-Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -72,6 +72,7 @@ AuthenticodeVerify (
{
BOOLEAN Status;
PKCS7 *Pkcs7;
+ CONST UINT8 *Temp;
CONST UINT8 *OrigAuthData;
UINT8 *SpcIndirectDataContent;
UINT8 Asn1Byte;
@@ -96,7 +97,8 @@ AuthenticodeVerify (
//
// Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode Signature
//
- Pkcs7 = d2i_PKCS7 (NULL, &AuthData, (int)DataSize);
+ Temp = AuthData;
+ Pkcs7 = d2i_PKCS7 (NULL, &Temp, (int)DataSize);
if (Pkcs7 == NULL) {
goto _Exit;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
index 63fe78f..704eb4e 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
@@ -1,7 +1,7 @@
/** @file
PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.

-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -116,9 +116,9 @@ Pkcs7Sign (
if (Key == NULL) {
goto _Exit;
}
- Key->save_type = EVP_PKEY_RSA;
- Key->type = EVP_PKEY_type (EVP_PKEY_RSA);
- Key->pkey.rsa = (RSA *) RsaContext;
+ if (EVP_PKEY_assign_RSA (Key, (RSA *) RsaContext) == 0) {
+ goto _Exit;
+ }

//
// Convert the data to be signed to BIO format.
@@ -175,7 +175,7 @@ Pkcs7Sign (
}

CopyMem (*SignedData, P7Data + 19, *SignedDataSize);
-
+
OPENSSL_free (P7Data);

Status = TRUE;
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
index a9665d5..863e4b7 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@@ -10,7 +10,7 @@
WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
Variable and will do basic check for data structure.

-Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -273,7 +273,7 @@ X509PopCertificate (
goto _Exit;
}

- Length = ((BUF_MEM *) CertBio->ptr)->length;
+ Length = (INT32)(((BUF_MEM *) CertBio->ptr)->length);
if (Length <= 0) {
goto _Exit;
}
@@ -343,7 +343,7 @@ Pkcs7GetSigners (
PKCS7 *Pkcs7;
BOOLEAN Status;
UINT8 *SignedData;
- UINT8 *Temp;
+ CONST UINT8 *Temp;
UINTN SignedDataSize;
BOOLEAN Wrapped;
STACK_OF(X509) *Stack;
@@ -549,7 +549,7 @@ Pkcs7Verify (
X509 *Cert;
X509_STORE *CertStore;
UINT8 *SignedData;
- UINT8 *Temp;
+ CONST UINT8 *Temp;
UINTN SignedDataSize;
BOOLEAN Wrapped;

@@ -618,7 +618,8 @@ Pkcs7Verify (
//
// Read DER-encoded root certificate and Construct X509 Certificate
//
- Cert = d2i_X509 (NULL, &TrustedCert, (long) CertLength);
+ Temp = TrustedCert;
+ Cert = d2i_X509 (NULL, &Temp, (long) CertLength);
if (Cert == NULL) {
goto _Exit;
}
@@ -679,4 +680,4 @@ _Exit:
}

return Status;
-}
\ No newline at end of file
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index e4b5a84..7d269b0 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -5,7 +5,7 @@
the lifetime of the signature when a signing certificate expires or is later
revoked.

-Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -441,11 +441,12 @@ TimestampTokenVerify (
CONST UINT8 *TokenTemp;
PKCS7 *Pkcs7;
X509 *Cert;
+ CONST UINT8 *CertTemp;
X509_STORE *CertStore;
BIO *OutBio;
UINT8 *TstData;
UINTN TstSize;
- UINT8 *TstTemp;
+ CONST UINT8 *TstTemp;
TS_TST_INFO *TstInfo;

Status = FALSE;
@@ -490,7 +491,8 @@ TimestampTokenVerify (
//
// Read the trusted TSA certificate (DER-encoded), and Construct X509 Certificate.
//
- Cert = d2i_X509 (NULL, &TsaCert, (long) CertSize);
+ CertTemp = TsaCert;
+ Cert = d2i_X509 (NULL, &CertTemp, (long) CertSize);
if (Cert == NULL) {
goto _Exit;
}
@@ -605,6 +607,7 @@ ImageTimestampVerify (
{
BOOLEAN Status;
PKCS7 *Pkcs7;
+ CONST UINT8 *Temp;
STACK_OF(PKCS7_SIGNER_INFO) *SignerInfos;
PKCS7_SIGNER_INFO *SignInfo;
UINTN Index;
@@ -644,7 +647,8 @@ ImageTimestampVerify (
//
// Decode ASN.1-encoded Authenticode data into PKCS7 structure.
//
- Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &AuthData, (int) DataSize);
+ Temp = AuthData;
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) DataSize);
if (Pkcs7 == NULL) {
goto _Exit;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 29efc42..64073e8 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -1,7 +1,7 @@
/** @file
X.509 Certificate Handler Wrapper Implementation over OpenSSL.

-Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -38,7 +38,8 @@ X509ConstructCertificate (
OUT UINT8 **SingleX509Cert
)
{
- X509 *X509Cert;
+ X509 *X509Cert;
+ CONST UINT8 *Temp;

//
// Check input parameters.
@@ -50,7 +51,8 @@ X509ConstructCertificate (
//
// Read DER-encoded X509 Certificate and Construct X509 object.
//
- X509Cert = d2i_X509 (NULL, &Cert, (long) CertSize);
+ Temp = Cert;
+ X509Cert = d2i_X509 (NULL, &Temp, (long) CertSize);
if (X509Cert == NULL) {
return FALSE;
}
--
1.9.5.msysgit.1


------------------------------------------------------------------------------
Ard Biesheuvel
2015-06-10 10:16:37 UTC
Permalink
Post by qlong
Contributed-under: TianoCore Contribution Agreement 1.0
This builds correctly now under GCC/AArch64.
Post by qlong
---
CryptoPkg/Include/OpenSslSupport.h | 8 +++++++-
CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c | 6 ++++--
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c | 10 +++++-----
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 13 +++++++------
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 12 ++++++++----
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 8 +++++---
6 files changed, 36 insertions(+), 21 deletions(-)
diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h
index ed889e9..b5a8b58 100644
--- a/CryptoPkg/Include/OpenSslSupport.h
+++ b/CryptoPkg/Include/OpenSslSupport.h
@@ -1,7 +1,7 @@
Root include file to support building OpenSSL Crypto Library.
-Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -109,6 +109,11 @@ struct tm {
char *tm_zone; /* timezone abbreviation */
};
+struct timeval {
+ long tv_sec; /* time value, in seconds */
+ long tv_usec; /* time value, in microseconds */
+} timeval;
+
struct dirent {
UINT32 d_fileno; /* file number of entry */
UINT16 d_reclen; /* length of this record */
@@ -240,5 +245,6 @@ extern FILE *stdout;
#define assert(expression)
#define localtime(timer) NULL
#define gmtime_r(timer,result) (result = NULL)
+#define atoi(nptr) AsciiStrDecimalToUintn(nptr)
#endif
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
index 4ce2b06..9e93355 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
@@ -9,7 +9,7 @@
AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for
data structure.
-Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -72,6 +72,7 @@ AuthenticodeVerify (
{
BOOLEAN Status;
PKCS7 *Pkcs7;
+ CONST UINT8 *Temp;
CONST UINT8 *OrigAuthData;
UINT8 *SpcIndirectDataContent;
UINT8 Asn1Byte;
@@ -96,7 +97,8 @@ AuthenticodeVerify (
//
// Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode Signature
//
- Pkcs7 = d2i_PKCS7 (NULL, &AuthData, (int)DataSize);
+ Temp = AuthData;
+ Pkcs7 = d2i_PKCS7 (NULL, &Temp, (int)DataSize);
if (Pkcs7 == NULL) {
goto _Exit;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
index 63fe78f..704eb4e 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
@@ -1,7 +1,7 @@
PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -116,9 +116,9 @@ Pkcs7Sign (
if (Key == NULL) {
goto _Exit;
}
- Key->save_type = EVP_PKEY_RSA;
- Key->type = EVP_PKEY_type (EVP_PKEY_RSA);
- Key->pkey.rsa = (RSA *) RsaContext;
+ if (EVP_PKEY_assign_RSA (Key, (RSA *) RsaContext) == 0) {
+ goto _Exit;
+ }
//
// Convert the data to be signed to BIO format.
@@ -175,7 +175,7 @@ Pkcs7Sign (
}
CopyMem (*SignedData, P7Data + 19, *SignedDataSize);
-
+
OPENSSL_free (P7Data);
Status = TRUE;
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
index a9665d5..863e4b7 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@@ -10,7 +10,7 @@
WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
Variable and will do basic check for data structure.
-Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -273,7 +273,7 @@ X509PopCertificate (
goto _Exit;
}
- Length = ((BUF_MEM *) CertBio->ptr)->length;
+ Length = (INT32)(((BUF_MEM *) CertBio->ptr)->length);
if (Length <= 0) {
goto _Exit;
}
@@ -343,7 +343,7 @@ Pkcs7GetSigners (
PKCS7 *Pkcs7;
BOOLEAN Status;
UINT8 *SignedData;
- UINT8 *Temp;
+ CONST UINT8 *Temp;
UINTN SignedDataSize;
BOOLEAN Wrapped;
STACK_OF(X509) *Stack;
@@ -549,7 +549,7 @@ Pkcs7Verify (
X509 *Cert;
X509_STORE *CertStore;
UINT8 *SignedData;
- UINT8 *Temp;
+ CONST UINT8 *Temp;
UINTN SignedDataSize;
BOOLEAN Wrapped;
@@ -618,7 +618,8 @@ Pkcs7Verify (
//
// Read DER-encoded root certificate and Construct X509 Certificate
//
- Cert = d2i_X509 (NULL, &TrustedCert, (long) CertLength);
+ Temp = TrustedCert;
+ Cert = d2i_X509 (NULL, &Temp, (long) CertLength);
if (Cert == NULL) {
goto _Exit;
}
}
return Status;
-}
\ No newline at end of file
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index e4b5a84..7d269b0 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -5,7 +5,7 @@
the lifetime of the signature when a signing certificate expires or is later
revoked.
-Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -441,11 +441,12 @@ TimestampTokenVerify (
CONST UINT8 *TokenTemp;
PKCS7 *Pkcs7;
X509 *Cert;
+ CONST UINT8 *CertTemp;
X509_STORE *CertStore;
BIO *OutBio;
UINT8 *TstData;
UINTN TstSize;
- UINT8 *TstTemp;
+ CONST UINT8 *TstTemp;
TS_TST_INFO *TstInfo;
Status = FALSE;
@@ -490,7 +491,8 @@ TimestampTokenVerify (
//
// Read the trusted TSA certificate (DER-encoded), and Construct X509 Certificate.
//
- Cert = d2i_X509 (NULL, &TsaCert, (long) CertSize);
+ CertTemp = TsaCert;
+ Cert = d2i_X509 (NULL, &CertTemp, (long) CertSize);
if (Cert == NULL) {
goto _Exit;
}
@@ -605,6 +607,7 @@ ImageTimestampVerify (
{
BOOLEAN Status;
PKCS7 *Pkcs7;
+ CONST UINT8 *Temp;
STACK_OF(PKCS7_SIGNER_INFO) *SignerInfos;
PKCS7_SIGNER_INFO *SignInfo;
UINTN Index;
@@ -644,7 +647,8 @@ ImageTimestampVerify (
//
// Decode ASN.1-encoded Authenticode data into PKCS7 structure.
//
- Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &AuthData, (int) DataSize);
+ Temp = AuthData;
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) DataSize);
if (Pkcs7 == NULL) {
goto _Exit;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 29efc42..64073e8 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -1,7 +1,7 @@
X.509 Certificate Handler Wrapper Implementation over OpenSSL.
-Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -38,7 +38,8 @@ X509ConstructCertificate (
OUT UINT8 **SingleX509Cert
)
{
- X509 *X509Cert;
+ X509 *X509Cert;
+ CONST UINT8 *Temp;
//
// Check input parameters.
@@ -50,7 +51,8 @@ X509ConstructCertificate (
//
// Read DER-encoded X509 Certificate and Construct X509 object.
//
- X509Cert = d2i_X509 (NULL, &Cert, (long) CertSize);
+ Temp = Cert;
+ X509Cert = d2i_X509 (NULL, &Temp, (long) CertSize);
if (X509Cert == NULL) {
return FALSE;
}
--
1.9.5.msysgit.1
------------------------------------------------------------------------------
qlong
2015-06-10 02:21:21 UTC
Permalink
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long, Qin <***@intel.com>
Signed-off-by: qlong <***@intel.com>
---
.../Library/OpensslLib/EDKII_openssl-0.9.8zf.patch | 279 ----------------
.../Library/OpensslLib/EDKII_openssl-1.0.2a.patch | 358 +++++++++++++++++++++
2 files changed, 358 insertions(+), 279 deletions(-)
delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
create mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch

diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
deleted file mode 100644
index 4abe62c..0000000
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
+++ /dev/null
@@ -1,279 +0,0 @@
-Index: crypto/bio/bss_file.c
-===================================================================
---- crypto/bio/bss_file.c (revision 1)
-+++ crypto/bio/bss_file.c (working copy)
-@@ -418,6 +418,23 @@
- return (ret);
- }
-
-+#else
-+
-+BIO_METHOD *BIO_s_file(void)
-+{
-+ return NULL;
-+}
-+
-+BIO *BIO_new_file(const char *filename, const char *mode)
-+{
-+ return NULL;
-+}
-+
-+BIO *BIO_new_fp(FILE *stream, int close_flag)
-+{
-+ return NULL;
-+}
-+
- # endif /* OPENSSL_NO_STDIO */
-
- #endif /* HEADER_BSS_FILE_C */
-Index: crypto/crypto.h
-===================================================================
---- crypto/crypto.h (revision 1)
-+++ crypto/crypto.h (working copy)
-@@ -239,15 +239,15 @@
- # ifndef OPENSSL_NO_LOCKING
- # ifndef CRYPTO_w_lock
- # define CRYPTO_w_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
- # define CRYPTO_w_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
- # define CRYPTO_r_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
- # define CRYPTO_r_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
- # define CRYPTO_add(addr,amount,type) \
-- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-+ CRYPTO_add_lock(addr,amount,type,NULL,0)
- # endif
- # else
- # define CRYPTO_w_lock(a)
-@@ -374,19 +374,19 @@
- # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
- # define is_MemCheck_on() CRYPTO_is_mem_check_on()
-
--# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
--# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
-+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
-+# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
- # define OPENSSL_realloc(addr,num) \
-- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
- # define OPENSSL_realloc_clean(addr,old_num,num) \
-- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
- # define OPENSSL_remalloc(addr,num) \
-- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
- # define OPENSSL_freeFunc CRYPTO_free
- # define OPENSSL_free(addr) CRYPTO_free(addr)
-
- # define OPENSSL_malloc_locked(num) \
-- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-+ CRYPTO_malloc_locked((int)num,NULL,0)
- # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
-
- const char *SSLeay_version(int type);
-@@ -531,7 +531,7 @@
- long CRYPTO_get_mem_debug_options(void);
-
- # define CRYPTO_push_info(info) \
-- CRYPTO_push_info_(info, __FILE__, __LINE__);
-+ CRYPTO_push_info_(info, NULL, 0);
- int CRYPTO_push_info_(const char *info, const char *file, int line);
- int CRYPTO_pop_info(void);
- int CRYPTO_remove_all_info(void);
-@@ -578,7 +578,7 @@
-
- /* die if we have to */
- void OpenSSLDie(const char *file, int line, const char *assertion);
--# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
-+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
-
- unsigned long *OPENSSL_ia32cap_loc(void);
- # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
-@@ -585,10 +585,10 @@
- int OPENSSL_isservice(void);
-
- # ifdef OPENSSL_FIPS
--# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
-+# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
- alg " previous FIPS forbidden algorithm error ignored");
-
--# define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
-+# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
- #alg " Algorithm forbidden in FIPS mode");
-
- # ifdef OPENSSL_FIPS_STRICT
-Index: crypto/err/err.c
-===================================================================
---- crypto/err/err.c (revision 1)
-+++ crypto/err/err.c (working copy)
-@@ -321,7 +321,12 @@
- es->err_data_flags[i] = flags;
- }
-
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...)
-+#else
- void ERR_add_error_data(int num, ...)
-+#endif
- {
- va_list args;
- int i, n, s;
-Index: crypto/err/err.h
-===================================================================
---- crypto/err/err.h (revision 1)
-+++ crypto/err/err.h (working copy)
-@@ -285,7 +285,13 @@
- # endif
- # ifndef OPENSSL_NO_BIO
- void ERR_print_errors(BIO *bp);
-+
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...);
-+#else
- void ERR_add_error_data(int num, ...);
-+#endif
- # endif
- void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
- void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
-Index: crypto/opensslconf.h
-===================================================================
---- crypto/opensslconf.h (revision 1)
-+++ crypto/opensslconf.h (working copy)
-@@ -162,6 +162,9 @@
- /* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-+
-+/* Bypass following definition for UEFI version. */
-+#if !defined(OPENSSL_SYS_UEFI)
- #undef SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
- #define THIRTY_TWO_BIT
-@@ -169,6 +172,8 @@
- #undef EIGHT_BIT
- #endif
-
-+#endif
-+
- #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
- #define CONFIG_HEADER_RC4_LOCL_H
- /* if this is defined data[i] is used instead of *data, this is a %20
-Index: crypto/pkcs7/pk7_smime.c
-===================================================================
---- crypto/pkcs7/pk7_smime.c (revision 1)
-+++ crypto/pkcs7/pk7_smime.c (working copy)
-@@ -90,7 +90,14 @@
- if (!PKCS7_content_new(p7, NID_pkcs7_data))
- goto err;
-
-+#if defined(OPENSSL_SYS_UEFI)
-+ /*
-+ * NOTE: Update to SHA-256 digest algorithm for UEFI version.
-+ */
-+ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha256()))) {
-+#else
- if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) {
-+#endif
- PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
- goto err;
- }
-@@ -175,7 +182,8 @@
- STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
- PKCS7_SIGNER_INFO *si;
- X509_STORE_CTX cert_ctx;
-- char buf[4096];
-+ char *buf = NULL;
-+ int bufsiz;
- int i, j = 0, k, ret = 0;
- BIO *p7bio;
- BIO *tmpin, *tmpout;
-@@ -286,6 +294,12 @@
- } else
- tmpout = out;
-
-+ bufsiz = 4096;
-+ buf = OPENSSL_malloc (bufsiz);
-+ if (buf == NULL) {
-+ goto err;
-+ }
-+
- /* We now have to 'read' from p7bio to calculate digests etc. */
- for (;;) {
- i = BIO_read(p7bio, buf, sizeof(buf));
-@@ -328,6 +342,10 @@
-
- sk_X509_free(signers);
-
-+ if (buf != NULL) {
-+ OPENSSL_free (buf);
-+ }
-+
- return ret;
- }
-
-Index: crypto/rand/rand_egd.c
-===================================================================
---- crypto/rand/rand_egd.c (revision 1)
-+++ crypto/rand/rand_egd.c (working copy)
-@@ -95,7 +95,7 @@
- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
- */
-
--#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
-+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
- int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
- {
- return (-1);
-Index: crypto/rand/rand_unix.c
-===================================================================
---- crypto/rand/rand_unix.c (revision 1)
-+++ crypto/rand/rand_unix.c (working copy)
-@@ -116,7 +116,7 @@
- #include <openssl/rand.h>
- #include "rand_lcl.h"
-
--#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
-+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
-
- # include <sys/types.h>
- # include <sys/time.h>
-@@ -332,7 +332,7 @@
- * defined(OPENSSL_SYS_VXWORKS) ||
- * defined(OPENSSL_SYS_NETWARE)) */
-
--#if defined(OPENSSL_SYS_VXWORKS)
-+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
- int RAND_poll(void)
- {
- return 0;
-Index: crypto/x509/x509_vfy.c
-===================================================================
---- crypto/x509/x509_vfy.c (revision 1)
-+++ crypto/x509/x509_vfy.c (working copy)
-@@ -871,6 +871,10 @@
-
- static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
- {
-+#if defined(OPENSSL_SYS_UEFI)
-+ /* Bypass Certificate Time Checking for UEFI version. */
-+ return 1;
-+#else
- time_t *ptime;
- int i;
-
-@@ -910,6 +914,7 @@
- }
-
- return 1;
-+#endif
- }
-
- static int internal_verify(X509_STORE_CTX *ctx)
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
new file mode 100644
index 0000000..55056ec
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
@@ -0,0 +1,358 @@
+diff U3 crypto/bio/bio.h crypto/bio/bio.h
+--- crypto/bio/bio.h Wed Jun 03 21:29:20 2015
++++ crypto/bio/bio.h Thu Jun 04 16:28:25 2015
+@@ -646,10 +646,10 @@
+ int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+ asn1_ps_func **psuffix_free);
+
+-# ifndef OPENSSL_NO_FP_API
+ BIO_METHOD *BIO_s_file(void);
+ BIO *BIO_new_file(const char *filename, const char *mode);
+ BIO *BIO_new_fp(FILE *stream, int close_flag);
++# ifndef OPENSSL_NO_FP_API
+ # define BIO_s_file_internal BIO_s_file
+ # endif
+ BIO *BIO_new(BIO_METHOD *type);
+diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c
+--- crypto/bio/bss_file.c Wed Jun 03 21:29:20 2015
++++ crypto/bio/bss_file.c Thu Jun 04 16:29:18 2015
+@@ -460,6 +460,23 @@
+ return (ret);
+ }
+
++# else
++
++BIO_METHOD *BIO_s_file(void)
++{
++ return NULL;
++}
++
++BIO *BIO_new_file(const char *filename, const char *mode)
++{
++ return NULL;
++}
++
++BIO *BIO_new_fp(FILE *stream, int close_flag)
++{
++ return NULL;
++}
++
+ # endif /* OPENSSL_NO_STDIO */
+
+ #endif /* HEADER_BSS_FILE_C */
+diff U3 crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c
+--- crypto/dh/dh_pmeth.c Wed Jun 03 21:29:20 2015
++++ crypto/dh/dh_pmeth.c Thu Jun 04 16:30:17 2015
+@@ -449,6 +449,9 @@
+ *keylen = ret;
+ return 1;
+ } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
++#ifdef OPENSSL_NO_CMS
++ return 0;
++#else
+ unsigned char *Z = NULL;
+ size_t Zlen = 0;
+ if (!dctx->kdf_outlen || !dctx->kdf_oid)
+@@ -478,6 +481,7 @@
+ OPENSSL_free(Z);
+ }
+ return ret;
++#endif
+ }
+ return 1;
+ }
+diff U3 crypto/pem/pem.h crypto/pem/pem.h
+--- crypto/pem/pem.h Wed Jun 03 21:29:20 2015
++++ crypto/pem/pem.h Thu Jun 04 16:31:08 2015
+@@ -324,6 +324,7 @@
+
+ # define DECLARE_PEM_read_fp(name, type) /**/
+ # define DECLARE_PEM_write_fp(name, type) /**/
++# define DECLARE_PEM_write_fp_const(name, type) /**/
+ # define DECLARE_PEM_write_cb_fp(name, type) /**/
+ # else
+
+diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
+--- crypto/pkcs7/pk7_smime.c Wed Jun 03 21:29:20 2015
++++ crypto/pkcs7/pk7_smime.c Thu Jun 04 16:34:03 2015
+@@ -254,7 +254,8 @@
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ X509_STORE_CTX cert_ctx;
+- char buf[4096];
++ char *buf = NULL;
++ int bufsiz;
+ int i, j = 0, k, ret = 0;
+ BIO *p7bio;
+ BIO *tmpin, *tmpout;
+@@ -365,9 +366,14 @@
+ } else
+ tmpout = out;
+
++ bufsiz = 4096;
++ buf = OPENSSL_malloc (bufsiz);
++ if (buf == NULL) {
++ goto err;
++ }
+ /* We now have to 'read' from p7bio to calculate digests etc. */
+ for (;;) {
+- i = BIO_read(p7bio, buf, sizeof(buf));
++ i = BIO_read(p7bio, buf, bufsiz);
+ if (i <= 0)
+ break;
+ if (tmpout)
+@@ -406,6 +412,10 @@
+ BIO_free_all(p7bio);
+
+ sk_X509_free(signers);
++
++ if (buf != NULL) {
++ OPENSSL_free (buf);
++ }
+
+ return ret;
+ }
+diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c
+--- crypto/rand/rand_unix.c Wed Jun 03 21:29:20 2015
++++ crypto/rand/rand_unix.c Thu Jun 04 16:34:58 2015
+@@ -116,7 +116,7 @@
+ #include <openssl/rand.h>
+ #include "rand_lcl.h"
+
+-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
+
+ # include <sys/types.h>
+ # include <sys/time.h>
+@@ -439,7 +439,7 @@
+ * defined(OPENSSL_SYS_VXWORKS) ||
+ * defined(OPENSSL_SYS_NETWARE)) */
+
+-#if defined(OPENSSL_SYS_VXWORKS)
++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+ int RAND_poll(void)
+ {
+ return 0;
+diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c
+--- crypto/rsa/rsa_ameth.c Wed Jun 03 21:29:20 2015
++++ crypto/rsa/rsa_ameth.c Thu Jun 04 16:36:28 2015
+@@ -68,10 +68,12 @@
+ #endif
+ #include "asn1_locl.h"
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_sign(CMS_SignerInfo *si);
+ static int rsa_cms_verify(CMS_SignerInfo *si);
+ static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
+ static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
++#endif
+
+ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+ {
+@@ -665,6 +667,7 @@
+ return rv;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_verify(CMS_SignerInfo *si)
+ {
+ int nid, nid2;
+@@ -683,6 +686,7 @@
+ }
+ return 0;
+ }
++#endif
+
+ /*
+ * Customised RSA item verification routine. This is called when a signature
+@@ -705,6 +709,7 @@
+ return -1;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_sign(CMS_SignerInfo *si)
+ {
+ int pad_mode = RSA_PKCS1_PADDING;
+@@ -729,6 +734,7 @@
+ X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
+ return 1;
+ }
++#endif
+
+ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+ X509_ALGOR *alg1, X509_ALGOR *alg2,
+@@ -785,6 +791,7 @@
+ return pss;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
+ {
+ EVP_PKEY_CTX *pkctx;
+@@ -857,7 +864,9 @@
+ X509_ALGOR_free(maskHash);
+ return rv;
+ }
++#endif
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
+ {
+ const EVP_MD *md, *mgf1md;
+@@ -920,6 +929,7 @@
+ ASN1_STRING_free(os);
+ return rv;
+ }
++#endif
+
+ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
+ {
+diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
+--- crypto/x509/x509_vfy.c Wed Jun 03 21:29:20 2015
++++ crypto/x509/x509_vfy.c Thu Jun 04 16:37:39 2015
+@@ -1610,6 +1610,10 @@
+
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
+ {
++#if defined(OPENSSL_SYS_UEFI)
++ /* Bypass Certificate Time Checking for UEFI version. */
++ return 1;
++#else
+ time_t *ptime;
+ int i;
+
+@@ -1649,6 +1653,7 @@
+ }
+
+ return 1;
++#endif
+ }
+
+ static int internal_verify(X509_STORE_CTX *ctx)
+diff U3 crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c
+--- crypto/x509/x509_vpm.c Wed Jun 03 21:29:20 2015
++++ crypto/x509/x509_vpm.c Thu Jun 04 16:40:04 2015
+@@ -175,7 +175,7 @@
+ param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
+ if (!param)
+ return NULL;
+- paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
++ paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM_ID));
+ if (!paramid) {
+ OPENSSL_free(param);
+ return NULL;
+diff U3 crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h
+--- crypto/x509v3/ext_dat.h Wed Jun 03 21:29:20 2015
++++ crypto/x509v3/ext_dat.h Thu Jun 04 16:38:15 2015
+@@ -127,8 +127,10 @@
+ &v3_idp,
+ &v3_alt[2],
+ &v3_freshest_crl,
++#ifndef OPENSSL_SYS_UEFI
+ &v3_ct_scts[0],
+ &v3_ct_scts[1],
++#endif
+ };
+
+ /* Number of standard extensions */
+diff U3 crypto/crypto.h crypto/crypto.h
+--- crypto/crypto.h Wed Jun 03 21:29:20 2015
++++ crypto/crypto.h Thu Jun 04 16:25:21 2015
+@@ -235,15 +235,15 @@
+ # ifndef OPENSSL_NO_LOCKING
+ # ifndef CRYPTO_w_lock
+ # define CRYPTO_w_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
+ # define CRYPTO_w_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
+ # define CRYPTO_r_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
+ # define CRYPTO_r_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
+ # define CRYPTO_add(addr,amount,type) \
+- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
++ CRYPTO_add_lock(addr,amount,type,NULL,0)
+ # endif
+ # else
+ # define CRYPTO_w_lock(a)
+@@ -378,19 +378,19 @@
+ # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
+ # define is_MemCheck_on() CRYPTO_is_mem_check_on()
+
+-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
+-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
++# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
++# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
+ # define OPENSSL_realloc(addr,num) \
+- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
+ # define OPENSSL_realloc_clean(addr,old_num,num) \
+- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
+ # define OPENSSL_remalloc(addr,num) \
+- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
+ # define OPENSSL_freeFunc CRYPTO_free
+ # define OPENSSL_free(addr) CRYPTO_free(addr)
+
+ # define OPENSSL_malloc_locked(num) \
+- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
++ CRYPTO_malloc_locked((int)num,NULL,0)
+ # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
+
+ const char *SSLeay_version(int type);
+@@ -545,7 +545,7 @@
+ long CRYPTO_get_mem_debug_options(void);
+
+ # define CRYPTO_push_info(info) \
+- CRYPTO_push_info_(info, __FILE__, __LINE__);
++ CRYPTO_push_info_(info, NULL, 0);
+ int CRYPTO_push_info_(const char *info, const char *file, int line);
+ int CRYPTO_pop_info(void);
+ int CRYPTO_remove_all_info(void);
+@@ -588,7 +588,7 @@
+
+ /* die if we have to */
+ void OpenSSLDie(const char *file, int line, const char *assertion);
+-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
++# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
+
+ unsigned long *OPENSSL_ia32cap_loc(void);
+ # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
+@@ -605,14 +605,14 @@
+ # define fips_md_init_ctx(alg, cx) \
+ int alg##_Init(cx##_CTX *c) \
+ { \
+- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \
+ "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
+ return private_##alg##_Init(c); \
+ } \
+ int private_##alg##_Init(cx##_CTX *c)
+
+ # define fips_cipher_abort(alg) \
+- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \
+ "Low level API call to cipher " #alg " forbidden in FIPS mode!")
+
+ # else
+diff U3 crypto/opensslconf.h crypto/opensslconf.h
+--- crypto/opensslconf.h Wed Jun 03 21:29:20 2015
++++ crypto/opensslconf.h Thu Jun 04 16:27:13 2015
+@@ -159,9 +159,12 @@
+ /* Should we define BN_DIV2W here? */
+
+ /* Only one for the following should be defined */
++/* Bypass the following definitions for UEFI version. */
++#if !defined(OPENSSL_SYS_UEFI)
+ #undef SIXTY_FOUR_BIT_LONG
+ #undef SIXTY_FOUR_BIT
+ #define THIRTY_TWO_BIT
++#endif
+ #endif
+
+ #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
--
1.9.5.msysgit.1


------------------------------------------------------------------------------
Ard Biesheuvel
2015-06-10 10:22:12 UTC
Permalink
Post by qlong
Contributed-under: TianoCore Contribution Agreement 1.0
---
.../Library/OpensslLib/EDKII_openssl-0.9.8zf.patch | 279 ----------------
.../Library/OpensslLib/EDKII_openssl-1.0.2a.patch | 358 +++++++++++++++++++++
2 files changed, 358 insertions(+), 279 deletions(-)
delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
create mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
deleted file mode 100644
index 4abe62c..0000000
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
+++ /dev/null
@@ -1,279 +0,0 @@
-Index: crypto/bio/bss_file.c
-===================================================================
---- crypto/bio/bss_file.c (revision 1)
-+++ crypto/bio/bss_file.c (working copy)
- return (ret);
- }
-
-+#else
-+
-+BIO_METHOD *BIO_s_file(void)
-+{
-+ return NULL;
-+}
-+
-+BIO *BIO_new_file(const char *filename, const char *mode)
-+{
-+ return NULL;
-+}
-+
-+BIO *BIO_new_fp(FILE *stream, int close_flag)
-+{
-+ return NULL;
-+}
-+
- # endif /* OPENSSL_NO_STDIO */
-
- #endif /* HEADER_BSS_FILE_C */
-Index: crypto/crypto.h
-===================================================================
---- crypto/crypto.h (revision 1)
-+++ crypto/crypto.h (working copy)
- # ifndef OPENSSL_NO_LOCKING
- # ifndef CRYPTO_w_lock
- # define CRYPTO_w_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
- # define CRYPTO_w_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
- # define CRYPTO_r_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
- # define CRYPTO_r_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
- # define CRYPTO_add(addr,amount,type) \
-- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-+ CRYPTO_add_lock(addr,amount,type,NULL,0)
- # endif
- # else
- # define CRYPTO_w_lock(a)
- # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
- # define is_MemCheck_on() CRYPTO_is_mem_check_on()
-
--# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
--# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
-+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
-+# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
- # define OPENSSL_realloc(addr,num) \
-- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
- # define OPENSSL_realloc_clean(addr,old_num,num) \
-- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
- # define OPENSSL_remalloc(addr,num) \
-- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
- # define OPENSSL_freeFunc CRYPTO_free
- # define OPENSSL_free(addr) CRYPTO_free(addr)
-
- # define OPENSSL_malloc_locked(num) \
-- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-+ CRYPTO_malloc_locked((int)num,NULL,0)
- # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
-
- const char *SSLeay_version(int type);
- long CRYPTO_get_mem_debug_options(void);
-
- # define CRYPTO_push_info(info) \
-- CRYPTO_push_info_(info, __FILE__, __LINE__);
-+ CRYPTO_push_info_(info, NULL, 0);
- int CRYPTO_push_info_(const char *info, const char *file, int line);
- int CRYPTO_pop_info(void);
- int CRYPTO_remove_all_info(void);
-
- /* die if we have to */
- void OpenSSLDie(const char *file, int line, const char *assertion);
--# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
-+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
-
- unsigned long *OPENSSL_ia32cap_loc(void);
- # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
- int OPENSSL_isservice(void);
-
- # ifdef OPENSSL_FIPS
--# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
-+# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
- alg " previous FIPS forbidden algorithm error ignored");
-
--# define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
-+# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
- #alg " Algorithm forbidden in FIPS mode");
-
- # ifdef OPENSSL_FIPS_STRICT
-Index: crypto/err/err.c
-===================================================================
---- crypto/err/err.c (revision 1)
-+++ crypto/err/err.c (working copy)
- es->err_data_flags[i] = flags;
- }
-
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...)
-+#else
- void ERR_add_error_data(int num, ...)
-+#endif
- {
- va_list args;
- int i, n, s;
-Index: crypto/err/err.h
-===================================================================
---- crypto/err/err.h (revision 1)
-+++ crypto/err/err.h (working copy)
- # endif
- # ifndef OPENSSL_NO_BIO
- void ERR_print_errors(BIO *bp);
-+
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...);
-+#else
- void ERR_add_error_data(int num, ...);
-+#endif
- # endif
- void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
- void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
-Index: crypto/opensslconf.h
-===================================================================
---- crypto/opensslconf.h (revision 1)
-+++ crypto/opensslconf.h (working copy)
- /* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-+
-+/* Bypass following definition for UEFI version. */
-+#if !defined(OPENSSL_SYS_UEFI)
- #undef SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
- #define THIRTY_TWO_BIT
- #undef EIGHT_BIT
- #endif
-
-+#endif
-+
- #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
- #define CONFIG_HEADER_RC4_LOCL_H
- /* if this is defined data[i] is used instead of *data, this is a %20
-Index: crypto/pkcs7/pk7_smime.c
-===================================================================
---- crypto/pkcs7/pk7_smime.c (revision 1)
-+++ crypto/pkcs7/pk7_smime.c (working copy)
- if (!PKCS7_content_new(p7, NID_pkcs7_data))
- goto err;
-
-+#if defined(OPENSSL_SYS_UEFI)
-+ /*
-+ * NOTE: Update to SHA-256 digest algorithm for UEFI version.
-+ */
-+ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha256()))) {
-+#else
- if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) {
-+#endif
- PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
- goto err;
- }
- STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
- PKCS7_SIGNER_INFO *si;
- X509_STORE_CTX cert_ctx;
-- char buf[4096];
-+ char *buf = NULL;
-+ int bufsiz;
- int i, j = 0, k, ret = 0;
- BIO *p7bio;
- BIO *tmpin, *tmpout;
- } else
- tmpout = out;
-
-+ bufsiz = 4096;
-+ buf = OPENSSL_malloc (bufsiz);
-+ if (buf == NULL) {
-+ goto err;
-+ }
-+
- /* We now have to 'read' from p7bio to calculate digests etc. */
- for (;;) {
- i = BIO_read(p7bio, buf, sizeof(buf));
-
- sk_X509_free(signers);
-
-+ if (buf != NULL) {
-+ OPENSSL_free (buf);
-+ }
-+
- return ret;
- }
-
-Index: crypto/rand/rand_egd.c
-===================================================================
---- crypto/rand/rand_egd.c (revision 1)
-+++ crypto/rand/rand_egd.c (working copy)
- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
- */
-
--#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
-+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
- int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
- {
- return (-1);
-Index: crypto/rand/rand_unix.c
-===================================================================
---- crypto/rand/rand_unix.c (revision 1)
-+++ crypto/rand/rand_unix.c (working copy)
- #include <openssl/rand.h>
- #include "rand_lcl.h"
-
--#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
-+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
-
- # include <sys/types.h>
- # include <sys/time.h>
- * defined(OPENSSL_SYS_VXWORKS) ||
- * defined(OPENSSL_SYS_NETWARE)) */
-
--#if defined(OPENSSL_SYS_VXWORKS)
-+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
- int RAND_poll(void)
- {
- return 0;
-Index: crypto/x509/x509_vfy.c
-===================================================================
---- crypto/x509/x509_vfy.c (revision 1)
-+++ crypto/x509/x509_vfy.c (working copy)
-
- static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
- {
-+#if defined(OPENSSL_SYS_UEFI)
-+ /* Bypass Certificate Time Checking for UEFI version. */
-+ return 1;
-+#else
- time_t *ptime;
- int i;
-
- }
-
- return 1;
-+#endif
- }
-
- static int internal_verify(X509_STORE_CTX *ctx)
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
new file mode 100644
index 0000000..55056ec
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
@@ -0,0 +1,358 @@
+diff U3 crypto/bio/bio.h crypto/bio/bio.h
+--- crypto/bio/bio.h Wed Jun 03 21:29:20 2015
++++ crypto/bio/bio.h Thu Jun 04 16:28:25 2015
+ int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+ asn1_ps_func **psuffix_free);
+
+-# ifndef OPENSSL_NO_FP_API
+ BIO_METHOD *BIO_s_file(void);
+ BIO *BIO_new_file(const char *filename, const char *mode);
+ BIO *BIO_new_fp(FILE *stream, int close_flag);
++# ifndef OPENSSL_NO_FP_API
+ # define BIO_s_file_internal BIO_s_file
+ # endif
+ BIO *BIO_new(BIO_METHOD *type);
+diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c
+--- crypto/bio/bss_file.c Wed Jun 03 21:29:20 2015
++++ crypto/bio/bss_file.c Thu Jun 04 16:29:18 2015
+ return (ret);
+ }
+
++# else
++
++BIO_METHOD *BIO_s_file(void)
++{
++ return NULL;
++}
++
++BIO *BIO_new_file(const char *filename, const char *mode)
++{
++ return NULL;
++}
++
++BIO *BIO_new_fp(FILE *stream, int close_flag)
++{
++ return NULL;
++}
++
+ # endif /* OPENSSL_NO_STDIO */
+
+ #endif /* HEADER_BSS_FILE_C */
+diff U3 crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c
+--- crypto/dh/dh_pmeth.c Wed Jun 03 21:29:20 2015
++++ crypto/dh/dh_pmeth.c Thu Jun 04 16:30:17 2015
+ *keylen = ret;
+ return 1;
+ } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
++#ifdef OPENSSL_NO_CMS
++ return 0;
++#else
+ unsigned char *Z = NULL;
+ size_t Zlen = 0;
+ if (!dctx->kdf_outlen || !dctx->kdf_oid)
+ OPENSSL_free(Z);
+ }
+ return ret;
++#endif
+ }
+ return 1;
+ }
+diff U3 crypto/pem/pem.h crypto/pem/pem.h
+--- crypto/pem/pem.h Wed Jun 03 21:29:20 2015
++++ crypto/pem/pem.h Thu Jun 04 16:31:08 2015
+
+ # define DECLARE_PEM_read_fp(name, type) /**/
+ # define DECLARE_PEM_write_fp(name, type) /**/
++# define DECLARE_PEM_write_fp_const(name, type) /**/
+ # define DECLARE_PEM_write_cb_fp(name, type) /**/
+ # else
+
+diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
+--- crypto/pkcs7/pk7_smime.c Wed Jun 03 21:29:20 2015
++++ crypto/pkcs7/pk7_smime.c Thu Jun 04 16:34:03 2015
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ X509_STORE_CTX cert_ctx;
+- char buf[4096];
++ char *buf = NULL;
++ int bufsiz;
+ int i, j = 0, k, ret = 0;
+ BIO *p7bio;
+ BIO *tmpin, *tmpout;
+ } else
+ tmpout = out;
+
++ bufsiz = 4096;
++ buf = OPENSSL_malloc (bufsiz);
++ if (buf == NULL) {
++ goto err;
++ }
+ /* We now have to 'read' from p7bio to calculate digests etc. */
+ for (;;) {
+- i = BIO_read(p7bio, buf, sizeof(buf));
++ i = BIO_read(p7bio, buf, bufsiz);
+ if (i <= 0)
+ break;
+ if (tmpout)
+ BIO_free_all(p7bio);
+
+ sk_X509_free(signers);
++
++ if (buf != NULL) {
++ OPENSSL_free (buf);
++ }
+
+ return ret;
+ }
+diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c
+--- crypto/rand/rand_unix.c Wed Jun 03 21:29:20 2015
++++ crypto/rand/rand_unix.c Thu Jun 04 16:34:58 2015
+ #include <openssl/rand.h>
+ #include "rand_lcl.h"
+
+-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
+
+ # include <sys/types.h>
+ # include <sys/time.h>
+ * defined(OPENSSL_SYS_VXWORKS) ||
+ * defined(OPENSSL_SYS_NETWARE)) */
+
+-#if defined(OPENSSL_SYS_VXWORKS)
++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+ int RAND_poll(void)
+ {
+ return 0;
+diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c
+--- crypto/rsa/rsa_ameth.c Wed Jun 03 21:29:20 2015
++++ crypto/rsa/rsa_ameth.c Thu Jun 04 16:36:28 2015
+ #endif
+ #include "asn1_locl.h"
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_sign(CMS_SignerInfo *si);
+ static int rsa_cms_verify(CMS_SignerInfo *si);
+ static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
+ static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
++#endif
+
+ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+ {
+ return rv;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_verify(CMS_SignerInfo *si)
+ {
+ int nid, nid2;
+ }
+ return 0;
+ }
++#endif
+
+ /*
+ * Customised RSA item verification routine. This is called when a signature
+ return -1;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_sign(CMS_SignerInfo *si)
+ {
+ int pad_mode = RSA_PKCS1_PADDING;
+ X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
+ return 1;
+ }
++#endif
+
+ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+ X509_ALGOR *alg1, X509_ALGOR *alg2,
+ return pss;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
+ {
+ EVP_PKEY_CTX *pkctx;
+ X509_ALGOR_free(maskHash);
+ return rv;
+ }
++#endif
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
+ {
+ const EVP_MD *md, *mgf1md;
+ ASN1_STRING_free(os);
+ return rv;
+ }
++#endif
+
+ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
+ {
+diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
+--- crypto/x509/x509_vfy.c Wed Jun 03 21:29:20 2015
++++ crypto/x509/x509_vfy.c Thu Jun 04 16:37:39 2015
+
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
+ {
++#if defined(OPENSSL_SYS_UEFI)
++ /* Bypass Certificate Time Checking for UEFI version. */
++ return 1;
++#else
+ time_t *ptime;
+ int i;
+
+ }
+
+ return 1;
++#endif
+ }
+
+ static int internal_verify(X509_STORE_CTX *ctx)
+diff U3 crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c
+--- crypto/x509/x509_vpm.c Wed Jun 03 21:29:20 2015
++++ crypto/x509/x509_vpm.c Thu Jun 04 16:40:04 2015
+ param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
+ if (!param)
+ return NULL;
+- paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
++ paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM_ID));
+ if (!paramid) {
+ OPENSSL_free(param);
+ return NULL;
+diff U3 crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h
+--- crypto/x509v3/ext_dat.h Wed Jun 03 21:29:20 2015
++++ crypto/x509v3/ext_dat.h Thu Jun 04 16:38:15 2015
+ &v3_idp,
+ &v3_alt[2],
+ &v3_freshest_crl,
++#ifndef OPENSSL_SYS_UEFI
+ &v3_ct_scts[0],
+ &v3_ct_scts[1],
++#endif
+ };
+
+ /* Number of standard extensions */
+diff U3 crypto/crypto.h crypto/crypto.h
+--- crypto/crypto.h Wed Jun 03 21:29:20 2015
++++ crypto/crypto.h Thu Jun 04 16:25:21 2015
+ # ifndef OPENSSL_NO_LOCKING
+ # ifndef CRYPTO_w_lock
+ # define CRYPTO_w_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
+ # define CRYPTO_w_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
+ # define CRYPTO_r_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
+ # define CRYPTO_r_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
+ # define CRYPTO_add(addr,amount,type) \
+- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
++ CRYPTO_add_lock(addr,amount,type,NULL,0)
+ # endif
+ # else
+ # define CRYPTO_w_lock(a)
+ # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
+ # define is_MemCheck_on() CRYPTO_is_mem_check_on()
+
+-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
+-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
++# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
++# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
+ # define OPENSSL_realloc(addr,num) \
+- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
+ # define OPENSSL_realloc_clean(addr,old_num,num) \
+- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
+ # define OPENSSL_remalloc(addr,num) \
+- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
+ # define OPENSSL_freeFunc CRYPTO_free
+ # define OPENSSL_free(addr) CRYPTO_free(addr)
+
+ # define OPENSSL_malloc_locked(num) \
+- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
++ CRYPTO_malloc_locked((int)num,NULL,0)
+ # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
+
+ const char *SSLeay_version(int type);
+ long CRYPTO_get_mem_debug_options(void);
+
+ # define CRYPTO_push_info(info) \
+- CRYPTO_push_info_(info, __FILE__, __LINE__);
++ CRYPTO_push_info_(info, NULL, 0);
+ int CRYPTO_push_info_(const char *info, const char *file, int line);
+ int CRYPTO_pop_info(void);
+ int CRYPTO_remove_all_info(void);
+
+ /* die if we have to */
+ void OpenSSLDie(const char *file, int line, const char *assertion);
+-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
++# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
+
+ unsigned long *OPENSSL_ia32cap_loc(void);
+ # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
+ # define fips_md_init_ctx(alg, cx) \
+ int alg##_Init(cx##_CTX *c) \
+ { \
+- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \
+ "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
+ return private_##alg##_Init(c); \
+ } \
+ int private_##alg##_Init(cx##_CTX *c)
+
+ # define fips_cipher_abort(alg) \
+- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \
+ "Low level API call to cipher " #alg " forbidden in FIPS mode!")
+
+ # else
+diff U3 crypto/opensslconf.h crypto/opensslconf.h
+--- crypto/opensslconf.h Wed Jun 03 21:29:20 2015
++++ crypto/opensslconf.h Thu Jun 04 16:27:13 2015
+ /* Should we define BN_DIV2W here? */
+
+ /* Only one for the following should be defined */
++/* Bypass the following definitions for UEFI version. */
++#if !defined(OPENSSL_SYS_UEFI)
+ #undef SIXTY_FOUR_BIT_LONG
+ #undef SIXTY_FOUR_BIT
+ #define THIRTY_TWO_BIT
++#endif
+ #endif
+
+ #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
--
1.9.5.msysgit.1
------------------------------------------------------------------------------
Ard Biesheuvel
2015-06-10 11:55:04 UTC
Permalink
Post by qlong
Contributed-under: TianoCore Contribution Agreement 1.0
I do have a question, though. Why does the underlying patch replace
__FILE__ and __LINE__ references? These macros appear in MdeModulePkg
unconditionally, so I suppose all supported toolchains can deal with
them
Post by qlong
---
.../Library/OpensslLib/EDKII_openssl-0.9.8zf.patch | 279 ----------------
.../Library/OpensslLib/EDKII_openssl-1.0.2a.patch | 358 +++++++++++++++++++++
2 files changed, 358 insertions(+), 279 deletions(-)
delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
create mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
deleted file mode 100644
index 4abe62c..0000000
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
+++ /dev/null
@@ -1,279 +0,0 @@
-Index: crypto/bio/bss_file.c
-===================================================================
---- crypto/bio/bss_file.c (revision 1)
-+++ crypto/bio/bss_file.c (working copy)
- return (ret);
- }
-
-+#else
-+
-+BIO_METHOD *BIO_s_file(void)
-+{
-+ return NULL;
-+}
-+
-+BIO *BIO_new_file(const char *filename, const char *mode)
-+{
-+ return NULL;
-+}
-+
-+BIO *BIO_new_fp(FILE *stream, int close_flag)
-+{
-+ return NULL;
-+}
-+
- # endif /* OPENSSL_NO_STDIO */
-
- #endif /* HEADER_BSS_FILE_C */
-Index: crypto/crypto.h
-===================================================================
---- crypto/crypto.h (revision 1)
-+++ crypto/crypto.h (working copy)
- # ifndef OPENSSL_NO_LOCKING
- # ifndef CRYPTO_w_lock
- # define CRYPTO_w_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
- # define CRYPTO_w_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
- # define CRYPTO_r_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
- # define CRYPTO_r_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
- # define CRYPTO_add(addr,amount,type) \
-- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-+ CRYPTO_add_lock(addr,amount,type,NULL,0)
- # endif
- # else
- # define CRYPTO_w_lock(a)
- # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
- # define is_MemCheck_on() CRYPTO_is_mem_check_on()
-
--# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
--# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
-+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
-+# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
- # define OPENSSL_realloc(addr,num) \
-- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
- # define OPENSSL_realloc_clean(addr,old_num,num) \
-- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
- # define OPENSSL_remalloc(addr,num) \
-- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
- # define OPENSSL_freeFunc CRYPTO_free
- # define OPENSSL_free(addr) CRYPTO_free(addr)
-
- # define OPENSSL_malloc_locked(num) \
-- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-+ CRYPTO_malloc_locked((int)num,NULL,0)
- # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
-
- const char *SSLeay_version(int type);
- long CRYPTO_get_mem_debug_options(void);
-
- # define CRYPTO_push_info(info) \
-- CRYPTO_push_info_(info, __FILE__, __LINE__);
-+ CRYPTO_push_info_(info, NULL, 0);
- int CRYPTO_push_info_(const char *info, const char *file, int line);
- int CRYPTO_pop_info(void);
- int CRYPTO_remove_all_info(void);
-
- /* die if we have to */
- void OpenSSLDie(const char *file, int line, const char *assertion);
--# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
-+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
-
- unsigned long *OPENSSL_ia32cap_loc(void);
- # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
- int OPENSSL_isservice(void);
-
- # ifdef OPENSSL_FIPS
--# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
-+# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
- alg " previous FIPS forbidden algorithm error ignored");
-
--# define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
-+# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
- #alg " Algorithm forbidden in FIPS mode");
-
- # ifdef OPENSSL_FIPS_STRICT
-Index: crypto/err/err.c
-===================================================================
---- crypto/err/err.c (revision 1)
-+++ crypto/err/err.c (working copy)
- es->err_data_flags[i] = flags;
- }
-
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...)
-+#else
- void ERR_add_error_data(int num, ...)
-+#endif
- {
- va_list args;
- int i, n, s;
-Index: crypto/err/err.h
-===================================================================
---- crypto/err/err.h (revision 1)
-+++ crypto/err/err.h (working copy)
- # endif
- # ifndef OPENSSL_NO_BIO
- void ERR_print_errors(BIO *bp);
-+
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...);
-+#else
- void ERR_add_error_data(int num, ...);
-+#endif
- # endif
- void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
- void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
-Index: crypto/opensslconf.h
-===================================================================
---- crypto/opensslconf.h (revision 1)
-+++ crypto/opensslconf.h (working copy)
- /* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-+
-+/* Bypass following definition for UEFI version. */
-+#if !defined(OPENSSL_SYS_UEFI)
- #undef SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
- #define THIRTY_TWO_BIT
- #undef EIGHT_BIT
- #endif
-
-+#endif
-+
- #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
- #define CONFIG_HEADER_RC4_LOCL_H
- /* if this is defined data[i] is used instead of *data, this is a %20
-Index: crypto/pkcs7/pk7_smime.c
-===================================================================
---- crypto/pkcs7/pk7_smime.c (revision 1)
-+++ crypto/pkcs7/pk7_smime.c (working copy)
- if (!PKCS7_content_new(p7, NID_pkcs7_data))
- goto err;
-
-+#if defined(OPENSSL_SYS_UEFI)
-+ /*
-+ * NOTE: Update to SHA-256 digest algorithm for UEFI version.
-+ */
-+ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha256()))) {
-+#else
- if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) {
-+#endif
- PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
- goto err;
- }
- STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
- PKCS7_SIGNER_INFO *si;
- X509_STORE_CTX cert_ctx;
-- char buf[4096];
-+ char *buf = NULL;
-+ int bufsiz;
- int i, j = 0, k, ret = 0;
- BIO *p7bio;
- BIO *tmpin, *tmpout;
- } else
- tmpout = out;
-
-+ bufsiz = 4096;
-+ buf = OPENSSL_malloc (bufsiz);
-+ if (buf == NULL) {
-+ goto err;
-+ }
-+
- /* We now have to 'read' from p7bio to calculate digests etc. */
- for (;;) {
- i = BIO_read(p7bio, buf, sizeof(buf));
-
- sk_X509_free(signers);
-
-+ if (buf != NULL) {
-+ OPENSSL_free (buf);
-+ }
-+
- return ret;
- }
-
-Index: crypto/rand/rand_egd.c
-===================================================================
---- crypto/rand/rand_egd.c (revision 1)
-+++ crypto/rand/rand_egd.c (working copy)
- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
- */
-
--#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
-+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
- int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
- {
- return (-1);
-Index: crypto/rand/rand_unix.c
-===================================================================
---- crypto/rand/rand_unix.c (revision 1)
-+++ crypto/rand/rand_unix.c (working copy)
- #include <openssl/rand.h>
- #include "rand_lcl.h"
-
--#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
-+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
-
- # include <sys/types.h>
- # include <sys/time.h>
- * defined(OPENSSL_SYS_VXWORKS) ||
- * defined(OPENSSL_SYS_NETWARE)) */
-
--#if defined(OPENSSL_SYS_VXWORKS)
-+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
- int RAND_poll(void)
- {
- return 0;
-Index: crypto/x509/x509_vfy.c
-===================================================================
---- crypto/x509/x509_vfy.c (revision 1)
-+++ crypto/x509/x509_vfy.c (working copy)
-
- static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
- {
-+#if defined(OPENSSL_SYS_UEFI)
-+ /* Bypass Certificate Time Checking for UEFI version. */
-+ return 1;
-+#else
- time_t *ptime;
- int i;
-
- }
-
- return 1;
-+#endif
- }
-
- static int internal_verify(X509_STORE_CTX *ctx)
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
new file mode 100644
index 0000000..55056ec
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
@@ -0,0 +1,358 @@
+diff U3 crypto/bio/bio.h crypto/bio/bio.h
+--- crypto/bio/bio.h Wed Jun 03 21:29:20 2015
++++ crypto/bio/bio.h Thu Jun 04 16:28:25 2015
+ int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+ asn1_ps_func **psuffix_free);
+
+-# ifndef OPENSSL_NO_FP_API
+ BIO_METHOD *BIO_s_file(void);
+ BIO *BIO_new_file(const char *filename, const char *mode);
+ BIO *BIO_new_fp(FILE *stream, int close_flag);
++# ifndef OPENSSL_NO_FP_API
+ # define BIO_s_file_internal BIO_s_file
+ # endif
+ BIO *BIO_new(BIO_METHOD *type);
+diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c
+--- crypto/bio/bss_file.c Wed Jun 03 21:29:20 2015
++++ crypto/bio/bss_file.c Thu Jun 04 16:29:18 2015
+ return (ret);
+ }
+
++# else
++
++BIO_METHOD *BIO_s_file(void)
++{
++ return NULL;
++}
++
++BIO *BIO_new_file(const char *filename, const char *mode)
++{
++ return NULL;
++}
++
++BIO *BIO_new_fp(FILE *stream, int close_flag)
++{
++ return NULL;
++}
++
+ # endif /* OPENSSL_NO_STDIO */
+
+ #endif /* HEADER_BSS_FILE_C */
+diff U3 crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c
+--- crypto/dh/dh_pmeth.c Wed Jun 03 21:29:20 2015
++++ crypto/dh/dh_pmeth.c Thu Jun 04 16:30:17 2015
+ *keylen = ret;
+ return 1;
+ } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
++#ifdef OPENSSL_NO_CMS
++ return 0;
++#else
+ unsigned char *Z = NULL;
+ size_t Zlen = 0;
+ if (!dctx->kdf_outlen || !dctx->kdf_oid)
+ OPENSSL_free(Z);
+ }
+ return ret;
++#endif
+ }
+ return 1;
+ }
+diff U3 crypto/pem/pem.h crypto/pem/pem.h
+--- crypto/pem/pem.h Wed Jun 03 21:29:20 2015
++++ crypto/pem/pem.h Thu Jun 04 16:31:08 2015
+
+ # define DECLARE_PEM_read_fp(name, type) /**/
+ # define DECLARE_PEM_write_fp(name, type) /**/
++# define DECLARE_PEM_write_fp_const(name, type) /**/
+ # define DECLARE_PEM_write_cb_fp(name, type) /**/
+ # else
+
+diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
+--- crypto/pkcs7/pk7_smime.c Wed Jun 03 21:29:20 2015
++++ crypto/pkcs7/pk7_smime.c Thu Jun 04 16:34:03 2015
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ X509_STORE_CTX cert_ctx;
+- char buf[4096];
++ char *buf = NULL;
++ int bufsiz;
+ int i, j = 0, k, ret = 0;
+ BIO *p7bio;
+ BIO *tmpin, *tmpout;
+ } else
+ tmpout = out;
+
++ bufsiz = 4096;
++ buf = OPENSSL_malloc (bufsiz);
++ if (buf == NULL) {
++ goto err;
++ }
+ /* We now have to 'read' from p7bio to calculate digests etc. */
+ for (;;) {
+- i = BIO_read(p7bio, buf, sizeof(buf));
++ i = BIO_read(p7bio, buf, bufsiz);
+ if (i <= 0)
+ break;
+ if (tmpout)
+ BIO_free_all(p7bio);
+
+ sk_X509_free(signers);
++
++ if (buf != NULL) {
++ OPENSSL_free (buf);
++ }
+
+ return ret;
+ }
+diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c
+--- crypto/rand/rand_unix.c Wed Jun 03 21:29:20 2015
++++ crypto/rand/rand_unix.c Thu Jun 04 16:34:58 2015
+ #include <openssl/rand.h>
+ #include "rand_lcl.h"
+
+-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
+
+ # include <sys/types.h>
+ # include <sys/time.h>
+ * defined(OPENSSL_SYS_VXWORKS) ||
+ * defined(OPENSSL_SYS_NETWARE)) */
+
+-#if defined(OPENSSL_SYS_VXWORKS)
++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+ int RAND_poll(void)
+ {
+ return 0;
+diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c
+--- crypto/rsa/rsa_ameth.c Wed Jun 03 21:29:20 2015
++++ crypto/rsa/rsa_ameth.c Thu Jun 04 16:36:28 2015
+ #endif
+ #include "asn1_locl.h"
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_sign(CMS_SignerInfo *si);
+ static int rsa_cms_verify(CMS_SignerInfo *si);
+ static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
+ static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
++#endif
+
+ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+ {
+ return rv;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_verify(CMS_SignerInfo *si)
+ {
+ int nid, nid2;
+ }
+ return 0;
+ }
++#endif
+
+ /*
+ * Customised RSA item verification routine. This is called when a signature
+ return -1;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_sign(CMS_SignerInfo *si)
+ {
+ int pad_mode = RSA_PKCS1_PADDING;
+ X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
+ return 1;
+ }
++#endif
+
+ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+ X509_ALGOR *alg1, X509_ALGOR *alg2,
+ return pss;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
+ {
+ EVP_PKEY_CTX *pkctx;
+ X509_ALGOR_free(maskHash);
+ return rv;
+ }
++#endif
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
+ {
+ const EVP_MD *md, *mgf1md;
+ ASN1_STRING_free(os);
+ return rv;
+ }
++#endif
+
+ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
+ {
+diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
+--- crypto/x509/x509_vfy.c Wed Jun 03 21:29:20 2015
++++ crypto/x509/x509_vfy.c Thu Jun 04 16:37:39 2015
+
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
+ {
++#if defined(OPENSSL_SYS_UEFI)
++ /* Bypass Certificate Time Checking for UEFI version. */
++ return 1;
++#else
+ time_t *ptime;
+ int i;
+
+ }
+
+ return 1;
++#endif
+ }
+
+ static int internal_verify(X509_STORE_CTX *ctx)
+diff U3 crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c
+--- crypto/x509/x509_vpm.c Wed Jun 03 21:29:20 2015
++++ crypto/x509/x509_vpm.c Thu Jun 04 16:40:04 2015
+ param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
+ if (!param)
+ return NULL;
+- paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
++ paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM_ID));
+ if (!paramid) {
+ OPENSSL_free(param);
+ return NULL;
+diff U3 crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h
+--- crypto/x509v3/ext_dat.h Wed Jun 03 21:29:20 2015
++++ crypto/x509v3/ext_dat.h Thu Jun 04 16:38:15 2015
+ &v3_idp,
+ &v3_alt[2],
+ &v3_freshest_crl,
++#ifndef OPENSSL_SYS_UEFI
+ &v3_ct_scts[0],
+ &v3_ct_scts[1],
++#endif
+ };
+
+ /* Number of standard extensions */
+diff U3 crypto/crypto.h crypto/crypto.h
+--- crypto/crypto.h Wed Jun 03 21:29:20 2015
++++ crypto/crypto.h Thu Jun 04 16:25:21 2015
+ # ifndef OPENSSL_NO_LOCKING
+ # ifndef CRYPTO_w_lock
+ # define CRYPTO_w_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
+ # define CRYPTO_w_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
+ # define CRYPTO_r_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
+ # define CRYPTO_r_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
+ # define CRYPTO_add(addr,amount,type) \
+- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
++ CRYPTO_add_lock(addr,amount,type,NULL,0)
+ # endif
+ # else
+ # define CRYPTO_w_lock(a)
+ # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
+ # define is_MemCheck_on() CRYPTO_is_mem_check_on()
+
+-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
+-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
++# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
++# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
+ # define OPENSSL_realloc(addr,num) \
+- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
+ # define OPENSSL_realloc_clean(addr,old_num,num) \
+- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
+ # define OPENSSL_remalloc(addr,num) \
+- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
+ # define OPENSSL_freeFunc CRYPTO_free
+ # define OPENSSL_free(addr) CRYPTO_free(addr)
+
+ # define OPENSSL_malloc_locked(num) \
+- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
++ CRYPTO_malloc_locked((int)num,NULL,0)
+ # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
+
+ const char *SSLeay_version(int type);
+ long CRYPTO_get_mem_debug_options(void);
+
+ # define CRYPTO_push_info(info) \
+- CRYPTO_push_info_(info, __FILE__, __LINE__);
++ CRYPTO_push_info_(info, NULL, 0);
+ int CRYPTO_push_info_(const char *info, const char *file, int line);
+ int CRYPTO_pop_info(void);
+ int CRYPTO_remove_all_info(void);
+
+ /* die if we have to */
+ void OpenSSLDie(const char *file, int line, const char *assertion);
+-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
++# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
+
+ unsigned long *OPENSSL_ia32cap_loc(void);
+ # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
+ # define fips_md_init_ctx(alg, cx) \
+ int alg##_Init(cx##_CTX *c) \
+ { \
+- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \
+ "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
+ return private_##alg##_Init(c); \
+ } \
+ int private_##alg##_Init(cx##_CTX *c)
+
+ # define fips_cipher_abort(alg) \
+- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \
+ "Low level API call to cipher " #alg " forbidden in FIPS mode!")
+
+ # else
+diff U3 crypto/opensslconf.h crypto/opensslconf.h
+--- crypto/opensslconf.h Wed Jun 03 21:29:20 2015
++++ crypto/opensslconf.h Thu Jun 04 16:27:13 2015
+ /* Should we define BN_DIV2W here? */
+
+ /* Only one for the following should be defined */
++/* Bypass the following definitions for UEFI version. */
++#if !defined(OPENSSL_SYS_UEFI)
+ #undef SIXTY_FOUR_BIT_LONG
+ #undef SIXTY_FOUR_BIT
+ #define THIRTY_TWO_BIT
++#endif
+ #endif
+
+ #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
--
1.9.5.msysgit.1
------------------------------------------------------------------------------
Long, Qin
2015-06-10 17:22:04 UTC
Permalink
Thanks, Ard.

This is one historical changes, and come from some early user's requests: they would like to keep the built result / image of this module identical as possible, whatever any path was used (e.g. aaa/edk2/.../openssl v.s. bbb/edk2/...openssl, ...). To meet this, we have to patch those __FILE__ macro then. :-(

I keep this for all later updates.


Best Regards & Thanks,
LONG, Qin

-----Original Message-----
From: Ard Biesheuvel [mailto:***@linaro.org]
Sent: Wednesday, June 10, 2015 7:55 PM
To: Long, Qin
Cc: Ye, Ting; edk2-***@lists.sourceforge.net
Subject: Re: [patch 1/3] [CryptoPkg] Remove the old patch file for openssl-0.9.8zf build, and add the patch file for openssl-1.0.2a.
Post by qlong
Contributed-under: TianoCore Contribution Agreement 1.0
I do have a question, though. Why does the underlying patch replace __FILE__ and __LINE__ references? These macros appear in MdeModulePkg unconditionally, so I suppose all supported toolchains can deal with them
Post by qlong
---
.../Library/OpensslLib/EDKII_openssl-0.9.8zf.patch | 279
---------------- .../Library/OpensslLib/EDKII_openssl-1.0.2a.patch
| 358 +++++++++++++++++++++
2 files changed, 358 insertions(+), 279 deletions(-) delete mode
100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
create mode 100644
CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
deleted file mode 100644
index 4abe62c..0000000
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
+++ /dev/null
@@ -1,279 +0,0 @@
-Index: crypto/bio/bss_file.c
-===================================================================
---- crypto/bio/bss_file.c (revision 1)
-+++ crypto/bio/bss_file.c (working copy)
- return (ret);
- }
-
-+#else
-+
-+BIO_METHOD *BIO_s_file(void)
-+{
-+ return NULL;
-+}
-+
-+BIO *BIO_new_file(const char *filename, const char *mode) {
-+ return NULL;
-+}
-+
-+BIO *BIO_new_fp(FILE *stream, int close_flag) {
-+ return NULL;
-+}
-+
- # endif /* OPENSSL_NO_STDIO */
-
- #endif /* HEADER_BSS_FILE_C */
-Index: crypto/crypto.h
-===================================================================
---- crypto/crypto.h (revision 1)
-+++ crypto/crypto.h (working copy)
- # ifndef OPENSSL_NO_LOCKING
- # ifndef CRYPTO_w_lock
- # define CRYPTO_w_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
- # define CRYPTO_w_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
- # define CRYPTO_r_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
- # define CRYPTO_r_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
- # define CRYPTO_add(addr,amount,type) \
-- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-+ CRYPTO_add_lock(addr,amount,type,NULL,0)
- # endif
- # else
- # define CRYPTO_w_lock(a)
- # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
- # define is_MemCheck_on() CRYPTO_is_mem_check_on()
-
--# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
--# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
-+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
-+# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
- # define OPENSSL_realloc(addr,num) \
-- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
- # define OPENSSL_realloc_clean(addr,old_num,num) \
-- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
- # define OPENSSL_remalloc(addr,num) \
-- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
- # define OPENSSL_freeFunc CRYPTO_free
- # define OPENSSL_free(addr) CRYPTO_free(addr)
-
- # define OPENSSL_malloc_locked(num) \
-- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-+ CRYPTO_malloc_locked((int)num,NULL,0)
- # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
-
- long CRYPTO_get_mem_debug_options(void);
-
- # define CRYPTO_push_info(info) \
-- CRYPTO_push_info_(info, __FILE__, __LINE__);
-+ CRYPTO_push_info_(info, NULL, 0);
- int CRYPTO_push_info_(const char *info, const char *file, int line);
- int CRYPTO_pop_info(void);
- int CRYPTO_remove_all_info(void);
-
- /* die if we have to */
- void OpenSSLDie(const char *file, int line, const char *assertion);
--# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
-+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
-
- unsigned long *OPENSSL_ia32cap_loc(void);
- int OPENSSL_isservice(void);
-
- # ifdef OPENSSL_FIPS
--# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
-+# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
- alg " previous FIPS forbidden algorithm error ignored");
-
--# define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
-+# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
- #alg " Algorithm forbidden in FIPS mode");
-
- # ifdef OPENSSL_FIPS_STRICT
-Index: crypto/err/err.c
-===================================================================
---- crypto/err/err.c (revision 1)
-+++ crypto/err/err.c (working copy)
- es->err_data_flags[i] = flags;
- }
-
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...) #else
- void ERR_add_error_data(int num, ...)
-+#endif
- {
- va_list args;
- int i, n, s;
-Index: crypto/err/err.h
-===================================================================
---- crypto/err/err.h (revision 1)
-+++ crypto/err/err.h (working copy)
- # endif
- # ifndef OPENSSL_NO_BIO
- void ERR_print_errors(BIO *bp);
-+
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...); #else
- void ERR_add_error_data(int num, ...);
-+#endif
- # endif
- void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
- void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
-Index: crypto/opensslconf.h
-===================================================================
---- crypto/opensslconf.h (revision 1)
-+++ crypto/opensslconf.h (working copy)
- /* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-+
-+/* Bypass following definition for UEFI version. */ #if
-+!defined(OPENSSL_SYS_UEFI)
- #undef SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
- #define THIRTY_TWO_BIT
- #undef EIGHT_BIT
- #endif
-
-+#endif
-+
- #if defined(HEADER_RC4_LOCL_H) &&
!defined(CONFIG_HEADER_RC4_LOCL_H)
- #define CONFIG_HEADER_RC4_LOCL_H
- /* if this is defined data[i] is used instead of *data, this is a %20
-Index: crypto/pkcs7/pk7_smime.c
-===================================================================
---- crypto/pkcs7/pk7_smime.c (revision 1)
-+++ crypto/pkcs7/pk7_smime.c (working copy)
- if (!PKCS7_content_new(p7, NID_pkcs7_data))
- goto err;
-
-+#if defined(OPENSSL_SYS_UEFI)
-+ /*
-+ * NOTE: Update to SHA-256 digest algorithm for UEFI version.
-+ */
-+ if (!(si = PKCS7_add_signature(p7, signcert, pkey,
-+EVP_sha256()))) { #else
- if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) {
-+#endif
- PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
- goto err;
- }
- STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
- PKCS7_SIGNER_INFO *si;
- X509_STORE_CTX cert_ctx;
-- char buf[4096];
-+ char *buf = NULL;
-+ int bufsiz;
- int i, j = 0, k, ret = 0;
- BIO *p7bio;
- BIO *tmpin, *tmpout;
- } else
- tmpout = out;
-
-+ bufsiz = 4096;
-+ buf = OPENSSL_malloc (bufsiz);
-+ if (buf == NULL) {
-+ goto err;
-+ }
-+
- /* We now have to 'read' from p7bio to calculate digests etc. */
- for (;;) {
- i = BIO_read(p7bio, buf, sizeof(buf));
-
- sk_X509_free(signers);
-
-+ if (buf != NULL) {
-+ OPENSSL_free (buf);
-+ }
-+
- return ret;
- }
-
-Index: crypto/rand/rand_egd.c
-===================================================================
---- crypto/rand/rand_egd.c (revision 1)
-+++ crypto/rand/rand_egd.c (working copy)
- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
- */
-
--#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) ||
defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
-+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
-+defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) ||
-+defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) ||
-+defined(OPENSSL_SYS_UEFI)
- int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
- {
- return (-1);
-Index: crypto/rand/rand_unix.c
-===================================================================
---- crypto/rand/rand_unix.c (revision 1)
-+++ crypto/rand/rand_unix.c (working copy)
- #include <openssl/rand.h>
- #include "rand_lcl.h"
-
--#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
-+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
-+defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
-+defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) ||
-+defined(OPENSSL_SYS_UEFI))
-
- # include <sys/types.h>
- # include <sys/time.h>
- * defined(OPENSSL_SYS_VXWORKS) ||
- * defined(OPENSSL_SYS_NETWARE)) */
-
--#if defined(OPENSSL_SYS_VXWORKS)
-+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
- int RAND_poll(void)
- {
- return 0;
-Index: crypto/x509/x509_vfy.c
-===================================================================
---- crypto/x509/x509_vfy.c (revision 1)
-+++ crypto/x509/x509_vfy.c (working copy)
-
- static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
- {
-+#if defined(OPENSSL_SYS_UEFI)
-+ /* Bypass Certificate Time Checking for UEFI version. */
-+ return 1;
-+#else
- time_t *ptime;
- int i;
-
- }
-
- return 1;
-+#endif
- }
-
- static int internal_verify(X509_STORE_CTX *ctx) diff --git
a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
new file mode 100644
index 0000000..55056ec
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
@@ -0,0 +1,358 @@
+diff U3 crypto/bio/bio.h crypto/bio/bio.h
+--- crypto/bio/bio.h Wed Jun 03 21:29:20 2015
++++ crypto/bio/bio.h Thu Jun 04 16:28:25 2015
+ int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+ asn1_ps_func **psuffix_free);
+
+-# ifndef OPENSSL_NO_FP_API
+ BIO_METHOD *BIO_s_file(void);
+ BIO *BIO_new_file(const char *filename, const char *mode); BIO
+*BIO_new_fp(FILE *stream, int close_flag);
++# ifndef OPENSSL_NO_FP_API
+ # define BIO_s_file_internal BIO_s_file
+ # endif
+ BIO *BIO_new(BIO_METHOD *type);
+diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c
+--- crypto/bio/bss_file.c Wed Jun 03 21:29:20 2015
++++ crypto/bio/bss_file.c Thu Jun 04 16:29:18 2015
+ return (ret);
+ }
+
++# else
++
++BIO_METHOD *BIO_s_file(void)
++{
++ return NULL;
++}
++
++BIO *BIO_new_file(const char *filename, const char *mode) {
++ return NULL;
++}
++
++BIO *BIO_new_fp(FILE *stream, int close_flag) {
++ return NULL;
++}
++
+ # endif /* OPENSSL_NO_STDIO */
+
+ #endif /* HEADER_BSS_FILE_C */
+diff U3 crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c
+--- crypto/dh/dh_pmeth.c Wed Jun 03 21:29:20 2015
++++ crypto/dh/dh_pmeth.c Thu Jun 04 16:30:17 2015
+ *keylen = ret;
+ return 1;
+ } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
++#ifdef OPENSSL_NO_CMS
++ return 0;
++#else
+ unsigned char *Z = NULL;
+ size_t Zlen = 0;
+ OPENSSL_free(Z);
+ }
+ return ret;
++#endif
+ }
+ return 1;
+ }
+diff U3 crypto/pem/pem.h crypto/pem/pem.h
+--- crypto/pem/pem.h Wed Jun 03 21:29:20 2015
++++ crypto/pem/pem.h Thu Jun 04 16:31:08 2015
+
+ # define DECLARE_PEM_read_fp(name, type) /**/ # define
+ DECLARE_PEM_write_fp(name, type) /**/
++# define DECLARE_PEM_write_fp_const(name, type) /**/
+ # define DECLARE_PEM_write_cb_fp(name, type) /**/ # else
+
+diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
+--- crypto/pkcs7/pk7_smime.c Wed Jun 03 21:29:20 2015
++++ crypto/pkcs7/pk7_smime.c Thu Jun 04 16:34:03 2015
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ X509_STORE_CTX cert_ctx;
+- char buf[4096];
++ char *buf = NULL;
++ int bufsiz;
+ int i, j = 0, k, ret = 0;
+ BIO *p7bio;
+ BIO *tmpin, *tmpout;
+ } else
+ tmpout = out;
+
++ bufsiz = 4096;
++ buf = OPENSSL_malloc (bufsiz);
++ if (buf == NULL) {
++ goto err;
++ }
+ /* We now have to 'read' from p7bio to calculate digests etc. */
+ for (;;) {
+- i = BIO_read(p7bio, buf, sizeof(buf));
++ i = BIO_read(p7bio, buf, bufsiz);
+ if (i <= 0)
+ break;
+ if (tmpout)
+ BIO_free_all(p7bio);
+
+ sk_X509_free(signers);
++
++ if (buf != NULL) {
++ OPENSSL_free (buf);
++ }
+
+ return ret;
+ }
+diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c
+--- crypto/rand/rand_unix.c Wed Jun 03 21:29:20 2015
++++ crypto/rand/rand_unix.c Thu Jun 04 16:34:58 2015
+ #include <openssl/rand.h>
+ #include "rand_lcl.h"
+
+-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
+defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
+defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
++defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
++defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) ||
++defined(OPENSSL_SYS_UEFI))
+
+ # include <sys/types.h>
+ # include <sys/time.h>
+ * defined(OPENSSL_SYS_VXWORKS) ||
+ * defined(OPENSSL_SYS_NETWARE)) */
+
+-#if defined(OPENSSL_SYS_VXWORKS)
++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+ int RAND_poll(void)
+ {
+ return 0;
+diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c
+--- crypto/rsa/rsa_ameth.c Wed Jun 03 21:29:20 2015
++++ crypto/rsa/rsa_ameth.c Thu Jun 04 16:36:28 2015
+ #endif
+ #include "asn1_locl.h"
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_sign(CMS_SignerInfo *si); static int
+ rsa_cms_verify(CMS_SignerInfo *si); static int
+ rsa_cms_decrypt(CMS_RecipientInfo *ri); static int
+ rsa_cms_encrypt(CMS_RecipientInfo *ri);
++#endif
+
+ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) {
+ return rv;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_verify(CMS_SignerInfo *si) {
+ int nid, nid2;
+ }
+ return 0;
+ }
++#endif
+
+ /*
+ * Customised RSA item verification routine. This is called when a
+ return -1;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_sign(CMS_SignerInfo *si) {
+ X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
+ return 1;
+ }
++#endif
+
+ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+ return pss;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) {
+ EVP_PKEY_CTX *pkctx;
+ X509_ALGOR_free(maskHash);
+ return rv;
+ }
++#endif
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) {
+ const EVP_MD *md, *mgf1md;
+ ASN1_STRING_free(os);
+ return rv;
+ }
++#endif
+
+ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
+ {
+diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
+--- crypto/x509/x509_vfy.c Wed Jun 03 21:29:20 2015
++++ crypto/x509/x509_vfy.c Thu Jun 04 16:37:39 2015
+
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) {
++#if defined(OPENSSL_SYS_UEFI)
++ /* Bypass Certificate Time Checking for UEFI version. */
++ return 1;
++#else
+ time_t *ptime;
+ int i;
+
+ }
+
+ return 1;
++#endif
+ }
+
+ static int internal_verify(X509_STORE_CTX *ctx) diff U3
+crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c
+--- crypto/x509/x509_vpm.c Wed Jun 03 21:29:20 2015
++++ crypto/x509/x509_vpm.c Thu Jun 04 16:40:04 2015
+ param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
+ if (!param)
+ return NULL;
+- paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
++ paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM_ID));
+ if (!paramid) {
+ OPENSSL_free(param);
+ return NULL;
+diff U3 crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h
+--- crypto/x509v3/ext_dat.h Wed Jun 03 21:29:20 2015
++++ crypto/x509v3/ext_dat.h Thu Jun 04 16:38:15 2015
+ &v3_idp,
+ &v3_alt[2],
+ &v3_freshest_crl,
++#ifndef OPENSSL_SYS_UEFI
+ &v3_ct_scts[0],
+ &v3_ct_scts[1],
++#endif
+ };
+
+ /* Number of standard extensions */ diff U3 crypto/crypto.h
+crypto/crypto.h
+--- crypto/crypto.h Wed Jun 03 21:29:20 2015
++++ crypto/crypto.h Thu Jun 04 16:25:21 2015
+ # ifndef OPENSSL_NO_LOCKING
+ # ifndef CRYPTO_w_lock
+ # define CRYPTO_w_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
+ # define CRYPTO_w_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
+ # define CRYPTO_r_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
+ # define CRYPTO_r_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
+ # define CRYPTO_add(addr,amount,type) \
+- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
++ CRYPTO_add_lock(addr,amount,type,NULL,0)
+ # endif
+ # else
+ # define CRYPTO_w_lock(a)
+ # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
+ # define is_MemCheck_on() CRYPTO_is_mem_check_on()
+
+-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
+-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
++# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
++# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
+ # define OPENSSL_realloc(addr,num) \
+- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
+ # define OPENSSL_realloc_clean(addr,old_num,num) \
+- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
+ # define OPENSSL_remalloc(addr,num) \
+- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
+ # define OPENSSL_freeFunc CRYPTO_free
+ # define OPENSSL_free(addr) CRYPTO_free(addr)
+
+ # define OPENSSL_malloc_locked(num) \
+- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
++ CRYPTO_malloc_locked((int)num,NULL,0)
+ # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
+
+CRYPTO_get_mem_debug_options(void);
+
+ # define CRYPTO_push_info(info) \
+- CRYPTO_push_info_(info, __FILE__, __LINE__);
++ CRYPTO_push_info_(info, NULL, 0);
+ int CRYPTO_push_info_(const char *info, const char *file, int
+line); int CRYPTO_pop_info(void); int
+
+ /* die if we have to */
+ void OpenSSLDie(const char *file, int line, const char *assertion);
+-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
++# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
+
+ unsigned long *OPENSSL_ia32cap_loc(void); # define OPENSSL_ia32cap
+fips_md_init_ctx(alg, cx) \
+ int alg##_Init(cx##_CTX *c) \
+ { \
+- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \
+ "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
+ return private_##alg##_Init(c); \
+ } \
+ int private_##alg##_Init(cx##_CTX *c)
+
+ # define fips_cipher_abort(alg) \
+- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \
+ "Low level API call to cipher " #alg " forbidden in
+ FIPS mode!")
+
+ # else
+diff U3 crypto/opensslconf.h crypto/opensslconf.h
+--- crypto/opensslconf.h Wed Jun 03 21:29:20 2015
++++ crypto/opensslconf.h Thu Jun 04 16:27:13 2015
+ /* Should we define BN_DIV2W here? */
+
+ /* Only one for the following should be defined */
++/* Bypass the following definitions for UEFI version. */ #if
++!defined(OPENSSL_SYS_UEFI)
+ #undef SIXTY_FOUR_BIT_LONG
+ #undef SIXTY_FOUR_BIT
+ #define THIRTY_TWO_BIT
++#endif
+ #endif
+
+ #if defined(HEADER_RC4_LOCL_H) &&
+ !defined(CONFIG_HEADER_RC4_LOCL_H)
--
1.9.5.msysgit.1
------------------------------------------------------------------------------
Ard Biesheuvel
2015-06-11 13:50:05 UTC
Permalink
Post by Long, Qin
Thanks, Ard.
This is one historical changes, and come from some early user's requests: they would like to keep the built result / image of this module identical as possible, whatever any path was used (e.g. aaa/edk2/.../openssl v.s. bbb/edk2/...openssl, ...). To meet this, we have to patch those __FILE__ macro then. :-(
OK, fair enough.
Post by Long, Qin
I keep this for all later updates.
I guess not all toolchains support

#undef __FILE__
#define __FILE__ NULL

??

because that would be a bit simpler.
--
Ard.
Post by Long, Qin
-----Original Message-----
Sent: Wednesday, June 10, 2015 7:55 PM
To: Long, Qin
Subject: Re: [patch 1/3] [CryptoPkg] Remove the old patch file for openssl-0.9.8zf build, and add the patch file for openssl-1.0.2a.
Post by qlong
Contributed-under: TianoCore Contribution Agreement 1.0
I do have a question, though. Why does the underlying patch replace __FILE__ and __LINE__ references? These macros appear in MdeModulePkg unconditionally, so I suppose all supported toolchains can deal with them
Post by qlong
---
.../Library/OpensslLib/EDKII_openssl-0.9.8zf.patch | 279
---------------- .../Library/OpensslLib/EDKII_openssl-1.0.2a.patch
| 358 +++++++++++++++++++++
2 files changed, 358 insertions(+), 279 deletions(-) delete mode
100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
create mode 100644
CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
deleted file mode 100644
index 4abe62c..0000000
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
+++ /dev/null
@@ -1,279 +0,0 @@
-Index: crypto/bio/bss_file.c
-===================================================================
---- crypto/bio/bss_file.c (revision 1)
-+++ crypto/bio/bss_file.c (working copy)
- return (ret);
- }
-
-+#else
-+
-+BIO_METHOD *BIO_s_file(void)
-+{
-+ return NULL;
-+}
-+
-+BIO *BIO_new_file(const char *filename, const char *mode) {
-+ return NULL;
-+}
-+
-+BIO *BIO_new_fp(FILE *stream, int close_flag) {
-+ return NULL;
-+}
-+
- # endif /* OPENSSL_NO_STDIO */
-
- #endif /* HEADER_BSS_FILE_C */
-Index: crypto/crypto.h
-===================================================================
---- crypto/crypto.h (revision 1)
-+++ crypto/crypto.h (working copy)
- # ifndef OPENSSL_NO_LOCKING
- # ifndef CRYPTO_w_lock
- # define CRYPTO_w_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
- # define CRYPTO_w_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
- # define CRYPTO_r_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
- # define CRYPTO_r_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
- # define CRYPTO_add(addr,amount,type) \
-- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-+ CRYPTO_add_lock(addr,amount,type,NULL,0)
- # endif
- # else
- # define CRYPTO_w_lock(a)
- # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
- # define is_MemCheck_on() CRYPTO_is_mem_check_on()
-
--# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
--# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
-+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
-+# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
- # define OPENSSL_realloc(addr,num) \
-- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
- # define OPENSSL_realloc_clean(addr,old_num,num) \
-- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
- # define OPENSSL_remalloc(addr,num) \
-- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
- # define OPENSSL_freeFunc CRYPTO_free
- # define OPENSSL_free(addr) CRYPTO_free(addr)
-
- # define OPENSSL_malloc_locked(num) \
-- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-+ CRYPTO_malloc_locked((int)num,NULL,0)
- # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
-
- long CRYPTO_get_mem_debug_options(void);
-
- # define CRYPTO_push_info(info) \
-- CRYPTO_push_info_(info, __FILE__, __LINE__);
-+ CRYPTO_push_info_(info, NULL, 0);
- int CRYPTO_push_info_(const char *info, const char *file, int line);
- int CRYPTO_pop_info(void);
- int CRYPTO_remove_all_info(void);
-
- /* die if we have to */
- void OpenSSLDie(const char *file, int line, const char *assertion);
--# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
-+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
-
- unsigned long *OPENSSL_ia32cap_loc(void);
- int OPENSSL_isservice(void);
-
- # ifdef OPENSSL_FIPS
--# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
-+# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
- alg " previous FIPS forbidden algorithm error ignored");
-
--# define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
-+# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
- #alg " Algorithm forbidden in FIPS mode");
-
- # ifdef OPENSSL_FIPS_STRICT
-Index: crypto/err/err.c
-===================================================================
---- crypto/err/err.c (revision 1)
-+++ crypto/err/err.c (working copy)
- es->err_data_flags[i] = flags;
- }
-
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...) #else
- void ERR_add_error_data(int num, ...)
-+#endif
- {
- va_list args;
- int i, n, s;
-Index: crypto/err/err.h
-===================================================================
---- crypto/err/err.h (revision 1)
-+++ crypto/err/err.h (working copy)
- # endif
- # ifndef OPENSSL_NO_BIO
- void ERR_print_errors(BIO *bp);
-+
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...); #else
- void ERR_add_error_data(int num, ...);
-+#endif
- # endif
- void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
- void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
-Index: crypto/opensslconf.h
-===================================================================
---- crypto/opensslconf.h (revision 1)
-+++ crypto/opensslconf.h (working copy)
- /* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-+
-+/* Bypass following definition for UEFI version. */ #if
-+!defined(OPENSSL_SYS_UEFI)
- #undef SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
- #define THIRTY_TWO_BIT
- #undef EIGHT_BIT
- #endif
-
-+#endif
-+
- #if defined(HEADER_RC4_LOCL_H) &&
!defined(CONFIG_HEADER_RC4_LOCL_H)
- #define CONFIG_HEADER_RC4_LOCL_H
- /* if this is defined data[i] is used instead of *data, this is a %20
-Index: crypto/pkcs7/pk7_smime.c
-===================================================================
---- crypto/pkcs7/pk7_smime.c (revision 1)
-+++ crypto/pkcs7/pk7_smime.c (working copy)
- if (!PKCS7_content_new(p7, NID_pkcs7_data))
- goto err;
-
-+#if defined(OPENSSL_SYS_UEFI)
-+ /*
-+ * NOTE: Update to SHA-256 digest algorithm for UEFI version.
-+ */
-+ if (!(si = PKCS7_add_signature(p7, signcert, pkey,
-+EVP_sha256()))) { #else
- if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) {
-+#endif
- PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
- goto err;
- }
- STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
- PKCS7_SIGNER_INFO *si;
- X509_STORE_CTX cert_ctx;
-- char buf[4096];
-+ char *buf = NULL;
-+ int bufsiz;
- int i, j = 0, k, ret = 0;
- BIO *p7bio;
- BIO *tmpin, *tmpout;
- } else
- tmpout = out;
-
-+ bufsiz = 4096;
-+ buf = OPENSSL_malloc (bufsiz);
-+ if (buf == NULL) {
-+ goto err;
-+ }
-+
- /* We now have to 'read' from p7bio to calculate digests etc. */
- for (;;) {
- i = BIO_read(p7bio, buf, sizeof(buf));
-
- sk_X509_free(signers);
-
-+ if (buf != NULL) {
-+ OPENSSL_free (buf);
-+ }
-+
- return ret;
- }
-
-Index: crypto/rand/rand_egd.c
-===================================================================
---- crypto/rand/rand_egd.c (revision 1)
-+++ crypto/rand/rand_egd.c (working copy)
- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
- */
-
--#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) ||
defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
-+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
-+defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) ||
-+defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) ||
-+defined(OPENSSL_SYS_UEFI)
- int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
- {
- return (-1);
-Index: crypto/rand/rand_unix.c
-===================================================================
---- crypto/rand/rand_unix.c (revision 1)
-+++ crypto/rand/rand_unix.c (working copy)
- #include <openssl/rand.h>
- #include "rand_lcl.h"
-
--#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
-+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
-+defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
-+defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) ||
-+defined(OPENSSL_SYS_UEFI))
-
- # include <sys/types.h>
- # include <sys/time.h>
- * defined(OPENSSL_SYS_VXWORKS) ||
- * defined(OPENSSL_SYS_NETWARE)) */
-
--#if defined(OPENSSL_SYS_VXWORKS)
-+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
- int RAND_poll(void)
- {
- return 0;
-Index: crypto/x509/x509_vfy.c
-===================================================================
---- crypto/x509/x509_vfy.c (revision 1)
-+++ crypto/x509/x509_vfy.c (working copy)
-
- static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
- {
-+#if defined(OPENSSL_SYS_UEFI)
-+ /* Bypass Certificate Time Checking for UEFI version. */
-+ return 1;
-+#else
- time_t *ptime;
- int i;
-
- }
-
- return 1;
-+#endif
- }
-
- static int internal_verify(X509_STORE_CTX *ctx) diff --git
a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
new file mode 100644
index 0000000..55056ec
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
@@ -0,0 +1,358 @@
+diff U3 crypto/bio/bio.h crypto/bio/bio.h
+--- crypto/bio/bio.h Wed Jun 03 21:29:20 2015
++++ crypto/bio/bio.h Thu Jun 04 16:28:25 2015
+ int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+ asn1_ps_func **psuffix_free);
+
+-# ifndef OPENSSL_NO_FP_API
+ BIO_METHOD *BIO_s_file(void);
+ BIO *BIO_new_file(const char *filename, const char *mode); BIO
+*BIO_new_fp(FILE *stream, int close_flag);
++# ifndef OPENSSL_NO_FP_API
+ # define BIO_s_file_internal BIO_s_file
+ # endif
+ BIO *BIO_new(BIO_METHOD *type);
+diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c
+--- crypto/bio/bss_file.c Wed Jun 03 21:29:20 2015
++++ crypto/bio/bss_file.c Thu Jun 04 16:29:18 2015
+ return (ret);
+ }
+
++# else
++
++BIO_METHOD *BIO_s_file(void)
++{
++ return NULL;
++}
++
++BIO *BIO_new_file(const char *filename, const char *mode) {
++ return NULL;
++}
++
++BIO *BIO_new_fp(FILE *stream, int close_flag) {
++ return NULL;
++}
++
+ # endif /* OPENSSL_NO_STDIO */
+
+ #endif /* HEADER_BSS_FILE_C */
+diff U3 crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c
+--- crypto/dh/dh_pmeth.c Wed Jun 03 21:29:20 2015
++++ crypto/dh/dh_pmeth.c Thu Jun 04 16:30:17 2015
+ *keylen = ret;
+ return 1;
+ } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
++#ifdef OPENSSL_NO_CMS
++ return 0;
++#else
+ unsigned char *Z = NULL;
+ size_t Zlen = 0;
+ OPENSSL_free(Z);
+ }
+ return ret;
++#endif
+ }
+ return 1;
+ }
+diff U3 crypto/pem/pem.h crypto/pem/pem.h
+--- crypto/pem/pem.h Wed Jun 03 21:29:20 2015
++++ crypto/pem/pem.h Thu Jun 04 16:31:08 2015
+
+ # define DECLARE_PEM_read_fp(name, type) /**/ # define
+ DECLARE_PEM_write_fp(name, type) /**/
++# define DECLARE_PEM_write_fp_const(name, type) /**/
+ # define DECLARE_PEM_write_cb_fp(name, type) /**/ # else
+
+diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
+--- crypto/pkcs7/pk7_smime.c Wed Jun 03 21:29:20 2015
++++ crypto/pkcs7/pk7_smime.c Thu Jun 04 16:34:03 2015
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ X509_STORE_CTX cert_ctx;
+- char buf[4096];
++ char *buf = NULL;
++ int bufsiz;
+ int i, j = 0, k, ret = 0;
+ BIO *p7bio;
+ BIO *tmpin, *tmpout;
+ } else
+ tmpout = out;
+
++ bufsiz = 4096;
++ buf = OPENSSL_malloc (bufsiz);
++ if (buf == NULL) {
++ goto err;
++ }
+ /* We now have to 'read' from p7bio to calculate digests etc. */
+ for (;;) {
+- i = BIO_read(p7bio, buf, sizeof(buf));
++ i = BIO_read(p7bio, buf, bufsiz);
+ if (i <= 0)
+ break;
+ if (tmpout)
+ BIO_free_all(p7bio);
+
+ sk_X509_free(signers);
++
++ if (buf != NULL) {
++ OPENSSL_free (buf);
++ }
+
+ return ret;
+ }
+diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c
+--- crypto/rand/rand_unix.c Wed Jun 03 21:29:20 2015
++++ crypto/rand/rand_unix.c Thu Jun 04 16:34:58 2015
+ #include <openssl/rand.h>
+ #include "rand_lcl.h"
+
+-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
+defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
+defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
++defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
++defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) ||
++defined(OPENSSL_SYS_UEFI))
+
+ # include <sys/types.h>
+ # include <sys/time.h>
+ * defined(OPENSSL_SYS_VXWORKS) ||
+ * defined(OPENSSL_SYS_NETWARE)) */
+
+-#if defined(OPENSSL_SYS_VXWORKS)
++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+ int RAND_poll(void)
+ {
+ return 0;
+diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c
+--- crypto/rsa/rsa_ameth.c Wed Jun 03 21:29:20 2015
++++ crypto/rsa/rsa_ameth.c Thu Jun 04 16:36:28 2015
+ #endif
+ #include "asn1_locl.h"
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_sign(CMS_SignerInfo *si); static int
+ rsa_cms_verify(CMS_SignerInfo *si); static int
+ rsa_cms_decrypt(CMS_RecipientInfo *ri); static int
+ rsa_cms_encrypt(CMS_RecipientInfo *ri);
++#endif
+
+ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) {
+ return rv;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_verify(CMS_SignerInfo *si) {
+ int nid, nid2;
+ }
+ return 0;
+ }
++#endif
+
+ /*
+ * Customised RSA item verification routine. This is called when a
+ return -1;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_sign(CMS_SignerInfo *si) {
+ X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
+ return 1;
+ }
++#endif
+
+ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+ return pss;
+ }
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) {
+ EVP_PKEY_CTX *pkctx;
+ X509_ALGOR_free(maskHash);
+ return rv;
+ }
++#endif
+
++#ifndef OPENSSL_NO_CMS
+ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) {
+ const EVP_MD *md, *mgf1md;
+ ASN1_STRING_free(os);
+ return rv;
+ }
++#endif
+
+ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
+ {
+diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
+--- crypto/x509/x509_vfy.c Wed Jun 03 21:29:20 2015
++++ crypto/x509/x509_vfy.c Thu Jun 04 16:37:39 2015
+
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) {
++#if defined(OPENSSL_SYS_UEFI)
++ /* Bypass Certificate Time Checking for UEFI version. */
++ return 1;
++#else
+ time_t *ptime;
+ int i;
+
+ }
+
+ return 1;
++#endif
+ }
+
+ static int internal_verify(X509_STORE_CTX *ctx) diff U3
+crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c
+--- crypto/x509/x509_vpm.c Wed Jun 03 21:29:20 2015
++++ crypto/x509/x509_vpm.c Thu Jun 04 16:40:04 2015
+ param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
+ if (!param)
+ return NULL;
+- paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
++ paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM_ID));
+ if (!paramid) {
+ OPENSSL_free(param);
+ return NULL;
+diff U3 crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h
+--- crypto/x509v3/ext_dat.h Wed Jun 03 21:29:20 2015
++++ crypto/x509v3/ext_dat.h Thu Jun 04 16:38:15 2015
+ &v3_idp,
+ &v3_alt[2],
+ &v3_freshest_crl,
++#ifndef OPENSSL_SYS_UEFI
+ &v3_ct_scts[0],
+ &v3_ct_scts[1],
++#endif
+ };
+
+ /* Number of standard extensions */ diff U3 crypto/crypto.h
+crypto/crypto.h
+--- crypto/crypto.h Wed Jun 03 21:29:20 2015
++++ crypto/crypto.h Thu Jun 04 16:25:21 2015
+ # ifndef OPENSSL_NO_LOCKING
+ # ifndef CRYPTO_w_lock
+ # define CRYPTO_w_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
+ # define CRYPTO_w_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
+ # define CRYPTO_r_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
+ # define CRYPTO_r_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
+ # define CRYPTO_add(addr,amount,type) \
+- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
++ CRYPTO_add_lock(addr,amount,type,NULL,0)
+ # endif
+ # else
+ # define CRYPTO_w_lock(a)
+ # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
+ # define is_MemCheck_on() CRYPTO_is_mem_check_on()
+
+-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
+-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
++# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
++# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
+ # define OPENSSL_realloc(addr,num) \
+- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
+ # define OPENSSL_realloc_clean(addr,old_num,num) \
+- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
+ # define OPENSSL_remalloc(addr,num) \
+- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
+ # define OPENSSL_freeFunc CRYPTO_free
+ # define OPENSSL_free(addr) CRYPTO_free(addr)
+
+ # define OPENSSL_malloc_locked(num) \
+- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
++ CRYPTO_malloc_locked((int)num,NULL,0)
+ # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
+
+CRYPTO_get_mem_debug_options(void);
+
+ # define CRYPTO_push_info(info) \
+- CRYPTO_push_info_(info, __FILE__, __LINE__);
++ CRYPTO_push_info_(info, NULL, 0);
+ int CRYPTO_push_info_(const char *info, const char *file, int
+line); int CRYPTO_pop_info(void); int
+
+ /* die if we have to */
+ void OpenSSLDie(const char *file, int line, const char *assertion);
+-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
++# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
+
+ unsigned long *OPENSSL_ia32cap_loc(void); # define OPENSSL_ia32cap
+fips_md_init_ctx(alg, cx) \
+ int alg##_Init(cx##_CTX *c) \
+ { \
+- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \
+ "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
+ return private_##alg##_Init(c); \
+ } \
+ int private_##alg##_Init(cx##_CTX *c)
+
+ # define fips_cipher_abort(alg) \
+- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \
+ "Low level API call to cipher " #alg " forbidden in
+ FIPS mode!")
+
+ # else
+diff U3 crypto/opensslconf.h crypto/opensslconf.h
+--- crypto/opensslconf.h Wed Jun 03 21:29:20 2015
++++ crypto/opensslconf.h Thu Jun 04 16:27:13 2015
+ /* Should we define BN_DIV2W here? */
+
+ /* Only one for the following should be defined */
++/* Bypass the following definitions for UEFI version. */ #if
++!defined(OPENSSL_SYS_UEFI)
+ #undef SIXTY_FOUR_BIT_LONG
+ #undef SIXTY_FOUR_BIT
+ #define THIRTY_TWO_BIT
++#endif
+ #endif
+
+ #if defined(HEADER_RC4_LOCL_H) &&
+ !defined(CONFIG_HEADER_RC4_LOCL_H)
--
1.9.5.msysgit.1
------------------------------------------------------------------------------
Laszlo Ersek
2015-06-11 18:57:52 UTC
Permalink
Post by Ard Biesheuvel
Post by Long, Qin
Thanks, Ard.
This is one historical changes, and come from some early user's requests: they would like to keep the built result / image of this module identical as possible, whatever any path was used (e.g. aaa/edk2/.../openssl v.s. bbb/edk2/...openssl, ...). To meet this, we have to patch those __FILE__ macro then. :-(
OK, fair enough.
Post by Long, Qin
I keep this for all later updates.
I guess not all toolchains support
#undef __FILE__
#define __FILE__ NULL
??
because that would be a bit simpler.
It would also be undefined behavior. The C standards say that

None of these macro names, nor the identifier "defined", shall be the
subject of a #define or a #undef preprocessing directive.

Thanks
Laszlo


------------------------------------------------------------------------------
Ard Biesheuvel
2015-06-12 07:34:50 UTC
Permalink
Post by Laszlo Ersek
Post by Ard Biesheuvel
Post by Long, Qin
Thanks, Ard.
This is one historical changes, and come from some early user's requests: they would like to keep the built result / image of this module identical as possible, whatever any path was used (e.g. aaa/edk2/.../openssl v.s. bbb/edk2/...openssl, ...). To meet this, we have to patch those __FILE__ macro then. :-(
OK, fair enough.
Post by Long, Qin
I keep this for all later updates.
I guess not all toolchains support
#undef __FILE__
#define __FILE__ NULL
??
because that would be a bit simpler.
It would also be undefined behavior. The C standards say that
None of these macro names, nor the identifier "defined", shall be the
subject of a #define or a #undef preprocessing directive.
OK, got it.
--
Ard.

------------------------------------------------------------------------------
qlong
2015-06-10 02:21:22 UTC
Permalink
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long, Qin <***@intel.com>
Signed-off-by: qlong <***@intel.com>
---
CryptoPkg/Library/OpensslLib/Install.cmd | 146 ++++---
CryptoPkg/Library/OpensslLib/Install.sh | 146 ++++---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 620 +++++++++++++++++++--------
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 46 +-
4 files changed, 608 insertions(+), 350 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd b/CryptoPkg/Library/OpensslLib/Install.cmd
index 8f1d016..a633f57 100755
--- a/CryptoPkg/Library/OpensslLib/Install.cmd
+++ b/CryptoPkg/Library/OpensslLib/Install.cmd
@@ -1,71 +1,77 @@
-cd openssl-0.9.8zf
-copy e_os2.h ..\..\..\Include\openssl
-copy crypto\crypto.h ..\..\..\Include\openssl
-copy crypto\tmdiff.h ..\..\..\Include\openssl
-copy crypto\opensslv.h ..\..\..\Include\openssl
-copy crypto\opensslconf.h ..\..\..\Include\openssl
-copy crypto\ebcdic.h ..\..\..\Include\openssl
-copy crypto\symhacks.h ..\..\..\Include\openssl
-copy crypto\ossl_typ.h ..\..\..\Include\openssl
-copy crypto\md2\md2.h ..\..\..\Include\openssl
-copy crypto\md4\md4.h ..\..\..\Include\openssl
-copy crypto\md5\md5.h ..\..\..\Include\openssl
-copy crypto\sha\sha.h ..\..\..\Include\openssl
-copy crypto\hmac\hmac.h ..\..\..\Include\openssl
-copy crypto\ripemd\ripemd.h ..\..\..\Include\openssl
-copy crypto\des\des.h ..\..\..\Include\openssl
-copy crypto\des\des_old.h ..\..\..\Include\openssl
-copy crypto\rc2\rc2.h ..\..\..\Include\openssl
-copy crypto\rc4\rc4.h ..\..\..\Include\openssl
-copy crypto\idea\idea.h ..\..\..\Include\openssl
-copy crypto\bf\blowfish.h ..\..\..\Include\openssl
-copy crypto\cast\cast.h ..\..\..\Include\openssl
-copy crypto\aes\aes.h ..\..\..\Include\openssl
-copy crypto\bn\bn.h ..\..\..\Include\openssl
-copy crypto\rsa\rsa.h ..\..\..\Include\openssl
-copy crypto\dsa\dsa.h ..\..\..\Include\openssl
-copy crypto\dso\dso.h ..\..\..\Include\openssl
-copy crypto\dh\dh.h ..\..\..\Include\openssl
-copy crypto\ec\ec.h ..\..\..\Include\openssl
-copy crypto\ecdh\ecdh.h ..\..\..\Include\openssl
-copy crypto\ecdsa\ecdsa.h ..\..\..\Include\openssl
-copy crypto\buffer\buffer.h ..\..\..\Include\openssl
-copy crypto\bio\bio.h ..\..\..\Include\openssl
-copy crypto\stack\stack.h ..\..\..\Include\openssl
-copy crypto\stack\safestack.h ..\..\..\Include\openssl
-copy crypto\lhash\lhash.h ..\..\..\Include\openssl
-copy crypto\rand\rand.h ..\..\..\Include\openssl
-copy crypto\err\err.h ..\..\..\Include\openssl
-copy crypto\objects\objects.h ..\..\..\Include\openssl
-copy crypto\objects\obj_mac.h ..\..\..\Include\openssl
-copy crypto\evp\evp.h ..\..\..\Include\openssl
-copy crypto\asn1\asn1.h ..\..\..\Include\openssl
-copy crypto\asn1\asn1_mac.h ..\..\..\Include\openssl
-copy crypto\asn1\asn1t.h ..\..\..\Include\openssl
-copy crypto\pem\pem.h ..\..\..\Include\openssl
-copy crypto\pem\pem2.h ..\..\..\Include\openssl
-copy crypto\x509\x509.h ..\..\..\Include\openssl
-copy crypto\x509\x509_vfy.h ..\..\..\Include\openssl
-copy crypto\x509v3\x509v3.h ..\..\..\Include\openssl
-copy crypto\conf\conf.h ..\..\..\Include\openssl
-copy crypto\conf\conf_api.h ..\..\..\Include\openssl
-copy crypto\txt_db\txt_db.h ..\..\..\Include\openssl
-copy crypto\pkcs7\pkcs7.h ..\..\..\Include\openssl
-copy crypto\pkcs12\pkcs12.h ..\..\..\Include\openssl
-copy crypto\comp\comp.h ..\..\..\Include\openssl
-copy crypto\engine\engine.h ..\..\..\Include\openssl
-copy crypto\ocsp\ocsp.h ..\..\..\Include\openssl
-copy crypto\ui\ui.h ..\..\..\Include\openssl
-copy crypto\ui\ui_compat.h ..\..\..\Include\openssl
-copy crypto\krb5\krb5_asn.h ..\..\..\Include\openssl
-copy crypto\store\store.h ..\..\..\Include\openssl
-copy crypto\pqueue\pqueue.h ..\..\..\Include\openssl
-copy crypto\pqueue\pq_compat.h ..\..\..\Include\openssl
-copy ssl\ssl.h ..\..\..\Include\openssl
-copy ssl\ssl2.h ..\..\..\Include\openssl
-copy ssl\ssl3.h ..\..\..\Include\openssl
-copy ssl\ssl23.h ..\..\..\Include\openssl
-copy ssl\tls1.h ..\..\..\Include\openssl
-copy ssl\dtls1.h ..\..\..\Include\openssl
-copy ssl\kssl.h ..\..\..\Include\openssl
+cd openssl-1.0.2a
+copy e_os2.h ..\..\..\Include\openssl
+copy crypto\crypto.h ..\..\..\Include\openssl
+copy crypto\opensslv.h ..\..\..\Include\openssl
+copy crypto\opensslconf.h ..\..\..\Include\openssl
+copy crypto\ebcdic.h ..\..\..\Include\openssl
+copy crypto\symhacks.h ..\..\..\Include\openssl
+copy crypto\ossl_typ.h ..\..\..\Include\openssl
+copy crypto\objects\objects.h ..\..\..\Include\openssl
+copy crypto\objects\obj_mac.h ..\..\..\Include\openssl
+copy crypto\md4\md4.h ..\..\..\Include\openssl
+copy crypto\md5\md5.h ..\..\..\Include\openssl
+copy crypto\sha\sha.h ..\..\..\Include\openssl
+copy crypto\mdc2\mdc2.h ..\..\..\Include\openssl
+copy crypto\hmac\hmac.h ..\..\..\Include\openssl
+copy crypto\ripemd\ripemd.h ..\..\..\Include\openssl
+copy crypto\whrlpool\whrlpool.h ..\..\..\Include\openssl
+copy crypto\des\des.h ..\..\..\Include\openssl
+copy crypto\des\des_old.h ..\..\..\Include\openssl
+copy crypto\aes\aes.h ..\..\..\Include\openssl
+copy crypto\rc2\rc2.h ..\..\..\Include\openssl
+copy crypto\rc4\rc4.h ..\..\..\Include\openssl
+copy crypto\idea\idea.h ..\..\..\Include\openssl
+copy crypto\bf\blowfish.h ..\..\..\Include\openssl
+copy crypto\cast\cast.h ..\..\..\Include\openssl
+copy crypto\camellia\camellia.h ..\..\..\Include\openssl
+copy crypto\seed\seed.h ..\..\..\Include\openssl
+copy crypto\modes\modes.h ..\..\..\Include\openssl
+copy crypto\bn\bn.h ..\..\..\Include\openssl
+copy crypto\ec\ec.h ..\..\..\Include\openssl
+copy crypto\rsa\rsa.h ..\..\..\Include\openssl
+copy crypto\dsa\dsa.h ..\..\..\Include\openssl
+copy crypto\ecdsa\ecdsa.h ..\..\..\Include\openssl
+copy crypto\dh\dh.h ..\..\..\Include\openssl
+copy crypto\ecdh\ecdh.h ..\..\..\Include\openssl
+copy crypto\dso\dso.h ..\..\..\Include\openssl
+copy crypto\engine\engine.h ..\..\..\Include\openssl
+copy crypto\buffer\buffer.h ..\..\..\Include\openssl
+copy crypto\bio\bio.h ..\..\..\Include\openssl
+copy crypto\stack\stack.h ..\..\..\Include\openssl
+copy crypto\stack\safestack.h ..\..\..\Include\openssl
+copy crypto\lhash\lhash.h ..\..\..\Include\openssl
+copy crypto\rand\rand.h ..\..\..\Include\openssl
+copy crypto\err\err.h ..\..\..\Include\openssl
+copy crypto\evp\evp.h ..\..\..\Include\openssl
+copy crypto\asn1\asn1.h ..\..\..\Include\openssl
+copy crypto\asn1\asn1_mac.h ..\..\..\Include\openssl
+copy crypto\asn1\asn1t.h ..\..\..\Include\openssl
+copy crypto\pem\pem.h ..\..\..\Include\openssl
+copy crypto\pem\pem2.h ..\..\..\Include\openssl
+copy crypto\x509\x509.h ..\..\..\Include\openssl
+copy crypto\x509\x509_vfy.h ..\..\..\Include\openssl
+copy crypto\x509v3\x509v3.h ..\..\..\Include\openssl
+copy crypto\conf\conf.h ..\..\..\Include\openssl
+copy crypto\conf\conf_api.h ..\..\..\Include\openssl
+copy crypto\txt_db\txt_db.h ..\..\..\Include\openssl
+copy crypto\pkcs7\pkcs7.h ..\..\..\Include\openssl
+copy crypto\pkcs12\pkcs12.h ..\..\..\Include\openssl
+copy crypto\comp\comp.h ..\..\..\Include\openssl
+copy crypto\ocsp\ocsp.h ..\..\..\Include\openssl
+copy crypto\ui\ui.h ..\..\..\Include\openssl
+copy crypto\ui\ui_compat.h ..\..\..\Include\openssl
+copy crypto\krb5\krb5_asn.h ..\..\..\Include\openssl
+copy crypto\cms\cms.h ..\..\..\Include\openssl
+copy crypto\pqueue\pqueue.h ..\..\..\Include\openssl
+copy crypto\ts\ts.h ..\..\..\Include\openssl
+copy crypto\srp\srp.h ..\..\..\Include\openssl
+copy crypto\cmac\cmac.h ..\..\..\Include\openssl
+copy ssl\ssl.h ..\..\..\Include\openssl
+copy ssl\ssl2.h ..\..\..\Include\openssl
+copy ssl\ssl3.h ..\..\..\Include\openssl
+copy ssl\ssl23.h ..\..\..\Include\openssl
+copy ssl\tls1.h ..\..\..\Include\openssl
+copy ssl\dtls1.h ..\..\..\Include\openssl
+copy ssl\kssl.h ..\..\..\Include\openssl
+copy ssl\srtp.h ..\..\..\Include\openssl
cd ..
diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh
index 4a022e6..6973ab7 100755
--- a/CryptoPkg/Library/OpensslLib/Install.sh
+++ b/CryptoPkg/Library/OpensslLib/Install.sh
@@ -1,73 +1,79 @@
#!/bin/sh

-cd openssl-0.9.8zf
-cp e_os2.h ../../../Include/openssl
-cp crypto/crypto.h ../../../Include/openssl
-cp crypto/tmdiff.h ../../../Include/openssl
-cp crypto/opensslv.h ../../../Include/openssl
-cp crypto/opensslconf.h ../../../Include/openssl
-cp crypto/ebcdic.h ../../../Include/openssl
-cp crypto/symhacks.h ../../../Include/openssl
-cp crypto/ossl_typ.h ../../../Include/openssl
-cp crypto/md2/md2.h ../../../Include/openssl
-cp crypto/md4/md4.h ../../../Include/openssl
-cp crypto/md5/md5.h ../../../Include/openssl
-cp crypto/sha/sha.h ../../../Include/openssl
-cp crypto/hmac/hmac.h ../../../Include/openssl
-cp crypto/ripemd/ripemd.h ../../../Include/openssl
-cp crypto/des/des.h ../../../Include/openssl
-cp crypto/des/des_old.h ../../../Include/openssl
-cp crypto/rc2/rc2.h ../../../Include/openssl
-cp crypto/rc4/rc4.h ../../../Include/openssl
-cp crypto/idea/idea.h ../../../Include/openssl
-cp crypto/bf/blowfish.h ../../../Include/openssl
-cp crypto/cast/cast.h ../../../Include/openssl
-cp crypto/aes/aes.h ../../../Include/openssl
-cp crypto/bn/bn.h ../../../Include/openssl
-cp crypto/rsa/rsa.h ../../../Include/openssl
-cp crypto/dsa/dsa.h ../../../Include/openssl
-cp crypto/dso/dso.h ../../../Include/openssl
-cp crypto/dh/dh.h ../../../Include/openssl
-cp crypto/ec/ec.h ../../../Include/openssl
-cp crypto/ecdh/ecdh.h ../../../Include/openssl
-cp crypto/ecdsa/ecdsa.h ../../../Include/openssl
-cp crypto/buffer/buffer.h ../../../Include/openssl
-cp crypto/bio/bio.h ../../../Include/openssl
-cp crypto/stack/stack.h ../../../Include/openssl
-cp crypto/stack/safestack.h ../../../Include/openssl
-cp crypto/lhash/lhash.h ../../../Include/openssl
-cp crypto/rand/rand.h ../../../Include/openssl
-cp crypto/err/err.h ../../../Include/openssl
-cp crypto/objects/objects.h ../../../Include/openssl
-cp crypto/objects/obj_mac.h ../../../Include/openssl
-cp crypto/evp/evp.h ../../../Include/openssl
-cp crypto/asn1/asn1.h ../../../Include/openssl
-cp crypto/asn1/asn1_mac.h ../../../Include/openssl
-cp crypto/asn1/asn1t.h ../../../Include/openssl
-cp crypto/pem/pem.h ../../../Include/openssl
-cp crypto/pem/pem2.h ../../../Include/openssl
-cp crypto/x509/x509.h ../../../Include/openssl
-cp crypto/x509/x509_vfy.h ../../../Include/openssl
-cp crypto/x509v3/x509v3.h ../../../Include/openssl
-cp crypto/conf/conf.h ../../../Include/openssl
-cp crypto/conf/conf_api.h ../../../Include/openssl
-cp crypto/txt_db/txt_db.h ../../../Include/openssl
-cp crypto/pkcs7/pkcs7.h ../../../Include/openssl
-cp crypto/pkcs12/pkcs12.h ../../../Include/openssl
-cp crypto/comp/comp.h ../../../Include/openssl
-cp crypto/engine/engine.h ../../../Include/openssl
-cp crypto/ocsp/ocsp.h ../../../Include/openssl
-cp crypto/ui/ui.h ../../../Include/openssl
-cp crypto/ui/ui_compat.h ../../../Include/openssl
-cp crypto/krb5/krb5_asn.h ../../../Include/openssl
-cp crypto/store/store.h ../../../Include/openssl
-cp crypto/pqueue/pqueue.h ../../../Include/openssl
-cp crypto/pqueue/pq_compat.h ../../../Include/openssl
-cp ssl/ssl.h ../../../Include/openssl
-cp ssl/ssl2.h ../../../Include/openssl
-cp ssl/ssl3.h ../../../Include/openssl
-cp ssl/ssl23.h ../../../Include/openssl
-cp ssl/tls1.h ../../../Include/openssl
-cp ssl/dtls1.h ../../../Include/openssl
-cp ssl/kssl.h ../../../Include/openssl
+cd openssl-1.0.2a
+cp e_os2.h ../../../Include/openssl
+cp crypto/crypto.h ../../../Include/openssl
+cp crypto/opensslv.h ../../../Include/openssl
+cp crypto/opensslconf.h ../../../Include/openssl
+cp crypto/ebcdic.h ../../../Include/openssl
+cp crypto/symhacks.h ../../../Include/openssl
+cp crypto/ossl_typ.h ../../../Include/openssl
+cp crypto/objects/objects.h ../../../Include/openssl
+cp crypto/objects/obj_mac.h ../../../Include/openssl
+cp crypto/md4/md4.h ../../../Include/openssl
+cp crypto/md5/md5.h ../../../Include/openssl
+cp crypto/sha/sha.h ../../../Include/openssl
+cp crypto/mdc2/mdc2.h ../../../Include/openssl
+cp crypto/hmac/hmac.h ../../../Include/openssl
+cp crypto/ripemd/ripemd.h ../../../Include/openssl
+cp crypto/whrlpool/whrlpool.h ../../../Include/openssl
+cp crypto/des/des.h ../../../Include/openssl
+cp crypto/des/des_old.h ../../../Include/openssl
+cp crypto/aes/aes.h ../../../Include/openssl
+cp crypto/rc2/rc2.h ../../../Include/openssl
+cp crypto/rc4/rc4.h ../../../Include/openssl
+cp crypto/idea/idea.h ../../../Include/openssl
+cp crypto/bf/blowfish.h ../../../Include/openssl
+cp crypto/cast/cast.h ../../../Include/openssl
+cp crypto/camellia/camellia.h ../../../Include/openssl
+cp crypto/seed/seed.h ../../../Include/openssl
+cp crypto/modes/modes.h ../../../Include/openssl
+cp crypto/bn/bn.h ../../../Include/openssl
+cp crypto/ec/ec.h ../../../Include/openssl
+cp crypto/rsa/rsa.h ../../../Include/openssl
+cp crypto/dsa/dsa.h ../../../Include/openssl
+cp crypto/ecdsa/ecdsa.h ../../../Include/openssl
+cp crypto/dh/dh.h ../../../Include/openssl
+cp crypto/ecdh/ecdh.h ../../../Include/openssl
+cp crypto/dso/dso.h ../../../Include/openssl
+cp crypto/engine/engine.h ../../../Include/openssl
+cp crypto/buffer/buffer.h ../../../Include/openssl
+cp crypto/bio/bio.h ../../../Include/openssl
+cp crypto/stack/stack.h ../../../Include/openssl
+cp crypto/stack/safestack.h ../../../Include/openssl
+cp crypto/lhash/lhash.h ../../../Include/openssl
+cp crypto/rand/rand.h ../../../Include/openssl
+cp crypto/err/err.h ../../../Include/openssl
+cp crypto/evp/evp.h ../../../Include/openssl
+cp crypto/asn1/asn1.h ../../../Include/openssl
+cp crypto/asn1/asn1_mac.h ../../../Include/openssl
+cp crypto/asn1/asn1t.h ../../../Include/openssl
+cp crypto/pem/pem.h ../../../Include/openssl
+cp crypto/pem/pem2.h ../../../Include/openssl
+cp crypto/x509/x509.h ../../../Include/openssl
+cp crypto/x509/x509_vfy.h ../../../Include/openssl
+cp crypto/x509v3/x509v3.h ../../../Include/openssl
+cp crypto/conf/conf.h ../../../Include/openssl
+cp crypto/conf/conf_api.h ../../../Include/openssl
+cp crypto/txt_db/txt_db.h ../../../Include/openssl
+cp crypto/pkcs7/pkcs7.h ../../../Include/openssl
+cp crypto/pkcs12/pkcs12.h ../../../Include/openssl
+cp crypto/comp/comp.h ../../../Include/openssl
+cp crypto/ocsp/ocsp.h ../../../Include/openssl
+cp crypto/ui/ui.h ../../../Include/openssl
+cp crypto/ui/ui_compat.h ../../../Include/openssl
+cp crypto/krb5/krb5_asn.h ../../../Include/openssl
+cp crypto/cms/cms.h ../../../Include/openssl
+cp crypto/pqueue/pqueue.h ../../../Include/openssl
+cp crypto/ts/ts.h ../../../Include/openssl
+cp crypto/srp/srp.h ../../../Include/openssl
+cp crypto/cmac/cmac.h ../../../Include/openssl
+cp ssl/ssl.h ../../../Include/openssl
+cp ssl/ssl2.h ../../../Include/openssl
+cp ssl/ssl3.h ../../../Include/openssl
+cp ssl/ssl23.h ../../../Include/openssl
+cp ssl/tls1.h ../../../Include/openssl
+cp ssl/dtls1.h ../../../Include/openssl
+cp ssl/kssl.h ../../../Include/openssl
+cp ssl/srtp.h ../../../Include/openssl
cd ..
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index f564145..ee7dbd8 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -20,9 +20,9 @@
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
- DEFINE OPENSSL_PATH = openssl-0.9.8zf
- DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
- DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_MD2 -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ENGINE
+ DEFINE OPENSSL_PATH = openssl-1.0.2a
+ DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
+ DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP -DOPENSSL_NO_ENGINE

#
# OPENSSL_FLAGS is set to define the following flags to be compatible with
@@ -46,6 +46,7 @@
# OPENSSL_NO_DYNAMIC_ENGINE
# GETPID_IS_MEANINGLESS
# OPENSSL_NO_STDIO
+# OPENSSL_NO_POSIX_IO
# OPENSSL_NO_FP_API
# OPENSSL_NO_DGRAM
# OPENSSL_NO_ASM
@@ -58,80 +59,122 @@
[Sources]
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/crypto/cryptlib.c
- $(OPENSSL_PATH)/crypto/dyn_lck.c
$(OPENSSL_PATH)/crypto/mem.c
$(OPENSSL_PATH)/crypto/mem_clr.c
$(OPENSSL_PATH)/crypto/mem_dbg.c
$(OPENSSL_PATH)/crypto/cversion.c
$(OPENSSL_PATH)/crypto/ex_data.c
-
- #
- # Not required for UEFI.
- #
- # $(OPENSSL_PATH)/crypto/tmdiff.c
-
$(OPENSSL_PATH)/crypto/cpt_err.c
$(OPENSSL_PATH)/crypto/ebcdic.c
$(OPENSSL_PATH)/crypto/uid.c
$(OPENSSL_PATH)/crypto/o_time.c
$(OPENSSL_PATH)/crypto/o_str.c
$(OPENSSL_PATH)/crypto/o_dir.c
+ $(OPENSSL_PATH)/crypto/o_fips.c
$(OPENSSL_PATH)/crypto/o_init.c
- $(OPENSSL_PATH)/crypto/fips_err.c
+ $(OPENSSL_PATH)/crypto/fips_ers.c

#
- # DIsabled by OPENSSL_NO_MD2
+ # OBJECTS
+ #
+ $(OPENSSL_PATH)/crypto/objects/o_names.c
+ $(OPENSSL_PATH)/crypto/objects/obj_dat.c
+ $(OPENSSL_PATH)/crypto/objects/obj_lib.c
+ $(OPENSSL_PATH)/crypto/objects/obj_err.c
+ $(OPENSSL_PATH)/crypto/objects/obj_xref.c
+
+ #
+ # MD4
#
- # $(OPENSSL_PATH)/crypto/md2/md2_dgst.c
- # $(OPENSSL_PATH)/crypto/md2/md2_one.c
$(OPENSSL_PATH)/crypto/md4/md4_dgst.c
$(OPENSSL_PATH)/crypto/md4/md4_one.c
+
+ #
+ # MD5
+ #
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
+
+ #
+ # SHA
+ #
$(OPENSSL_PATH)/crypto/sha/sha_dgst.c
$(OPENSSL_PATH)/crypto/sha/sha1dgst.c
$(OPENSSL_PATH)/crypto/sha/sha_one.c
$(OPENSSL_PATH)/crypto/sha/sha1_one.c
$(OPENSSL_PATH)/crypto/sha/sha256.c
$(OPENSSL_PATH)/crypto/sha/sha512.c
+
+ #
+ # MDC2 - Disabled by OPENSSL_NO_MDC2
+ #
+ # $(OPENSSL_PATH)/crypto/mdc2/mdc2dgst.c
+ # $(OPENSSL_PATH)/crypto/mdc2/mdc2_one.c
+
+ #
+ # HMAC
+ #
$(OPENSSL_PATH)/crypto/hmac/hmac.c
+ $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
+ $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c

#
- # Disabled by OPENSSL_NO_RIPEMD
+ # RIPEMD - Disabled by OPENSSL_NO_RIPEMD
#
# $(OPENSSL_PATH)/crypto/ripemd/rmd_dgst.c
# $(OPENSSL_PATH)/crypto/ripemd/rmd_one.c

- $(OPENSSL_PATH)/crypto/des/des_lib.c
- $(OPENSSL_PATH)/crypto/des/set_key.c
- $(OPENSSL_PATH)/crypto/des/ecb_enc.c
+ #
+ # WHIRLPOOL - Disabled by OPENSSL_NO_WHIRLPOOL
+ #
+ # $(OPENSSL_PATH)/crypto/whrlpool/wp_dgst.c
+ # $(OPENSSL_PATH)/crypto/whrlpool/wp_block.c
+
+ #
+ # DES
+ #
+ $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
$(OPENSSL_PATH)/crypto/des/cbc_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
$(OPENSSL_PATH)/crypto/des/cfb64enc.c
- $(OPENSSL_PATH)/crypto/des/cfb64ede.c
$(OPENSSL_PATH)/crypto/des/cfb_enc.c
- $(OPENSSL_PATH)/crypto/des/ofb64ede.c
+ $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
+ $(OPENSSL_PATH)/crypto/des/ecb_enc.c
$(OPENSSL_PATH)/crypto/des/enc_read.c
$(OPENSSL_PATH)/crypto/des/enc_writ.c
+ $(OPENSSL_PATH)/crypto/des/fcrypt.c
$(OPENSSL_PATH)/crypto/des/ofb64enc.c
$(OPENSSL_PATH)/crypto/des/ofb_enc.c
- $(OPENSSL_PATH)/crypto/des/str2key.c
$(OPENSSL_PATH)/crypto/des/pcbc_enc.c
$(OPENSSL_PATH)/crypto/des/qud_cksm.c
$(OPENSSL_PATH)/crypto/des/rand_key.c
+ $(OPENSSL_PATH)/crypto/des/rpc_enc.c
+ $(OPENSSL_PATH)/crypto/des/set_key.c
$(OPENSSL_PATH)/crypto/des/des_enc.c
$(OPENSSL_PATH)/crypto/des/fcrypt_b.c
- $(OPENSSL_PATH)/crypto/des/fcrypt.c
$(OPENSSL_PATH)/crypto/des/xcbc_enc.c
- $(OPENSSL_PATH)/crypto/des/rpc_enc.c
- $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
+ $(OPENSSL_PATH)/crypto/des/str2key.c
+ $(OPENSSL_PATH)/crypto/des/cfb64ede.c
+ $(OPENSSL_PATH)/crypto/des/ofb64ede.c
$(OPENSSL_PATH)/crypto/des/ede_cbcm_enc.c
$(OPENSSL_PATH)/crypto/des/des_old.c
$(OPENSSL_PATH)/crypto/des/des_old2.c
$(OPENSSL_PATH)/crypto/des/read2pwd.c

#
- # Disabled by OPENSSL_NO_RC2
+ # AES
+ #
+ $(OPENSSL_PATH)/crypto/aes/aes_core.c
+ $(OPENSSL_PATH)/crypto/aes/aes_misc.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
+ $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ctr.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ige.c
+ $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
+
+ #
+ # RC2 - Disabled by OPENSSL_NO_RC2
#
# $(OPENSSL_PATH)/crypto/rc2/rc2_ecb.c
# $(OPENSSL_PATH)/crypto/rc2/rc2_skey.c
@@ -139,28 +182,42 @@
# $(OPENSSL_PATH)/crypto/rc2/rc2cfb64.c
# $(OPENSSL_PATH)/crypto/rc2/rc2ofb64.c

- $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
+ #
+ # RC4
+ #
$(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_fblk.c
+ $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
+ $(OPENSSL_PATH)/crypto/rc4/rc4_utl.c
+
+ #
+ # RC5 - Disabled by OPENSSL_NO_RC5
+ #
+ # $(OPENSSL_PATH)/crypto/rc5/rc5_skey.c
+ # $(OPENSSL_PATH)/crypto/rc5/rc5_ecb.c
+ # $(OPENSSL_PATH)/crypto/rc5/rc5_enc.c
+ # $(OPENSSL_PATH)/crypto/rc5/rc5cfb64.c
+ # $(OPENSSL_PATH)/crypto/rc5/rc5ofb64.c

#
- # Disabled by OPENSSL_NO_IDEA
+ # IDEA - Disabled by OPENSSL_NO_IDEA
#
# $(OPENSSL_PATH)/crypto/idea/i_cbc.c
# $(OPENSSL_PATH)/crypto/idea/i_cfb64.c
# $(OPENSSL_PATH)/crypto/idea/i_ofb64.c
# $(OPENSSL_PATH)/crypto/idea/i_ecb.c
# $(OPENSSL_PATH)/crypto/idea/i_skey.c
+
#
- # Disabled by OPENSSL_NO_BF
+ # BLOWFISH - Disabled by OPENSSL_NO_BF
#
# $(OPENSSL_PATH)/crypto/bf/bf_skey.c
# $(OPENSSL_PATH)/crypto/bf/bf_ecb.c
# $(OPENSSL_PATH)/crypto/bf/bf_enc.c
# $(OPENSSL_PATH)/crypto/bf/bf_cfb64.c
# $(OPENSSL_PATH)/crypto/bf/bf_ofb64.c
+
#
- # Disabled by OPENSSL_NO_CAST
+ # CAST - Disabled by OPENSSL_NO_CAST
#
# $(OPENSSL_PATH)/crypto/cast/c_skey.c
# $(OPENSSL_PATH)/crypto/cast/c_ecb.c
@@ -168,15 +225,43 @@
# $(OPENSSL_PATH)/crypto/cast/c_cfb64.c
# $(OPENSSL_PATH)/crypto/cast/c_ofb64.c

- $(OPENSSL_PATH)/crypto/aes/aes_misc.c
- $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
- $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
- $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
- $(OPENSSL_PATH)/crypto/aes/aes_ctr.c
- $(OPENSSL_PATH)/crypto/aes/aes_ige.c
- $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
- $(OPENSSL_PATH)/crypto/aes/aes_core.c
- $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
+ #
+ # CAMELLIA - Disabled by OPENSSL_NO_CAMELLIA
+ #
+ # $(OPENSSL_PATH)/crypto/camellia/camellia.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_misc.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_ecb.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_cbc.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_ofb.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_cfb.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_ctr.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_utl.c
+
+ #
+ # SEED - Disabled by OPENSSL_NO_SEED
+ #
+ # $(OPENSSL_PATH)/crypto/seed/seed.c
+ # $(OPENSSL_PATH)/crypto/seed/seed_ecb.c
+ # $(OPENSSL_PATH)/crypto/seed/seed_cbc.c
+ # $(OPENSSL_PATH)/crypto/seed/seed_cfb.c
+ # $(OPENSSL_PATH)/crypto/seed/seed_ofb.c
+
+ #
+ # MODES
+ #
+ $(OPENSSL_PATH)/crypto/modes/cbc128.c
+ $(OPENSSL_PATH)/crypto/modes/ctr128.c
+ $(OPENSSL_PATH)/crypto/modes/cts128.c
+ $(OPENSSL_PATH)/crypto/modes/cfb128.c
+ $(OPENSSL_PATH)/crypto/modes/ofb128.c
+ $(OPENSSL_PATH)/crypto/modes/gcm128.c
+ $(OPENSSL_PATH)/crypto/modes/ccm128.c
+ $(OPENSSL_PATH)/crypto/modes/xts128.c
+ $(OPENSSL_PATH)/crypto/modes/wrap128.c
+
+ #
+ # BIGNUM
+ #
$(OPENSSL_PATH)/crypto/bn/bn_add.c
$(OPENSSL_PATH)/crypto/bn/bn_div.c
$(OPENSSL_PATH)/crypto/bn/bn_exp.c
@@ -203,9 +288,40 @@
$(OPENSSL_PATH)/crypto/bn/bn_gf2m.c
$(OPENSSL_PATH)/crypto/bn/bn_nist.c
$(OPENSSL_PATH)/crypto/bn/bn_depr.c
- $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
$(OPENSSL_PATH)/crypto/bn/bn_const.c
- $(OPENSSL_PATH)/crypto/bn/bn_opt.c
+ $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
+
+ #
+ # ELLIPTIC CURVE - Disabled by OPENSSL_NO_EC
+ #
+ # $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_err.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_check.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_print.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_key.c
+ # $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+ # $(OPENSSL_PATH)/crypto/ec/ec2_mult.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+ # $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+ # $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+
+ #
+ # RSA
+ #
$(OPENSSL_PATH)/crypto/rsa/rsa_eay.c
$(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
$(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
@@ -220,13 +336,15 @@
$(OPENSSL_PATH)/crypto/rsa/rsa_null.c
$(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
$(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
$(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
$(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_eng.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c

#
- # Disabled by OPENSSL_NO_DSA
+ # DSA - Disabled by OPENSSL_NO_DSA
#
# $(OPENSSL_PATH)/crypto/dsa/dsa_gen.c
# $(OPENSSL_PATH)/crypto/dsa/dsa_key.c
@@ -237,16 +355,23 @@
# $(OPENSSL_PATH)/crypto/dsa/dsa_err.c
# $(OPENSSL_PATH)/crypto/dsa/dsa_ossl.c
# $(OPENSSL_PATH)/crypto/dsa/dsa_depr.c
- # $(OPENSSL_PATH)/crypto/dsa/dsa_utl.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_ameth.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_pmeth.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_prn.c

- $(OPENSSL_PATH)/crypto/dso/dso_dl.c
- $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
- $(OPENSSL_PATH)/crypto/dso/dso_err.c
- $(OPENSSL_PATH)/crypto/dso/dso_lib.c
- $(OPENSSL_PATH)/crypto/dso/dso_null.c
- $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
- $(OPENSSL_PATH)/crypto/dso/dso_win32.c
- $(OPENSSL_PATH)/crypto/dso/dso_vms.c
+ #
+ # ECDSA - Disabled by OPENSSL_NO_ECDSA
+ #
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_lib.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_asn1.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_ossl.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_sign.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_vrf.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_err.c
+
+ #
+ # DIFFIE-HELLMAN
+ #
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
$(OPENSSL_PATH)/crypto/dh/dh_gen.c
$(OPENSSL_PATH)/crypto/dh/dh_key.c
@@ -254,44 +379,73 @@
$(OPENSSL_PATH)/crypto/dh/dh_check.c
$(OPENSSL_PATH)/crypto/dh/dh_err.c
$(OPENSSL_PATH)/crypto/dh/dh_depr.c
+ $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
+ $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
+ $(OPENSSL_PATH)/crypto/dh/dh_prn.c
+ $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
+ # $(OPENSSL_PATH)/crypto/dh/dh_kdf.c

#
- # Disabled by OPENSSL_NO_EC
- #
- # $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- # $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- # $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- # $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- # $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- # $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- # $(OPENSSL_PATH)/crypto/ec/ec_err.c
- # $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- # $(OPENSSL_PATH)/crypto/ec/ec_check.c
- # $(OPENSSL_PATH)/crypto/ec/ec_print.c
- # $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- # $(OPENSSL_PATH)/crypto/ec/ec_key.c
- # $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- # $(OPENSSL_PATH)/crypto/ec/ec2_mult.c
- #
- # Disabled by OPENSSL_NO_ECDH
+ # ECDH - Disabled by OPENSSL_NO_ECDH
#
# $(OPENSSL_PATH)/crypto/ecdh/ech_lib.c
# $(OPENSSL_PATH)/crypto/ecdh/ech_ossl.c
# $(OPENSSL_PATH)/crypto/ecdh/ech_key.c
# $(OPENSSL_PATH)/crypto/ecdh/ech_err.c
+ # $(OPENSSL_PATH)/crypto/ecdh/ech_kdf.c
+
#
- # Disabled by OPENSSL_NO_ECDSA
+ # DSO
#
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_lib.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_asn1.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_ossl.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_sign.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_vrf.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_err.c
+ $(OPENSSL_PATH)/crypto/dso/dso_dl.c
+ $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
+ $(OPENSSL_PATH)/crypto/dso/dso_err.c
+ $(OPENSSL_PATH)/crypto/dso/dso_lib.c
+ $(OPENSSL_PATH)/crypto/dso/dso_null.c
+ $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
+ $(OPENSSL_PATH)/crypto/dso/dso_win32.c
+ $(OPENSSL_PATH)/crypto/dso/dso_vms.c
+ $(OPENSSL_PATH)/crypto/dso/dso_beos.c
+
+ #
+ # ENGINE - Disabled by OPENSSL_NO_ENGINE
+ #
+ # $(OPENSSL_PATH)/crypto/engine/eng_err.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_lib.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_list.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_init.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_ctrl.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_table.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_pkey.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_fat.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_all.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_rsa.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_dsa.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_ecdsa.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_dh.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_ecdh.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_rand.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_store.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_cipher.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_digest.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_pkmeth.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_asnmth.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_openssl.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_cnf.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_dyn.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_cryptodev.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_rdrand.c

+ #
+ # BUFFER
+ #
$(OPENSSL_PATH)/crypto/buffer/buffer.c
$(OPENSSL_PATH)/crypto/buffer/buf_str.c
$(OPENSSL_PATH)/crypto/buffer/buf_err.c
+
+ #
+ # BIO
+ #
$(OPENSSL_PATH)/crypto/bio/bio_lib.c
$(OPENSSL_PATH)/crypto/bio/bio_cb.c
$(OPENSSL_PATH)/crypto/bio/bio_err.c
@@ -299,45 +453,58 @@
$(OPENSSL_PATH)/crypto/bio/bss_null.c
$(OPENSSL_PATH)/crypto/bio/bss_fd.c
$(OPENSSL_PATH)/crypto/bio/bss_file.c
+ $(OPENSSL_PATH)/crypto/bio/bss_sock.c
+ $(OPENSSL_PATH)/crypto/bio/bss_conn.c
$(OPENSSL_PATH)/crypto/bio/bf_null.c
$(OPENSSL_PATH)/crypto/bio/bf_buff.c
-
#
- # Not required for UEFI.
+ # Not Required by UEFI.
#
# $(OPENSSL_PATH)/crypto/bio/b_print.c
-
$(OPENSSL_PATH)/crypto/bio/b_dump.c
+ $(OPENSSL_PATH)/crypto/bio/b_sock.c
+ $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
$(OPENSSL_PATH)/crypto/bio/bf_nbio.c
$(OPENSSL_PATH)/crypto/bio/bss_log.c
$(OPENSSL_PATH)/crypto/bio/bss_bio.c
$(OPENSSL_PATH)/crypto/bio/bss_dgram.c
+
+ #
+ # STACK
+ #
$(OPENSSL_PATH)/crypto/stack/stack.c
+
+ #
+ # LHASH
+ #
$(OPENSSL_PATH)/crypto/lhash/lhash.c
$(OPENSSL_PATH)/crypto/lhash/lh_stats.c
+
+ #
+ # RAND
+ #
$(OPENSSL_PATH)/crypto/rand/md_rand.c
$(OPENSSL_PATH)/crypto/rand/randfile.c
$(OPENSSL_PATH)/crypto/rand/rand_lib.c
- $(OPENSSL_PATH)/crypto/rand/rand_eng.c
$(OPENSSL_PATH)/crypto/rand/rand_err.c
- $(OPENSSL_PATH)/crypto/rand/rand_egd.c
- $(OPENSSL_PATH)/crypto/rand/rand_win.c
+ # $(OPENSSL_PATH)/crypto/rand/rand_egd.c
+ # $(OPENSSL_PATH)/crypto/rand/rand_win.c
$(OPENSSL_PATH)/crypto/rand/rand_unix.c
- $(OPENSSL_PATH)/crypto/rand/rand_os2.c
- $(OPENSSL_PATH)/crypto/rand/rand_nw.c
+ # $(OPENSSL_PATH)/crypto/rand/rand_os2.c
+ # $(OPENSSL_PATH)/crypto/rand/rand_nw.c
+
+ #
+ # ERR
+ #
$(OPENSSL_PATH)/crypto/err/err.c
- $(OPENSSL_PATH)/crypto/err/err_def.c
$(OPENSSL_PATH)/crypto/err/err_all.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
- $(OPENSSL_PATH)/crypto/err/err_str.c
- $(OPENSSL_PATH)/crypto/err/err_bio.c
- $(OPENSSL_PATH)/crypto/objects/o_names.c
- $(OPENSSL_PATH)/crypto/objects/obj_dat.c
- $(OPENSSL_PATH)/crypto/objects/obj_lib.c
- $(OPENSSL_PATH)/crypto/objects/obj_err.c
+
+ #
+ # EVP
+ #
$(OPENSSL_PATH)/crypto/evp/encode.c
$(OPENSSL_PATH)/crypto/evp/digest.c
- $(OPENSSL_PATH)/crypto/evp/dig_eng.c
$(OPENSSL_PATH)/crypto/evp/evp_enc.c
$(OPENSSL_PATH)/crypto/evp/evp_key.c
$(OPENSSL_PATH)/crypto/evp/evp_acnf.c
@@ -346,22 +513,25 @@
$(OPENSSL_PATH)/crypto/evp/e_bf.c
$(OPENSSL_PATH)/crypto/evp/e_idea.c
$(OPENSSL_PATH)/crypto/evp/e_des3.c
+ $(OPENSSL_PATH)/crypto/evp/e_camellia.c
$(OPENSSL_PATH)/crypto/evp/e_rc4.c
$(OPENSSL_PATH)/crypto/evp/e_aes.c
$(OPENSSL_PATH)/crypto/evp/names.c
+ $(OPENSSL_PATH)/crypto/evp/e_seed.c
$(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
$(OPENSSL_PATH)/crypto/evp/e_rc2.c
$(OPENSSL_PATH)/crypto/evp/e_cast.c
$(OPENSSL_PATH)/crypto/evp/e_rc5.c
- $(OPENSSL_PATH)/crypto/evp/enc_min.c
$(OPENSSL_PATH)/crypto/evp/m_null.c
$(OPENSSL_PATH)/crypto/evp/m_md2.c
$(OPENSSL_PATH)/crypto/evp/m_md4.c
$(OPENSSL_PATH)/crypto/evp/m_md5.c
$(OPENSSL_PATH)/crypto/evp/m_sha.c
$(OPENSSL_PATH)/crypto/evp/m_sha1.c
+ $(OPENSSL_PATH)/crypto/evp/m_wp.c
$(OPENSSL_PATH)/crypto/evp/m_dss.c
$(OPENSSL_PATH)/crypto/evp/m_dss1.c
+ $(OPENSSL_PATH)/crypto/evp/m_mdc2.c
$(OPENSSL_PATH)/crypto/evp/m_ripemd.c
$(OPENSSL_PATH)/crypto/evp/m_ecdsa.c
$(OPENSSL_PATH)/crypto/evp/p_open.c
@@ -386,6 +556,17 @@
$(OPENSSL_PATH)/crypto/evp/p5_crpt.c
$(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
$(OPENSSL_PATH)/crypto/evp/e_old.c
+ $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
+ $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
+ $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
+ $(OPENSSL_PATH)/crypto/evp/m_sigver.c
+ $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
+ $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
+ $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
+
+ #
+ # ASN1
+ #
$(OPENSSL_PATH)/crypto/asn1/a_object.c
$(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
$(OPENSSL_PATH)/crypto/asn1/a_utctm.c
@@ -421,6 +602,7 @@
$(OPENSSL_PATH)/crypto/asn1/x_info.c
$(OPENSSL_PATH)/crypto/asn1/x_spki.c
$(OPENSSL_PATH)/crypto/asn1/nsseq.c
+ $(OPENSSL_PATH)/crypto/asn1/x_nx509.c
$(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
$(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
$(OPENSSL_PATH)/crypto/asn1/i2d_pu.c
@@ -438,20 +620,22 @@
$(OPENSSL_PATH)/crypto/asn1/tasn_dec.c
$(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
$(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
+ $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
$(OPENSSL_PATH)/crypto/asn1/f_int.c
$(OPENSSL_PATH)/crypto/asn1/f_string.c
$(OPENSSL_PATH)/crypto/asn1/n_pkey.c
$(OPENSSL_PATH)/crypto/asn1/f_enum.c
- $(OPENSSL_PATH)/crypto/asn1/a_hdr.c
$(OPENSSL_PATH)/crypto/asn1/x_pkey.c
$(OPENSSL_PATH)/crypto/asn1/a_bool.c
$(OPENSSL_PATH)/crypto/asn1/x_exten.c
+ $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
+ $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
$(OPENSSL_PATH)/crypto/asn1/asn_mime.c
$(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
$(OPENSSL_PATH)/crypto/asn1/asn1_par.c
$(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
$(OPENSSL_PATH)/crypto/asn1/asn1_err.c
- $(OPENSSL_PATH)/crypto/asn1/a_meth.c
$(OPENSSL_PATH)/crypto/asn1/a_bytes.c
$(OPENSSL_PATH)/crypto/asn1/a_strnid.c
$(OPENSSL_PATH)/crypto/asn1/evp_asn1.c
@@ -460,6 +644,10 @@
$(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c
$(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
$(OPENSSL_PATH)/crypto/asn1/asn_moid.c
+
+ #
+ # PEM
+ #
$(OPENSSL_PATH)/crypto/pem/pem_sign.c
$(OPENSSL_PATH)/crypto/pem/pem_seal.c
$(OPENSSL_PATH)/crypto/pem/pem_info.c
@@ -471,6 +659,11 @@
$(OPENSSL_PATH)/crypto/pem/pem_oth.c
$(OPENSSL_PATH)/crypto/pem/pem_pk8.c
$(OPENSSL_PATH)/crypto/pem/pem_pkey.c
+ $(OPENSSL_PATH)/crypto/pem/pvkfmt.c
+
+ #
+ # X509
+ #
$(OPENSSL_PATH)/crypto/x509/x509_def.c
$(OPENSSL_PATH)/crypto/x509/x509_d2.c
$(OPENSSL_PATH)/crypto/x509/x509_r2x.c
@@ -492,9 +685,16 @@
$(OPENSSL_PATH)/crypto/x509/x_all.c
$(OPENSSL_PATH)/crypto/x509/x509_txt.c
$(OPENSSL_PATH)/crypto/x509/x509_trs.c
- $(OPENSSL_PATH)/crypto/x509/by_file.c
- $(OPENSSL_PATH)/crypto/x509/by_dir.c
+ #
+ # Not Required by UEFI.
+ #
+ # $(OPENSSL_PATH)/crypto/x509/by_file.c
+ # $(OPENSSL_PATH)/crypto/x509/by_dir.c
$(OPENSSL_PATH)/crypto/x509/x509_vpm.c
+
+ #
+ # X509v3
+ #
$(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c
$(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c
$(OPENSSL_PATH)/crypto/x509v3/v3_conf.c
@@ -531,6 +731,14 @@
$(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
$(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
$(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
+ #
+ # Not Required by UEFI.
+ #
+ # $(OPENSSL_PATH)/crypto/x509v3/v3_scts.c
+
+ #
+ # CONF
+ #
$(OPENSSL_PATH)/crypto/conf/conf_err.c
$(OPENSSL_PATH)/crypto/conf/conf_lib.c
$(OPENSSL_PATH)/crypto/conf/conf_api.c
@@ -538,7 +746,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_mod.c
$(OPENSSL_PATH)/crypto/conf/conf_mall.c
$(OPENSSL_PATH)/crypto/conf/conf_sap.c
+
+ #
+ # TXT_DB
+ #
$(OPENSSL_PATH)/crypto/txt_db/txt_db.c
+
+ #
+ # PKCS7
+ #
$(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
$(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
$(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
@@ -546,6 +762,11 @@
$(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
$(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
$(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
+ $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
+
+ #
+ # PKCS12
+ #
$(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
$(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
$(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c
@@ -561,68 +782,96 @@
$(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
$(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
$(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
+
+ #
+ # COMP
+ #
$(OPENSSL_PATH)/crypto/comp/comp_lib.c
$(OPENSSL_PATH)/crypto/comp/comp_err.c
$(OPENSSL_PATH)/crypto/comp/c_rle.c
$(OPENSSL_PATH)/crypto/comp/c_zlib.c

#
- # Disabled by OPENSSL_NO_ENGINE
+ # OCSP - Disabled by OPENSSL_NO_OCSP
#
- # $(OPENSSL_PATH)/crypto/engine/eng_err.c
- # $(OPENSSL_PATH)/crypto/engine/eng_lib.c
- # $(OPENSSL_PATH)/crypto/engine/eng_list.c
- # $(OPENSSL_PATH)/crypto/engine/eng_init.c
- # $(OPENSSL_PATH)/crypto/engine/eng_ctrl.c
- # $(OPENSSL_PATH)/crypto/engine/eng_table.c
- # $(OPENSSL_PATH)/crypto/engine/eng_pkey.c
- # $(OPENSSL_PATH)/crypto/engine/eng_fat.c
- # $(OPENSSL_PATH)/crypto/engine/eng_all.c
- # $(OPENSSL_PATH)/crypto/engine/tb_rsa.c
- # $(OPENSSL_PATH)/crypto/engine/tb_dsa.c
- # $(OPENSSL_PATH)/crypto/engine/tb_ecdsa.c
- # $(OPENSSL_PATH)/crypto/engine/tb_dh.c
- # $(OPENSSL_PATH)/crypto/engine/tb_ecdh.c
- # $(OPENSSL_PATH)/crypto/engine/tb_rand.c
- # $(OPENSSL_PATH)/crypto/engine/tb_store.c
- # $(OPENSSL_PATH)/crypto/engine/tb_cipher.c
- # $(OPENSSL_PATH)/crypto/engine/tb_digest.c
- # $(OPENSSL_PATH)/crypto/engine/eng_openssl.c
- # $(OPENSSL_PATH)/crypto/engine/eng_cnf.c
- # $(OPENSSL_PATH)/crypto/engine/eng_dyn.c
- # $(OPENSSL_PATH)/crypto/engine/eng_cryptodev.c
- # $(OPENSSL_PATH)/crypto/engine/eng_padlock.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c

#
- # Disabled by OPENSSL_NO_OCSP
+ # UI
#
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
-
- $(OPENSSL_PATH)/crypto/ui/ui_err.c
$(OPENSSL_PATH)/crypto/ui/ui_lib.c
-
#
- # Not required when OPENSSL_NO_STDIO is set, which is is for UEFI.
+ # Not Required by UEFI.
#
+ # $(OPENSSL_PATH)/crypto/ui/ui_err.c
# $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
-
$(OPENSSL_PATH)/crypto/ui/ui_util.c
$(OPENSSL_PATH)/crypto/ui/ui_compat.c
+
+ #
+ # KRB5
+ #
$(OPENSSL_PATH)/crypto/krb5/krb5_asn.c
- $(OPENSSL_PATH)/crypto/store/str_err.c
- $(OPENSSL_PATH)/crypto/store/str_lib.c
- $(OPENSSL_PATH)/crypto/store/str_meth.c
- $(OPENSSL_PATH)/crypto/store/str_mem.c
+
+ #
+ # CMS
+ #
+ # $(OPENSSL_PATH)/crypto/cms/cms_lib.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_asn1.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_att.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_io.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_smime.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_err.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_sd.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_dd.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_cd.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_env.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_enc.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_ess.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_pwri.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_kari.c
+
+ #
+ # PQUEUE
+ #
$(OPENSSL_PATH)/crypto/pqueue/pqueue.c

+ #
+ # TS
+ #
+ $(OPENSSL_PATH)/crypto/ts/ts_err.c
+ $(OPENSSL_PATH)/crypto/ts/ts_req_utils.c
+ $(OPENSSL_PATH)/crypto/ts/ts_req_print.c
+ $(OPENSSL_PATH)/crypto/ts/ts_rsp_utils.c
+ $(OPENSSL_PATH)/crypto/ts/ts_rsp_print.c
+ $(OPENSSL_PATH)/crypto/ts/ts_rsp_sign.c
+ $(OPENSSL_PATH)/crypto/ts/ts_rsp_verify.c
+ $(OPENSSL_PATH)/crypto/ts/ts_verify_ctx.c
+ $(OPENSSL_PATH)/crypto/ts/ts_lib.c
+ $(OPENSSL_PATH)/crypto/ts/ts_conf.c
+ $(OPENSSL_PATH)/crypto/ts/ts_asn1.c
+
+ #
+ # SRP - Disabled by OPENSSL_NO_SRP
+ #
+ # $(OPENSSL_PATH)/crypto/srp/srp_lib.c
+ # $(OPENSSL_PATH)/crypto/srp/srp_vfy.c
+
+ #
+ # CMAS
+ #
+ $(OPENSSL_PATH)/crypto/cmac/cmac.c
+ $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
+ $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
+
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
@@ -631,47 +880,44 @@
DebugLib

[BuildOptions]
- #
- # Override MSFT build option to remove /W4 (to silence warning messages when building OpenSSL).
- #
- MSFT:DEBUG_VS2003_IA32_CC_FLAGS == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_VS2003_IA32_CC_FLAGS == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_VS2003xASL_IA32_CC_FLAGS == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_VS2003xASL_IA32_CC_FLAGS == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_DDK3790_IA32_CC_FLAGS == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_DDK3790_IA32_CC_FLAGS == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_DDK3790xASL_IA32_CC_FLAGS == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_DDK3790xASL_IA32_CC_FLAGS == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_*_IA32_CC_FLAGS == /nologo /c /WX /GS- /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_*_IA32_CC_FLAGS == /nologo /c /WX /GS- /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:NOOPT_*_IA32_CC_FLAGS == /nologo /c /WX /GS- /Gs32768 /D UNICODE /Od /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_*_X64_CC_FLAGS == /nologo /c /WX /GS- /X /Gs32768 /D UNICODE /O1ib2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:RELEASE_*_X64_CC_FLAGS == /nologo /c /WX /GS- /X /Gs32768 /D UNICODE /O1ib2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:NOOPT_*_X64_CC_FLAGS == /nologo /c /WX /GS- /X /Gs32768 /D UNICODE /Od /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:DEBUG_*_IPF_CC_FLAGS == /nologo /c /WX /GS- /X /EHs-c- /GR- /Gy /Os /GL /FIAutoGen.h /QIPF_fr32 /Zi -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:RELEASE_*_IPF_CC_FLAGS == /nologo /c /WX /GS- /X /EHs-c- /GR- /Gy /Os /GL /FIAutoGen.h /QIPF_fr32 -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:NOOPT_*_IPF_CC_FLAGS == /nologo /c /WX /GS- /X /EHs-c- /GR- /Gy /Od /FIAutoGen.h /QIPF_fr32 /Zi -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- INTEL:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
- GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
- GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
- GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
- GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
-
- # suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
- # 1295: Deprecated declaration <entity> - give arg types
- # 550: <entity> was set but never used
- # 1293: assignment in condition
- # 111: statement is unreachable (invariably "break;" after "return X;" in case statement)
- # 68: integer conversion resulted in a change of sign ("if (Status == -1)")
- # 177: <entity> was declared but never referenced
- # 223: function <entity> declared implicitly
- # 144: a value of type <type> cannot be used to initialize an entity of type <type>
- # 513: a value of type <type> cannot be assigned to an entity of type <type>
- # 188: enumerated type mixed with another type (i.e. passing an integer as an enum without a cast)
- # 1296: Extended constant initialiser used
- RVCT:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188
- XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
- XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
\ No newline at end of file
+ #
+ # Disables the following Visual Studio compiler warnings brought by openssl source, so we do not break the build with /WX option:
+ # C4244: conversion from type1 to type2, possible loss of data
+ # C4702: unreachable code
+ # C4706: assignment within conditional expression
+ # C4133: incompatible types - from type1 to type2
+ # C4245: conversion from type1 to type2, signed/unsigned mismatch
+ # C4267: conversion from size_t to type, possible loss of data
+ # C4305: truncation from type1 to type2 of smaller size
+ # C4306: conversion from type1 to type2 of greater size
+ # C4702: Potentially uninitialized local variable name used
+ #
+ MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DTHIRTY_TWO_BIT /wd4244 /wd4701 /wd4702 /wd4706
+ MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706
+ MSFT:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706
+
+ INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+ INTEL:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+ GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+ GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+ GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+
+ # suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
+ # 1295: Deprecated declaration <entity> - give arg types
+ # 550: <entity> was set but never used
+ # 1293: assignment in condition
+ # 111: statement is unreachable (invariably "break;" after "return X;" in case statement)
+ # 68: integer conversion resulted in a change of sign ("if (Status == -1)")
+ # 177: <entity> was declared but never referenced
+ # 223: function <entity> declared implicitly
+ # 144: a value of type <type> cannot be used to initialize an entity of type <type>
+ # 513: a value of type <type> cannot be assigned to an entity of type <type>
+ # 188: enumerated type mixed with another type (i.e. passing an integer as an enum without a cast)
+ # 1296: Extended constant initialiser used
+ RVCT:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188
+ XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+ XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
index de60a5f..d24cc15 100644
--- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
+++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
@@ -4,49 +4,49 @@
================================================================================
OpenSSL is a well-known open source implementation of SSL and TLS protocols.
The core library implements the basic cryptographic functions and provides various
-utility functions. The OpenSSL library is widely used in variety of security
-products development as base crypto provider. (See http://www.openssl.org for more
+utility functions. The OpenSSL library is widely used in variety of security
+products development as base crypto provider. (See http://www.openssl.org for more
information for OpenSSL).
- UEFI (Unified Extensible Firmware Interface) is a specification detailing the
-interfaces between OS and platform firmware. Several security features were
-introduced (e.g. Authenticated Variable Service, Driver Signing, etc) from UEFI
-2.2 (http://www.uefi.org). These security features highly depends on the
+ UEFI (Unified Extensible Firmware Interface) is a specification detailing the
+interfaces between OS and platform firmware. Several security features were
+introduced (e.g. Authenticated Variable Service, Driver Signing, etc) from UEFI
+2.2 (http://www.uefi.org). These security features highly depends on the
cryptography. This patch will enable openssl building under UEFI environment.


================================================================================
OpenSSL-Version
================================================================================
- Current supported OpenSSL version for UEFI Crypto Library is 0.9.8zf.
- http://www.openssl.org/source/openssl-0.9.8zf.tar.gz
+ Current supported OpenSSL version for UEFI Crypto Library is 1.0.2a.
+ http://www.openssl.org/source/openssl-1.0.2a.tar.gz


================================================================================
HOW to Install Openssl for UEFI Building
================================================================================
-1. Download OpenSSL 0.9.8zf from official website:
- http://www.openssl.org/source/openssl-0.9.8zf.tar.gz
+1. Download OpenSSL 1.0.2a from official website:
+ http://www.openssl.org/source/openssl-1.0.2a.tar.gz

- NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8zf.tar.tar.
- When you do the download, rename the "openssl-0.9.8zf.tar.tar" to
- "openssl-0.9.8zf.tar.gz" or rename the local downloaded file with ".tar.tar"
+ NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2a.tar.tar.
+ When you do the download, rename the "openssl-1.0.2a.tar.tar" to
+ "openssl-1.0.2a.tar.gz" or rename the local downloaded file with ".tar.tar"
extension to ".tar.gz".

-2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8zf
+2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2a

- NOTE: If you use WinZip to unpack the openssl source in Windows, please
- uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
+ NOTE: If you use WinZip to unpack the openssl source in Windows, please
+ uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
-
-3. Apply this patch: EDKII_openssl-0.9.8zf.patch, and make installation
+
+3. Apply this patch: EDKII_openssl-1.0.2a.patch, and make installation

For Windows Environment:
------------------------
1) Make sure the patch utility has been installed in your machine.
- Install Cygwin or get the patch utility binary from
+ Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm
- 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8zf
- 3) patch -p0 -i ..\EDKII_openssl-0.9.8zf.patch
+ 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2a
+ 3) patch -p0 -i ..\EDKII_openssl-1.0.2a.patch
4) cd ..
5) Install.cmd

@@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment.
-----------------------
1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/
- 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8zf
- 3) patch -p0 -i ../EDKII_openssl-0.9.8zf.patch
+ 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2a
+ 3) patch -p0 -i ../EDKII_openssl-1.0.2a.patch
4) cd ..
5) ./Install.sh
--
1.9.5.msysgit.1


------------------------------------------------------------------------------
Ard Biesheuvel
2015-06-10 10:20:35 UTC
Permalink
Post by qlong
Contributed-under: TianoCore Contribution Agreement 1.0
---
CryptoPkg/Library/OpensslLib/Install.cmd | 146 ++++---
CryptoPkg/Library/OpensslLib/Install.sh | 146 ++++---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 620 +++++++++++++++++++--------
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 46 +-
4 files changed, 608 insertions(+), 350 deletions(-)
diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd b/CryptoPkg/Library/OpensslLib/Install.cmd
index 8f1d016..a633f57 100755
--- a/CryptoPkg/Library/OpensslLib/Install.cmd
+++ b/CryptoPkg/Library/OpensslLib/Install.cmd
@@ -1,71 +1,77 @@
-cd openssl-0.9.8zf
-copy e_os2.h ..\..\..\Include\openssl
-copy crypto\crypto.h ..\..\..\Include\openssl
-copy crypto\tmdiff.h ..\..\..\Include\openssl
-copy crypto\opensslv.h ..\..\..\Include\openssl
-copy crypto\opensslconf.h ..\..\..\Include\openssl
-copy crypto\ebcdic.h ..\..\..\Include\openssl
-copy crypto\symhacks.h ..\..\..\Include\openssl
-copy crypto\ossl_typ.h ..\..\..\Include\openssl
-copy crypto\md2\md2.h ..\..\..\Include\openssl
-copy crypto\md4\md4.h ..\..\..\Include\openssl
-copy crypto\md5\md5.h ..\..\..\Include\openssl
-copy crypto\sha\sha.h ..\..\..\Include\openssl
-copy crypto\hmac\hmac.h ..\..\..\Include\openssl
-copy crypto\ripemd\ripemd.h ..\..\..\Include\openssl
-copy crypto\des\des.h ..\..\..\Include\openssl
-copy crypto\des\des_old.h ..\..\..\Include\openssl
-copy crypto\rc2\rc2.h ..\..\..\Include\openssl
-copy crypto\rc4\rc4.h ..\..\..\Include\openssl
-copy crypto\idea\idea.h ..\..\..\Include\openssl
-copy crypto\bf\blowfish.h ..\..\..\Include\openssl
-copy crypto\cast\cast.h ..\..\..\Include\openssl
-copy crypto\aes\aes.h ..\..\..\Include\openssl
-copy crypto\bn\bn.h ..\..\..\Include\openssl
-copy crypto\rsa\rsa.h ..\..\..\Include\openssl
-copy crypto\dsa\dsa.h ..\..\..\Include\openssl
-copy crypto\dso\dso.h ..\..\..\Include\openssl
-copy crypto\dh\dh.h ..\..\..\Include\openssl
-copy crypto\ec\ec.h ..\..\..\Include\openssl
-copy crypto\ecdh\ecdh.h ..\..\..\Include\openssl
-copy crypto\ecdsa\ecdsa.h ..\..\..\Include\openssl
-copy crypto\buffer\buffer.h ..\..\..\Include\openssl
-copy crypto\bio\bio.h ..\..\..\Include\openssl
-copy crypto\stack\stack.h ..\..\..\Include\openssl
-copy crypto\stack\safestack.h ..\..\..\Include\openssl
-copy crypto\lhash\lhash.h ..\..\..\Include\openssl
-copy crypto\rand\rand.h ..\..\..\Include\openssl
-copy crypto\err\err.h ..\..\..\Include\openssl
-copy crypto\objects\objects.h ..\..\..\Include\openssl
-copy crypto\objects\obj_mac.h ..\..\..\Include\openssl
-copy crypto\evp\evp.h ..\..\..\Include\openssl
-copy crypto\asn1\asn1.h ..\..\..\Include\openssl
-copy crypto\asn1\asn1_mac.h ..\..\..\Include\openssl
-copy crypto\asn1\asn1t.h ..\..\..\Include\openssl
-copy crypto\pem\pem.h ..\..\..\Include\openssl
-copy crypto\pem\pem2.h ..\..\..\Include\openssl
-copy crypto\x509\x509.h ..\..\..\Include\openssl
-copy crypto\x509\x509_vfy.h ..\..\..\Include\openssl
-copy crypto\x509v3\x509v3.h ..\..\..\Include\openssl
-copy crypto\conf\conf.h ..\..\..\Include\openssl
-copy crypto\conf\conf_api.h ..\..\..\Include\openssl
-copy crypto\txt_db\txt_db.h ..\..\..\Include\openssl
-copy crypto\pkcs7\pkcs7.h ..\..\..\Include\openssl
-copy crypto\pkcs12\pkcs12.h ..\..\..\Include\openssl
-copy crypto\comp\comp.h ..\..\..\Include\openssl
-copy crypto\engine\engine.h ..\..\..\Include\openssl
-copy crypto\ocsp\ocsp.h ..\..\..\Include\openssl
-copy crypto\ui\ui.h ..\..\..\Include\openssl
-copy crypto\ui\ui_compat.h ..\..\..\Include\openssl
-copy crypto\krb5\krb5_asn.h ..\..\..\Include\openssl
-copy crypto\store\store.h ..\..\..\Include\openssl
-copy crypto\pqueue\pqueue.h ..\..\..\Include\openssl
-copy crypto\pqueue\pq_compat.h ..\..\..\Include\openssl
-copy ssl\ssl.h ..\..\..\Include\openssl
-copy ssl\ssl2.h ..\..\..\Include\openssl
-copy ssl\ssl3.h ..\..\..\Include\openssl
-copy ssl\ssl23.h ..\..\..\Include\openssl
-copy ssl\tls1.h ..\..\..\Include\openssl
-copy ssl\dtls1.h ..\..\..\Include\openssl
-copy ssl\kssl.h ..\..\..\Include\openssl
+cd openssl-1.0.2a
+copy e_os2.h ..\..\..\Include\openssl
+copy crypto\crypto.h ..\..\..\Include\openssl
I understand that it is neater to line up the paths on the right hand
side, but it completely obfuscates the actual changes you made.

For now, I think it is fine, but next time, please try to split
unrelated white space changes into a separate patch so reviewers can
actually tell easily what you changed.
Post by qlong
+copy crypto\opensslv.h ..\..\..\Include\openssl
+copy crypto\opensslconf.h ..\..\..\Include\openssl
+copy crypto\ebcdic.h ..\..\..\Include\openssl
+copy crypto\symhacks.h ..\..\..\Include\openssl
+copy crypto\ossl_typ.h ..\..\..\Include\openssl
+copy crypto\objects\objects.h ..\..\..\Include\openssl
+copy crypto\objects\obj_mac.h ..\..\..\Include\openssl
+copy crypto\md4\md4.h ..\..\..\Include\openssl
+copy crypto\md5\md5.h ..\..\..\Include\openssl
+copy crypto\sha\sha.h ..\..\..\Include\openssl
+copy crypto\mdc2\mdc2.h ..\..\..\Include\openssl
+copy crypto\hmac\hmac.h ..\..\..\Include\openssl
+copy crypto\ripemd\ripemd.h ..\..\..\Include\openssl
+copy crypto\whrlpool\whrlpool.h ..\..\..\Include\openssl
+copy crypto\des\des.h ..\..\..\Include\openssl
+copy crypto\des\des_old.h ..\..\..\Include\openssl
+copy crypto\aes\aes.h ..\..\..\Include\openssl
+copy crypto\rc2\rc2.h ..\..\..\Include\openssl
+copy crypto\rc4\rc4.h ..\..\..\Include\openssl
+copy crypto\idea\idea.h ..\..\..\Include\openssl
+copy crypto\bf\blowfish.h ..\..\..\Include\openssl
+copy crypto\cast\cast.h ..\..\..\Include\openssl
+copy crypto\camellia\camellia.h ..\..\..\Include\openssl
+copy crypto\seed\seed.h ..\..\..\Include\openssl
+copy crypto\modes\modes.h ..\..\..\Include\openssl
+copy crypto\bn\bn.h ..\..\..\Include\openssl
+copy crypto\ec\ec.h ..\..\..\Include\openssl
+copy crypto\rsa\rsa.h ..\..\..\Include\openssl
+copy crypto\dsa\dsa.h ..\..\..\Include\openssl
+copy crypto\ecdsa\ecdsa.h ..\..\..\Include\openssl
+copy crypto\dh\dh.h ..\..\..\Include\openssl
+copy crypto\ecdh\ecdh.h ..\..\..\Include\openssl
+copy crypto\dso\dso.h ..\..\..\Include\openssl
+copy crypto\engine\engine.h ..\..\..\Include\openssl
+copy crypto\buffer\buffer.h ..\..\..\Include\openssl
+copy crypto\bio\bio.h ..\..\..\Include\openssl
+copy crypto\stack\stack.h ..\..\..\Include\openssl
+copy crypto\stack\safestack.h ..\..\..\Include\openssl
+copy crypto\lhash\lhash.h ..\..\..\Include\openssl
+copy crypto\rand\rand.h ..\..\..\Include\openssl
+copy crypto\err\err.h ..\..\..\Include\openssl
+copy crypto\evp\evp.h ..\..\..\Include\openssl
+copy crypto\asn1\asn1.h ..\..\..\Include\openssl
+copy crypto\asn1\asn1_mac.h ..\..\..\Include\openssl
+copy crypto\asn1\asn1t.h ..\..\..\Include\openssl
+copy crypto\pem\pem.h ..\..\..\Include\openssl
+copy crypto\pem\pem2.h ..\..\..\Include\openssl
+copy crypto\x509\x509.h ..\..\..\Include\openssl
+copy crypto\x509\x509_vfy.h ..\..\..\Include\openssl
+copy crypto\x509v3\x509v3.h ..\..\..\Include\openssl
+copy crypto\conf\conf.h ..\..\..\Include\openssl
+copy crypto\conf\conf_api.h ..\..\..\Include\openssl
+copy crypto\txt_db\txt_db.h ..\..\..\Include\openssl
+copy crypto\pkcs7\pkcs7.h ..\..\..\Include\openssl
+copy crypto\pkcs12\pkcs12.h ..\..\..\Include\openssl
+copy crypto\comp\comp.h ..\..\..\Include\openssl
+copy crypto\ocsp\ocsp.h ..\..\..\Include\openssl
+copy crypto\ui\ui.h ..\..\..\Include\openssl
+copy crypto\ui\ui_compat.h ..\..\..\Include\openssl
+copy crypto\krb5\krb5_asn.h ..\..\..\Include\openssl
+copy crypto\cms\cms.h ..\..\..\Include\openssl
+copy crypto\pqueue\pqueue.h ..\..\..\Include\openssl
+copy crypto\ts\ts.h ..\..\..\Include\openssl
+copy crypto\srp\srp.h ..\..\..\Include\openssl
+copy crypto\cmac\cmac.h ..\..\..\Include\openssl
+copy ssl\ssl.h ..\..\..\Include\openssl
+copy ssl\ssl2.h ..\..\..\Include\openssl
+copy ssl\ssl3.h ..\..\..\Include\openssl
+copy ssl\ssl23.h ..\..\..\Include\openssl
+copy ssl\tls1.h ..\..\..\Include\openssl
+copy ssl\dtls1.h ..\..\..\Include\openssl
+copy ssl\kssl.h ..\..\..\Include\openssl
+copy ssl\srtp.h ..\..\..\Include\openssl
cd ..
diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh
index 4a022e6..6973ab7 100755
--- a/CryptoPkg/Library/OpensslLib/Install.sh
+++ b/CryptoPkg/Library/OpensslLib/Install.sh
@@ -1,73 +1,79 @@
#!/bin/sh
-cd openssl-0.9.8zf
-cp e_os2.h ../../../Include/openssl
-cp crypto/crypto.h ../../../Include/openssl
-cp crypto/tmdiff.h ../../../Include/openssl
-cp crypto/opensslv.h ../../../Include/openssl
-cp crypto/opensslconf.h ../../../Include/openssl
-cp crypto/ebcdic.h ../../../Include/openssl
-cp crypto/symhacks.h ../../../Include/openssl
-cp crypto/ossl_typ.h ../../../Include/openssl
-cp crypto/md2/md2.h ../../../Include/openssl
-cp crypto/md4/md4.h ../../../Include/openssl
-cp crypto/md5/md5.h ../../../Include/openssl
-cp crypto/sha/sha.h ../../../Include/openssl
-cp crypto/hmac/hmac.h ../../../Include/openssl
-cp crypto/ripemd/ripemd.h ../../../Include/openssl
-cp crypto/des/des.h ../../../Include/openssl
-cp crypto/des/des_old.h ../../../Include/openssl
-cp crypto/rc2/rc2.h ../../../Include/openssl
-cp crypto/rc4/rc4.h ../../../Include/openssl
-cp crypto/idea/idea.h ../../../Include/openssl
-cp crypto/bf/blowfish.h ../../../Include/openssl
-cp crypto/cast/cast.h ../../../Include/openssl
-cp crypto/aes/aes.h ../../../Include/openssl
-cp crypto/bn/bn.h ../../../Include/openssl
-cp crypto/rsa/rsa.h ../../../Include/openssl
-cp crypto/dsa/dsa.h ../../../Include/openssl
-cp crypto/dso/dso.h ../../../Include/openssl
-cp crypto/dh/dh.h ../../../Include/openssl
-cp crypto/ec/ec.h ../../../Include/openssl
-cp crypto/ecdh/ecdh.h ../../../Include/openssl
-cp crypto/ecdsa/ecdsa.h ../../../Include/openssl
-cp crypto/buffer/buffer.h ../../../Include/openssl
-cp crypto/bio/bio.h ../../../Include/openssl
-cp crypto/stack/stack.h ../../../Include/openssl
-cp crypto/stack/safestack.h ../../../Include/openssl
-cp crypto/lhash/lhash.h ../../../Include/openssl
-cp crypto/rand/rand.h ../../../Include/openssl
-cp crypto/err/err.h ../../../Include/openssl
-cp crypto/objects/objects.h ../../../Include/openssl
-cp crypto/objects/obj_mac.h ../../../Include/openssl
-cp crypto/evp/evp.h ../../../Include/openssl
-cp crypto/asn1/asn1.h ../../../Include/openssl
-cp crypto/asn1/asn1_mac.h ../../../Include/openssl
-cp crypto/asn1/asn1t.h ../../../Include/openssl
-cp crypto/pem/pem.h ../../../Include/openssl
-cp crypto/pem/pem2.h ../../../Include/openssl
-cp crypto/x509/x509.h ../../../Include/openssl
-cp crypto/x509/x509_vfy.h ../../../Include/openssl
-cp crypto/x509v3/x509v3.h ../../../Include/openssl
-cp crypto/conf/conf.h ../../../Include/openssl
-cp crypto/conf/conf_api.h ../../../Include/openssl
-cp crypto/txt_db/txt_db.h ../../../Include/openssl
-cp crypto/pkcs7/pkcs7.h ../../../Include/openssl
-cp crypto/pkcs12/pkcs12.h ../../../Include/openssl
-cp crypto/comp/comp.h ../../../Include/openssl
-cp crypto/engine/engine.h ../../../Include/openssl
-cp crypto/ocsp/ocsp.h ../../../Include/openssl
-cp crypto/ui/ui.h ../../../Include/openssl
-cp crypto/ui/ui_compat.h ../../../Include/openssl
-cp crypto/krb5/krb5_asn.h ../../../Include/openssl
-cp crypto/store/store.h ../../../Include/openssl
-cp crypto/pqueue/pqueue.h ../../../Include/openssl
-cp crypto/pqueue/pq_compat.h ../../../Include/openssl
-cp ssl/ssl.h ../../../Include/openssl
-cp ssl/ssl2.h ../../../Include/openssl
-cp ssl/ssl3.h ../../../Include/openssl
-cp ssl/ssl23.h ../../../Include/openssl
-cp ssl/tls1.h ../../../Include/openssl
-cp ssl/dtls1.h ../../../Include/openssl
-cp ssl/kssl.h ../../../Include/openssl
+cd openssl-1.0.2a
+cp e_os2.h ../../../Include/openssl
+cp crypto/crypto.h ../../../Include/openssl
+cp crypto/opensslv.h ../../../Include/openssl
+cp crypto/opensslconf.h ../../../Include/openssl
+cp crypto/ebcdic.h ../../../Include/openssl
+cp crypto/symhacks.h ../../../Include/openssl
+cp crypto/ossl_typ.h ../../../Include/openssl
+cp crypto/objects/objects.h ../../../Include/openssl
+cp crypto/objects/obj_mac.h ../../../Include/openssl
+cp crypto/md4/md4.h ../../../Include/openssl
+cp crypto/md5/md5.h ../../../Include/openssl
+cp crypto/sha/sha.h ../../../Include/openssl
+cp crypto/mdc2/mdc2.h ../../../Include/openssl
+cp crypto/hmac/hmac.h ../../../Include/openssl
+cp crypto/ripemd/ripemd.h ../../../Include/openssl
+cp crypto/whrlpool/whrlpool.h ../../../Include/openssl
+cp crypto/des/des.h ../../../Include/openssl
+cp crypto/des/des_old.h ../../../Include/openssl
+cp crypto/aes/aes.h ../../../Include/openssl
+cp crypto/rc2/rc2.h ../../../Include/openssl
+cp crypto/rc4/rc4.h ../../../Include/openssl
+cp crypto/idea/idea.h ../../../Include/openssl
+cp crypto/bf/blowfish.h ../../../Include/openssl
+cp crypto/cast/cast.h ../../../Include/openssl
+cp crypto/camellia/camellia.h ../../../Include/openssl
+cp crypto/seed/seed.h ../../../Include/openssl
+cp crypto/modes/modes.h ../../../Include/openssl
+cp crypto/bn/bn.h ../../../Include/openssl
+cp crypto/ec/ec.h ../../../Include/openssl
+cp crypto/rsa/rsa.h ../../../Include/openssl
+cp crypto/dsa/dsa.h ../../../Include/openssl
+cp crypto/ecdsa/ecdsa.h ../../../Include/openssl
+cp crypto/dh/dh.h ../../../Include/openssl
+cp crypto/ecdh/ecdh.h ../../../Include/openssl
+cp crypto/dso/dso.h ../../../Include/openssl
+cp crypto/engine/engine.h ../../../Include/openssl
+cp crypto/buffer/buffer.h ../../../Include/openssl
+cp crypto/bio/bio.h ../../../Include/openssl
+cp crypto/stack/stack.h ../../../Include/openssl
+cp crypto/stack/safestack.h ../../../Include/openssl
+cp crypto/lhash/lhash.h ../../../Include/openssl
+cp crypto/rand/rand.h ../../../Include/openssl
+cp crypto/err/err.h ../../../Include/openssl
+cp crypto/evp/evp.h ../../../Include/openssl
+cp crypto/asn1/asn1.h ../../../Include/openssl
+cp crypto/asn1/asn1_mac.h ../../../Include/openssl
+cp crypto/asn1/asn1t.h ../../../Include/openssl
+cp crypto/pem/pem.h ../../../Include/openssl
+cp crypto/pem/pem2.h ../../../Include/openssl
+cp crypto/x509/x509.h ../../../Include/openssl
+cp crypto/x509/x509_vfy.h ../../../Include/openssl
+cp crypto/x509v3/x509v3.h ../../../Include/openssl
+cp crypto/conf/conf.h ../../../Include/openssl
+cp crypto/conf/conf_api.h ../../../Include/openssl
+cp crypto/txt_db/txt_db.h ../../../Include/openssl
+cp crypto/pkcs7/pkcs7.h ../../../Include/openssl
+cp crypto/pkcs12/pkcs12.h ../../../Include/openssl
+cp crypto/comp/comp.h ../../../Include/openssl
+cp crypto/ocsp/ocsp.h ../../../Include/openssl
+cp crypto/ui/ui.h ../../../Include/openssl
+cp crypto/ui/ui_compat.h ../../../Include/openssl
+cp crypto/krb5/krb5_asn.h ../../../Include/openssl
+cp crypto/cms/cms.h ../../../Include/openssl
+cp crypto/pqueue/pqueue.h ../../../Include/openssl
+cp crypto/ts/ts.h ../../../Include/openssl
+cp crypto/srp/srp.h ../../../Include/openssl
+cp crypto/cmac/cmac.h ../../../Include/openssl
+cp ssl/ssl.h ../../../Include/openssl
+cp ssl/ssl2.h ../../../Include/openssl
+cp ssl/ssl3.h ../../../Include/openssl
+cp ssl/ssl23.h ../../../Include/openssl
+cp ssl/tls1.h ../../../Include/openssl
+cp ssl/dtls1.h ../../../Include/openssl
+cp ssl/kssl.h ../../../Include/openssl
+cp ssl/srtp.h ../../../Include/openssl
cd ..
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index f564145..ee7dbd8 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -20,9 +20,9 @@
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
- DEFINE OPENSSL_PATH = openssl-0.9.8zf
- DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
- DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_MD2 -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ENGINE
+ DEFINE OPENSSL_PATH = openssl-1.0.2a
+ DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
+ DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP -DOPENSSL_NO_ENGINE
#
# OPENSSL_FLAGS is set to define the following flags to be compatible with
@@ -46,6 +46,7 @@
# OPENSSL_NO_DYNAMIC_ENGINE
# GETPID_IS_MEANINGLESS
# OPENSSL_NO_STDIO
+# OPENSSL_NO_POSIX_IO
# OPENSSL_NO_FP_API
# OPENSSL_NO_DGRAM
# OPENSSL_NO_ASM
@@ -58,80 +59,122 @@
[Sources]
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/crypto/cryptlib.c
- $(OPENSSL_PATH)/crypto/dyn_lck.c
$(OPENSSL_PATH)/crypto/mem.c
$(OPENSSL_PATH)/crypto/mem_clr.c
$(OPENSSL_PATH)/crypto/mem_dbg.c
$(OPENSSL_PATH)/crypto/cversion.c
$(OPENSSL_PATH)/crypto/ex_data.c
-
- #
- # Not required for UEFI.
- #
- # $(OPENSSL_PATH)/crypto/tmdiff.c
-
$(OPENSSL_PATH)/crypto/cpt_err.c
$(OPENSSL_PATH)/crypto/ebcdic.c
$(OPENSSL_PATH)/crypto/uid.c
$(OPENSSL_PATH)/crypto/o_time.c
$(OPENSSL_PATH)/crypto/o_str.c
$(OPENSSL_PATH)/crypto/o_dir.c
+ $(OPENSSL_PATH)/crypto/o_fips.c
$(OPENSSL_PATH)/crypto/o_init.c
- $(OPENSSL_PATH)/crypto/fips_err.c
+ $(OPENSSL_PATH)/crypto/fips_ers.c
#
- # DIsabled by OPENSSL_NO_MD2
+ # OBJECTS
+ #
+ $(OPENSSL_PATH)/crypto/objects/o_names.c
+ $(OPENSSL_PATH)/crypto/objects/obj_dat.c
+ $(OPENSSL_PATH)/crypto/objects/obj_lib.c
+ $(OPENSSL_PATH)/crypto/objects/obj_err.c
+ $(OPENSSL_PATH)/crypto/objects/obj_xref.c
+
+ #
+ # MD4
#
- # $(OPENSSL_PATH)/crypto/md2/md2_dgst.c
- # $(OPENSSL_PATH)/crypto/md2/md2_one.c
$(OPENSSL_PATH)/crypto/md4/md4_dgst.c
$(OPENSSL_PATH)/crypto/md4/md4_one.c
+
+ #
+ # MD5
+ #
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
+
+ #
+ # SHA
+ #
$(OPENSSL_PATH)/crypto/sha/sha_dgst.c
$(OPENSSL_PATH)/crypto/sha/sha1dgst.c
$(OPENSSL_PATH)/crypto/sha/sha_one.c
$(OPENSSL_PATH)/crypto/sha/sha1_one.c
$(OPENSSL_PATH)/crypto/sha/sha256.c
$(OPENSSL_PATH)/crypto/sha/sha512.c
+
+ #
+ # MDC2 - Disabled by OPENSSL_NO_MDC2
+ #
+ # $(OPENSSL_PATH)/crypto/mdc2/mdc2dgst.c
+ # $(OPENSSL_PATH)/crypto/mdc2/mdc2_one.c
+
+ #
+ # HMAC
+ #
$(OPENSSL_PATH)/crypto/hmac/hmac.c
+ $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
+ $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
#
- # Disabled by OPENSSL_NO_RIPEMD
+ # RIPEMD - Disabled by OPENSSL_NO_RIPEMD
#
# $(OPENSSL_PATH)/crypto/ripemd/rmd_dgst.c
# $(OPENSSL_PATH)/crypto/ripemd/rmd_one.c
- $(OPENSSL_PATH)/crypto/des/des_lib.c
- $(OPENSSL_PATH)/crypto/des/set_key.c
- $(OPENSSL_PATH)/crypto/des/ecb_enc.c
+ #
+ # WHIRLPOOL - Disabled by OPENSSL_NO_WHIRLPOOL
+ #
+ # $(OPENSSL_PATH)/crypto/whrlpool/wp_dgst.c
+ # $(OPENSSL_PATH)/crypto/whrlpool/wp_block.c
+
+ #
+ # DES
+ #
+ $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
$(OPENSSL_PATH)/crypto/des/cbc_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
$(OPENSSL_PATH)/crypto/des/cfb64enc.c
- $(OPENSSL_PATH)/crypto/des/cfb64ede.c
$(OPENSSL_PATH)/crypto/des/cfb_enc.c
- $(OPENSSL_PATH)/crypto/des/ofb64ede.c
+ $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
+ $(OPENSSL_PATH)/crypto/des/ecb_enc.c
$(OPENSSL_PATH)/crypto/des/enc_read.c
$(OPENSSL_PATH)/crypto/des/enc_writ.c
+ $(OPENSSL_PATH)/crypto/des/fcrypt.c
$(OPENSSL_PATH)/crypto/des/ofb64enc.c
$(OPENSSL_PATH)/crypto/des/ofb_enc.c
- $(OPENSSL_PATH)/crypto/des/str2key.c
$(OPENSSL_PATH)/crypto/des/pcbc_enc.c
$(OPENSSL_PATH)/crypto/des/qud_cksm.c
$(OPENSSL_PATH)/crypto/des/rand_key.c
+ $(OPENSSL_PATH)/crypto/des/rpc_enc.c
+ $(OPENSSL_PATH)/crypto/des/set_key.c
$(OPENSSL_PATH)/crypto/des/des_enc.c
$(OPENSSL_PATH)/crypto/des/fcrypt_b.c
- $(OPENSSL_PATH)/crypto/des/fcrypt.c
$(OPENSSL_PATH)/crypto/des/xcbc_enc.c
- $(OPENSSL_PATH)/crypto/des/rpc_enc.c
- $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
+ $(OPENSSL_PATH)/crypto/des/str2key.c
+ $(OPENSSL_PATH)/crypto/des/cfb64ede.c
+ $(OPENSSL_PATH)/crypto/des/ofb64ede.c
$(OPENSSL_PATH)/crypto/des/ede_cbcm_enc.c
$(OPENSSL_PATH)/crypto/des/des_old.c
$(OPENSSL_PATH)/crypto/des/des_old2.c
$(OPENSSL_PATH)/crypto/des/read2pwd.c
#
- # Disabled by OPENSSL_NO_RC2
+ # AES
+ #
+ $(OPENSSL_PATH)/crypto/aes/aes_core.c
+ $(OPENSSL_PATH)/crypto/aes/aes_misc.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
+ $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ctr.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ige.c
+ $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
+
+ #
+ # RC2 - Disabled by OPENSSL_NO_RC2
#
# $(OPENSSL_PATH)/crypto/rc2/rc2_ecb.c
# $(OPENSSL_PATH)/crypto/rc2/rc2_skey.c
@@ -139,28 +182,42 @@
# $(OPENSSL_PATH)/crypto/rc2/rc2cfb64.c
# $(OPENSSL_PATH)/crypto/rc2/rc2ofb64.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
+ #
+ # RC4
+ #
$(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_fblk.c
+ $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
+ $(OPENSSL_PATH)/crypto/rc4/rc4_utl.c
+
+ #
+ # RC5 - Disabled by OPENSSL_NO_RC5
+ #
+ # $(OPENSSL_PATH)/crypto/rc5/rc5_skey.c
+ # $(OPENSSL_PATH)/crypto/rc5/rc5_ecb.c
+ # $(OPENSSL_PATH)/crypto/rc5/rc5_enc.c
+ # $(OPENSSL_PATH)/crypto/rc5/rc5cfb64.c
+ # $(OPENSSL_PATH)/crypto/rc5/rc5ofb64.c
#
- # Disabled by OPENSSL_NO_IDEA
+ # IDEA - Disabled by OPENSSL_NO_IDEA
#
# $(OPENSSL_PATH)/crypto/idea/i_cbc.c
# $(OPENSSL_PATH)/crypto/idea/i_cfb64.c
# $(OPENSSL_PATH)/crypto/idea/i_ofb64.c
# $(OPENSSL_PATH)/crypto/idea/i_ecb.c
# $(OPENSSL_PATH)/crypto/idea/i_skey.c
+
#
- # Disabled by OPENSSL_NO_BF
+ # BLOWFISH - Disabled by OPENSSL_NO_BF
#
# $(OPENSSL_PATH)/crypto/bf/bf_skey.c
# $(OPENSSL_PATH)/crypto/bf/bf_ecb.c
# $(OPENSSL_PATH)/crypto/bf/bf_enc.c
# $(OPENSSL_PATH)/crypto/bf/bf_cfb64.c
# $(OPENSSL_PATH)/crypto/bf/bf_ofb64.c
+
#
- # Disabled by OPENSSL_NO_CAST
+ # CAST - Disabled by OPENSSL_NO_CAST
#
# $(OPENSSL_PATH)/crypto/cast/c_skey.c
# $(OPENSSL_PATH)/crypto/cast/c_ecb.c
@@ -168,15 +225,43 @@
# $(OPENSSL_PATH)/crypto/cast/c_cfb64.c
# $(OPENSSL_PATH)/crypto/cast/c_ofb64.c
- $(OPENSSL_PATH)/crypto/aes/aes_misc.c
- $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
- $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
- $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
- $(OPENSSL_PATH)/crypto/aes/aes_ctr.c
- $(OPENSSL_PATH)/crypto/aes/aes_ige.c
- $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
- $(OPENSSL_PATH)/crypto/aes/aes_core.c
- $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
+ #
+ # CAMELLIA - Disabled by OPENSSL_NO_CAMELLIA
+ #
+ # $(OPENSSL_PATH)/crypto/camellia/camellia.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_misc.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_ecb.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_cbc.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_ofb.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_cfb.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_ctr.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_utl.c
+
+ #
+ # SEED - Disabled by OPENSSL_NO_SEED
+ #
+ # $(OPENSSL_PATH)/crypto/seed/seed.c
+ # $(OPENSSL_PATH)/crypto/seed/seed_ecb.c
+ # $(OPENSSL_PATH)/crypto/seed/seed_cbc.c
+ # $(OPENSSL_PATH)/crypto/seed/seed_cfb.c
+ # $(OPENSSL_PATH)/crypto/seed/seed_ofb.c
+
+ #
+ # MODES
+ #
+ $(OPENSSL_PATH)/crypto/modes/cbc128.c
+ $(OPENSSL_PATH)/crypto/modes/ctr128.c
+ $(OPENSSL_PATH)/crypto/modes/cts128.c
+ $(OPENSSL_PATH)/crypto/modes/cfb128.c
+ $(OPENSSL_PATH)/crypto/modes/ofb128.c
+ $(OPENSSL_PATH)/crypto/modes/gcm128.c
+ $(OPENSSL_PATH)/crypto/modes/ccm128.c
+ $(OPENSSL_PATH)/crypto/modes/xts128.c
+ $(OPENSSL_PATH)/crypto/modes/wrap128.c
+
+ #
+ # BIGNUM
+ #
$(OPENSSL_PATH)/crypto/bn/bn_add.c
$(OPENSSL_PATH)/crypto/bn/bn_div.c
$(OPENSSL_PATH)/crypto/bn/bn_exp.c
@@ -203,9 +288,40 @@
$(OPENSSL_PATH)/crypto/bn/bn_gf2m.c
$(OPENSSL_PATH)/crypto/bn/bn_nist.c
$(OPENSSL_PATH)/crypto/bn/bn_depr.c
- $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
$(OPENSSL_PATH)/crypto/bn/bn_const.c
- $(OPENSSL_PATH)/crypto/bn/bn_opt.c
+ $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
+
+ #
+ # ELLIPTIC CURVE - Disabled by OPENSSL_NO_EC
+ #
+ # $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_err.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_check.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_print.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_key.c
+ # $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+ # $(OPENSSL_PATH)/crypto/ec/ec2_mult.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+ # $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+ # $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+
+ #
+ # RSA
+ #
$(OPENSSL_PATH)/crypto/rsa/rsa_eay.c
$(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
$(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
@@ -220,13 +336,15 @@
$(OPENSSL_PATH)/crypto/rsa/rsa_null.c
$(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
$(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
$(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
$(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_eng.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c
#
- # Disabled by OPENSSL_NO_DSA
+ # DSA - Disabled by OPENSSL_NO_DSA
#
# $(OPENSSL_PATH)/crypto/dsa/dsa_gen.c
# $(OPENSSL_PATH)/crypto/dsa/dsa_key.c
@@ -237,16 +355,23 @@
# $(OPENSSL_PATH)/crypto/dsa/dsa_err.c
# $(OPENSSL_PATH)/crypto/dsa/dsa_ossl.c
# $(OPENSSL_PATH)/crypto/dsa/dsa_depr.c
- # $(OPENSSL_PATH)/crypto/dsa/dsa_utl.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_ameth.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_pmeth.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_prn.c
- $(OPENSSL_PATH)/crypto/dso/dso_dl.c
- $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
- $(OPENSSL_PATH)/crypto/dso/dso_err.c
- $(OPENSSL_PATH)/crypto/dso/dso_lib.c
- $(OPENSSL_PATH)/crypto/dso/dso_null.c
- $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
- $(OPENSSL_PATH)/crypto/dso/dso_win32.c
- $(OPENSSL_PATH)/crypto/dso/dso_vms.c
+ #
+ # ECDSA - Disabled by OPENSSL_NO_ECDSA
+ #
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_lib.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_asn1.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_ossl.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_sign.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_vrf.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_err.c
+
+ #
+ # DIFFIE-HELLMAN
+ #
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
$(OPENSSL_PATH)/crypto/dh/dh_gen.c
$(OPENSSL_PATH)/crypto/dh/dh_key.c
@@ -254,44 +379,73 @@
$(OPENSSL_PATH)/crypto/dh/dh_check.c
$(OPENSSL_PATH)/crypto/dh/dh_err.c
$(OPENSSL_PATH)/crypto/dh/dh_depr.c
+ $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
+ $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
+ $(OPENSSL_PATH)/crypto/dh/dh_prn.c
+ $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
+ # $(OPENSSL_PATH)/crypto/dh/dh_kdf.c
#
- # Disabled by OPENSSL_NO_EC
- #
- # $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- # $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- # $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- # $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- # $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- # $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- # $(OPENSSL_PATH)/crypto/ec/ec_err.c
- # $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- # $(OPENSSL_PATH)/crypto/ec/ec_check.c
- # $(OPENSSL_PATH)/crypto/ec/ec_print.c
- # $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- # $(OPENSSL_PATH)/crypto/ec/ec_key.c
- # $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- # $(OPENSSL_PATH)/crypto/ec/ec2_mult.c
- #
- # Disabled by OPENSSL_NO_ECDH
+ # ECDH - Disabled by OPENSSL_NO_ECDH
#
# $(OPENSSL_PATH)/crypto/ecdh/ech_lib.c
# $(OPENSSL_PATH)/crypto/ecdh/ech_ossl.c
# $(OPENSSL_PATH)/crypto/ecdh/ech_key.c
# $(OPENSSL_PATH)/crypto/ecdh/ech_err.c
+ # $(OPENSSL_PATH)/crypto/ecdh/ech_kdf.c
+
#
- # Disabled by OPENSSL_NO_ECDSA
+ # DSO
#
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_lib.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_asn1.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_ossl.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_sign.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_vrf.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_err.c
+ $(OPENSSL_PATH)/crypto/dso/dso_dl.c
+ $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
+ $(OPENSSL_PATH)/crypto/dso/dso_err.c
+ $(OPENSSL_PATH)/crypto/dso/dso_lib.c
+ $(OPENSSL_PATH)/crypto/dso/dso_null.c
+ $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
+ $(OPENSSL_PATH)/crypto/dso/dso_win32.c
+ $(OPENSSL_PATH)/crypto/dso/dso_vms.c
+ $(OPENSSL_PATH)/crypto/dso/dso_beos.c
+
+ #
+ # ENGINE - Disabled by OPENSSL_NO_ENGINE
+ #
+ # $(OPENSSL_PATH)/crypto/engine/eng_err.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_lib.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_list.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_init.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_ctrl.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_table.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_pkey.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_fat.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_all.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_rsa.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_dsa.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_ecdsa.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_dh.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_ecdh.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_rand.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_store.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_cipher.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_digest.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_pkmeth.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_asnmth.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_openssl.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_cnf.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_dyn.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_cryptodev.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_rdrand.c
+ #
+ # BUFFER
+ #
$(OPENSSL_PATH)/crypto/buffer/buffer.c
$(OPENSSL_PATH)/crypto/buffer/buf_str.c
$(OPENSSL_PATH)/crypto/buffer/buf_err.c
+
+ #
+ # BIO
+ #
$(OPENSSL_PATH)/crypto/bio/bio_lib.c
$(OPENSSL_PATH)/crypto/bio/bio_cb.c
$(OPENSSL_PATH)/crypto/bio/bio_err.c
@@ -299,45 +453,58 @@
$(OPENSSL_PATH)/crypto/bio/bss_null.c
$(OPENSSL_PATH)/crypto/bio/bss_fd.c
$(OPENSSL_PATH)/crypto/bio/bss_file.c
+ $(OPENSSL_PATH)/crypto/bio/bss_sock.c
+ $(OPENSSL_PATH)/crypto/bio/bss_conn.c
$(OPENSSL_PATH)/crypto/bio/bf_null.c
$(OPENSSL_PATH)/crypto/bio/bf_buff.c
-
#
- # Not required for UEFI.
+ # Not Required by UEFI.
#
# $(OPENSSL_PATH)/crypto/bio/b_print.c
-
$(OPENSSL_PATH)/crypto/bio/b_dump.c
+ $(OPENSSL_PATH)/crypto/bio/b_sock.c
+ $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
$(OPENSSL_PATH)/crypto/bio/bf_nbio.c
$(OPENSSL_PATH)/crypto/bio/bss_log.c
$(OPENSSL_PATH)/crypto/bio/bss_bio.c
$(OPENSSL_PATH)/crypto/bio/bss_dgram.c
+
+ #
+ # STACK
+ #
$(OPENSSL_PATH)/crypto/stack/stack.c
+
+ #
+ # LHASH
+ #
$(OPENSSL_PATH)/crypto/lhash/lhash.c
$(OPENSSL_PATH)/crypto/lhash/lh_stats.c
+
+ #
+ # RAND
+ #
$(OPENSSL_PATH)/crypto/rand/md_rand.c
$(OPENSSL_PATH)/crypto/rand/randfile.c
$(OPENSSL_PATH)/crypto/rand/rand_lib.c
- $(OPENSSL_PATH)/crypto/rand/rand_eng.c
$(OPENSSL_PATH)/crypto/rand/rand_err.c
- $(OPENSSL_PATH)/crypto/rand/rand_egd.c
- $(OPENSSL_PATH)/crypto/rand/rand_win.c
+ # $(OPENSSL_PATH)/crypto/rand/rand_egd.c
+ # $(OPENSSL_PATH)/crypto/rand/rand_win.c
$(OPENSSL_PATH)/crypto/rand/rand_unix.c
- $(OPENSSL_PATH)/crypto/rand/rand_os2.c
- $(OPENSSL_PATH)/crypto/rand/rand_nw.c
+ # $(OPENSSL_PATH)/crypto/rand/rand_os2.c
+ # $(OPENSSL_PATH)/crypto/rand/rand_nw.c
+
+ #
+ # ERR
+ #
$(OPENSSL_PATH)/crypto/err/err.c
- $(OPENSSL_PATH)/crypto/err/err_def.c
$(OPENSSL_PATH)/crypto/err/err_all.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
- $(OPENSSL_PATH)/crypto/err/err_str.c
- $(OPENSSL_PATH)/crypto/err/err_bio.c
- $(OPENSSL_PATH)/crypto/objects/o_names.c
- $(OPENSSL_PATH)/crypto/objects/obj_dat.c
- $(OPENSSL_PATH)/crypto/objects/obj_lib.c
- $(OPENSSL_PATH)/crypto/objects/obj_err.c
+
+ #
+ # EVP
+ #
$(OPENSSL_PATH)/crypto/evp/encode.c
$(OPENSSL_PATH)/crypto/evp/digest.c
- $(OPENSSL_PATH)/crypto/evp/dig_eng.c
$(OPENSSL_PATH)/crypto/evp/evp_enc.c
$(OPENSSL_PATH)/crypto/evp/evp_key.c
$(OPENSSL_PATH)/crypto/evp/evp_acnf.c
@@ -346,22 +513,25 @@
$(OPENSSL_PATH)/crypto/evp/e_bf.c
$(OPENSSL_PATH)/crypto/evp/e_idea.c
$(OPENSSL_PATH)/crypto/evp/e_des3.c
+ $(OPENSSL_PATH)/crypto/evp/e_camellia.c
$(OPENSSL_PATH)/crypto/evp/e_rc4.c
$(OPENSSL_PATH)/crypto/evp/e_aes.c
$(OPENSSL_PATH)/crypto/evp/names.c
+ $(OPENSSL_PATH)/crypto/evp/e_seed.c
$(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
$(OPENSSL_PATH)/crypto/evp/e_rc2.c
$(OPENSSL_PATH)/crypto/evp/e_cast.c
$(OPENSSL_PATH)/crypto/evp/e_rc5.c
- $(OPENSSL_PATH)/crypto/evp/enc_min.c
$(OPENSSL_PATH)/crypto/evp/m_null.c
$(OPENSSL_PATH)/crypto/evp/m_md2.c
$(OPENSSL_PATH)/crypto/evp/m_md4.c
$(OPENSSL_PATH)/crypto/evp/m_md5.c
$(OPENSSL_PATH)/crypto/evp/m_sha.c
$(OPENSSL_PATH)/crypto/evp/m_sha1.c
+ $(OPENSSL_PATH)/crypto/evp/m_wp.c
$(OPENSSL_PATH)/crypto/evp/m_dss.c
$(OPENSSL_PATH)/crypto/evp/m_dss1.c
+ $(OPENSSL_PATH)/crypto/evp/m_mdc2.c
$(OPENSSL_PATH)/crypto/evp/m_ripemd.c
$(OPENSSL_PATH)/crypto/evp/m_ecdsa.c
$(OPENSSL_PATH)/crypto/evp/p_open.c
@@ -386,6 +556,17 @@
$(OPENSSL_PATH)/crypto/evp/p5_crpt.c
$(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
$(OPENSSL_PATH)/crypto/evp/e_old.c
+ $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
+ $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
+ $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
+ $(OPENSSL_PATH)/crypto/evp/m_sigver.c
+ $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
+ $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
+ $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
+
+ #
+ # ASN1
+ #
$(OPENSSL_PATH)/crypto/asn1/a_object.c
$(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
$(OPENSSL_PATH)/crypto/asn1/a_utctm.c
@@ -421,6 +602,7 @@
$(OPENSSL_PATH)/crypto/asn1/x_info.c
$(OPENSSL_PATH)/crypto/asn1/x_spki.c
$(OPENSSL_PATH)/crypto/asn1/nsseq.c
+ $(OPENSSL_PATH)/crypto/asn1/x_nx509.c
$(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
$(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
$(OPENSSL_PATH)/crypto/asn1/i2d_pu.c
@@ -438,20 +620,22 @@
$(OPENSSL_PATH)/crypto/asn1/tasn_dec.c
$(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
$(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
+ $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
$(OPENSSL_PATH)/crypto/asn1/f_int.c
$(OPENSSL_PATH)/crypto/asn1/f_string.c
$(OPENSSL_PATH)/crypto/asn1/n_pkey.c
$(OPENSSL_PATH)/crypto/asn1/f_enum.c
- $(OPENSSL_PATH)/crypto/asn1/a_hdr.c
$(OPENSSL_PATH)/crypto/asn1/x_pkey.c
$(OPENSSL_PATH)/crypto/asn1/a_bool.c
$(OPENSSL_PATH)/crypto/asn1/x_exten.c
+ $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
+ $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
$(OPENSSL_PATH)/crypto/asn1/asn_mime.c
$(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
$(OPENSSL_PATH)/crypto/asn1/asn1_par.c
$(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
$(OPENSSL_PATH)/crypto/asn1/asn1_err.c
- $(OPENSSL_PATH)/crypto/asn1/a_meth.c
$(OPENSSL_PATH)/crypto/asn1/a_bytes.c
$(OPENSSL_PATH)/crypto/asn1/a_strnid.c
$(OPENSSL_PATH)/crypto/asn1/evp_asn1.c
@@ -460,6 +644,10 @@
$(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c
$(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
$(OPENSSL_PATH)/crypto/asn1/asn_moid.c
+
+ #
+ # PEM
+ #
$(OPENSSL_PATH)/crypto/pem/pem_sign.c
$(OPENSSL_PATH)/crypto/pem/pem_seal.c
$(OPENSSL_PATH)/crypto/pem/pem_info.c
@@ -471,6 +659,11 @@
$(OPENSSL_PATH)/crypto/pem/pem_oth.c
$(OPENSSL_PATH)/crypto/pem/pem_pk8.c
$(OPENSSL_PATH)/crypto/pem/pem_pkey.c
+ $(OPENSSL_PATH)/crypto/pem/pvkfmt.c
+
+ #
+ # X509
+ #
$(OPENSSL_PATH)/crypto/x509/x509_def.c
$(OPENSSL_PATH)/crypto/x509/x509_d2.c
$(OPENSSL_PATH)/crypto/x509/x509_r2x.c
@@ -492,9 +685,16 @@
$(OPENSSL_PATH)/crypto/x509/x_all.c
$(OPENSSL_PATH)/crypto/x509/x509_txt.c
$(OPENSSL_PATH)/crypto/x509/x509_trs.c
- $(OPENSSL_PATH)/crypto/x509/by_file.c
- $(OPENSSL_PATH)/crypto/x509/by_dir.c
+ #
+ # Not Required by UEFI.
+ #
+ # $(OPENSSL_PATH)/crypto/x509/by_file.c
+ # $(OPENSSL_PATH)/crypto/x509/by_dir.c
$(OPENSSL_PATH)/crypto/x509/x509_vpm.c
+
+ #
+ # X509v3
+ #
$(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c
$(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c
$(OPENSSL_PATH)/crypto/x509v3/v3_conf.c
@@ -531,6 +731,14 @@
$(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
$(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
$(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
+ #
+ # Not Required by UEFI.
+ #
+ # $(OPENSSL_PATH)/crypto/x509v3/v3_scts.c
+
+ #
+ # CONF
+ #
$(OPENSSL_PATH)/crypto/conf/conf_err.c
$(OPENSSL_PATH)/crypto/conf/conf_lib.c
$(OPENSSL_PATH)/crypto/conf/conf_api.c
@@ -538,7 +746,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_mod.c
$(OPENSSL_PATH)/crypto/conf/conf_mall.c
$(OPENSSL_PATH)/crypto/conf/conf_sap.c
+
+ #
+ # TXT_DB
+ #
$(OPENSSL_PATH)/crypto/txt_db/txt_db.c
+
+ #
+ # PKCS7
+ #
$(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
$(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
$(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
@@ -546,6 +762,11 @@
$(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
$(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
$(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
+ $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
+
+ #
+ # PKCS12
+ #
$(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
$(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
$(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c
@@ -561,68 +782,96 @@
$(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
$(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
$(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
+
+ #
+ # COMP
+ #
$(OPENSSL_PATH)/crypto/comp/comp_lib.c
$(OPENSSL_PATH)/crypto/comp/comp_err.c
$(OPENSSL_PATH)/crypto/comp/c_rle.c
$(OPENSSL_PATH)/crypto/comp/c_zlib.c
#
- # Disabled by OPENSSL_NO_ENGINE
+ # OCSP - Disabled by OPENSSL_NO_OCSP
#
- # $(OPENSSL_PATH)/crypto/engine/eng_err.c
- # $(OPENSSL_PATH)/crypto/engine/eng_lib.c
- # $(OPENSSL_PATH)/crypto/engine/eng_list.c
- # $(OPENSSL_PATH)/crypto/engine/eng_init.c
- # $(OPENSSL_PATH)/crypto/engine/eng_ctrl.c
- # $(OPENSSL_PATH)/crypto/engine/eng_table.c
- # $(OPENSSL_PATH)/crypto/engine/eng_pkey.c
- # $(OPENSSL_PATH)/crypto/engine/eng_fat.c
- # $(OPENSSL_PATH)/crypto/engine/eng_all.c
- # $(OPENSSL_PATH)/crypto/engine/tb_rsa.c
- # $(OPENSSL_PATH)/crypto/engine/tb_dsa.c
- # $(OPENSSL_PATH)/crypto/engine/tb_ecdsa.c
- # $(OPENSSL_PATH)/crypto/engine/tb_dh.c
- # $(OPENSSL_PATH)/crypto/engine/tb_ecdh.c
- # $(OPENSSL_PATH)/crypto/engine/tb_rand.c
- # $(OPENSSL_PATH)/crypto/engine/tb_store.c
- # $(OPENSSL_PATH)/crypto/engine/tb_cipher.c
- # $(OPENSSL_PATH)/crypto/engine/tb_digest.c
- # $(OPENSSL_PATH)/crypto/engine/eng_openssl.c
- # $(OPENSSL_PATH)/crypto/engine/eng_cnf.c
- # $(OPENSSL_PATH)/crypto/engine/eng_dyn.c
- # $(OPENSSL_PATH)/crypto/engine/eng_cryptodev.c
- # $(OPENSSL_PATH)/crypto/engine/eng_padlock.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
#
- # Disabled by OPENSSL_NO_OCSP
+ # UI
#
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
-
- $(OPENSSL_PATH)/crypto/ui/ui_err.c
$(OPENSSL_PATH)/crypto/ui/ui_lib.c
-
#
- # Not required when OPENSSL_NO_STDIO is set, which is is for UEFI.
+ # Not Required by UEFI.
#
+ # $(OPENSSL_PATH)/crypto/ui/ui_err.c
# $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
-
$(OPENSSL_PATH)/crypto/ui/ui_util.c
$(OPENSSL_PATH)/crypto/ui/ui_compat.c
+
+ #
+ # KRB5
+ #
$(OPENSSL_PATH)/crypto/krb5/krb5_asn.c
- $(OPENSSL_PATH)/crypto/store/str_err.c
- $(OPENSSL_PATH)/crypto/store/str_lib.c
- $(OPENSSL_PATH)/crypto/store/str_meth.c
- $(OPENSSL_PATH)/crypto/store/str_mem.c
+
+ #
+ # CMS
+ #
+ # $(OPENSSL_PATH)/crypto/cms/cms_lib.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_asn1.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_att.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_io.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_smime.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_err.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_sd.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_dd.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_cd.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_env.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_enc.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_ess.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_pwri.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_kari.c
+
+ #
+ # PQUEUE
+ #
$(OPENSSL_PATH)/crypto/pqueue/pqueue.c
+ #
+ # TS
+ #
+ $(OPENSSL_PATH)/crypto/ts/ts_err.c
+ $(OPENSSL_PATH)/crypto/ts/ts_req_utils.c
+ $(OPENSSL_PATH)/crypto/ts/ts_req_print.c
+ $(OPENSSL_PATH)/crypto/ts/ts_rsp_utils.c
+ $(OPENSSL_PATH)/crypto/ts/ts_rsp_print.c
+ $(OPENSSL_PATH)/crypto/ts/ts_rsp_sign.c
+ $(OPENSSL_PATH)/crypto/ts/ts_rsp_verify.c
+ $(OPENSSL_PATH)/crypto/ts/ts_verify_ctx.c
+ $(OPENSSL_PATH)/crypto/ts/ts_lib.c
+ $(OPENSSL_PATH)/crypto/ts/ts_conf.c
+ $(OPENSSL_PATH)/crypto/ts/ts_asn1.c
+
+ #
+ # SRP - Disabled by OPENSSL_NO_SRP
+ #
+ # $(OPENSSL_PATH)/crypto/srp/srp_lib.c
+ # $(OPENSSL_PATH)/crypto/srp/srp_vfy.c
+
+ #
+ # CMAS
+ #
+ $(OPENSSL_PATH)/crypto/cmac/cmac.c
+ $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
+ $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
+
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
@@ -631,47 +880,44 @@
DebugLib
[BuildOptions]
Same here: by changing the indentation, it is really very hard to see
what you actually changed (if you changed anything at all)
Post by qlong
- #
- # Override MSFT build option to remove /W4 (to silence warning messages when building OpenSSL).
- #
- MSFT:DEBUG_VS2003_IA32_CC_FLAGS == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_VS2003_IA32_CC_FLAGS == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_VS2003xASL_IA32_CC_FLAGS == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_VS2003xASL_IA32_CC_FLAGS == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_DDK3790_IA32_CC_FLAGS == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_DDK3790_IA32_CC_FLAGS == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_DDK3790xASL_IA32_CC_FLAGS == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_DDK3790xASL_IA32_CC_FLAGS == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_*_IA32_CC_FLAGS == /nologo /c /WX /GS- /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_*_IA32_CC_FLAGS == /nologo /c /WX /GS- /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:NOOPT_*_IA32_CC_FLAGS == /nologo /c /WX /GS- /Gs32768 /D UNICODE /Od /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_*_X64_CC_FLAGS == /nologo /c /WX /GS- /X /Gs32768 /D UNICODE /O1ib2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:RELEASE_*_X64_CC_FLAGS == /nologo /c /WX /GS- /X /Gs32768 /D UNICODE /O1ib2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:NOOPT_*_X64_CC_FLAGS == /nologo /c /WX /GS- /X /Gs32768 /D UNICODE /Od /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:DEBUG_*_IPF_CC_FLAGS == /nologo /c /WX /GS- /X /EHs-c- /GR- /Gy /Os /GL /FIAutoGen.h /QIPF_fr32 /Zi -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:RELEASE_*_IPF_CC_FLAGS == /nologo /c /WX /GS- /X /EHs-c- /GR- /Gy /Os /GL /FIAutoGen.h /QIPF_fr32 -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:NOOPT_*_IPF_CC_FLAGS == /nologo /c /WX /GS- /X /EHs-c- /GR- /Gy /Od /FIAutoGen.h /QIPF_fr32 /Zi -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- INTEL:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
- GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
- GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
- GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
- GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
-
- # 1295: Deprecated declaration <entity> - give arg types
- # 550: <entity> was set but never used
- # 1293: assignment in condition
- # 111: statement is unreachable (invariably "break;" after "return X;" in case statement)
- # 68: integer conversion resulted in a change of sign ("if (Status == -1)")
- # 177: <entity> was declared but never referenced
- # 223: function <entity> declared implicitly
- # 144: a value of type <type> cannot be used to initialize an entity of type <type>
- # 513: a value of type <type> cannot be assigned to an entity of type <type>
- # 188: enumerated type mixed with another type (i.e. passing an integer as an enum without a cast)
- # 1296: Extended constant initialiser used
- RVCT:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188
- XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
- XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
\ No newline at end of file
+ #
+ # C4244: conversion from type1 to type2, possible loss of data
+ # C4702: unreachable code
+ # C4706: assignment within conditional expression
+ # C4133: incompatible types - from type1 to type2
+ # C4245: conversion from type1 to type2, signed/unsigned mismatch
+ # C4267: conversion from size_t to type, possible loss of data
+ # C4305: truncation from type1 to type2 of smaller size
+ # C4306: conversion from type1 to type2 of greater size
+ # C4702: Potentially uninitialized local variable name used
+ #
+ MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DTHIRTY_TWO_BIT /wd4244 /wd4701 /wd4702 /wd4706
+ MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706
+ MSFT:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706
+
+ INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+ INTEL:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+ GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+ GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+ GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+
+ # 1295: Deprecated declaration <entity> - give arg types
+ # 550: <entity> was set but never used
+ # 1293: assignment in condition
+ # 111: statement is unreachable (invariably "break;" after "return X;" in case statement)
+ # 68: integer conversion resulted in a change of sign ("if (Status == -1)")
+ # 177: <entity> was declared but never referenced
+ # 223: function <entity> declared implicitly
+ # 144: a value of type <type> cannot be used to initialize an entity of type <type>
+ # 513: a value of type <type> cannot be assigned to an entity of type <type>
+ # 188: enumerated type mixed with another type (i.e. passing an integer as an enum without a cast)
+ # 1296: Extended constant initialiser used
+ RVCT:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188
+ XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+ XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
index de60a5f..d24cc15 100644
--- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
+++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
@@ -4,49 +4,49 @@
================================================================================
OpenSSL is a well-known open source implementation of SSL and TLS protocols.
The core library implements the basic cryptographic functions and provides various
-utility functions. The OpenSSL library is widely used in variety of security
-products development as base crypto provider. (See http://www.openssl.org for more
+utility functions. The OpenSSL library is widely used in variety of security
+products development as base crypto provider. (See http://www.openssl.org for more
information for OpenSSL).
- UEFI (Unified Extensible Firmware Interface) is a specification detailing the
-interfaces between OS and platform firmware. Several security features were
-introduced (e.g. Authenticated Variable Service, Driver Signing, etc) from UEFI
-2.2 (http://www.uefi.org). These security features highly depends on the
+ UEFI (Unified Extensible Firmware Interface) is a specification detailing the
+interfaces between OS and platform firmware. Several security features were
+introduced (e.g. Authenticated Variable Service, Driver Signing, etc) from UEFI
+2.2 (http://www.uefi.org). These security features highly depends on the
cryptography. This patch will enable openssl building under UEFI environment.
================================================================================
OpenSSL-Version
================================================================================
- Current supported OpenSSL version for UEFI Crypto Library is 0.9.8zf.
- http://www.openssl.org/source/openssl-0.9.8zf.tar.gz
+ Current supported OpenSSL version for UEFI Crypto Library is 1.0.2a.
+ http://www.openssl.org/source/openssl-1.0.2a.tar.gz
================================================================================
HOW to Install Openssl for UEFI Building
================================================================================
- http://www.openssl.org/source/openssl-0.9.8zf.tar.gz
+ http://www.openssl.org/source/openssl-1.0.2a.tar.gz
- NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8zf.tar.tar.
- When you do the download, rename the "openssl-0.9.8zf.tar.tar" to
- "openssl-0.9.8zf.tar.gz" or rename the local downloaded file with ".tar.tar"
+ NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2a.tar.tar.
+ When you do the download, rename the "openssl-1.0.2a.tar.tar" to
+ "openssl-1.0.2a.tar.gz" or rename the local downloaded file with ".tar.tar"
extension to ".tar.gz".
-2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8zf
+2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2a
- NOTE: If you use WinZip to unpack the openssl source in Windows, please
- uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
+ NOTE: If you use WinZip to unpack the openssl source in Windows, please
+ uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
-
-3. Apply this patch: EDKII_openssl-0.9.8zf.patch, and make installation
+
+3. Apply this patch: EDKII_openssl-1.0.2a.patch, and make installation
------------------------
1) Make sure the patch utility has been installed in your machine.
- Install Cygwin or get the patch utility binary from
+ Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm
- 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8zf
- 3) patch -p0 -i ..\EDKII_openssl-0.9.8zf.patch
+ 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2a
+ 3) patch -p0 -i ..\EDKII_openssl-1.0.2a.patch
4) cd ..
5) Install.cmd
@@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment.
-----------------------
1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/
- 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8zf
- 3) patch -p0 -i ../EDKII_openssl-0.9.8zf.patch
+ 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2a
+ 3) patch -p0 -i ../EDKII_openssl-1.0.2a.patch
4) cd ..
5) ./Install.sh
--
1.9.5.msysgit.1
------------------------------------------------------------------------------
Long, Qin
2015-06-10 17:24:05 UTC
Permalink
I agree. Thanks, Ard.
Sorry for the obfuscation caused by this. :-)

Best Regards & Thanks,
LONG, Qin

-----Original Message-----
From: Ard Biesheuvel [mailto:***@linaro.org]
Sent: Wednesday, June 10, 2015 6:21 PM
To: Long, Qin
Cc: Ye, Ting; edk2-***@lists.sourceforge.net
Subject: Re: [patch 2/3] [CryptoPkg] Update INF file, installation scripts and HOWTO for openssl-1.0.2a support.
Post by qlong
Contributed-under: TianoCore Contribution Agreement 1.0
---
CryptoPkg/Library/OpensslLib/Install.cmd | 146 ++++---
CryptoPkg/Library/OpensslLib/Install.sh | 146 ++++---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 620 +++++++++++++++++++--------
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 46 +-
4 files changed, 608 insertions(+), 350 deletions(-)
diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd b/CryptoPkg/Library/OpensslLib/Install.cmd
index 8f1d016..a633f57 100755
--- a/CryptoPkg/Library/OpensslLib/Install.cmd
+++ b/CryptoPkg/Library/OpensslLib/Install.cmd
@@ -1,71 +1,77 @@
-cd openssl-0.9.8zf
-copy e_os2.h ..\..\..\Include\openssl
-copy crypto\crypto.h ..\..\..\Include\openssl
-copy crypto\tmdiff.h ..\..\..\Include\openssl
-copy crypto\opensslv.h ..\..\..\Include\openssl
-copy crypto\opensslconf.h ..\..\..\Include\openssl
-copy crypto\ebcdic.h ..\..\..\Include\openssl
-copy crypto\symhacks.h ..\..\..\Include\openssl
-copy crypto\ossl_typ.h ..\..\..\Include\openssl
-copy crypto\md2\md2.h ..\..\..\Include\openssl
-copy crypto\md4\md4.h ..\..\..\Include\openssl
-copy crypto\md5\md5.h ..\..\..\Include\openssl
-copy crypto\sha\sha.h ..\..\..\Include\openssl
-copy crypto\hmac\hmac.h ..\..\..\Include\openssl
-copy crypto\ripemd\ripemd.h ..\..\..\Include\openssl
-copy crypto\des\des.h ..\..\..\Include\openssl
-copy crypto\des\des_old.h ..\..\..\Include\openssl
-copy crypto\rc2\rc2.h ..\..\..\Include\openssl
-copy crypto\rc4\rc4.h ..\..\..\Include\openssl
-copy crypto\idea\idea.h ..\..\..\Include\openssl
-copy crypto\bf\blowfish.h ..\..\..\Include\openssl
-copy crypto\cast\cast.h ..\..\..\Include\openssl
-copy crypto\aes\aes.h ..\..\..\Include\openssl
-copy crypto\bn\bn.h ..\..\..\Include\openssl
-copy crypto\rsa\rsa.h ..\..\..\Include\openssl
-copy crypto\dsa\dsa.h ..\..\..\Include\openssl
-copy crypto\dso\dso.h ..\..\..\Include\openssl
-copy crypto\dh\dh.h ..\..\..\Include\openssl
-copy crypto\ec\ec.h ..\..\..\Include\openssl
-copy crypto\ecdh\ecdh.h ..\..\..\Include\openssl
-copy crypto\ecdsa\ecdsa.h ..\..\..\Include\openssl
-copy crypto\buffer\buffer.h ..\..\..\Include\openssl
-copy crypto\bio\bio.h ..\..\..\Include\openssl
-copy crypto\stack\stack.h ..\..\..\Include\openssl
-copy crypto\stack\safestack.h ..\..\..\Include\openssl
-copy crypto\lhash\lhash.h ..\..\..\Include\openssl
-copy crypto\rand\rand.h ..\..\..\Include\openssl
-copy crypto\err\err.h ..\..\..\Include\openssl
-copy crypto\objects\objects.h ..\..\..\Include\openssl
-copy crypto\objects\obj_mac.h ..\..\..\Include\openssl
-copy crypto\evp\evp.h ..\..\..\Include\openssl
-copy crypto\asn1\asn1.h ..\..\..\Include\openssl
-copy crypto\asn1\asn1_mac.h ..\..\..\Include\openssl
-copy crypto\asn1\asn1t.h ..\..\..\Include\openssl
-copy crypto\pem\pem.h ..\..\..\Include\openssl
-copy crypto\pem\pem2.h ..\..\..\Include\openssl
-copy crypto\x509\x509.h ..\..\..\Include\openssl
-copy crypto\x509\x509_vfy.h ..\..\..\Include\openssl
-copy crypto\x509v3\x509v3.h ..\..\..\Include\openssl
-copy crypto\conf\conf.h ..\..\..\Include\openssl
-copy crypto\conf\conf_api.h ..\..\..\Include\openssl
-copy crypto\txt_db\txt_db.h ..\..\..\Include\openssl
-copy crypto\pkcs7\pkcs7.h ..\..\..\Include\openssl
-copy crypto\pkcs12\pkcs12.h ..\..\..\Include\openssl
-copy crypto\comp\comp.h ..\..\..\Include\openssl
-copy crypto\engine\engine.h ..\..\..\Include\openssl
-copy crypto\ocsp\ocsp.h ..\..\..\Include\openssl
-copy crypto\ui\ui.h ..\..\..\Include\openssl
-copy crypto\ui\ui_compat.h ..\..\..\Include\openssl
-copy crypto\krb5\krb5_asn.h ..\..\..\Include\openssl
-copy crypto\store\store.h ..\..\..\Include\openssl
-copy crypto\pqueue\pqueue.h ..\..\..\Include\openssl
-copy crypto\pqueue\pq_compat.h ..\..\..\Include\openssl
-copy ssl\ssl.h ..\..\..\Include\openssl
-copy ssl\ssl2.h ..\..\..\Include\openssl
-copy ssl\ssl3.h ..\..\..\Include\openssl
-copy ssl\ssl23.h ..\..\..\Include\openssl
-copy ssl\tls1.h ..\..\..\Include\openssl
-copy ssl\dtls1.h ..\..\..\Include\openssl
-copy ssl\kssl.h ..\..\..\Include\openssl
+cd openssl-1.0.2a
+copy e_os2.h ..\..\..\Include\openssl
+copy crypto\crypto.h ..\..\..\Include\openssl
I understand that it is neater to line up the paths on the right hand
side, but it completely obfuscates the actual changes you made.

For now, I think it is fine, but next time, please try to split
unrelated white space changes into a separate patch so reviewers can
actually tell easily what you changed.
Post by qlong
+copy crypto\opensslv.h ..\..\..\Include\openssl
+copy crypto\opensslconf.h ..\..\..\Include\openssl
+copy crypto\ebcdic.h ..\..\..\Include\openssl
+copy crypto\symhacks.h ..\..\..\Include\openssl
+copy crypto\ossl_typ.h ..\..\..\Include\openssl
+copy crypto\objects\objects.h ..\..\..\Include\openssl
+copy crypto\objects\obj_mac.h ..\..\..\Include\openssl
+copy crypto\md4\md4.h ..\..\..\Include\openssl
+copy crypto\md5\md5.h ..\..\..\Include\openssl
+copy crypto\sha\sha.h ..\..\..\Include\openssl
+copy crypto\mdc2\mdc2.h ..\..\..\Include\openssl
+copy crypto\hmac\hmac.h ..\..\..\Include\openssl
+copy crypto\ripemd\ripemd.h ..\..\..\Include\openssl
+copy crypto\whrlpool\whrlpool.h ..\..\..\Include\openssl
+copy crypto\des\des.h ..\..\..\Include\openssl
+copy crypto\des\des_old.h ..\..\..\Include\openssl
+copy crypto\aes\aes.h ..\..\..\Include\openssl
+copy crypto\rc2\rc2.h ..\..\..\Include\openssl
+copy crypto\rc4\rc4.h ..\..\..\Include\openssl
+copy crypto\idea\idea.h ..\..\..\Include\openssl
+copy crypto\bf\blowfish.h ..\..\..\Include\openssl
+copy crypto\cast\cast.h ..\..\..\Include\openssl
+copy crypto\camellia\camellia.h ..\..\..\Include\openssl
+copy crypto\seed\seed.h ..\..\..\Include\openssl
+copy crypto\modes\modes.h ..\..\..\Include\openssl
+copy crypto\bn\bn.h ..\..\..\Include\openssl
+copy crypto\ec\ec.h ..\..\..\Include\openssl
+copy crypto\rsa\rsa.h ..\..\..\Include\openssl
+copy crypto\dsa\dsa.h ..\..\..\Include\openssl
+copy crypto\ecdsa\ecdsa.h ..\..\..\Include\openssl
+copy crypto\dh\dh.h ..\..\..\Include\openssl
+copy crypto\ecdh\ecdh.h ..\..\..\Include\openssl
+copy crypto\dso\dso.h ..\..\..\Include\openssl
+copy crypto\engine\engine.h ..\..\..\Include\openssl
+copy crypto\buffer\buffer.h ..\..\..\Include\openssl
+copy crypto\bio\bio.h ..\..\..\Include\openssl
+copy crypto\stack\stack.h ..\..\..\Include\openssl
+copy crypto\stack\safestack.h ..\..\..\Include\openssl
+copy crypto\lhash\lhash.h ..\..\..\Include\openssl
+copy crypto\rand\rand.h ..\..\..\Include\openssl
+copy crypto\err\err.h ..\..\..\Include\openssl
+copy crypto\evp\evp.h ..\..\..\Include\openssl
+copy crypto\asn1\asn1.h ..\..\..\Include\openssl
+copy crypto\asn1\asn1_mac.h ..\..\..\Include\openssl
+copy crypto\asn1\asn1t.h ..\..\..\Include\openssl
+copy crypto\pem\pem.h ..\..\..\Include\openssl
+copy crypto\pem\pem2.h ..\..\..\Include\openssl
+copy crypto\x509\x509.h ..\..\..\Include\openssl
+copy crypto\x509\x509_vfy.h ..\..\..\Include\openssl
+copy crypto\x509v3\x509v3.h ..\..\..\Include\openssl
+copy crypto\conf\conf.h ..\..\..\Include\openssl
+copy crypto\conf\conf_api.h ..\..\..\Include\openssl
+copy crypto\txt_db\txt_db.h ..\..\..\Include\openssl
+copy crypto\pkcs7\pkcs7.h ..\..\..\Include\openssl
+copy crypto\pkcs12\pkcs12.h ..\..\..\Include\openssl
+copy crypto\comp\comp.h ..\..\..\Include\openssl
+copy crypto\ocsp\ocsp.h ..\..\..\Include\openssl
+copy crypto\ui\ui.h ..\..\..\Include\openssl
+copy crypto\ui\ui_compat.h ..\..\..\Include\openssl
+copy crypto\krb5\krb5_asn.h ..\..\..\Include\openssl
+copy crypto\cms\cms.h ..\..\..\Include\openssl
+copy crypto\pqueue\pqueue.h ..\..\..\Include\openssl
+copy crypto\ts\ts.h ..\..\..\Include\openssl
+copy crypto\srp\srp.h ..\..\..\Include\openssl
+copy crypto\cmac\cmac.h ..\..\..\Include\openssl
+copy ssl\ssl.h ..\..\..\Include\openssl
+copy ssl\ssl2.h ..\..\..\Include\openssl
+copy ssl\ssl3.h ..\..\..\Include\openssl
+copy ssl\ssl23.h ..\..\..\Include\openssl
+copy ssl\tls1.h ..\..\..\Include\openssl
+copy ssl\dtls1.h ..\..\..\Include\openssl
+copy ssl\kssl.h ..\..\..\Include\openssl
+copy ssl\srtp.h ..\..\..\Include\openssl
cd ..
diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh
index 4a022e6..6973ab7 100755
--- a/CryptoPkg/Library/OpensslLib/Install.sh
+++ b/CryptoPkg/Library/OpensslLib/Install.sh
@@ -1,73 +1,79 @@
#!/bin/sh
-cd openssl-0.9.8zf
-cp e_os2.h ../../../Include/openssl
-cp crypto/crypto.h ../../../Include/openssl
-cp crypto/tmdiff.h ../../../Include/openssl
-cp crypto/opensslv.h ../../../Include/openssl
-cp crypto/opensslconf.h ../../../Include/openssl
-cp crypto/ebcdic.h ../../../Include/openssl
-cp crypto/symhacks.h ../../../Include/openssl
-cp crypto/ossl_typ.h ../../../Include/openssl
-cp crypto/md2/md2.h ../../../Include/openssl
-cp crypto/md4/md4.h ../../../Include/openssl
-cp crypto/md5/md5.h ../../../Include/openssl
-cp crypto/sha/sha.h ../../../Include/openssl
-cp crypto/hmac/hmac.h ../../../Include/openssl
-cp crypto/ripemd/ripemd.h ../../../Include/openssl
-cp crypto/des/des.h ../../../Include/openssl
-cp crypto/des/des_old.h ../../../Include/openssl
-cp crypto/rc2/rc2.h ../../../Include/openssl
-cp crypto/rc4/rc4.h ../../../Include/openssl
-cp crypto/idea/idea.h ../../../Include/openssl
-cp crypto/bf/blowfish.h ../../../Include/openssl
-cp crypto/cast/cast.h ../../../Include/openssl
-cp crypto/aes/aes.h ../../../Include/openssl
-cp crypto/bn/bn.h ../../../Include/openssl
-cp crypto/rsa/rsa.h ../../../Include/openssl
-cp crypto/dsa/dsa.h ../../../Include/openssl
-cp crypto/dso/dso.h ../../../Include/openssl
-cp crypto/dh/dh.h ../../../Include/openssl
-cp crypto/ec/ec.h ../../../Include/openssl
-cp crypto/ecdh/ecdh.h ../../../Include/openssl
-cp crypto/ecdsa/ecdsa.h ../../../Include/openssl
-cp crypto/buffer/buffer.h ../../../Include/openssl
-cp crypto/bio/bio.h ../../../Include/openssl
-cp crypto/stack/stack.h ../../../Include/openssl
-cp crypto/stack/safestack.h ../../../Include/openssl
-cp crypto/lhash/lhash.h ../../../Include/openssl
-cp crypto/rand/rand.h ../../../Include/openssl
-cp crypto/err/err.h ../../../Include/openssl
-cp crypto/objects/objects.h ../../../Include/openssl
-cp crypto/objects/obj_mac.h ../../../Include/openssl
-cp crypto/evp/evp.h ../../../Include/openssl
-cp crypto/asn1/asn1.h ../../../Include/openssl
-cp crypto/asn1/asn1_mac.h ../../../Include/openssl
-cp crypto/asn1/asn1t.h ../../../Include/openssl
-cp crypto/pem/pem.h ../../../Include/openssl
-cp crypto/pem/pem2.h ../../../Include/openssl
-cp crypto/x509/x509.h ../../../Include/openssl
-cp crypto/x509/x509_vfy.h ../../../Include/openssl
-cp crypto/x509v3/x509v3.h ../../../Include/openssl
-cp crypto/conf/conf.h ../../../Include/openssl
-cp crypto/conf/conf_api.h ../../../Include/openssl
-cp crypto/txt_db/txt_db.h ../../../Include/openssl
-cp crypto/pkcs7/pkcs7.h ../../../Include/openssl
-cp crypto/pkcs12/pkcs12.h ../../../Include/openssl
-cp crypto/comp/comp.h ../../../Include/openssl
-cp crypto/engine/engine.h ../../../Include/openssl
-cp crypto/ocsp/ocsp.h ../../../Include/openssl
-cp crypto/ui/ui.h ../../../Include/openssl
-cp crypto/ui/ui_compat.h ../../../Include/openssl
-cp crypto/krb5/krb5_asn.h ../../../Include/openssl
-cp crypto/store/store.h ../../../Include/openssl
-cp crypto/pqueue/pqueue.h ../../../Include/openssl
-cp crypto/pqueue/pq_compat.h ../../../Include/openssl
-cp ssl/ssl.h ../../../Include/openssl
-cp ssl/ssl2.h ../../../Include/openssl
-cp ssl/ssl3.h ../../../Include/openssl
-cp ssl/ssl23.h ../../../Include/openssl
-cp ssl/tls1.h ../../../Include/openssl
-cp ssl/dtls1.h ../../../Include/openssl
-cp ssl/kssl.h ../../../Include/openssl
+cd openssl-1.0.2a
+cp e_os2.h ../../../Include/openssl
+cp crypto/crypto.h ../../../Include/openssl
+cp crypto/opensslv.h ../../../Include/openssl
+cp crypto/opensslconf.h ../../../Include/openssl
+cp crypto/ebcdic.h ../../../Include/openssl
+cp crypto/symhacks.h ../../../Include/openssl
+cp crypto/ossl_typ.h ../../../Include/openssl
+cp crypto/objects/objects.h ../../../Include/openssl
+cp crypto/objects/obj_mac.h ../../../Include/openssl
+cp crypto/md4/md4.h ../../../Include/openssl
+cp crypto/md5/md5.h ../../../Include/openssl
+cp crypto/sha/sha.h ../../../Include/openssl
+cp crypto/mdc2/mdc2.h ../../../Include/openssl
+cp crypto/hmac/hmac.h ../../../Include/openssl
+cp crypto/ripemd/ripemd.h ../../../Include/openssl
+cp crypto/whrlpool/whrlpool.h ../../../Include/openssl
+cp crypto/des/des.h ../../../Include/openssl
+cp crypto/des/des_old.h ../../../Include/openssl
+cp crypto/aes/aes.h ../../../Include/openssl
+cp crypto/rc2/rc2.h ../../../Include/openssl
+cp crypto/rc4/rc4.h ../../../Include/openssl
+cp crypto/idea/idea.h ../../../Include/openssl
+cp crypto/bf/blowfish.h ../../../Include/openssl
+cp crypto/cast/cast.h ../../../Include/openssl
+cp crypto/camellia/camellia.h ../../../Include/openssl
+cp crypto/seed/seed.h ../../../Include/openssl
+cp crypto/modes/modes.h ../../../Include/openssl
+cp crypto/bn/bn.h ../../../Include/openssl
+cp crypto/ec/ec.h ../../../Include/openssl
+cp crypto/rsa/rsa.h ../../../Include/openssl
+cp crypto/dsa/dsa.h ../../../Include/openssl
+cp crypto/ecdsa/ecdsa.h ../../../Include/openssl
+cp crypto/dh/dh.h ../../../Include/openssl
+cp crypto/ecdh/ecdh.h ../../../Include/openssl
+cp crypto/dso/dso.h ../../../Include/openssl
+cp crypto/engine/engine.h ../../../Include/openssl
+cp crypto/buffer/buffer.h ../../../Include/openssl
+cp crypto/bio/bio.h ../../../Include/openssl
+cp crypto/stack/stack.h ../../../Include/openssl
+cp crypto/stack/safestack.h ../../../Include/openssl
+cp crypto/lhash/lhash.h ../../../Include/openssl
+cp crypto/rand/rand.h ../../../Include/openssl
+cp crypto/err/err.h ../../../Include/openssl
+cp crypto/evp/evp.h ../../../Include/openssl
+cp crypto/asn1/asn1.h ../../../Include/openssl
+cp crypto/asn1/asn1_mac.h ../../../Include/openssl
+cp crypto/asn1/asn1t.h ../../../Include/openssl
+cp crypto/pem/pem.h ../../../Include/openssl
+cp crypto/pem/pem2.h ../../../Include/openssl
+cp crypto/x509/x509.h ../../../Include/openssl
+cp crypto/x509/x509_vfy.h ../../../Include/openssl
+cp crypto/x509v3/x509v3.h ../../../Include/openssl
+cp crypto/conf/conf.h ../../../Include/openssl
+cp crypto/conf/conf_api.h ../../../Include/openssl
+cp crypto/txt_db/txt_db.h ../../../Include/openssl
+cp crypto/pkcs7/pkcs7.h ../../../Include/openssl
+cp crypto/pkcs12/pkcs12.h ../../../Include/openssl
+cp crypto/comp/comp.h ../../../Include/openssl
+cp crypto/ocsp/ocsp.h ../../../Include/openssl
+cp crypto/ui/ui.h ../../../Include/openssl
+cp crypto/ui/ui_compat.h ../../../Include/openssl
+cp crypto/krb5/krb5_asn.h ../../../Include/openssl
+cp crypto/cms/cms.h ../../../Include/openssl
+cp crypto/pqueue/pqueue.h ../../../Include/openssl
+cp crypto/ts/ts.h ../../../Include/openssl
+cp crypto/srp/srp.h ../../../Include/openssl
+cp crypto/cmac/cmac.h ../../../Include/openssl
+cp ssl/ssl.h ../../../Include/openssl
+cp ssl/ssl2.h ../../../Include/openssl
+cp ssl/ssl3.h ../../../Include/openssl
+cp ssl/ssl23.h ../../../Include/openssl
+cp ssl/tls1.h ../../../Include/openssl
+cp ssl/dtls1.h ../../../Include/openssl
+cp ssl/kssl.h ../../../Include/openssl
+cp ssl/srtp.h ../../../Include/openssl
cd ..
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index f564145..ee7dbd8 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -20,9 +20,9 @@
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
- DEFINE OPENSSL_PATH = openssl-0.9.8zf
- DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
- DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_MD2 -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ENGINE
+ DEFINE OPENSSL_PATH = openssl-1.0.2a
+ DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
+ DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP -DOPENSSL_NO_ENGINE
#
# OPENSSL_FLAGS is set to define the following flags to be compatible with
@@ -46,6 +46,7 @@
# OPENSSL_NO_DYNAMIC_ENGINE
# GETPID_IS_MEANINGLESS
# OPENSSL_NO_STDIO
+# OPENSSL_NO_POSIX_IO
# OPENSSL_NO_FP_API
# OPENSSL_NO_DGRAM
# OPENSSL_NO_ASM
@@ -58,80 +59,122 @@
[Sources]
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/crypto/cryptlib.c
- $(OPENSSL_PATH)/crypto/dyn_lck.c
$(OPENSSL_PATH)/crypto/mem.c
$(OPENSSL_PATH)/crypto/mem_clr.c
$(OPENSSL_PATH)/crypto/mem_dbg.c
$(OPENSSL_PATH)/crypto/cversion.c
$(OPENSSL_PATH)/crypto/ex_data.c
-
- #
- # Not required for UEFI.
- #
- # $(OPENSSL_PATH)/crypto/tmdiff.c
-
$(OPENSSL_PATH)/crypto/cpt_err.c
$(OPENSSL_PATH)/crypto/ebcdic.c
$(OPENSSL_PATH)/crypto/uid.c
$(OPENSSL_PATH)/crypto/o_time.c
$(OPENSSL_PATH)/crypto/o_str.c
$(OPENSSL_PATH)/crypto/o_dir.c
+ $(OPENSSL_PATH)/crypto/o_fips.c
$(OPENSSL_PATH)/crypto/o_init.c
- $(OPENSSL_PATH)/crypto/fips_err.c
+ $(OPENSSL_PATH)/crypto/fips_ers.c
#
- # DIsabled by OPENSSL_NO_MD2
+ # OBJECTS
+ #
+ $(OPENSSL_PATH)/crypto/objects/o_names.c
+ $(OPENSSL_PATH)/crypto/objects/obj_dat.c
+ $(OPENSSL_PATH)/crypto/objects/obj_lib.c
+ $(OPENSSL_PATH)/crypto/objects/obj_err.c
+ $(OPENSSL_PATH)/crypto/objects/obj_xref.c
+
+ #
+ # MD4
#
- # $(OPENSSL_PATH)/crypto/md2/md2_dgst.c
- # $(OPENSSL_PATH)/crypto/md2/md2_one.c
$(OPENSSL_PATH)/crypto/md4/md4_dgst.c
$(OPENSSL_PATH)/crypto/md4/md4_one.c
+
+ #
+ # MD5
+ #
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
+
+ #
+ # SHA
+ #
$(OPENSSL_PATH)/crypto/sha/sha_dgst.c
$(OPENSSL_PATH)/crypto/sha/sha1dgst.c
$(OPENSSL_PATH)/crypto/sha/sha_one.c
$(OPENSSL_PATH)/crypto/sha/sha1_one.c
$(OPENSSL_PATH)/crypto/sha/sha256.c
$(OPENSSL_PATH)/crypto/sha/sha512.c
+
+ #
+ # MDC2 - Disabled by OPENSSL_NO_MDC2
+ #
+ # $(OPENSSL_PATH)/crypto/mdc2/mdc2dgst.c
+ # $(OPENSSL_PATH)/crypto/mdc2/mdc2_one.c
+
+ #
+ # HMAC
+ #
$(OPENSSL_PATH)/crypto/hmac/hmac.c
+ $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
+ $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
#
- # Disabled by OPENSSL_NO_RIPEMD
+ # RIPEMD - Disabled by OPENSSL_NO_RIPEMD
#
# $(OPENSSL_PATH)/crypto/ripemd/rmd_dgst.c
# $(OPENSSL_PATH)/crypto/ripemd/rmd_one.c
- $(OPENSSL_PATH)/crypto/des/des_lib.c
- $(OPENSSL_PATH)/crypto/des/set_key.c
- $(OPENSSL_PATH)/crypto/des/ecb_enc.c
+ #
+ # WHIRLPOOL - Disabled by OPENSSL_NO_WHIRLPOOL
+ #
+ # $(OPENSSL_PATH)/crypto/whrlpool/wp_dgst.c
+ # $(OPENSSL_PATH)/crypto/whrlpool/wp_block.c
+
+ #
+ # DES
+ #
+ $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
$(OPENSSL_PATH)/crypto/des/cbc_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
$(OPENSSL_PATH)/crypto/des/cfb64enc.c
- $(OPENSSL_PATH)/crypto/des/cfb64ede.c
$(OPENSSL_PATH)/crypto/des/cfb_enc.c
- $(OPENSSL_PATH)/crypto/des/ofb64ede.c
+ $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
+ $(OPENSSL_PATH)/crypto/des/ecb_enc.c
$(OPENSSL_PATH)/crypto/des/enc_read.c
$(OPENSSL_PATH)/crypto/des/enc_writ.c
+ $(OPENSSL_PATH)/crypto/des/fcrypt.c
$(OPENSSL_PATH)/crypto/des/ofb64enc.c
$(OPENSSL_PATH)/crypto/des/ofb_enc.c
- $(OPENSSL_PATH)/crypto/des/str2key.c
$(OPENSSL_PATH)/crypto/des/pcbc_enc.c
$(OPENSSL_PATH)/crypto/des/qud_cksm.c
$(OPENSSL_PATH)/crypto/des/rand_key.c
+ $(OPENSSL_PATH)/crypto/des/rpc_enc.c
+ $(OPENSSL_PATH)/crypto/des/set_key.c
$(OPENSSL_PATH)/crypto/des/des_enc.c
$(OPENSSL_PATH)/crypto/des/fcrypt_b.c
- $(OPENSSL_PATH)/crypto/des/fcrypt.c
$(OPENSSL_PATH)/crypto/des/xcbc_enc.c
- $(OPENSSL_PATH)/crypto/des/rpc_enc.c
- $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
+ $(OPENSSL_PATH)/crypto/des/str2key.c
+ $(OPENSSL_PATH)/crypto/des/cfb64ede.c
+ $(OPENSSL_PATH)/crypto/des/ofb64ede.c
$(OPENSSL_PATH)/crypto/des/ede_cbcm_enc.c
$(OPENSSL_PATH)/crypto/des/des_old.c
$(OPENSSL_PATH)/crypto/des/des_old2.c
$(OPENSSL_PATH)/crypto/des/read2pwd.c
#
- # Disabled by OPENSSL_NO_RC2
+ # AES
+ #
+ $(OPENSSL_PATH)/crypto/aes/aes_core.c
+ $(OPENSSL_PATH)/crypto/aes/aes_misc.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
+ $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ctr.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ige.c
+ $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
+
+ #
+ # RC2 - Disabled by OPENSSL_NO_RC2
#
# $(OPENSSL_PATH)/crypto/rc2/rc2_ecb.c
# $(OPENSSL_PATH)/crypto/rc2/rc2_skey.c
@@ -139,28 +182,42 @@
# $(OPENSSL_PATH)/crypto/rc2/rc2cfb64.c
# $(OPENSSL_PATH)/crypto/rc2/rc2ofb64.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
+ #
+ # RC4
+ #
$(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_fblk.c
+ $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
+ $(OPENSSL_PATH)/crypto/rc4/rc4_utl.c
+
+ #
+ # RC5 - Disabled by OPENSSL_NO_RC5
+ #
+ # $(OPENSSL_PATH)/crypto/rc5/rc5_skey.c
+ # $(OPENSSL_PATH)/crypto/rc5/rc5_ecb.c
+ # $(OPENSSL_PATH)/crypto/rc5/rc5_enc.c
+ # $(OPENSSL_PATH)/crypto/rc5/rc5cfb64.c
+ # $(OPENSSL_PATH)/crypto/rc5/rc5ofb64.c
#
- # Disabled by OPENSSL_NO_IDEA
+ # IDEA - Disabled by OPENSSL_NO_IDEA
#
# $(OPENSSL_PATH)/crypto/idea/i_cbc.c
# $(OPENSSL_PATH)/crypto/idea/i_cfb64.c
# $(OPENSSL_PATH)/crypto/idea/i_ofb64.c
# $(OPENSSL_PATH)/crypto/idea/i_ecb.c
# $(OPENSSL_PATH)/crypto/idea/i_skey.c
+
#
- # Disabled by OPENSSL_NO_BF
+ # BLOWFISH - Disabled by OPENSSL_NO_BF
#
# $(OPENSSL_PATH)/crypto/bf/bf_skey.c
# $(OPENSSL_PATH)/crypto/bf/bf_ecb.c
# $(OPENSSL_PATH)/crypto/bf/bf_enc.c
# $(OPENSSL_PATH)/crypto/bf/bf_cfb64.c
# $(OPENSSL_PATH)/crypto/bf/bf_ofb64.c
+
#
- # Disabled by OPENSSL_NO_CAST
+ # CAST - Disabled by OPENSSL_NO_CAST
#
# $(OPENSSL_PATH)/crypto/cast/c_skey.c
# $(OPENSSL_PATH)/crypto/cast/c_ecb.c
@@ -168,15 +225,43 @@
# $(OPENSSL_PATH)/crypto/cast/c_cfb64.c
# $(OPENSSL_PATH)/crypto/cast/c_ofb64.c
- $(OPENSSL_PATH)/crypto/aes/aes_misc.c
- $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
- $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
- $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
- $(OPENSSL_PATH)/crypto/aes/aes_ctr.c
- $(OPENSSL_PATH)/crypto/aes/aes_ige.c
- $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
- $(OPENSSL_PATH)/crypto/aes/aes_core.c
- $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
+ #
+ # CAMELLIA - Disabled by OPENSSL_NO_CAMELLIA
+ #
+ # $(OPENSSL_PATH)/crypto/camellia/camellia.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_misc.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_ecb.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_cbc.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_ofb.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_cfb.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_ctr.c
+ # $(OPENSSL_PATH)/crypto/camellia/cmll_utl.c
+
+ #
+ # SEED - Disabled by OPENSSL_NO_SEED
+ #
+ # $(OPENSSL_PATH)/crypto/seed/seed.c
+ # $(OPENSSL_PATH)/crypto/seed/seed_ecb.c
+ # $(OPENSSL_PATH)/crypto/seed/seed_cbc.c
+ # $(OPENSSL_PATH)/crypto/seed/seed_cfb.c
+ # $(OPENSSL_PATH)/crypto/seed/seed_ofb.c
+
+ #
+ # MODES
+ #
+ $(OPENSSL_PATH)/crypto/modes/cbc128.c
+ $(OPENSSL_PATH)/crypto/modes/ctr128.c
+ $(OPENSSL_PATH)/crypto/modes/cts128.c
+ $(OPENSSL_PATH)/crypto/modes/cfb128.c
+ $(OPENSSL_PATH)/crypto/modes/ofb128.c
+ $(OPENSSL_PATH)/crypto/modes/gcm128.c
+ $(OPENSSL_PATH)/crypto/modes/ccm128.c
+ $(OPENSSL_PATH)/crypto/modes/xts128.c
+ $(OPENSSL_PATH)/crypto/modes/wrap128.c
+
+ #
+ # BIGNUM
+ #
$(OPENSSL_PATH)/crypto/bn/bn_add.c
$(OPENSSL_PATH)/crypto/bn/bn_div.c
$(OPENSSL_PATH)/crypto/bn/bn_exp.c
@@ -203,9 +288,40 @@
$(OPENSSL_PATH)/crypto/bn/bn_gf2m.c
$(OPENSSL_PATH)/crypto/bn/bn_nist.c
$(OPENSSL_PATH)/crypto/bn/bn_depr.c
- $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
$(OPENSSL_PATH)/crypto/bn/bn_const.c
- $(OPENSSL_PATH)/crypto/bn/bn_opt.c
+ $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
+
+ #
+ # ELLIPTIC CURVE - Disabled by OPENSSL_NO_EC
+ #
+ # $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_err.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_check.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_print.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_key.c
+ # $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+ # $(OPENSSL_PATH)/crypto/ec/ec2_mult.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+ # $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+ # $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+
+ #
+ # RSA
+ #
$(OPENSSL_PATH)/crypto/rsa/rsa_eay.c
$(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
$(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
@@ -220,13 +336,15 @@
$(OPENSSL_PATH)/crypto/rsa/rsa_null.c
$(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
$(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
$(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
$(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_eng.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c
#
- # Disabled by OPENSSL_NO_DSA
+ # DSA - Disabled by OPENSSL_NO_DSA
#
# $(OPENSSL_PATH)/crypto/dsa/dsa_gen.c
# $(OPENSSL_PATH)/crypto/dsa/dsa_key.c
@@ -237,16 +355,23 @@
# $(OPENSSL_PATH)/crypto/dsa/dsa_err.c
# $(OPENSSL_PATH)/crypto/dsa/dsa_ossl.c
# $(OPENSSL_PATH)/crypto/dsa/dsa_depr.c
- # $(OPENSSL_PATH)/crypto/dsa/dsa_utl.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_ameth.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_pmeth.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_prn.c
- $(OPENSSL_PATH)/crypto/dso/dso_dl.c
- $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
- $(OPENSSL_PATH)/crypto/dso/dso_err.c
- $(OPENSSL_PATH)/crypto/dso/dso_lib.c
- $(OPENSSL_PATH)/crypto/dso/dso_null.c
- $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
- $(OPENSSL_PATH)/crypto/dso/dso_win32.c
- $(OPENSSL_PATH)/crypto/dso/dso_vms.c
+ #
+ # ECDSA - Disabled by OPENSSL_NO_ECDSA
+ #
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_lib.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_asn1.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_ossl.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_sign.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_vrf.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_err.c
+
+ #
+ # DIFFIE-HELLMAN
+ #
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
$(OPENSSL_PATH)/crypto/dh/dh_gen.c
$(OPENSSL_PATH)/crypto/dh/dh_key.c
@@ -254,44 +379,73 @@
$(OPENSSL_PATH)/crypto/dh/dh_check.c
$(OPENSSL_PATH)/crypto/dh/dh_err.c
$(OPENSSL_PATH)/crypto/dh/dh_depr.c
+ $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
+ $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
+ $(OPENSSL_PATH)/crypto/dh/dh_prn.c
+ $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
+ # $(OPENSSL_PATH)/crypto/dh/dh_kdf.c
#
- # Disabled by OPENSSL_NO_EC
- #
- # $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- # $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- # $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- # $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- # $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- # $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- # $(OPENSSL_PATH)/crypto/ec/ec_err.c
- # $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- # $(OPENSSL_PATH)/crypto/ec/ec_check.c
- # $(OPENSSL_PATH)/crypto/ec/ec_print.c
- # $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- # $(OPENSSL_PATH)/crypto/ec/ec_key.c
- # $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- # $(OPENSSL_PATH)/crypto/ec/ec2_mult.c
- #
- # Disabled by OPENSSL_NO_ECDH
+ # ECDH - Disabled by OPENSSL_NO_ECDH
#
# $(OPENSSL_PATH)/crypto/ecdh/ech_lib.c
# $(OPENSSL_PATH)/crypto/ecdh/ech_ossl.c
# $(OPENSSL_PATH)/crypto/ecdh/ech_key.c
# $(OPENSSL_PATH)/crypto/ecdh/ech_err.c
+ # $(OPENSSL_PATH)/crypto/ecdh/ech_kdf.c
+
#
- # Disabled by OPENSSL_NO_ECDSA
+ # DSO
#
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_lib.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_asn1.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_ossl.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_sign.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_vrf.c
- # $(OPENSSL_PATH)/crypto/ecdsa/ecs_err.c
+ $(OPENSSL_PATH)/crypto/dso/dso_dl.c
+ $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
+ $(OPENSSL_PATH)/crypto/dso/dso_err.c
+ $(OPENSSL_PATH)/crypto/dso/dso_lib.c
+ $(OPENSSL_PATH)/crypto/dso/dso_null.c
+ $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
+ $(OPENSSL_PATH)/crypto/dso/dso_win32.c
+ $(OPENSSL_PATH)/crypto/dso/dso_vms.c
+ $(OPENSSL_PATH)/crypto/dso/dso_beos.c
+
+ #
+ # ENGINE - Disabled by OPENSSL_NO_ENGINE
+ #
+ # $(OPENSSL_PATH)/crypto/engine/eng_err.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_lib.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_list.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_init.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_ctrl.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_table.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_pkey.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_fat.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_all.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_rsa.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_dsa.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_ecdsa.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_dh.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_ecdh.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_rand.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_store.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_cipher.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_digest.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_pkmeth.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_asnmth.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_openssl.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_cnf.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_dyn.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_cryptodev.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_rdrand.c
+ #
+ # BUFFER
+ #
$(OPENSSL_PATH)/crypto/buffer/buffer.c
$(OPENSSL_PATH)/crypto/buffer/buf_str.c
$(OPENSSL_PATH)/crypto/buffer/buf_err.c
+
+ #
+ # BIO
+ #
$(OPENSSL_PATH)/crypto/bio/bio_lib.c
$(OPENSSL_PATH)/crypto/bio/bio_cb.c
$(OPENSSL_PATH)/crypto/bio/bio_err.c
@@ -299,45 +453,58 @@
$(OPENSSL_PATH)/crypto/bio/bss_null.c
$(OPENSSL_PATH)/crypto/bio/bss_fd.c
$(OPENSSL_PATH)/crypto/bio/bss_file.c
+ $(OPENSSL_PATH)/crypto/bio/bss_sock.c
+ $(OPENSSL_PATH)/crypto/bio/bss_conn.c
$(OPENSSL_PATH)/crypto/bio/bf_null.c
$(OPENSSL_PATH)/crypto/bio/bf_buff.c
-
#
- # Not required for UEFI.
+ # Not Required by UEFI.
#
# $(OPENSSL_PATH)/crypto/bio/b_print.c
-
$(OPENSSL_PATH)/crypto/bio/b_dump.c
+ $(OPENSSL_PATH)/crypto/bio/b_sock.c
+ $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
$(OPENSSL_PATH)/crypto/bio/bf_nbio.c
$(OPENSSL_PATH)/crypto/bio/bss_log.c
$(OPENSSL_PATH)/crypto/bio/bss_bio.c
$(OPENSSL_PATH)/crypto/bio/bss_dgram.c
+
+ #
+ # STACK
+ #
$(OPENSSL_PATH)/crypto/stack/stack.c
+
+ #
+ # LHASH
+ #
$(OPENSSL_PATH)/crypto/lhash/lhash.c
$(OPENSSL_PATH)/crypto/lhash/lh_stats.c
+
+ #
+ # RAND
+ #
$(OPENSSL_PATH)/crypto/rand/md_rand.c
$(OPENSSL_PATH)/crypto/rand/randfile.c
$(OPENSSL_PATH)/crypto/rand/rand_lib.c
- $(OPENSSL_PATH)/crypto/rand/rand_eng.c
$(OPENSSL_PATH)/crypto/rand/rand_err.c
- $(OPENSSL_PATH)/crypto/rand/rand_egd.c
- $(OPENSSL_PATH)/crypto/rand/rand_win.c
+ # $(OPENSSL_PATH)/crypto/rand/rand_egd.c
+ # $(OPENSSL_PATH)/crypto/rand/rand_win.c
$(OPENSSL_PATH)/crypto/rand/rand_unix.c
- $(OPENSSL_PATH)/crypto/rand/rand_os2.c
- $(OPENSSL_PATH)/crypto/rand/rand_nw.c
+ # $(OPENSSL_PATH)/crypto/rand/rand_os2.c
+ # $(OPENSSL_PATH)/crypto/rand/rand_nw.c
+
+ #
+ # ERR
+ #
$(OPENSSL_PATH)/crypto/err/err.c
- $(OPENSSL_PATH)/crypto/err/err_def.c
$(OPENSSL_PATH)/crypto/err/err_all.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
- $(OPENSSL_PATH)/crypto/err/err_str.c
- $(OPENSSL_PATH)/crypto/err/err_bio.c
- $(OPENSSL_PATH)/crypto/objects/o_names.c
- $(OPENSSL_PATH)/crypto/objects/obj_dat.c
- $(OPENSSL_PATH)/crypto/objects/obj_lib.c
- $(OPENSSL_PATH)/crypto/objects/obj_err.c
+
+ #
+ # EVP
+ #
$(OPENSSL_PATH)/crypto/evp/encode.c
$(OPENSSL_PATH)/crypto/evp/digest.c
- $(OPENSSL_PATH)/crypto/evp/dig_eng.c
$(OPENSSL_PATH)/crypto/evp/evp_enc.c
$(OPENSSL_PATH)/crypto/evp/evp_key.c
$(OPENSSL_PATH)/crypto/evp/evp_acnf.c
@@ -346,22 +513,25 @@
$(OPENSSL_PATH)/crypto/evp/e_bf.c
$(OPENSSL_PATH)/crypto/evp/e_idea.c
$(OPENSSL_PATH)/crypto/evp/e_des3.c
+ $(OPENSSL_PATH)/crypto/evp/e_camellia.c
$(OPENSSL_PATH)/crypto/evp/e_rc4.c
$(OPENSSL_PATH)/crypto/evp/e_aes.c
$(OPENSSL_PATH)/crypto/evp/names.c
+ $(OPENSSL_PATH)/crypto/evp/e_seed.c
$(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
$(OPENSSL_PATH)/crypto/evp/e_rc2.c
$(OPENSSL_PATH)/crypto/evp/e_cast.c
$(OPENSSL_PATH)/crypto/evp/e_rc5.c
- $(OPENSSL_PATH)/crypto/evp/enc_min.c
$(OPENSSL_PATH)/crypto/evp/m_null.c
$(OPENSSL_PATH)/crypto/evp/m_md2.c
$(OPENSSL_PATH)/crypto/evp/m_md4.c
$(OPENSSL_PATH)/crypto/evp/m_md5.c
$(OPENSSL_PATH)/crypto/evp/m_sha.c
$(OPENSSL_PATH)/crypto/evp/m_sha1.c
+ $(OPENSSL_PATH)/crypto/evp/m_wp.c
$(OPENSSL_PATH)/crypto/evp/m_dss.c
$(OPENSSL_PATH)/crypto/evp/m_dss1.c
+ $(OPENSSL_PATH)/crypto/evp/m_mdc2.c
$(OPENSSL_PATH)/crypto/evp/m_ripemd.c
$(OPENSSL_PATH)/crypto/evp/m_ecdsa.c
$(OPENSSL_PATH)/crypto/evp/p_open.c
@@ -386,6 +556,17 @@
$(OPENSSL_PATH)/crypto/evp/p5_crpt.c
$(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
$(OPENSSL_PATH)/crypto/evp/e_old.c
+ $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
+ $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
+ $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
+ $(OPENSSL_PATH)/crypto/evp/m_sigver.c
+ $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
+ $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
+ $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
+
+ #
+ # ASN1
+ #
$(OPENSSL_PATH)/crypto/asn1/a_object.c
$(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
$(OPENSSL_PATH)/crypto/asn1/a_utctm.c
@@ -421,6 +602,7 @@
$(OPENSSL_PATH)/crypto/asn1/x_info.c
$(OPENSSL_PATH)/crypto/asn1/x_spki.c
$(OPENSSL_PATH)/crypto/asn1/nsseq.c
+ $(OPENSSL_PATH)/crypto/asn1/x_nx509.c
$(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
$(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
$(OPENSSL_PATH)/crypto/asn1/i2d_pu.c
@@ -438,20 +620,22 @@
$(OPENSSL_PATH)/crypto/asn1/tasn_dec.c
$(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
$(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
+ $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
$(OPENSSL_PATH)/crypto/asn1/f_int.c
$(OPENSSL_PATH)/crypto/asn1/f_string.c
$(OPENSSL_PATH)/crypto/asn1/n_pkey.c
$(OPENSSL_PATH)/crypto/asn1/f_enum.c
- $(OPENSSL_PATH)/crypto/asn1/a_hdr.c
$(OPENSSL_PATH)/crypto/asn1/x_pkey.c
$(OPENSSL_PATH)/crypto/asn1/a_bool.c
$(OPENSSL_PATH)/crypto/asn1/x_exten.c
+ $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
+ $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
$(OPENSSL_PATH)/crypto/asn1/asn_mime.c
$(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
$(OPENSSL_PATH)/crypto/asn1/asn1_par.c
$(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
$(OPENSSL_PATH)/crypto/asn1/asn1_err.c
- $(OPENSSL_PATH)/crypto/asn1/a_meth.c
$(OPENSSL_PATH)/crypto/asn1/a_bytes.c
$(OPENSSL_PATH)/crypto/asn1/a_strnid.c
$(OPENSSL_PATH)/crypto/asn1/evp_asn1.c
@@ -460,6 +644,10 @@
$(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c
$(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
$(OPENSSL_PATH)/crypto/asn1/asn_moid.c
+
+ #
+ # PEM
+ #
$(OPENSSL_PATH)/crypto/pem/pem_sign.c
$(OPENSSL_PATH)/crypto/pem/pem_seal.c
$(OPENSSL_PATH)/crypto/pem/pem_info.c
@@ -471,6 +659,11 @@
$(OPENSSL_PATH)/crypto/pem/pem_oth.c
$(OPENSSL_PATH)/crypto/pem/pem_pk8.c
$(OPENSSL_PATH)/crypto/pem/pem_pkey.c
+ $(OPENSSL_PATH)/crypto/pem/pvkfmt.c
+
+ #
+ # X509
+ #
$(OPENSSL_PATH)/crypto/x509/x509_def.c
$(OPENSSL_PATH)/crypto/x509/x509_d2.c
$(OPENSSL_PATH)/crypto/x509/x509_r2x.c
@@ -492,9 +685,16 @@
$(OPENSSL_PATH)/crypto/x509/x_all.c
$(OPENSSL_PATH)/crypto/x509/x509_txt.c
$(OPENSSL_PATH)/crypto/x509/x509_trs.c
- $(OPENSSL_PATH)/crypto/x509/by_file.c
- $(OPENSSL_PATH)/crypto/x509/by_dir.c
+ #
+ # Not Required by UEFI.
+ #
+ # $(OPENSSL_PATH)/crypto/x509/by_file.c
+ # $(OPENSSL_PATH)/crypto/x509/by_dir.c
$(OPENSSL_PATH)/crypto/x509/x509_vpm.c
+
+ #
+ # X509v3
+ #
$(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c
$(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c
$(OPENSSL_PATH)/crypto/x509v3/v3_conf.c
@@ -531,6 +731,14 @@
$(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
$(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
$(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
+ #
+ # Not Required by UEFI.
+ #
+ # $(OPENSSL_PATH)/crypto/x509v3/v3_scts.c
+
+ #
+ # CONF
+ #
$(OPENSSL_PATH)/crypto/conf/conf_err.c
$(OPENSSL_PATH)/crypto/conf/conf_lib.c
$(OPENSSL_PATH)/crypto/conf/conf_api.c
@@ -538,7 +746,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_mod.c
$(OPENSSL_PATH)/crypto/conf/conf_mall.c
$(OPENSSL_PATH)/crypto/conf/conf_sap.c
+
+ #
+ # TXT_DB
+ #
$(OPENSSL_PATH)/crypto/txt_db/txt_db.c
+
+ #
+ # PKCS7
+ #
$(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
$(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
$(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
@@ -546,6 +762,11 @@
$(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
$(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
$(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
+ $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
+
+ #
+ # PKCS12
+ #
$(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
$(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
$(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c
@@ -561,68 +782,96 @@
$(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
$(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
$(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
+
+ #
+ # COMP
+ #
$(OPENSSL_PATH)/crypto/comp/comp_lib.c
$(OPENSSL_PATH)/crypto/comp/comp_err.c
$(OPENSSL_PATH)/crypto/comp/c_rle.c
$(OPENSSL_PATH)/crypto/comp/c_zlib.c
#
- # Disabled by OPENSSL_NO_ENGINE
+ # OCSP - Disabled by OPENSSL_NO_OCSP
#
- # $(OPENSSL_PATH)/crypto/engine/eng_err.c
- # $(OPENSSL_PATH)/crypto/engine/eng_lib.c
- # $(OPENSSL_PATH)/crypto/engine/eng_list.c
- # $(OPENSSL_PATH)/crypto/engine/eng_init.c
- # $(OPENSSL_PATH)/crypto/engine/eng_ctrl.c
- # $(OPENSSL_PATH)/crypto/engine/eng_table.c
- # $(OPENSSL_PATH)/crypto/engine/eng_pkey.c
- # $(OPENSSL_PATH)/crypto/engine/eng_fat.c
- # $(OPENSSL_PATH)/crypto/engine/eng_all.c
- # $(OPENSSL_PATH)/crypto/engine/tb_rsa.c
- # $(OPENSSL_PATH)/crypto/engine/tb_dsa.c
- # $(OPENSSL_PATH)/crypto/engine/tb_ecdsa.c
- # $(OPENSSL_PATH)/crypto/engine/tb_dh.c
- # $(OPENSSL_PATH)/crypto/engine/tb_ecdh.c
- # $(OPENSSL_PATH)/crypto/engine/tb_rand.c
- # $(OPENSSL_PATH)/crypto/engine/tb_store.c
- # $(OPENSSL_PATH)/crypto/engine/tb_cipher.c
- # $(OPENSSL_PATH)/crypto/engine/tb_digest.c
- # $(OPENSSL_PATH)/crypto/engine/eng_openssl.c
- # $(OPENSSL_PATH)/crypto/engine/eng_cnf.c
- # $(OPENSSL_PATH)/crypto/engine/eng_dyn.c
- # $(OPENSSL_PATH)/crypto/engine/eng_cryptodev.c
- # $(OPENSSL_PATH)/crypto/engine/eng_padlock.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
#
- # Disabled by OPENSSL_NO_OCSP
+ # UI
#
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
- # $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
-
- $(OPENSSL_PATH)/crypto/ui/ui_err.c
$(OPENSSL_PATH)/crypto/ui/ui_lib.c
-
#
- # Not required when OPENSSL_NO_STDIO is set, which is is for UEFI.
+ # Not Required by UEFI.
#
+ # $(OPENSSL_PATH)/crypto/ui/ui_err.c
# $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
-
$(OPENSSL_PATH)/crypto/ui/ui_util.c
$(OPENSSL_PATH)/crypto/ui/ui_compat.c
+
+ #
+ # KRB5
+ #
$(OPENSSL_PATH)/crypto/krb5/krb5_asn.c
- $(OPENSSL_PATH)/crypto/store/str_err.c
- $(OPENSSL_PATH)/crypto/store/str_lib.c
- $(OPENSSL_PATH)/crypto/store/str_meth.c
- $(OPENSSL_PATH)/crypto/store/str_mem.c
+
+ #
+ # CMS
+ #
+ # $(OPENSSL_PATH)/crypto/cms/cms_lib.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_asn1.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_att.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_io.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_smime.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_err.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_sd.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_dd.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_cd.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_env.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_enc.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_ess.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_pwri.c
+ # $(OPENSSL_PATH)/crypto/cms/cms_kari.c
+
+ #
+ # PQUEUE
+ #
$(OPENSSL_PATH)/crypto/pqueue/pqueue.c
+ #
+ # TS
+ #
+ $(OPENSSL_PATH)/crypto/ts/ts_err.c
+ $(OPENSSL_PATH)/crypto/ts/ts_req_utils.c
+ $(OPENSSL_PATH)/crypto/ts/ts_req_print.c
+ $(OPENSSL_PATH)/crypto/ts/ts_rsp_utils.c
+ $(OPENSSL_PATH)/crypto/ts/ts_rsp_print.c
+ $(OPENSSL_PATH)/crypto/ts/ts_rsp_sign.c
+ $(OPENSSL_PATH)/crypto/ts/ts_rsp_verify.c
+ $(OPENSSL_PATH)/crypto/ts/ts_verify_ctx.c
+ $(OPENSSL_PATH)/crypto/ts/ts_lib.c
+ $(OPENSSL_PATH)/crypto/ts/ts_conf.c
+ $(OPENSSL_PATH)/crypto/ts/ts_asn1.c
+
+ #
+ # SRP - Disabled by OPENSSL_NO_SRP
+ #
+ # $(OPENSSL_PATH)/crypto/srp/srp_lib.c
+ # $(OPENSSL_PATH)/crypto/srp/srp_vfy.c
+
+ #
+ # CMAS
+ #
+ $(OPENSSL_PATH)/crypto/cmac/cmac.c
+ $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
+ $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
+
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
@@ -631,47 +880,44 @@
DebugLib
[BuildOptions]
Same here: by changing the indentation, it is really very hard to see
what you actually changed (if you changed anything at all)
Post by qlong
- #
- # Override MSFT build option to remove /W4 (to silence warning messages when building OpenSSL).
- #
- MSFT:DEBUG_VS2003_IA32_CC_FLAGS == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_VS2003_IA32_CC_FLAGS == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_VS2003xASL_IA32_CC_FLAGS == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_VS2003xASL_IA32_CC_FLAGS == /nologo /c /WX /Gs32768 /Gy /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /GX- -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_DDK3790_IA32_CC_FLAGS == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_DDK3790_IA32_CC_FLAGS == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_DDK3790xASL_IA32_CC_FLAGS == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_DDK3790xASL_IA32_CC_FLAGS == /nologo /c /WX /Gy /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_*_IA32_CC_FLAGS == /nologo /c /WX /GS- /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:RELEASE_*_IA32_CC_FLAGS == /nologo /c /WX /GS- /Gs32768 /D UNICODE /O1ib2 /GL /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:NOOPT_*_IA32_CC_FLAGS == /nologo /c /WX /GS- /Gs32768 /D UNICODE /Od /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- MSFT:DEBUG_*_X64_CC_FLAGS == /nologo /c /WX /GS- /X /Gs32768 /D UNICODE /O1ib2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:RELEASE_*_X64_CC_FLAGS == /nologo /c /WX /GS- /X /Gs32768 /D UNICODE /O1ib2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:NOOPT_*_X64_CC_FLAGS == /nologo /c /WX /GS- /X /Gs32768 /D UNICODE /Od /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:DEBUG_*_IPF_CC_FLAGS == /nologo /c /WX /GS- /X /EHs-c- /GR- /Gy /Os /GL /FIAutoGen.h /QIPF_fr32 /Zi -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:RELEASE_*_IPF_CC_FLAGS == /nologo /c /WX /GS- /X /EHs-c- /GR- /Gy /Os /GL /FIAutoGen.h /QIPF_fr32 -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- MSFT:NOOPT_*_IPF_CC_FLAGS == /nologo /c /WX /GS- /X /EHs-c- /GR- /Gy /Od /FIAutoGen.h /QIPF_fr32 /Zi -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
- INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- INTEL:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
- GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
- GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
- GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
- GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
- GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
-
- # 1295: Deprecated declaration <entity> - give arg types
- # 550: <entity> was set but never used
- # 1293: assignment in condition
- # 111: statement is unreachable (invariably "break;" after "return X;" in case statement)
- # 68: integer conversion resulted in a change of sign ("if (Status == -1)")
- # 177: <entity> was declared but never referenced
- # 223: function <entity> declared implicitly
- # 144: a value of type <type> cannot be used to initialize an entity of type <type>
- # 513: a value of type <type> cannot be assigned to an entity of type <type>
- # 188: enumerated type mixed with another type (i.e. passing an integer as an enum without a cast)
- # 1296: Extended constant initialiser used
- RVCT:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188
- XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
- XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
\ No newline at end of file
+ #
+ # C4244: conversion from type1 to type2, possible loss of data
+ # C4702: unreachable code
+ # C4706: assignment within conditional expression
+ # C4133: incompatible types - from type1 to type2
+ # C4245: conversion from type1 to type2, signed/unsigned mismatch
+ # C4267: conversion from size_t to type, possible loss of data
+ # C4305: truncation from type1 to type2 of smaller size
+ # C4306: conversion from type1 to type2 of greater size
+ # C4702: Potentially uninitialized local variable name used
+ #
+ MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DTHIRTY_TWO_BIT /wd4244 /wd4701 /wd4702 /wd4706
+ MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706
+ MSFT:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -DSIXTY_FOUR_BIT /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706
+
+ INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DTHIRTY_TWO_BIT
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+ INTEL:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) /w -DSIXTY_FOUR_BIT
+
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+ GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+ GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+ GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+
+ # 1295: Deprecated declaration <entity> - give arg types
+ # 550: <entity> was set but never used
+ # 1293: assignment in condition
+ # 111: statement is unreachable (invariably "break;" after "return X;" in case statement)
+ # 68: integer conversion resulted in a change of sign ("if (Status == -1)")
+ # 177: <entity> was declared but never referenced
+ # 223: function <entity> declared implicitly
+ # 144: a value of type <type> cannot be used to initialize an entity of type <type>
+ # 513: a value of type <type> cannot be assigned to an entity of type <type>
+ # 188: enumerated type mixed with another type (i.e. passing an integer as an enum without a cast)
+ # 1296: Extended constant initialiser used
+ RVCT:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188
+ XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+ XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
index de60a5f..d24cc15 100644
--- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
+++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
@@ -4,49 +4,49 @@
================================================================================
OpenSSL is a well-known open source implementation of SSL and TLS protocols.
The core library implements the basic cryptographic functions and provides various
-utility functions. The OpenSSL library is widely used in variety of security
-products development as base crypto provider. (See http://www.openssl.org for more
+utility functions. The OpenSSL library is widely used in variety of security
+products development as base crypto provider. (See http://www.openssl.org for more
information for OpenSSL).
- UEFI (Unified Extensible Firmware Interface) is a specification detailing the
-interfaces between OS and platform firmware. Several security features were
-introduced (e.g. Authenticated Variable Service, Driver Signing, etc) from UEFI
-2.2 (http://www.uefi.org). These security features highly depends on the
+ UEFI (Unified Extensible Firmware Interface) is a specification detailing the
+interfaces between OS and platform firmware. Several security features were
+introduced (e.g. Authenticated Variable Service, Driver Signing, etc) from UEFI
+2.2 (http://www.uefi.org). These security features highly depends on the
cryptography. This patch will enable openssl building under UEFI environment.
================================================================================
OpenSSL-Version
================================================================================
- Current supported OpenSSL version for UEFI Crypto Library is 0.9.8zf.
- http://www.openssl.org/source/openssl-0.9.8zf.tar.gz
+ Current supported OpenSSL version for UEFI Crypto Library is 1.0.2a.
+ http://www.openssl.org/source/openssl-1.0.2a.tar.gz
================================================================================
HOW to Install Openssl for UEFI Building
================================================================================
- http://www.openssl.org/source/openssl-0.9.8zf.tar.gz
+ http://www.openssl.org/source/openssl-1.0.2a.tar.gz
- NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8zf.tar.tar.
- When you do the download, rename the "openssl-0.9.8zf.tar.tar" to
- "openssl-0.9.8zf.tar.gz" or rename the local downloaded file with ".tar.tar"
+ NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2a.tar.tar.
+ When you do the download, rename the "openssl-1.0.2a.tar.tar" to
+ "openssl-1.0.2a.tar.gz" or rename the local downloaded file with ".tar.tar"
extension to ".tar.gz".
-2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8zf
+2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-1.0.2a
- NOTE: If you use WinZip to unpack the openssl source in Windows, please
- uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
+ NOTE: If you use WinZip to unpack the openssl source in Windows, please
+ uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
-
-3. Apply this patch: EDKII_openssl-0.9.8zf.patch, and make installation
+
+3. Apply this patch: EDKII_openssl-1.0.2a.patch, and make installation
------------------------
1) Make sure the patch utility has been installed in your machine.
- Install Cygwin or get the patch utility binary from
+ Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm
- 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8zf
- 3) patch -p0 -i ..\EDKII_openssl-0.9.8zf.patch
+ 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2a
+ 3) patch -p0 -i ..\EDKII_openssl-1.0.2a.patch
4) cd ..
5) Install.cmd
@@ -54,8 +54,8 @@ cryptography. This patch will enable openssl building under UEFI environment.
-----------------------
1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/
- 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8zf
- 3) patch -p0 -i ../EDKII_openssl-0.9.8zf.patch
+ 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2a
+ 3) patch -p0 -i ../EDKII_openssl-1.0.2a.patch
4) cd ..
5) ./Install.sh
--
1.9.5.msysgit.1
------------------------------------------------------------------------------
Ye, Ting
2015-06-10 03:24:57 UTC
Permalink
Looks good to me.

Reviewed-by: Ye Ting <***@intel.com>

-----Original Message-----
From: Long, Qin
Sent: Wednesday, June 10, 2015 10:21 AM
To: Ye, Ting; ***@linaro.org; edk2-***@lists.sourceforge.net
Subject: [patch 0/3] *** Update OpenSSL support to 1.0.2a release ***

Update the EDKII crypto provider from openssl 0.9.8zf to 1.0.2a.
The OpenSSL Project announced that the support for version 0.9.8 will cease
on 31st December 2015. This patch updates the EDKII openssl support to the
latest 1.0.2 branch.
[V2]
Re-send the patch with few build issue fixes.

qlong (3):
[CryptoPkg] Remove the old patch file for openssl-0.9.8zf build, and
add the patch file for openssl-1.0.2a.
[CryptoPkg] Update INF file, installation scripts and HOWTO for
openssl-1.0.2a support.
[CryptoPkg] Updates some support header files and wrapper files to
support openssl-1.0.2a build, and correct some openssl API usages
when handling ASN.1 en/decoding.

CryptoPkg/Include/OpenSslSupport.h | 8 +-
.../Library/BaseCryptLib/Pk/CryptAuthenticode.c | 6 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c | 10 +-
.../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 13 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 12 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 8 +-
.../Library/OpensslLib/EDKII_openssl-0.9.8zf.patch | 279 ----------
.../Library/OpensslLib/EDKII_openssl-1.0.2a.patch | 358 ++++++++++++
CryptoPkg/Library/OpensslLib/Install.cmd | 146 ++---
CryptoPkg/Library/OpensslLib/Install.sh | 146 ++---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 620 ++++++++++++++-------
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 46 +-
12 files changed, 1002 insertions(+), 650 deletions(-)
delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
create mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
--
1.9.5.msysgit.1


------------------------------------------------------------------------------
Continue reading on narkive:
Loading...