* [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release
@ 2017-03-23 13:19 Qin Long
2017-03-23 13:19 ` [PATCH v2 01/11] CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0x build Qin Long
` (12 more replies)
0 siblings, 13 replies; 33+ messages in thread
From: Qin Long @ 2017-03-23 13:19 UTC (permalink / raw)
To: edk2-devel
Cc: ting.ye, jiaxin.wu, lersek, ard.biesheuvel, glin, ronald.cron,
Moso.Lee, thomas.palmer
V2 Changes:
1. Re-format patch series & handle some format fixes
(as Laszlo Ersek's comments);
2. Updated TlsLib Wrapper (as Thomas Palmer's comments);
3. Add "ENGINESDIR" definition to support OpenSSL build if
engine is enabled (as Moso Lee's comments)
(https://github.com/qloong/edk2/tree/dev-openssl-stable-v2)
Current EDKII-CryptoPkg is leveraging OpenSSL-1.0.2xx as the
underlying cryptographic provider, which requires some extra patches
(EDKII-openssl-xxxx.patch) and installation scripts for EDKII build & usage.
The latest stable version of OpenSSL was upgraded to the 1.1.0 series
of release, with lots of EDKII-specific patches integration, which
make CryptoPkg possbile to remove all extra patch and scripts for
more native build support.
This patch series is to update EDKII-CryptoPkg to support native
building with the latest OpenSSL 1.1.0xx. (By now, the latest OpenSSL
stable release is 1.1.0e). Refer to
"CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt" for the information
about the version and source installation.
(NOTE: The extra build options for ARM/RVCT/XCODE were kept as before,
and further optimizations were expected from community.)
Qin Long (11):
CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0x build
CryptoPkg: Update .gitignore for OpenSSL source masking
CryptoPkg/OpensslLib: Remove patch file and installation scripts.
CryptoPkg/OpensslLib: Add new Perl script for file list generation.
CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document.
CryptoPkg: Fix handling of &strcmp function pointers
CryptoPkg: Clean-up CRT Library Wrapper.
CryptoPkg: Add extra build option to disable VS build warning
CryptoPkg: Update HMAC Wrapper with opaque HMAC_CTX object.
CryptoPkg: Update PK Cipher Wrappers work with opaque objects.
CryptoPkg/TlsLib: Update TLS Wrapper to align with OpenSSL changes.
CryptoPkg/.gitignore | 3 +-
CryptoPkg/CryptoPkg.dec | 8 +-
CryptoPkg/Include/CrtLibSupport.h | 193 ++
CryptoPkg/Include/Library/BaseCryptLib.h | 93 +-
CryptoPkg/Include/OpenSslSupport.h | 286 ---
CryptoPkg/Include/arpa/inet.h | 16 -
CryptoPkg/Include/assert.h | 7 +-
CryptoPkg/Include/ctype.h | 7 +-
CryptoPkg/Include/dirent.h | 16 -
CryptoPkg/Include/errno.h | 7 +-
CryptoPkg/Include/internal/dso_conf.h | 0
CryptoPkg/Include/limits.h | 7 +-
CryptoPkg/Include/malloc.h | 16 -
CryptoPkg/Include/math.h | 16 -
CryptoPkg/Include/memory.h | 7 +-
CryptoPkg/Include/netdb.h | 16 -
CryptoPkg/Include/netinet/in.h | 16 -
CryptoPkg/Include/openssl/opensslconf.h | 308 +++
CryptoPkg/Include/sgtty.h | 16 -
CryptoPkg/Include/signal.h | 16 -
CryptoPkg/Include/stdarg.h | 7 +-
CryptoPkg/Include/stddef.h | 6 +-
CryptoPkg/Include/stdio.h | 7 +-
CryptoPkg/Include/stdlib.h | 7 +-
CryptoPkg/Include/string.h | 7 +-
CryptoPkg/Include/strings.h | 6 +-
CryptoPkg/Include/sys/ioctl.h | 16 -
CryptoPkg/Include/sys/param.h | 16 -
CryptoPkg/Include/sys/socket.h | 16 -
CryptoPkg/Include/sys/stat.h | 16 -
CryptoPkg/Include/sys/time.h | 7 +-
CryptoPkg/Include/sys/times.h | 16 -
CryptoPkg/Include/sys/types.h | 7 +-
CryptoPkg/Include/sys/un.h | 16 -
CryptoPkg/Include/syslog.h | 6 +-
CryptoPkg/Include/time.h | 6 +-
CryptoPkg/Include/unistd.h | 6 +-
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 9 +-
CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 77 +-
.../Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c | 40 +-
.../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 75 +-
.../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c | 40 +-
.../Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 75 +-
.../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 40 +-
CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h | 10 +-
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c | 69 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c | 10 +-
.../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 68 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 189 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | 70 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 20 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 41 +-
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 8 +-
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 6 +
.../BaseCryptLib/SysCall/BaseMemAllocation.c | 5 +-
.../BaseCryptLib/SysCall/ConstantTimeClock.c | 6 +-
.../Library/BaseCryptLib/SysCall/CrtWrapper.c | 185 +-
.../Library/BaseCryptLib/SysCall/HelperWrapper.c | 54 -
.../BaseCryptLib/SysCall/RuntimeMemAllocation.c | 3 +-
.../Library/BaseCryptLib/SysCall/TimerWrapper.c | 4 +-
CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c | 8 +-
.../Library/OpensslLib/EDKII_openssl-1.0.2k.patch | 2094 --------------------
CryptoPkg/Library/OpensslLib/Install.cmd | 80 -
CryptoPkg/Library/OpensslLib/Install.sh | 82 -
CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt | 53 +
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 866 ++++----
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 793 ++++----
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 61 -
CryptoPkg/Library/OpensslLib/buildinf.h | 2 +-
CryptoPkg/Library/OpensslLib/opensslconf.h | 497 -----
CryptoPkg/Library/OpensslLib/process_files.pl | 223 +++
CryptoPkg/Library/OpensslLib/process_files.sh | 110 -
CryptoPkg/Library/TlsLib/InternalTlsLib.h | 5 +-
CryptoPkg/Library/TlsLib/TlsConfig.c | 21 +-
CryptoPkg/Library/TlsLib/TlsInit.c | 51 +-
CryptoPkg/Library/TlsLib/TlsLib.inf | 9 +-
77 files changed, 2464 insertions(+), 4825 deletions(-)
create mode 100644 CryptoPkg/Include/CrtLibSupport.h
delete mode 100644 CryptoPkg/Include/OpenSslSupport.h
delete mode 100644 CryptoPkg/Include/arpa/inet.h
delete mode 100644 CryptoPkg/Include/dirent.h
create mode 100644 CryptoPkg/Include/internal/dso_conf.h
delete mode 100644 CryptoPkg/Include/malloc.h
delete mode 100644 CryptoPkg/Include/math.h
delete mode 100644 CryptoPkg/Include/netdb.h
delete mode 100644 CryptoPkg/Include/netinet/in.h
create mode 100644 CryptoPkg/Include/openssl/opensslconf.h
delete mode 100644 CryptoPkg/Include/sgtty.h
delete mode 100644 CryptoPkg/Include/signal.h
delete mode 100644 CryptoPkg/Include/sys/ioctl.h
delete mode 100644 CryptoPkg/Include/sys/param.h
delete mode 100644 CryptoPkg/Include/sys/socket.h
delete mode 100644 CryptoPkg/Include/sys/stat.h
delete mode 100644 CryptoPkg/Include/sys/times.h
delete mode 100644 CryptoPkg/Include/sys/un.h
delete mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c
delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch
delete mode 100755 CryptoPkg/Library/OpensslLib/Install.cmd
delete mode 100755 CryptoPkg/Library/OpensslLib/Install.sh
create mode 100644 CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
delete mode 100644 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
delete mode 100644 CryptoPkg/Library/OpensslLib/opensslconf.h
create mode 100644 CryptoPkg/Library/OpensslLib/process_files.pl
delete mode 100755 CryptoPkg/Library/OpensslLib/process_files.sh
--
2.11.1.windows.1
^ permalink raw reply [flat|nested] 33+ messages in thread
* [PATCH v2 01/11] CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0x build
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
@ 2017-03-23 13:19 ` Qin Long
2017-03-23 18:27 ` Laszlo Ersek
2017-03-27 9:40 ` Gary Lin
2017-03-23 13:19 ` [PATCH v2 02/11] CryptoPkg: Update .gitignore for OpenSSL source masking Qin Long
` (11 subsequent siblings)
12 siblings, 2 replies; 33+ messages in thread
From: Qin Long @ 2017-03-23 13:19 UTC (permalink / raw)
To: edk2-devel
Cc: ting.ye, jiaxin.wu, lersek, ard.biesheuvel, glin, ronald.cron,
Moso.Lee, thomas.palmer, David Woodhouse
Update OpensslLib INF files to support OpenSSL-1.1.0x source build.
The file list was generated from the latest OpenSSL-1.1.0e release.
Main changes to support OpensslLib build in this patch include:
1. Use "openssl" instead of "openssl-x.x.xx" as main source directory,
Also update include path in CryptoPkg.dec
2. Enable warnings in GCC builds;
3. Update Visual Studio build options to silence current possible build
warnings.
4. Move the default opensslconf.h to Include/openssl, and add one dummy
dso_conf.h for native UEFI build.
The OpensslLib module build was validated as
build -t VSXXXX -a XX -p CryptoPkg/CryptoPkg.dsc
-m CryptoPkg/Library/OpensslLib/OpensslLib.inf
(NOTE: The extra build options for ARM/RVCT/XCODE were kept, which expect
further optimizations from community)
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Qin Long <qin.long@intel.com>
---
CryptoPkg/CryptoPkg.dec | 8 +-
CryptoPkg/Include/OpenSslSupport.h | 7 +
CryptoPkg/Include/internal/dso_conf.h | 0
CryptoPkg/Include/openssl/opensslconf.h | 308 ++++++++
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 866 +++++++++++-----------
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 793 ++++++++++----------
CryptoPkg/Library/OpensslLib/opensslconf.h | 497 -------------
7 files changed, 1142 insertions(+), 1337 deletions(-)
create mode 100644 CryptoPkg/Include/internal/dso_conf.h
create mode 100644 CryptoPkg/Include/openssl/opensslconf.h
delete mode 100644 CryptoPkg/Library/OpensslLib/opensslconf.h
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index 27c832707a..fdccbf06f7 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -9,10 +9,10 @@
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
-#
+#
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
+#
##
[Defines]
@@ -24,7 +24,8 @@
[Includes]
Include
- Library/OpensslLib/openssl-1.0.2k/include
+ Library/OpensslLib/openssl/include
+ Library/OpensslLib/openssl/crypto/include
[LibraryClasses]
## @libraryclass Provides basic library functions for cryptographic primitives.
@@ -41,4 +42,3 @@
[UserExtensions.TianoCore."ExtraFiles"]
CryptoPkgExtra.uni
-
diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h
index 600578e780..e011a7cfee 100644
--- a/CryptoPkg/Include/OpenSslSupport.h
+++ b/CryptoPkg/Include/OpenSslSupport.h
@@ -21,6 +21,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/MemoryAllocationLib.h>
#include <Library/DebugLib.h>
+#define OPENSSLDIR ""
+#define ENGINESDIR ""
+
#define MAX_STRING_SIZE 0x1000
//
@@ -90,6 +93,7 @@ typedef VOID *FILE;
#define LOG_DEBUG 7 /* debug-level messages */
#define LOG_PID 0x01 /* log the pid with each message */
#define LOG_CONS 0x02 /* log on the console if errors in sending */
+#define CHAR_BIT 8 /* Number of bits in a char */
//
// Macros from EFI Application Toolkit required to build Open SSL
@@ -216,6 +220,9 @@ int strncmp (const char *, const char *, size_t);
char *strrchr (const char *, int);
unsigned long strtoul (const char *, char **, int);
long strtol (const char *, char **, int);
+char *strerror (int);
+size_t strspn (const char *, const char *);
+size_t strcspn (const char *, const char *);
int printf (const char *, ...);
int sscanf (const char *, const char *, ...);
int open (const char *, int, ...);
diff --git a/CryptoPkg/Include/internal/dso_conf.h b/CryptoPkg/Include/internal/dso_conf.h
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/CryptoPkg/Include/openssl/opensslconf.h b/CryptoPkg/Include/openssl/opensslconf.h
new file mode 100644
index 0000000000..1917d7ab24
--- /dev/null
+++ b/CryptoPkg/Include/openssl/opensslconf.h
@@ -0,0 +1,308 @@
+/*
+ * WARNING: do not edit!
+ * Generated from include/openssl/opensslconf.h.in
+ *
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_SYS_UEFI
+# define OPENSSL_SYS_UEFI 1
+#endif
+#define OPENSSL_MIN_API 0x10100000L
+#ifndef OPENSSL_NO_BF
+# define OPENSSL_NO_BF
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+# define OPENSSL_NO_BLAKE2
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_CAST
+# define OPENSSL_NO_CAST
+#endif
+#ifndef OPENSSL_NO_CHACHA
+# define OPENSSL_NO_CHACHA
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_CT
+# define OPENSSL_NO_CT
+#endif
+#ifndef OPENSSL_NO_DSA
+# define OPENSSL_NO_DSA
+#endif
+#ifndef OPENSSL_NO_EC
+# define OPENSSL_NO_EC
+#endif
+#ifndef OPENSSL_NO_IDEA
+# define OPENSSL_NO_IDEA
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_MDC2
+# define OPENSSL_NO_MDC2
+#endif
+#ifndef OPENSSL_NO_POLY1305
+# define OPENSSL_NO_POLY1305
+#endif
+#ifndef OPENSSL_NO_RC2
+# define OPENSSL_NO_RC2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RMD160
+# define OPENSSL_NO_RMD160
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_TS
+# define OPENSSL_NO_TS
+#endif
+#ifndef OPENSSL_NO_UI
+# define OPENSSL_NO_UI
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+# define OPENSSL_NO_WHIRLPOOL
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+#ifndef OPENSSL_NO_APPS
+# define OPENSSL_NO_APPS
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_ASM
+# define OPENSSL_NO_ASM
+#endif
+#ifndef OPENSSL_NO_ASYNC
+# define OPENSSL_NO_ASYNC
+#endif
+#ifndef OPENSSL_NO_AUTOALGINIT
+# define OPENSSL_NO_AUTOALGINIT
+#endif
+#ifndef OPENSSL_NO_AUTOERRINIT
+# define OPENSSL_NO_AUTOERRINIT
+#endif
+#ifndef OPENSSL_NO_CAPIENG
+# define OPENSSL_NO_CAPIENG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEPRECATED
+# define OPENSSL_NO_DEPRECATED
+#endif
+#ifndef OPENSSL_NO_DGRAM
+# define OPENSSL_NO_DGRAM
+#endif
+#ifndef OPENSSL_NO_DTLS
+# define OPENSSL_NO_DTLS
+#endif
+#ifndef OPENSSL_NO_DTLS1
+# define OPENSSL_NO_DTLS1
+#endif
+#ifndef OPENSSL_NO_DTLS1_2
+# define OPENSSL_NO_DTLS1_2
+#endif
+#ifndef OPENSSL_NO_EC2M
+# define OPENSSL_NO_EC2M
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_ECDH
+# define OPENSSL_NO_ECDH
+#endif
+#ifndef OPENSSL_NO_ECDSA
+# define OPENSSL_NO_ECDSA
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_ENGINE
+# define OPENSSL_NO_ENGINE
+#endif
+#ifndef OPENSSL_NO_ERR
+# define OPENSSL_NO_ERR
+#endif
+#ifndef OPENSSL_NO_FILENAMES
+# define OPENSSL_NO_FILENAMES
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_HW
+# define OPENSSL_NO_HW
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_OCB
+# define OPENSSL_NO_OCB
+#endif
+#ifndef OPENSSL_NO_POSIX_IO
+# define OPENSSL_NO_POSIX_IO
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCRYPT
+# define OPENSSL_NO_SCRYPT
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SOCK
+# define OPENSSL_NO_SOCK
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_STDIO
+# define OPENSSL_NO_STDIO
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that. This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#if defined(OPENSSL_NO_DEPRECATED)
+# define DECLARE_DEPRECATED(f)
+#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
+#else
+# define DECLARE_DEPRECATED(f) f;
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+# define OPENSSL_FILE ""
+# define OPENSSL_LINE 0
+# else
+# define OPENSSL_FILE __FILE__
+# define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# undef BN_LLONG
+/* Only one for the following should be defined */
+# undef SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# define THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned int
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 3acc397ace..42f72f4f1f 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -1,5 +1,5 @@
## @file
-# This module provides openSSL Library implementation.
+# This module provides OpenSSL Library implementation.
#
# Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
@@ -20,8 +20,8 @@
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
- DEFINE OPENSSL_PATH = openssl-1.0.2k
- DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
+ DEFINE OPENSSL_PATH = openssl
+ DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DNO_SYSLOG
#
# VALID_ARCHITECTURES = IA32 X64 IPF ARM AARCH64
@@ -30,48 +30,164 @@
[Sources]
$(OPENSSL_PATH)/e_os.h
# Autogenerated files list starts here
+ $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
+ $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_core.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ige.c
+ $(OPENSSL_PATH)/crypto/aes/aes_misc.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
+ $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
+ $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
+ $(OPENSSL_PATH)/crypto/asn1/a_digest.c
+ $(OPENSSL_PATH)/crypto/asn1/a_dup.c
+ $(OPENSSL_PATH)/crypto/asn1/a_gentm.c
+ $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c
+ $(OPENSSL_PATH)/crypto/asn1/a_int.c
+ $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c
+ $(OPENSSL_PATH)/crypto/asn1/a_object.c
+ $(OPENSSL_PATH)/crypto/asn1/a_octet.c
+ $(OPENSSL_PATH)/crypto/asn1/a_print.c
+ $(OPENSSL_PATH)/crypto/asn1/a_sign.c
+ $(OPENSSL_PATH)/crypto/asn1/a_strex.c
+ $(OPENSSL_PATH)/crypto/asn1/a_strnid.c
+ $(OPENSSL_PATH)/crypto/asn1/a_time.c
+ $(OPENSSL_PATH)/crypto/asn1/a_type.c
+ $(OPENSSL_PATH)/crypto/asn1/a_utctm.c
+ $(OPENSSL_PATH)/crypto/asn1/a_utf8.c
+ $(OPENSSL_PATH)/crypto/asn1/a_verify.c
+ $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
+ $(OPENSSL_PATH)/crypto/asn1/asn1_err.c
+ $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
+ $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
+ $(OPENSSL_PATH)/crypto/asn1/asn1_par.c
+ $(OPENSSL_PATH)/crypto/asn1/asn_mime.c
+ $(OPENSSL_PATH)/crypto/asn1/asn_moid.c
+ $(OPENSSL_PATH)/crypto/asn1/asn_mstbl.c
+ $(OPENSSL_PATH)/crypto/asn1/asn_pack.c
+ $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
+ $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
+ $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
+ $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
+ $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c
+ $(OPENSSL_PATH)/crypto/asn1/f_int.c
+ $(OPENSSL_PATH)/crypto/asn1/f_string.c
+ $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c
+ $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c
+ $(OPENSSL_PATH)/crypto/asn1/n_pkey.c
+ $(OPENSSL_PATH)/crypto/asn1/nsseq.c
+ $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c
+ $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c
+ $(OPENSSL_PATH)/crypto/asn1/p5_scrypt.c
+ $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
+ $(OPENSSL_PATH)/crypto/asn1/t_bitst.c
+ $(OPENSSL_PATH)/crypto/asn1/t_pkey.c
+ $(OPENSSL_PATH)/crypto/asn1/t_spki.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_new.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_scn.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
+ $(OPENSSL_PATH)/crypto/asn1/x_algor.c
+ $(OPENSSL_PATH)/crypto/asn1/x_bignum.c
+ $(OPENSSL_PATH)/crypto/asn1/x_info.c
+ $(OPENSSL_PATH)/crypto/asn1/x_long.c
+ $(OPENSSL_PATH)/crypto/asn1/x_pkey.c
+ $(OPENSSL_PATH)/crypto/asn1/x_sig.c
+ $(OPENSSL_PATH)/crypto/asn1/x_spki.c
+ $(OPENSSL_PATH)/crypto/asn1/x_val.c
+ $(OPENSSL_PATH)/crypto/async/arch/async_null.c
+ $(OPENSSL_PATH)/crypto/async/arch/async_posix.c
+ $(OPENSSL_PATH)/crypto/async/arch/async_win.c
+ $(OPENSSL_PATH)/crypto/async/async.c
+ $(OPENSSL_PATH)/crypto/async/async_err.c
+ $(OPENSSL_PATH)/crypto/async/async_wait.c
+ $(OPENSSL_PATH)/crypto/bio/b_addr.c
+ $(OPENSSL_PATH)/crypto/bio/b_dump.c
+ $(OPENSSL_PATH)/crypto/bio/b_sock.c
+ $(OPENSSL_PATH)/crypto/bio/b_sock2.c
+ $(OPENSSL_PATH)/crypto/bio/bf_buff.c
+ $(OPENSSL_PATH)/crypto/bio/bf_lbuf.c
+ $(OPENSSL_PATH)/crypto/bio/bf_nbio.c
+ $(OPENSSL_PATH)/crypto/bio/bf_null.c
+ $(OPENSSL_PATH)/crypto/bio/bio_cb.c
+ $(OPENSSL_PATH)/crypto/bio/bio_err.c
+ $(OPENSSL_PATH)/crypto/bio/bio_lib.c
+ $(OPENSSL_PATH)/crypto/bio/bio_meth.c
+ $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
+ $(OPENSSL_PATH)/crypto/bio/bss_bio.c
+ $(OPENSSL_PATH)/crypto/bio/bss_conn.c
+ $(OPENSSL_PATH)/crypto/bio/bss_dgram.c
+ $(OPENSSL_PATH)/crypto/bio/bss_fd.c
+ $(OPENSSL_PATH)/crypto/bio/bss_file.c
+ $(OPENSSL_PATH)/crypto/bio/bss_log.c
+ $(OPENSSL_PATH)/crypto/bio/bss_mem.c
+ $(OPENSSL_PATH)/crypto/bio/bss_null.c
+ $(OPENSSL_PATH)/crypto/bio/bss_sock.c
+ $(OPENSSL_PATH)/crypto/bn/bn_add.c
+ $(OPENSSL_PATH)/crypto/bn/bn_asm.c
+ $(OPENSSL_PATH)/crypto/bn/bn_blind.c
+ $(OPENSSL_PATH)/crypto/bn/bn_const.c
+ $(OPENSSL_PATH)/crypto/bn/bn_ctx.c
+ $(OPENSSL_PATH)/crypto/bn/bn_depr.c
+ $(OPENSSL_PATH)/crypto/bn/bn_dh.c
+ $(OPENSSL_PATH)/crypto/bn/bn_div.c
+ $(OPENSSL_PATH)/crypto/bn/bn_err.c
+ $(OPENSSL_PATH)/crypto/bn/bn_exp.c
+ $(OPENSSL_PATH)/crypto/bn/bn_exp2.c
+ $(OPENSSL_PATH)/crypto/bn/bn_gcd.c
+ $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c
+ $(OPENSSL_PATH)/crypto/bn/bn_intern.c
+ $(OPENSSL_PATH)/crypto/bn/bn_kron.c
+ $(OPENSSL_PATH)/crypto/bn/bn_lib.c
+ $(OPENSSL_PATH)/crypto/bn/bn_mod.c
+ $(OPENSSL_PATH)/crypto/bn/bn_mont.c
+ $(OPENSSL_PATH)/crypto/bn/bn_mpi.c
+ $(OPENSSL_PATH)/crypto/bn/bn_mul.c
+ $(OPENSSL_PATH)/crypto/bn/bn_nist.c
+ $(OPENSSL_PATH)/crypto/bn/bn_prime.c
+ $(OPENSSL_PATH)/crypto/bn/bn_print.c
+ $(OPENSSL_PATH)/crypto/bn/bn_rand.c
+ $(OPENSSL_PATH)/crypto/bn/bn_recp.c
+ $(OPENSSL_PATH)/crypto/bn/bn_shift.c
+ $(OPENSSL_PATH)/crypto/bn/bn_sqr.c
+ $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c
+ $(OPENSSL_PATH)/crypto/bn/bn_srp.c
+ $(OPENSSL_PATH)/crypto/bn/bn_word.c
+ $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
+ $(OPENSSL_PATH)/crypto/buffer/buf_err.c
+ $(OPENSSL_PATH)/crypto/buffer/buffer.c
+ $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
+ $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
+ $(OPENSSL_PATH)/crypto/cmac/cmac.c
+ $(OPENSSL_PATH)/crypto/comp/c_zlib.c
+ $(OPENSSL_PATH)/crypto/comp/comp_err.c
+ $(OPENSSL_PATH)/crypto/comp/comp_lib.c
+ $(OPENSSL_PATH)/crypto/conf/conf_api.c
+ $(OPENSSL_PATH)/crypto/conf/conf_def.c
+ $(OPENSSL_PATH)/crypto/conf/conf_err.c
+ $(OPENSSL_PATH)/crypto/conf/conf_lib.c
+ $(OPENSSL_PATH)/crypto/conf/conf_mall.c
+ $(OPENSSL_PATH)/crypto/conf/conf_mod.c
+ $(OPENSSL_PATH)/crypto/conf/conf_sap.c
+ $(OPENSSL_PATH)/crypto/cpt_err.c
$(OPENSSL_PATH)/crypto/cryptlib.c
- $(OPENSSL_PATH)/crypto/mem.c
- $(OPENSSL_PATH)/crypto/mem_clr.c
- $(OPENSSL_PATH)/crypto/mem_dbg.c
$(OPENSSL_PATH)/crypto/cversion.c
- $(OPENSSL_PATH)/crypto/ex_data.c
- $(OPENSSL_PATH)/crypto/cpt_err.c
- $(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/uid.c
- $(OPENSSL_PATH)/crypto/o_time.c
- $(OPENSSL_PATH)/crypto/o_str.c
- $(OPENSSL_PATH)/crypto/o_dir.c
- $(OPENSSL_PATH)/crypto/o_fips.c
- $(OPENSSL_PATH)/crypto/o_init.c
- $(OPENSSL_PATH)/crypto/fips_ers.c
- $(OPENSSL_PATH)/crypto/objects/o_names.c
- $(OPENSSL_PATH)/crypto/objects/obj_dat.c
- $(OPENSSL_PATH)/crypto/objects/obj_lib.c
- $(OPENSSL_PATH)/crypto/objects/obj_err.c
- $(OPENSSL_PATH)/crypto/objects/obj_xref.c
- $(OPENSSL_PATH)/crypto/md4/md4_dgst.c
- $(OPENSSL_PATH)/crypto/md4/md4_one.c
- $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
- $(OPENSSL_PATH)/crypto/md5/md5_one.c
- $(OPENSSL_PATH)/crypto/sha/sha_dgst.c
- $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
- $(OPENSSL_PATH)/crypto/sha/sha_one.c
- $(OPENSSL_PATH)/crypto/sha/sha1_one.c
- $(OPENSSL_PATH)/crypto/sha/sha256.c
- $(OPENSSL_PATH)/crypto/sha/sha512.c
- $(OPENSSL_PATH)/crypto/hmac/hmac.c
- $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
- $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
$(OPENSSL_PATH)/crypto/des/cbc_cksm.c
$(OPENSSL_PATH)/crypto/des/cbc_enc.c
+ $(OPENSSL_PATH)/crypto/des/cfb64ede.c
$(OPENSSL_PATH)/crypto/des/cfb64enc.c
$(OPENSSL_PATH)/crypto/des/cfb_enc.c
+ $(OPENSSL_PATH)/crypto/des/des_enc.c
$(OPENSSL_PATH)/crypto/des/ecb3_enc.c
$(OPENSSL_PATH)/crypto/des/ecb_enc.c
- $(OPENSSL_PATH)/crypto/des/enc_read.c
- $(OPENSSL_PATH)/crypto/des/enc_writ.c
$(OPENSSL_PATH)/crypto/des/fcrypt.c
+ $(OPENSSL_PATH)/crypto/des/fcrypt_b.c
+ $(OPENSSL_PATH)/crypto/des/ofb64ede.c
$(OPENSSL_PATH)/crypto/des/ofb64enc.c
$(OPENSSL_PATH)/crypto/des/ofb_enc.c
$(OPENSSL_PATH)/crypto/des/pcbc_enc.c
@@ -79,452 +195,326 @@
$(OPENSSL_PATH)/crypto/des/rand_key.c
$(OPENSSL_PATH)/crypto/des/rpc_enc.c
$(OPENSSL_PATH)/crypto/des/set_key.c
- $(OPENSSL_PATH)/crypto/des/des_enc.c
- $(OPENSSL_PATH)/crypto/des/fcrypt_b.c
- $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
$(OPENSSL_PATH)/crypto/des/str2key.c
- $(OPENSSL_PATH)/crypto/des/cfb64ede.c
- $(OPENSSL_PATH)/crypto/des/ofb64ede.c
- $(OPENSSL_PATH)/crypto/des/ede_cbcm_enc.c
- $(OPENSSL_PATH)/crypto/des/des_old.c
- $(OPENSSL_PATH)/crypto/des/des_old2.c
- $(OPENSSL_PATH)/crypto/des/read2pwd.c
- $(OPENSSL_PATH)/crypto/aes/aes_core.c
- $(OPENSSL_PATH)/crypto/aes/aes_misc.c
- $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
- $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
- $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
- $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
- $(OPENSSL_PATH)/crypto/aes/aes_ctr.c
- $(OPENSSL_PATH)/crypto/aes/aes_ige.c
- $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_utl.c
- $(OPENSSL_PATH)/crypto/modes/cbc128.c
- $(OPENSSL_PATH)/crypto/modes/ctr128.c
- $(OPENSSL_PATH)/crypto/modes/cts128.c
- $(OPENSSL_PATH)/crypto/modes/cfb128.c
- $(OPENSSL_PATH)/crypto/modes/ofb128.c
- $(OPENSSL_PATH)/crypto/modes/gcm128.c
- $(OPENSSL_PATH)/crypto/modes/ccm128.c
- $(OPENSSL_PATH)/crypto/modes/xts128.c
- $(OPENSSL_PATH)/crypto/modes/wrap128.c
- $(OPENSSL_PATH)/crypto/bn/bn_add.c
- $(OPENSSL_PATH)/crypto/bn/bn_div.c
- $(OPENSSL_PATH)/crypto/bn/bn_exp.c
- $(OPENSSL_PATH)/crypto/bn/bn_lib.c
- $(OPENSSL_PATH)/crypto/bn/bn_ctx.c
- $(OPENSSL_PATH)/crypto/bn/bn_mul.c
- $(OPENSSL_PATH)/crypto/bn/bn_mod.c
- $(OPENSSL_PATH)/crypto/bn/bn_print.c
- $(OPENSSL_PATH)/crypto/bn/bn_rand.c
- $(OPENSSL_PATH)/crypto/bn/bn_shift.c
- $(OPENSSL_PATH)/crypto/bn/bn_word.c
- $(OPENSSL_PATH)/crypto/bn/bn_blind.c
- $(OPENSSL_PATH)/crypto/bn/bn_kron.c
- $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c
- $(OPENSSL_PATH)/crypto/bn/bn_gcd.c
- $(OPENSSL_PATH)/crypto/bn/bn_prime.c
- $(OPENSSL_PATH)/crypto/bn/bn_err.c
- $(OPENSSL_PATH)/crypto/bn/bn_sqr.c
- $(OPENSSL_PATH)/crypto/bn/bn_asm.c
- $(OPENSSL_PATH)/crypto/bn/bn_recp.c
- $(OPENSSL_PATH)/crypto/bn/bn_mont.c
- $(OPENSSL_PATH)/crypto/bn/bn_mpi.c
- $(OPENSSL_PATH)/crypto/bn/bn_exp2.c
- $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c
- $(OPENSSL_PATH)/crypto/bn/bn_nist.c
- $(OPENSSL_PATH)/crypto/bn/bn_depr.c
- $(OPENSSL_PATH)/crypto/bn/bn_const.c
- $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_eay.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_err.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_none.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_null.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c
+ $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
+ $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
+ $(OPENSSL_PATH)/crypto/dh/dh_check.c
+ $(OPENSSL_PATH)/crypto/dh/dh_depr.c
+ $(OPENSSL_PATH)/crypto/dh/dh_err.c
$(OPENSSL_PATH)/crypto/dh/dh_gen.c
+ $(OPENSSL_PATH)/crypto/dh/dh_kdf.c
$(OPENSSL_PATH)/crypto/dh/dh_key.c
$(OPENSSL_PATH)/crypto/dh/dh_lib.c
- $(OPENSSL_PATH)/crypto/dh/dh_check.c
- $(OPENSSL_PATH)/crypto/dh/dh_err.c
- $(OPENSSL_PATH)/crypto/dh/dh_depr.c
- $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
+ $(OPENSSL_PATH)/crypto/dh/dh_meth.c
$(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
$(OPENSSL_PATH)/crypto/dh/dh_prn.c
$(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
- $(OPENSSL_PATH)/crypto/dh/dh_kdf.c
$(OPENSSL_PATH)/crypto/dso/dso_dl.c
$(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
$(OPENSSL_PATH)/crypto/dso/dso_err.c
$(OPENSSL_PATH)/crypto/dso/dso_lib.c
- $(OPENSSL_PATH)/crypto/dso/dso_null.c
$(OPENSSL_PATH)/crypto/dso/dso_openssl.c
- $(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
- $(OPENSSL_PATH)/crypto/dso/dso_beos.c
- $(OPENSSL_PATH)/crypto/buffer/buffer.c
- $(OPENSSL_PATH)/crypto/buffer/buf_str.c
- $(OPENSSL_PATH)/crypto/buffer/buf_err.c
- $(OPENSSL_PATH)/crypto/bio/bio_lib.c
- $(OPENSSL_PATH)/crypto/bio/bio_cb.c
- $(OPENSSL_PATH)/crypto/bio/bio_err.c
- $(OPENSSL_PATH)/crypto/bio/bss_mem.c
- $(OPENSSL_PATH)/crypto/bio/bss_null.c
- $(OPENSSL_PATH)/crypto/bio/bss_fd.c
- $(OPENSSL_PATH)/crypto/bio/bss_file.c
- $(OPENSSL_PATH)/crypto/bio/bss_sock.c
- $(OPENSSL_PATH)/crypto/bio/bss_conn.c
- $(OPENSSL_PATH)/crypto/bio/bf_null.c
- $(OPENSSL_PATH)/crypto/bio/bf_buff.c
- $(OPENSSL_PATH)/crypto/bio/b_dump.c
- $(OPENSSL_PATH)/crypto/bio/b_sock.c
- $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
- $(OPENSSL_PATH)/crypto/bio/bf_nbio.c
- $(OPENSSL_PATH)/crypto/bio/bss_log.c
- $(OPENSSL_PATH)/crypto/bio/bss_bio.c
- $(OPENSSL_PATH)/crypto/bio/bss_dgram.c
- $(OPENSSL_PATH)/crypto/stack/stack.c
- $(OPENSSL_PATH)/crypto/lhash/lhash.c
- $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
- $(OPENSSL_PATH)/crypto/rand/md_rand.c
- $(OPENSSL_PATH)/crypto/rand/randfile.c
- $(OPENSSL_PATH)/crypto/rand/rand_lib.c
- $(OPENSSL_PATH)/crypto/rand/rand_err.c
- $(OPENSSL_PATH)/crypto/rand/rand_egd.c
- $(OPENSSL_PATH)/crypto/rand/rand_win.c
- $(OPENSSL_PATH)/crypto/rand/rand_unix.c
- $(OPENSSL_PATH)/crypto/rand/rand_os2.c
- $(OPENSSL_PATH)/crypto/rand/rand_nw.c
+ $(OPENSSL_PATH)/crypto/dso/dso_win32.c
+ $(OPENSSL_PATH)/crypto/ebcdic.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_all.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
- $(OPENSSL_PATH)/crypto/evp/encode.c
+ $(OPENSSL_PATH)/crypto/evp/bio_b64.c
+ $(OPENSSL_PATH)/crypto/evp/bio_enc.c
+ $(OPENSSL_PATH)/crypto/evp/bio_md.c
+ $(OPENSSL_PATH)/crypto/evp/bio_ok.c
+ $(OPENSSL_PATH)/crypto/evp/c_allc.c
+ $(OPENSSL_PATH)/crypto/evp/c_alld.c
+ $(OPENSSL_PATH)/crypto/evp/cmeth_lib.c
$(OPENSSL_PATH)/crypto/evp/digest.c
- $(OPENSSL_PATH)/crypto/evp/evp_enc.c
- $(OPENSSL_PATH)/crypto/evp/evp_key.c
- $(OPENSSL_PATH)/crypto/evp/evp_acnf.c
- $(OPENSSL_PATH)/crypto/evp/evp_cnf.c
- $(OPENSSL_PATH)/crypto/evp/e_des.c
+ $(OPENSSL_PATH)/crypto/evp/e_aes.c
+ $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
+ $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
$(OPENSSL_PATH)/crypto/evp/e_bf.c
- $(OPENSSL_PATH)/crypto/evp/e_idea.c
- $(OPENSSL_PATH)/crypto/evp/e_des3.c
$(OPENSSL_PATH)/crypto/evp/e_camellia.c
+ $(OPENSSL_PATH)/crypto/evp/e_cast.c
+ $(OPENSSL_PATH)/crypto/evp/e_chacha20_poly1305.c
+ $(OPENSSL_PATH)/crypto/evp/e_des.c
+ $(OPENSSL_PATH)/crypto/evp/e_des3.c
+ $(OPENSSL_PATH)/crypto/evp/e_idea.c
+ $(OPENSSL_PATH)/crypto/evp/e_null.c
+ $(OPENSSL_PATH)/crypto/evp/e_old.c
+ $(OPENSSL_PATH)/crypto/evp/e_rc2.c
$(OPENSSL_PATH)/crypto/evp/e_rc4.c
- $(OPENSSL_PATH)/crypto/evp/e_aes.c
- $(OPENSSL_PATH)/crypto/evp/names.c
+ $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
+ $(OPENSSL_PATH)/crypto/evp/e_rc5.c
$(OPENSSL_PATH)/crypto/evp/e_seed.c
$(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
- $(OPENSSL_PATH)/crypto/evp/e_rc2.c
- $(OPENSSL_PATH)/crypto/evp/e_cast.c
- $(OPENSSL_PATH)/crypto/evp/e_rc5.c
- $(OPENSSL_PATH)/crypto/evp/m_null.c
+ $(OPENSSL_PATH)/crypto/evp/encode.c
+ $(OPENSSL_PATH)/crypto/evp/evp_cnf.c
+ $(OPENSSL_PATH)/crypto/evp/evp_enc.c
+ $(OPENSSL_PATH)/crypto/evp/evp_err.c
+ $(OPENSSL_PATH)/crypto/evp/evp_key.c
+ $(OPENSSL_PATH)/crypto/evp/evp_lib.c
+ $(OPENSSL_PATH)/crypto/evp/evp_pbe.c
+ $(OPENSSL_PATH)/crypto/evp/evp_pkey.c
$(OPENSSL_PATH)/crypto/evp/m_md2.c
$(OPENSSL_PATH)/crypto/evp/m_md4.c
$(OPENSSL_PATH)/crypto/evp/m_md5.c
- $(OPENSSL_PATH)/crypto/evp/m_sha.c
- $(OPENSSL_PATH)/crypto/evp/m_sha1.c
- $(OPENSSL_PATH)/crypto/evp/m_wp.c
- $(OPENSSL_PATH)/crypto/evp/m_dss.c
- $(OPENSSL_PATH)/crypto/evp/m_dss1.c
+ $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c
$(OPENSSL_PATH)/crypto/evp/m_mdc2.c
+ $(OPENSSL_PATH)/crypto/evp/m_null.c
$(OPENSSL_PATH)/crypto/evp/m_ripemd.c
- $(OPENSSL_PATH)/crypto/evp/m_ecdsa.c
+ $(OPENSSL_PATH)/crypto/evp/m_sha1.c
+ $(OPENSSL_PATH)/crypto/evp/m_sigver.c
+ $(OPENSSL_PATH)/crypto/evp/m_wp.c
+ $(OPENSSL_PATH)/crypto/evp/names.c
+ $(OPENSSL_PATH)/crypto/evp/p5_crpt.c
+ $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
+ $(OPENSSL_PATH)/crypto/evp/p_dec.c
+ $(OPENSSL_PATH)/crypto/evp/p_enc.c
+ $(OPENSSL_PATH)/crypto/evp/p_lib.c
$(OPENSSL_PATH)/crypto/evp/p_open.c
$(OPENSSL_PATH)/crypto/evp/p_seal.c
$(OPENSSL_PATH)/crypto/evp/p_sign.c
$(OPENSSL_PATH)/crypto/evp/p_verify.c
- $(OPENSSL_PATH)/crypto/evp/p_lib.c
- $(OPENSSL_PATH)/crypto/evp/p_enc.c
- $(OPENSSL_PATH)/crypto/evp/p_dec.c
- $(OPENSSL_PATH)/crypto/evp/bio_md.c
- $(OPENSSL_PATH)/crypto/evp/bio_b64.c
- $(OPENSSL_PATH)/crypto/evp/bio_enc.c
- $(OPENSSL_PATH)/crypto/evp/evp_err.c
- $(OPENSSL_PATH)/crypto/evp/e_null.c
- $(OPENSSL_PATH)/crypto/evp/c_all.c
- $(OPENSSL_PATH)/crypto/evp/c_allc.c
- $(OPENSSL_PATH)/crypto/evp/c_alld.c
- $(OPENSSL_PATH)/crypto/evp/evp_lib.c
- $(OPENSSL_PATH)/crypto/evp/bio_ok.c
- $(OPENSSL_PATH)/crypto/evp/evp_pkey.c
- $(OPENSSL_PATH)/crypto/evp/evp_pbe.c
- $(OPENSSL_PATH)/crypto/evp/p5_crpt.c
- $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
- $(OPENSSL_PATH)/crypto/evp/e_old.c
- $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
$(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
$(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
- $(OPENSSL_PATH)/crypto/evp/m_sigver.c
- $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
- $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
- $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
- $(OPENSSL_PATH)/crypto/asn1/a_object.c
- $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
- $(OPENSSL_PATH)/crypto/asn1/a_utctm.c
- $(OPENSSL_PATH)/crypto/asn1/a_gentm.c
- $(OPENSSL_PATH)/crypto/asn1/a_time.c
- $(OPENSSL_PATH)/crypto/asn1/a_int.c
- $(OPENSSL_PATH)/crypto/asn1/a_octet.c
- $(OPENSSL_PATH)/crypto/asn1/a_print.c
- $(OPENSSL_PATH)/crypto/asn1/a_type.c
- $(OPENSSL_PATH)/crypto/asn1/a_set.c
- $(OPENSSL_PATH)/crypto/asn1/a_dup.c
- $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
- $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c
- $(OPENSSL_PATH)/crypto/asn1/a_enum.c
- $(OPENSSL_PATH)/crypto/asn1/a_utf8.c
- $(OPENSSL_PATH)/crypto/asn1/a_sign.c
- $(OPENSSL_PATH)/crypto/asn1/a_digest.c
- $(OPENSSL_PATH)/crypto/asn1/a_verify.c
- $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c
- $(OPENSSL_PATH)/crypto/asn1/a_strex.c
- $(OPENSSL_PATH)/crypto/asn1/x_algor.c
- $(OPENSSL_PATH)/crypto/asn1/x_val.c
- $(OPENSSL_PATH)/crypto/asn1/x_pubkey.c
- $(OPENSSL_PATH)/crypto/asn1/x_sig.c
- $(OPENSSL_PATH)/crypto/asn1/x_req.c
- $(OPENSSL_PATH)/crypto/asn1/x_attrib.c
- $(OPENSSL_PATH)/crypto/asn1/x_bignum.c
- $(OPENSSL_PATH)/crypto/asn1/x_long.c
- $(OPENSSL_PATH)/crypto/asn1/x_name.c
- $(OPENSSL_PATH)/crypto/asn1/x_x509.c
- $(OPENSSL_PATH)/crypto/asn1/x_x509a.c
- $(OPENSSL_PATH)/crypto/asn1/x_crl.c
- $(OPENSSL_PATH)/crypto/asn1/x_info.c
- $(OPENSSL_PATH)/crypto/asn1/x_spki.c
- $(OPENSSL_PATH)/crypto/asn1/nsseq.c
- $(OPENSSL_PATH)/crypto/asn1/x_nx509.c
- $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
- $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
- $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c
- $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c
- $(OPENSSL_PATH)/crypto/asn1/t_req.c
- $(OPENSSL_PATH)/crypto/asn1/t_x509.c
- $(OPENSSL_PATH)/crypto/asn1/t_x509a.c
- $(OPENSSL_PATH)/crypto/asn1/t_crl.c
- $(OPENSSL_PATH)/crypto/asn1/t_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/t_spki.c
- $(OPENSSL_PATH)/crypto/asn1/t_bitst.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_new.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
- $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
- $(OPENSSL_PATH)/crypto/asn1/f_int.c
- $(OPENSSL_PATH)/crypto/asn1/f_string.c
- $(OPENSSL_PATH)/crypto/asn1/n_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/f_enum.c
- $(OPENSSL_PATH)/crypto/asn1/x_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/a_bool.c
- $(OPENSSL_PATH)/crypto/asn1/x_exten.c
- $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
- $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
- $(OPENSSL_PATH)/crypto/asn1/asn_mime.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_par.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_err.c
- $(OPENSSL_PATH)/crypto/asn1/a_bytes.c
- $(OPENSSL_PATH)/crypto/asn1/a_strnid.c
- $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c
- $(OPENSSL_PATH)/crypto/asn1/asn_pack.c
- $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c
- $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c
- $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/asn_moid.c
- $(OPENSSL_PATH)/crypto/pem/pem_sign.c
- $(OPENSSL_PATH)/crypto/pem/pem_seal.c
- $(OPENSSL_PATH)/crypto/pem/pem_info.c
- $(OPENSSL_PATH)/crypto/pem/pem_lib.c
+ $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
+ $(OPENSSL_PATH)/crypto/evp/scrypt.c
+ $(OPENSSL_PATH)/crypto/ex_data.c
+ $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
+ $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
+ $(OPENSSL_PATH)/crypto/hmac/hmac.c
+ $(OPENSSL_PATH)/crypto/init.c
+ $(OPENSSL_PATH)/crypto/kdf/hkdf.c
+ $(OPENSSL_PATH)/crypto/kdf/kdf_err.c
+ $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
+ $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
+ $(OPENSSL_PATH)/crypto/lhash/lhash.c
+ $(OPENSSL_PATH)/crypto/md4/md4_dgst.c
+ $(OPENSSL_PATH)/crypto/md4/md4_one.c
+ $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
+ $(OPENSSL_PATH)/crypto/md5/md5_one.c
+ $(OPENSSL_PATH)/crypto/mem.c
+ $(OPENSSL_PATH)/crypto/mem_clr.c
+ $(OPENSSL_PATH)/crypto/mem_dbg.c
+ $(OPENSSL_PATH)/crypto/mem_sec.c
+ $(OPENSSL_PATH)/crypto/modes/cbc128.c
+ $(OPENSSL_PATH)/crypto/modes/ccm128.c
+ $(OPENSSL_PATH)/crypto/modes/cfb128.c
+ $(OPENSSL_PATH)/crypto/modes/ctr128.c
+ $(OPENSSL_PATH)/crypto/modes/cts128.c
+ $(OPENSSL_PATH)/crypto/modes/gcm128.c
+ $(OPENSSL_PATH)/crypto/modes/ocb128.c
+ $(OPENSSL_PATH)/crypto/modes/ofb128.c
+ $(OPENSSL_PATH)/crypto/modes/wrap128.c
+ $(OPENSSL_PATH)/crypto/modes/xts128.c
+ $(OPENSSL_PATH)/crypto/o_dir.c
+ $(OPENSSL_PATH)/crypto/o_fips.c
+ $(OPENSSL_PATH)/crypto/o_fopen.c
+ $(OPENSSL_PATH)/crypto/o_init.c
+ $(OPENSSL_PATH)/crypto/o_str.c
+ $(OPENSSL_PATH)/crypto/o_time.c
+ $(OPENSSL_PATH)/crypto/objects/o_names.c
+ $(OPENSSL_PATH)/crypto/objects/obj_dat.c
+ $(OPENSSL_PATH)/crypto/objects/obj_err.c
+ $(OPENSSL_PATH)/crypto/objects/obj_lib.c
+ $(OPENSSL_PATH)/crypto/objects/obj_xref.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
+ $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
$(OPENSSL_PATH)/crypto/pem/pem_all.c
$(OPENSSL_PATH)/crypto/pem/pem_err.c
- $(OPENSSL_PATH)/crypto/pem/pem_x509.c
- $(OPENSSL_PATH)/crypto/pem/pem_xaux.c
+ $(OPENSSL_PATH)/crypto/pem/pem_info.c
+ $(OPENSSL_PATH)/crypto/pem/pem_lib.c
$(OPENSSL_PATH)/crypto/pem/pem_oth.c
$(OPENSSL_PATH)/crypto/pem/pem_pk8.c
$(OPENSSL_PATH)/crypto/pem/pem_pkey.c
+ $(OPENSSL_PATH)/crypto/pem/pem_sign.c
+ $(OPENSSL_PATH)/crypto/pem/pem_x509.c
+ $(OPENSSL_PATH)/crypto/pem/pem_xaux.c
$(OPENSSL_PATH)/crypto/pem/pvkfmt.c
- $(OPENSSL_PATH)/crypto/x509/x509_def.c
- $(OPENSSL_PATH)/crypto/x509/x509_d2.c
- $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
+ $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
+ $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c
+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
+ $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
+ $(OPENSSL_PATH)/crypto/rand/md_rand.c
+ $(OPENSSL_PATH)/crypto/rand/rand_egd.c
+ $(OPENSSL_PATH)/crypto/rand/rand_err.c
+ $(OPENSSL_PATH)/crypto/rand/rand_lib.c
+ $(OPENSSL_PATH)/crypto/rand/rand_unix.c
+ $(OPENSSL_PATH)/crypto/rand/rand_vms.c
+ $(OPENSSL_PATH)/crypto/rand/rand_win.c
+ $(OPENSSL_PATH)/crypto/rand/randfile.c
+ $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
+ $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_err.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_none.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_null.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
+ $(OPENSSL_PATH)/crypto/sha/sha1_one.c
+ $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
+ $(OPENSSL_PATH)/crypto/sha/sha256.c
+ $(OPENSSL_PATH)/crypto/sha/sha512.c
+ $(OPENSSL_PATH)/crypto/stack/stack.c
+ $(OPENSSL_PATH)/crypto/threads_none.c
+ $(OPENSSL_PATH)/crypto/threads_pthread.c
+ $(OPENSSL_PATH)/crypto/threads_win.c
+ $(OPENSSL_PATH)/crypto/txt_db/txt_db.c
+ $(OPENSSL_PATH)/crypto/uid.c
+ $(OPENSSL_PATH)/crypto/x509/by_dir.c
+ $(OPENSSL_PATH)/crypto/x509/by_file.c
+ $(OPENSSL_PATH)/crypto/x509/t_crl.c
+ $(OPENSSL_PATH)/crypto/x509/t_req.c
+ $(OPENSSL_PATH)/crypto/x509/t_x509.c
+ $(OPENSSL_PATH)/crypto/x509/x509_att.c
$(OPENSSL_PATH)/crypto/x509/x509_cmp.c
+ $(OPENSSL_PATH)/crypto/x509/x509_d2.c
+ $(OPENSSL_PATH)/crypto/x509/x509_def.c
+ $(OPENSSL_PATH)/crypto/x509/x509_err.c
+ $(OPENSSL_PATH)/crypto/x509/x509_ext.c
+ $(OPENSSL_PATH)/crypto/x509/x509_lu.c
$(OPENSSL_PATH)/crypto/x509/x509_obj.c
+ $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
$(OPENSSL_PATH)/crypto/x509/x509_req.c
- $(OPENSSL_PATH)/crypto/x509/x509spki.c
- $(OPENSSL_PATH)/crypto/x509/x509_vfy.c
$(OPENSSL_PATH)/crypto/x509/x509_set.c
+ $(OPENSSL_PATH)/crypto/x509/x509_trs.c
+ $(OPENSSL_PATH)/crypto/x509/x509_txt.c
+ $(OPENSSL_PATH)/crypto/x509/x509_v3.c
+ $(OPENSSL_PATH)/crypto/x509/x509_vfy.c
+ $(OPENSSL_PATH)/crypto/x509/x509_vpm.c
$(OPENSSL_PATH)/crypto/x509/x509cset.c
- $(OPENSSL_PATH)/crypto/x509/x509rset.c
- $(OPENSSL_PATH)/crypto/x509/x509_err.c
$(OPENSSL_PATH)/crypto/x509/x509name.c
- $(OPENSSL_PATH)/crypto/x509/x509_v3.c
- $(OPENSSL_PATH)/crypto/x509/x509_ext.c
- $(OPENSSL_PATH)/crypto/x509/x509_att.c
+ $(OPENSSL_PATH)/crypto/x509/x509rset.c
+ $(OPENSSL_PATH)/crypto/x509/x509spki.c
$(OPENSSL_PATH)/crypto/x509/x509type.c
- $(OPENSSL_PATH)/crypto/x509/x509_lu.c
$(OPENSSL_PATH)/crypto/x509/x_all.c
- $(OPENSSL_PATH)/crypto/x509/x509_txt.c
- $(OPENSSL_PATH)/crypto/x509/x509_trs.c
- $(OPENSSL_PATH)/crypto/x509/by_file.c
- $(OPENSSL_PATH)/crypto/x509/by_dir.c
- $(OPENSSL_PATH)/crypto/x509/x509_vpm.c
+ $(OPENSSL_PATH)/crypto/x509/x_attrib.c
+ $(OPENSSL_PATH)/crypto/x509/x_crl.c
+ $(OPENSSL_PATH)/crypto/x509/x_exten.c
+ $(OPENSSL_PATH)/crypto/x509/x_name.c
+ $(OPENSSL_PATH)/crypto/x509/x_pubkey.c
+ $(OPENSSL_PATH)/crypto/x509/x_req.c
+ $(OPENSSL_PATH)/crypto/x509/x_x509.c
+ $(OPENSSL_PATH)/crypto/x509/x_x509a.c
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
$(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c
$(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c
$(OPENSSL_PATH)/crypto/x509v3/v3_conf.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c
$(OPENSSL_PATH)/crypto/x509v3/v3_extku.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c
$(OPENSSL_PATH)/crypto/x509v3/v3_ia5.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_info.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_int.c
$(OPENSSL_PATH)/crypto/x509v3/v3_lib.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c
$(OPENSSL_PATH)/crypto/x509v3/v3_prn.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
- $(OPENSSL_PATH)/crypto/x509v3/v3err.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c
$(OPENSSL_PATH)/crypto/x509v3/v3_skey.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_int.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c
$(OPENSSL_PATH)/crypto/x509v3/v3_sxnet.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_info.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_ocsp.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_scts.c
- $(OPENSSL_PATH)/crypto/conf/conf_err.c
- $(OPENSSL_PATH)/crypto/conf/conf_lib.c
- $(OPENSSL_PATH)/crypto/conf/conf_api.c
- $(OPENSSL_PATH)/crypto/conf/conf_def.c
- $(OPENSSL_PATH)/crypto/conf/conf_mod.c
- $(OPENSSL_PATH)/crypto/conf/conf_mall.c
- $(OPENSSL_PATH)/crypto/conf/conf_sap.c
- $(OPENSSL_PATH)/crypto/txt_db/txt_db.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
- $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
- $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c
- $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
- $(OPENSSL_PATH)/crypto/comp/comp_lib.c
- $(OPENSSL_PATH)/crypto/comp/comp_err.c
- $(OPENSSL_PATH)/crypto/comp/c_rle.c
- $(OPENSSL_PATH)/crypto/comp/c_zlib.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
- $(OPENSSL_PATH)/crypto/krb5/krb5_asn.c
- $(OPENSSL_PATH)/crypto/pqueue/pqueue.c
- $(OPENSSL_PATH)/crypto/cmac/cmac.c
- $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
- $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
- $(OPENSSL_PATH)/ssl/s2_meth.c
- $(OPENSSL_PATH)/ssl/s2_srvr.c
- $(OPENSSL_PATH)/ssl/s2_clnt.c
- $(OPENSSL_PATH)/ssl/s2_lib.c
- $(OPENSSL_PATH)/ssl/s2_enc.c
- $(OPENSSL_PATH)/ssl/s2_pkt.c
- $(OPENSSL_PATH)/ssl/s3_meth.c
- $(OPENSSL_PATH)/ssl/s3_srvr.c
- $(OPENSSL_PATH)/ssl/s3_clnt.c
- $(OPENSSL_PATH)/ssl/s3_lib.c
- $(OPENSSL_PATH)/ssl/s3_enc.c
- $(OPENSSL_PATH)/ssl/s3_pkt.c
- $(OPENSSL_PATH)/ssl/s3_both.c
- $(OPENSSL_PATH)/ssl/s3_cbc.c
- $(OPENSSL_PATH)/ssl/s23_meth.c
- $(OPENSSL_PATH)/ssl/s23_srvr.c
- $(OPENSSL_PATH)/ssl/s23_clnt.c
- $(OPENSSL_PATH)/ssl/s23_lib.c
- $(OPENSSL_PATH)/ssl/s23_pkt.c
- $(OPENSSL_PATH)/ssl/t1_meth.c
- $(OPENSSL_PATH)/ssl/t1_srvr.c
- $(OPENSSL_PATH)/ssl/t1_clnt.c
- $(OPENSSL_PATH)/ssl/t1_lib.c
- $(OPENSSL_PATH)/ssl/t1_enc.c
- $(OPENSSL_PATH)/ssl/t1_ext.c
- $(OPENSSL_PATH)/ssl/d1_meth.c
- $(OPENSSL_PATH)/ssl/d1_srvr.c
- $(OPENSSL_PATH)/ssl/d1_clnt.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3err.c
+ $(OPENSSL_PATH)/ssl/bio_ssl.c
$(OPENSSL_PATH)/ssl/d1_lib.c
- $(OPENSSL_PATH)/ssl/d1_pkt.c
- $(OPENSSL_PATH)/ssl/d1_both.c
+ $(OPENSSL_PATH)/ssl/d1_msg.c
$(OPENSSL_PATH)/ssl/d1_srtp.c
- $(OPENSSL_PATH)/ssl/ssl_lib.c
- $(OPENSSL_PATH)/ssl/ssl_err2.c
+ $(OPENSSL_PATH)/ssl/methods.c
+ $(OPENSSL_PATH)/ssl/pqueue.c
+ $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c
+ $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c
+ $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c
+ $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c
+ $(OPENSSL_PATH)/ssl/record/ssl3_record.c
+ $(OPENSSL_PATH)/ssl/s3_cbc.c
+ $(OPENSSL_PATH)/ssl/s3_enc.c
+ $(OPENSSL_PATH)/ssl/s3_lib.c
+ $(OPENSSL_PATH)/ssl/s3_msg.c
+ $(OPENSSL_PATH)/ssl/ssl_asn1.c
$(OPENSSL_PATH)/ssl/ssl_cert.c
- $(OPENSSL_PATH)/ssl/ssl_sess.c
$(OPENSSL_PATH)/ssl/ssl_ciph.c
- $(OPENSSL_PATH)/ssl/ssl_stat.c
- $(OPENSSL_PATH)/ssl/ssl_rsa.c
- $(OPENSSL_PATH)/ssl/ssl_asn1.c
- $(OPENSSL_PATH)/ssl/ssl_txt.c
- $(OPENSSL_PATH)/ssl/ssl_algs.c
$(OPENSSL_PATH)/ssl/ssl_conf.c
- $(OPENSSL_PATH)/ssl/bio_ssl.c
$(OPENSSL_PATH)/ssl/ssl_err.c
- $(OPENSSL_PATH)/ssl/kssl.c
+ $(OPENSSL_PATH)/ssl/ssl_init.c
+ $(OPENSSL_PATH)/ssl/ssl_lib.c
+ $(OPENSSL_PATH)/ssl/ssl_mcnf.c
+ $(OPENSSL_PATH)/ssl/ssl_rsa.c
+ $(OPENSSL_PATH)/ssl/ssl_sess.c
+ $(OPENSSL_PATH)/ssl/ssl_stat.c
+ $(OPENSSL_PATH)/ssl/ssl_txt.c
+ $(OPENSSL_PATH)/ssl/ssl_utst.c
+ $(OPENSSL_PATH)/ssl/statem/statem.c
+ $(OPENSSL_PATH)/ssl/statem/statem_clnt.c
+ $(OPENSSL_PATH)/ssl/statem/statem_dtls.c
+ $(OPENSSL_PATH)/ssl/statem/statem_lib.c
+ $(OPENSSL_PATH)/ssl/statem/statem_srvr.c
+ $(OPENSSL_PATH)/ssl/t1_enc.c
+ $(OPENSSL_PATH)/ssl/t1_ext.c
+ $(OPENSSL_PATH)/ssl/t1_lib.c
$(OPENSSL_PATH)/ssl/t1_reneg.c
- $(OPENSSL_PATH)/ssl/tls_srp.c
$(OPENSSL_PATH)/ssl/t1_trce.c
- $(OPENSSL_PATH)/ssl/ssl_utst.c
-
+ $(OPENSSL_PATH)/ssl/tls_srp.c
# Autogenerated files list ends here
[Packages]
@@ -539,31 +529,29 @@
[BuildOptions]
#
- # Disables the following Visual Studio compiler warnings brought by openssl source, so we do not break the build with /WX option:
- # C4244: conversion from type1 to type2, possible loss of data
- # C4702: unreachable code
- # C4706: assignment within conditional expression
- # C4133: incompatible types - from type1 to type2
- # C4245: conversion from type1 to type2, signed/unsigned mismatch
- # C4267: conversion from size_t to type, possible loss of data
- # C4305: truncation from type1 to type2 of smaller size
- # C4306: conversion from type1 to type2 of greater size
- # C4702: Potentially uninitialized local variable name used
- # C4311: pointer truncation from 'type' to 'type'
+ # Disables the following Visual Studio compiler warnings brought by openssl source,
+ # so we do not break the build with /WX option:
+ # C4090: 'function' : different 'const' qualifiers
+ # C4244: conversion from type1 to type2, possible loss of data
+ # C4245: conversion from type1 to type2, signed/unsigned mismatch
+ # C4267: conversion from size_t to type, possible loss of data
+ # C4389: 'operator' : signed/unsigned mismatch (xxxx)
+ # C4702: unreachable code
+ # C4706: assignment within conditional expression
#
- MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4244 /wd4245 /wd4267 /wd4701 /wd4702 /wd4706
- MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706 /wd4311
- MSFT:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706
+ MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4244 /wd4245 /wd4267 /wd4389 /wd4702 /wd4706
+ MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4244 /wd4245 /wd4267 /wd4389 /wd4702 /wd4706
+ MSFT:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4244 /wd4245 /wd4267 /wd4389 /wd4702 /wd4706
- INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
- INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
- INTEL:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
+ INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
+ INTEL:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
- GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w
- GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -DNO_MSABI_VA_FUNCS
- GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w
- GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -w
- GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -w
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -DNO_MSABI_VA_FUNCS
+ GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
+ GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS)
+ GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS)
# suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
# 1295: Deprecated declaration <entity> - give arg types
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index b788e0c013..cbbb456d70 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -1,5 +1,5 @@
## @file
-# This module provides openSSL Library implementation.
+# This module provides OpenSSL Library implementation.
#
# Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
@@ -20,8 +20,8 @@
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
- DEFINE OPENSSL_PATH = openssl-1.0.2k
- DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
+ DEFINE OPENSSL_PATH = openssl
+ DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DNO_SYSLOG
#
# VALID_ARCHITECTURES = IA32 X64 IPF ARM AARCH64
@@ -30,48 +30,164 @@
[Sources]
$(OPENSSL_PATH)/e_os.h
# Autogenerated files list starts here
+ $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
+ $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_core.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ige.c
+ $(OPENSSL_PATH)/crypto/aes/aes_misc.c
+ $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
+ $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
+ $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
+ $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
+ $(OPENSSL_PATH)/crypto/asn1/a_digest.c
+ $(OPENSSL_PATH)/crypto/asn1/a_dup.c
+ $(OPENSSL_PATH)/crypto/asn1/a_gentm.c
+ $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c
+ $(OPENSSL_PATH)/crypto/asn1/a_int.c
+ $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c
+ $(OPENSSL_PATH)/crypto/asn1/a_object.c
+ $(OPENSSL_PATH)/crypto/asn1/a_octet.c
+ $(OPENSSL_PATH)/crypto/asn1/a_print.c
+ $(OPENSSL_PATH)/crypto/asn1/a_sign.c
+ $(OPENSSL_PATH)/crypto/asn1/a_strex.c
+ $(OPENSSL_PATH)/crypto/asn1/a_strnid.c
+ $(OPENSSL_PATH)/crypto/asn1/a_time.c
+ $(OPENSSL_PATH)/crypto/asn1/a_type.c
+ $(OPENSSL_PATH)/crypto/asn1/a_utctm.c
+ $(OPENSSL_PATH)/crypto/asn1/a_utf8.c
+ $(OPENSSL_PATH)/crypto/asn1/a_verify.c
+ $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
+ $(OPENSSL_PATH)/crypto/asn1/asn1_err.c
+ $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
+ $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
+ $(OPENSSL_PATH)/crypto/asn1/asn1_par.c
+ $(OPENSSL_PATH)/crypto/asn1/asn_mime.c
+ $(OPENSSL_PATH)/crypto/asn1/asn_moid.c
+ $(OPENSSL_PATH)/crypto/asn1/asn_mstbl.c
+ $(OPENSSL_PATH)/crypto/asn1/asn_pack.c
+ $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
+ $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
+ $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
+ $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
+ $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c
+ $(OPENSSL_PATH)/crypto/asn1/f_int.c
+ $(OPENSSL_PATH)/crypto/asn1/f_string.c
+ $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c
+ $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c
+ $(OPENSSL_PATH)/crypto/asn1/n_pkey.c
+ $(OPENSSL_PATH)/crypto/asn1/nsseq.c
+ $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c
+ $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c
+ $(OPENSSL_PATH)/crypto/asn1/p5_scrypt.c
+ $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
+ $(OPENSSL_PATH)/crypto/asn1/t_bitst.c
+ $(OPENSSL_PATH)/crypto/asn1/t_pkey.c
+ $(OPENSSL_PATH)/crypto/asn1/t_spki.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_new.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_scn.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
+ $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
+ $(OPENSSL_PATH)/crypto/asn1/x_algor.c
+ $(OPENSSL_PATH)/crypto/asn1/x_bignum.c
+ $(OPENSSL_PATH)/crypto/asn1/x_info.c
+ $(OPENSSL_PATH)/crypto/asn1/x_long.c
+ $(OPENSSL_PATH)/crypto/asn1/x_pkey.c
+ $(OPENSSL_PATH)/crypto/asn1/x_sig.c
+ $(OPENSSL_PATH)/crypto/asn1/x_spki.c
+ $(OPENSSL_PATH)/crypto/asn1/x_val.c
+ $(OPENSSL_PATH)/crypto/async/arch/async_null.c
+ $(OPENSSL_PATH)/crypto/async/arch/async_posix.c
+ $(OPENSSL_PATH)/crypto/async/arch/async_win.c
+ $(OPENSSL_PATH)/crypto/async/async.c
+ $(OPENSSL_PATH)/crypto/async/async_err.c
+ $(OPENSSL_PATH)/crypto/async/async_wait.c
+ $(OPENSSL_PATH)/crypto/bio/b_addr.c
+ $(OPENSSL_PATH)/crypto/bio/b_dump.c
+ $(OPENSSL_PATH)/crypto/bio/b_sock.c
+ $(OPENSSL_PATH)/crypto/bio/b_sock2.c
+ $(OPENSSL_PATH)/crypto/bio/bf_buff.c
+ $(OPENSSL_PATH)/crypto/bio/bf_lbuf.c
+ $(OPENSSL_PATH)/crypto/bio/bf_nbio.c
+ $(OPENSSL_PATH)/crypto/bio/bf_null.c
+ $(OPENSSL_PATH)/crypto/bio/bio_cb.c
+ $(OPENSSL_PATH)/crypto/bio/bio_err.c
+ $(OPENSSL_PATH)/crypto/bio/bio_lib.c
+ $(OPENSSL_PATH)/crypto/bio/bio_meth.c
+ $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
+ $(OPENSSL_PATH)/crypto/bio/bss_bio.c
+ $(OPENSSL_PATH)/crypto/bio/bss_conn.c
+ $(OPENSSL_PATH)/crypto/bio/bss_dgram.c
+ $(OPENSSL_PATH)/crypto/bio/bss_fd.c
+ $(OPENSSL_PATH)/crypto/bio/bss_file.c
+ $(OPENSSL_PATH)/crypto/bio/bss_log.c
+ $(OPENSSL_PATH)/crypto/bio/bss_mem.c
+ $(OPENSSL_PATH)/crypto/bio/bss_null.c
+ $(OPENSSL_PATH)/crypto/bio/bss_sock.c
+ $(OPENSSL_PATH)/crypto/bn/bn_add.c
+ $(OPENSSL_PATH)/crypto/bn/bn_asm.c
+ $(OPENSSL_PATH)/crypto/bn/bn_blind.c
+ $(OPENSSL_PATH)/crypto/bn/bn_const.c
+ $(OPENSSL_PATH)/crypto/bn/bn_ctx.c
+ $(OPENSSL_PATH)/crypto/bn/bn_depr.c
+ $(OPENSSL_PATH)/crypto/bn/bn_dh.c
+ $(OPENSSL_PATH)/crypto/bn/bn_div.c
+ $(OPENSSL_PATH)/crypto/bn/bn_err.c
+ $(OPENSSL_PATH)/crypto/bn/bn_exp.c
+ $(OPENSSL_PATH)/crypto/bn/bn_exp2.c
+ $(OPENSSL_PATH)/crypto/bn/bn_gcd.c
+ $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c
+ $(OPENSSL_PATH)/crypto/bn/bn_intern.c
+ $(OPENSSL_PATH)/crypto/bn/bn_kron.c
+ $(OPENSSL_PATH)/crypto/bn/bn_lib.c
+ $(OPENSSL_PATH)/crypto/bn/bn_mod.c
+ $(OPENSSL_PATH)/crypto/bn/bn_mont.c
+ $(OPENSSL_PATH)/crypto/bn/bn_mpi.c
+ $(OPENSSL_PATH)/crypto/bn/bn_mul.c
+ $(OPENSSL_PATH)/crypto/bn/bn_nist.c
+ $(OPENSSL_PATH)/crypto/bn/bn_prime.c
+ $(OPENSSL_PATH)/crypto/bn/bn_print.c
+ $(OPENSSL_PATH)/crypto/bn/bn_rand.c
+ $(OPENSSL_PATH)/crypto/bn/bn_recp.c
+ $(OPENSSL_PATH)/crypto/bn/bn_shift.c
+ $(OPENSSL_PATH)/crypto/bn/bn_sqr.c
+ $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c
+ $(OPENSSL_PATH)/crypto/bn/bn_srp.c
+ $(OPENSSL_PATH)/crypto/bn/bn_word.c
+ $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
+ $(OPENSSL_PATH)/crypto/buffer/buf_err.c
+ $(OPENSSL_PATH)/crypto/buffer/buffer.c
+ $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
+ $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
+ $(OPENSSL_PATH)/crypto/cmac/cmac.c
+ $(OPENSSL_PATH)/crypto/comp/c_zlib.c
+ $(OPENSSL_PATH)/crypto/comp/comp_err.c
+ $(OPENSSL_PATH)/crypto/comp/comp_lib.c
+ $(OPENSSL_PATH)/crypto/conf/conf_api.c
+ $(OPENSSL_PATH)/crypto/conf/conf_def.c
+ $(OPENSSL_PATH)/crypto/conf/conf_err.c
+ $(OPENSSL_PATH)/crypto/conf/conf_lib.c
+ $(OPENSSL_PATH)/crypto/conf/conf_mall.c
+ $(OPENSSL_PATH)/crypto/conf/conf_mod.c
+ $(OPENSSL_PATH)/crypto/conf/conf_sap.c
+ $(OPENSSL_PATH)/crypto/cpt_err.c
$(OPENSSL_PATH)/crypto/cryptlib.c
- $(OPENSSL_PATH)/crypto/mem.c
- $(OPENSSL_PATH)/crypto/mem_clr.c
- $(OPENSSL_PATH)/crypto/mem_dbg.c
$(OPENSSL_PATH)/crypto/cversion.c
- $(OPENSSL_PATH)/crypto/ex_data.c
- $(OPENSSL_PATH)/crypto/cpt_err.c
- $(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/uid.c
- $(OPENSSL_PATH)/crypto/o_time.c
- $(OPENSSL_PATH)/crypto/o_str.c
- $(OPENSSL_PATH)/crypto/o_dir.c
- $(OPENSSL_PATH)/crypto/o_fips.c
- $(OPENSSL_PATH)/crypto/o_init.c
- $(OPENSSL_PATH)/crypto/fips_ers.c
- $(OPENSSL_PATH)/crypto/objects/o_names.c
- $(OPENSSL_PATH)/crypto/objects/obj_dat.c
- $(OPENSSL_PATH)/crypto/objects/obj_lib.c
- $(OPENSSL_PATH)/crypto/objects/obj_err.c
- $(OPENSSL_PATH)/crypto/objects/obj_xref.c
- $(OPENSSL_PATH)/crypto/md4/md4_dgst.c
- $(OPENSSL_PATH)/crypto/md4/md4_one.c
- $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
- $(OPENSSL_PATH)/crypto/md5/md5_one.c
- $(OPENSSL_PATH)/crypto/sha/sha_dgst.c
- $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
- $(OPENSSL_PATH)/crypto/sha/sha_one.c
- $(OPENSSL_PATH)/crypto/sha/sha1_one.c
- $(OPENSSL_PATH)/crypto/sha/sha256.c
- $(OPENSSL_PATH)/crypto/sha/sha512.c
- $(OPENSSL_PATH)/crypto/hmac/hmac.c
- $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
- $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
$(OPENSSL_PATH)/crypto/des/cbc_cksm.c
$(OPENSSL_PATH)/crypto/des/cbc_enc.c
+ $(OPENSSL_PATH)/crypto/des/cfb64ede.c
$(OPENSSL_PATH)/crypto/des/cfb64enc.c
$(OPENSSL_PATH)/crypto/des/cfb_enc.c
+ $(OPENSSL_PATH)/crypto/des/des_enc.c
$(OPENSSL_PATH)/crypto/des/ecb3_enc.c
$(OPENSSL_PATH)/crypto/des/ecb_enc.c
- $(OPENSSL_PATH)/crypto/des/enc_read.c
- $(OPENSSL_PATH)/crypto/des/enc_writ.c
$(OPENSSL_PATH)/crypto/des/fcrypt.c
+ $(OPENSSL_PATH)/crypto/des/fcrypt_b.c
+ $(OPENSSL_PATH)/crypto/des/ofb64ede.c
$(OPENSSL_PATH)/crypto/des/ofb64enc.c
$(OPENSSL_PATH)/crypto/des/ofb_enc.c
$(OPENSSL_PATH)/crypto/des/pcbc_enc.c
@@ -79,402 +195,287 @@
$(OPENSSL_PATH)/crypto/des/rand_key.c
$(OPENSSL_PATH)/crypto/des/rpc_enc.c
$(OPENSSL_PATH)/crypto/des/set_key.c
- $(OPENSSL_PATH)/crypto/des/des_enc.c
- $(OPENSSL_PATH)/crypto/des/fcrypt_b.c
- $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
$(OPENSSL_PATH)/crypto/des/str2key.c
- $(OPENSSL_PATH)/crypto/des/cfb64ede.c
- $(OPENSSL_PATH)/crypto/des/ofb64ede.c
- $(OPENSSL_PATH)/crypto/des/ede_cbcm_enc.c
- $(OPENSSL_PATH)/crypto/des/des_old.c
- $(OPENSSL_PATH)/crypto/des/des_old2.c
- $(OPENSSL_PATH)/crypto/des/read2pwd.c
- $(OPENSSL_PATH)/crypto/aes/aes_core.c
- $(OPENSSL_PATH)/crypto/aes/aes_misc.c
- $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
- $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
- $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
- $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
- $(OPENSSL_PATH)/crypto/aes/aes_ctr.c
- $(OPENSSL_PATH)/crypto/aes/aes_ige.c
- $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_utl.c
- $(OPENSSL_PATH)/crypto/modes/cbc128.c
- $(OPENSSL_PATH)/crypto/modes/ctr128.c
- $(OPENSSL_PATH)/crypto/modes/cts128.c
- $(OPENSSL_PATH)/crypto/modes/cfb128.c
- $(OPENSSL_PATH)/crypto/modes/ofb128.c
- $(OPENSSL_PATH)/crypto/modes/gcm128.c
- $(OPENSSL_PATH)/crypto/modes/ccm128.c
- $(OPENSSL_PATH)/crypto/modes/xts128.c
- $(OPENSSL_PATH)/crypto/modes/wrap128.c
- $(OPENSSL_PATH)/crypto/bn/bn_add.c
- $(OPENSSL_PATH)/crypto/bn/bn_div.c
- $(OPENSSL_PATH)/crypto/bn/bn_exp.c
- $(OPENSSL_PATH)/crypto/bn/bn_lib.c
- $(OPENSSL_PATH)/crypto/bn/bn_ctx.c
- $(OPENSSL_PATH)/crypto/bn/bn_mul.c
- $(OPENSSL_PATH)/crypto/bn/bn_mod.c
- $(OPENSSL_PATH)/crypto/bn/bn_print.c
- $(OPENSSL_PATH)/crypto/bn/bn_rand.c
- $(OPENSSL_PATH)/crypto/bn/bn_shift.c
- $(OPENSSL_PATH)/crypto/bn/bn_word.c
- $(OPENSSL_PATH)/crypto/bn/bn_blind.c
- $(OPENSSL_PATH)/crypto/bn/bn_kron.c
- $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c
- $(OPENSSL_PATH)/crypto/bn/bn_gcd.c
- $(OPENSSL_PATH)/crypto/bn/bn_prime.c
- $(OPENSSL_PATH)/crypto/bn/bn_err.c
- $(OPENSSL_PATH)/crypto/bn/bn_sqr.c
- $(OPENSSL_PATH)/crypto/bn/bn_asm.c
- $(OPENSSL_PATH)/crypto/bn/bn_recp.c
- $(OPENSSL_PATH)/crypto/bn/bn_mont.c
- $(OPENSSL_PATH)/crypto/bn/bn_mpi.c
- $(OPENSSL_PATH)/crypto/bn/bn_exp2.c
- $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c
- $(OPENSSL_PATH)/crypto/bn/bn_nist.c
- $(OPENSSL_PATH)/crypto/bn/bn_depr.c
- $(OPENSSL_PATH)/crypto/bn/bn_const.c
- $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_eay.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_err.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_none.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_null.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c
+ $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
+ $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
+ $(OPENSSL_PATH)/crypto/dh/dh_check.c
+ $(OPENSSL_PATH)/crypto/dh/dh_depr.c
+ $(OPENSSL_PATH)/crypto/dh/dh_err.c
$(OPENSSL_PATH)/crypto/dh/dh_gen.c
+ $(OPENSSL_PATH)/crypto/dh/dh_kdf.c
$(OPENSSL_PATH)/crypto/dh/dh_key.c
$(OPENSSL_PATH)/crypto/dh/dh_lib.c
- $(OPENSSL_PATH)/crypto/dh/dh_check.c
- $(OPENSSL_PATH)/crypto/dh/dh_err.c
- $(OPENSSL_PATH)/crypto/dh/dh_depr.c
- $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
+ $(OPENSSL_PATH)/crypto/dh/dh_meth.c
$(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
$(OPENSSL_PATH)/crypto/dh/dh_prn.c
$(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
- $(OPENSSL_PATH)/crypto/dh/dh_kdf.c
$(OPENSSL_PATH)/crypto/dso/dso_dl.c
$(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
$(OPENSSL_PATH)/crypto/dso/dso_err.c
$(OPENSSL_PATH)/crypto/dso/dso_lib.c
- $(OPENSSL_PATH)/crypto/dso/dso_null.c
$(OPENSSL_PATH)/crypto/dso/dso_openssl.c
- $(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
- $(OPENSSL_PATH)/crypto/dso/dso_beos.c
- $(OPENSSL_PATH)/crypto/buffer/buffer.c
- $(OPENSSL_PATH)/crypto/buffer/buf_str.c
- $(OPENSSL_PATH)/crypto/buffer/buf_err.c
- $(OPENSSL_PATH)/crypto/bio/bio_lib.c
- $(OPENSSL_PATH)/crypto/bio/bio_cb.c
- $(OPENSSL_PATH)/crypto/bio/bio_err.c
- $(OPENSSL_PATH)/crypto/bio/bss_mem.c
- $(OPENSSL_PATH)/crypto/bio/bss_null.c
- $(OPENSSL_PATH)/crypto/bio/bss_fd.c
- $(OPENSSL_PATH)/crypto/bio/bss_file.c
- $(OPENSSL_PATH)/crypto/bio/bss_sock.c
- $(OPENSSL_PATH)/crypto/bio/bss_conn.c
- $(OPENSSL_PATH)/crypto/bio/bf_null.c
- $(OPENSSL_PATH)/crypto/bio/bf_buff.c
- $(OPENSSL_PATH)/crypto/bio/b_dump.c
- $(OPENSSL_PATH)/crypto/bio/b_sock.c
- $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
- $(OPENSSL_PATH)/crypto/bio/bf_nbio.c
- $(OPENSSL_PATH)/crypto/bio/bss_log.c
- $(OPENSSL_PATH)/crypto/bio/bss_bio.c
- $(OPENSSL_PATH)/crypto/bio/bss_dgram.c
- $(OPENSSL_PATH)/crypto/stack/stack.c
- $(OPENSSL_PATH)/crypto/lhash/lhash.c
- $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
- $(OPENSSL_PATH)/crypto/rand/md_rand.c
- $(OPENSSL_PATH)/crypto/rand/randfile.c
- $(OPENSSL_PATH)/crypto/rand/rand_lib.c
- $(OPENSSL_PATH)/crypto/rand/rand_err.c
- $(OPENSSL_PATH)/crypto/rand/rand_egd.c
- $(OPENSSL_PATH)/crypto/rand/rand_win.c
- $(OPENSSL_PATH)/crypto/rand/rand_unix.c
- $(OPENSSL_PATH)/crypto/rand/rand_os2.c
- $(OPENSSL_PATH)/crypto/rand/rand_nw.c
+ $(OPENSSL_PATH)/crypto/dso/dso_win32.c
+ $(OPENSSL_PATH)/crypto/ebcdic.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_all.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
- $(OPENSSL_PATH)/crypto/evp/encode.c
+ $(OPENSSL_PATH)/crypto/evp/bio_b64.c
+ $(OPENSSL_PATH)/crypto/evp/bio_enc.c
+ $(OPENSSL_PATH)/crypto/evp/bio_md.c
+ $(OPENSSL_PATH)/crypto/evp/bio_ok.c
+ $(OPENSSL_PATH)/crypto/evp/c_allc.c
+ $(OPENSSL_PATH)/crypto/evp/c_alld.c
+ $(OPENSSL_PATH)/crypto/evp/cmeth_lib.c
$(OPENSSL_PATH)/crypto/evp/digest.c
- $(OPENSSL_PATH)/crypto/evp/evp_enc.c
- $(OPENSSL_PATH)/crypto/evp/evp_key.c
- $(OPENSSL_PATH)/crypto/evp/evp_acnf.c
- $(OPENSSL_PATH)/crypto/evp/evp_cnf.c
- $(OPENSSL_PATH)/crypto/evp/e_des.c
+ $(OPENSSL_PATH)/crypto/evp/e_aes.c
+ $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
+ $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
$(OPENSSL_PATH)/crypto/evp/e_bf.c
- $(OPENSSL_PATH)/crypto/evp/e_idea.c
- $(OPENSSL_PATH)/crypto/evp/e_des3.c
$(OPENSSL_PATH)/crypto/evp/e_camellia.c
+ $(OPENSSL_PATH)/crypto/evp/e_cast.c
+ $(OPENSSL_PATH)/crypto/evp/e_chacha20_poly1305.c
+ $(OPENSSL_PATH)/crypto/evp/e_des.c
+ $(OPENSSL_PATH)/crypto/evp/e_des3.c
+ $(OPENSSL_PATH)/crypto/evp/e_idea.c
+ $(OPENSSL_PATH)/crypto/evp/e_null.c
+ $(OPENSSL_PATH)/crypto/evp/e_old.c
+ $(OPENSSL_PATH)/crypto/evp/e_rc2.c
$(OPENSSL_PATH)/crypto/evp/e_rc4.c
- $(OPENSSL_PATH)/crypto/evp/e_aes.c
- $(OPENSSL_PATH)/crypto/evp/names.c
+ $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
+ $(OPENSSL_PATH)/crypto/evp/e_rc5.c
$(OPENSSL_PATH)/crypto/evp/e_seed.c
$(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
- $(OPENSSL_PATH)/crypto/evp/e_rc2.c
- $(OPENSSL_PATH)/crypto/evp/e_cast.c
- $(OPENSSL_PATH)/crypto/evp/e_rc5.c
- $(OPENSSL_PATH)/crypto/evp/m_null.c
+ $(OPENSSL_PATH)/crypto/evp/encode.c
+ $(OPENSSL_PATH)/crypto/evp/evp_cnf.c
+ $(OPENSSL_PATH)/crypto/evp/evp_enc.c
+ $(OPENSSL_PATH)/crypto/evp/evp_err.c
+ $(OPENSSL_PATH)/crypto/evp/evp_key.c
+ $(OPENSSL_PATH)/crypto/evp/evp_lib.c
+ $(OPENSSL_PATH)/crypto/evp/evp_pbe.c
+ $(OPENSSL_PATH)/crypto/evp/evp_pkey.c
$(OPENSSL_PATH)/crypto/evp/m_md2.c
$(OPENSSL_PATH)/crypto/evp/m_md4.c
$(OPENSSL_PATH)/crypto/evp/m_md5.c
- $(OPENSSL_PATH)/crypto/evp/m_sha.c
- $(OPENSSL_PATH)/crypto/evp/m_sha1.c
- $(OPENSSL_PATH)/crypto/evp/m_wp.c
- $(OPENSSL_PATH)/crypto/evp/m_dss.c
- $(OPENSSL_PATH)/crypto/evp/m_dss1.c
+ $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c
$(OPENSSL_PATH)/crypto/evp/m_mdc2.c
+ $(OPENSSL_PATH)/crypto/evp/m_null.c
$(OPENSSL_PATH)/crypto/evp/m_ripemd.c
- $(OPENSSL_PATH)/crypto/evp/m_ecdsa.c
+ $(OPENSSL_PATH)/crypto/evp/m_sha1.c
+ $(OPENSSL_PATH)/crypto/evp/m_sigver.c
+ $(OPENSSL_PATH)/crypto/evp/m_wp.c
+ $(OPENSSL_PATH)/crypto/evp/names.c
+ $(OPENSSL_PATH)/crypto/evp/p5_crpt.c
+ $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
+ $(OPENSSL_PATH)/crypto/evp/p_dec.c
+ $(OPENSSL_PATH)/crypto/evp/p_enc.c
+ $(OPENSSL_PATH)/crypto/evp/p_lib.c
$(OPENSSL_PATH)/crypto/evp/p_open.c
$(OPENSSL_PATH)/crypto/evp/p_seal.c
$(OPENSSL_PATH)/crypto/evp/p_sign.c
$(OPENSSL_PATH)/crypto/evp/p_verify.c
- $(OPENSSL_PATH)/crypto/evp/p_lib.c
- $(OPENSSL_PATH)/crypto/evp/p_enc.c
- $(OPENSSL_PATH)/crypto/evp/p_dec.c
- $(OPENSSL_PATH)/crypto/evp/bio_md.c
- $(OPENSSL_PATH)/crypto/evp/bio_b64.c
- $(OPENSSL_PATH)/crypto/evp/bio_enc.c
- $(OPENSSL_PATH)/crypto/evp/evp_err.c
- $(OPENSSL_PATH)/crypto/evp/e_null.c
- $(OPENSSL_PATH)/crypto/evp/c_all.c
- $(OPENSSL_PATH)/crypto/evp/c_allc.c
- $(OPENSSL_PATH)/crypto/evp/c_alld.c
- $(OPENSSL_PATH)/crypto/evp/evp_lib.c
- $(OPENSSL_PATH)/crypto/evp/bio_ok.c
- $(OPENSSL_PATH)/crypto/evp/evp_pkey.c
- $(OPENSSL_PATH)/crypto/evp/evp_pbe.c
- $(OPENSSL_PATH)/crypto/evp/p5_crpt.c
- $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
- $(OPENSSL_PATH)/crypto/evp/e_old.c
- $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
$(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
$(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
- $(OPENSSL_PATH)/crypto/evp/m_sigver.c
- $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
- $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
- $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
- $(OPENSSL_PATH)/crypto/asn1/a_object.c
- $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
- $(OPENSSL_PATH)/crypto/asn1/a_utctm.c
- $(OPENSSL_PATH)/crypto/asn1/a_gentm.c
- $(OPENSSL_PATH)/crypto/asn1/a_time.c
- $(OPENSSL_PATH)/crypto/asn1/a_int.c
- $(OPENSSL_PATH)/crypto/asn1/a_octet.c
- $(OPENSSL_PATH)/crypto/asn1/a_print.c
- $(OPENSSL_PATH)/crypto/asn1/a_type.c
- $(OPENSSL_PATH)/crypto/asn1/a_set.c
- $(OPENSSL_PATH)/crypto/asn1/a_dup.c
- $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
- $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c
- $(OPENSSL_PATH)/crypto/asn1/a_enum.c
- $(OPENSSL_PATH)/crypto/asn1/a_utf8.c
- $(OPENSSL_PATH)/crypto/asn1/a_sign.c
- $(OPENSSL_PATH)/crypto/asn1/a_digest.c
- $(OPENSSL_PATH)/crypto/asn1/a_verify.c
- $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c
- $(OPENSSL_PATH)/crypto/asn1/a_strex.c
- $(OPENSSL_PATH)/crypto/asn1/x_algor.c
- $(OPENSSL_PATH)/crypto/asn1/x_val.c
- $(OPENSSL_PATH)/crypto/asn1/x_pubkey.c
- $(OPENSSL_PATH)/crypto/asn1/x_sig.c
- $(OPENSSL_PATH)/crypto/asn1/x_req.c
- $(OPENSSL_PATH)/crypto/asn1/x_attrib.c
- $(OPENSSL_PATH)/crypto/asn1/x_bignum.c
- $(OPENSSL_PATH)/crypto/asn1/x_long.c
- $(OPENSSL_PATH)/crypto/asn1/x_name.c
- $(OPENSSL_PATH)/crypto/asn1/x_x509.c
- $(OPENSSL_PATH)/crypto/asn1/x_x509a.c
- $(OPENSSL_PATH)/crypto/asn1/x_crl.c
- $(OPENSSL_PATH)/crypto/asn1/x_info.c
- $(OPENSSL_PATH)/crypto/asn1/x_spki.c
- $(OPENSSL_PATH)/crypto/asn1/nsseq.c
- $(OPENSSL_PATH)/crypto/asn1/x_nx509.c
- $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
- $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
- $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c
- $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c
- $(OPENSSL_PATH)/crypto/asn1/t_req.c
- $(OPENSSL_PATH)/crypto/asn1/t_x509.c
- $(OPENSSL_PATH)/crypto/asn1/t_x509a.c
- $(OPENSSL_PATH)/crypto/asn1/t_crl.c
- $(OPENSSL_PATH)/crypto/asn1/t_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/t_spki.c
- $(OPENSSL_PATH)/crypto/asn1/t_bitst.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_new.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
- $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
- $(OPENSSL_PATH)/crypto/asn1/f_int.c
- $(OPENSSL_PATH)/crypto/asn1/f_string.c
- $(OPENSSL_PATH)/crypto/asn1/n_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/f_enum.c
- $(OPENSSL_PATH)/crypto/asn1/x_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/a_bool.c
- $(OPENSSL_PATH)/crypto/asn1/x_exten.c
- $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
- $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
- $(OPENSSL_PATH)/crypto/asn1/asn_mime.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_par.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_err.c
- $(OPENSSL_PATH)/crypto/asn1/a_bytes.c
- $(OPENSSL_PATH)/crypto/asn1/a_strnid.c
- $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c
- $(OPENSSL_PATH)/crypto/asn1/asn_pack.c
- $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c
- $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c
- $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/asn_moid.c
- $(OPENSSL_PATH)/crypto/pem/pem_sign.c
- $(OPENSSL_PATH)/crypto/pem/pem_seal.c
- $(OPENSSL_PATH)/crypto/pem/pem_info.c
- $(OPENSSL_PATH)/crypto/pem/pem_lib.c
+ $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
+ $(OPENSSL_PATH)/crypto/evp/scrypt.c
+ $(OPENSSL_PATH)/crypto/ex_data.c
+ $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
+ $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
+ $(OPENSSL_PATH)/crypto/hmac/hmac.c
+ $(OPENSSL_PATH)/crypto/init.c
+ $(OPENSSL_PATH)/crypto/kdf/hkdf.c
+ $(OPENSSL_PATH)/crypto/kdf/kdf_err.c
+ $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
+ $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
+ $(OPENSSL_PATH)/crypto/lhash/lhash.c
+ $(OPENSSL_PATH)/crypto/md4/md4_dgst.c
+ $(OPENSSL_PATH)/crypto/md4/md4_one.c
+ $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
+ $(OPENSSL_PATH)/crypto/md5/md5_one.c
+ $(OPENSSL_PATH)/crypto/mem.c
+ $(OPENSSL_PATH)/crypto/mem_clr.c
+ $(OPENSSL_PATH)/crypto/mem_dbg.c
+ $(OPENSSL_PATH)/crypto/mem_sec.c
+ $(OPENSSL_PATH)/crypto/modes/cbc128.c
+ $(OPENSSL_PATH)/crypto/modes/ccm128.c
+ $(OPENSSL_PATH)/crypto/modes/cfb128.c
+ $(OPENSSL_PATH)/crypto/modes/ctr128.c
+ $(OPENSSL_PATH)/crypto/modes/cts128.c
+ $(OPENSSL_PATH)/crypto/modes/gcm128.c
+ $(OPENSSL_PATH)/crypto/modes/ocb128.c
+ $(OPENSSL_PATH)/crypto/modes/ofb128.c
+ $(OPENSSL_PATH)/crypto/modes/wrap128.c
+ $(OPENSSL_PATH)/crypto/modes/xts128.c
+ $(OPENSSL_PATH)/crypto/o_dir.c
+ $(OPENSSL_PATH)/crypto/o_fips.c
+ $(OPENSSL_PATH)/crypto/o_fopen.c
+ $(OPENSSL_PATH)/crypto/o_init.c
+ $(OPENSSL_PATH)/crypto/o_str.c
+ $(OPENSSL_PATH)/crypto/o_time.c
+ $(OPENSSL_PATH)/crypto/objects/o_names.c
+ $(OPENSSL_PATH)/crypto/objects/obj_dat.c
+ $(OPENSSL_PATH)/crypto/objects/obj_err.c
+ $(OPENSSL_PATH)/crypto/objects/obj_lib.c
+ $(OPENSSL_PATH)/crypto/objects/obj_xref.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
+ $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
$(OPENSSL_PATH)/crypto/pem/pem_all.c
$(OPENSSL_PATH)/crypto/pem/pem_err.c
- $(OPENSSL_PATH)/crypto/pem/pem_x509.c
- $(OPENSSL_PATH)/crypto/pem/pem_xaux.c
+ $(OPENSSL_PATH)/crypto/pem/pem_info.c
+ $(OPENSSL_PATH)/crypto/pem/pem_lib.c
$(OPENSSL_PATH)/crypto/pem/pem_oth.c
$(OPENSSL_PATH)/crypto/pem/pem_pk8.c
$(OPENSSL_PATH)/crypto/pem/pem_pkey.c
+ $(OPENSSL_PATH)/crypto/pem/pem_sign.c
+ $(OPENSSL_PATH)/crypto/pem/pem_x509.c
+ $(OPENSSL_PATH)/crypto/pem/pem_xaux.c
$(OPENSSL_PATH)/crypto/pem/pvkfmt.c
- $(OPENSSL_PATH)/crypto/x509/x509_def.c
- $(OPENSSL_PATH)/crypto/x509/x509_d2.c
- $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
+ $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
+ $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c
+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
+ $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
+ $(OPENSSL_PATH)/crypto/rand/md_rand.c
+ $(OPENSSL_PATH)/crypto/rand/rand_egd.c
+ $(OPENSSL_PATH)/crypto/rand/rand_err.c
+ $(OPENSSL_PATH)/crypto/rand/rand_lib.c
+ $(OPENSSL_PATH)/crypto/rand/rand_unix.c
+ $(OPENSSL_PATH)/crypto/rand/rand_vms.c
+ $(OPENSSL_PATH)/crypto/rand/rand_win.c
+ $(OPENSSL_PATH)/crypto/rand/randfile.c
+ $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
+ $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_err.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_none.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_null.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
+ $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
+ $(OPENSSL_PATH)/crypto/sha/sha1_one.c
+ $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
+ $(OPENSSL_PATH)/crypto/sha/sha256.c
+ $(OPENSSL_PATH)/crypto/sha/sha512.c
+ $(OPENSSL_PATH)/crypto/stack/stack.c
+ $(OPENSSL_PATH)/crypto/threads_none.c
+ $(OPENSSL_PATH)/crypto/threads_pthread.c
+ $(OPENSSL_PATH)/crypto/threads_win.c
+ $(OPENSSL_PATH)/crypto/txt_db/txt_db.c
+ $(OPENSSL_PATH)/crypto/uid.c
+ $(OPENSSL_PATH)/crypto/x509/by_dir.c
+ $(OPENSSL_PATH)/crypto/x509/by_file.c
+ $(OPENSSL_PATH)/crypto/x509/t_crl.c
+ $(OPENSSL_PATH)/crypto/x509/t_req.c
+ $(OPENSSL_PATH)/crypto/x509/t_x509.c
+ $(OPENSSL_PATH)/crypto/x509/x509_att.c
$(OPENSSL_PATH)/crypto/x509/x509_cmp.c
+ $(OPENSSL_PATH)/crypto/x509/x509_d2.c
+ $(OPENSSL_PATH)/crypto/x509/x509_def.c
+ $(OPENSSL_PATH)/crypto/x509/x509_err.c
+ $(OPENSSL_PATH)/crypto/x509/x509_ext.c
+ $(OPENSSL_PATH)/crypto/x509/x509_lu.c
$(OPENSSL_PATH)/crypto/x509/x509_obj.c
+ $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
$(OPENSSL_PATH)/crypto/x509/x509_req.c
- $(OPENSSL_PATH)/crypto/x509/x509spki.c
- $(OPENSSL_PATH)/crypto/x509/x509_vfy.c
$(OPENSSL_PATH)/crypto/x509/x509_set.c
+ $(OPENSSL_PATH)/crypto/x509/x509_trs.c
+ $(OPENSSL_PATH)/crypto/x509/x509_txt.c
+ $(OPENSSL_PATH)/crypto/x509/x509_v3.c
+ $(OPENSSL_PATH)/crypto/x509/x509_vfy.c
+ $(OPENSSL_PATH)/crypto/x509/x509_vpm.c
$(OPENSSL_PATH)/crypto/x509/x509cset.c
- $(OPENSSL_PATH)/crypto/x509/x509rset.c
- $(OPENSSL_PATH)/crypto/x509/x509_err.c
$(OPENSSL_PATH)/crypto/x509/x509name.c
- $(OPENSSL_PATH)/crypto/x509/x509_v3.c
- $(OPENSSL_PATH)/crypto/x509/x509_ext.c
- $(OPENSSL_PATH)/crypto/x509/x509_att.c
+ $(OPENSSL_PATH)/crypto/x509/x509rset.c
+ $(OPENSSL_PATH)/crypto/x509/x509spki.c
$(OPENSSL_PATH)/crypto/x509/x509type.c
- $(OPENSSL_PATH)/crypto/x509/x509_lu.c
$(OPENSSL_PATH)/crypto/x509/x_all.c
- $(OPENSSL_PATH)/crypto/x509/x509_txt.c
- $(OPENSSL_PATH)/crypto/x509/x509_trs.c
- $(OPENSSL_PATH)/crypto/x509/by_file.c
- $(OPENSSL_PATH)/crypto/x509/by_dir.c
- $(OPENSSL_PATH)/crypto/x509/x509_vpm.c
+ $(OPENSSL_PATH)/crypto/x509/x_attrib.c
+ $(OPENSSL_PATH)/crypto/x509/x_crl.c
+ $(OPENSSL_PATH)/crypto/x509/x_exten.c
+ $(OPENSSL_PATH)/crypto/x509/x_name.c
+ $(OPENSSL_PATH)/crypto/x509/x_pubkey.c
+ $(OPENSSL_PATH)/crypto/x509/x_req.c
+ $(OPENSSL_PATH)/crypto/x509/x_x509.c
+ $(OPENSSL_PATH)/crypto/x509/x_x509a.c
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
$(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c
$(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c
$(OPENSSL_PATH)/crypto/x509v3/v3_conf.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c
$(OPENSSL_PATH)/crypto/x509v3/v3_extku.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c
$(OPENSSL_PATH)/crypto/x509v3/v3_ia5.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_info.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_int.c
$(OPENSSL_PATH)/crypto/x509v3/v3_lib.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c
$(OPENSSL_PATH)/crypto/x509v3/v3_prn.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
- $(OPENSSL_PATH)/crypto/x509v3/v3err.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c
$(OPENSSL_PATH)/crypto/x509v3/v3_skey.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_int.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c
$(OPENSSL_PATH)/crypto/x509v3/v3_sxnet.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_info.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_ocsp.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_scts.c
- $(OPENSSL_PATH)/crypto/conf/conf_err.c
- $(OPENSSL_PATH)/crypto/conf/conf_lib.c
- $(OPENSSL_PATH)/crypto/conf/conf_api.c
- $(OPENSSL_PATH)/crypto/conf/conf_def.c
- $(OPENSSL_PATH)/crypto/conf/conf_mod.c
- $(OPENSSL_PATH)/crypto/conf/conf_mall.c
- $(OPENSSL_PATH)/crypto/conf/conf_sap.c
- $(OPENSSL_PATH)/crypto/txt_db/txt_db.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
- $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
- $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c
- $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
- $(OPENSSL_PATH)/crypto/comp/comp_lib.c
- $(OPENSSL_PATH)/crypto/comp/comp_err.c
- $(OPENSSL_PATH)/crypto/comp/c_rle.c
- $(OPENSSL_PATH)/crypto/comp/c_zlib.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
- $(OPENSSL_PATH)/crypto/krb5/krb5_asn.c
- $(OPENSSL_PATH)/crypto/pqueue/pqueue.c
- $(OPENSSL_PATH)/crypto/cmac/cmac.c
- $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
- $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
-
+ $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
+ $(OPENSSL_PATH)/crypto/x509v3/v3err.c
# Autogenerated files list ends here
[Packages]
@@ -489,31 +490,29 @@
[BuildOptions]
#
- # Disables the following Visual Studio compiler warnings brought by openssl source, so we do not break the build with /WX option:
- # C4244: conversion from type1 to type2, possible loss of data
- # C4702: unreachable code
- # C4706: assignment within conditional expression
- # C4133: incompatible types - from type1 to type2
- # C4245: conversion from type1 to type2, signed/unsigned mismatch
- # C4267: conversion from size_t to type, possible loss of data
- # C4305: truncation from type1 to type2 of smaller size
- # C4306: conversion from type1 to type2 of greater size
- # C4702: Potentially uninitialized local variable name used
- # C4311: pointer truncation from 'type' to 'type'
+ # Disables the following Visual Studio compiler warnings brought by openssl source,
+ # so we do not break the build with /WX option:
+ # C4090: 'function' : different 'const' qualifiers
+ # C4244: conversion from type1 to type2, possible loss of data
+ # C4245: conversion from type1 to type2, signed/unsigned mismatch
+ # C4267: conversion from size_t to type, possible loss of data
+ # C4389: 'operator' : signed/unsigned mismatch (xxxx)
+ # C4702: unreachable code
+ # C4706: assignment within conditional expression
#
- MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4244 /wd4245 /wd4267 /wd4701 /wd4702 /wd4706
- MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706 /wd4311
- MSFT:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4133 /wd4244 /wd4245 /wd4267 /wd4701 /wd4305 /wd4306 /wd4702 /wd4706
+ MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4244 /wd4245 /wd4267 /wd4389 /wd4702 /wd4706
+ MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4244 /wd4245 /wd4267 /wd4389 /wd4702 /wd4706
+ MSFT:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4244 /wd4245 /wd4267 /wd4389 /wd4702 /wd4706
- INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
- INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
- INTEL:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
+ INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
+ INTEL:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
- GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w
- GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -DNO_MSABI_VA_FUNCS
- GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w
- GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -w
- GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -w
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -DNO_MSABI_VA_FUNCS
+ GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
+ GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS)
+ GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS)
# suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
# 1295: Deprecated declaration <entity> - give arg types
diff --git a/CryptoPkg/Library/OpensslLib/opensslconf.h b/CryptoPkg/Library/OpensslLib/opensslconf.h
deleted file mode 100644
index e0054a45fc..0000000000
--- a/CryptoPkg/Library/OpensslLib/opensslconf.h
+++ /dev/null
@@ -1,497 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_SYSNAME_UEFI
-# define OPENSSL_SYSNAME_UEFI
-#endif
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_BF
-# define OPENSSL_NO_BF
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
-#ifndef OPENSSL_NO_DEPRECATED
-# define OPENSSL_NO_DEPRECATED
-#endif
-#ifndef OPENSSL_NO_DGRAM
-# define OPENSSL_NO_DGRAM
-#endif
-#ifndef OPENSSL_NO_DSA
-# define OPENSSL_NO_DSA
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-#ifndef OPENSSL_NO_EC
-# define OPENSSL_NO_EC
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_ECDH
-# define OPENSSL_NO_ECDH
-#endif
-#ifndef OPENSSL_NO_ECDSA
-# define OPENSSL_NO_ECDSA
-#endif
-#ifndef OPENSSL_NO_ENGINE
-# define OPENSSL_NO_ENGINE
-#endif
-#ifndef OPENSSL_NO_ENGINES
-# define OPENSSL_NO_ENGINES
-#endif
-#ifndef OPENSSL_NO_FILENAMES
-# define OPENSSL_NO_FILENAMES
-#endif
-#ifndef OPENSSL_NO_FP_API
-# define OPENSSL_NO_FP_API
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_LIBUNBOUND
-# define OPENSSL_NO_LIBUNBOUND
-#endif
-#ifndef OPENSSL_NO_LOCKING
-# define OPENSSL_NO_LOCKING
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_POSIX_IO
-# define OPENSSL_NO_POSIX_IO
-#endif
-#ifndef OPENSSL_NO_RC2
-# define OPENSSL_NO_RC2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RCS
-# define OPENSSL_NO_RCS
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-# define OPENSSL_NO_RIPEMD
-#endif
-#ifndef OPENSSL_NO_SCRYPT
-# define OPENSSL_NO_SCRYPT
-#endif
-#ifndef OPENSSL_NO_SCT
-# define OPENSSL_NO_SCT
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SHA0
-#endif
-#ifndef OPENSSL_NO_SOCK
-# define OPENSSL_NO_SOCK
-#endif
-#ifndef OPENSSL_NO_SRP
-# define OPENSSL_NO_SRP
-#endif
-#ifndef OPENSSL_NO_SSL_TRACE
-# define OPENSSL_NO_SSL_TRACE
-#endif
-#ifndef OPENSSL_NO_SSL2
-# define OPENSSL_NO_SSL2
-#endif
-#ifndef OPENSSL_NO_SSL3
-# define OPENSSL_NO_SSL3
-#endif
-#ifndef OPENSSL_NO_STDIO
-# define OPENSSL_NO_STDIO
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_TS
-# define OPENSSL_NO_TS
-#endif
-#ifndef OPENSSL_NO_UI
-# define OPENSSL_NO_UI
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-# define OPENSSL_NO_WEAK_SSL_CIPHERS
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_NO_ASM
-# define OPENSSL_NO_ASM
-#endif
-#ifndef OPENSSL_NO_ERR
-# define OPENSSL_NO_ERR
-#endif
-#ifndef OPENSSL_NO_HW
-# define OPENSSL_NO_HW
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
- asks for it. This is a transient feature that is provided for those
- who haven't had the time to do the appropriate changes in their
- applications. */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_BF) && !defined(NO_BF)
-# define NO_BF
-# endif
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-# define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-# define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-# define NO_CAST
-# endif
-# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
-# define NO_CMS
-# endif
-# if defined(OPENSSL_NO_DEPRECATED) && !defined(NO_DEPRECATED)
-# define NO_DEPRECATED
-# endif
-# if defined(OPENSSL_NO_DGRAM) && !defined(NO_DGRAM)
-# define NO_DGRAM
-# endif
-# if defined(OPENSSL_NO_DSA) && !defined(NO_DSA)
-# define NO_DSA
-# endif
-# if defined(OPENSSL_NO_DYNAMIC_ENGINE) && !defined(NO_DYNAMIC_ENGINE)
-# define NO_DYNAMIC_ENGINE
-# endif
-# if defined(OPENSSL_NO_EC) && !defined(NO_EC)
-# define NO_EC
-# endif
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-# define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_ECDH) && !defined(NO_ECDH)
-# define NO_ECDH
-# endif
-# if defined(OPENSSL_NO_ECDSA) && !defined(NO_ECDSA)
-# define NO_ECDSA
-# endif
-# if defined(OPENSSL_NO_ENGINE) && !defined(NO_ENGINE)
-# define NO_ENGINE
-# endif
-# if defined(OPENSSL_NO_ENGINES) && !defined(NO_ENGINES)
-# define NO_ENGINES
-# endif
-# if defined(OPENSSL_NO_FILENAMES) && !defined(NO_FILENAMES)
-# define NO_FILENAMES
-# endif
-# if defined(OPENSSL_NO_FP_API) && !defined(NO_FP_API)
-# define NO_FP_API
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-# define NO_GMP
-# endif
-# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
-# define NO_GOST
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-# define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-# define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-# define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND)
-# define NO_LIBUNBOUND
-# endif
-# if defined(OPENSSL_NO_LOCKING) && !defined(NO_LOCKING)
-# define NO_LOCKING
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-# define NO_MD2
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-# define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_POSIX_IO) && !defined(NO_POSIX_IO)
-# define NO_POSIX_IO
-# endif
-# if defined(OPENSSL_NO_RC2) && !defined(NO_RC2)
-# define NO_RC2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-# define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RCS) && !defined(NO_RCS)
-# define NO_RCS
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-# define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-# define NO_RIPEMD
-# endif
-# if defined(OPENSSL_NO_SCRYPT) && !defined(NO_SCRYPT)
-# define NO_SCRYPT
-# endif
-# if defined(OPENSSL_NO_SCT) && !defined(NO_SCT)
-# define NO_SCT
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-# define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-# define NO_SEED
-# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-# define NO_SHA0
-# endif
-# if defined(OPENSSL_NO_SOCK) && !defined(NO_SOCK)
-# define NO_SOCK
-# endif
-# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
-# define NO_SRP
-# endif
-# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE)
-# define NO_SSL_TRACE
-# endif
-# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
-# define NO_SSL2
-# endif
-# if defined(OPENSSL_NO_SSL3) && !defined(NO_SSL3)
-# define NO_SSL3
-# endif
-# if defined(OPENSSL_NO_STDIO) && !defined(NO_STDIO)
-# define NO_STDIO
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-# define NO_STORE
-# endif
-# if defined(OPENSSL_NO_TS) && !defined(NO_TS)
-# define NO_TS
-# endif
-# if defined(OPENSSL_NO_UI) && !defined(NO_UI)
-# define NO_UI
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-# define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS)
-# define NO_WEAK_SSL_CIPHERS
-# endif
-# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
-# define NO_WHIRLPOOL
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-#ifndef OPENSSL_FILE
-#ifdef OPENSSL_NO_FILENAMES
-#define OPENSSL_FILE ""
-#define OPENSSL_LINE 0
-#else
-#define OPENSSL_FILE __FILE__
-#define OPENSSL_LINE __LINE__
-#endif
-#endif
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units. It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
- CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
- even newer MIPS CPU's, but at the moment one size fits all for
- optimization options. Older Sparc's work better with only UNROLL, but
- there's no way to tell at compile time what it is you're running on */
-
-#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */
-# define DES_PTR
-# define DES_RISC1
-# define DES_UNROLL
-#elif defined( __ultrix ) /* Older MIPS */
-# define DES_PTR
-# define DES_RISC2
-# define DES_UNROLL
-#elif defined( __osf1__ ) /* Alpha */
-# define DES_PTR
-# define DES_RISC2
-#elif defined ( _AIX ) /* RS6000 */
- /* Unknown */
-#elif defined( __hpux ) /* HP-PA */
- /* Unknown */
-#elif defined( __aux ) /* 68K */
- /* Unknown */
-#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */
-# define DES_UNROLL
-#elif defined( __sgi ) /* Newer MIPS */
-# define DES_PTR
-# define DES_RISC2
-# define DES_UNROLL
-#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */
-# define DES_PTR
-# define DES_RISC1
-# define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef __cplusplus
-}
-#endif
--
2.11.1.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v2 02/11] CryptoPkg: Update .gitignore for OpenSSL source masking
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
2017-03-23 13:19 ` [PATCH v2 01/11] CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0x build Qin Long
@ 2017-03-23 13:19 ` Qin Long
2017-03-23 18:28 ` Laszlo Ersek
2017-03-23 13:19 ` [PATCH v2 03/11] CryptoPkg/OpensslLib: Remove patch file and installation scripts Qin Long
` (10 subsequent siblings)
12 siblings, 1 reply; 33+ messages in thread
From: Qin Long @ 2017-03-23 13:19 UTC (permalink / raw)
To: edk2-devel
Cc: ting.ye, jiaxin.wu, lersek, ard.biesheuvel, glin, ronald.cron,
Moso.Lee, thomas.palmer
Updates .gitignore that masks the OpenSSL source:
1. Remove "Include/openssl" from .gitignore since we needn't duplicate
openssl headers now
2. Update "openssl-*" to "openssl*", since we use "openssl" instead of
"openssl-x.x.xx" as main source directory.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
---
CryptoPkg/.gitignore | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/CryptoPkg/.gitignore b/CryptoPkg/.gitignore
index 05272c2865..731c275ae1 100644
--- a/CryptoPkg/.gitignore
+++ b/CryptoPkg/.gitignore
@@ -1,2 +1 @@
-Include/openssl
-Library/OpensslLib/openssl-*/
+Library/OpensslLib/openssl*/
--
2.11.1.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v2 03/11] CryptoPkg/OpensslLib: Remove patch file and installation scripts.
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
2017-03-23 13:19 ` [PATCH v2 01/11] CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0x build Qin Long
2017-03-23 13:19 ` [PATCH v2 02/11] CryptoPkg: Update .gitignore for OpenSSL source masking Qin Long
@ 2017-03-23 13:19 ` Qin Long
2017-03-23 18:28 ` Laszlo Ersek
2017-03-23 13:19 ` [PATCH v2 04/11] CryptoPkg/OpensslLib: Add new Perl script for file list generation Qin Long
` (9 subsequent siblings)
12 siblings, 1 reply; 33+ messages in thread
From: Qin Long @ 2017-03-23 13:19 UTC (permalink / raw)
To: edk2-devel
Cc: ting.ye, jiaxin.wu, lersek, ard.biesheuvel, glin, ronald.cron,
Moso.Lee, thomas.palmer, David Woodhouse
This patch removes the EDKII-openssl-xxxx.patch, installation scripts,
and Patch-HOWTO.txt which were used for old OpenSSL-1.0.2xx enabling.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Qin Long <qin.long@intel.com>
---
.../Library/OpensslLib/EDKII_openssl-1.0.2k.patch | 2094 --------------------
CryptoPkg/Library/OpensslLib/Install.cmd | 80 -
CryptoPkg/Library/OpensslLib/Install.sh | 82 -
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 61 -
4 files changed, 2317 deletions(-)
delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch
delete mode 100755 CryptoPkg/Library/OpensslLib/Install.cmd
delete mode 100755 CryptoPkg/Library/OpensslLib/Install.sh
delete mode 100644 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch
deleted file mode 100644
index cc0ce6822e..0000000000
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch
+++ /dev/null
@@ -1,2094 +0,0 @@
-diff --git a/Configure b/Configure
-index 5da7cad..c2cc9c5 100755
---- a/Configure
-+++ b/Configure
-@@ -611,6 +611,9 @@ my %table=(
- # with itself, Applink is never engaged and can as well be omitted.
- "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
-
-+# UEFI
-+"UEFI", "cc:-DL_ENDIAN -O:::UEFI::::",
-+
- # UWIN
- "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
-
-@@ -1085,7 +1088,7 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"})
- }
-
- if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
-- || defined($disabled{"dh"}))
-+ || defined($disabled{"dh"}) || defined($disabled{"stdio"}))
- {
- $disabled{"gost"} = "forced";
- }
-diff --git a/apps/apps.c b/apps/apps.c
-index c487bd9..64ade15 100644
---- a/apps/apps.c
-+++ b/apps/apps.c
-@@ -2386,6 +2386,8 @@ int args_verify(char ***pargs, int *pargc,
- flags |= X509_V_FLAG_PARTIAL_CHAIN;
- else if (!strcmp(arg, "-no_alt_chains"))
- flags |= X509_V_FLAG_NO_ALT_CHAINS;
-+ else if (!strcmp(arg, "-no_check_time"))
-+ flags |= X509_V_FLAG_NO_CHECK_TIME;
- else if (!strcmp(arg, "-allow_proxy_certs"))
- flags |= X509_V_FLAG_ALLOW_PROXY_CERTS;
- else
-diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
-index 2d562f9..91203b7 100644
---- a/crypto/asn1/a_strex.c
-+++ b/crypto/asn1/a_strex.c
-@@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)
- return 1;
- }
-
-+#ifndef OPENSSL_NO_FP_API
- static int send_fp_chars(void *arg, const void *buf, int len)
- {
- if (!arg)
-@@ -112,6 +113,7 @@ static int send_fp_chars(void *arg, const void *buf, int len)
- return 0;
- return 1;
- }
-+#endif
-
- typedef int char_io (void *arg, const void *buf, int len);
-
-diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h
-index abc6dc3..3a672e9 100644
---- a/crypto/asn1/asn1_mac.h
-+++ b/crypto/asn1/asn1_mac.h
-@@ -70,7 +70,7 @@ extern "C" {
- # endif
-
- # define ASN1_MAC_H_err(f,r,line) \
-- ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
-+ ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),OPENSSL_FILE,(line))
-
- # define M_ASN1_D2I_vars(a,type,func) \
- ASN1_const_CTX c; \
-@@ -81,7 +81,7 @@ extern "C" {
- c.error=ERR_R_NESTED_ASN1_ERROR; \
- if ((a == NULL) || ((*a) == NULL)) \
- { if ((ret=(type)func()) == NULL) \
-- { c.line=__LINE__; goto err; } } \
-+ { c.line=OPENSSL_LINE; goto err; } } \
- else ret=(*a);
-
- # define M_ASN1_D2I_Init() \
-@@ -90,7 +90,7 @@ extern "C" {
-
- # define M_ASN1_D2I_Finish_2(a) \
- if (!asn1_const_Finish(&c)) \
-- { c.line=__LINE__; goto err; } \
-+ { c.line=OPENSSL_LINE; goto err; } \
- *(const unsigned char **)pp=c.p; \
- if (a != NULL) (*a)=ret; \
- return(ret);
-@@ -105,7 +105,7 @@ err:\
-
- # define M_ASN1_D2I_start_sequence() \
- if (!asn1_GetSequence(&c,&length)) \
-- { c.line=__LINE__; goto err; }
-+ { c.line=OPENSSL_LINE; goto err; }
- /* Begin reading ASN1 without a surrounding sequence */
- # define M_ASN1_D2I_begin() \
- c.slen = length;
-@@ -129,21 +129,21 @@ err:\
- # define M_ASN1_D2I_get(b, func) \
- c.q=c.p; \
- if (func(&(b),&c.p,c.slen) == NULL) \
-- {c.line=__LINE__; goto err; } \
-+ {c.line=OPENSSL_LINE; goto err; } \
- c.slen-=(c.p-c.q);
-
- /* Don't use this with d2i_ASN1_BOOLEAN() */
- # define M_ASN1_D2I_get_x(type,b,func) \
- c.q=c.p; \
- if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
-- {c.line=__LINE__; goto err; } \
-+ {c.line=OPENSSL_LINE; goto err; } \
- c.slen-=(c.p-c.q);
-
- /* use this instead () */
- # define M_ASN1_D2I_get_int(b,func) \
- c.q=c.p; \
- if (func(&(b),&c.p,c.slen) < 0) \
-- {c.line=__LINE__; goto err; } \
-+ {c.line=OPENSSL_LINE; goto err; } \
- c.slen-=(c.p-c.q);
-
- # define M_ASN1_D2I_get_opt(b,func,type) \
-@@ -164,7 +164,7 @@ err:\
- M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
- c.q=c.p; \
- if (func(&(b),&c.p,c.slen) == NULL) \
-- {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
-+ {c.line=OPENSSL_LINE; M_ASN1_next_prev = _tmp; goto err; } \
- c.slen-=(c.p-c.q);\
- M_ASN1_next_prev=_tmp;
-
-@@ -258,20 +258,20 @@ err:\
- c.q=c.p; \
- if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
- (void (*)())free_func,a,b) == NULL) \
-- { c.line=__LINE__; goto err; } \
-+ { c.line=OPENSSL_LINE; goto err; } \
- c.slen-=(c.p-c.q);
-
- # define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
- c.q=c.p; \
- if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
- free_func,a,b) == NULL) \
-- { c.line=__LINE__; goto err; } \
-+ { c.line=OPENSSL_LINE; goto err; } \
- c.slen-=(c.p-c.q);
-
- # define M_ASN1_D2I_get_set_strings(r,func,a,b) \
- c.q=c.p; \
- if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
-- { c.line=__LINE__; goto err; } \
-+ { c.line=OPENSSL_LINE; goto err; } \
- c.slen-=(c.p-c.q);
-
- # define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
-@@ -285,16 +285,16 @@ err:\
- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
- if (Tinf & 0x80) \
- { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-- c.line=__LINE__; goto err; } \
-+ c.line=OPENSSL_LINE; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
- Tlen = c.slen - (c.p - c.q) - 2; \
- if (func(&(r),&c.p,Tlen) == NULL) \
-- { c.line=__LINE__; goto err; } \
-+ { c.line=OPENSSL_LINE; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
- Tlen = c.slen - (c.p - c.q); \
- if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
- { c.error=ERR_R_MISSING_ASN1_EOS; \
-- c.line=__LINE__; goto err; } \
-+ c.line=OPENSSL_LINE; goto err; } \
- }\
- c.slen-=(c.p-c.q); \
- }
-@@ -310,18 +310,18 @@ err:\
- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
- if (Tinf & 0x80) \
- { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-- c.line=__LINE__; goto err; } \
-+ c.line=OPENSSL_LINE; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
- Tlen = c.slen - (c.p - c.q) - 2; \
- if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
- (void (*)())free_func, \
- b,V_ASN1_UNIVERSAL) == NULL) \
-- { c.line=__LINE__; goto err; } \
-+ { c.line=OPENSSL_LINE; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
- Tlen = c.slen - (c.p - c.q); \
- if(!ASN1_check_infinite_end(&c.p, Tlen)) \
- { c.error=ERR_R_MISSING_ASN1_EOS; \
-- c.line=__LINE__; goto err; } \
-+ c.line=OPENSSL_LINE; goto err; } \
- }\
- c.slen-=(c.p-c.q); \
- }
-@@ -337,17 +337,17 @@ err:\
- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
- if (Tinf & 0x80) \
- { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-- c.line=__LINE__; goto err; } \
-+ c.line=OPENSSL_LINE; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
- Tlen = c.slen - (c.p - c.q) - 2; \
- if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
- free_func,b,V_ASN1_UNIVERSAL) == NULL) \
-- { c.line=__LINE__; goto err; } \
-+ { c.line=OPENSSL_LINE; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
- Tlen = c.slen - (c.p - c.q); \
- if(!ASN1_check_infinite_end(&c.p, Tlen)) \
- { c.error=ERR_R_MISSING_ASN1_EOS; \
-- c.line=__LINE__; goto err; } \
-+ c.line=OPENSSL_LINE; goto err; } \
- }\
- c.slen-=(c.p-c.q); \
- }
-@@ -355,7 +355,7 @@ err:\
- /* New macros */
- # define M_ASN1_New_Malloc(ret,type) \
- if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
-- { c.line=__LINE__; goto err2; }
-+ { c.line=OPENSSL_LINE; goto err2; }
-
- # define M_ASN1_New(arg,func) \
- if (((arg)=func()) == NULL) return(NULL)
-diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
-index d5a5514..bede55c 100644
---- a/crypto/asn1/n_pkey.c
-+++ b/crypto/asn1/n_pkey.c
-@@ -193,7 +193,12 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
- OPENSSL_cleanse(pkey->private_key->data, rsalen);
-
- if (cb == NULL)
-+#ifndef OPENSSL_NO_UI
- cb = EVP_read_pw_string;
-+#else
-+ i = 1;
-+ else
-+#endif
- i = cb((char *)buf, 256, "Enter Private Key password:", 1);
- if (i != 0) {
- ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
-@@ -264,7 +269,11 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
- goto err;
- }
- if (cb == NULL)
-+#ifndef OPENSSL_NO_UI
- cb = EVP_read_pw_string;
-+#else
-+ goto err;
-+#endif
- if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL)
- goto err;
-
-diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
-index 8177fd2..4dab3bb 100644
---- a/crypto/bn/bn_prime.c
-+++ b/crypto/bn/bn_prime.c
-@@ -131,7 +131,7 @@
- static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
- const BIGNUM *a1_odd, int k, BN_CTX *ctx,
- BN_MONT_CTX *mont);
--static int probable_prime(BIGNUM *rnd, int bits);
-+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
- static int probable_prime_dh(BIGNUM *rnd, int bits,
- const BIGNUM *add, const BIGNUM *rem,
- BN_CTX *ctx);
-@@ -166,9 +166,13 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
- BIGNUM *t;
- int found = 0;
- int i, j, c1 = 0;
-- BN_CTX *ctx;
-+ BN_CTX *ctx = NULL;
-+ prime_t *mods = NULL;
- int checks = BN_prime_checks_for_size(bits);
-
-+ mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES);
-+ if (mods == NULL)
-+ goto err;
- ctx = BN_CTX_new();
- if (ctx == NULL)
- goto err;
-@@ -179,7 +183,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
- loop:
- /* make a random number and set the top and bottom bits */
- if (add == NULL) {
-- if (!probable_prime(ret, bits))
-+ if (!probable_prime(ret, bits, mods))
- goto err;
- } else {
- if (safe) {
-@@ -230,6 +234,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
- /* we have a prime :-) */
- found = 1;
- err:
-+ OPENSSL_free(mods);
- if (ctx != NULL) {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
-@@ -376,10 +381,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
- return 1;
- }
-
--static int probable_prime(BIGNUM *rnd, int bits)
-+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
- {
- int i;
-- prime_t mods[NUMPRIMES];
- BN_ULONG delta, maxdelta;
-
- again:
-diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
-index 8d926d5..c29e97d 100644
---- a/crypto/conf/conf.h
-+++ b/crypto/conf/conf.h
-@@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md);
-
- int CONF_set_default_method(CONF_METHOD *meth);
- void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
-+# ifndef OPENSSL_NO_STDIO
- LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
- long *eline);
-+# endif
- # ifndef OPENSSL_NO_FP_API
- LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
- long *eline);
-@@ -133,7 +135,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
- long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
- const char *name);
- void CONF_free(LHASH_OF(CONF_VALUE) *conf);
-+# ifndef OPENSSL_NO_FP_API
- int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
-+# endif
- int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
-
- void OPENSSL_config(const char *config_name);
-@@ -160,7 +164,9 @@ CONF_METHOD *NCONF_XML(void);
- void NCONF_free(CONF *conf);
- void NCONF_free_data(CONF *conf);
-
-+# ifndef OPENSSL_NO_STDIO
- int NCONF_load(CONF *conf, const char *file, long *eline);
-+# endif
- # ifndef OPENSSL_NO_FP_API
- int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
- # endif
-@@ -170,7 +176,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
- char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
- int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
- long *result);
-+# ifndef OPENSSL_NO_FP_API
- int NCONF_dump_fp(const CONF *conf, FILE *out);
-+# endif
- int NCONF_dump_bio(const CONF *conf, BIO *out);
-
- # if 0 /* The following function has no error
-@@ -184,8 +192,10 @@ long NCONF_get_number(CONF *conf, char *group, char *name);
-
- int CONF_modules_load(const CONF *cnf, const char *appname,
- unsigned long flags);
-+# ifndef OPENSSL_NO_STDIO
- int CONF_modules_load_file(const char *filename, const char *appname,
- unsigned long flags);
-+# endif
- void CONF_modules_unload(int all);
- void CONF_modules_finish(void);
- void CONF_modules_free(void);
-diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
-index 68c77ce..3d308c7 100644
---- a/crypto/conf/conf_def.c
-+++ b/crypto/conf/conf_def.c
-@@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf)
-
- static int def_load(CONF *conf, const char *name, long *line)
- {
-+#ifdef OPENSSL_NO_STDIO
-+ CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
-+ return 0;
-+#else
- int ret;
- BIO *in = NULL;
-
-@@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line)
- BIO_free(in);
-
- return ret;
-+#endif
- }
-
- static int def_load_bio(CONF *conf, BIO *in, long *line)
-diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
-index 5281384..952b545 100644
---- a/crypto/conf/conf_lib.c
-+++ b/crypto/conf/conf_lib.c
-@@ -90,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth)
- return 1;
- }
-
-+#ifndef OPENSSL_NO_STDIO
- LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
- long *eline)
- {
-@@ -111,6 +112,7 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
-
- return ltmp;
- }
-+#endif
-
- #ifndef OPENSSL_NO_FP_API
- LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
-@@ -255,6 +257,7 @@ void NCONF_free_data(CONF *conf)
- conf->meth->destroy_data(conf);
- }
-
-+#ifndef OPENSSL_NO_STDIO
- int NCONF_load(CONF *conf, const char *file, long *eline)
- {
- if (conf == NULL) {
-@@ -264,6 +267,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline)
-
- return conf->meth->load(conf, file, eline);
- }
-+#endif
-
- #ifndef OPENSSL_NO_FP_API
- int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
-diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
-index e0c9a67..13d93ea 100644
---- a/crypto/conf/conf_mod.c
-+++ b/crypto/conf/conf_mod.c
-@@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
-
- }
-
-+#ifndef OPENSSL_NO_STDIO
- int CONF_modules_load_file(const char *filename, const char *appname,
- unsigned long flags)
- {
-@@ -194,6 +195,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,
-
- return ret;
- }
-+#endif
-
- static int module_run(const CONF *cnf, char *name, char *value,
- unsigned long flags)
-diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
-index c042cf2..a25b636 100644
---- a/crypto/conf/conf_sap.c
-+++ b/crypto/conf/conf_sap.c
-@@ -87,9 +87,11 @@ void OPENSSL_config(const char *config_name)
- ENGINE_load_builtin_engines();
- #endif
- ERR_clear_error();
-+#ifndef OPENSSL_NO_STDIO
- CONF_modules_load_file(NULL, config_name,
- CONF_MFLAGS_DEFAULT_SECTION |
- CONF_MFLAGS_IGNORE_MISSING_FILE);
-+#endif
- openssl_configured = 1;
- }
-
-diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
-index 1925428..da4b34d 100644
---- a/crypto/cryptlib.c
-+++ b/crypto/cryptlib.c
-@@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void)
- return (0);
- }
- pointer->references = 1;
-- pointer->data = dynlock_create_callback(__FILE__, __LINE__);
-+ pointer->data = dynlock_create_callback(OPENSSL_FILE, OPENSSL_LINE);
- if (pointer->data == NULL) {
- OPENSSL_free(pointer);
- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
-@@ -289,7 +289,7 @@ int CRYPTO_get_new_dynlockid(void)
- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
- if (i == -1) {
-- dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
-+ dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);
- OPENSSL_free(pointer);
- } else
- i += 1; /* to avoid 0 */
-@@ -328,7 +328,7 @@ void CRYPTO_destroy_dynlockid(int i)
- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
- if (pointer) {
-- dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
-+ dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);
- OPENSSL_free(pointer);
- }
- }
-@@ -670,6 +670,7 @@ unsigned long *OPENSSL_ia32cap_loc(void)
- }
-
- # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
-+#include <stdio.h>
- # define OPENSSL_CPUID_SETUP
- # if defined(_WIN32)
- typedef unsigned __int64 IA32CAP;
-@@ -980,11 +981,13 @@ void OPENSSL_showfatal(const char *fmta, ...)
- #else
- void OPENSSL_showfatal(const char *fmta, ...)
- {
-+#ifndef OPENSSL_NO_STDIO
- va_list ap;
-
- va_start(ap, fmta);
- vfprintf(stderr, fmta, ap);
- va_end(ap);
-+#endif
- }
-
- int OPENSSL_isservice(void)
-@@ -1011,10 +1014,12 @@ void OpenSSLDie(const char *file, int line, const char *assertion)
- #endif
- }
-
-+#ifndef OPENSSL_NO_STDIO
- void *OPENSSL_stderr(void)
- {
- return stderr;
- }
-+#endif
-
- int CRYPTO_memcmp(const volatile void *in_a, const volatile void *in_b, size_t len)
- {
-diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h
-index fba180a..3e3ea5e 100644
---- a/crypto/cryptlib.h
-+++ b/crypto/cryptlib.h
-@@ -101,7 +101,9 @@ extern "C" {
- void OPENSSL_cpuid_setup(void);
- extern unsigned int OPENSSL_ia32cap_P[];
- void OPENSSL_showfatal(const char *fmta, ...);
-+#ifndef OPENSSL_NO_STDIO
- void *OPENSSL_stderr(void);
-+#endif
- extern int OPENSSL_NONPIC_relocated;
-
- #ifdef __cplusplus
-diff --git a/crypto/crypto.h b/crypto/crypto.h
-index 6c644ce..bea4ca1 100644
---- a/crypto/crypto.h
-+++ b/crypto/crypto.h
-@@ -235,15 +235,15 @@ typedef struct openssl_item_st {
- # ifndef OPENSSL_NO_LOCKING
- # ifndef CRYPTO_w_lock
- # define CRYPTO_w_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
- # define CRYPTO_w_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
- # define CRYPTO_r_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
- # define CRYPTO_r_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
- # define CRYPTO_add(addr,amount,type) \
-- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-+ CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)
- # endif
- # else
- # define CRYPTO_w_lock(a)
-@@ -378,19 +378,19 @@ int CRYPTO_is_mem_check_on(void);
- # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
- # define is_MemCheck_on() CRYPTO_is_mem_check_on()
-
--# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
--# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
-+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,OPENSSL_FILE,OPENSSL_LINE)
-+# define OPENSSL_strdup(str) CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE)
- # define OPENSSL_realloc(addr,num) \
-- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_realloc((char *)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)
- # define OPENSSL_realloc_clean(addr,old_num,num) \
-- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-+ CRYPTO_realloc_clean(addr,old_num,num,OPENSSL_FILE,OPENSSL_LINE)
- # define OPENSSL_remalloc(addr,num) \
-- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_remalloc((char **)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)
- # define OPENSSL_freeFunc CRYPTO_free
- # define OPENSSL_free(addr) CRYPTO_free(addr)
-
- # define OPENSSL_malloc_locked(num) \
-- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-+ CRYPTO_malloc_locked((int)num,OPENSSL_FILE,OPENSSL_LINE)
- # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
-
- const char *SSLeay_version(int type);
-@@ -545,7 +545,7 @@ void CRYPTO_set_mem_debug_options(long bits);
- long CRYPTO_get_mem_debug_options(void);
-
- # define CRYPTO_push_info(info) \
-- CRYPTO_push_info_(info, __FILE__, __LINE__);
-+ CRYPTO_push_info_(info, OPENSSL_FILE, OPENSSL_LINE);
- int CRYPTO_push_info_(const char *info, const char *file, int line);
- int CRYPTO_pop_info(void);
- int CRYPTO_remove_all_info(void);
-@@ -588,7 +588,7 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
-
- /* die if we have to */
- void OpenSSLDie(const char *file, int line, const char *assertion);
--# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
-+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1))
-
- unsigned long *OPENSSL_ia32cap_loc(void);
- # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
-@@ -605,14 +605,14 @@ void OPENSSL_init(void);
- # define fips_md_init_ctx(alg, cx) \
- int alg##_Init(cx##_CTX *c) \
- { \
-- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-+ if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \
- "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
- return private_##alg##_Init(c); \
- } \
- int private_##alg##_Init(cx##_CTX *c)
-
- # define fips_cipher_abort(alg) \
-- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-+ if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \
- "Low level API call to cipher " #alg " forbidden in FIPS mode!")
-
- # else
-diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
-index 01e275f..7633139 100644
---- a/crypto/des/read2pwd.c
-+++ b/crypto/des/read2pwd.c
-@@ -114,6 +114,10 @@
- #include <openssl/ui.h>
- #include <openssl/crypto.h>
-
-+#ifndef BUFSIZ
-+#define BUFSIZ 256
-+#endif
-+
- int DES_read_password(DES_cblock *key, const char *prompt, int verify)
- {
- int ok;
-diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile
-index 46fa5ac..cc366ec 100644
---- a/crypto/dh/Makefile
-+++ b/crypto/dh/Makefile
-@@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
- dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
- dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
- dh_gen.o: ../cryptlib.h dh_gen.c
--dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
- dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
- dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
- dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
-index a5bd901..6488879 100644
---- a/crypto/dh/dh.h
-+++ b/crypto/dh/dh.h
-@@ -240,11 +240,13 @@ DH *DH_get_1024_160(void);
- DH *DH_get_2048_224(void);
- DH *DH_get_2048_256(void);
-
-+# ifndef OPENSSL_NO_CMS
- /* RFC2631 KDF */
- int DH_KDF_X9_42(unsigned char *out, size_t outlen,
- const unsigned char *Z, size_t Zlen,
- ASN1_OBJECT *key_oid,
- const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
-+# endif
-
- # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
-@@ -337,7 +339,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
-
- /* KDF types */
- # define EVP_PKEY_DH_KDF_NONE 1
-+# ifndef OPENSSL_NO_CMS
- # define EVP_PKEY_DH_KDF_X9_42 2
-+# endif
-
- /* BEGIN ERROR CODES */
- /*
-diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
-index a882cb2..aace5fb 100644
---- a/crypto/dh/dh_kdf.c
-+++ b/crypto/dh/dh_kdf.c
-@@ -51,6 +51,9 @@
- * ====================================================================
- */
-
-+#include <e_os.h>
-+
-+#ifndef OPENSSL_NO_CMS
- #include <string.h>
- #include <openssl/dh.h>
- #include <openssl/evp.h>
-@@ -58,6 +61,7 @@
- #include <openssl/cms.h>
-
- /* Key derivation from X9.42/RFC2631 */
-+/* Uses CMS functions, hence the #ifdef wrapper. */
-
- #define DH_KDF_MAX (1L << 30)
-
-@@ -185,3 +189,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
- EVP_MD_CTX_cleanup(&mctx);
- return rv;
- }
-+#endif
-diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
-index b58e3fa..926be98 100644
---- a/crypto/dh/dh_pmeth.c
-+++ b/crypto/dh/dh_pmeth.c
-@@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
- case EVP_PKEY_CTRL_DH_KDF_TYPE:
- if (p1 == -2)
- return dctx->kdf_type;
-+#ifdef OPENSSL_NO_CMS
-+ if (p1 != EVP_PKEY_DH_KDF_NONE)
-+#else
- if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
-+#endif
- return -2;
- dctx->kdf_type = p1;
- return 1;
-@@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
- return ret;
- *keylen = ret;
- return 1;
-- } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
-+ }
-+#ifndef OPENSSL_NO_CMS
-+ else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
- unsigned char *Z = NULL;
- size_t Zlen = 0;
- if (!dctx->kdf_outlen || !dctx->kdf_oid)
-@@ -479,7 +485,8 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
- }
- return ret;
- }
-- return 1;
-+#endif
-+ return 0;
- }
-
- const EVP_PKEY_METHOD dh_pkey_meth = {
-diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
-index 46f163b..b4a72a0 100644
---- a/crypto/engine/eng_int.h
-+++ b/crypto/engine/eng_int.h
-@@ -88,7 +88,7 @@ extern "C" {
- (unsigned int)(e), (isfunct ? "funct" : "struct"), \
- ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
- ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
-- (__FILE__), (__LINE__));
-+ (OPENSSL_FILE), (OPENSSL_LINE));
-
- # else
-
-@@ -136,7 +136,7 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
- # else
- ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
- int l);
--# define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
-+# define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE)
- # endif
- typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,
- ENGINE *def, void *arg);
-diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
-index 34b0029..cf622bb 100644
---- a/crypto/engine/eng_openssl.c
-+++ b/crypto/engine/eng_openssl.c
-@@ -86,7 +86,9 @@
- * this is no longer automatic in ENGINE_load_builtin_engines().
- */
- #define TEST_ENG_OPENSSL_RC4
-+#ifndef OPENSSL_NO_FP_API
- #define TEST_ENG_OPENSSL_PKEY
-+#endif
- /* #define TEST_ENG_OPENSSL_RC4_OTHERS */
- #define TEST_ENG_OPENSSL_RC4_P_INIT
- /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
-diff --git a/crypto/err/err.h b/crypto/err/err.h
-index 585aa8b..04c6cfc 100644
---- a/crypto/err/err.h
-+++ b/crypto/err/err.h
-@@ -200,39 +200,39 @@ typedef struct err_state_st {
-
- # define ERR_LIB_USER 128
-
--# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
--# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
--# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
--# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
--# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
--# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
--# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
--# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
--# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
--# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
--# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
--# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
--# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
--# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
--# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
--# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
--# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
--# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
--# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
--# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
--# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
--# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
--# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
--# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
--# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
--# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
--# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
--# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
--# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
--# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
--# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
--# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
--# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
-+# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-+# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /*
- * Borland C seems too stupid to be able to shift and do longs in the
-diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
-index d258ef8..376f260 100644
---- a/crypto/evp/evp.h
-+++ b/crypto/evp/evp.h
-@@ -602,11 +602,13 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
- int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
- int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
-
-+#ifndef OPENSSL_NO_UI
- int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
- int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,
- const char *prompt, int verify);
- void EVP_set_pw_prompt(const char *prompt);
- char *EVP_get_pw_prompt(void);
-+#endif
-
- int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
- const unsigned char *salt, const unsigned char *data,
-diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
-index 5be9e33..63c8866 100644
---- a/crypto/evp/evp_key.c
-+++ b/crypto/evp/evp_key.c
-@@ -63,6 +63,7 @@
- #include <openssl/evp.h>
- #include <openssl/ui.h>
-
-+#ifndef OPENSSL_NO_UI
- /* should be init to zeros. */
- static char prompt_string[80];
-
-@@ -117,6 +118,7 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
- OPENSSL_cleanse(buff, BUFSIZ);
- return ret;
- }
-+#endif /* OPENSSL_NO_UI */
-
- int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
- const unsigned char *salt, const unsigned char *data,
-diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
-index 7a1c85d..7162c0f 100644
---- a/crypto/opensslconf.h.in
-+++ b/crypto/opensslconf.h.in
-@@ -1,5 +1,15 @@
- /* crypto/opensslconf.h.in */
-
-+#ifndef OPENSSL_FILE
-+#ifdef OPENSSL_NO_FILENAMES
-+#define OPENSSL_FILE ""
-+#define OPENSSL_LINE 0
-+#else
-+#define OPENSSL_FILE __FILE__
-+#define OPENSSL_LINE __LINE__
-+#endif
-+#endif
-+
- /* Generate 80386 code? */
- #undef I386_ONLY
-
-@@ -56,7 +66,7 @@
- #endif
- #endif
-
--#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI)
- #define CONFIG_HEADER_BN_H
- #undef BN_LLONG
-
-diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
-index aac72fb..d271ec8 100644
---- a/crypto/pem/pem.h
-+++ b/crypto/pem/pem.h
-@@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-
- # define DECLARE_PEM_read_fp(name, type) /**/
- # define DECLARE_PEM_write_fp(name, type) /**/
-+# define DECLARE_PEM_write_fp_const(name, type) /**/
- # define DECLARE_PEM_write_cb_fp(name, type) /**/
- # else
-
-@@ -417,6 +418,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
- pem_password_cb *cd, void *u);
- # endif
-
-+#ifndef OPENSSL_NO_FP_API
- int PEM_read(FILE *fp, char **name, char **header,
- unsigned char **data, long *len);
- int PEM_write(FILE *fp, const char *name, const char *hdr,
-@@ -428,6 +430,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
- int klen, pem_password_cb *callback, void *u);
- STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
- pem_password_cb *cb, void *u);
-+#endif
-
- int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
- EVP_MD *md_type, unsigned char **ek, int *ekl,
-@@ -494,6 +497,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
- EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
- void *u);
-
-+#ifndef OPENSSL_NO_FP_API
- int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-@@ -510,6 +514,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
- int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen, pem_password_cb *cd,
- void *u);
-+#endif
-
- EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
- int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
-diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
-index c82b3c0..56c77b1 100644
---- a/crypto/pem/pem_lib.c
-+++ b/crypto/pem/pem_lib.c
-@@ -84,7 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix);
-
- int PEM_def_callback(char *buf, int num, int w, void *key)
- {
--#ifdef OPENSSL_NO_FP_API
-+#if defined(OPENSSL_NO_FP_API) || defined(OPENSSL_NO_UI)
- /*
- * We should not ever call the default callback routine from windows.
- */
-diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
-index 5747c73..9edca4d 100644
---- a/crypto/pem/pem_pk8.c
-+++ b/crypto/pem/pem_pk8.c
-@@ -69,9 +69,11 @@
- static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
- int nid, const EVP_CIPHER *enc,
- char *kstr, int klen, pem_password_cb *cb, void *u);
-+#ifndef OPENSSL_NO_FP_API
- static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
- int nid, const EVP_CIPHER *enc,
- char *kstr, int klen, pem_password_cb *cb, void *u);
-+#endif
-
- /*
- * These functions write a private key in PKCS#8 format: it is a "drop in"
-diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
-index dc9b484..e75c4b2 100644
---- a/crypto/pkcs7/pk7_smime.c
-+++ b/crypto/pkcs7/pk7_smime.c
-@@ -64,6 +64,8 @@
- #include <openssl/x509.h>
- #include <openssl/x509v3.h>
-
-+#define BUFFERSIZE 4096
-+
- static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
-
- PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-@@ -254,7 +256,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
- STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
- PKCS7_SIGNER_INFO *si;
- X509_STORE_CTX cert_ctx;
-- char buf[4096];
-+ char *buf = NULL;
- int i, j = 0, k, ret = 0;
- BIO *p7bio = NULL;
- BIO *tmpin = NULL, *tmpout = NULL;
-@@ -373,8 +375,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
- tmpout = out;
-
- /* We now have to 'read' from p7bio to calculate digests etc. */
-+ if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
- for (;;) {
-- i = BIO_read(p7bio, buf, sizeof(buf));
-+ i = BIO_read(p7bio, buf, BUFFERSIZE);
- if (i <= 0)
- break;
- if (tmpout)
-@@ -405,6 +411,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
- ret = 1;
-
- err:
-+ OPENSSL_free(buf);
- if (tmpin == indata) {
- if (indata)
- BIO_pop(p7bio);
-@@ -523,7 +530,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
- {
- BIO *tmpmem;
- int ret, i;
-- char buf[4096];
-+ char *buf = NULL;
-
- if (!p7) {
- PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
-@@ -567,24 +574,30 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
- }
- BIO_free_all(bread);
- return ret;
-- } else {
-- for (;;) {
-- i = BIO_read(tmpmem, buf, sizeof(buf));
-- if (i <= 0) {
-- ret = 1;
-- if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
-- if (!BIO_get_cipher_status(tmpmem))
-- ret = 0;
-- }
--
-- break;
-- }
-- if (BIO_write(data, buf, i) != i) {
-- ret = 0;
-- break;
-+ }
-+ if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
-+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+ for (;;) {
-+ i = BIO_read(tmpmem, buf, BUFFERSIZE);
-+ if (i <= 0) {
-+ ret = 1;
-+ if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
-+ if (!BIO_get_cipher_status(tmpmem))
-+ ret = 0;
- }
-+
-+ break;
-+ }
-+ if (BIO_write(data, buf, i) != i) {
-+ ret = 0;
-+ break;
- }
-- BIO_free_all(tmpmem);
-- return ret;
- }
-+
-+err:
-+ OPENSSL_free(buf);
-+ BIO_free_all(tmpmem);
-+ return ret;
- }
-diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
-index 737aebf..f23f348 100644
---- a/crypto/rand/rand_egd.c
-+++ b/crypto/rand/rand_egd.c
-@@ -95,7 +95,7 @@
- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
- */
-
--#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS)
-+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS) || defined(OPENSSL_SYS_UEFI)
- int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
- {
- return (-1);
-diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
-index 6c5b65d..11ee152 100644
---- a/crypto/rand/rand_unix.c
-+++ b/crypto/rand/rand_unix.c
-@@ -116,7 +116,7 @@
- #include <openssl/rand.h>
- #include "rand_lcl.h"
-
--#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
-+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
-
- # include <sys/types.h>
- # include <sys/time.h>
-@@ -439,7 +439,7 @@ int RAND_poll(void)
- * defined(OPENSSL_SYS_VXWORKS) ||
- * defined(OPENSSL_SYS_NETWARE)) */
-
--#if defined(OPENSSL_SYS_VXWORKS)
-+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
- int RAND_poll(void)
- {
- return 0;
-diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h
-index 028892a..4ed4bfe 100644
---- a/crypto/srp/srp.h
-+++ b/crypto/srp/srp.h
-@@ -119,7 +119,9 @@ DECLARE_STACK_OF(SRP_gN)
-
- SRP_VBASE *SRP_VBASE_new(char *seed_key);
- int SRP_VBASE_free(SRP_VBASE *vb);
-+#ifndef OPENSSL_NO_STDIO
- int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
-+#endif
-
- /* This method ignores the configured seed and fails for an unknown user. */
- SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
-diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
-index a8ec52a..ce20804 100644
---- a/crypto/srp/srp_vfy.c
-+++ b/crypto/srp/srp_vfy.c
-@@ -228,6 +228,7 @@ static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
- return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));
- }
-
-+#ifndef OPENSSL_NO_STDIO
- static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
- const char *v)
- {
-@@ -254,6 +255,7 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
- vinfo->v = NULL;
- return 0;
- }
-+#endif
-
- static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
- {
-@@ -312,6 +314,7 @@ int SRP_VBASE_free(SRP_VBASE *vb)
- return 0;
- }
-
-+#ifndef OPENSSL_NO_STDIO
- static SRP_gN_cache *SRP_gN_new_init(const char *ch)
- {
- unsigned char tmp[MAX_LEN];
-@@ -346,6 +349,7 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache)
- BN_free(gN_cache->bn);
- OPENSSL_free(gN_cache);
- }
-+#endif
-
- static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
- {
-@@ -362,6 +366,7 @@ static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
- return SRP_get_default_gN(id);
- }
-
-+#ifndef OPENSSL_NO_STDIO
- static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
- {
- int i;
-@@ -503,6 +508,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
- return error_code;
-
- }
-+#endif
-
- static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username)
- {
-diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h
-index 2daa1b2..5205bc5 100644
---- a/crypto/ts/ts.h
-+++ b/crypto/ts/ts.h
-@@ -281,8 +281,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
-
- TS_REQ *TS_REQ_dup(TS_REQ *a);
-
-+#ifndef OPENSSL_NO_FP_API
- TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
- int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
-+#endif
- TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
- int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
-
-@@ -294,10 +296,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
-
- TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
-
-+#ifndef OPENSSL_NO_FP_API
- TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
- int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
--TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
--int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
-+#endif
-+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);
-+int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);
-
- TS_RESP *TS_RESP_new(void);
- void TS_RESP_free(TS_RESP *a);
-@@ -306,10 +310,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
- TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
- TS_RESP *TS_RESP_dup(TS_RESP *a);
-
-+#ifndef OPENSSL_NO_FP_API
- TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
- int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
--TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
--int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
-+#endif
-+TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);
-+int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);
-
- TS_STATUS_INFO *TS_STATUS_INFO_new(void);
- void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
-@@ -325,10 +331,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
- long length);
- TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
-
-+#ifndef OPENSSL_NO_FP_API
- TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
- int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
--TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
--int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
-+#endif
-+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);
-+int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);
-
- TS_ACCURACY *TS_ACCURACY_new(void);
- void TS_ACCURACY_free(TS_ACCURACY *a);
-@@ -731,15 +739,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
- * ts/ts_conf.c
- */
-
-+#ifndef OPENSSL_NO_STDIO
- X509 *TS_CONF_load_cert(const char *file);
- STACK_OF(X509) *TS_CONF_load_certs(const char *file);
- EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
-+#endif
- const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
- int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
- TS_RESP_CTX *ctx);
- int TS_CONF_set_crypto_device(CONF *conf, const char *section,
- const char *device);
- int TS_CONF_set_default_engine(const char *name);
-+#ifndef OPENSSL_NO_STDIO
- int TS_CONF_set_signer_cert(CONF *conf, const char *section,
- const char *cert, TS_RESP_CTX *ctx);
- int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
-@@ -747,6 +758,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
- int TS_CONF_set_signer_key(CONF *conf, const char *section,
- const char *key, const char *pass,
- TS_RESP_CTX *ctx);
-+#endif
- int TS_CONF_set_def_policy(CONF *conf, const char *section,
- const char *policy, TS_RESP_CTX *ctx);
- int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
-@@ -787,6 +799,11 @@ void ERR_load_TS_strings(void);
- # define TS_F_TS_CHECK_SIGNING_CERTS 103
- # define TS_F_TS_CHECK_STATUS_INFO 104
- # define TS_F_TS_COMPUTE_IMPRINT 145
-+# define TS_F_TS_CONF_INVALID 151
-+# define TS_F_TS_CONF_LOAD_CERT 153
-+# define TS_F_TS_CONF_LOAD_CERTS 154
-+# define TS_F_TS_CONF_LOAD_KEY 155
-+# define TS_F_TS_CONF_LOOKUP_FAIL 152
- # define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146
- # define TS_F_TS_GET_STATUS_TEXT 105
- # define TS_F_TS_MSG_IMPRINT_SET_ALGO 118
-@@ -825,6 +842,8 @@ void ERR_load_TS_strings(void);
- /* Reason codes. */
- # define TS_R_BAD_PKCS7_TYPE 132
- # define TS_R_BAD_TYPE 133
-+# define TS_R_CANNOT_LOAD_CERT 137
-+# define TS_R_CANNOT_LOAD_KEY 138
- # define TS_R_CERTIFICATE_VERIFY_ERROR 100
- # define TS_R_COULD_NOT_SET_ENGINE 127
- # define TS_R_COULD_NOT_SET_TIME 115
-@@ -857,6 +876,8 @@ void ERR_load_TS_strings(void);
- # define TS_R_UNACCEPTABLE_POLICY 125
- # define TS_R_UNSUPPORTED_MD_ALGORITHM 126
- # define TS_R_UNSUPPORTED_VERSION 113
-+# define TS_R_VAR_BAD_VALUE 135
-+# define TS_R_VAR_LOOKUP_FAILURE 136
- # define TS_R_WRONG_CONTENT_TYPE 114
-
- #ifdef __cplusplus
-diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
-index 4716b23..c4416ba 100644
---- a/crypto/ts/ts_conf.c
-+++ b/crypto/ts/ts_conf.c
-@@ -92,6 +92,7 @@
-
- /* Function definitions for certificate and key loading. */
-
-+#ifndef OPENSSL_NO_STDIO
- X509 *TS_CONF_load_cert(const char *file)
- {
- BIO *cert = NULL;
-@@ -102,7 +103,7 @@ X509 *TS_CONF_load_cert(const char *file)
- x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
- end:
- if (x == NULL)
-- fprintf(stderr, "unable to load certificate: %s\n", file);
-+ TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT);
- BIO_free(cert);
- return x;
- }
-@@ -129,7 +130,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)
- }
- end:
- if (othercerts == NULL)
-- fprintf(stderr, "unable to load certificates: %s\n", file);
-+ TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT);
- sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
- BIO_free(certs);
- return othercerts;
-@@ -145,21 +146,24 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)
- pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);
- end:
- if (pkey == NULL)
-- fprintf(stderr, "unable to load private key: %s\n", file);
-+ TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY);
- BIO_free(key);
- return pkey;
- }
-+#endif /* !OPENSSL_NO_STDIO */
-
- /* Function definitions for handling configuration options. */
-
- static void TS_CONF_lookup_fail(const char *name, const char *tag)
- {
-- fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag);
-+ TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE);
-+ ERR_add_error_data(3, name, "::", tag);
- }
-
- static void TS_CONF_invalid(const char *name, const char *tag)
- {
-- fprintf(stderr, "invalid variable value for %s::%s\n", name, tag);
-+ TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE);
-+ ERR_add_error_data(3, name, "::", tag);
- }
-
- const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)
-@@ -237,6 +241,7 @@ int TS_CONF_set_default_engine(const char *name)
-
- #endif
-
-+#ifndef OPENSSL_NO_STDIO
- int TS_CONF_set_signer_cert(CONF *conf, const char *section,
- const char *cert, TS_RESP_CTX *ctx)
- {
-@@ -302,6 +307,7 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section,
- EVP_PKEY_free(key_obj);
- return ret;
- }
-+#endif /* !OPENSSL_NO_STDIO */
-
- int TS_CONF_set_def_policy(CONF *conf, const char *section,
- const char *policy, TS_RESP_CTX *ctx)
-diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c
-index ff1abf4..3f5b78f 100644
---- a/crypto/ts/ts_err.c
-+++ b/crypto/ts/ts_err.c
-@@ -1,6 +1,6 @@
- /* crypto/ts/ts_err.c */
- /* ====================================================================
-- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
-+ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
-@@ -87,6 +87,11 @@ static ERR_STRING_DATA TS_str_functs[] = {
- {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"},
- {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"},
- {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"},
-+ {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"},
-+ {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"},
-+ {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"},
-+ {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"},
-+ {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"},
- {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"},
- {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"},
- {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"},
-@@ -132,6 +137,8 @@ static ERR_STRING_DATA TS_str_functs[] = {
- static ERR_STRING_DATA TS_str_reasons[] = {
- {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},
- {ERR_REASON(TS_R_BAD_TYPE), "bad type"},
-+ {ERR_REASON(TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},
-+ {ERR_REASON(TS_R_CANNOT_LOAD_KEY), "cannot load private key"},
- {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
- {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"},
- {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"},
-@@ -170,6 +177,8 @@ static ERR_STRING_DATA TS_str_reasons[] = {
- {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},
- {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"},
- {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"},
-+ {ERR_REASON(TS_R_VAR_BAD_VALUE), "var bad value"},
-+ {ERR_REASON(TS_R_VAR_LOOKUP_FAILURE), "cannot find config variable"},
- {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"},
- {0, NULL}
- };
-diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
-index 0f29011..80dd40e 100644
---- a/crypto/ui/ui_util.c
-+++ b/crypto/ui/ui_util.c
-@@ -56,6 +56,10 @@
- #include <string.h>
- #include "ui_locl.h"
-
-+#ifndef BUFSIZ
-+#define BUFSIZ 256
-+#endif
-+
- int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
- int verify)
- {
-diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
-index bbc3189..29695f9 100644
---- a/crypto/x509/by_dir.c
-+++ b/crypto/x509/by_dir.c
-@@ -69,6 +69,8 @@
- # include <sys/stat.h>
- #endif
-
-+#ifndef OPENSSL_NO_STDIO
-+
- #include <openssl/lhash.h>
- #include <openssl/x509.h>
-
-@@ -438,3 +440,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
- BUF_MEM_free(b);
- return (ok);
- }
-+
-+#endif /* OPENSSL_NO_STDIO */
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index b147201..5bf3f07 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -1064,6 +1064,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
- ctx->current_crl = crl;
- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
- ptime = &ctx->param->check_time;
-+ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
-+ return 1;
- else
- ptime = NULL;
-
-@@ -1805,6 +1807,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
-
- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
- ptime = &ctx->param->check_time;
-+ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
-+ return 1;
- else
- ptime = NULL;
-
-diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
-index 5062682..e90d931 100644
---- a/crypto/x509/x509_vfy.h
-+++ b/crypto/x509/x509_vfy.h
-@@ -443,6 +443,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
- * will force the behaviour to match that of previous versions.
- */
- # define X509_V_FLAG_NO_ALT_CHAINS 0x100000
-+/* Do not check certificate/CRL validity against current time */
-+# define X509_V_FLAG_NO_CHECK_TIME 0x200000
-
- # define X509_VP_FLAG_DEFAULT 0x1
- # define X509_VP_FLAG_OVERWRITE 0x2
-@@ -496,8 +498,10 @@ X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
-
- X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
-
-+#ifndef OPENSSL_NO_STDIO
- X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
- X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
-+#endif
-
- int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
- int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
-diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
-index c3a6fce..09ebbca 100644
---- a/crypto/x509v3/ext_dat.h
-+++ b/crypto/x509v3/ext_dat.h
-@@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
- &v3_idp,
- &v3_alt[2],
- &v3_freshest_crl,
-+#ifndef OPENSSL_NO_SCT
- &v3_ct_scts[0],
- &v3_ct_scts[1],
-+#endif
- };
-
- /* Number of standard extensions */
-diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
-index 34cad53..12f12a7 100644
---- a/crypto/x509v3/v3_pci.c
-+++ b/crypto/x509v3/v3_pci.c
-@@ -149,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val,
- goto err;
- }
- OPENSSL_free(tmp_data2);
-+#ifndef OPENSSL_NO_STDIO
- } else if (strncmp(val->value, "file:", 5) == 0) {
- unsigned char buf[2048];
- int n;
-@@ -181,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val,
- X509V3_conf_err(val);
- goto err;
- }
-+#endif /* !OPENSSL_NO_STDIO */
- } else if (strncmp(val->value, "text:", 5) == 0) {
- val_len = strlen(val->value + 5);
- tmp_data = OPENSSL_realloc((*policy)->data,
-diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c
-index 0b7c681..1895b8f 100644
---- a/crypto/x509v3/v3_scts.c
-+++ b/crypto/x509v3/v3_scts.c
-@@ -61,6 +61,7 @@
- #include <openssl/asn1.h>
- #include <openssl/x509v3.h>
-
-+#ifndef OPENSSL_NO_SCT
- /* Signature and hash algorithms from RFC 5246 */
- #define TLSEXT_hash_sha256 4
-
-@@ -332,3 +333,4 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
-
- return 1;
- }
-+#endif
-diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
-index f5c6156..a2e78aa 100644
---- a/crypto/x509v3/x509v3.h
-+++ b/crypto/x509v3/x509v3.h
-@@ -688,8 +688,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
- int ml);
- int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
- int indent);
-+#ifndef OPENSSL_NO_FP_API
- int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
--
-+#endif
- int X509V3_extensions_print(BIO *out, char *title,
- STACK_OF(X509_EXTENSION) *exts,
- unsigned long flag, int indent);
-diff --git a/demos/engines/cluster_labs/hw_cluster_labs_err.h b/demos/engines/cluster_labs/hw_cluster_labs_err.h
-index 3300e11..e9e58d5 100644
---- a/demos/engines/cluster_labs/hw_cluster_labs_err.h
-+++ b/demos/engines/cluster_labs/hw_cluster_labs_err.h
-@@ -67,7 +67,7 @@ extern "C" {
- static void ERR_load_CL_strings(void);
- static void ERR_unload_CL_strings(void);
- static void ERR_CL_error(int function, int reason, char *file, int line);
--# define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
-+# define CLerr(f,r) ERR_CL_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /* Error codes for the CL functions. */
-
-diff --git a/demos/engines/ibmca/hw_ibmca_err.h b/demos/engines/ibmca/hw_ibmca_err.h
-index c17e0c9..10d0212 100644
---- a/demos/engines/ibmca/hw_ibmca_err.h
-+++ b/demos/engines/ibmca/hw_ibmca_err.h
-@@ -67,7 +67,7 @@ extern "C" {
- static void ERR_load_IBMCA_strings(void);
- static void ERR_unload_IBMCA_strings(void);
- static void ERR_IBMCA_error(int function, int reason, char *file, int line);
--# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
-+# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /* Error codes for the IBMCA functions. */
-
-diff --git a/demos/engines/rsaref/rsaref_err.h b/demos/engines/rsaref/rsaref_err.h
-index 4356815..598836f 100644
---- a/demos/engines/rsaref/rsaref_err.h
-+++ b/demos/engines/rsaref/rsaref_err.h
-@@ -68,7 +68,7 @@ extern "C" {
- static void ERR_load_RSAREF_strings(void);
- static void ERR_unload_RSAREF_strings(void);
- static void ERR_RSAREF_error(int function, int reason, char *file, int line);
--# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
-+# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
- /* Error codes for the RSAREF functions. */
-
- /* Function codes. */
-diff --git a/demos/engines/zencod/hw_zencod_err.h b/demos/engines/zencod/hw_zencod_err.h
-index f4a8358..94d3293 100644
---- a/demos/engines/zencod/hw_zencod_err.h
-+++ b/demos/engines/zencod/hw_zencod_err.h
-@@ -67,7 +67,7 @@ extern "C" {
- static void ERR_load_ZENCOD_strings(void);
- static void ERR_unload_ZENCOD_strings(void);
- static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
--# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
-+# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /* Error codes for the ZENCOD functions. */
-
-diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
-index 44792f9..7f95d58 100644
---- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
-+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
-@@ -203,6 +203,10 @@ chain found is not trusted, then OpenSSL will continue to check to see if an
- alternative chain can be found that is trusted. With this flag set the behaviour
- will match that of OpenSSL versions prior to 1.0.2b.
-
-+The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period
-+of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time()
-+is used to specify a verification time, the check is not suppressed.
-+
- =head1 NOTES
-
- The above functions should be used to manipulate verification parameters
-diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod
-index dc0e939..fe123bb 100644
---- a/doc/crypto/threads.pod
-+++ b/doc/crypto/threads.pod
-@@ -51,15 +51,15 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
- void CRYPTO_lock(int mode, int n, const char *file, int line);
-
- #define CRYPTO_w_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
- #define CRYPTO_w_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
- #define CRYPTO_r_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
- #define CRYPTO_r_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
- #define CRYPTO_add(addr,amount,type) \
-- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-+ CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)
-
- =head1 DESCRIPTION
-
-diff --git a/e_os.h b/e_os.h
-index 1fa36c1..3e9dae2 100644
---- a/e_os.h
-+++ b/e_os.h
-@@ -136,7 +136,7 @@ extern "C" {
- # define MSDOS
- # endif
-
--# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
-+# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)
- # define GETPID_IS_MEANINGLESS
- # endif
-
-diff --git a/e_os2.h b/e_os2.h
-index 7be9989..909e22f 100644
---- a/e_os2.h
-+++ b/e_os2.h
-@@ -97,7 +97,14 @@ extern "C" {
- * For 32 bit environment, there seems to be the CygWin environment and then
- * all the others that try to do the same thing Microsoft does...
- */
--# if defined(OPENSSL_SYSNAME_UWIN)
-+/*
-+ * UEFI lives here because it might be built with a Microsoft toolchain and
-+ * we need to avoid the false positive match on Windows.
-+ */
-+# if defined(OPENSSL_SYSNAME_UEFI)
-+# undef OPENSSL_SYS_UNIX
-+# define OPENSSL_SYS_UEFI
-+# elif defined(OPENSSL_SYSNAME_UWIN)
- # undef OPENSSL_SYS_UNIX
- # define OPENSSL_SYS_WIN32_UWIN
- # else
-diff --git a/engines/ccgost/e_gost_err.h b/engines/ccgost/e_gost_err.h
-index a2018ec..9eacdcf 100644
---- a/engines/ccgost/e_gost_err.h
-+++ b/engines/ccgost/e_gost_err.h
-@@ -67,7 +67,7 @@ extern "C" {
- void ERR_load_GOST_strings(void);
- void ERR_unload_GOST_strings(void);
- void ERR_GOST_error(int function, int reason, char *file, int line);
--# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)
-+# define GOSTerr(f,r) ERR_GOST_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /* Error codes for the GOST functions. */
-
-diff --git a/engines/e_4758cca_err.h b/engines/e_4758cca_err.h
-index 2f29d96..47a2635 100644
---- a/engines/e_4758cca_err.h
-+++ b/engines/e_4758cca_err.h
-@@ -67,7 +67,7 @@ extern "C" {
- static void ERR_load_CCA4758_strings(void);
- static void ERR_unload_CCA4758_strings(void);
- static void ERR_CCA4758_error(int function, int reason, char *file, int line);
--# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
-+# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /* Error codes for the CCA4758 functions. */
-
-diff --git a/engines/e_aep_err.h b/engines/e_aep_err.h
-index 2ed0114..1f8fa5b 100644
---- a/engines/e_aep_err.h
-+++ b/engines/e_aep_err.h
-@@ -67,7 +67,7 @@ extern "C" {
- static void ERR_load_AEPHK_strings(void);
- static void ERR_unload_AEPHK_strings(void);
- static void ERR_AEPHK_error(int function, int reason, char *file, int line);
--# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
-+# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /* Error codes for the AEPHK functions. */
-
-diff --git a/engines/e_atalla_err.h b/engines/e_atalla_err.h
-index 7b71eff..d958496 100644
---- a/engines/e_atalla_err.h
-+++ b/engines/e_atalla_err.h
-@@ -67,7 +67,7 @@ extern "C" {
- static void ERR_load_ATALLA_strings(void);
- static void ERR_unload_ATALLA_strings(void);
- static void ERR_ATALLA_error(int function, int reason, char *file, int line);
--# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
-+# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /* Error codes for the ATALLA functions. */
-
-diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h
-index b5d06dc..cfe46b1 100644
---- a/engines/e_capi_err.h
-+++ b/engines/e_capi_err.h
-@@ -67,7 +67,7 @@ extern "C" {
- static void ERR_load_CAPI_strings(void);
- static void ERR_unload_CAPI_strings(void);
- static void ERR_CAPI_error(int function, int reason, char *file, int line);
--# define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)
-+# define CAPIerr(f,r) ERR_CAPI_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /* Error codes for the CAPI functions. */
-
-diff --git a/engines/e_chil_err.h b/engines/e_chil_err.h
-index d86a4ce..3d961b9 100644
---- a/engines/e_chil_err.h
-+++ b/engines/e_chil_err.h
-@@ -67,7 +67,7 @@ extern "C" {
- static void ERR_load_HWCRHK_strings(void);
- static void ERR_unload_HWCRHK_strings(void);
- static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
--# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
-+# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /* Error codes for the HWCRHK functions. */
-
-diff --git a/engines/e_cswift_err.h b/engines/e_cswift_err.h
-index fde3a82..7c20691 100644
---- a/engines/e_cswift_err.h
-+++ b/engines/e_cswift_err.h
-@@ -67,7 +67,7 @@ extern "C" {
- static void ERR_load_CSWIFT_strings(void);
- static void ERR_unload_CSWIFT_strings(void);
- static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
--# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
-+# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /* Error codes for the CSWIFT functions. */
-
-diff --git a/engines/e_gmp_err.h b/engines/e_gmp_err.h
-index 637abbc..ccaf3da 100644
---- a/engines/e_gmp_err.h
-+++ b/engines/e_gmp_err.h
-@@ -67,7 +67,7 @@ extern "C" {
- static void ERR_load_GMP_strings(void);
- static void ERR_unload_GMP_strings(void);
- static void ERR_GMP_error(int function, int reason, char *file, int line);
--# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)
-+# define GMPerr(f,r) ERR_GMP_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /* Error codes for the GMP functions. */
-
-diff --git a/engines/e_nuron_err.h b/engines/e_nuron_err.h
-index aa7849c..e607d3e 100644
---- a/engines/e_nuron_err.h
-+++ b/engines/e_nuron_err.h
-@@ -67,7 +67,7 @@ extern "C" {
- static void ERR_load_NURON_strings(void);
- static void ERR_unload_NURON_strings(void);
- static void ERR_NURON_error(int function, int reason, char *file, int line);
--# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
-+# define NURONerr(f,r) ERR_NURON_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /* Error codes for the NURON functions. */
-
-diff --git a/engines/e_sureware_err.h b/engines/e_sureware_err.h
-index bef8623..54f2848 100644
---- a/engines/e_sureware_err.h
-+++ b/engines/e_sureware_err.h
-@@ -68,7 +68,7 @@ static void ERR_load_SUREWARE_strings(void);
- static void ERR_unload_SUREWARE_strings(void);
- static void ERR_SUREWARE_error(int function, int reason, char *file,
- int line);
--# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
-+# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /* Error codes for the SUREWARE functions. */
-
-diff --git a/engines/e_ubsec_err.h b/engines/e_ubsec_err.h
-index c8aec7c..67110ed 100644
---- a/engines/e_ubsec_err.h
-+++ b/engines/e_ubsec_err.h
-@@ -67,7 +67,7 @@ extern "C" {
- static void ERR_load_UBSEC_strings(void);
- static void ERR_unload_UBSEC_strings(void);
- static void ERR_UBSEC_error(int function, int reason, char *file, int line);
--# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
-+# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- /* Error codes for the UBSEC functions. */
-
-diff --git a/makevms.com b/makevms.com
-index f6b3ff2..1dcbe36 100755
---- a/makevms.com
-+++ b/makevms.com
-@@ -293,6 +293,7 @@ $ CONFIG_LOGICALS := AES,-
- RFC3779,-
- RIPEMD,-
- RSA,-
-+ SCT,-
- SCTP,-
- SEED,-
- SHA,-
-diff --git a/ssl/d1_both.c b/ssl/d1_both.c
-index 9bc6153..b5648eb 100644
---- a/ssl/d1_both.c
-+++ b/ssl/d1_both.c
-@@ -1068,7 +1068,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
- int dtls1_read_failed(SSL *s, int code)
- {
- if (code > 0) {
-- fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
-+ fprintf(stderr, "dtls1_read_failed(); invalid state reached\n");
- return 1;
- }
-
-diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
-index 499f0e8..5672f99 100644
---- a/ssl/ssl_asn1.c
-+++ b/ssl/ssl_asn1.c
-@@ -418,7 +418,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
- if (ssl_version == SSL2_VERSION) {
- if (os.length != 3) {
- c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
-- c.line = __LINE__;
-+ c.line = OPENSSL_LINE;
- goto err;
- }
- id = 0x02000000L |
-@@ -429,14 +429,14 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
- || ssl_version == DTLS1_BAD_VER) {
- if (os.length != 2) {
- c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
-- c.line = __LINE__;
-+ c.line = OPENSSL_LINE;
- goto err;
- }
- id = 0x03000000L |
- ((unsigned long)os.data[0] << 8L) | (unsigned long)os.data[1];
- } else {
- c.error = SSL_R_UNKNOWN_SSL_VERSION;
-- c.line = __LINE__;
-+ c.line = OPENSSL_LINE;
- goto err;
- }
-
-@@ -526,7 +526,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
- if (os.data != NULL) {
- if (os.length > SSL_MAX_SID_CTX_LENGTH) {
- c.error = SSL_R_BAD_LENGTH;
-- c.line = __LINE__;
-+ c.line = OPENSSL_LINE;
- OPENSSL_free(os.data);
- os.data = NULL;
- os.length = 0;
-diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
-index 1be6fb0..cbec97c 100644
---- a/ssl/ssl_cert.c
-+++ b/ssl/ssl_cert.c
-@@ -855,12 +855,12 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
- return (add_client_CA(&(ctx->client_CA), x));
- }
-
-+#ifndef OPENSSL_NO_STDIO
- static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
- {
- return (X509_NAME_cmp(*a, *b));
- }
-
--#ifndef OPENSSL_NO_STDIO
- /**
- * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
- * it doesn't really have anything to do with clients (except that a common use
-@@ -928,7 +928,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
- ERR_clear_error();
- return (ret);
- }
--#endif
-
- /**
- * Add a file of certs to a stack.
-@@ -1048,6 +1047,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
- CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
- return ret;
- }
-+#endif /* !OPENSSL_NO_STDIO */
-
- /* Add a certificate to a BUF_MEM structure */
-
-diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
-index 8d3709d..2bb403b 100644
---- a/ssl/ssl_conf.c
-+++ b/ssl/ssl_conf.c
-@@ -370,6 +370,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
- return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
- }
-
-+#ifndef OPENSSL_NO_STDIO
- static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
- {
- int rv = 1;
-@@ -436,7 +437,9 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
- BIO_free(in);
- return rv > 0;
- }
--#endif
-+#endif /* !OPENSSL_NO_DH */
-+#endif /* !OPENSSL_NO_STDIO */
-+
- typedef struct {
- int (*cmd) (SSL_CONF_CTX *cctx, const char *value);
- const char *str_file;
-@@ -462,12 +465,14 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
- SSL_CONF_CMD_STRING(CipherString, "cipher"),
- SSL_CONF_CMD_STRING(Protocol, NULL),
- SSL_CONF_CMD_STRING(Options, NULL),
-+#ifndef OPENSSL_NO_STDIO
- SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),
- SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),
- SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),
- #ifndef OPENSSL_NO_DH
- SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)
- #endif
-+#endif
- };
-
- static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
-diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
-index b6d1ee9..75f38cd 100644
---- a/ssl/t1_enc.c
-+++ b/ssl/t1_enc.c
-@@ -779,9 +779,7 @@ int tls1_enc(SSL *s, int send)
- * we can't write into the input stream: Can this ever
- * happen?? (steve)
- */
-- fprintf(stderr,
-- "%s:%d: rec->data != rec->input\n",
-- __FILE__, __LINE__);
-+ fprintf(stderr, "tls1_enc: rec->data != rec->input\n");
- else if (RAND_bytes(rec->input, ivlen) <= 0)
- return -1;
- }
-diff --git a/test/cms-test.pl b/test/cms-test.pl
-index baa3b59..1ee3f02 100644
---- a/test/cms-test.pl
-+++ b/test/cms-test.pl
-@@ -100,6 +100,13 @@ my $no_ec2m;
- my $no_ecdh;
- my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
-
-+system ("$ossl_path no-cms > $null_path");
-+if ($? == 0)
-+ {
-+ print "CMS disabled\n";
-+ exit 0;
-+ }
-+
- system ("$ossl_path no-ec > $null_path");
- if ($? == 0)
- {
-diff --git a/util/libeay.num b/util/libeay.num
-index 2094ab3..992abb2 100755
---- a/util/libeay.num
-+++ b/util/libeay.num
-@@ -4370,7 +4370,7 @@ DH_compute_key_padded 4732 EXIST::FUNCTION:DH
- ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA
- CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS
- CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS
--DH_KDF_X9_42 4735 EXIST::FUNCTION:DH
-+DH_KDF_X9_42 4735 EXIST::FUNCTION:CMS,DH
- RSA_OAEP_PARAMS_free 4736 EXIST::FUNCTION:RSA
- EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES
- RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
-diff --git a/util/mkdef.pl b/util/mkdef.pl
-index b9b159a..9841498 100755
---- a/util/mkdef.pl
-+++ b/util/mkdef.pl
-@@ -97,6 +97,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
- "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
- # Engines
- "STATIC_ENGINE", "ENGINE", "HW", "GMP",
-+ # X.509v3 Signed Certificate Timestamps
-+ "SCT",
- # RFC3779
- "RFC3779",
- # TLS
-@@ -144,7 +146,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
- my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
- my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
- my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
--my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
-+my $no_sct; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
- my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc;
- my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
- my $no_unit_test; my $no_ssl3_method; my $no_ssl2_method;
-@@ -235,6 +237,7 @@ foreach (@ARGV, split(/ /, $options))
- elsif (/^no-engine$/) { $no_engine=1; }
- elsif (/^no-hw$/) { $no_hw=1; }
- elsif (/^no-gmp$/) { $no_gmp=1; }
-+ elsif (/^no-sct$/) { $no_sct=1; }
- elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
- elsif (/^no-tlsext$/) { $no_tlsext=1; }
- elsif (/^no-cms$/) { $no_cms=1; }
-@@ -1209,6 +1212,7 @@ sub is_valid
- if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
- if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
- if ($keyword eq "GMP" && $no_gmp) { return 0; }
-+ if ($keyword eq "SCT" && $no_sct) { return 0; }
- if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
- if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
- if ($keyword eq "PSK" && $no_psk) { return 0; }
-diff --git a/util/mkerr.pl b/util/mkerr.pl
-index c197f3a..97b295c 100644
---- a/util/mkerr.pl
-+++ b/util/mkerr.pl
-@@ -89,7 +89,7 @@ Options:
- void ERR_load_<LIB>_strings(void);
- void ERR_unload_<LIB>_strings(void);
- void ERR_<LIB>_error(int f, int r, char *fn, int ln);
-- #define <LIB>err(f,r) ERR_<LIB>_error(f,r,__FILE__,__LINE__)
-+ #define <LIB>err(f,r) ERR_<LIB>_error(f,r,OPENSSL_FILE,OPENSSL_LINE)
- while the code facilitates the use of these in an environment
- where the error support routines are dynamically loaded at
- runtime.
-@@ -482,7 +482,7 @@ EOF
- ${staticloader}void ERR_load_${lib}_strings(void);
- ${staticloader}void ERR_unload_${lib}_strings(void);
- ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
--# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
-+# define ${lib}err(f,r) ERR_${lib}_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- EOF
- }
diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd b/CryptoPkg/Library/OpensslLib/Install.cmd
deleted file mode 100755
index e040cda259..0000000000
--- a/CryptoPkg/Library/OpensslLib/Install.cmd
+++ /dev/null
@@ -1,80 +0,0 @@
-cd openssl-1.0.2k
-copy ..\opensslconf.h crypto
-if not exist include\openssl mkdir include\openssl
-copy e_os2.h include\openssl
-copy crypto\crypto.h include\openssl
-copy crypto\opensslv.h include\openssl
-copy crypto\opensslconf.h include\openssl
-copy crypto\ebcdic.h include\openssl
-copy crypto\symhacks.h include\openssl
-copy crypto\ossl_typ.h include\openssl
-copy crypto\o_dir.h include
-copy crypto\objects\objects.h include\openssl
-copy crypto\objects\obj_mac.h include\openssl
-copy crypto\md4\md4.h include\openssl
-copy crypto\md5\md5.h include\openssl
-copy crypto\sha\sha.h include\openssl
-copy crypto\mdc2\mdc2.h include\openssl
-copy crypto\hmac\hmac.h include\openssl
-copy crypto\ripemd\ripemd.h include\openssl
-copy crypto\whrlpool\whrlpool.h include\openssl
-copy crypto\des\des.h include\openssl
-copy crypto\des\des_old.h include\openssl
-copy crypto\aes\aes.h include\openssl
-copy crypto\rc2\rc2.h include\openssl
-copy crypto\rc4\rc4.h include\openssl
-copy crypto\idea\idea.h include\openssl
-copy crypto\bf\blowfish.h include\openssl
-copy crypto\cast\cast.h include\openssl
-copy crypto\camellia\camellia.h include\openssl
-copy crypto\seed\seed.h include\openssl
-copy crypto\modes\modes.h include\openssl
-copy crypto\bn\bn.h include\openssl
-copy crypto\ec\ec.h include\openssl
-copy crypto\rsa\rsa.h include\openssl
-copy crypto\dsa\dsa.h include\openssl
-copy crypto\ecdsa\ecdsa.h include\openssl
-copy crypto\dh\dh.h include\openssl
-copy crypto\ecdh\ecdh.h include\openssl
-copy crypto\dso\dso.h include\openssl
-copy crypto\engine\engine.h include\openssl
-copy crypto\buffer\buffer.h include\openssl
-copy crypto\bio\bio.h include\openssl
-copy crypto\stack\stack.h include\openssl
-copy crypto\stack\safestack.h include\openssl
-copy crypto\lhash\lhash.h include\openssl
-copy crypto\rand\rand.h include\openssl
-copy crypto\err\err.h include\openssl
-copy crypto\evp\evp.h include\openssl
-copy crypto\asn1\asn1.h include\openssl
-copy crypto\asn1\asn1_mac.h include\openssl
-copy crypto\asn1\asn1t.h include\openssl
-copy crypto\pem\pem.h include\openssl
-copy crypto\pem\pem2.h include\openssl
-copy crypto\x509\x509.h include\openssl
-copy crypto\x509\x509_vfy.h include\openssl
-copy crypto\x509v3\x509v3.h include\openssl
-copy crypto\conf\conf.h include\openssl
-copy crypto\conf\conf_api.h include\openssl
-copy crypto\txt_db\txt_db.h include\openssl
-copy crypto\pkcs7\pkcs7.h include\openssl
-copy crypto\pkcs12\pkcs12.h include\openssl
-copy crypto\comp\comp.h include\openssl
-copy crypto\ocsp\ocsp.h include\openssl
-copy crypto\ui\ui.h include\openssl
-copy crypto\ui\ui_compat.h include\openssl
-copy crypto\krb5\krb5_asn.h include\openssl
-copy crypto\cms\cms.h include\openssl
-copy crypto\pqueue\pqueue.h include\openssl
-copy crypto\ts\ts.h include\openssl
-copy crypto\srp\srp.h include\openssl
-copy crypto\cmac\cmac.h include\openssl
-copy ssl\ssl.h include\openssl
-copy ssl\ssl2.h include\openssl
-copy ssl\ssl3.h include\openssl
-copy ssl\ssl23.h include\openssl
-copy ssl\tls1.h include\openssl
-copy ssl\dtls1.h include\openssl
-copy ssl\kssl.h include\openssl
-copy ssl\srtp.h include\openssl
-cd ..
diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh
deleted file mode 100755
index 40811e20a6..0000000000
--- a/CryptoPkg/Library/OpensslLib/Install.sh
+++ /dev/null
@@ -1,82 +0,0 @@
-#!/bin/sh
-
-cd openssl-1.0.2k
-cp ../opensslconf.h crypto
-mkdir -p include/openssl
-cp e_os2.h include/openssl
-cp crypto/crypto.h include/openssl
-cp crypto/opensslv.h include/openssl
-cp crypto/opensslconf.h include/openssl
-cp crypto/ebcdic.h include/openssl
-cp crypto/symhacks.h include/openssl
-cp crypto/ossl_typ.h include/openssl
-cp crypto/o_dir.h include
-cp crypto/objects/objects.h include/openssl
-cp crypto/objects/obj_mac.h include/openssl
-cp crypto/md4/md4.h include/openssl
-cp crypto/md5/md5.h include/openssl
-cp crypto/sha/sha.h include/openssl
-cp crypto/mdc2/mdc2.h include/openssl
-cp crypto/hmac/hmac.h include/openssl
-cp crypto/ripemd/ripemd.h include/openssl
-cp crypto/whrlpool/whrlpool.h include/openssl
-cp crypto/des/des.h include/openssl
-cp crypto/des/des_old.h include/openssl
-cp crypto/aes/aes.h include/openssl
-cp crypto/rc2/rc2.h include/openssl
-cp crypto/rc4/rc4.h include/openssl
-cp crypto/idea/idea.h include/openssl
-cp crypto/bf/blowfish.h include/openssl
-cp crypto/cast/cast.h include/openssl
-cp crypto/camellia/camellia.h include/openssl
-cp crypto/seed/seed.h include/openssl
-cp crypto/modes/modes.h include/openssl
-cp crypto/bn/bn.h include/openssl
-cp crypto/ec/ec.h include/openssl
-cp crypto/rsa/rsa.h include/openssl
-cp crypto/dsa/dsa.h include/openssl
-cp crypto/ecdsa/ecdsa.h include/openssl
-cp crypto/dh/dh.h include/openssl
-cp crypto/ecdh/ecdh.h include/openssl
-cp crypto/dso/dso.h include/openssl
-cp crypto/engine/engine.h include/openssl
-cp crypto/buffer/buffer.h include/openssl
-cp crypto/bio/bio.h include/openssl
-cp crypto/stack/stack.h include/openssl
-cp crypto/stack/safestack.h include/openssl
-cp crypto/lhash/lhash.h include/openssl
-cp crypto/rand/rand.h include/openssl
-cp crypto/err/err.h include/openssl
-cp crypto/evp/evp.h include/openssl
-cp crypto/asn1/asn1.h include/openssl
-cp crypto/asn1/asn1_mac.h include/openssl
-cp crypto/asn1/asn1t.h include/openssl
-cp crypto/pem/pem.h include/openssl
-cp crypto/pem/pem2.h include/openssl
-cp crypto/x509/x509.h include/openssl
-cp crypto/x509/x509_vfy.h include/openssl
-cp crypto/x509v3/x509v3.h include/openssl
-cp crypto/conf/conf.h include/openssl
-cp crypto/conf/conf_api.h include/openssl
-cp crypto/txt_db/txt_db.h include/openssl
-cp crypto/pkcs7/pkcs7.h include/openssl
-cp crypto/pkcs12/pkcs12.h include/openssl
-cp crypto/comp/comp.h include/openssl
-cp crypto/ocsp/ocsp.h include/openssl
-cp crypto/ui/ui.h include/openssl
-cp crypto/ui/ui_compat.h include/openssl
-cp crypto/krb5/krb5_asn.h include/openssl
-cp crypto/cms/cms.h include/openssl
-cp crypto/pqueue/pqueue.h include/openssl
-cp crypto/ts/ts.h include/openssl
-cp crypto/srp/srp.h include/openssl
-cp crypto/cmac/cmac.h include/openssl
-cp ssl/ssl.h include/openssl
-cp ssl/ssl2.h include/openssl
-cp ssl/ssl3.h include/openssl
-cp ssl/ssl23.h include/openssl
-cp ssl/tls1.h include/openssl
-cp ssl/dtls1.h include/openssl
-cp ssl/kssl.h include/openssl
-cp ssl/srtp.h include/openssl
-cd ..
diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
deleted file mode 100644
index 8418802ac7..0000000000
--- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
+++ /dev/null
@@ -1,61 +0,0 @@
-
-================================================================================
- Introduction
-================================================================================
- OpenSSL is a well-known open source implementation of SSL and TLS protocols.
-The core library implements the basic cryptographic functions and provides various
-utility functions. The OpenSSL library is widely used in variety of security
-products development as base crypto provider. (See http://www.openssl.org for more
-information for OpenSSL).
- UEFI (Unified Extensible Firmware Interface) is a specification detailing the
-interfaces between OS and platform firmware. Several security features were
-introduced (e.g. Authenticated Variable Service, Driver Signing, etc) from UEFI
-2.2 (http://www.uefi.org). These security features highly depends on the
-cryptography. This patch will enable openssl building under UEFI environment.
-
-
-================================================================================
- OpenSSL-Version
-================================================================================
- Current supported OpenSSL version for UEFI Crypto Library is 1.0.2k.
- http://www.openssl.org/source/openssl-1.0.2k.tar.gz
-
-
-================================================================================
- HOW to Install Openssl for UEFI Building
-================================================================================
-1. Download OpenSSL 1.0.2k from official website:
- http://www.openssl.org/source/openssl-1.0.2k.tar.gz
-
- NOTE: Some web browsers may rename the downloaded TAR file to openssl-1.0.2k.tar.tar.
- When you do the download, rename the "openssl-1.0.2k.tar.tar" to
- "openssl-1.0.2k.tar.gz" or rename the local downloaded file with ".tar.tar"
- extension to ".tar.gz".
-
-2. Extract TAR into CryptoPkg/Library/OpensslLib/openssl-1.0.2k
-
- NOTE: If you use WinZip to unpack the openssl source in Windows, please
- uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
- Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
-
-3. Apply this patch: EDKII_openssl-1.0.2k.patch, and make installation
-
- For Windows Environment:
- ------------------------
- 1) Make sure the patch utility has been installed in your machine.
- Install Cygwin or get the patch utility binary from
- http://gnuwin32.sourceforge.net/packages/patch.htm
- 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-1.0.2k
- 3) patch -p1 -i ..\EDKII_openssl-1.0.2k.patch
- 4) cd ..
- 5) Install.cmd
-
- For Linux* Environment:
- -----------------------
- 1) Make sure the patch utility has been installed in your machine.
- Patch utility is available from http://directory.fsf.org/project/patch/
- 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-1.0.2k
- 3) patch -p1 -i ../EDKII_openssl-1.0.2k.patch
- 4) cd ..
- 5) ./Install.sh
-
--
2.11.1.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v2 04/11] CryptoPkg/OpensslLib: Add new Perl script for file list generation.
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
` (2 preceding siblings ...)
2017-03-23 13:19 ` [PATCH v2 03/11] CryptoPkg/OpensslLib: Remove patch file and installation scripts Qin Long
@ 2017-03-23 13:19 ` Qin Long
2017-03-23 18:29 ` Laszlo Ersek
2017-03-23 13:19 ` [PATCH v2 05/11] CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document Qin Long
` (8 subsequent siblings)
12 siblings, 1 reply; 33+ messages in thread
From: Qin Long @ 2017-03-23 13:19 UTC (permalink / raw)
To: edk2-devel
Cc: ting.ye, jiaxin.wu, lersek, ard.biesheuvel, glin, ronald.cron,
Moso.Lee, thomas.palmer, David Woodhouse
OpenSSL-1.1.0xx configure mechanism was updated with new configdata.
This patch update process_file.sh script to new Perl-based script for
auto generation of file list and openssl config file (opensslconf.h).
This only needs to be done once by a developer when updating to a new
version of OpenSSL (or changing options, etc.). Normal users do not
need to do this, since the results are already stored in the EDK2 git
repository.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Qin Long <qin.long@intel.com>
---
CryptoPkg/Library/OpensslLib/process_files.pl | 223 ++++++++++++++++++++++++++
CryptoPkg/Library/OpensslLib/process_files.sh | 110 -------------
2 files changed, 223 insertions(+), 110 deletions(-)
create mode 100644 CryptoPkg/Library/OpensslLib/process_files.pl
delete mode 100755 CryptoPkg/Library/OpensslLib/process_files.sh
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
new file mode 100644
index 0000000000..210811b9ed
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -0,0 +1,223 @@
+#!/usr/bin/perl -w
+#
+# This script runs the OpenSSL Configure script, then processes the
+# resulting file list into our local OpensslLib[Crypto].inf and also
+# takes a copy of opensslconf.h.
+#
+# This only needs to be done once by a developer when updating to a
+# new version of OpenSSL (or changing options, etc.). Normal users
+# do not need to do this, since the results are stored in the EDK2
+# git repository for them.
+#
+use strict;
+use Cwd;
+use File::Copy;
+
+#
+# Find the openssl directory name for use lib. We have to do this
+# inside of BEGIN. The variables we create here, however, don't seem
+# to be available to the main script, so we have to repeat the
+# exercise.
+#
+my $inf_file;
+my $OPENSSL_PATH;
+my @inf;
+
+BEGIN {
+ $inf_file = "OpensslLib.inf";
+
+ # Read the contents of the inf file
+ open( FD, "<" . $inf_file ) ||
+ die "Cannot open \"" . $inf_file . "\"!";
+ @inf = (<FD>);
+ close(FD) ||
+ die "Cannot close \"" . $inf_file . "\"!";
+
+ foreach (@inf) {
+ if (/DEFINE\s+OPENSSL_PATH\s*=\s*([a-z]+)/) {
+
+ # We need to run Configure before we can include its result...
+ $OPENSSL_PATH = $1;
+
+ my $basedir = getcwd();
+
+ chdir($OPENSSL_PATH) ||
+ die "Cannot change to OpenSSL directory \"" . $OPENSSL_PATH . "\"";
+
+ # Configure UEFI
+ system(
+ "./Configure",
+ "UEFI",
+ "no-afalgeng",
+ "no-asm",
+ "no-async",
+ "no-autoalginit",
+ "no-autoerrinit",
+ "no-bf",
+ "no-blake2",
+ "no-camellia",
+ "no-capieng",
+ "no-cast",
+ "no-chacha",
+ "no-cms",
+ "no-ct",
+ "no-deprecated",
+ "no-dgram",
+ "no-dsa",
+ "no-dynamic-engine",
+ "no-ec",
+ "no-ec2m",
+ "no-engine",
+ "no-err",
+ "no-filenames",
+ "no-gost",
+ "no-hw",
+ "no-idea",
+ "no-mdc2",
+ "no-pic",
+ "no-ocb",
+ "no-poly1305",
+ "no-posix-io",
+ "no-rc2",
+ "no-rfc3779",
+ "no-rmd160",
+ "no-scrypt",
+ "no-seed",
+ "no-sock",
+ "no-srp",
+ "no-ssl",
+ "no-stdio",
+ "no-threads",
+ "no-ts",
+ "no-ui",
+ "no-whirlpool"
+ ) == 0 ||
+ die "OpenSSL Configure failed!\n";
+
+ # Generate opensslconf.h per config data
+ system(
+ "perl -I. -Mconfigdata util/dofile.pl " .
+ "include/openssl/opensslconf.h.in " .
+ "> include/openssl/opensslconf.h"
+ ) == 0 ||
+ die "Failed to generate opensslconf.h!\n";
+
+ chdir($basedir) ||
+ die "Cannot change to base directory \"" . $basedir . "\"";
+
+ push @INC, $1;
+ last;
+ }
+ }
+}
+
+#
+# Retrieve file lists from OpenSSL configdata
+#
+use configdata qw/%unified_info/;
+
+my @cryptofilelist = ();
+my @sslfilelist = ();
+foreach my $product ((@{$unified_info{libraries}},
+ @{$unified_info{engines}})) {
+ foreach my $o (@{$unified_info{sources}->{$product}}) {
+ foreach my $s (@{$unified_info{sources}->{$o}}) {
+ next if ($unified_info{generate}->{$s});
+ next if $s =~ "crypto/bio/b_print.c";
+ if ($product =~ "libssl") {
+ push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
+ next;
+ }
+ push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
+ }
+ }
+}
+
+#
+# Update OpensslLib.inf with autogenerated file list
+#
+my @new_inf = ();
+my $subbing = 0;
+print "\n--> Updating OpensslLib.inf ... ";
+foreach (@inf) {
+ if ( $_ =~ "# Autogenerated files list starts here" ) {
+ push @new_inf, $_, @cryptofilelist, @sslfilelist;
+ $subbing = 1;
+ next;
+ }
+ if ( $_ =~ "# Autogenerated files list ends here" ) {
+ push @new_inf, $_;
+ $subbing = 0;
+ next;
+ }
+
+ push @new_inf, $_
+ unless ($subbing);
+}
+
+my $new_inf_file = $inf_file . ".new";
+open( FD, ">" . $new_inf_file ) ||
+ die $new_inf_file;
+print( FD @new_inf ) ||
+ die $new_inf_file;
+close(FD) ||
+ die $new_inf_file;
+rename( $new_inf_file, $inf_file ) ||
+ die "rename $inf_file";
+print "Done!";
+
+#
+# Update OpensslLibCrypto.inf with auto-generated file list (no libssl)
+#
+$inf_file = "OpensslLibCrypto.inf";
+
+# Read the contents of the inf file
+@inf = ();
+@new_inf = ();
+open( FD, "<" . $inf_file ) ||
+ die "Cannot open \"" . $inf_file . "\"!";
+@inf = (<FD>);
+close(FD) ||
+ die "Cannot close \"" . $inf_file . "\"!";
+
+$subbing = 0;
+print "\n--> Updating OpensslLibCrypto.inf ... ";
+foreach (@inf) {
+ if ( $_ =~ "# Autogenerated files list starts here" ) {
+ push @new_inf, $_, @cryptofilelist;
+ $subbing = 1;
+ next;
+ }
+ if ( $_ =~ "# Autogenerated files list ends here" ) {
+ push @new_inf, $_;
+ $subbing = 0;
+ next;
+ }
+
+ push @new_inf, $_
+ unless ($subbing);
+}
+
+$new_inf_file = $inf_file . ".new";
+open( FD, ">" . $new_inf_file ) ||
+ die $new_inf_file;
+print( FD @new_inf ) ||
+ die $new_inf_file;
+close(FD) ||
+ die $new_inf_file;
+rename( $new_inf_file, $inf_file ) ||
+ die "rename $inf_file";
+print "Done!";
+
+#
+# Copy opensslconf.h generated from OpenSSL Configuration
+#
+print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
+copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
+ $OPENSSL_PATH . "/../../../Include/openssl/") ||
+ die "Cannot copy opensslconf.h!";
+print "Done!\n";
+
+print "\nProcessing Files Done!\n";
+
+exit(0);
diff --git a/CryptoPkg/Library/OpensslLib/process_files.sh b/CryptoPkg/Library/OpensslLib/process_files.sh
deleted file mode 100755
index 9f10409824..0000000000
--- a/CryptoPkg/Library/OpensslLib/process_files.sh
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/bin/sh
-#
-# This script runs the OpenSSL Configure script, then processes the resulting
-# file list into our local OpensslLib.inf and OpensslLibCrypto.inf, and also
-# takes a copy of opensslconf.h.
-#
-# This only needs to be done once by a developer when updating to a
-# new version of OpenSSL (or changing options, etc.). Normal users
-# do not need to do this, since the results are stored in the EDK2
-# git repository for them.
-
-OPENSSL_PATH=$(sed -n '/DEFINE OPENSSL_PATH/{s/.* \(openssl-[0-9.]*[a-z]*\)[[:space:]]*/\1/ p}' OpensslLib.inf)
-OPENSSL_CRYPTO_PATH=$(sed -n '/DEFINE OPENSSL_PATH/{s/.* \(openssl-[0-9.]*[a-z]*\)[[:space:]]*/\1/ p}' OpensslLibCrypto.inf)
-
-if [ "$OPENSSL_PATH" != "$OPENSSL_CRYPTO_PATH" ]; then
- echo "OPENSSL_PATH diverges between OpensslLib.inf and OpensslLibCrypto.inf"
- exit 1
-fi
-
-if ! cd "${OPENSSL_PATH}" ; then
- echo "Cannot change to OpenSSL directory \"${OPENSSL_PATH}\""
- exit 1
-fi
-
-./Configure UEFI \
- no-asm \
- no-bf \
- no-camellia \
- no-capieng \
- no-cast \
- no-cms \
- no-deprecated \
- no-dgram \
- no-dsa \
- no-dynamic-engine \
- no-ec \
- no-ecdh \
- no-ecdsa \
- no-engine \
- no-engines \
- no-err \
- no-filenames \
- no-fp-api \
- no-hw \
- no-idea \
- no-jpake \
- no-krb5 \
- no-locking \
- no-mdc2 \
- no-posix-io \
- no-rc2 \
- no-rcs \
- no-rfc3779 \
- no-ripemd \
- no-scrypt \
- no-sct \
- no-seed \
- no-sha0 \
- no-sock \
- no-srp \
- no-ssl \
- no-stdio \
- no-threads \
- no-ts \
- no-ui \
- no-whirlpool \
- || exit 1
-
-make files
-cd -
-
-function filelist ()
-{
- SSL_SELECT="$1"
-
- echo '1,/# Autogenerated files list starts here/p'
- echo '/# Autogenerated files list ends here/,$p'
- echo '/# Autogenerated files list starts here/a\'
-
- while read LINE; do
- case "$LINE" in
- RELATIVE_DIRECTORY=*)
- eval "$LINE"
- ;;
- LIBSRC=*)
- LIBSRC=$(echo "$LINE" | sed s/^LIBSRC=//)
- if [ "$RELATIVE_DIRECTORY" != "ssl" ] ||
- [ "$SSL_SELECT" = "crypto-and-ssl" ]; then
- for FILE in $LIBSRC; do
- if [ "$FILE" != "b_print.c" ]; then
- echo -e ' $(OPENSSL_PATH)/'$RELATIVE_DIRECTORY/$FILE\\r\\
- fi
- done
- fi
- ;;
- esac
- done
- echo -e \\r
-}
-
-filelist crypto-and-ssl < "${OPENSSL_PATH}/MINFO" \
-| sed -n -f - -i OpensslLib.inf
-
-filelist crypto-only < "${OPENSSL_PATH}/MINFO" \
-| sed -n -f - -i OpensslLibCrypto.inf
-
-# We can tell Windows users to put this back manually if they can't run
-# Configure. For now, until the git repository is fixed to store things
-# sanely, also convert to DOS line-endings
-unix2dos -n "${OPENSSL_PATH}/crypto/opensslconf.h" opensslconf.h
--
2.11.1.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v2 05/11] CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document.
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
` (3 preceding siblings ...)
2017-03-23 13:19 ` [PATCH v2 04/11] CryptoPkg/OpensslLib: Add new Perl script for file list generation Qin Long
@ 2017-03-23 13:19 ` Qin Long
2017-03-23 18:31 ` Laszlo Ersek
2017-03-27 9:58 ` Gary Lin
2017-03-23 13:19 ` [PATCH v2 06/11] CryptoPkg: Fix handling of &strcmp function pointers Qin Long
` (7 subsequent siblings)
12 siblings, 2 replies; 33+ messages in thread
From: Qin Long @ 2017-03-23 13:19 UTC (permalink / raw)
To: edk2-devel
Cc: ting.ye, jiaxin.wu, lersek, ard.biesheuvel, glin, ronald.cron,
Moso.Lee, thomas.palmer, David Woodhouse
Add one new OpenSSL-HOWTO.txt to introduce how to clone / download
the latest OpenSSL release source for build.
ALso update buildinf.h to reflect the latest update time.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Qin Long <qin.long@intel.com>
---
CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt | 53 ++++++++++++++++++++++++++
CryptoPkg/Library/OpensslLib/buildinf.h | 2 +-
2 files changed, 54 insertions(+), 1 deletion(-)
create mode 100644 CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
diff --git a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
new file mode 100644
index 0000000000..e8b0bab010
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
@@ -0,0 +1,53 @@
+
+=============================================================================
+ Introduction
+=============================================================================
+ OpenSSL is a well-known open source implementation of SSL/TLS protocols.
+The core library implements the cryptographic and SSL/TLS functions and
+also provides various utility functions. The OpenSSL library is widely used
+in variety of security products development as base crypto provider.
+(See http://www.openssl.org/ for more information about OpenSSL).
+ UEFI (Unified Extensible Firmware Interface) is a specification detailing
+the interfaces between OS and platform firmware. Several security features
+were introduced (e.g. Authenticated Variable Service, Driver Signing, etc)
+from UEFI 2.2 (http://www.uefi.org/). These security features highly depend
+on the cryptography.
+ This HOWTO documents OpenSSL building under UEFI/EDKII environment.
+
+=============================================================================
+ OpenSSL-Version
+=============================================================================
+ EDKII supports building with the latest release of OpenSSL.
+ The latest official release is OpenSSL-1.1.0e (Released at 2017-Feb-16).
+ NOTE: Only latest release version was fully validated.
+ And no guarantees on build & functionality if using other versions.
+
+=============================================================================
+ HOW to Install OpenSSL for UEFI Building
+=============================================================================
+1. Clone the latest official OpenSSL release into the directory
+ CryptoPkg/Library/OpensslLib/openssl/
+
+ Use OpenSSL-1.1.0e release as one example:
+ (OpenSSL_1_1_0e below is the tag name for the OpenSSL-1.1.0e release)
+ > cd CryptoPkg/Library/OpensslLib
+ > git clone -b OpenSSL_1_1_0e https://github.com/openssl/openssl openssl
+ or
+ > git clone https://github.com/openssl/openssl openssl
+ > git checkout OpenSSL_1_1_0e
+Or
+2. Download the latest OpenSSL release package from the official website:
+ https://www.openssl.org/source/
+ and unpack the OpenSSL source into:
+ CryptoPkg/Library/OpensslLib/openssl/
+
+=============================================================================
+ About process_files.pl
+=============================================================================
+ "process_files.pl" is one Perl script which runs the OpenSSL Configure,
+then processes the resulting file list into our local OpensslLib.inf and
+OpensslLibCrypto.inf.
+ This only needs to be done once by the maintainer / developer when
+updating to a new version of OpenSSL (or changing options, etc.).
+Normal users do not need do this, since the results are already stored in
+the EDKII git repository for them.
diff --git a/CryptoPkg/Library/OpensslLib/buildinf.h b/CryptoPkg/Library/OpensslLib/buildinf.h
index 673bf787c1..3d967d2a86 100644
--- a/CryptoPkg/Library/OpensslLib/buildinf.h
+++ b/CryptoPkg/Library/OpensslLib/buildinf.h
@@ -1,2 +1,2 @@
#define PLATFORM "UEFI"
-#define DATE "Mon Mar 8 14:17:05 PDT 2010"
+#define DATE "Tues Mar 21 01:23:45 PDT 2017"
--
2.11.1.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v2 06/11] CryptoPkg: Fix handling of &strcmp function pointers
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
` (4 preceding siblings ...)
2017-03-23 13:19 ` [PATCH v2 05/11] CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document Qin Long
@ 2017-03-23 13:19 ` Qin Long
2017-03-23 18:33 ` Laszlo Ersek
2017-03-27 9:41 ` Gary Lin
2017-03-23 13:19 ` [PATCH v2 07/11] CryptoPkg: Clean-up CRT Library Wrapper Qin Long
` (6 subsequent siblings)
12 siblings, 2 replies; 33+ messages in thread
From: Qin Long @ 2017-03-23 13:19 UTC (permalink / raw)
To: edk2-devel
Cc: ting.ye, jiaxin.wu, lersek, ard.biesheuvel, glin, ronald.cron,
Moso.Lee, thomas.palmer, David Woodhouse
In a couple of places, OpenSSL code uses the address of the
strcmp() function, and assigns it to another comparator function
pointer.
Unfortunately, this falls foul of the inconsistent function ABI
that we use in EDKII. We '#define strcmp AsciiStrCmp' but AsciiStrCmp
is an EFIAPI function with the Microsoft ABI. And we're assigning its
address to a non-EFIAPI function, which may well have a different ABI.
Fix this by providing an actual strcmp() function in the default ABI.
We already *had* a prototype for it in OpenSslSupport.h, which was
then superseded by the #define strcmp AsciiStrCmp.
Now, OpenSSL code *can* use &strcmp without problems.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Qin Long <qin.long@intel.com>
---
CryptoPkg/Include/OpenSslSupport.h | 3 +--
CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c | 8 +++++++-
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h
index e011a7cfee..e6858a94a4 100644
--- a/CryptoPkg/Include/OpenSslSupport.h
+++ b/CryptoPkg/Include/OpenSslSupport.h
@@ -1,7 +1,7 @@
/** @file
Root include file to support building OpenSSL Crypto Library.
-Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -276,7 +276,6 @@ extern FILE *stdout;
#define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch)
#define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count)))
#define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count))
-#define strcmp AsciiStrCmp
#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
#define strcpy(strDest,strSource) AsciiStrCpyS(strDest,MAX_STRING_SIZE,strSource)
#define strncpy(strDest,strSource,count) AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count)
diff --git a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
index 9d6867ebce..e8a76d07ff 100644
--- a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
+++ b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
@@ -2,7 +2,7 @@
Intrinsic Memory Routines Wrapper Implementation for OpenSSL-based
Cryptographic Library.
-Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -15,6 +15,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Base.h>
#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
/* OpenSSL will use floating point support, and C compiler produces the _fltused
symbol by default. Simply define this symbol here to satisfy the linker. */
@@ -44,3 +45,8 @@ void * memset (void *dest, char ch, unsigned int count)
return dest;
}
+
+int strcmp (const char *s1, const char *s2)
+{
+ return (int)AsciiStrCmp(s1, s2);
+}
--
2.11.1.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v2 07/11] CryptoPkg: Clean-up CRT Library Wrapper.
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
` (5 preceding siblings ...)
2017-03-23 13:19 ` [PATCH v2 06/11] CryptoPkg: Fix handling of &strcmp function pointers Qin Long
@ 2017-03-23 13:19 ` Qin Long
2017-03-23 18:34 ` Laszlo Ersek
` (2 more replies)
2017-03-23 13:19 ` [PATCH v2 08/11] CryptoPkg: Add extra build option to disable VS build warning Qin Long
` (5 subsequent siblings)
12 siblings, 3 replies; 33+ messages in thread
From: Qin Long @ 2017-03-23 13:19 UTC (permalink / raw)
To: edk2-devel
Cc: ting.ye, jiaxin.wu, lersek, ard.biesheuvel, glin, ronald.cron,
Moso.Lee, thomas.palmer
Cleaning-up CRT Library Wrapper for the third-party cryptography
library building. The changes includes
1. Rename OpenSslSupport.h to CrtLibSupport.h for future alternative
crypto provider support.
2. Remove all un-referenced CRT APIs and headers.
(NOTE: More cleans-up could be possible after OpenSSL integrate the
extra PR request: https://github.com/openssl/openssl/pull/2961)
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
---
CryptoPkg/Include/CrtLibSupport.h | 193 ++++++++++++++
CryptoPkg/Include/OpenSslSupport.h | 292 ---------------------
CryptoPkg/Include/arpa/inet.h | 16 --
CryptoPkg/Include/assert.h | 7 +-
CryptoPkg/Include/ctype.h | 7 +-
CryptoPkg/Include/dirent.h | 16 --
CryptoPkg/Include/errno.h | 7 +-
CryptoPkg/Include/limits.h | 7 +-
CryptoPkg/Include/malloc.h | 16 --
CryptoPkg/Include/math.h | 16 --
CryptoPkg/Include/memory.h | 7 +-
CryptoPkg/Include/netdb.h | 16 --
CryptoPkg/Include/netinet/in.h | 16 --
CryptoPkg/Include/sgtty.h | 16 --
CryptoPkg/Include/signal.h | 16 --
CryptoPkg/Include/stdarg.h | 7 +-
CryptoPkg/Include/stddef.h | 6 +-
CryptoPkg/Include/stdio.h | 7 +-
CryptoPkg/Include/stdlib.h | 7 +-
CryptoPkg/Include/string.h | 7 +-
CryptoPkg/Include/strings.h | 6 +-
CryptoPkg/Include/sys/ioctl.h | 16 --
CryptoPkg/Include/sys/param.h | 16 --
CryptoPkg/Include/sys/socket.h | 16 --
CryptoPkg/Include/sys/stat.h | 16 --
CryptoPkg/Include/sys/time.h | 7 +-
CryptoPkg/Include/sys/times.h | 16 --
CryptoPkg/Include/sys/types.h | 7 +-
CryptoPkg/Include/sys/un.h | 16 --
CryptoPkg/Include/syslog.h | 6 +-
CryptoPkg/Include/time.h | 6 +-
CryptoPkg/Include/unistd.h | 6 +-
CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h | 4 +-
.../BaseCryptLib/SysCall/BaseMemAllocation.c | 5 +-
.../BaseCryptLib/SysCall/ConstantTimeClock.c | 6 +-
.../Library/BaseCryptLib/SysCall/CrtWrapper.c | 185 ++++++-------
.../Library/BaseCryptLib/SysCall/HelperWrapper.c | 54 ----
.../BaseCryptLib/SysCall/RuntimeMemAllocation.c | 3 +-
.../Library/BaseCryptLib/SysCall/TimerWrapper.c | 4 +-
39 files changed, 346 insertions(+), 731 deletions(-)
create mode 100644 CryptoPkg/Include/CrtLibSupport.h
delete mode 100644 CryptoPkg/Include/OpenSslSupport.h
delete mode 100644 CryptoPkg/Include/arpa/inet.h
delete mode 100644 CryptoPkg/Include/dirent.h
delete mode 100644 CryptoPkg/Include/malloc.h
delete mode 100644 CryptoPkg/Include/math.h
delete mode 100644 CryptoPkg/Include/netdb.h
delete mode 100644 CryptoPkg/Include/netinet/in.h
delete mode 100644 CryptoPkg/Include/sgtty.h
delete mode 100644 CryptoPkg/Include/signal.h
delete mode 100644 CryptoPkg/Include/sys/ioctl.h
delete mode 100644 CryptoPkg/Include/sys/param.h
delete mode 100644 CryptoPkg/Include/sys/socket.h
delete mode 100644 CryptoPkg/Include/sys/stat.h
delete mode 100644 CryptoPkg/Include/sys/times.h
delete mode 100644 CryptoPkg/Include/sys/un.h
delete mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c
diff --git a/CryptoPkg/Include/CrtLibSupport.h b/CryptoPkg/Include/CrtLibSupport.h
new file mode 100644
index 0000000000..ddf7784a37
--- /dev/null
+++ b/CryptoPkg/Include/CrtLibSupport.h
@@ -0,0 +1,193 @@
+/** @file
+ Root include file of C runtime library to support building the third-party
+ cryptographic library.
+
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __CRT_LIB_SUPPORT_H__
+#define __CRT_LIB_SUPPORT_H__
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PrintLib.h>
+
+#define OPENSSLDIR ""
+#define ENGINESDIR ""
+
+#define MAX_STRING_SIZE 0x1000
+
+//
+// OpenSSL relies on explicit configuration for word size in crypto/bn,
+// but we want it to be automatically inferred from the target. So we
+// bypass what's in <openssl/opensslconf.h> for OPENSSL_SYS_UEFI, and
+// define our own here.
+//
+#ifdef CONFIG_HEADER_BN_H
+#error CONFIG_HEADER_BN_H already defined
+#endif
+
+#define CONFIG_HEADER_BN_H
+
+#if defined(MDE_CPU_X64) || defined(MDE_CPU_AARCH64) || defined(MDE_CPU_IA64)
+//
+// With GCC we would normally use SIXTY_FOUR_BIT_LONG, but MSVC needs
+// SIXTY_FOUR_BIT, because 'long' is 32-bit and only 'long long' is
+// 64-bit. Since using 'long long' works fine on GCC too, just do that.
+//
+#define SIXTY_FOUR_BIT
+#elif defined(MDE_CPU_IA32) || defined(MDE_CPU_ARM) || defined(MDE_CPU_EBC)
+#define THIRTY_TWO_BIT
+#else
+#error Unknown target architecture
+#endif
+
+//
+// Map all va_xxxx elements to VA_xxx defined in MdePkg/Include/Base.h
+//
+#if !defined(__CC_ARM) // if va_list is not already defined
+#define va_list VA_LIST
+#define va_arg VA_ARG
+#define va_start VA_START
+#define va_end VA_END
+#else // __CC_ARM
+#define va_start(Marker, Parameter) __va_start(Marker, Parameter)
+#define va_arg(Marker, TYPE) __va_arg(Marker, TYPE)
+#define va_end(Marker) ((void)0)
+#endif
+
+//
+// Definitions for global constants used by CRT library routines
+//
+#define EINVAL 22 /* Invalid argument */
+#define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */
+#define LONG_MAX 0X7FFFFFFFL /* max value for a long */
+#define LONG_MIN (-LONG_MAX-1) /* min value for a long */
+#define ULONG_MAX 0xFFFFFFFF /* Maximum unsigned long value */
+#define CHAR_BIT 8 /* Number of bits in a char */
+
+//
+// Basic types mapping
+//
+typedef UINTN size_t;
+typedef INTN ssize_t;
+typedef INT32 time_t;
+typedef UINT8 __uint8_t;
+typedef UINT8 sa_family_t;
+typedef UINT32 uid_t;
+typedef UINT32 gid_t;
+
+//
+// File operations are not required for EFI building,
+// so FILE is mapped to VOID * to pass build
+//
+typedef VOID *FILE;
+
+//
+// Structures Definitions
+//
+struct tm {
+ int tm_sec; /* seconds after the minute [0-60] */
+ int tm_min; /* minutes after the hour [0-59] */
+ int tm_hour; /* hours since midnight [0-23] */
+ int tm_mday; /* day of the month [1-31] */
+ int tm_mon; /* months since January [0-11] */
+ int tm_year; /* years since 1900 */
+ int tm_wday; /* days since Sunday [0-6] */
+ int tm_yday; /* days since January 1 [0-365] */
+ int tm_isdst; /* Daylight Savings Time flag */
+ long tm_gmtoff; /* offset from CUT in seconds */
+ char *tm_zone; /* timezone abbreviation */
+};
+
+struct timeval {
+ long tv_sec; /* time value, in seconds */
+ long tv_usec; /* time value, in microseconds */
+};
+
+struct sockaddr {
+ __uint8_t sa_len; /* total length */
+ sa_family_t sa_family; /* address family */
+ char sa_data[14]; /* actually longer; address value */
+};
+
+//
+// Global variables
+//
+extern int errno;
+extern FILE *stderr;
+
+//
+// Function prototypes of CRT Library routines
+//
+void *malloc (size_t);
+void *realloc (void *, size_t);
+void free (void *);
+void *memset (void *, int, size_t);
+int isdigit (int);
+int isspace (int);
+int isxdigit (int);
+int isalnum (int);
+int isupper (int);
+int tolower (int);
+int strcmp (const char *, const char *);
+int strncasecmp (const char *, const char *, size_t);
+char *strrchr (const char *, int);
+unsigned long strtoul (const char *, char **, int);
+long strtol (const char *, char **, int);
+char *strerror (int);
+size_t strspn (const char *, const char *);
+size_t strcspn (const char *, const char *);
+int printf (const char *, ...);
+int sscanf (const char *, const char *, ...);
+FILE *fopen (const char *, const char *);
+size_t fread (void *, size_t, size_t, FILE *);
+size_t fwrite (const void *, size_t, size_t, FILE *);
+int fclose (FILE *);
+int fprintf (FILE *, const char *, ...);
+time_t time (time_t *);
+struct tm *gmtime (const time_t *);
+uid_t getuid (void);
+uid_t geteuid (void);
+gid_t getgid (void);
+gid_t getegid (void);
+void qsort (void *, size_t, size_t, int (*)(const void *, const void *));
+char *getenv (const char *);
+#if defined(__GNUC__) && (__GNUC__ >= 2)
+void abort (void) __attribute__((__noreturn__));
+#else
+void abort (void);
+#endif
+
+//
+// Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions
+//
+#define memcpy(dest,source,count) CopyMem(dest,source,(UINTN)(count))
+#define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch))
+#define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch)
+#define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count)))
+#define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count))
+#define strlen(str) (size_t)(AsciiStrnLenS(str,MAX_STRING_SIZE))
+#define strcpy(strDest,strSource) AsciiStrCpyS(strDest,MAX_STRING_SIZE,strSource)
+#define strncpy(strDest,strSource,count) AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count)
+#define strcat(strDest,strSource) AsciiStrCatS(strDest,MAX_STRING_SIZE,strSource)
+#define strchr(str,ch) ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch)
+#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
+#define strcasecmp(str1,str2) (int)AsciiStriCmp(str1,str2)
+#define sprintf(buf,...) AsciiSPrint(buf,MAX_STRING_SIZE,__VA_ARGS__)
+#define localtime(timer) NULL
+#define assert(expression)
+#define offsetof(type,member) OFFSET_OF(type,member)
+#define atoi(nptr) AsciiStrDecimalToUintn(nptr)
+#define gettimeofday(tvp,tz) do { (tvp)->tv_sec = time(NULL); (tvp)->tv_usec = 0; } while (0)
+
+#endif
diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h
deleted file mode 100644
index e6858a94a4..0000000000
--- a/CryptoPkg/Include/OpenSslSupport.h
+++ /dev/null
@@ -1,292 +0,0 @@
-/** @file
- Root include file to support building OpenSSL Crypto Library.
-
-Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __OPEN_SSL_SUPPORT_H__
-#define __OPEN_SSL_SUPPORT_H__
-
-#include <Base.h>
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/DebugLib.h>
-
-#define OPENSSLDIR ""
-#define ENGINESDIR ""
-
-#define MAX_STRING_SIZE 0x1000
-
-//
-// OpenSSL relies on explicit configuration for word size in crypto/bn,
-// but we want it to be automatically inferred from the target. So we
-// bypass what's in <openssl/opensslconf.h> for OPENSSL_SYS_UEFI, and
-// define our own here.
-//
-#ifdef CONFIG_HEADER_BN_H
-#error CONFIG_HEADER_BN_H already defined
-#endif
-
-#define CONFIG_HEADER_BN_H
-
-#if defined(MDE_CPU_X64) || defined(MDE_CPU_AARCH64) || defined(MDE_CPU_IA64)
-//
-// With GCC we would normally use SIXTY_FOUR_BIT_LONG, but MSVC needs
-// SIXTY_FOUR_BIT, because 'long' is 32-bit and only 'long long' is
-// 64-bit. Since using 'long long' works fine on GCC too, just do that.
-//
-#define SIXTY_FOUR_BIT
-#elif defined(MDE_CPU_IA32) || defined(MDE_CPU_ARM) || defined(MDE_CPU_EBC)
-#define THIRTY_TWO_BIT
-#else
-#error Unknown target architecture
-#endif
-
-//
-// File operations are not required for building Open SSL,
-// so FILE is mapped to VOID * to pass build
-//
-typedef VOID *FILE;
-
-//
-// Map all va_xxxx elements to VA_xxx defined in MdePkg/Include/Base.h
-//
-#if !defined(__CC_ARM) // if va_list is not already defined
-#define va_list VA_LIST
-#define va_arg VA_ARG
-#define va_start VA_START
-#define va_end VA_END
-#else // __CC_ARM
-#define va_start(Marker, Parameter) __va_start(Marker, Parameter)
-#define va_arg(Marker, TYPE) __va_arg(Marker, TYPE)
-#define va_end(Marker) ((void)0)
-#endif
-
-//
-// #defines from EFI Application Toolkit required to build Open SSL
-//
-#define ENOMEM 12 /* Cannot allocate memory */
-#define EINVAL 22 /* Invalid argument */
-#define BUFSIZ 1024 /* size of buffer used by setbuf */
-#define INT_MAX 2147483647 /* max value for an int */
-#define INT_MIN (-2147483647-1) /* min value for an int */
-#define LONG_MAX 2147483647L /* max value for a long */
-#define LONG_MIN (-2147483647-1) /* min value for a long */
-#define ULONG_MAX 0xffffffff /* max value for an unsigned long */
-#define LOG_DAEMON (3<<3) /* system daemons */
-#define LOG_EMERG 0 /* system is unusable */
-#define LOG_ALERT 1 /* action must be taken immediately */
-#define LOG_CRIT 2 /* critical conditions */
-#define LOG_ERR 3 /* error conditions */
-#define LOG_WARNING 4 /* warning conditions */
-#define LOG_NOTICE 5 /* normal but significant condition */
-#define LOG_INFO 6 /* informational */
-#define LOG_DEBUG 7 /* debug-level messages */
-#define LOG_PID 0x01 /* log the pid with each message */
-#define LOG_CONS 0x02 /* log on the console if errors in sending */
-#define CHAR_BIT 8 /* Number of bits in a char */
-
-//
-// Macros from EFI Application Toolkit required to build Open SSL
-//
-/* The offsetof() macro calculates the offset of a structure member
- in its structure. Unfortunately this cannot be written down
- portably, hence it is provided by a Standard C header file.
- For pre-Standard C compilers, here is a version that usually works
- (but watch out!): */
-#define offsetof(type, member) OFFSET_OF (type, member)
-
-//
-// Basic types from EFI Application Toolkit required to build Open SSL
-//
-typedef UINTN size_t;
-typedef INTN ssize_t;
-typedef INT64 off_t;
-typedef UINT16 mode_t;
-typedef long time_t;
-typedef unsigned long clock_t;
-typedef UINT32 uid_t;
-typedef UINT32 gid_t;
-typedef UINT32 ino_t;
-typedef UINT32 dev_t;
-typedef UINT16 nlink_t;
-typedef int pid_t;
-typedef void *DIR;
-typedef void __sighandler_t (int);
-typedef UINT8 __uint8_t;
-typedef UINT8 sa_family_t;
-
-//
-// Structures from EFI Application Toolkit required to build Open SSL
-//
-struct tm {
- int tm_sec; /* seconds after the minute [0-60] */
- int tm_min; /* minutes after the hour [0-59] */
- int tm_hour; /* hours since midnight [0-23] */
- int tm_mday; /* day of the month [1-31] */
- int tm_mon; /* months since January [0-11] */
- int tm_year; /* years since 1900 */
- int tm_wday; /* days since Sunday [0-6] */
- int tm_yday; /* days since January 1 [0-365] */
- int tm_isdst; /* Daylight Savings Time flag */
- long tm_gmtoff; /* offset from CUT in seconds */
- char *tm_zone; /* timezone abbreviation */
-};
-
-struct timeval {
- long tv_sec; /* time value, in seconds */
- long tv_usec; /* time value, in microseconds */
-};
-
-struct dirent {
- UINT32 d_fileno; /* file number of entry */
- UINT16 d_reclen; /* length of this record */
- UINT8 d_type; /* file type, see below */
- UINT8 d_namlen; /* length of string in d_name */
- char d_name[255 + 1]; /* name must be no longer than this */
-};
-
-struct stat {
- dev_t st_dev; /* inode's device */
- ino_t st_ino; /* inode's number */
- mode_t st_mode; /* inode protection mode */
- nlink_t st_nlink; /* number of hard links */
- uid_t st_uid; /* user ID of the file's owner */
- gid_t st_gid; /* group ID of the file's group */
- dev_t st_rdev; /* device type */
- time_t st_atime; /* time of last access */
- long st_atimensec; /* nsec of last access */
- time_t st_mtime; /* time of last data modification */
- long st_mtimensec; /* nsec of last data modification */
- time_t st_ctime; /* time of last file status change */
- long st_ctimensec; /* nsec of last file status change */
- off_t st_size; /* file size, in bytes */
- INT64 st_blocks; /* blocks allocated for file */
- UINT32 st_blksize; /* optimal blocksize for I/O */
- UINT32 st_flags; /* user defined flags for file */
- UINT32 st_gen; /* file generation number */
- INT32 st_lspare;
- INT64 st_qspare[2];
-};
-
-struct sockaddr {
- __uint8_t sa_len; /* total length */
- sa_family_t sa_family; /* address family */
- char sa_data[14]; /* actually longer; address value */
-};
-
-//
-// Externs from EFI Application Toolkit required to build Open SSL
-//
-extern int errno;
-
-//
-// Function prototypes from EFI Application Toolkit required to build Open SSL
-//
-void *malloc (size_t);
-void *realloc (void *, size_t);
-void free (void *);
-int isdigit (int);
-int isspace (int);
-int tolower (int);
-int isupper (int);
-int isxdigit (int);
-int isalnum (int);
-void *memcpy (void *, const void *, size_t);
-void *memset (void *, int, size_t);
-void *memchr (const void *, int, size_t);
-int memcmp (const void *, const void *, size_t);
-void *memmove (void *, const void *, size_t);
-int strcmp (const char *, const char *);
-int strncmp (const char *, const char *, size_t);
-char *strcpy (char *, const char *);
-char *strncpy (char *, const char *, size_t);
-size_t strlen (const char *);
-char *strcat (char *, const char *);
-char *strchr (const char *, int);
-int strcasecmp (const char *, const char *);
-int strncasecmp (const char *, const char *, size_t);
-char *strncpy (char *, const char *, size_t);
-int strncmp (const char *, const char *, size_t);
-char *strrchr (const char *, int);
-unsigned long strtoul (const char *, char **, int);
-long strtol (const char *, char **, int);
-char *strerror (int);
-size_t strspn (const char *, const char *);
-size_t strcspn (const char *, const char *);
-int printf (const char *, ...);
-int sscanf (const char *, const char *, ...);
-int open (const char *, int, ...);
-int chmod (const char *, mode_t);
-int stat (const char *, struct stat *);
-off_t lseek (int, off_t, int);
-ssize_t read (int, void *, size_t);
-ssize_t write (int, const void *, size_t);
-int close (int);
-FILE *fopen (const char *, const char *);
-size_t fread (void *, size_t, size_t, FILE *);
-size_t fwrite (const void *, size_t, size_t, FILE *);
-char *fgets (char *, int, FILE *);
-int fputs (const char *, FILE *);
-int fprintf (FILE *, const char *, ...);
-int vfprintf (FILE *, const char *, VA_LIST);
-int fflush (FILE *);
-int fclose (FILE *);
-DIR *opendir (const char *);
-struct dirent *readdir (DIR *);
-int closedir (DIR *);
-void openlog (const char *, int, int);
-void closelog (void);
-void syslog (int, const char *, ...);
-time_t time (time_t *);
-struct tm *localtime (const time_t *);
-struct tm *gmtime (const time_t *);
-struct tm *gmtime_r (const time_t *, struct tm *);
-uid_t getuid (void);
-uid_t geteuid (void);
-gid_t getgid (void);
-gid_t getegid (void);
-void qsort (void *, size_t, size_t, int (*)(const void *, const void *));
-char *getenv (const char *);
-void exit (int);
-void abort (void);
-__sighandler_t *signal (int, __sighandler_t *);
-
-//
-// Global variables from EFI Application Toolkit required to build Open SSL
-//
-extern FILE *stderr;
-extern FILE *stdin;
-extern FILE *stdout;
-
-//
-// Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions
-//
-#define memcpy(dest,source,count) CopyMem(dest,source,(UINTN)(count))
-#define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch))
-#define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch)
-#define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count)))
-#define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count))
-#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
-#define strcpy(strDest,strSource) AsciiStrCpyS(strDest,MAX_STRING_SIZE,strSource)
-#define strncpy(strDest,strSource,count) AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count)
-#define strlen(str) (size_t)(AsciiStrnLenS(str,MAX_STRING_SIZE))
-#define strcat(strDest,strSource) AsciiStrCatS(strDest,MAX_STRING_SIZE,strSource)
-#define strchr(str,ch) ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch)
-#define abort() ASSERT (FALSE)
-#define assert(expression)
-#define localtime(timer) NULL
-#define gmtime_r(timer,result) (result = NULL)
-#define atoi(nptr) AsciiStrDecimalToUintn(nptr)
-#define gettimeofday(tvp,tz) do { (tvp)->tv_sec = time(NULL); (tvp)->tv_usec = 0; } while (0)
-
-#endif
diff --git a/CryptoPkg/Include/arpa/inet.h b/CryptoPkg/Include/arpa/inet.h
deleted file mode 100644
index ee07f6bcb5..0000000000
--- a/CryptoPkg/Include/arpa/inet.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/** @file
- Include file to support building OpenSSL Crypto Library.
-
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
diff --git a/CryptoPkg/Include/assert.h b/CryptoPkg/Include/assert.h
index ee07f6bcb5..1a8d1c47de 100644
--- a/CryptoPkg/Include/assert.h
+++ b/CryptoPkg/Include/assert.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,5 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
-
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/ctype.h b/CryptoPkg/Include/ctype.h
index ee07f6bcb5..1a8d1c47de 100644
--- a/CryptoPkg/Include/ctype.h
+++ b/CryptoPkg/Include/ctype.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,5 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
-
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/dirent.h b/CryptoPkg/Include/dirent.h
deleted file mode 100644
index ee07f6bcb5..0000000000
--- a/CryptoPkg/Include/dirent.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/** @file
- Include file to support building OpenSSL Crypto Library.
-
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
diff --git a/CryptoPkg/Include/errno.h b/CryptoPkg/Include/errno.h
index ee07f6bcb5..1a8d1c47de 100644
--- a/CryptoPkg/Include/errno.h
+++ b/CryptoPkg/Include/errno.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,5 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
-
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/limits.h b/CryptoPkg/Include/limits.h
index ee07f6bcb5..1a8d1c47de 100644
--- a/CryptoPkg/Include/limits.h
+++ b/CryptoPkg/Include/limits.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,5 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
-
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/malloc.h b/CryptoPkg/Include/malloc.h
deleted file mode 100644
index ee07f6bcb5..0000000000
--- a/CryptoPkg/Include/malloc.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/** @file
- Include file to support building OpenSSL Crypto Library.
-
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
diff --git a/CryptoPkg/Include/math.h b/CryptoPkg/Include/math.h
deleted file mode 100644
index a21f5543cd..0000000000
--- a/CryptoPkg/Include/math.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/** @file
- Include file to support building OPEN SSL
-
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
diff --git a/CryptoPkg/Include/memory.h b/CryptoPkg/Include/memory.h
index 092b3cde1f..1a8d1c47de 100644
--- a/CryptoPkg/Include/memory.h
+++ b/CryptoPkg/Include/memory.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,5 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
-
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/netdb.h b/CryptoPkg/Include/netdb.h
deleted file mode 100644
index ee07f6bcb5..0000000000
--- a/CryptoPkg/Include/netdb.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/** @file
- Include file to support building OpenSSL Crypto Library.
-
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
diff --git a/CryptoPkg/Include/netinet/in.h b/CryptoPkg/Include/netinet/in.h
deleted file mode 100644
index ee07f6bcb5..0000000000
--- a/CryptoPkg/Include/netinet/in.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/** @file
- Include file to support building OpenSSL Crypto Library.
-
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
diff --git a/CryptoPkg/Include/sgtty.h b/CryptoPkg/Include/sgtty.h
deleted file mode 100644
index ee07f6bcb5..0000000000
--- a/CryptoPkg/Include/sgtty.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/** @file
- Include file to support building OpenSSL Crypto Library.
-
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
diff --git a/CryptoPkg/Include/signal.h b/CryptoPkg/Include/signal.h
deleted file mode 100644
index ee07f6bcb5..0000000000
--- a/CryptoPkg/Include/signal.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/** @file
- Include file to support building OpenSSL Crypto Library.
-
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
diff --git a/CryptoPkg/Include/stdarg.h b/CryptoPkg/Include/stdarg.h
index ee07f6bcb5..1a8d1c47de 100644
--- a/CryptoPkg/Include/stdarg.h
+++ b/CryptoPkg/Include/stdarg.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,5 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
-
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/stddef.h b/CryptoPkg/Include/stddef.h
index 8dfc36ffb0..1a8d1c47de 100644
--- a/CryptoPkg/Include/stddef.h
+++ b/CryptoPkg/Include/stddef.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/stdio.h b/CryptoPkg/Include/stdio.h
index ee07f6bcb5..1a8d1c47de 100644
--- a/CryptoPkg/Include/stdio.h
+++ b/CryptoPkg/Include/stdio.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,5 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
-
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/stdlib.h b/CryptoPkg/Include/stdlib.h
index ee07f6bcb5..1a8d1c47de 100644
--- a/CryptoPkg/Include/stdlib.h
+++ b/CryptoPkg/Include/stdlib.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,5 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
-
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/string.h b/CryptoPkg/Include/string.h
index ee07f6bcb5..1a8d1c47de 100644
--- a/CryptoPkg/Include/string.h
+++ b/CryptoPkg/Include/string.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,5 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
-
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/strings.h b/CryptoPkg/Include/strings.h
index 8dfc36ffb0..1a8d1c47de 100644
--- a/CryptoPkg/Include/strings.h
+++ b/CryptoPkg/Include/strings.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/sys/ioctl.h b/CryptoPkg/Include/sys/ioctl.h
deleted file mode 100644
index ee07f6bcb5..0000000000
--- a/CryptoPkg/Include/sys/ioctl.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/** @file
- Include file to support building OpenSSL Crypto Library.
-
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
diff --git a/CryptoPkg/Include/sys/param.h b/CryptoPkg/Include/sys/param.h
deleted file mode 100644
index ee07f6bcb5..0000000000
--- a/CryptoPkg/Include/sys/param.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/** @file
- Include file to support building OpenSSL Crypto Library.
-
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
diff --git a/CryptoPkg/Include/sys/socket.h b/CryptoPkg/Include/sys/socket.h
deleted file mode 100644
index ee07f6bcb5..0000000000
--- a/CryptoPkg/Include/sys/socket.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/** @file
- Include file to support building OpenSSL Crypto Library.
-
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
diff --git a/CryptoPkg/Include/sys/stat.h b/CryptoPkg/Include/sys/stat.h
deleted file mode 100644
index ee07f6bcb5..0000000000
--- a/CryptoPkg/Include/sys/stat.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/** @file
- Include file to support building OpenSSL Crypto Library.
-
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
diff --git a/CryptoPkg/Include/sys/time.h b/CryptoPkg/Include/sys/time.h
index ee07f6bcb5..1a8d1c47de 100644
--- a/CryptoPkg/Include/sys/time.h
+++ b/CryptoPkg/Include/sys/time.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,5 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
-
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/sys/times.h b/CryptoPkg/Include/sys/times.h
deleted file mode 100644
index ee07f6bcb5..0000000000
--- a/CryptoPkg/Include/sys/times.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/** @file
- Include file to support building OpenSSL Crypto Library.
-
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
diff --git a/CryptoPkg/Include/sys/types.h b/CryptoPkg/Include/sys/types.h
index ee07f6bcb5..1a8d1c47de 100644
--- a/CryptoPkg/Include/sys/types.h
+++ b/CryptoPkg/Include/sys/types.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,5 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
-
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/sys/un.h b/CryptoPkg/Include/sys/un.h
deleted file mode 100644
index ee07f6bcb5..0000000000
--- a/CryptoPkg/Include/sys/un.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/** @file
- Include file to support building OpenSSL Crypto Library.
-
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
diff --git a/CryptoPkg/Include/syslog.h b/CryptoPkg/Include/syslog.h
index 8dfc36ffb0..1a8d1c47de 100644
--- a/CryptoPkg/Include/syslog.h
+++ b/CryptoPkg/Include/syslog.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/time.h b/CryptoPkg/Include/time.h
index 8dfc36ffb0..1a8d1c47de 100644
--- a/CryptoPkg/Include/time.h
+++ b/CryptoPkg/Include/time.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Include/unistd.h b/CryptoPkg/Include/unistd.h
index 8dfc36ffb0..1a8d1c47de 100644
--- a/CryptoPkg/Include/unistd.h
+++ b/CryptoPkg/Include/unistd.h
@@ -1,7 +1,7 @@
/** @file
- Include file to support building OpenSSL Crypto Library.
+ Include file to support building the third-party cryptographic library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
index 92cc963038..4f9f308a7d 100644
--- a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
+++ b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
@@ -1,7 +1,7 @@
/** @file
Internal include file for BaseCryptLib.
-Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -21,7 +21,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/DebugLib.h>
#include <Library/BaseCryptLib.h>
-#include "OpenSslSupport.h"
+#include "CrtLibSupport.h"
#include <openssl/opensslv.h>
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c
index 964545f143..f390e0d449 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c
@@ -2,7 +2,7 @@
Base Memory Allocation Routines Wrapper for Crypto library over OpenSSL
during PEI & DXE phases.
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -13,7 +13,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
+#include <CrtLibSupport.h>
+#include <Library/MemoryAllocationLib.h>
//
// -- Memory-Allocation Routines --
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c b/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c
index 0a19a69533..7f20164999 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c
@@ -12,7 +12,7 @@
5) DhGenerateParameter
6) DhGenerateKey
-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -23,7 +23,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
+#include <CrtLibSupport.h>
//
// -- Time Management Routines --
@@ -38,4 +38,4 @@ time_t time (time_t *timer)
struct tm * gmtime (const time_t *timer)
{
return NULL;
-}
\ No newline at end of file
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index a2386bc073..20c96563d2 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -2,7 +2,7 @@
C Run-Time Libraries (CRT) Wrapper Implementation for OpenSSL-based
Cryptographic Library.
-Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
+#include <CrtLibSupport.h>
int errno = 0;
@@ -136,6 +136,30 @@ char *strrchr (const char *str, int c)
}
}
+/* Compare first n bytes of string s1 with string s2, ignoring case */
+int strncasecmp (const char *s1, const char *s2, size_t n)
+{
+ int Val;
+
+ ASSERT(s1 != NULL);
+ ASSERT(s2 != NULL);
+
+ if (n != 0) {
+ do {
+ Val = tolower(*s1) - tolower(*s2);
+ if (Val != 0) {
+ return Val;
+ }
+ ++s1;
+ ++s2;
+ if (*s1 == '\0') {
+ break;
+ }
+ } while (--n != 0);
+ }
+ return 0;
+}
+
/* Read formatted data from a string */
int sscanf (const char *buffer, const char *format, ...)
{
@@ -146,6 +170,70 @@ int sscanf (const char *buffer, const char *format, ...)
return 0;
}
+/* Maps errnum to an error-message string */
+char * strerror (int errnum)
+{
+ return NULL;
+}
+
+/* Computes the length of the maximum initial segment of the string pointed to by s1
+ which consists entirely of characters from the string pointed to by s2. */
+size_t strspn (const char *s1 , const char *s2)
+{
+ UINT8 Map[32];
+ UINT32 Index;
+ size_t Count;
+
+ for (Index = 0; Index < 32; Index++) {
+ Map[Index] = 0;
+ }
+
+ while (*s2) {
+ Map[*s2 >> 3] |= (1 << (*s2 & 7));
+ s2++;
+ }
+
+ if (*s1) {
+ Count = 0;
+ while (Map[*s1 >> 3] & (1 << (*s1 & 7))) {
+ Count++;
+ s1++;
+ }
+
+ return Count;
+ }
+
+ return 0;
+}
+
+/* Computes the length of the maximum initial segment of the string pointed to by s1
+ which consists entirely of characters not from the string pointed to by s2. */
+size_t strcspn (const char *s1, const char *s2)
+{
+ UINT8 Map[32];
+ UINT32 Index;
+ size_t Count;
+
+ for (Index = 0; Index < 32; Index++) {
+ Map[Index] = 0;
+ }
+
+ while (*s2) {
+ Map[*s2 >> 3] |= (1 << (*s2 & 7));
+ s2++;
+ }
+
+ Map[0] |= 1;
+
+ Count = 0;
+ while (!(Map[*s1 >> 3] & (1 << (*s1 & 7)))) {
+ Count ++;
+ s1++;
+ }
+
+ return Count;
+}
+
//
// -- Character Classification Routines --
//
@@ -277,12 +365,6 @@ char *getenv (const char *varname)
// -- Stream I/O Routines --
//
-/* Write formatted output using a pointer to a list of arguments */
-int vfprintf (FILE *stream, const char *format, VA_LIST arg)
-{
- return 0;
-}
-
/* Write data to a stream */
size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream)
{
@@ -303,36 +385,6 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...)
return 0;
}
-void *UI_OpenSSL(void)
-{
- return NULL;
-}
-
-int X509_load_cert_file (VOID *ctx, const char *file, int type)
-{
- return 0;
-}
-
-int X509_load_crl_file (VOID *ctx, const char *file, int type)
-{
- return 0;
-}
-
-int chmod (const char *c, mode_t m)
-{
- return -1;
-}
-
-int close (int f)
-{
- return -1;
-}
-
-void closelog (void)
-{
-
-}
-
#ifdef __GNUC__
typedef
@@ -341,7 +393,6 @@ VOID
VOID
) __attribute__((__noreturn__));
-
STATIC
VOID
EFIAPI
@@ -351,8 +402,7 @@ NopFunction (
{
}
-
-void exit (int e)
+void abort (void)
{
NoReturnFuncPtr NoReturnFunc;
@@ -363,8 +413,9 @@ void exit (int e)
#else
-void exit (int e)
+void abort (void)
{
+ // Do nothing
}
#endif
@@ -384,16 +435,6 @@ size_t fread (void *b, size_t c, size_t i, FILE *f)
return 0;
}
-int fputs (const char *s, FILE *f)
-{
- return 0;
-}
-
-int fprintf (FILE *f, const char *s, ...)
-{
- return 0;
-}
-
uid_t getuid (void)
{
return 0;
@@ -414,46 +455,6 @@ gid_t getegid (void)
return 0;
}
-off_t lseek (int a, off_t o, int d)
-{
- return 0;
-}
-
-void openlog (const char *c, int a, int b)
-{
-
-}
-
-ssize_t read (int f, void *b, size_t c)
-{
- return 0;
-}
-
-int stat (const char *c, struct stat *s)
-{
- return -1;
-}
-
-int strcasecmp (const char *c, const char *s)
-{
- return 0;
-}
-
-int strncasecmp (const char *c, const char *s, size_t l)
-{
- return 0;
-}
-
-void syslog (int a, const char *c, ...)
-{
-
-}
-
-ssize_t write (int f, const void *b, size_t l)
-{
- return 0;
-}
-
int printf (char const *fmt, ...)
{
return 0;
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c
deleted file mode 100644
index bf4399ca08..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/** @file
- Wrapper Implementation of Helper Routines produced by the C Compiler
- for the OpenSSL-based Cryptographic Library.
-
-Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <OpenSslSupport.h>
-
-//---------------------------------------------------------
-// Helper Routines Wrapper
-//---------------------------------------------------------
-
-/* Divides a 64-bit signed value with a 64-bit signed value and returns
- a 64-bit signed quotient and reminder */
-void _aulldvrm ()
-{
- //
- // Null _aulldvrm() Math function implementation to satisfy the linker, since
- // there is no direct functionality logic dependency in present UEFI cases.
- //
- return;
-}
-
-
-/* Converts a scalar double-precision floating point value to a 32-bit integer */
-long _ftol2_sse (double dblSource)
-{
- //
- // OpenSSL uses this function due to using floating-point inside it.
- // It is only present in 32-bit versions of the compiler.
- // Null _ftol2_sse() function implementation to satisfy the linker, since
- // there is no direct functionality logic dependency in present UEFI cases.
- //
- return 0;
-}
-
-/* Converts a scalar double-precision floating point value to a 32-bit integer */
-long _ftol2 (double dblSource)
-{
- //
- // Null _ftol2() function implementation to satisfy the linker, since
- // there is no direct functionality logic dependency in present UEFI cases.
- //
- return 0;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c b/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c
index feaa37145e..463f2bf855 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c
@@ -13,9 +13,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-#include <OpenSslSupport.h>
+#include <CrtLibSupport.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeLib.h>
+#include <Library/MemoryAllocationLib.h>
#include <Guid/EventGroup.h>
//----------------------------------------------------------------
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c
index 93e487dcef..581b8fb028 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c
@@ -2,7 +2,7 @@
C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementation
for OpenSSL-based Cryptographic Library (used in DXE & RUNTIME).
-Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -14,7 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <Uefi.h>
-#include <OpenSslSupport.h>
+#include <CrtLibSupport.h>
#include <Library/UefiRuntimeServicesTableLib.h>
//
--
2.11.1.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v2 08/11] CryptoPkg: Add extra build option to disable VS build warning
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
` (6 preceding siblings ...)
2017-03-23 13:19 ` [PATCH v2 07/11] CryptoPkg: Clean-up CRT Library Wrapper Qin Long
@ 2017-03-23 13:19 ` Qin Long
2017-03-23 13:19 ` [PATCH v2 09/11] CryptoPkg: Update HMAC Wrapper with opaque HMAC_CTX object Qin Long
` (4 subsequent siblings)
12 siblings, 0 replies; 33+ messages in thread
From: Qin Long @ 2017-03-23 13:19 UTC (permalink / raw)
To: edk2-devel
Cc: ting.ye, jiaxin.wu, lersek, ard.biesheuvel, glin, ronald.cron,
Moso.Lee, thomas.palmer
openssl/include/openssl/lhash.h will bring C4090 build warning
issue, which is one known issue for OpenSSL under Visual Studio
toolchain.
Refer to https://github.com/openssl/openssl/issues/2214 for more
discussions against this.
Use /wd4090 to silence this build warning until OpenSSL fix this.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
---
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 9 ++++++---
CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h | 6 ++++--
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 8 +++++++-
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 8 +++++++-
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 6 ++++++
CryptoPkg/Library/TlsLib/TlsLib.inf | 9 ++++++++-
6 files changed, 38 insertions(+), 8 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 1a8c41fd11..bb91f899ff 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -6,7 +6,7 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
-# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -93,9 +93,12 @@
# Remove these [BuildOptions] after this library is cleaned up
#
[BuildOptions]
+ #
# suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4305: truncation from type1 to type2 (Introduced by RFC3161 Timestamp ASN.1 declarations)
- MSFT:*_*_*_CC_FLAGS = /wd4305
+ # C4090: 'function' : different 'const' qualifiers
+ #
+ MSFT:*_*_*_CC_FLAGS = /wd4090
+
GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))" "-D__declspec(t)=__attribute__((t))"
# -JCryptoPkg/Include : To disable the use of the system includes provided by RVCT
diff --git a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
index 4f9f308a7d..8cccf72567 100644
--- a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
+++ b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
@@ -1,4 +1,4 @@
-/** @file
+/** @file
Internal include file for BaseCryptLib.
Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
@@ -15,6 +15,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#ifndef __INTERNAL_CRYPT_LIB_H__
#define __INTERNAL_CRYPT_LIB_H__
+#undef _WIN32
+#undef _WIN64
+
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h>
@@ -31,4 +34,3 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#endif
#endif
-
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index f56f90e26e..fdcd8b95f5 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -13,7 +13,7 @@
# PEM handler functions, and pseudorandom number generator functions are not
# supported in this instance.
#
-# Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -86,6 +86,12 @@
# Remove these [BuildOptions] after this library is cleaned up
#
[BuildOptions]
+ #
+ # suppress the following warnings so we do not break the build with warnings-as-errors:
+ # C4090: 'function' : different 'const' qualifiers
+ #
+ MSFT:*_*_*_CC_FLAGS = /wd4090
+
GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))" "-D__declspec(t)=__attribute__((t))"
# -JCryptoPkg/Include : To disable the use of the system includes provided by RVCT
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index e6daadef9d..05cd31674f 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -11,7 +11,7 @@
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
-# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -99,6 +99,12 @@
# Remove these [BuildOptions] after this library is cleaned up
#
[BuildOptions]
+ #
+ # suppress the following warnings so we do not break the build with warnings-as-errors:
+ # C4090: 'function' : different 'const' qualifiers
+ #
+ MSFT:*_*_*_CC_FLAGS = /wd4090
+
GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))" "-D__declspec(t)=__attribute__((t))"
# -JCryptoPkg/Include : To disable the use of the system includes provided by RVCT
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index e00a230cbc..5674714cea 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -97,5 +97,11 @@
# Remove these [BuildOptions] after this library is cleaned up
#
[BuildOptions]
+ #
+ # suppress the following warnings so we do not break the build with warnings-as-errors:
+ # C4090: 'function' : different 'const' qualifiers
+ #
+ MSFT:*_*_*_CC_FLAGS = /wd4090
+
GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))" "-D__declspec(t)=__attribute__((t))"
XCODE:*_*_*_CC_FLAGS = -mmmx -msse
diff --git a/CryptoPkg/Library/TlsLib/TlsLib.inf b/CryptoPkg/Library/TlsLib/TlsLib.inf
index 2122b3b595..d4ce646591 100644
--- a/CryptoPkg/Library/TlsLib/TlsLib.inf
+++ b/CryptoPkg/Library/TlsLib/TlsLib.inf
@@ -1,7 +1,7 @@
## @file
# SSL/TLS Wrapper Library Instance based on OpenSSL.
#
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -47,3 +47,10 @@
OpensslLib
IntrinsicLib
PrintLib
+
+[BuildOptions]
+ #
+ # suppress the following warnings so we do not break the build with warnings-as-errors:
+ # C4090: 'function' : different 'const' qualifiers
+ #
+ MSFT:*_*_*_CC_FLAGS = /wd4090
--
2.11.1.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v2 09/11] CryptoPkg: Update HMAC Wrapper with opaque HMAC_CTX object.
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
` (7 preceding siblings ...)
2017-03-23 13:19 ` [PATCH v2 08/11] CryptoPkg: Add extra build option to disable VS build warning Qin Long
@ 2017-03-23 13:19 ` Qin Long
2017-03-23 18:37 ` Laszlo Ersek
2017-03-23 13:19 ` [PATCH v2 10/11] CryptoPkg: Update PK Cipher Wrappers work with opaque objects Qin Long
` (3 subsequent siblings)
12 siblings, 1 reply; 33+ messages in thread
From: Qin Long @ 2017-03-23 13:19 UTC (permalink / raw)
To: edk2-devel
Cc: ting.ye, jiaxin.wu, lersek, ard.biesheuvel, glin, ronald.cron,
Moso.Lee, thomas.palmer
OpenSSL-1.1.xx makes most data structures opaque.
This patch updated HMAC Wrapper implementation with opaque
HMAC_CTX object.
The HmacXXGetContextSize() is marked as deprecated, and updated
to use the fixed HMAC_CTX size, which is just kept for compatibility.
New APIs (HmacXXNew(), HmacXXFree()) were added as the recommended
HMAC_CTX usage interfaces for HMAC-XXXX operations.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
---
CryptoPkg/Include/Library/BaseCryptLib.h | 93 +++++++++++++++++++++-
CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 77 +++++++++++++++---
.../Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c | 40 +++++++++-
.../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 75 +++++++++++++++--
.../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c | 40 +++++++++-
.../Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 75 +++++++++++++++--
.../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 40 +++++++++-
7 files changed, 411 insertions(+), 29 deletions(-)
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 9cc4776c30..9f0f202668 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -4,7 +4,7 @@
primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security
functionality enabling.
-Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -897,6 +897,8 @@ Sha512HashAll (
/**
Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
+ (NOTE: This API is deprecated.
+ Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.)
If this interface is not supported, then return zero.
@@ -911,6 +913,36 @@ HmacMd5GetContextSize (
);
/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
+
+ If this interface is not supported, then return NULL.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacMd5New() returns NULL.
+ @retval NULL This interface is not supported.
+
+**/
+VOID *
+EFIAPI
+HmacMd5New (
+ VOID
+ );
+
+/**
+ Release the specified HMAC_CTX context.
+
+ If this interface is not supported, then do nothing.
+
+ @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacMd5Free (
+ IN VOID *HmacMd5Ctx
+ );
+
+/**
Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
subsequent use.
@@ -1015,6 +1047,8 @@ HmacMd5Final (
/**
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
+ (NOTE: This API is deprecated.
+ Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operations.)
If this interface is not supported, then return zero.
@@ -1029,6 +1063,36 @@ HmacSha1GetContextSize (
);
/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
+
+ If this interface is not supported, then return NULL.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha1New() returns NULL.
+ @return NULL This interface is not supported.
+
+**/
+VOID *
+EFIAPI
+HmacSha1New (
+ VOID
+ );
+
+/**
+ Release the specified HMAC_CTX context.
+
+ If this interface is not supported, then do nothing.
+
+ @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha1Free (
+ IN VOID *HmacSha1Ctx
+ );
+
+/**
Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
subsequent use.
@@ -1133,6 +1197,8 @@ HmacSha1Final (
/**
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
+ (NOTE: This API is deprecated.
+ Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.)
If this interface is not supported, then return zero.
@@ -1147,6 +1213,31 @@ HmacSha256GetContextSize (
);
/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha256New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha256New (
+ VOID
+ );
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha256Free (
+ IN VOID *HmacSha256Ctx
+ );
+
+/**
Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for
subsequent use.
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
index 61750616c8..ff7b8e5466 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
@@ -1,7 +1,7 @@
/** @file
HMAC-MD5 Wrapper Implementation over OpenSSL.
-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -15,8 +15,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include "InternalCryptLib.h"
#include <openssl/hmac.h>
+#define HMAC_MD5_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \
+ sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK
+
/**
Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
+ (NOTE: This API is deprecated.
+ Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.)
@return The size, in bytes, of the context buffer required for HMAC-MD5 operations.
@@ -29,8 +34,49 @@ HmacMd5GetContextSize (
{
//
// Retrieves the OpenSSL HMAC-MD5 Context Size
+ // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just use the
+ // fixed size as a workaround to make this API work for compatibility.
+ // We should retire HmacMd5GetContextSize() in future, and use HmacMd5New()
+ // and HmacMd5Free() for context allocation and release.
//
- return (UINTN) (sizeof (HMAC_CTX));
+ return (UINTN) HMAC_MD5_CTX_SIZE;
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacMd5New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacMd5New (
+ VOID
+ )
+{
+ //
+ // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
+ //
+ return (VOID *) HMAC_CTX_new ();
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacMd5Free (
+ IN VOID *HmacMd5Ctx
+ )
+{
+ //
+ // Free OpenSSL HMAC_CTX Context
+ //
+ HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx);
}
/**
@@ -65,8 +111,13 @@ HmacMd5Init (
//
// OpenSSL HMAC-MD5 Context Initialization
//
- HMAC_CTX_init (HmacMd5Context);
- HMAC_Init_ex (HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL);
+ memset(HmacMd5Context, 0, HMAC_MD5_CTX_SIZE);
+ if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) != 1) {
+ return FALSE;
+ }
+ if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL) != 1) {
+ return FALSE;
+ }
return TRUE;
}
@@ -97,8 +148,10 @@ HmacMd5Duplicate (
if (HmacMd5Context == NULL || NewHmacMd5Context == NULL) {
return FALSE;
}
-
- CopyMem (NewHmacMd5Context, HmacMd5Context, sizeof (HMAC_CTX));
+
+ if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX *)HmacMd5Context) != 1) {
+ return FALSE;
+ }
return TRUE;
}
@@ -146,7 +199,9 @@ HmacMd5Update (
//
// OpenSSL HMAC-MD5 digest update
//
- HMAC_Update (HmacMd5Context, Data, DataSize);
+ if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) != 1) {
+ return FALSE;
+ }
return TRUE;
}
@@ -190,8 +245,12 @@ HmacMd5Final (
//
// OpenSSL HMAC-MD5 digest finalization
//
- HMAC_Final (HmacMd5Context, HmacValue, &Length);
- HMAC_CTX_cleanup (HmacMd5Context);
+ if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) != 1) {
+ return FALSE;
+ }
+ if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) != 1) {
+ return FALSE;
+ }
return TRUE;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
index b4bdde0433..bfe68ab916 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
@@ -1,7 +1,7 @@
/** @file
HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
-Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -16,6 +16,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/**
Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
+ (NOTE: This API is deprecated.
+ Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.)
Return zero to indicate this interface is not supported.
@@ -33,6 +35,42 @@ HmacMd5GetContextSize (
}
/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
+
+ Return NULL to indicate this interface is not supported.
+
+ @retval NULL This interface is not supported.
+
+**/
+VOID *
+EFIAPI
+HmacMd5New (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ This function will do nothing.
+
+ @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacMd5Free (
+ IN VOID *HmacMd5Ctx
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+/**
Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
subsequent use.
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
index e6602586ac..09c5867d53 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
@@ -1,7 +1,7 @@
/** @file
HMAC-SHA1 Wrapper Implementation over OpenSSL.
-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -15,8 +15,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include "InternalCryptLib.h"
#include <openssl/hmac.h>
+#define HMAC_SHA1_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \
+ sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK
+
/**
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
+ (NOTE: This API is deprecated.
+ Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operations.)
@return The size, in bytes, of the context buffer required for HMAC-SHA1 operations.
@@ -29,8 +34,49 @@ HmacSha1GetContextSize (
{
//
// Retrieves the OpenSSL HMAC-SHA1 Context Size
+ // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just use the
+ // fixed size as a workaround to make this API work for compatibility.
+ // We should retire HmacSha15GetContextSize() in future, and use HmacSha1New()
+ // and HmacSha1Free() for context allocation and release.
+ //
+ return (UINTN) HMAC_SHA1_CTX_SIZE;
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha1New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha1New (
+ VOID
+ )
+{
+ //
+ // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
+ //
+ return (VOID *) HMAC_CTX_new ();
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha1Free (
+ IN VOID *HmacSha1Ctx
+ )
+{
//
- return (UINTN) (sizeof (HMAC_CTX));
+ // Free OpenSSL HMAC_CTX Context
+ //
+ HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx);
}
/**
@@ -65,8 +111,13 @@ HmacSha1Init (
//
// OpenSSL HMAC-SHA1 Context Initialization
//
- HMAC_CTX_init (HmacSha1Context);
- HMAC_Init_ex (HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL);
+ memset(HmacSha1Context, 0, HMAC_SHA1_CTX_SIZE);
+ if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) != 1) {
+ return FALSE;
+ }
+ if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL) != 1) {
+ return FALSE;
+ }
return TRUE;
}
@@ -98,7 +149,9 @@ HmacSha1Duplicate (
return FALSE;
}
- CopyMem (NewHmacSha1Context, HmacSha1Context, sizeof (HMAC_CTX));
+ if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX *)HmacSha1Context) != 1) {
+ return FALSE;
+ }
return TRUE;
}
@@ -146,7 +199,9 @@ HmacSha1Update (
//
// OpenSSL HMAC-SHA1 digest update
//
- HMAC_Update (HmacSha1Context, Data, DataSize);
+ if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) != 1) {
+ return FALSE;
+ }
return TRUE;
}
@@ -190,8 +245,12 @@ HmacSha1Final (
//
// OpenSSL HMAC-SHA1 digest finalization
//
- HMAC_Final (HmacSha1Context, HmacValue, &Length);
- HMAC_CTX_cleanup (HmacSha1Context);
+ if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) != 1) {
+ return FALSE;
+ }
+ if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) != 1) {
+ return FALSE;
+ }
return TRUE;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
index b31d0d1402..466c4885c3 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
@@ -1,7 +1,7 @@
/** @file
HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
-Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -16,6 +16,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/**
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
+ (NOTE: This API is deprecated.
+ Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operations.)
Return zero to indicate this interface is not supported.
@@ -33,6 +35,42 @@ HmacSha1GetContextSize (
}
/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
+
+ Return NULL to indicate this interface is not supported.
+
+ @return NULL This interface is not supported..
+
+**/
+VOID *
+EFIAPI
+HmacSha1New (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ This function will do nothing.
+
+ @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha1Free (
+ IN VOID *HmacSha1Ctx
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+/**
Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
subsequent use.
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
index 7726e404f6..d6b3ae4883 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
@@ -1,7 +1,7 @@
/** @file
HMAC-SHA256 Wrapper Implementation over OpenSSL.
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -15,8 +15,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include "InternalCryptLib.h"
#include <openssl/hmac.h>
+#define HMAC_SHA256_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \
+ sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK
+
/**
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
+ (NOTE: This API is deprecated.
+ Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.)
@return The size, in bytes, of the context buffer required for HMAC-SHA256 operations.
@@ -29,8 +34,49 @@ HmacSha256GetContextSize (
{
//
// Retrieves the OpenSSL HMAC-SHA256 Context Size
+ // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just use the
+ // fixed size as a workaround to make this API work for compatibility.
+ // We should retire HmacSha256GetContextSize() in future, and use HmacSha256New()
+ // and HmacSha256Free() for context allocation and release.
+ //
+ return (UINTN)HMAC_SHA256_CTX_SIZE;
+}
+
+/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
+
+ @return Pointer to the HMAC_CTX context that has been initialized.
+ If the allocations fails, HmacSha256New() returns NULL.
+
+**/
+VOID *
+EFIAPI
+HmacSha256New (
+ VOID
+ )
+{
+ //
+ // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
+ //
+ return (VOID *) HMAC_CTX_new ();
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha256Free (
+ IN VOID *HmacSha256Ctx
+ )
+{
//
- return (UINTN) (sizeof (HMAC_CTX));
+ // Free OpenSSL HMAC_CTX Context
+ //
+ HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx);
}
/**
@@ -65,8 +111,13 @@ HmacSha256Init (
//
// OpenSSL HMAC-SHA256 Context Initialization
//
- HMAC_CTX_init (HmacSha256Context);
- HMAC_Init_ex (HmacSha256Context, Key, (UINT32) KeySize, EVP_sha256(), NULL);
+ memset(HmacSha256Context, 0, HMAC_SHA256_CTX_SIZE);
+ if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
+ return FALSE;
+ }
+ if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32) KeySize, EVP_sha256(), NULL) != 1) {
+ return FALSE;
+ }
return TRUE;
}
@@ -98,7 +149,9 @@ HmacSha256Duplicate (
return FALSE;
}
- CopyMem (NewHmacSha256Context, HmacSha256Context, sizeof (HMAC_CTX));
+ if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX *)HmacSha256Context) != 1) {
+ return FALSE;
+ }
return TRUE;
}
@@ -146,7 +199,9 @@ HmacSha256Update (
//
// OpenSSL HMAC-SHA256 digest update
//
- HMAC_Update (HmacSha256Context, Data, DataSize);
+ if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) != 1) {
+ return FALSE;
+ }
return TRUE;
}
@@ -190,8 +245,12 @@ HmacSha256Final (
//
// OpenSSL HMAC-SHA256 digest finalization
//
- HMAC_Final (HmacSha256Context, HmacValue, &Length);
- HMAC_CTX_cleanup (HmacSha256Context);
+ if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) != 1) {
+ return FALSE;
+ }
+ if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
+ return FALSE;
+ }
return TRUE;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
index 35abddaa92..1696fa1eb9 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c
@@ -1,7 +1,7 @@
/** @file
HMAC-SHA256 Wrapper Implementation which does not provide real capabilities.
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -16,6 +16,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/**
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
+ (NOTE: This API is deprecated.
+ Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.)
Return zero to indicate this interface is not supported.
@@ -33,6 +35,42 @@ HmacSha256GetContextSize (
}
/**
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
+
+ Return NULL to indicate this interface is not supported.
+
+ @return NULL This interface is not supported..
+
+**/
+VOID *
+EFIAPI
+HmacSha256New (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified HMAC_CTX context.
+
+ This function will do nothing.
+
+ @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+HmacSha256Free (
+ IN VOID *HmacSha256Ctx
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+/**
Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for
subsequent use.
--
2.11.1.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v2 10/11] CryptoPkg: Update PK Cipher Wrappers work with opaque objects.
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
` (8 preceding siblings ...)
2017-03-23 13:19 ` [PATCH v2 09/11] CryptoPkg: Update HMAC Wrapper with opaque HMAC_CTX object Qin Long
@ 2017-03-23 13:19 ` Qin Long
2017-03-23 18:38 ` Laszlo Ersek
2017-03-27 9:44 ` Gary Lin
2017-03-23 13:19 ` [PATCH v2 11/11] CryptoPkg/TlsLib: Update TLS Wrapper to align with OpenSSL changes Qin Long
` (2 subsequent siblings)
12 siblings, 2 replies; 33+ messages in thread
From: Qin Long @ 2017-03-23 13:19 UTC (permalink / raw)
To: edk2-devel
Cc: ting.ye, jiaxin.wu, lersek, ard.biesheuvel, glin, ronald.cron,
Moso.Lee, thomas.palmer
OpenSSL-1.1.xx makes most data structures opaque.
This patch updates Public Key Cipher Wrapper implementations in
BaseCryptLib to use the accessor APIs for opaque object access.
The impacted interfaces includes RSA, DH, X509, PKCS7, etc.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c | 69 +++-----
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c | 10 +-
.../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 68 +++++---
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 189 ++++++++++-----------
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | 70 +++-----
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 20 ++-
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 41 +++--
7 files changed, 218 insertions(+), 249 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
index a5d6e49b8f..f44684f907 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
@@ -1,7 +1,7 @@
/** @file
Diffie-Hellman Wrapper Implementation over OpenSSL.
-Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -16,7 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <openssl/bn.h>
#include <openssl/dh.h>
-
/**
Allocates and Initializes one Diffie-Hellman Context for subsequent use.
@@ -88,6 +87,7 @@ DhGenerateParameter (
)
{
BOOLEAN RetVal;
+ BIGNUM *BnP;
//
// Check input parameters.
@@ -105,7 +105,8 @@ DhGenerateParameter (
return FALSE;
}
- BN_bn2bin (((DH *) DhContext)->p, Prime);
+ DH_get0_pqg (DhContext, (const BIGNUM **)&BnP, NULL, NULL);
+ BN_bn2bin (BnP, Prime);
return TRUE;
}
@@ -141,7 +142,8 @@ DhSetParameter (
)
{
DH *Dh;
- BIGNUM *Bn;
+ BIGNUM *BnP;
+ BIGNUM *BnG;
//
// Check input parameters.
@@ -149,50 +151,27 @@ DhSetParameter (
if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
return FALSE;
}
-
+
if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
return FALSE;
}
- Bn = NULL;
-
- Dh = (DH *) DhContext;
- Dh->g = NULL;
- Dh->p = BN_new ();
- if (Dh->p == NULL) {
- goto Error;
- }
-
- Dh->g = BN_new ();
- if (Dh->g == NULL) {
- goto Error;
- }
-
- Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);
- if (Bn == NULL) {
- goto Error;
- }
-
- if (BN_set_word (Dh->g, (UINT32) Generator) == 0) {
+ //
+ // Set the generator and prime parameters for DH object.
+ //
+ Dh = (DH *)DhContext;
+ BnP = BN_bin2bn ((const unsigned char *)Prime, (int)(PrimeLength / 8), NULL);
+ BnG = BN_bin2bn ((const unsigned char *)&Generator, 1, NULL);
+ if ((BnP == NULL) || (BnG == NULL) || !DH_set0_pqg (Dh, BnP, NULL, BnG)) {
goto Error;
}
return TRUE;
Error:
+ BN_free (BnP);
+ BN_free (BnG);
- if (Dh->p != NULL) {
- BN_free (Dh->p);
- }
-
- if (Dh->g != NULL) {
- BN_free (Dh->g);
- }
-
- if (Bn != NULL) {
- BN_free (Bn);
- }
-
return FALSE;
}
@@ -228,6 +207,7 @@ DhGenerateKey (
{
BOOLEAN RetVal;
DH *Dh;
+ BIGNUM *DhPubKey;
INTN Size;
//
@@ -240,22 +220,19 @@ DhGenerateKey (
if (PublicKey == NULL && *PublicKeySize != 0) {
return FALSE;
}
-
+
Dh = (DH *) DhContext;
RetVal = (BOOLEAN) DH_generate_key (DhContext);
if (RetVal) {
- Size = BN_num_bytes (Dh->pub_key);
- if (Size <= 0) {
- *PublicKeySize = 0;
- return FALSE;
- }
- if (*PublicKeySize < (UINTN) Size) {
+ DH_get0_key (Dh, (const BIGNUM **)&DhPubKey, NULL);
+ Size = BN_num_bytes (DhPubKey);
+ if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) {
*PublicKeySize = Size;
return FALSE;
}
-
- BN_bn2bin (Dh->pub_key, PublicKey);
+
+ BN_bn2bin (DhPubKey, PublicKey);
*PublicKeySize = Size;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
index 704eb4ec94..d3b1a907aa 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
@@ -1,7 +1,7 @@
/** @file
PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
-Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -18,7 +18,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
-
/**
Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
Syntax Standard, version 1.5". This interface is only intended to be used for
@@ -184,13 +183,6 @@ _Exit:
//
// Release Resources
//
- if (RsaContext != NULL) {
- RsaFree (RsaContext);
- if (Key != NULL) {
- Key->pkey.rsa = NULL;
- }
- }
-
if (Key != NULL) {
EVP_PKEY_free (Key);
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
index dcaba43679..bf24e92127 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@@ -10,7 +10,7 @@
WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
Variable and will do basic check for data structure.
-Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -163,6 +163,7 @@ X509PopCertificate (
STACK_OF(X509) *CertStack;
BOOLEAN Status;
INT32 Result;
+ BUF_MEM *Ptr;
INT32 Length;
VOID *Buffer;
@@ -192,7 +193,8 @@ X509PopCertificate (
goto _Exit;
}
- Length = (INT32)(((BUF_MEM *) CertBio->ptr)->length);
+ BIO_get_mem_ptr (CertBio, &Ptr);
+ Length = (INT32)(Ptr->length);
if (Length <= 0) {
goto _Exit;
}
@@ -463,12 +465,15 @@ Pkcs7GetCertificatesList (
BOOLEAN Wrapped;
UINT8 Index;
PKCS7 *Pkcs7;
- X509_STORE_CTX CertCtx;
+ X509_STORE_CTX *CertCtx;
+ STACK_OF(X509) *CtxChain;
+ STACK_OF(X509) *CtxUntrusted;
+ X509 *CtxCert;
STACK_OF(X509) *Signers;
X509 *Signer;
X509 *Cert;
- X509 *TempCert;
X509 *Issuer;
+ X509_NAME *IssuerName;
UINT8 *CertBuf;
UINT8 *OldBuf;
UINTN BufferSize;
@@ -482,8 +487,11 @@ Pkcs7GetCertificatesList (
Status = FALSE;
NewP7Data = NULL;
Pkcs7 = NULL;
+ CertCtx = NULL;
+ CtxChain = NULL;
+ CtxCert = NULL;
+ CtxUntrusted = NULL;
Cert = NULL;
- TempCert = NULL;
SingleCert = NULL;
CertBuf = NULL;
OldBuf = NULL;
@@ -531,19 +539,26 @@ Pkcs7GetCertificatesList (
}
Signer = sk_X509_value (Signers, 0);
- if (!X509_STORE_CTX_init (&CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) {
+ CertCtx = X509_STORE_CTX_new ();
+ if (CertCtx == NULL) {
+ goto _Error;
+ }
+ if (!X509_STORE_CTX_init (CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) {
goto _Error;
}
//
// Initialize Chained & Untrusted stack
//
- if (CertCtx.chain == NULL) {
- if (((CertCtx.chain = sk_X509_new_null ()) == NULL) ||
- (!sk_X509_push (CertCtx.chain, CertCtx.cert))) {
+ CtxChain = X509_STORE_CTX_get0_chain (CertCtx);
+ CtxCert = X509_STORE_CTX_get0_cert (CertCtx);
+ if (CtxChain == NULL) {
+ if (((CtxChain = sk_X509_new_null ()) == NULL) ||
+ (!sk_X509_push (CtxChain, CtxCert))) {
goto _Error;
}
}
- (VOID)sk_X509_delete_ptr (CertCtx.untrusted, Signer);
+ CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);
+ (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);
//
// Build certificates stack chained from Signer's certificate.
@@ -553,27 +568,25 @@ Pkcs7GetCertificatesList (
//
// Self-Issue checking
//
- if (CertCtx.check_issued (&CertCtx, Cert, Cert)) {
- break;
+ Issuer = NULL;
+ if (X509_STORE_CTX_get1_issuer (&Issuer, CertCtx, Cert) == 1) {
+ if (X509_cmp (Issuer, Cert) == 0) {
+ break;
+ }
}
//
// Found the issuer of the current certificate
//
- if (CertCtx.untrusted != NULL) {
+ if (CtxUntrusted != NULL) {
Issuer = NULL;
- for (Index = 0; Index < sk_X509_num (CertCtx.untrusted); Index++) {
- TempCert = sk_X509_value (CertCtx.untrusted, Index);
- if (CertCtx.check_issued (&CertCtx, Cert, TempCert)) {
- Issuer = TempCert;
- break;
- }
- }
+ IssuerName = X509_get_issuer_name (Cert);
+ Issuer = X509_find_by_subject (CtxUntrusted, IssuerName);
if (Issuer != NULL) {
- if (!sk_X509_push (CertCtx.chain, Issuer)) {
+ if (!sk_X509_push (CtxChain, Issuer)) {
goto _Error;
}
- (VOID)sk_X509_delete_ptr (CertCtx.untrusted, Issuer);
+ (VOID)sk_X509_delete_ptr (CtxUntrusted, Issuer);
Cert = Issuer;
continue;
@@ -595,13 +608,13 @@ Pkcs7GetCertificatesList (
// UINT8 Certn[];
//
- if (CertCtx.chain != NULL) {
+ if (CtxChain != NULL) {
BufferSize = sizeof (UINT8);
OldSize = BufferSize;
CertBuf = NULL;
for (Index = 0; ; Index++) {
- Status = X509PopCertificate (CertCtx.chain, &SingleCert, &CertSize);
+ Status = X509PopCertificate (CtxChain, &SingleCert, &CertSize);
if (!Status) {
break;
}
@@ -639,13 +652,13 @@ Pkcs7GetCertificatesList (
}
}
- if (CertCtx.untrusted != NULL) {
+ if (CtxUntrusted != NULL) {
BufferSize = sizeof (UINT8);
OldSize = BufferSize;
CertBuf = NULL;
for (Index = 0; ; Index++) {
- Status = X509PopCertificate (CertCtx.untrusted, &SingleCert, &CertSize);
+ Status = X509PopCertificate (CtxUntrusted, &SingleCert, &CertSize);
if (!Status) {
break;
}
@@ -698,7 +711,8 @@ _Error:
}
sk_X509_free (Signers);
- X509_STORE_CTX_cleanup (&CertCtx);
+ X509_STORE_CTX_cleanup (CertCtx);
+ X509_STORE_CTX_free (CertCtx);
if (SingleCert != NULL) {
free (SingleCert);
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
index e68dd02480..ba1bcf0f0b 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
@@ -7,7 +7,7 @@
3) RsaSetKey
4) RsaPkcs1Verify
-Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -92,7 +92,15 @@ RsaSetKey (
IN UINTN BnSize
)
{
- RSA *RsaKey;
+ RSA *RsaKey;
+ BIGNUM *BnN;
+ BIGNUM *BnE;
+ BIGNUM *BnD;
+ BIGNUM *BnP;
+ BIGNUM *BnQ;
+ BIGNUM *BnDp;
+ BIGNUM *BnDq;
+ BIGNUM *BnQInv;
//
// Check input parameters.
@@ -101,7 +109,23 @@ RsaSetKey (
return FALSE;
}
+ BnN = NULL;
+ BnE = NULL;
+ BnD = NULL;
+ BnP = NULL;
+ BnQ = NULL;
+ BnDp = NULL;
+ BnDq = NULL;
+ BnQInv = NULL;
+
+ //
+ // Retrieve the components from RSA object.
+ //
RsaKey = (RSA *) RsaContext;
+ RSA_get0_key (RsaKey, (const BIGNUM **)&BnN, (const BIGNUM **)&BnE, (const BIGNUM **)&BnD);
+ RSA_get0_factors (RsaKey, (const BIGNUM **)&BnP, (const BIGNUM **)&BnQ);
+ RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnDp, (const BIGNUM **)&BnDq, (const BIGNUM **)&BnQInv);
+
//
// Set RSA Key Components by converting octet string to OpenSSL BN representation.
// NOTE: For RSA public key (used in signature verification), only public components
@@ -110,144 +134,109 @@ RsaSetKey (
switch (KeyTag) {
//
- // RSA Public Modulus (N)
+ // RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)
//
case RsaKeyN:
- if (RsaKey->n != NULL) {
- BN_free (RsaKey->n);
- }
- RsaKey->n = NULL;
- if (BigNumber == NULL) {
- break;
- }
- RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);
- if (RsaKey->n == NULL) {
- return FALSE;
- }
-
- break;
-
- //
- // RSA Public Exponent (e)
- //
case RsaKeyE:
- if (RsaKey->e != NULL) {
- BN_free (RsaKey->e);
+ case RsaKeyD:
+ if (BnN == NULL) {
+ BnN = BN_new ();
}
- RsaKey->e = NULL;
- if (BigNumber == NULL) {
- break;
+ if (BnE == NULL) {
+ BnE = BN_new ();
}
- RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);
- if (RsaKey->e == NULL) {
- return FALSE;
+ if (BnD == NULL) {
+ BnD = BN_new ();
}
- break;
-
- //
- // RSA Private Exponent (d)
- //
- case RsaKeyD:
- if (RsaKey->d != NULL) {
- BN_free (RsaKey->d);
- }
- RsaKey->d = NULL;
- if (BigNumber == NULL) {
- break;
- }
- RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);
- if (RsaKey->d == NULL) {
+ if ((BnN == NULL) || (BnE == NULL) || (BnD == NULL)) {
return FALSE;
}
- break;
-
- //
- // RSA Secret Prime Factor of Modulus (p)
- //
- case RsaKeyP:
- if (RsaKey->p != NULL) {
- BN_free (RsaKey->p);
- }
- RsaKey->p = NULL;
- if (BigNumber == NULL) {
+ switch (KeyTag) {
+ case RsaKeyN:
+ BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);
+ break;
+ case RsaKeyE:
+ BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);
break;
+ case RsaKeyD:
+ BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);
+ break;
+ default:
+ return FALSE;
}
- RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);
- if (RsaKey->p == NULL) {
+ if (RSA_set0_key (RsaKey, BN_dup(BnN), BN_dup(BnE), BN_dup(BnD)) == 0) {
return FALSE;
}
break;
//
- // RSA Secret Prime Factor of Modules (q)
+ // RSA Secret Prime Factor of Modulus (p and q)
//
+ case RsaKeyP:
case RsaKeyQ:
- if (RsaKey->q != NULL) {
- BN_free (RsaKey->q);
+ if (BnP == NULL) {
+ BnP = BN_new ();
}
- RsaKey->q = NULL;
- if (BigNumber == NULL) {
- break;
+ if (BnQ == NULL) {
+ BnQ = BN_new ();
}
- RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);
- if (RsaKey->q == NULL) {
+ if ((BnP == NULL) || (BnQ == NULL)) {
return FALSE;
}
- break;
-
- //
- // p's CRT Exponent (== d mod (p - 1))
- //
- case RsaKeyDp:
- if (RsaKey->dmp1 != NULL) {
- BN_free (RsaKey->dmp1);
- }
- RsaKey->dmp1 = NULL;
- if (BigNumber == NULL) {
+ switch (KeyTag) {
+ case RsaKeyP:
+ BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);
break;
+ case RsaKeyQ:
+ BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);
+ break;
+ default:
+ return FALSE;
}
- RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);
- if (RsaKey->dmp1 == NULL) {
+ if (RSA_set0_factors (RsaKey, BN_dup(BnP), BN_dup(BnQ)) == 0) {
return FALSE;
}
break;
//
- // q's CRT Exponent (== d mod (q - 1))
+ // p's CRT Exponent (== d mod (p - 1)), q's CRT Exponent (== d mod (q - 1)),
+ // and CRT Coefficient (== 1/q mod p)
//
+ case RsaKeyDp:
case RsaKeyDq:
- if (RsaKey->dmq1 != NULL) {
- BN_free (RsaKey->dmq1);
+ case RsaKeyQInv:
+ if (BnDp == NULL) {
+ BnDp = BN_new ();
}
- RsaKey->dmq1 = NULL;
- if (BigNumber == NULL) {
- break;
+ if (BnDq == NULL) {
+ BnDq = BN_new ();
}
- RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);
- if (RsaKey->dmq1 == NULL) {
+ if (BnQInv == NULL) {
+ BnQInv = BN_new ();
+ }
+ if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) {
return FALSE;
}
- break;
-
- //
- // The CRT Coefficient (== 1/q mod p)
- //
- case RsaKeyQInv:
- if (RsaKey->iqmp != NULL) {
- BN_free (RsaKey->iqmp);
- }
- RsaKey->iqmp = NULL;
- if (BigNumber == NULL) {
+ switch (KeyTag) {
+ case RsaKeyDp:
+ BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);
+ break;
+ case RsaKeyDq:
+ BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);
+ break;
+ case RsaKeyQInv:
+ BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);
break;
+ default:
+ return FALSE;
}
- RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);
- if (RsaKey->iqmp == NULL) {
+ if (RSA_set0_crt_params (RsaKey, BN_dup(BnDp), BN_dup(BnDq), BN_dup(BnQInv)) == 0) {
return FALSE;
}
@@ -311,11 +300,11 @@ RsaPkcs1Verify (
case MD5_DIGEST_SIZE:
DigestType = NID_md5;
break;
-
+
case SHA1_DIGEST_SIZE:
DigestType = NID_sha1;
break;
-
+
case SHA256_DIGEST_SIZE:
DigestType = NID_sha256;
break;
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
index 30552e4f4b..ca32b1ecc3 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
@@ -7,7 +7,7 @@
3) RsaCheckKey
4) RsaPkcs1Sign
-Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -74,6 +74,7 @@ RsaGetKey (
RsaKey = (RSA *) RsaContext;
Size = *BnSize;
*BnSize = 0;
+ BnKey = NULL;
switch (KeyTag) {
@@ -81,86 +82,66 @@ RsaGetKey (
// RSA Public Modulus (N)
//
case RsaKeyN:
- if (RsaKey->n == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->n;
+ RSA_get0_key (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
break;
//
// RSA Public Exponent (e)
//
case RsaKeyE:
- if (RsaKey->e == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->e;
+ RSA_get0_key (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
break;
//
// RSA Private Exponent (d)
//
case RsaKeyD:
- if (RsaKey->d == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->d;
+ RSA_get0_key (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
break;
//
// RSA Secret Prime Factor of Modulus (p)
//
case RsaKeyP:
- if (RsaKey->p == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->p;
+ RSA_get0_factors (RsaKey, (const BIGNUM **)&BnKey, NULL);
break;
//
// RSA Secret Prime Factor of Modules (q)
//
case RsaKeyQ:
- if (RsaKey->q == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->q;
+ RSA_get0_factors (RsaKey, NULL, (const BIGNUM **)&BnKey);
break;
//
// p's CRT Exponent (== d mod (p - 1))
//
case RsaKeyDp:
- if (RsaKey->dmp1 == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->dmp1;
+ RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
break;
//
// q's CRT Exponent (== d mod (q - 1))
//
case RsaKeyDq:
- if (RsaKey->dmq1 == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->dmq1;
+ RSA_get0_crt_params (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
break;
//
// The CRT Coefficient (== 1/q mod p)
//
case RsaKeyQInv:
- if (RsaKey->iqmp == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->iqmp;
+ RSA_get0_crt_params (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
break;
default:
return FALSE;
}
+ if (BnKey == NULL) {
+ return FALSE;
+ }
+
*BnSize = Size;
Size = BN_num_bytes (BnKey);
@@ -170,10 +151,11 @@ RsaGetKey (
}
if (BigNumber == NULL) {
- return FALSE;
+ *BnSize = Size;
+ return TRUE;
}
*BnSize = BN_bn2bin (BnKey, BigNumber) ;
-
+
return TRUE;
}
@@ -216,14 +198,14 @@ RsaGenerateKey (
if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) {
return FALSE;
}
-
+
KeyE = BN_new ();
if (KeyE == NULL) {
return FALSE;
}
RetVal = FALSE;
-
+
if (PublicExponent == NULL) {
if (BN_set_word (KeyE, 0x10001) == 0) {
goto _Exit;
@@ -276,7 +258,7 @@ RsaCheckKey (
if (RsaContext == NULL) {
return FALSE;
}
-
+
if (RSA_check_key ((RSA *) RsaContext) != 1) {
Reason = ERR_GET_REASON (ERR_peek_last_error ());
if (Reason == RSA_R_P_NOT_PRIME ||
@@ -337,17 +319,17 @@ RsaPkcs1Sign (
}
Rsa = (RSA *) RsaContext;
- Size = BN_num_bytes (Rsa->n);
+ Size = RSA_size (Rsa);
if (*SigSize < Size) {
*SigSize = Size;
return FALSE;
}
-
+
if (Signature == NULL) {
return FALSE;
}
-
+
//
// Determine the message digest algorithm according to digest size.
// Only MD5, SHA-1 or SHA-256 algorithm is supported.
@@ -356,18 +338,18 @@ RsaPkcs1Sign (
case MD5_DIGEST_SIZE:
DigestType = NID_md5;
break;
-
+
case SHA1_DIGEST_SIZE:
DigestType = NID_sha1;
break;
-
+
case SHA256_DIGEST_SIZE:
DigestType = NID_sha256;
break;
default:
return FALSE;
- }
+ }
return (BOOLEAN) RSA_sign (
DigestType,
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index 1b78472f4d..d63c23df09 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -5,7 +5,7 @@
the lifetime of the signature when a signing certificate expires or is later
revoked.
-Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2014 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -239,7 +239,7 @@ CheckTSTInfo (
TS_MESSAGE_IMPRINT *Imprint;
X509_ALGOR *HashAlgo;
CONST EVP_MD *Md;
- EVP_MD_CTX MdCtx;
+ EVP_MD_CTX *MdCtx;
UINTN MdSize;
UINT8 *HashedMsg;
@@ -249,6 +249,7 @@ CheckTSTInfo (
Status = FALSE;
HashAlgo = NULL;
HashedMsg = NULL;
+ MdCtx = NULL;
//
// -- Check version number of Timestamp:
@@ -285,11 +286,17 @@ CheckTSTInfo (
if (HashedMsg == NULL) {
goto _Exit;
}
- EVP_DigestInit (&MdCtx, Md);
- EVP_DigestUpdate (&MdCtx, TimestampedData, DataSize);
- EVP_DigestFinal (&MdCtx, HashedMsg, NULL);
+ MdCtx = EVP_MD_CTX_new ();
+ if (MdCtx == NULL) {
+ goto _Exit;
+ }
+ if ((EVP_DigestInit_ex (MdCtx, Md, NULL) != 1) ||
+ (EVP_DigestUpdate (MdCtx, TimestampedData, DataSize) != 1) ||
+ (EVP_DigestFinal (MdCtx, HashedMsg, NULL) != 1)) {
+ goto _Exit;
+ }
if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) &&
- (CompareMem (HashedMsg, ASN1_STRING_data (Imprint->HashedMessage), MdSize) != 0)) {
+ (CompareMem (HashedMsg, ASN1_STRING_get0_data (Imprint->HashedMessage), MdSize) != 0)) {
goto _Exit;
}
@@ -315,6 +322,7 @@ CheckTSTInfo (
_Exit:
X509_ALGOR_free (HashAlgo);
+ EVP_MD_CTX_free (MdCtx);
if (HashedMsg != NULL) {
FreePool (HashedMsg);
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 7dc4596759..7d275977c5 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -1,7 +1,7 @@
/** @file
X.509 Certificate Handler Wrapper Implementation over OpenSSL.
-Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -73,7 +73,7 @@ X509ConstructCertificate (
@param ... A list of DER-encoded single certificate data followed
by certificate size. A NULL terminates the list. The
pairs are the arguments to X509ConstructCertificate().
-
+
@retval TRUE The X509 stack construction succeeded.
@retval FALSE The construction operation failed.
@@ -82,7 +82,7 @@ BOOLEAN
EFIAPI
X509ConstructCertificateStack (
IN OUT UINT8 **X509Stack,
- ...
+ ...
)
{
UINT8 *Cert;
@@ -175,14 +175,14 @@ EFIAPI
X509Free (
IN VOID *X509Cert
)
-{
+{
//
// Check input parameters.
//
if (X509Cert == NULL) {
return;
}
-
+
//
// Free OpenSSL X509 object.
//
@@ -209,7 +209,7 @@ X509StackFree (
if (X509Stack == NULL) {
return;
}
-
+
//
// Free OpenSSL X509 stack object.
//
@@ -324,7 +324,7 @@ RsaGetPublicKeyFromX509 (
BOOLEAN Status;
EVP_PKEY *Pkey;
X509 *X509Cert;
-
+
//
// Check input parameters.
//
@@ -350,14 +350,14 @@ RsaGetPublicKeyFromX509 (
// Retrieve and check EVP_PKEY data from X509 Certificate.
//
Pkey = X509_get_pubkey (X509Cert);
- if ((Pkey == NULL) || (Pkey->type != EVP_PKEY_RSA)) {
+ if ((Pkey == NULL) || (EVP_PKEY_id (Pkey) != EVP_PKEY_RSA)) {
goto _Exit;
}
//
// Duplicate RSA Context from the retrieved EVP_PKEY.
//
- if ((*RsaContext = RSAPublicKey_dup (Pkey->pkey.rsa)) != NULL) {
+ if ((*RsaContext = RSAPublicKey_dup (EVP_PKEY_get0_RSA (Pkey))) != NULL) {
Status = TRUE;
}
@@ -371,7 +371,7 @@ _Exit:
if (Pkey != NULL) {
EVP_PKEY_free (Pkey);
- }
+ }
return Status;
}
@@ -405,8 +405,8 @@ X509VerifyCert (
X509 *X509Cert;
X509 *X509CACert;
X509_STORE *CertStore;
- X509_STORE_CTX CertCtx;
-
+ X509_STORE_CTX *CertCtx;
+
//
// Check input parameters.
//
@@ -418,6 +418,7 @@ X509VerifyCert (
X509Cert = NULL;
X509CACert = NULL;
CertStore = NULL;
+ CertCtx = NULL;
//
// Register & Initialize necessary digest algorithms for certificate verification.
@@ -473,15 +474,19 @@ X509VerifyCert (
//
// Set up X509_STORE_CTX for the subsequent verification operation.
//
- if (!X509_STORE_CTX_init (&CertCtx, CertStore, X509Cert, NULL)) {
+ CertCtx = X509_STORE_CTX_new ();
+ if (CertCtx == NULL) {
+ goto _Exit;
+ }
+ if (!X509_STORE_CTX_init (CertCtx, CertStore, X509Cert, NULL)) {
goto _Exit;
}
//
// X509 Certificate Verification.
//
- Status = (BOOLEAN) X509_verify_cert (&CertCtx);
- X509_STORE_CTX_cleanup (&CertCtx);
+ Status = (BOOLEAN) X509_verify_cert (CertCtx);
+ X509_STORE_CTX_cleanup (CertCtx);
_Exit:
//
@@ -498,7 +503,9 @@ _Exit:
if (CertStore != NULL) {
X509_STORE_free (CertStore);
}
-
+
+ X509_STORE_CTX_free (CertCtx);
+
return Status;
}
@@ -575,6 +582,6 @@ X509GetTBSCert (
}
*TBSCertSize = Length + (Temp - *TBSCert);
-
+
return TRUE;
}
--
2.11.1.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v2 11/11] CryptoPkg/TlsLib: Update TLS Wrapper to align with OpenSSL changes.
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
` (9 preceding siblings ...)
2017-03-23 13:19 ` [PATCH v2 10/11] CryptoPkg: Update PK Cipher Wrappers work with opaque objects Qin Long
@ 2017-03-23 13:19 ` Qin Long
2017-03-23 16:23 ` Palmer, Thomas
2017-03-24 5:40 ` Wu, Jiaxin
2017-03-23 17:28 ` [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Laszlo Ersek
2017-03-28 8:19 ` Ye, Ting
12 siblings, 2 replies; 33+ messages in thread
From: Qin Long @ 2017-03-23 13:19 UTC (permalink / raw)
To: edk2-devel
Cc: ting.ye, jiaxin.wu, lersek, ard.biesheuvel, glin, ronald.cron,
Moso.Lee, thomas.palmer
This patch update the wrapper implementation in TlsLib to align
with the latest OpenSSL-1.1.0xx API changes.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Palmer Thomas <thomas.palmer@hpe.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
---
CryptoPkg/Library/TlsLib/InternalTlsLib.h | 5 ++-
CryptoPkg/Library/TlsLib/TlsConfig.c | 21 ++++++++-----
CryptoPkg/Library/TlsLib/TlsInit.c | 51 +++++++++----------------------
3 files changed, 31 insertions(+), 46 deletions(-)
diff --git a/CryptoPkg/Library/TlsLib/InternalTlsLib.h b/CryptoPkg/Library/TlsLib/InternalTlsLib.h
index e75146648d..97727361e8 100644
--- a/CryptoPkg/Library/TlsLib/InternalTlsLib.h
+++ b/CryptoPkg/Library/TlsLib/InternalTlsLib.h
@@ -1,7 +1,7 @@
/** @file
Internal include file for TlsLib.
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -15,6 +15,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#ifndef __INTERNAL_TLS_LIB_H__
#define __INTERNAL_TLS_LIB_H__
+#undef _WIN32
+#undef _WIN64
+
#include <Library/BaseCryptLib.h>
#include <openssl/ssl.h>
#include <openssl/bio.h>
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index f103da4321..43e275d400 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -128,24 +128,30 @@ TlsSetVersion (
ProtoVersion = (MajorVer << 8) | MinorVer;
+ //
+ // Bound TLS method to the particular specified version.
+ //
switch (ProtoVersion) {
case TLS1_VERSION:
//
// TLS 1.0
//
- SSL_set_ssl_method (TlsConn->Ssl, TLSv1_method ());
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_VERSION);
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_VERSION);
break;
case TLS1_1_VERSION:
//
// TLS 1.1
//
- SSL_set_ssl_method (TlsConn->Ssl, TLSv1_1_method ());
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
break;
case TLS1_2_VERSION:
//
// TLS 1.2
//
- SSL_set_ssl_method (TlsConn->Ssl, TLSv1_2_method ());
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
break;
default:
//
@@ -384,8 +390,7 @@ TlsSetSessionId (
return EFI_UNSUPPORTED;
}
- Session->session_id_length = SessionIdLen;
- CopyMem (Session->session_id, SessionId, Session->session_id_length);
+ SSL_SESSION_set1_id (Session, (const unsigned char *)SessionId, SessionIdLen);
return EFI_SUCCESS;
}
@@ -847,7 +852,7 @@ TlsGetClientRandom (
return;
}
- CopyMem (ClientRandom, TlsConn->Ssl->s3->client_random, SSL3_RANDOM_SIZE);
+ SSL_get_client_random (TlsConn->Ssl, ClientRandom, SSL3_RANDOM_SIZE);
}
/**
@@ -876,7 +881,7 @@ TlsGetServerRandom (
return;
}
- CopyMem (ServerRandom, TlsConn->Ssl->s3->server_random, SSL3_RANDOM_SIZE);
+ SSL_get_server_random (TlsConn->Ssl, ServerRandom, SSL3_RANDOM_SIZE);
}
/**
@@ -916,7 +921,7 @@ TlsGetKeyMaterial (
return EFI_UNSUPPORTED;
}
- CopyMem (KeyMaterial, Session->master_key, Session->master_key_length);
+ SSL_SESSION_get_master_key (Session, KeyMaterial, SSL3_MASTER_SECRET_SIZE);
return EFI_SUCCESS;
}
diff --git a/CryptoPkg/Library/TlsLib/TlsInit.c b/CryptoPkg/Library/TlsLib/TlsInit.c
index 6b1fd93ea9..f32148ac9a 100644
--- a/CryptoPkg/Library/TlsLib/TlsInit.c
+++ b/CryptoPkg/Library/TlsLib/TlsInit.c
@@ -1,7 +1,7 @@
/** @file
SSL/TLS Initialization Library Wrapper Implementation over OpenSSL.
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -33,14 +33,10 @@ TlsInitialize (
// Performs initialization of crypto and ssl library, and loads required
// algorithms.
//
- SSL_library_init ();
-
- //
- // Loads error strings from both crypto and ssl library.
- //
- SSL_load_error_strings ();
-
- /// OpenSSL_add_all_algorithms();
+ OPENSSL_init_ssl (
+ OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS,
+ NULL
+ );
//
// Initialize the pseudorandom number generator.
@@ -103,34 +99,10 @@ TlsCtxNew (
SSL_CTX_set_options (TlsCtx, SSL_OP_NO_SSLv3);
//
- // Treat as minimum accepted versions. Client can use higher
- // TLS version if server supports it
- //
- switch (ProtoVersion) {
- case TLS1_VERSION:
- //
- // TLS 1.0
- //
- break;
- case TLS1_1_VERSION:
- //
- // TLS 1.1
- //
- SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1);
- break;
- case TLS1_2_VERSION:
- //
- // TLS 1.2
- //
- SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1);
- SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1_1);
- break;
- default:
- //
- // Unsupported TLS/SSL Protocol Version.
- //
- break;
- }
+ // Treat as minimum accepted versions by setting the minimal bound.
+ // Client can use higher TLS version if server supports it
+ //
+ SSL_CTX_set_min_proto_version (TlsCtx, ProtoVersion);
return (VOID *) TlsCtx;
}
@@ -220,6 +192,11 @@ TlsNew (
}
//
+ // This retains compatibility with previous version of OpenSSL.
+ //
+ SSL_set_security_level (TlsConn->Ssl, 0);
+
+ //
// Initialize the created SSL Object
//
SSL_set_info_callback (TlsConn->Ssl, NULL);
--
2.11.1.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* Re: [PATCH v2 11/11] CryptoPkg/TlsLib: Update TLS Wrapper to align with OpenSSL changes.
2017-03-23 13:19 ` [PATCH v2 11/11] CryptoPkg/TlsLib: Update TLS Wrapper to align with OpenSSL changes Qin Long
@ 2017-03-23 16:23 ` Palmer, Thomas
2017-03-24 5:40 ` Wu, Jiaxin
1 sibling, 0 replies; 33+ messages in thread
From: Palmer, Thomas @ 2017-03-23 16:23 UTC (permalink / raw)
To: Qin Long, edk2-devel@lists.01.org
Cc: ting.ye@intel.com, jiaxin.wu@intel.com, lersek@redhat.com,
ard.biesheuvel@linaro.org, glin@suse.com, ronald.cron@arm.com,
Moso.Lee@citrix.com
This looks fine. I will do additional testing once I pull this into my tree. Thanks Qin/Jiaxin!
Regards,
Thomas Palmer
"I have only made this letter longer because I have not had the time to make it shorter" - Blaise Pascal
-----Original Message-----
From: Qin Long [mailto:qin.long@intel.com]
Sent: Thursday, March 23, 2017 8:20 AM
To: edk2-devel@lists.01.org
Cc: ting.ye@intel.com; jiaxin.wu@intel.com; lersek@redhat.com; ard.biesheuvel@linaro.org; glin@suse.com; ronald.cron@arm.com; Moso.Lee@citrix.com; Palmer, Thomas <thomas.palmer@hpe.com>
Subject: [PATCH v2 11/11] CryptoPkg/TlsLib: Update TLS Wrapper to align with OpenSSL changes.
This patch update the wrapper implementation in TlsLib to align with the latest OpenSSL-1.1.0xx API changes.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Palmer Thomas <thomas.palmer@hpe.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
---
CryptoPkg/Library/TlsLib/InternalTlsLib.h | 5 ++-
CryptoPkg/Library/TlsLib/TlsConfig.c | 21 ++++++++-----
CryptoPkg/Library/TlsLib/TlsInit.c | 51 +++++++++----------------------
3 files changed, 31 insertions(+), 46 deletions(-)
diff --git a/CryptoPkg/Library/TlsLib/InternalTlsLib.h b/CryptoPkg/Library/TlsLib/InternalTlsLib.h
index e75146648d..97727361e8 100644
--- a/CryptoPkg/Library/TlsLib/InternalTlsLib.h
+++ b/CryptoPkg/Library/TlsLib/InternalTlsLib.h
@@ -1,7 +1,7 @@
/** @file
Internal include file for TlsLib.
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -15,6 +15,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#ifndef __INTERNAL_TLS_LIB_H__
#define __INTERNAL_TLS_LIB_H__
+#undef _WIN32
+#undef _WIN64
+
#include <Library/BaseCryptLib.h>
#include <openssl/ssl.h>
#include <openssl/bio.h>
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index f103da4321..43e275d400 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -128,24 +128,30 @@ TlsSetVersion (
ProtoVersion = (MajorVer << 8) | MinorVer;
+ //
+ // Bound TLS method to the particular specified version.
+ //
switch (ProtoVersion) {
case TLS1_VERSION:
//
// TLS 1.0
//
- SSL_set_ssl_method (TlsConn->Ssl, TLSv1_method ());
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_VERSION);
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_VERSION);
break;
case TLS1_1_VERSION:
//
// TLS 1.1
//
- SSL_set_ssl_method (TlsConn->Ssl, TLSv1_1_method ());
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
break;
case TLS1_2_VERSION:
//
// TLS 1.2
//
- SSL_set_ssl_method (TlsConn->Ssl, TLSv1_2_method ());
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
break;
default:
//
@@ -384,8 +390,7 @@ TlsSetSessionId (
return EFI_UNSUPPORTED;
}
- Session->session_id_length = SessionIdLen;
- CopyMem (Session->session_id, SessionId, Session->session_id_length);
+ SSL_SESSION_set1_id (Session, (const unsigned char *)SessionId,
+ SessionIdLen);
return EFI_SUCCESS;
}
@@ -847,7 +852,7 @@ TlsGetClientRandom (
return;
}
- CopyMem (ClientRandom, TlsConn->Ssl->s3->client_random, SSL3_RANDOM_SIZE);
+ SSL_get_client_random (TlsConn->Ssl, ClientRandom, SSL3_RANDOM_SIZE);
}
/**
@@ -876,7 +881,7 @@ TlsGetServerRandom (
return;
}
- CopyMem (ServerRandom, TlsConn->Ssl->s3->server_random, SSL3_RANDOM_SIZE);
+ SSL_get_server_random (TlsConn->Ssl, ServerRandom, SSL3_RANDOM_SIZE);
}
/**
@@ -916,7 +921,7 @@ TlsGetKeyMaterial (
return EFI_UNSUPPORTED;
}
- CopyMem (KeyMaterial, Session->master_key, Session->master_key_length);
+ SSL_SESSION_get_master_key (Session, KeyMaterial,
+ SSL3_MASTER_SECRET_SIZE);
return EFI_SUCCESS;
}
diff --git a/CryptoPkg/Library/TlsLib/TlsInit.c b/CryptoPkg/Library/TlsLib/TlsInit.c
index 6b1fd93ea9..f32148ac9a 100644
--- a/CryptoPkg/Library/TlsLib/TlsInit.c
+++ b/CryptoPkg/Library/TlsLib/TlsInit.c
@@ -1,7 +1,7 @@
/** @file
SSL/TLS Initialization Library Wrapper Implementation over OpenSSL.
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -33,14 +33,10 @@ TlsInitialize (
// Performs initialization of crypto and ssl library, and loads required
// algorithms.
//
- SSL_library_init ();
-
- //
- // Loads error strings from both crypto and ssl library.
- //
- SSL_load_error_strings ();
-
- /// OpenSSL_add_all_algorithms();
+ OPENSSL_init_ssl (
+ OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS,
+ NULL
+ );
//
// Initialize the pseudorandom number generator.
@@ -103,34 +99,10 @@ TlsCtxNew (
SSL_CTX_set_options (TlsCtx, SSL_OP_NO_SSLv3);
//
- // Treat as minimum accepted versions. Client can use higher
- // TLS version if server supports it
- //
- switch (ProtoVersion) {
- case TLS1_VERSION:
- //
- // TLS 1.0
- //
- break;
- case TLS1_1_VERSION:
- //
- // TLS 1.1
- //
- SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1);
- break;
- case TLS1_2_VERSION:
- //
- // TLS 1.2
- //
- SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1);
- SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1_1);
- break;
- default:
- //
- // Unsupported TLS/SSL Protocol Version.
- //
- break;
- }
+ // Treat as minimum accepted versions by setting the minimal bound.
+ // Client can use higher TLS version if server supports it //
+ SSL_CTX_set_min_proto_version (TlsCtx, ProtoVersion);
return (VOID *) TlsCtx;
}
@@ -220,6 +192,11 @@ TlsNew (
}
//
+ // This retains compatibility with previous version of OpenSSL.
+ //
+ SSL_set_security_level (TlsConn->Ssl, 0);
+
+ //
// Initialize the created SSL Object
//
SSL_set_info_callback (TlsConn->Ssl, NULL);
--
2.11.1.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* Re: [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
` (10 preceding siblings ...)
2017-03-23 13:19 ` [PATCH v2 11/11] CryptoPkg/TlsLib: Update TLS Wrapper to align with OpenSSL changes Qin Long
@ 2017-03-23 17:28 ` Laszlo Ersek
2017-03-28 8:19 ` Ye, Ting
12 siblings, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2017-03-23 17:28 UTC (permalink / raw)
To: Qin Long, edk2-devel
Cc: ard.biesheuvel, ting.ye, ronald.cron, jiaxin.wu, glin
On 03/23/17 14:19, Qin Long wrote:
> V2 Changes:
> 1. Re-format patch series & handle some format fixes
> (as Laszlo Ersek's comments);
> 2. Updated TlsLib Wrapper (as Thomas Palmer's comments);
> 3. Add "ENGINESDIR" definition to support OpenSSL build if
> engine is enabled (as Moso Lee's comments)
Was #3 a public comment? I don't recall seeing it on the list.
(Not arguing against #3, I just think that comments should preferably be
public.)
Thanks,
Laszlo
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 01/11] CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0x build
2017-03-23 13:19 ` [PATCH v2 01/11] CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0x build Qin Long
@ 2017-03-23 18:27 ` Laszlo Ersek
2017-03-27 9:40 ` Gary Lin
1 sibling, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2017-03-23 18:27 UTC (permalink / raw)
To: Qin Long, edk2-devel
Cc: ting.ye, jiaxin.wu, ard.biesheuvel, glin, ronald.cron, Moso.Lee,
thomas.palmer, David Woodhouse
On 03/23/17 14:19, Qin Long wrote:
> Update OpensslLib INF files to support OpenSSL-1.1.0x source build.
> The file list was generated from the latest OpenSSL-1.1.0e release.
>
> Main changes to support OpensslLib build in this patch include:
> 1. Use "openssl" instead of "openssl-x.x.xx" as main source directory,
> Also update include path in CryptoPkg.dec
> 2. Enable warnings in GCC builds;
> 3. Update Visual Studio build options to silence current possible build
> warnings.
> 4. Move the default opensslconf.h to Include/openssl, and add one dummy
> dso_conf.h for native UEFI build.
>
> The OpensslLib module build was validated as
> build -t VSXXXX -a XX -p CryptoPkg/CryptoPkg.dsc
> -m CryptoPkg/Library/OpensslLib/OpensslLib.inf
>
> (NOTE: The extra build options for ARM/RVCT/XCODE were kept, which expect
> further optimizations from community)
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
> CryptoPkg/CryptoPkg.dec | 8 +-
> CryptoPkg/Include/OpenSslSupport.h | 7 +
> CryptoPkg/Include/internal/dso_conf.h | 0
> CryptoPkg/Include/openssl/opensslconf.h | 308 ++++++++
> CryptoPkg/Library/OpensslLib/OpensslLib.inf | 866 +++++++++++-----------
> CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 793 ++++++++++----------
> CryptoPkg/Library/OpensslLib/opensslconf.h | 497 -------------
> 7 files changed, 1142 insertions(+), 1337 deletions(-)
> create mode 100644 CryptoPkg/Include/internal/dso_conf.h
> create mode 100644 CryptoPkg/Include/openssl/opensslconf.h
> delete mode 100644 CryptoPkg/Library/OpensslLib/opensslconf.h
Acked-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
(Tested as described in
<http://mid.mail-archive.com/4410fa53-b0e4-d64a-7b95-8a430a4c7b06@redhat.com>.)
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 02/11] CryptoPkg: Update .gitignore for OpenSSL source masking
2017-03-23 13:19 ` [PATCH v2 02/11] CryptoPkg: Update .gitignore for OpenSSL source masking Qin Long
@ 2017-03-23 18:28 ` Laszlo Ersek
0 siblings, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2017-03-23 18:28 UTC (permalink / raw)
To: Qin Long, edk2-devel
Cc: ting.ye, jiaxin.wu, ard.biesheuvel, glin, ronald.cron, Moso.Lee,
thomas.palmer
On 03/23/17 14:19, Qin Long wrote:
> Updates .gitignore that masks the OpenSSL source:
> 1. Remove "Include/openssl" from .gitignore since we needn't duplicate
> openssl headers now
> 2. Update "openssl-*" to "openssl*", since we use "openssl" instead of
> "openssl-x.x.xx" as main source directory.
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
> CryptoPkg/.gitignore | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/CryptoPkg/.gitignore b/CryptoPkg/.gitignore
> index 05272c2865..731c275ae1 100644
> --- a/CryptoPkg/.gitignore
> +++ b/CryptoPkg/.gitignore
> @@ -1,2 +1 @@
> -Include/openssl
> -Library/OpensslLib/openssl-*/
> +Library/OpensslLib/openssl*/
>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
(Tested as described in
<http://mid.mail-archive.com/4410fa53-b0e4-d64a-7b95-8a430a4c7b06@redhat.com>.)
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 03/11] CryptoPkg/OpensslLib: Remove patch file and installation scripts.
2017-03-23 13:19 ` [PATCH v2 03/11] CryptoPkg/OpensslLib: Remove patch file and installation scripts Qin Long
@ 2017-03-23 18:28 ` Laszlo Ersek
0 siblings, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2017-03-23 18:28 UTC (permalink / raw)
To: Qin Long, edk2-devel
Cc: ting.ye, jiaxin.wu, ard.biesheuvel, glin, ronald.cron, Moso.Lee,
thomas.palmer, David Woodhouse
On 03/23/17 14:19, Qin Long wrote:
> This patch removes the EDKII-openssl-xxxx.patch, installation scripts,
> and Patch-HOWTO.txt which were used for old OpenSSL-1.0.2xx enabling.
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
> .../Library/OpensslLib/EDKII_openssl-1.0.2k.patch | 2094 --------------------
> CryptoPkg/Library/OpensslLib/Install.cmd | 80 -
> CryptoPkg/Library/OpensslLib/Install.sh | 82 -
> CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 61 -
> 4 files changed, 2317 deletions(-)
> delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch
> delete mode 100755 CryptoPkg/Library/OpensslLib/Install.cmd
> delete mode 100755 CryptoPkg/Library/OpensslLib/Install.sh
> delete mode 100644 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
(Tested as described in
<http://mid.mail-archive.com/4410fa53-b0e4-d64a-7b95-8a430a4c7b06@redhat.com>.)
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 04/11] CryptoPkg/OpensslLib: Add new Perl script for file list generation.
2017-03-23 13:19 ` [PATCH v2 04/11] CryptoPkg/OpensslLib: Add new Perl script for file list generation Qin Long
@ 2017-03-23 18:29 ` Laszlo Ersek
0 siblings, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2017-03-23 18:29 UTC (permalink / raw)
To: Qin Long, edk2-devel
Cc: ting.ye, jiaxin.wu, ard.biesheuvel, glin, ronald.cron, Moso.Lee,
thomas.palmer, David Woodhouse
On 03/23/17 14:19, Qin Long wrote:
> OpenSSL-1.1.0xx configure mechanism was updated with new configdata.
> This patch update process_file.sh script to new Perl-based script for
> auto generation of file list and openssl config file (opensslconf.h).
>
> This only needs to be done once by a developer when updating to a new
> version of OpenSSL (or changing options, etc.). Normal users do not
> need to do this, since the results are already stored in the EDK2 git
> repository.
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
> CryptoPkg/Library/OpensslLib/process_files.pl | 223 ++++++++++++++++++++++++++
> CryptoPkg/Library/OpensslLib/process_files.sh | 110 -------------
> 2 files changed, 223 insertions(+), 110 deletions(-)
> create mode 100644 CryptoPkg/Library/OpensslLib/process_files.pl
> delete mode 100755 CryptoPkg/Library/OpensslLib/process_files.sh
Acked-by: Laszlo Ersek <lersek@redhat.com>
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 05/11] CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document.
2017-03-23 13:19 ` [PATCH v2 05/11] CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document Qin Long
@ 2017-03-23 18:31 ` Laszlo Ersek
2017-03-27 9:58 ` Gary Lin
1 sibling, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2017-03-23 18:31 UTC (permalink / raw)
To: Qin Long, edk2-devel
Cc: ting.ye, jiaxin.wu, ard.biesheuvel, glin, ronald.cron, Moso.Lee,
thomas.palmer, David Woodhouse
On 03/23/17 14:19, Qin Long wrote:
> Add one new OpenSSL-HOWTO.txt to introduce how to clone / download
> the latest OpenSSL release source for build.
> ALso update buildinf.h to reflect the latest update time.
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
> CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt | 53 ++++++++++++++++++++++++++
> CryptoPkg/Library/OpensslLib/buildinf.h | 2 +-
> 2 files changed, 54 insertions(+), 1 deletion(-)
> create mode 100644 CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
>
> diff --git a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
> new file mode 100644
> index 0000000000..e8b0bab010
> --- /dev/null
> +++ b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
> @@ -0,0 +1,53 @@
> +
> +=============================================================================
> + Introduction
> +=============================================================================
> + OpenSSL is a well-known open source implementation of SSL/TLS protocols.
> +The core library implements the cryptographic and SSL/TLS functions and
> +also provides various utility functions. The OpenSSL library is widely used
> +in variety of security products development as base crypto provider.
> +(See http://www.openssl.org/ for more information about OpenSSL).
> + UEFI (Unified Extensible Firmware Interface) is a specification detailing
> +the interfaces between OS and platform firmware. Several security features
> +were introduced (e.g. Authenticated Variable Service, Driver Signing, etc)
> +from UEFI 2.2 (http://www.uefi.org/). These security features highly depend
> +on the cryptography.
> + This HOWTO documents OpenSSL building under UEFI/EDKII environment.
> +
> +=============================================================================
> + OpenSSL-Version
> +=============================================================================
> + EDKII supports building with the latest release of OpenSSL.
> + The latest official release is OpenSSL-1.1.0e (Released at 2017-Feb-16).
> + NOTE: Only latest release version was fully validated.
> + And no guarantees on build & functionality if using other versions.
> +
> +=============================================================================
> + HOW to Install OpenSSL for UEFI Building
> +=============================================================================
> +1. Clone the latest official OpenSSL release into the directory
> + CryptoPkg/Library/OpensslLib/openssl/
> +
> + Use OpenSSL-1.1.0e release as one example:
> + (OpenSSL_1_1_0e below is the tag name for the OpenSSL-1.1.0e release)
> + > cd CryptoPkg/Library/OpensslLib
> + > git clone -b OpenSSL_1_1_0e https://github.com/openssl/openssl openssl
> + or
> + > git clone https://github.com/openssl/openssl openssl
> + > git checkout OpenSSL_1_1_0e
> +Or
> +2. Download the latest OpenSSL release package from the official website:
> + https://www.openssl.org/source/
> + and unpack the OpenSSL source into:
> + CryptoPkg/Library/OpensslLib/openssl/
> +
> +=============================================================================
> + About process_files.pl
> +=============================================================================
> + "process_files.pl" is one Perl script which runs the OpenSSL Configure,
> +then processes the resulting file list into our local OpensslLib.inf and
> +OpensslLibCrypto.inf.
> + This only needs to be done once by the maintainer / developer when
> +updating to a new version of OpenSSL (or changing options, etc.).
> +Normal users do not need do this, since the results are already stored in
> +the EDKII git repository for them.
> diff --git a/CryptoPkg/Library/OpensslLib/buildinf.h b/CryptoPkg/Library/OpensslLib/buildinf.h
> index 673bf787c1..3d967d2a86 100644
> --- a/CryptoPkg/Library/OpensslLib/buildinf.h
> +++ b/CryptoPkg/Library/OpensslLib/buildinf.h
> @@ -1,2 +1,2 @@
> #define PLATFORM "UEFI"
> -#define DATE "Mon Mar 8 14:17:05 PDT 2010"
> +#define DATE "Tues Mar 21 01:23:45 PDT 2017"
>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
(I used the tarball download method for testing.)
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 06/11] CryptoPkg: Fix handling of &strcmp function pointers
2017-03-23 13:19 ` [PATCH v2 06/11] CryptoPkg: Fix handling of &strcmp function pointers Qin Long
@ 2017-03-23 18:33 ` Laszlo Ersek
2017-03-27 9:41 ` Gary Lin
1 sibling, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2017-03-23 18:33 UTC (permalink / raw)
To: Qin Long, edk2-devel
Cc: ting.ye, jiaxin.wu, ard.biesheuvel, glin, ronald.cron, Moso.Lee,
thomas.palmer, David Woodhouse
On 03/23/17 14:19, Qin Long wrote:
> In a couple of places, OpenSSL code uses the address of the
> strcmp() function, and assigns it to another comparator function
> pointer.
>
> Unfortunately, this falls foul of the inconsistent function ABI
> that we use in EDKII. We '#define strcmp AsciiStrCmp' but AsciiStrCmp
> is an EFIAPI function with the Microsoft ABI. And we're assigning its
> address to a non-EFIAPI function, which may well have a different ABI.
>
> Fix this by providing an actual strcmp() function in the default ABI.
> We already *had* a prototype for it in OpenSslSupport.h, which was
> then superseded by the #define strcmp AsciiStrCmp.
>
> Now, OpenSSL code *can* use &strcmp without problems.
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
> CryptoPkg/Include/OpenSslSupport.h | 3 +--
> CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c | 8 +++++++-
> 2 files changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h
> index e011a7cfee..e6858a94a4 100644
> --- a/CryptoPkg/Include/OpenSslSupport.h
> +++ b/CryptoPkg/Include/OpenSslSupport.h
> @@ -1,7 +1,7 @@
> /** @file
> Root include file to support building OpenSSL Crypto Library.
>
> -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD License
> which accompanies this distribution. The full text of the license may be found at
> @@ -276,7 +276,6 @@ extern FILE *stdout;
> #define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch)
> #define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count)))
> #define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count))
> -#define strcmp AsciiStrCmp
> #define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
> #define strcpy(strDest,strSource) AsciiStrCpyS(strDest,MAX_STRING_SIZE,strSource)
> #define strncpy(strDest,strSource,count) AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count)
> diff --git a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
> index 9d6867ebce..e8a76d07ff 100644
> --- a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
> +++ b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
> @@ -2,7 +2,7 @@
> Intrinsic Memory Routines Wrapper Implementation for OpenSSL-based
> Cryptographic Library.
>
> -Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD License
> which accompanies this distribution. The full text of the license may be found at
> @@ -15,6 +15,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
>
> #include <Base.h>
> #include <Library/BaseMemoryLib.h>
> +#include <Library/BaseLib.h>
>
> /* OpenSSL will use floating point support, and C compiler produces the _fltused
> symbol by default. Simply define this symbol here to satisfy the linker. */
> @@ -44,3 +45,8 @@ void * memset (void *dest, char ch, unsigned int count)
>
> return dest;
> }
> +
> +int strcmp (const char *s1, const char *s2)
> +{
> + return (int)AsciiStrCmp(s1, s2);
> +}
>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
(Tested as described in
<http://mid.mail-archive.com/4410fa53-b0e4-d64a-7b95-8a430a4c7b06@redhat.com>.)
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 07/11] CryptoPkg: Clean-up CRT Library Wrapper.
2017-03-23 13:19 ` [PATCH v2 07/11] CryptoPkg: Clean-up CRT Library Wrapper Qin Long
@ 2017-03-23 18:34 ` Laszlo Ersek
2017-03-27 9:42 ` Gary Lin
2017-03-30 17:33 ` Laszlo Ersek
2 siblings, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2017-03-23 18:34 UTC (permalink / raw)
To: Qin Long, edk2-devel
Cc: ting.ye, jiaxin.wu, ard.biesheuvel, glin, ronald.cron, Moso.Lee,
thomas.palmer
On 03/23/17 14:19, Qin Long wrote:
> Cleaning-up CRT Library Wrapper for the third-party cryptography
> library building. The changes includes
> 1. Rename OpenSslSupport.h to CrtLibSupport.h for future alternative
> crypto provider support.
> 2. Remove all un-referenced CRT APIs and headers.
>
> (NOTE: More cleans-up could be possible after OpenSSL integrate the
> extra PR request: https://github.com/openssl/openssl/pull/2961)
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
> CryptoPkg/Include/CrtLibSupport.h | 193 ++++++++++++++
> CryptoPkg/Include/OpenSslSupport.h | 292 ---------------------
> CryptoPkg/Include/arpa/inet.h | 16 --
> CryptoPkg/Include/assert.h | 7 +-
> CryptoPkg/Include/ctype.h | 7 +-
> CryptoPkg/Include/dirent.h | 16 --
> CryptoPkg/Include/errno.h | 7 +-
> CryptoPkg/Include/limits.h | 7 +-
> CryptoPkg/Include/malloc.h | 16 --
> CryptoPkg/Include/math.h | 16 --
> CryptoPkg/Include/memory.h | 7 +-
> CryptoPkg/Include/netdb.h | 16 --
> CryptoPkg/Include/netinet/in.h | 16 --
> CryptoPkg/Include/sgtty.h | 16 --
> CryptoPkg/Include/signal.h | 16 --
> CryptoPkg/Include/stdarg.h | 7 +-
> CryptoPkg/Include/stddef.h | 6 +-
> CryptoPkg/Include/stdio.h | 7 +-
> CryptoPkg/Include/stdlib.h | 7 +-
> CryptoPkg/Include/string.h | 7 +-
> CryptoPkg/Include/strings.h | 6 +-
> CryptoPkg/Include/sys/ioctl.h | 16 --
> CryptoPkg/Include/sys/param.h | 16 --
> CryptoPkg/Include/sys/socket.h | 16 --
> CryptoPkg/Include/sys/stat.h | 16 --
> CryptoPkg/Include/sys/time.h | 7 +-
> CryptoPkg/Include/sys/times.h | 16 --
> CryptoPkg/Include/sys/types.h | 7 +-
> CryptoPkg/Include/sys/un.h | 16 --
> CryptoPkg/Include/syslog.h | 6 +-
> CryptoPkg/Include/time.h | 6 +-
> CryptoPkg/Include/unistd.h | 6 +-
> CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h | 4 +-
> .../BaseCryptLib/SysCall/BaseMemAllocation.c | 5 +-
> .../BaseCryptLib/SysCall/ConstantTimeClock.c | 6 +-
> .../Library/BaseCryptLib/SysCall/CrtWrapper.c | 185 ++++++-------
> .../Library/BaseCryptLib/SysCall/HelperWrapper.c | 54 ----
> .../BaseCryptLib/SysCall/RuntimeMemAllocation.c | 3 +-
> .../Library/BaseCryptLib/SysCall/TimerWrapper.c | 4 +-
> 39 files changed, 346 insertions(+), 731 deletions(-)
> create mode 100644 CryptoPkg/Include/CrtLibSupport.h
> delete mode 100644 CryptoPkg/Include/OpenSslSupport.h
> delete mode 100644 CryptoPkg/Include/arpa/inet.h
> delete mode 100644 CryptoPkg/Include/dirent.h
> delete mode 100644 CryptoPkg/Include/malloc.h
> delete mode 100644 CryptoPkg/Include/math.h
> delete mode 100644 CryptoPkg/Include/netdb.h
> delete mode 100644 CryptoPkg/Include/netinet/in.h
> delete mode 100644 CryptoPkg/Include/sgtty.h
> delete mode 100644 CryptoPkg/Include/signal.h
> delete mode 100644 CryptoPkg/Include/sys/ioctl.h
> delete mode 100644 CryptoPkg/Include/sys/param.h
> delete mode 100644 CryptoPkg/Include/sys/socket.h
> delete mode 100644 CryptoPkg/Include/sys/stat.h
> delete mode 100644 CryptoPkg/Include/sys/times.h
> delete mode 100644 CryptoPkg/Include/sys/un.h
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c
Tested-by: Laszlo Ersek <lersek@redhat.com>
(Tested as described in
<http://mid.mail-archive.com/4410fa53-b0e4-d64a-7b95-8a430a4c7b06@redhat.com>.)
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 09/11] CryptoPkg: Update HMAC Wrapper with opaque HMAC_CTX object.
2017-03-23 13:19 ` [PATCH v2 09/11] CryptoPkg: Update HMAC Wrapper with opaque HMAC_CTX object Qin Long
@ 2017-03-23 18:37 ` Laszlo Ersek
2017-03-27 9:56 ` Gary Lin
0 siblings, 1 reply; 33+ messages in thread
From: Laszlo Ersek @ 2017-03-23 18:37 UTC (permalink / raw)
To: Qin Long, edk2-devel
Cc: ting.ye, jiaxin.wu, ard.biesheuvel, glin, ronald.cron, Moso.Lee,
thomas.palmer
On 03/23/17 14:19, Qin Long wrote:
> OpenSSL-1.1.xx makes most data structures opaque.
> This patch updated HMAC Wrapper implementation with opaque
> HMAC_CTX object.
> The HmacXXGetContextSize() is marked as deprecated, and updated
> to use the fixed HMAC_CTX size, which is just kept for compatibility.
> New APIs (HmacXXNew(), HmacXXFree()) were added as the recommended
> HMAC_CTX usage interfaces for HMAC-XXXX operations.
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
> CryptoPkg/Include/Library/BaseCryptLib.h | 93 +++++++++++++++++++++-
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 77 +++++++++++++++---
> .../Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c | 40 +++++++++-
> .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 75 +++++++++++++++--
> .../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c | 40 +++++++++-
> .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 75 +++++++++++++++--
> .../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 40 +++++++++-
> 7 files changed, 411 insertions(+), 29 deletions(-)
I think the code modified in this patch is exercised as part of Secure
Boot image verification (SHA1, SHA256), so:
Tested-by: Laszlo Ersek <lersek@redhat.com>
(Tested as described in
<http://mid.mail-archive.com/4410fa53-b0e4-d64a-7b95-8a430a4c7b06@redhat.com>.)
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 10/11] CryptoPkg: Update PK Cipher Wrappers work with opaque objects.
2017-03-23 13:19 ` [PATCH v2 10/11] CryptoPkg: Update PK Cipher Wrappers work with opaque objects Qin Long
@ 2017-03-23 18:38 ` Laszlo Ersek
2017-03-27 9:44 ` Gary Lin
1 sibling, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2017-03-23 18:38 UTC (permalink / raw)
To: Qin Long, edk2-devel
Cc: ting.ye, jiaxin.wu, ard.biesheuvel, glin, ronald.cron, Moso.Lee,
thomas.palmer
On 03/23/17 14:19, Qin Long wrote:
> OpenSSL-1.1.xx makes most data structures opaque.
> This patch updates Public Key Cipher Wrapper implementations in
> BaseCryptLib to use the accessor APIs for opaque object access.
> The impacted interfaces includes RSA, DH, X509, PKCS7, etc.
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
> CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c | 69 +++-----
> CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c | 10 +-
> .../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 68 +++++---
> CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 189 ++++++++++-----------
> CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | 70 +++-----
> CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 20 ++-
> CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 41 +++--
> 7 files changed, 218 insertions(+), 249 deletions(-)
Tested-by: Laszlo Ersek <lersek@redhat.com>
(Tested as described in
<http://mid.mail-archive.com/4410fa53-b0e4-d64a-7b95-8a430a4c7b06@redhat.com>.)
Thanks!
Laszlo
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 11/11] CryptoPkg/TlsLib: Update TLS Wrapper to align with OpenSSL changes.
2017-03-23 13:19 ` [PATCH v2 11/11] CryptoPkg/TlsLib: Update TLS Wrapper to align with OpenSSL changes Qin Long
2017-03-23 16:23 ` Palmer, Thomas
@ 2017-03-24 5:40 ` Wu, Jiaxin
1 sibling, 0 replies; 33+ messages in thread
From: Wu, Jiaxin @ 2017-03-24 5:40 UTC (permalink / raw)
To: Long, Qin, edk2-devel@lists.01.org
Cc: Ye, Ting, lersek@redhat.com, ard.biesheuvel@linaro.org,
glin@suse.com, ronald.cron@arm.com, Moso.Lee@citrix.com,
thomas.palmer@hpe.com
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Thanks,
Jiaxin
> -----Original Message-----
> From: Long, Qin
> Sent: Thursday, March 23, 2017 9:20 PM
> To: edk2-devel@lists.01.org
> Cc: Ye, Ting <ting.ye@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>;
> lersek@redhat.com; ard.biesheuvel@linaro.org; glin@suse.com;
> ronald.cron@arm.com; Moso.Lee@citrix.com; thomas.palmer@hpe.com
> Subject: [PATCH v2 11/11] CryptoPkg/TlsLib: Update TLS Wrapper to align
> with OpenSSL changes.
>
> This patch update the wrapper implementation in TlsLib to align
> with the latest OpenSSL-1.1.0xx API changes.
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Palmer Thomas <thomas.palmer@hpe.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
> CryptoPkg/Library/TlsLib/InternalTlsLib.h | 5 ++-
> CryptoPkg/Library/TlsLib/TlsConfig.c | 21 ++++++++-----
> CryptoPkg/Library/TlsLib/TlsInit.c | 51 +++++++++----------------------
> 3 files changed, 31 insertions(+), 46 deletions(-)
>
> diff --git a/CryptoPkg/Library/TlsLib/InternalTlsLib.h
> b/CryptoPkg/Library/TlsLib/InternalTlsLib.h
> index e75146648d..97727361e8 100644
> --- a/CryptoPkg/Library/TlsLib/InternalTlsLib.h
> +++ b/CryptoPkg/Library/TlsLib/InternalTlsLib.h
> @@ -1,7 +1,7 @@
> /** @file
> Internal include file for TlsLib.
>
> -Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD
> License
> which accompanies this distribution. The full text of the license may be
> found at
> @@ -15,6 +15,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY
> KIND, EITHER EXPRESS OR IMPLIED.
> #ifndef __INTERNAL_TLS_LIB_H__
> #define __INTERNAL_TLS_LIB_H__
>
> +#undef _WIN32
> +#undef _WIN64
> +
> #include <Library/BaseCryptLib.h>
> #include <openssl/ssl.h>
> #include <openssl/bio.h>
> diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c
> b/CryptoPkg/Library/TlsLib/TlsConfig.c
> index f103da4321..43e275d400 100644
> --- a/CryptoPkg/Library/TlsLib/TlsConfig.c
> +++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
> @@ -128,24 +128,30 @@ TlsSetVersion (
>
> ProtoVersion = (MajorVer << 8) | MinorVer;
>
> + //
> + // Bound TLS method to the particular specified version.
> + //
> switch (ProtoVersion) {
> case TLS1_VERSION:
> //
> // TLS 1.0
> //
> - SSL_set_ssl_method (TlsConn->Ssl, TLSv1_method ());
> + SSL_set_min_proto_version (TlsConn->Ssl, TLS1_VERSION);
> + SSL_set_max_proto_version (TlsConn->Ssl, TLS1_VERSION);
> break;
> case TLS1_1_VERSION:
> //
> // TLS 1.1
> //
> - SSL_set_ssl_method (TlsConn->Ssl, TLSv1_1_method ());
> + SSL_set_min_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
> + SSL_set_max_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
> break;
> case TLS1_2_VERSION:
> //
> // TLS 1.2
> //
> - SSL_set_ssl_method (TlsConn->Ssl, TLSv1_2_method ());
> + SSL_set_min_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
> + SSL_set_max_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
> break;
> default:
> //
> @@ -384,8 +390,7 @@ TlsSetSessionId (
> return EFI_UNSUPPORTED;
> }
>
> - Session->session_id_length = SessionIdLen;
> - CopyMem (Session->session_id, SessionId, Session->session_id_length);
> + SSL_SESSION_set1_id (Session, (const unsigned char *)SessionId,
> SessionIdLen);
>
> return EFI_SUCCESS;
> }
> @@ -847,7 +852,7 @@ TlsGetClientRandom (
> return;
> }
>
> - CopyMem (ClientRandom, TlsConn->Ssl->s3->client_random,
> SSL3_RANDOM_SIZE);
> + SSL_get_client_random (TlsConn->Ssl, ClientRandom,
> SSL3_RANDOM_SIZE);
> }
>
> /**
> @@ -876,7 +881,7 @@ TlsGetServerRandom (
> return;
> }
>
> - CopyMem (ServerRandom, TlsConn->Ssl->s3->server_random,
> SSL3_RANDOM_SIZE);
> + SSL_get_server_random (TlsConn->Ssl, ServerRandom,
> SSL3_RANDOM_SIZE);
> }
>
> /**
> @@ -916,7 +921,7 @@ TlsGetKeyMaterial (
> return EFI_UNSUPPORTED;
> }
>
> - CopyMem (KeyMaterial, Session->master_key, Session-
> >master_key_length);
> + SSL_SESSION_get_master_key (Session, KeyMaterial,
> SSL3_MASTER_SECRET_SIZE);
>
> return EFI_SUCCESS;
> }
> diff --git a/CryptoPkg/Library/TlsLib/TlsInit.c
> b/CryptoPkg/Library/TlsLib/TlsInit.c
> index 6b1fd93ea9..f32148ac9a 100644
> --- a/CryptoPkg/Library/TlsLib/TlsInit.c
> +++ b/CryptoPkg/Library/TlsLib/TlsInit.c
> @@ -1,7 +1,7 @@
> /** @file
> SSL/TLS Initialization Library Wrapper Implementation over OpenSSL.
>
> -Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD
> License
> @@ -33,14 +33,10 @@ TlsInitialize (
> // Performs initialization of crypto and ssl library, and loads required
> // algorithms.
> //
> - SSL_library_init ();
> -
> - //
> - // Loads error strings from both crypto and ssl library.
> - //
> - SSL_load_error_strings ();
> -
> - /// OpenSSL_add_all_algorithms();
> + OPENSSL_init_ssl (
> + OPENSSL_INIT_LOAD_SSL_STRINGS |
> OPENSSL_INIT_LOAD_CRYPTO_STRINGS,
> + NULL
> + );
>
> //
> // Initialize the pseudorandom number generator.
> @@ -103,34 +99,10 @@ TlsCtxNew (
> SSL_CTX_set_options (TlsCtx, SSL_OP_NO_SSLv3);
>
> //
> - // Treat as minimum accepted versions. Client can use higher
> - // TLS version if server supports it
> - //
> - switch (ProtoVersion) {
> - case TLS1_VERSION:
> - //
> - // TLS 1.0
> - //
> - break;
> - case TLS1_1_VERSION:
> - //
> - // TLS 1.1
> - //
> - SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1);
> - break;
> - case TLS1_2_VERSION:
> - //
> - // TLS 1.2
> - //
> - SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1);
> - SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1_1);
> - break;
> - default:
> - //
> - // Unsupported TLS/SSL Protocol Version.
> - //
> - break;
> - }
> + // Treat as minimum accepted versions by setting the minimal bound.
> + // Client can use higher TLS version if server supports it
> + //
> + SSL_CTX_set_min_proto_version (TlsCtx, ProtoVersion);
>
> return (VOID *) TlsCtx;
> }
> @@ -220,6 +192,11 @@ TlsNew (
> }
>
> //
> + // This retains compatibility with previous version of OpenSSL.
> + //
> + SSL_set_security_level (TlsConn->Ssl, 0);
> +
> + //
> // Initialize the created SSL Object
> //
> SSL_set_info_callback (TlsConn->Ssl, NULL);
> --
> 2.11.1.windows.1
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 01/11] CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0x build
2017-03-23 13:19 ` [PATCH v2 01/11] CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0x build Qin Long
2017-03-23 18:27 ` Laszlo Ersek
@ 2017-03-27 9:40 ` Gary Lin
1 sibling, 0 replies; 33+ messages in thread
From: Gary Lin @ 2017-03-27 9:40 UTC (permalink / raw)
To: Qin Long
Cc: edk2-devel, ting.ye, jiaxin.wu, lersek, ard.biesheuvel,
ronald.cron, Moso.Lee, thomas.palmer, David Woodhouse
On Thu, Mar 23, 2017 at 09:19:22PM +0800, Qin Long wrote:
> Update OpensslLib INF files to support OpenSSL-1.1.0x source build.
> The file list was generated from the latest OpenSSL-1.1.0e release.
>
> Main changes to support OpensslLib build in this patch include:
> 1. Use "openssl" instead of "openssl-x.x.xx" as main source directory,
> Also update include path in CryptoPkg.dec
> 2. Enable warnings in GCC builds;
> 3. Update Visual Studio build options to silence current possible build
> warnings.
> 4. Move the default opensslconf.h to Include/openssl, and add one dummy
> dso_conf.h for native UEFI build.
>
> The OpensslLib module build was validated as
> build -t VSXXXX -a XX -p CryptoPkg/CryptoPkg.dsc
> -m CryptoPkg/Library/OpensslLib/OpensslLib.inf
>
> (NOTE: The extra build options for ARM/RVCT/XCODE were kept, which expect
> further optimizations from community)
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
> Signed-off-by: Qin Long <qin.long@intel.com>
I tested OVMF and it works for me.
Tested-by: Gary Lin <glin@suse.com>
Gary Lin
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 06/11] CryptoPkg: Fix handling of &strcmp function pointers
2017-03-23 13:19 ` [PATCH v2 06/11] CryptoPkg: Fix handling of &strcmp function pointers Qin Long
2017-03-23 18:33 ` Laszlo Ersek
@ 2017-03-27 9:41 ` Gary Lin
1 sibling, 0 replies; 33+ messages in thread
From: Gary Lin @ 2017-03-27 9:41 UTC (permalink / raw)
To: Qin Long
Cc: edk2-devel, ting.ye, jiaxin.wu, lersek, ard.biesheuvel,
ronald.cron, Moso.Lee, thomas.palmer, David Woodhouse
On Thu, Mar 23, 2017 at 09:19:27PM +0800, Qin Long wrote:
> In a couple of places, OpenSSL code uses the address of the
> strcmp() function, and assigns it to another comparator function
> pointer.
>
> Unfortunately, this falls foul of the inconsistent function ABI
> that we use in EDKII. We '#define strcmp AsciiStrCmp' but AsciiStrCmp
> is an EFIAPI function with the Microsoft ABI. And we're assigning its
> address to a non-EFIAPI function, which may well have a different ABI.
>
> Fix this by providing an actual strcmp() function in the default ABI.
> We already *had* a prototype for it in OpenSslSupport.h, which was
> then superseded by the #define strcmp AsciiStrCmp.
>
> Now, OpenSSL code *can* use &strcmp without problems.
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
> Signed-off-by: Qin Long <qin.long@intel.com>
I tested OVMF and it works for me.
Tested-by: Gary Lin <glin@suse.com>
Gary Lin
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 07/11] CryptoPkg: Clean-up CRT Library Wrapper.
2017-03-23 13:19 ` [PATCH v2 07/11] CryptoPkg: Clean-up CRT Library Wrapper Qin Long
2017-03-23 18:34 ` Laszlo Ersek
@ 2017-03-27 9:42 ` Gary Lin
2017-03-30 17:33 ` Laszlo Ersek
2 siblings, 0 replies; 33+ messages in thread
From: Gary Lin @ 2017-03-27 9:42 UTC (permalink / raw)
To: Qin Long
Cc: edk2-devel, ting.ye, jiaxin.wu, lersek, ard.biesheuvel,
ronald.cron, Moso.Lee, thomas.palmer
On Thu, Mar 23, 2017 at 09:19:28PM +0800, Qin Long wrote:
> Cleaning-up CRT Library Wrapper for the third-party cryptography
> library building. The changes includes
> 1. Rename OpenSslSupport.h to CrtLibSupport.h for future alternative
> crypto provider support.
> 2. Remove all un-referenced CRT APIs and headers.
>
> (NOTE: More cleans-up could be possible after OpenSSL integrate the
> extra PR request: https://github.com/openssl/openssl/pull/2961)
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
I tested OVMF and it works for me.
Tested-by: Gary Lin <glin@suse.com>
Gary Lin
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 10/11] CryptoPkg: Update PK Cipher Wrappers work with opaque objects.
2017-03-23 13:19 ` [PATCH v2 10/11] CryptoPkg: Update PK Cipher Wrappers work with opaque objects Qin Long
2017-03-23 18:38 ` Laszlo Ersek
@ 2017-03-27 9:44 ` Gary Lin
1 sibling, 0 replies; 33+ messages in thread
From: Gary Lin @ 2017-03-27 9:44 UTC (permalink / raw)
To: Qin Long
Cc: edk2-devel, ting.ye, jiaxin.wu, lersek, ard.biesheuvel,
ronald.cron, Moso.Lee, thomas.palmer
On Thu, Mar 23, 2017 at 09:19:31PM +0800, Qin Long wrote:
> OpenSSL-1.1.xx makes most data structures opaque.
> This patch updates Public Key Cipher Wrapper implementations in
> BaseCryptLib to use the accessor APIs for opaque object access.
> The impacted interfaces includes RSA, DH, X509, PKCS7, etc.
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
I tested OVMF and it works for me.
Tested-by: Gary Lin <glin@suse.com>
Gary Lin
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 09/11] CryptoPkg: Update HMAC Wrapper with opaque HMAC_CTX object.
2017-03-23 18:37 ` Laszlo Ersek
@ 2017-03-27 9:56 ` Gary Lin
0 siblings, 0 replies; 33+ messages in thread
From: Gary Lin @ 2017-03-27 9:56 UTC (permalink / raw)
To: Laszlo Ersek
Cc: Qin Long, edk2-devel, ting.ye, jiaxin.wu, ard.biesheuvel,
ronald.cron, Moso.Lee, thomas.palmer
On Thu, Mar 23, 2017 at 07:37:08PM +0100, Laszlo Ersek wrote:
> On 03/23/17 14:19, Qin Long wrote:
> > OpenSSL-1.1.xx makes most data structures opaque.
> > This patch updated HMAC Wrapper implementation with opaque
> > HMAC_CTX object.
> > The HmacXXGetContextSize() is marked as deprecated, and updated
> > to use the fixed HMAC_CTX size, which is just kept for compatibility.
> > New APIs (HmacXXNew(), HmacXXFree()) were added as the recommended
> > HMAC_CTX usage interfaces for HMAC-XXXX operations.
> >
> > Cc: Ting Ye <ting.ye@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > Cc: Gary Lin <glin@suse.com>
> > Cc: Ronald Cron <ronald.cron@arm.com>
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Qin Long <qin.long@intel.com>
> > ---
> > CryptoPkg/Include/Library/BaseCryptLib.h | 93 +++++++++++++++++++++-
> > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 77 +++++++++++++++---
> > .../Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c | 40 +++++++++-
> > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 75 +++++++++++++++--
> > .../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c | 40 +++++++++-
> > .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 75 +++++++++++++++--
> > .../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 40 +++++++++-
> > 7 files changed, 411 insertions(+), 29 deletions(-)
>
> I think the code modified in this patch is exercised as part of Secure
> Boot image verification (SHA1, SHA256), so:
>
Actually, Secure Boot has nothing to do with HMAC, and the current HMAC
user is only CryptoPkg/Application/Cryptest/HmacVerify.c
The hash functions come from CryptoPkg/Library/BaseCryptLib/Hash/.
Gary Lin
> Tested-by: Laszlo Ersek <lersek@redhat.com>
>
> (Tested as described in
> <http://mid.mail-archive.com/4410fa53-b0e4-d64a-7b95-8a430a4c7b06@redhat.com>.)
>
> Thanks!
> Laszlo
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 05/11] CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document.
2017-03-23 13:19 ` [PATCH v2 05/11] CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document Qin Long
2017-03-23 18:31 ` Laszlo Ersek
@ 2017-03-27 9:58 ` Gary Lin
1 sibling, 0 replies; 33+ messages in thread
From: Gary Lin @ 2017-03-27 9:58 UTC (permalink / raw)
To: Qin Long
Cc: edk2-devel, ting.ye, jiaxin.wu, lersek, ard.biesheuvel,
ronald.cron, Moso.Lee, thomas.palmer, David Woodhouse
On Thu, Mar 23, 2017 at 09:19:26PM +0800, Qin Long wrote:
> Add one new OpenSSL-HOWTO.txt to introduce how to clone / download
> the latest OpenSSL release source for build.
> ALso update buildinf.h to reflect the latest update time.
>
> Cc: Ting Ye <ting.ye@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Gary Lin <glin@suse.com>
> Cc: Ronald Cron <ronald.cron@arm.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
> Signed-off-by: Qin Long <qin.long@intel.com>
> ---
I cloned the openssl git and switch to 1.1.0e. It works for me.
Acked-by: Gary Lin <glin@suse.com>
Tested-by: Gary Lin <glin@suse.com>
Gary Lin
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
` (11 preceding siblings ...)
2017-03-23 17:28 ` [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Laszlo Ersek
@ 2017-03-28 8:19 ` Ye, Ting
12 siblings, 0 replies; 33+ messages in thread
From: Ye, Ting @ 2017-03-28 8:19 UTC (permalink / raw)
To: Long, Qin, edk2-devel@lists.01.org
Cc: Wu, Jiaxin, lersek@redhat.com, ard.biesheuvel@linaro.org,
glin@suse.com, ronald.cron@arm.com, Moso.Lee@citrix.com,
thomas.palmer@hpe.com
Series Reviewed-by: Ye Ting <ting.ye@intel.com>
-----Original Message-----
From: Long, Qin
Sent: Thursday, March 23, 2017 9:19 PM
To: edk2-devel@lists.01.org
Cc: Ye, Ting <ting.ye@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; lersek@redhat.com; ard.biesheuvel@linaro.org; glin@suse.com; ronald.cron@arm.com; Moso.Lee@citrix.com; thomas.palmer@hpe.com
Subject: [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release
V2 Changes:
1. Re-format patch series & handle some format fixes
(as Laszlo Ersek's comments);
2. Updated TlsLib Wrapper (as Thomas Palmer's comments);
3. Add "ENGINESDIR" definition to support OpenSSL build if
engine is enabled (as Moso Lee's comments)
(https://github.com/qloong/edk2/tree/dev-openssl-stable-v2)
Current EDKII-CryptoPkg is leveraging OpenSSL-1.0.2xx as the underlying cryptographic provider, which requires some extra patches
(EDKII-openssl-xxxx.patch) and installation scripts for EDKII build & usage.
The latest stable version of OpenSSL was upgraded to the 1.1.0 series of release, with lots of EDKII-specific patches integration, which make CryptoPkg possbile to remove all extra patch and scripts for more native build support.
This patch series is to update EDKII-CryptoPkg to support native building with the latest OpenSSL 1.1.0xx. (By now, the latest OpenSSL stable release is 1.1.0e). Refer to "CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt" for the information about the version and source installation.
(NOTE: The extra build options for ARM/RVCT/XCODE were kept as before,
and further optimizations were expected from community.)
Qin Long (11):
CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0x build
CryptoPkg: Update .gitignore for OpenSSL source masking
CryptoPkg/OpensslLib: Remove patch file and installation scripts.
CryptoPkg/OpensslLib: Add new Perl script for file list generation.
CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document.
CryptoPkg: Fix handling of &strcmp function pointers
CryptoPkg: Clean-up CRT Library Wrapper.
CryptoPkg: Add extra build option to disable VS build warning
CryptoPkg: Update HMAC Wrapper with opaque HMAC_CTX object.
CryptoPkg: Update PK Cipher Wrappers work with opaque objects.
CryptoPkg/TlsLib: Update TLS Wrapper to align with OpenSSL changes.
CryptoPkg/.gitignore | 3 +-
CryptoPkg/CryptoPkg.dec | 8 +-
CryptoPkg/Include/CrtLibSupport.h | 193 ++
CryptoPkg/Include/Library/BaseCryptLib.h | 93 +-
CryptoPkg/Include/OpenSslSupport.h | 286 ---
CryptoPkg/Include/arpa/inet.h | 16 -
CryptoPkg/Include/assert.h | 7 +-
CryptoPkg/Include/ctype.h | 7 +-
CryptoPkg/Include/dirent.h | 16 -
CryptoPkg/Include/errno.h | 7 +-
CryptoPkg/Include/internal/dso_conf.h | 0
CryptoPkg/Include/limits.h | 7 +-
CryptoPkg/Include/malloc.h | 16 -
CryptoPkg/Include/math.h | 16 -
CryptoPkg/Include/memory.h | 7 +-
CryptoPkg/Include/netdb.h | 16 -
CryptoPkg/Include/netinet/in.h | 16 -
CryptoPkg/Include/openssl/opensslconf.h | 308 +++
CryptoPkg/Include/sgtty.h | 16 -
CryptoPkg/Include/signal.h | 16 -
CryptoPkg/Include/stdarg.h | 7 +-
CryptoPkg/Include/stddef.h | 6 +-
CryptoPkg/Include/stdio.h | 7 +-
CryptoPkg/Include/stdlib.h | 7 +-
CryptoPkg/Include/string.h | 7 +-
CryptoPkg/Include/strings.h | 6 +-
CryptoPkg/Include/sys/ioctl.h | 16 -
CryptoPkg/Include/sys/param.h | 16 -
CryptoPkg/Include/sys/socket.h | 16 -
CryptoPkg/Include/sys/stat.h | 16 -
CryptoPkg/Include/sys/time.h | 7 +-
CryptoPkg/Include/sys/times.h | 16 -
CryptoPkg/Include/sys/types.h | 7 +-
CryptoPkg/Include/sys/un.h | 16 -
CryptoPkg/Include/syslog.h | 6 +-
CryptoPkg/Include/time.h | 6 +-
CryptoPkg/Include/unistd.h | 6 +-
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 9 +-
CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 77 +-
.../Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c | 40 +-
.../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 75 +-
.../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c | 40 +-
.../Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 75 +-
.../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 40 +-
CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h | 10 +-
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c | 69 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c | 10 +-
.../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 68 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 189 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | 70 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 20 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 41 +-
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 8 +-
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 6 +
.../BaseCryptLib/SysCall/BaseMemAllocation.c | 5 +-
.../BaseCryptLib/SysCall/ConstantTimeClock.c | 6 +-
.../Library/BaseCryptLib/SysCall/CrtWrapper.c | 185 +-
.../Library/BaseCryptLib/SysCall/HelperWrapper.c | 54 -
.../BaseCryptLib/SysCall/RuntimeMemAllocation.c | 3 +-
.../Library/BaseCryptLib/SysCall/TimerWrapper.c | 4 +-
CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c | 8 +-
.../Library/OpensslLib/EDKII_openssl-1.0.2k.patch | 2094 --------------------
CryptoPkg/Library/OpensslLib/Install.cmd | 80 -
CryptoPkg/Library/OpensslLib/Install.sh | 82 -
CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt | 53 +
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 866 ++++----
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 793 ++++----
CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 61 -
CryptoPkg/Library/OpensslLib/buildinf.h | 2 +-
CryptoPkg/Library/OpensslLib/opensslconf.h | 497 -----
CryptoPkg/Library/OpensslLib/process_files.pl | 223 +++
CryptoPkg/Library/OpensslLib/process_files.sh | 110 -
CryptoPkg/Library/TlsLib/InternalTlsLib.h | 5 +-
CryptoPkg/Library/TlsLib/TlsConfig.c | 21 +-
CryptoPkg/Library/TlsLib/TlsInit.c | 51 +-
CryptoPkg/Library/TlsLib/TlsLib.inf | 9 +-
77 files changed, 2464 insertions(+), 4825 deletions(-) create mode 100644 CryptoPkg/Include/CrtLibSupport.h delete mode 100644 CryptoPkg/Include/OpenSslSupport.h
delete mode 100644 CryptoPkg/Include/arpa/inet.h delete mode 100644 CryptoPkg/Include/dirent.h create mode 100644 CryptoPkg/Include/internal/dso_conf.h
delete mode 100644 CryptoPkg/Include/malloc.h delete mode 100644 CryptoPkg/Include/math.h delete mode 100644 CryptoPkg/Include/netdb.h delete mode 100644 CryptoPkg/Include/netinet/in.h create mode 100644 CryptoPkg/Include/openssl/opensslconf.h
delete mode 100644 CryptoPkg/Include/sgtty.h delete mode 100644 CryptoPkg/Include/signal.h delete mode 100644 CryptoPkg/Include/sys/ioctl.h delete mode 100644 CryptoPkg/Include/sys/param.h delete mode 100644 CryptoPkg/Include/sys/socket.h delete mode 100644 CryptoPkg/Include/sys/stat.h delete mode 100644 CryptoPkg/Include/sys/times.h delete mode 100644 CryptoPkg/Include/sys/un.h delete mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c
delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch
delete mode 100755 CryptoPkg/Library/OpensslLib/Install.cmd
delete mode 100755 CryptoPkg/Library/OpensslLib/Install.sh
create mode 100644 CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
delete mode 100644 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
delete mode 100644 CryptoPkg/Library/OpensslLib/opensslconf.h
create mode 100644 CryptoPkg/Library/OpensslLib/process_files.pl
delete mode 100755 CryptoPkg/Library/OpensslLib/process_files.sh
--
2.11.1.windows.1
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 07/11] CryptoPkg: Clean-up CRT Library Wrapper.
2017-03-23 13:19 ` [PATCH v2 07/11] CryptoPkg: Clean-up CRT Library Wrapper Qin Long
2017-03-23 18:34 ` Laszlo Ersek
2017-03-27 9:42 ` Gary Lin
@ 2017-03-30 17:33 ` Laszlo Ersek
2017-03-31 2:06 ` Long, Qin
2 siblings, 1 reply; 33+ messages in thread
From: Laszlo Ersek @ 2017-03-30 17:33 UTC (permalink / raw)
To: Qin Long, edk2-devel, Gerd Hoffmann
Cc: ard.biesheuvel, ting.ye, ronald.cron, jiaxin.wu, glin
Qin,
this patch (commit fc9fa685d689c) seems to break *some* GCC builds:
On 03/23/17 14:19, Qin Long wrote:
[snip]
> +/* Compare first n bytes of string s1 with string s2, ignoring case */
> +int strncasecmp (const char *s1, const char *s2, size_t n)
> +{
> + int Val;
> +
> + ASSERT(s1 != NULL);
> + ASSERT(s2 != NULL);
Here. The error messages are:
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c: In function 'strncasecmp':
MdePkg/Include/Library/DebugLib.h:292:12: error: nonnull argument 's1' compared to NULL [-Werror=nonnull-compare]
if (!(Expression)) { \
^
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c:144:3: note: in expansion of macro 'ASSERT'
ASSERT(s1 != NULL);
^~~~~~
MdePkg/Include/Library/DebugLib.h:292:12: error: nonnull argument 's2' compared to NULL [-Werror=nonnull-compare]
if (!(Expression)) { \
^
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c:145:3: note: in expansion of macro 'ASSERT'
ASSERT(s2 != NULL);
^~~~~~
The GCC documentation <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html> says,
-Wnonnull-compare
Warn when comparing an argument marked with the nonnull function attribute against null inside the function.
-Wnonnull-compare is included in -Wall. It can be disabled with the -Wno-nonnull-compare option.
I have no idea where the compiler thinks "s1" and "s2" are marked as non-null. I grepped the tree for "nonnull" and there are no hits.
Gerd, what compiler are you using? (From your logs, it looks like OVMF is being built for IA32, with the GCC49 tool chain settings.)
Thanks
Laszlo
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v2 07/11] CryptoPkg: Clean-up CRT Library Wrapper.
2017-03-30 17:33 ` Laszlo Ersek
@ 2017-03-31 2:06 ` Long, Qin
0 siblings, 0 replies; 33+ messages in thread
From: Long, Qin @ 2017-03-31 2:06 UTC (permalink / raw)
To: Laszlo Ersek, edk2-devel@lists.01.org, Gerd Hoffmann
Cc: Ye, Ting, ronald.cron@arm.com, Wu, Jiaxin, glin@suse.com,
ard.biesheuvel@linaro.org
Laszlo,
Thanks for catching this.
I was using GCC5 toolchain for few validations, the build looks OK.
Yes, should have more toolchain validations. :-(
I am also confused about this nonull warning. Maybe strncasecmp function
could have been defined as the different prototype (explicitely or implicitely):
int strcasecmp(const char *s1, const char *s2) __attribute__((nonnull));
And there was also one extra build warning (on openssl source) under GCC48.
Let me dig more and provide possible fixes to address this later.
Best Regards & Thanks,
LONG, Qin
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Laszlo Ersek
> Sent: Friday, March 31, 2017 1:34 AM
> To: Long, Qin; edk2-devel@lists.01.org; Gerd Hoffmann
> Cc: Ye, Ting; ronald.cron@arm.com; Wu, Jiaxin; glin@suse.com;
> ard.biesheuvel@linaro.org
> Subject: Re: [edk2] [PATCH v2 07/11] CryptoPkg: Clean-up CRT Library
> Wrapper.
>
> Qin,
>
> this patch (commit fc9fa685d689c) seems to break *some* GCC builds:
>
> On 03/23/17 14:19, Qin Long wrote:
>
> [snip]
>
> > +/* Compare first n bytes of string s1 with string s2, ignoring case
> > +*/ int strncasecmp (const char *s1, const char *s2, size_t n) {
> > + int Val;
> > +
> > + ASSERT(s1 != NULL);
> > + ASSERT(s2 != NULL);
>
> Here. The error messages are:
>
> CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c: In function
> 'strncasecmp':
> MdePkg/Include/Library/DebugLib.h:292:12: error: nonnull argument 's1'
> compared to NULL [-Werror=nonnull-compare]
> if (!(Expression)) { \
> ^
> CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c:144:3: note: in
> expansion of macro 'ASSERT'
> ASSERT(s1 != NULL);
> ^~~~~~
> MdePkg/Include/Library/DebugLib.h:292:12: error: nonnull argument 's2'
> compared to NULL [-Werror=nonnull-compare]
> if (!(Expression)) { \
> ^
> CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c:145:3: note: in
> expansion of macro 'ASSERT'
> ASSERT(s2 != NULL);
> ^~~~~~
>
> The GCC documentation <https://gcc.gnu.org/onlinedocs/gcc/Warning-
> Options.html> says,
>
> -Wnonnull-compare
>
> Warn when comparing an argument marked with the nonnull function
> attribute against null inside the function.
>
> -Wnonnull-compare is included in -Wall. It can be disabled with the -Wno-
> nonnull-compare option.
>
> I have no idea where the compiler thinks "s1" and "s2" are marked as non-
> null. I grepped the tree for "nonnull" and there are no hits.
>
> Gerd, what compiler are you using? (From your logs, it looks like OVMF is
> being built for IA32, with the GCC49 tool chain settings.)
>
> Thanks
> Laszlo
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 33+ messages in thread
end of thread, other threads:[~2017-03-31 2:06 UTC | newest]
Thread overview: 33+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-03-23 13:19 [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Qin Long
2017-03-23 13:19 ` [PATCH v2 01/11] CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0x build Qin Long
2017-03-23 18:27 ` Laszlo Ersek
2017-03-27 9:40 ` Gary Lin
2017-03-23 13:19 ` [PATCH v2 02/11] CryptoPkg: Update .gitignore for OpenSSL source masking Qin Long
2017-03-23 18:28 ` Laszlo Ersek
2017-03-23 13:19 ` [PATCH v2 03/11] CryptoPkg/OpensslLib: Remove patch file and installation scripts Qin Long
2017-03-23 18:28 ` Laszlo Ersek
2017-03-23 13:19 ` [PATCH v2 04/11] CryptoPkg/OpensslLib: Add new Perl script for file list generation Qin Long
2017-03-23 18:29 ` Laszlo Ersek
2017-03-23 13:19 ` [PATCH v2 05/11] CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document Qin Long
2017-03-23 18:31 ` Laszlo Ersek
2017-03-27 9:58 ` Gary Lin
2017-03-23 13:19 ` [PATCH v2 06/11] CryptoPkg: Fix handling of &strcmp function pointers Qin Long
2017-03-23 18:33 ` Laszlo Ersek
2017-03-27 9:41 ` Gary Lin
2017-03-23 13:19 ` [PATCH v2 07/11] CryptoPkg: Clean-up CRT Library Wrapper Qin Long
2017-03-23 18:34 ` Laszlo Ersek
2017-03-27 9:42 ` Gary Lin
2017-03-30 17:33 ` Laszlo Ersek
2017-03-31 2:06 ` Long, Qin
2017-03-23 13:19 ` [PATCH v2 08/11] CryptoPkg: Add extra build option to disable VS build warning Qin Long
2017-03-23 13:19 ` [PATCH v2 09/11] CryptoPkg: Update HMAC Wrapper with opaque HMAC_CTX object Qin Long
2017-03-23 18:37 ` Laszlo Ersek
2017-03-27 9:56 ` Gary Lin
2017-03-23 13:19 ` [PATCH v2 10/11] CryptoPkg: Update PK Cipher Wrappers work with opaque objects Qin Long
2017-03-23 18:38 ` Laszlo Ersek
2017-03-27 9:44 ` Gary Lin
2017-03-23 13:19 ` [PATCH v2 11/11] CryptoPkg/TlsLib: Update TLS Wrapper to align with OpenSSL changes Qin Long
2017-03-23 16:23 ` Palmer, Thomas
2017-03-24 5:40 ` Wu, Jiaxin
2017-03-23 17:28 ` [PATCH v2 00/11] Upgrade CryptoPkg to use the OpenSSL 1.1.0xx/stable release Laszlo Ersek
2017-03-28 8:19 ` Ye, Ting
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox