Copy head(r17080) from UDK2014.SP1 Branch with excluding UNI files.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2010.SR1@17104 6f19259b-4bc3-4df7-8a09-765794883524
diff --git a/CryptoPkg/Application/Cryptest/Cryptest.inf b/CryptoPkg/Application/Cryptest/Cryptest.inf
index ce9f625..b3ffab7 100644
--- a/CryptoPkg/Application/Cryptest/Cryptest.inf
+++ b/CryptoPkg/Application/Cryptest/Cryptest.inf
@@ -1,9 +1,9 @@
## @file
-# UEFI Application for the Validation of cryptography library
-# (based on OpenSSL 0.9.8l).
-# This is a shell application that will test the crypto library.
+# Shell application that will test the crypto library.
#
-# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+# UEFI Application for the Validation of cryptography library (based on OpenSSL 0.9.8zb).
+#
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
diff --git a/CryptoPkg/Contributions.txt b/CryptoPkg/Contributions.txt
new file mode 100644
index 0000000..5dd8a47
--- /dev/null
+++ b/CryptoPkg/Contributions.txt
@@ -0,0 +1,202 @@
+
+======================
+= Code Contributions =
+======================
+
+To make a contribution to a TianoCore project, follow these steps.
+1. Create a change description in the format specified below to
+ use in the source control commit log.
+2. Your commit message must include your "Signed-off-by" signature,
+ and "Contributed-under" message.
+3. Your "Contributed-under" message explicitly states that the
+ contribution is made under the terms of the specified
+ contribution agreement. Your "Contributed-under" message
+ must include the name of contribution agreement and version.
+ For example: Contributed-under: TianoCore Contribution Agreement 1.0
+ The "TianoCore Contribution Agreement" is included below in
+ this document.
+4. Submit your code to the TianoCore project using the process
+ that the project documents on its web page. If the process is
+ not documented, then submit the code on development email list
+ for the project.
+5. It is preferred that contributions are submitted using the same
+ copyright license as the base project. When that is not possible,
+ then contributions using the following licenses can be accepted:
+ * BSD (2-clause): http://opensource.org/licenses/BSD-2-Clause
+ * BSD (3-clause): http://opensource.org/licenses/BSD-3-Clause
+ * MIT: http://opensource.org/licenses/MIT
+ * Python-2.0: http://opensource.org/licenses/Python-2.0
+ * Zlib: http://opensource.org/licenses/Zlib
+
+ Contributions of code put into the public domain can also be
+ accepted.
+
+ Contributions using other licenses might be accepted, but further
+ review will be required.
+
+=======================================
+= Change Description / Commit Message =
+=======================================
+
+Your change description should use the standard format for a
+commit message, and must include your "Signed-off-by" signature
+and the "Contributed-under" message.
+
+== Sample Change Description / Commit Message =
+
+=== Definitions for sample change description ===
+
+* "CodeModule" is a short idenfier for the affected code. For
+ example MdePkg, or MdeModulePkg UsbBusDxe.
+* "Brief-single-line-summary" is a short summary of the change.
+* The entire first line should be less than ~70 characters.
+* "Full-commit-message" a verbose multiple line comment describing
+ the change. Each line should be less than ~70 characters.
+* "Contributed-under" explicitely states that the contribution is
+ made under the terms of the contribtion agreement. This
+ agreement is included below in this document.
+* "Signed-off-by" is the contributor's signature identifying them
+ by their real/legal name and their email address.
+
+=== Start of sample change description / commit message ===
+CodeModule: Brief-single-line-summary
+
+Full-commit-message
+
+Contributed-under: TianoCore Contribution Agreement 1.0
+Signed-off-by: Contributor Name <contributor@email.server>
+=== End of sample change description / commit message ===
+
+========================================
+= TianoCore Contribution Agreement 1.0 =
+========================================
+
+INTEL CORPORATION ("INTEL") MAKES AVAILABLE SOFTWARE, DOCUMENTATION,
+INFORMATION AND/OR OTHER MATERIALS FOR USE IN THE TIANOCORE OPEN SOURCE
+PROJECT (COLLECTIVELY "CONTENT"). USE OF THE CONTENT IS GOVERNED BY THE
+TERMS AND CONDITIONS OF THIS AGREEMENT BETWEEN YOU AND INTEL AND/OR THE
+TERMS AND CONDITIONS OF LICENSE AGREEMENTS OR NOTICES INDICATED OR
+REFERENCED BELOW. BY USING THE CONTENT, YOU AGREE THAT YOUR USE OF THE
+CONTENT IS GOVERNED BY THIS AGREEMENT AND/OR THE TERMS AND CONDITIONS
+OF ANY APPLICABLE LICENSE AGREEMENTS OR NOTICES INDICATED OR REFERENCED
+BELOW. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS
+AGREEMENT AND THE TERMS AND CONDITIONS OF ANY APPLICABLE LICENSE
+AGREEMENTS OR NOTICES INDICATED OR REFERENCED BELOW, THEN YOU MAY NOT
+USE THE CONTENT.
+
+Unless otherwise indicated, all Content made available on the TianoCore
+site is provided to you under the terms and conditions of the BSD
+License ("BSD"). A copy of the BSD License is available at
+http://opensource.org/licenses/bsd-license.php
+or when applicable, in the associated License.txt file.
+
+Certain other content may be made available under other licenses as
+indicated in or with such Content. (For example, in a License.txt file.)
+
+You accept and agree to the following terms and conditions for Your
+present and future Contributions submitted to TianoCore site. Except
+for the license granted to Intel hereunder, You reserve all right,
+title, and interest in and to Your Contributions.
+
+== SECTION 1: Definitions ==
+* "You" or "Contributor" shall mean the copyright owner or legal
+ entity authorized by the copyright owner that is making a
+ Contribution hereunder. All other entities that control, are
+ controlled by, or are under common control with that entity are
+ considered to be a single Contributor. For the purposes of this
+ definition, "control" means (i) the power, direct or indirect, to
+ cause the direction or management of such entity, whether by
+ contract or otherwise, or (ii) ownership of fifty percent (50%)
+ or more of the outstanding shares, or (iii) beneficial ownership
+ of such entity.
+* "Contribution" shall mean any original work of authorship,
+ including any modifications or additions to an existing work,
+ that is intentionally submitted by You to the TinaoCore site for
+ inclusion in, or documentation of, any of the Content. For the
+ purposes of this definition, "submitted" means any form of
+ electronic, verbal, or written communication sent to the
+ TianoCore site or its representatives, including but not limited
+ to communication on electronic mailing lists, source code
+ control systems, and issue tracking systems that are managed by,
+ or on behalf of, the TianoCore site for the purpose of
+ discussing and improving the Content, but excluding
+ communication that is conspicuously marked or otherwise
+ designated in writing by You as "Not a Contribution."
+
+== SECTION 2: License for Contributions ==
+* Contributor hereby agrees that redistribution and use of the
+ Contribution in source and binary forms, with or without
+ modification, are permitted provided that the following
+ conditions are met:
+** Redistributions of source code must retain the Contributor's
+ copyright notice, this list of conditions and the following
+ disclaimer.
+** Redistributions in binary form must reproduce the Contributor's
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution.
+* Disclaimer. None of the names of Contributor, Intel, or the names
+ of their respective contributors may be used to endorse or
+ promote products derived from this software without specific
+ prior written permission.
+* Contributor grants a license (with the right to sublicense) under
+ claims of Contributor's patents that Contributor can license that
+ are infringed by the Contribution (as delivered by Contributor) to
+ make, use, distribute, sell, offer for sale, and import the
+ Contribution and derivative works thereof solely to the minimum
+ extent necessary for licensee to exercise the granted copyright
+ license; this patent license applies solely to those portions of
+ the Contribution that are unmodified. No hardware per se is
+ licensed.
+* EXCEPT AS EXPRESSLY SET FORTH IN SECTION 3 BELOW, THE
+ CONTRIBUTION IS PROVIDED BY THE CONTRIBUTOR "AS IS" AND ANY
+ EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ CONTRIBUTOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THE
+ CONTRIBUTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ DAMAGE.
+
+== SECTION 3: Representations ==
+* You represent that You are legally entitled to grant the above
+ license. If your employer(s) has rights to intellectual property
+ that You create that includes Your Contributions, You represent
+ that You have received permission to make Contributions on behalf
+ of that employer, that Your employer has waived such rights for
+ Your Contributions.
+* You represent that each of Your Contributions is Your original
+ creation (see Section 4 for submissions on behalf of others).
+ You represent that Your Contribution submissions include complete
+ details of any third-party license or other restriction
+ (including, but not limited to, related patents and trademarks)
+ of which You are personally aware and which are associated with
+ any part of Your Contributions.
+
+== SECTION 4: Third Party Contributions ==
+* Should You wish to submit work that is not Your original creation,
+ You may submit it to TianoCore site separately from any
+ Contribution, identifying the complete details of its source
+ and of any license or other restriction (including, but not
+ limited to, related patents, trademarks, and license agreements)
+ of which You are personally aware, and conspicuously marking the
+ work as "Submitted on behalf of a third-party: [named here]".
+
+== SECTION 5: Miscellaneous ==
+* Applicable Laws. Any claims arising under or relating to this
+ Agreement shall be governed by the internal substantive laws of
+ the State of Delaware or federal courts located in Delaware,
+ without regard to principles of conflict of laws.
+* Language. This Agreement is in the English language only, which
+ language shall be controlling in all respects, and all versions
+ of this Agreement in any other language shall be for accommodation
+ only and shall not be binding. All communications and notices made
+ or given pursuant to this Agreement, and all documentation and
+ support to be provided, unless otherwise noted, shall be in the
+ English language.
+
diff --git a/CryptoPkg/CryptRuntimeDxe/CryptRuntimeDxe.inf b/CryptoPkg/CryptRuntimeDxe/CryptRuntimeDxe.inf
index 7625c40..22815fd 100644
--- a/CryptoPkg/CryptRuntimeDxe/CryptRuntimeDxe.inf
+++ b/CryptoPkg/CryptRuntimeDxe/CryptRuntimeDxe.inf
@@ -1,7 +1,7 @@
## @file
-# Component description file for Cryptographic Runtime Driver.
+# This driver installs runtime Crypt protocol to provide SHA256 and RSA service.
#
-# Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index 05be6bb..29b46d0 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -1,10 +1,10 @@
## @file
# Package for cryptography modules.
#
-# This Package provides cryptographic-related libraries for UEFI
-# security modules.
+# This Package provides cryptographic-related libraries for UEFI security modules.
+# It also provides a test application to test libraries.
#
-# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -19,7 +19,7 @@
DEC_SPECIFICATION = 0x00010005
PACKAGE_NAME = CryptoPkg
PACKAGE_GUID = 36470E80-36F2-4ba0-8CC8-937C7D9FF888
- PACKAGE_VERSION = 0.92
+ PACKAGE_VERSION = 0.94
[Includes]
Include
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 67577e1..11465a3 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -1,7 +1,7 @@
## @file
# Cryptographic Library Package for UEFI Security Implementation.
#
-# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -20,10 +20,10 @@
[Defines]
PLATFORM_NAME = CryptoPkg
PLATFORM_GUID = E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6
- PLATFORM_VERSION = 0.92
+ PLATFORM_VERSION = 0.94
DSC_SPECIFICATION = 0x00010005
OUTPUT_DIRECTORY = Build/CryptoPkg
- SUPPORTED_ARCHITECTURES = IA32|X64|IPF|ARM
+ SUPPORTED_ARCHITECTURES = IA32|X64|IPF|ARM|AARCH64
BUILD_TARGETS = DEBUG|RELEASE
SKUID_IDENTIFIER = DEFAULT
@@ -51,14 +51,18 @@
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-[LibraryClasses.ARM]
+[LibraryClasses.ARM, LibraryClasses.AARCH64]
#
# It is not possible to prevent the ARM compiler for generic intrinsic functions.
# This library provides the instrinsic functions generate by a given compiler.
- # [LibraryClasses.ARM] and NULL mean link this library into all ARM images.
+ # [LibraryClasses.ARM, LibraryClasses.AARCH64] and NULL mean link this library
+ # into all ARM and AARCH64 images.
#
NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
+ # Add support for stack protector
+ NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
+
[LibraryClasses.common.PEIM]
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -80,6 +84,24 @@
[LibraryClasses.common.UEFI_APPLICATION]
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+###############################################################################
+#
+# BuildOptions Section - Define the module specific tool chain flags that
+# should be used as the default flags for a module.
+# These flags are appended to any standard flags that
+# are defined by the build process.
+#
+# -JCryptoPkg/Include : To disable the use of the system includes provided by
+# the RVCT toolchain.
+# --diag_remark=1 : To make the warning "#1-D: last line of file ends
+# without a newline" just a remark such that the
+# build doesn't stop as warnings are considered as
+# errors.
+#
+################################################################################
+[BuildOptions]
+RVCT:*_*_ARM_CC_FLAGS = -JCryptoPkg/Include --diag_remark=1
+
################################################################################
#
# Pcd Section - list of all EDK II PCD Entries defined by this Platform
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 95a76f2..08e9c24 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -3,10 +3,10 @@
#
# Caution: This module requires additional review when modified.
# This library will have external input - signature.
-# This external input must be validated carefully to avoid security issue like
-# buffer overflow, integer overflow.
+# This external input must be validated carefully to avoid security issues such as
+# buffer overflow or integer overflow.
#
-# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -28,7 +28,7 @@
#
# The following information is for reference only and not required by the build tools.
#
-# VALID_ARCHITECTURES = IA32 X64 IPF ARM
+# VALID_ARCHITECTURES = IA32 X64 IPF ARM AARCH64
#
[Sources]
@@ -85,6 +85,9 @@
[Sources.ARM]
Rand/CryptRand.c
+[Sources.AARCH64]
+ Rand/CryptRand.c
+
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index 97965b4..913e3e1 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -3,16 +3,16 @@
#
# Caution: This module requires additional review when modified.
# This library will have external input - signature.
-# This external input must be validated carefully to avoid security issue like
-# buffer overflow, integer overflow.
+# This external input must be validated carefully to avoid security issues such as
+# buffer overflow or integer overflow.
#
# Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
# TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
# Diffie-Hellman functions, X.509 certificate handler functions, authenticode
-# signature verification functions, PEM handler functions, pseudorandom number
+# signature verification functions, PEM handler functions, and pseudorandom number
# generator functions are not supported in this instance.
#
-# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
index bb5f6d4..7b8bca5 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
@@ -146,8 +146,8 @@
//
// Long Form of Length Encoding, only support two bytes.
//
- ContentSize = (UINTN) (*(SpcIndirectDataContent + 2));
- ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3));
+ ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2));
+ ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 3));
//
// Skip the SEQUENCE Tag;
//
diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c
index 4a056e8..895ce83 100644
--- a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c
+++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c
@@ -1,7 +1,7 @@
/** @file
Pseudorandom Number Generator Wrapper Implementation over OpenSSL.
-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -14,6 +14,7 @@
#include "InternalCryptLib.h"
#include <openssl/rand.h>
+#include <openssl/evp.h>
//
// Default seed for UEFI Crypto Library
@@ -48,6 +49,14 @@
}
//
+ // The software PRNG implementation built in OpenSSL depends on message digest algorithm.
+ // Make sure SHA-1 digest algorithm is available here.
+ //
+ if (EVP_add_digest (EVP_sha1 ()) == 0) {
+ return FALSE;
+ }
+
+ //
// Seed the pseudorandom number generator with user-supplied value.
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.
//
@@ -57,7 +66,11 @@
RAND_seed (DefaultSeed, sizeof (DefaultSeed));
}
- return TRUE;
+ if (RAND_status () == 1) {
+ return TRUE;
+ }
+
+ return FALSE;
}
/**
diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandItc.c b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandItc.c
index dcc1853..9f87087 100644
--- a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandItc.c
+++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandItc.c
@@ -1,7 +1,7 @@
/** @file
Pseudorandom Number Generator Wrapper Implementation over OpenSSL.
-Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2012 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -14,6 +14,7 @@
#include "InternalCryptLib.h"
#include <openssl/rand.h>
+#include <openssl/evp.h>
#include <Library/PrintLib.h>
/**
@@ -46,6 +47,14 @@
}
//
+ // The software PRNG implementation built in OpenSSL depends on message digest algorithm.
+ // Make sure SHA-1 digest algorithm is available here.
+ //
+ if (EVP_add_digest (EVP_sha1 ()) == 0) {
+ return FALSE;
+ }
+
+ //
// Seed the pseudorandom number generator with user-supplied value.
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.
//
@@ -65,7 +74,11 @@
RAND_seed (DefaultSeed, sizeof (DefaultSeed));
}
- return TRUE;
+ if (RAND_status () == 1) {
+ return TRUE;
+ }
+
+ return FALSE;
}
/**
diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c
index 7259ed5..9bd349d 100644
--- a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c
+++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c
@@ -1,7 +1,7 @@
/** @file
Pseudorandom Number Generator Wrapper Implementation over OpenSSL.
-Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2012 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -14,6 +14,7 @@
#include "InternalCryptLib.h"
#include <openssl/rand.h>
+#include <openssl/evp.h>
#include <Library/PrintLib.h>
/**
@@ -46,6 +47,14 @@
}
//
+ // The software PRNG implementation built in OpenSSL depends on message digest algorithm.
+ // Make sure SHA-1 digest algorithm is available here.
+ //
+ if (EVP_add_digest (EVP_sha1 ()) == 0) {
+ return FALSE;
+ }
+
+ //
// Seed the pseudorandom number generator with user-supplied value.
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.
//
@@ -65,7 +74,11 @@
RAND_seed (DefaultSeed, sizeof (DefaultSeed));
}
- return TRUE;
+ if (RAND_status () == 1) {
+ return TRUE;
+ }
+
+ return FALSE;
}
/**
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 535ad51..d23e3db 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -1,17 +1,17 @@
## @file
-# Cryptographic Library Instance for DXE_RUNTIME_DRIVER
+# Cryptographic Library Instance for DXE_RUNTIME_DRIVER.
#
# Caution: This module requires additional review when modified.
# This library will have external input - signature.
-# This external input must be validated carefully to avoid security issue like
-# buffer overflow, integer overflow.
+# This external input must be validated carefully to avoid security issues such as
+# buffer overflow or integer overflow.
#
# Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
# TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
-# Diffie-Hellman functions, authenticode signature verification functions are
+# Diffie-Hellman functions, and authenticode signature verification functions are
# not supported in this instance.
#
-# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -34,7 +34,7 @@
#
# The following information is for reference only and not required by the build tools.
#
-# VALID_ARCHITECTURES = IA32 X64 IPF ARM
+# VALID_ARCHITECTURES = IA32 X64 IPF ARM AARCH64
#
[Sources]
@@ -90,6 +90,9 @@
[Sources.ARM]
Rand/CryptRand.c
+[Sources.AARCH64]
+ Rand/CryptRand.c
+
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index cdbe3ac..b31a785 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -3,15 +3,15 @@
#
# Caution: This module requires additional review when modified.
# This library will have external input - signature.
-# This external input must be validated carefully to avoid security issue like
-# buffer overflow, integer overflow.
+# This external input must be validated carefully to avoid security issues such as
+# buffer overflow or integer overflow.
#
# Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
# TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
-# Diffie-Hellman functions, authenticode signature verification functions are
+# Diffie-Hellman functions, and authenticode signature verification functions are
# not supported in this instance.
#
-# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -34,7 +34,7 @@
#
# The following information is for reference only and not required by the build tools.
#
-# VALID_ARCHITECTURES = IA32 X64
+# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
#
[Sources]
@@ -90,6 +90,9 @@
[Sources.ARM]
Rand/CryptRand.c
+[Sources.AARCH64]
+ Rand/CryptRand.c
+
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
@@ -108,4 +111,4 @@
#
[BuildOptions]
GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))" "-D__declspec(t)=__attribute__((t))"
-
+ XCODE:*_*_*_CC_FLAGS = -mmmx -msse
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathRShiftU64.S b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathRShiftU64.S
index 3a8a132..bf05875 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathRShiftU64.S
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathRShiftU64.S
@@ -1,6 +1,6 @@
#------------------------------------------------------------------------------
#
-# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -53,7 +53,7 @@
More32:
movl %edx, %eax
xor %edx, %edx
- and $32, %cl
+ and $31, %cl
shr %cl, %eax
ret
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c
index 805e6b4..6422d61 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c
@@ -148,14 +148,14 @@
GmTime->tm_yday = (int) DayNo;
for (MonthNo = 12; MonthNo > 1; MonthNo--) {
- if (DayNo > CumulativeDays[IsLeap(Year)][MonthNo]) {
+ if (DayNo >= CumulativeDays[IsLeap(Year)][MonthNo]) {
DayNo = (UINT16) (DayNo - (UINT16) (CumulativeDays[IsLeap(Year)][MonthNo]));
break;
}
}
- GmTime->tm_mon = (int) MonthNo;
- GmTime->tm_mday = (int) DayNo;
+ GmTime->tm_mon = (int) MonthNo - 1;
+ GmTime->tm_mday = (int) DayNo + 1;
GmTime->tm_isdst = 0;
GmTime->tm_gmtoff = 0;
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf
index 8bb04e9..d8b70fe 100644
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf
@@ -6,10 +6,10 @@
# AES/TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign/verify
# functions, Diffie-Hellman functions, X.509 certificate handler functions,
# authenticode signature verification functions, PEM handler functions,
-# pseudorandom number generator functions, Sha256Duplicate() are not supported
+# pseudorandom number generator functions, and Sha256Duplicate() are not supported
# in this instance.
#
-# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
diff --git a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
index afaa0b7..9d6867e 100644
--- a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
+++ b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
@@ -2,7 +2,7 @@
Intrinsic Memory Routines Wrapper Implementation for OpenSSL-based
Cryptographic Library.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -24,6 +24,13 @@
void * memset (void *dest, char ch, unsigned int count)
{
//
+ // NOTE: Here we use one base implementation for memset, instead of the direct
+ // optimized SetMem() wrapper. Because the IntrinsicLib has to be built
+ // without whole program optimization option, and there will be some
+ // potential register usage errors when calling other optimized codes.
+ //
+
+ //
// Declare the local variables that actually move the data elements as
// volatile to prevent the optimizer from replacing this function with
// the intrinsic memset()
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch
deleted file mode 100644
index c5f646e..0000000
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch
+++ /dev/null
@@ -1,281 +0,0 @@
-Index: crypto/bio/bss_file.c
-===================================================================
---- crypto/bio/bss_file.c (revision 1)
-+++ crypto/bio/bss_file.c (working copy)
-@@ -428,6 +428,23 @@
- return(ret);
- }
-
-+#else
-+
-+BIO_METHOD *BIO_s_file(void)
-+ {
-+ return NULL;
-+ }
-+
-+BIO *BIO_new_file(const char *filename, const char *mode)
-+ {
-+ return NULL;
-+ }
-+
-+BIO *BIO_new_fp(FILE *stream, int close_flag)
-+ {
-+ return NULL;
-+ }
-+
- #endif /* OPENSSL_NO_STDIO */
-
- #endif /* HEADER_BSS_FILE_C */
-Index: crypto/crypto.h
-===================================================================
---- crypto/crypto.h (revision 1)
-+++ crypto/crypto.h (working copy)
-@@ -235,15 +235,15 @@
- #ifndef OPENSSL_NO_LOCKING
- #ifndef CRYPTO_w_lock
- #define CRYPTO_w_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
- #define CRYPTO_w_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
- #define CRYPTO_r_lock(type) \
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
- #define CRYPTO_r_unlock(type) \
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
- #define CRYPTO_add(addr,amount,type) \
-- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-+ CRYPTO_add_lock(addr,amount,type,NULL,0)
- #endif
- #else
- #define CRYPTO_w_lock(a)
-@@ -361,19 +361,19 @@
- #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
- #define is_MemCheck_on() CRYPTO_is_mem_check_on()
-
--#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
--#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
-+#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
-+#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
- #define OPENSSL_realloc(addr,num) \
-- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
- #define OPENSSL_realloc_clean(addr,old_num,num) \
-- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
- #define OPENSSL_remalloc(addr,num) \
-- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
- #define OPENSSL_freeFunc CRYPTO_free
- #define OPENSSL_free(addr) CRYPTO_free(addr)
-
- #define OPENSSL_malloc_locked(num) \
-- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-+ CRYPTO_malloc_locked((int)num,NULL,0)
- #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
-
-
-@@ -487,7 +487,7 @@
- long CRYPTO_get_mem_debug_options(void);
-
- #define CRYPTO_push_info(info) \
-- CRYPTO_push_info_(info, __FILE__, __LINE__);
-+ CRYPTO_push_info_(info, NULL, 0);
- int CRYPTO_push_info_(const char *info, const char *file, int line);
- int CRYPTO_pop_info(void);
- int CRYPTO_remove_all_info(void);
-@@ -528,17 +528,17 @@
-
- /* die if we have to */
- void OpenSSLDie(const char *file,int line,const char *assertion);
--#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
-+#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
-
- unsigned long *OPENSSL_ia32cap_loc(void);
- #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
- int OPENSSL_isservice(void);
-
- #ifdef OPENSSL_FIPS
--#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
-+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
- alg " previous FIPS forbidden algorithm error ignored");
-
--#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
-+#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
- #alg " Algorithm forbidden in FIPS mode");
-
- #ifdef OPENSSL_FIPS_STRICT
-Index: crypto/err/err.c
-===================================================================
---- crypto/err/err.c (revision 1)
-+++ crypto/err/err.c (working copy)
-@@ -313,7 +313,12 @@
- es->err_data_flags[i]=flags;
- }
-
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...)
-+#else
- void ERR_add_error_data(int num, ...)
-+#endif
- {
- va_list args;
- int i,n,s;
-Index: crypto/err/err.h
-===================================================================
---- crypto/err/err.h (revision 1)
-+++ crypto/err/err.h (working copy)
-@@ -286,8 +286,14 @@
- #endif
- #ifndef OPENSSL_NO_BIO
- void ERR_print_errors(BIO *bp);
-+
-+/* Add EFIAPI for UEFI version. */
-+#if defined(OPENSSL_SYS_UEFI)
-+void EFIAPI ERR_add_error_data(int num, ...);
-+#else
- void ERR_add_error_data(int num, ...);
- #endif
-+#endif
- void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
- void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
- void ERR_load_ERR_strings(void);
-Index: crypto/opensslconf.h
-===================================================================
---- crypto/opensslconf.h (revision 1)
-+++ crypto/opensslconf.h (working copy)
-@@ -162,6 +162,9 @@
- /* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-+
-+/* Bypass following definition for UEFI version. */
-+#if !defined(OPENSSL_SYS_UEFI)
- #undef SIXTY_FOUR_BIT_LONG
- #undef SIXTY_FOUR_BIT
- #define THIRTY_TWO_BIT
-@@ -169,6 +172,8 @@
- #undef EIGHT_BIT
- #endif
-
-+#endif
-+
- #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
- #define CONFIG_HEADER_RC4_LOCL_H
- /* if this is defined data[i] is used instead of *data, this is a %20
-Index: crypto/pkcs7/pk7_smime.c
-===================================================================
---- crypto/pkcs7/pk7_smime.c (revision 1)
-+++ crypto/pkcs7/pk7_smime.c (working copy)
-@@ -88,7 +88,10 @@
- if (!PKCS7_content_new(p7, NID_pkcs7_data))
- goto err;
-
-- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
-+ /*
-+ NOTE: Update to SHA-256 digest algorithm for UEFI version.
-+ */
-+ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {
- PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
- goto err;
- }
-@@ -173,7 +176,8 @@
- STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
- PKCS7_SIGNER_INFO *si;
- X509_STORE_CTX cert_ctx;
-- char buf[4096];
-+ char *buf = NULL;
-+ int bufsiz;
- int i, j=0, k, ret = 0;
- BIO *p7bio;
- BIO *tmpin, *tmpout;
-@@ -284,10 +288,16 @@
- BIO_set_mem_eof_return(tmpout, 0);
- } else tmpout = out;
-
-+ bufsiz = 4096;
-+ buf = OPENSSL_malloc (bufsiz);
-+ if (buf == NULL) {
-+ goto err;
-+ }
-+
- /* We now have to 'read' from p7bio to calculate digests etc. */
- for (;;)
- {
-- i=BIO_read(p7bio,buf,sizeof(buf));
-+ i=BIO_read(p7bio,buf,bufsiz);
- if (i <= 0) break;
- if (tmpout) BIO_write(tmpout, buf, i);
- }
-@@ -326,6 +336,10 @@
-
- sk_X509_free(signers);
-
-+ if (buf != NULL) {
-+ OPENSSL_free (buf);
-+ }
-+
- return ret;
- }
-
-Index: crypto/rand/rand_egd.c
-===================================================================
---- crypto/rand/rand_egd.c (revision 1)
-+++ crypto/rand/rand_egd.c (working copy)
-@@ -95,7 +95,7 @@
- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
- */
-
--#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
-+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
- int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
- {
- return(-1);
-Index: crypto/rand/rand_unix.c
-===================================================================
---- crypto/rand/rand_unix.c (revision 1)
-+++ crypto/rand/rand_unix.c (working copy)
-@@ -116,7 +116,7 @@
- #include <openssl/rand.h>
- #include "rand_lcl.h"
-
--#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
-+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
-
- #include <sys/types.h>
- #include <sys/time.h>
-@@ -322,7 +322,7 @@
- #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
-
-
--#if defined(OPENSSL_SYS_VXWORKS)
-+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
- int RAND_poll(void)
- {
- return 0;
-Index: crypto/x509/x509_vfy.c
-===================================================================
---- crypto/x509/x509_vfy.c (revision 1)
-+++ crypto/x509/x509_vfy.c (working copy)
-@@ -899,6 +899,10 @@
-
- static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
- {
-+#if defined(OPENSSL_SYS_UEFI)
-+ /* Bypass Certificate Time Checking for UEFI version. */
-+ return 1;
-+#else
- time_t *ptime;
- int i;
-
-@@ -942,6 +946,7 @@
- }
-
- return 1;
-+#endif
- }
-
- static int internal_verify(X509_STORE_CTX *ctx)
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
new file mode 100644
index 0000000..4abe62c
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
@@ -0,0 +1,279 @@
+Index: crypto/bio/bss_file.c
+===================================================================
+--- crypto/bio/bss_file.c (revision 1)
++++ crypto/bio/bss_file.c (working copy)
+@@ -418,6 +418,23 @@
+ return (ret);
+ }
+
++#else
++
++BIO_METHOD *BIO_s_file(void)
++{
++ return NULL;
++}
++
++BIO *BIO_new_file(const char *filename, const char *mode)
++{
++ return NULL;
++}
++
++BIO *BIO_new_fp(FILE *stream, int close_flag)
++{
++ return NULL;
++}
++
+ # endif /* OPENSSL_NO_STDIO */
+
+ #endif /* HEADER_BSS_FILE_C */
+Index: crypto/crypto.h
+===================================================================
+--- crypto/crypto.h (revision 1)
++++ crypto/crypto.h (working copy)
+@@ -239,15 +239,15 @@
+ # ifndef OPENSSL_NO_LOCKING
+ # ifndef CRYPTO_w_lock
+ # define CRYPTO_w_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
+ # define CRYPTO_w_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
+ # define CRYPTO_r_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
+ # define CRYPTO_r_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
+ # define CRYPTO_add(addr,amount,type) \
+- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
++ CRYPTO_add_lock(addr,amount,type,NULL,0)
+ # endif
+ # else
+ # define CRYPTO_w_lock(a)
+@@ -374,19 +374,19 @@
+ # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
+ # define is_MemCheck_on() CRYPTO_is_mem_check_on()
+
+-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
+-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
++# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
++# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
+ # define OPENSSL_realloc(addr,num) \
+- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
+ # define OPENSSL_realloc_clean(addr,old_num,num) \
+- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
+ # define OPENSSL_remalloc(addr,num) \
+- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
+ # define OPENSSL_freeFunc CRYPTO_free
+ # define OPENSSL_free(addr) CRYPTO_free(addr)
+
+ # define OPENSSL_malloc_locked(num) \
+- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
++ CRYPTO_malloc_locked((int)num,NULL,0)
+ # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
+
+ const char *SSLeay_version(int type);
+@@ -531,7 +531,7 @@
+ long CRYPTO_get_mem_debug_options(void);
+
+ # define CRYPTO_push_info(info) \
+- CRYPTO_push_info_(info, __FILE__, __LINE__);
++ CRYPTO_push_info_(info, NULL, 0);
+ int CRYPTO_push_info_(const char *info, const char *file, int line);
+ int CRYPTO_pop_info(void);
+ int CRYPTO_remove_all_info(void);
+@@ -578,7 +578,7 @@
+
+ /* die if we have to */
+ void OpenSSLDie(const char *file, int line, const char *assertion);
+-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
++# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
+
+ unsigned long *OPENSSL_ia32cap_loc(void);
+ # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
+@@ -585,10 +585,10 @@
+ int OPENSSL_isservice(void);
+
+ # ifdef OPENSSL_FIPS
+-# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
++# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
+ alg " previous FIPS forbidden algorithm error ignored");
+
+-# define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
++# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
+ #alg " Algorithm forbidden in FIPS mode");
+
+ # ifdef OPENSSL_FIPS_STRICT
+Index: crypto/err/err.c
+===================================================================
+--- crypto/err/err.c (revision 1)
++++ crypto/err/err.c (working copy)
+@@ -321,7 +321,12 @@
+ es->err_data_flags[i] = flags;
+ }
+
++/* Add EFIAPI for UEFI version. */
++#if defined(OPENSSL_SYS_UEFI)
++void EFIAPI ERR_add_error_data(int num, ...)
++#else
+ void ERR_add_error_data(int num, ...)
++#endif
+ {
+ va_list args;
+ int i, n, s;
+Index: crypto/err/err.h
+===================================================================
+--- crypto/err/err.h (revision 1)
++++ crypto/err/err.h (working copy)
+@@ -285,7 +285,13 @@
+ # endif
+ # ifndef OPENSSL_NO_BIO
+ void ERR_print_errors(BIO *bp);
++
++/* Add EFIAPI for UEFI version. */
++#if defined(OPENSSL_SYS_UEFI)
++void EFIAPI ERR_add_error_data(int num, ...);
++#else
+ void ERR_add_error_data(int num, ...);
++#endif
+ # endif
+ void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
+ void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
+Index: crypto/opensslconf.h
+===================================================================
+--- crypto/opensslconf.h (revision 1)
++++ crypto/opensslconf.h (working copy)
+@@ -162,6 +162,9 @@
+ /* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
++
++/* Bypass following definition for UEFI version. */
++#if !defined(OPENSSL_SYS_UEFI)
+ #undef SIXTY_FOUR_BIT_LONG
+ #undef SIXTY_FOUR_BIT
+ #define THIRTY_TWO_BIT
+@@ -169,6 +172,8 @@
+ #undef EIGHT_BIT
+ #endif
+
++#endif
++
+ #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+ #define CONFIG_HEADER_RC4_LOCL_H
+ /* if this is defined data[i] is used instead of *data, this is a %20
+Index: crypto/pkcs7/pk7_smime.c
+===================================================================
+--- crypto/pkcs7/pk7_smime.c (revision 1)
++++ crypto/pkcs7/pk7_smime.c (working copy)
+@@ -90,7 +90,14 @@
+ if (!PKCS7_content_new(p7, NID_pkcs7_data))
+ goto err;
+
++#if defined(OPENSSL_SYS_UEFI)
++ /*
++ * NOTE: Update to SHA-256 digest algorithm for UEFI version.
++ */
++ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha256()))) {
++#else
+ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) {
++#endif
+ PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+ goto err;
+ }
+@@ -175,7 +182,8 @@
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ X509_STORE_CTX cert_ctx;
+- char buf[4096];
++ char *buf = NULL;
++ int bufsiz;
+ int i, j = 0, k, ret = 0;
+ BIO *p7bio;
+ BIO *tmpin, *tmpout;
+@@ -286,6 +294,12 @@
+ } else
+ tmpout = out;
+
++ bufsiz = 4096;
++ buf = OPENSSL_malloc (bufsiz);
++ if (buf == NULL) {
++ goto err;
++ }
++
+ /* We now have to 'read' from p7bio to calculate digests etc. */
+ for (;;) {
+ i = BIO_read(p7bio, buf, sizeof(buf));
+@@ -328,6 +342,10 @@
+
+ sk_X509_free(signers);
+
++ if (buf != NULL) {
++ OPENSSL_free (buf);
++ }
++
+ return ret;
+ }
+
+Index: crypto/rand/rand_egd.c
+===================================================================
+--- crypto/rand/rand_egd.c (revision 1)
++++ crypto/rand/rand_egd.c (working copy)
+@@ -95,7 +95,7 @@
+ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
+ */
+
+-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
++#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
+ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+ {
+ return (-1);
+Index: crypto/rand/rand_unix.c
+===================================================================
+--- crypto/rand/rand_unix.c (revision 1)
++++ crypto/rand/rand_unix.c (working copy)
+@@ -116,7 +116,7 @@
+ #include <openssl/rand.h>
+ #include "rand_lcl.h"
+
+-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
+
+ # include <sys/types.h>
+ # include <sys/time.h>
+@@ -332,7 +332,7 @@
+ * defined(OPENSSL_SYS_VXWORKS) ||
+ * defined(OPENSSL_SYS_NETWARE)) */
+
+-#if defined(OPENSSL_SYS_VXWORKS)
++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+ int RAND_poll(void)
+ {
+ return 0;
+Index: crypto/x509/x509_vfy.c
+===================================================================
+--- crypto/x509/x509_vfy.c (revision 1)
++++ crypto/x509/x509_vfy.c (working copy)
+@@ -871,6 +871,10 @@
+
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
+ {
++#if defined(OPENSSL_SYS_UEFI)
++ /* Bypass Certificate Time Checking for UEFI version. */
++ return 1;
++#else
+ time_t *ptime;
+ int i;
+
+@@ -910,6 +914,7 @@
+ }
+
+ return 1;
++#endif
+ }
+
+ static int internal_verify(X509_STORE_CTX *ctx)
diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd b/CryptoPkg/Library/OpensslLib/Install.cmd
index a2a88e4..8f1d016 100755
--- a/CryptoPkg/Library/OpensslLib/Install.cmd
+++ b/CryptoPkg/Library/OpensslLib/Install.cmd
@@ -1,4 +1,4 @@
-cd openssl-0.9.8w
+cd openssl-0.9.8zf
copy e_os2.h ..\..\..\Include\openssl
copy crypto\crypto.h ..\..\..\Include\openssl
copy crypto\tmdiff.h ..\..\..\Include\openssl
@@ -68,4 +68,4 @@
copy ssl\tls1.h ..\..\..\Include\openssl
copy ssl\dtls1.h ..\..\..\Include\openssl
copy ssl\kssl.h ..\..\..\Include\openssl
-cd ..
\ No newline at end of file
+cd ..
diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh
index 2218361..4a022e6 100755
--- a/CryptoPkg/Library/OpensslLib/Install.sh
+++ b/CryptoPkg/Library/OpensslLib/Install.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-cd openssl-0.9.8w
+cd openssl-0.9.8zf
cp e_os2.h ../../../Include/openssl
cp crypto/crypto.h ../../../Include/openssl
cp crypto/tmdiff.h ../../../Include/openssl
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index e8bec20..935774b 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -1,7 +1,7 @@
## @file
-# OpenSSL Library implementation.
+# This module provides openSSL Library implementation.
#
-# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -19,9 +19,9 @@
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
- DEFINE OPENSSL_PATH = openssl-0.9.8w
+ DEFINE OPENSSL_PATH = openssl-0.9.8zf
DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
- DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED
+ DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_MD2 -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ENGINE
#
# OPENSSL_FLAGS is set to define the following flags to be compatible with
@@ -51,7 +51,7 @@
#
#
-# VALID_ARCHITECTURES = IA32 X64 IPF ARM
+# VALID_ARCHITECTURES = IA32 X64 IPF ARM AARCH64
#
[Sources]
@@ -77,8 +77,12 @@
$(OPENSSL_PATH)/crypto/o_dir.c
$(OPENSSL_PATH)/crypto/o_init.c
$(OPENSSL_PATH)/crypto/fips_err.c
- $(OPENSSL_PATH)/crypto/md2/md2_dgst.c
- $(OPENSSL_PATH)/crypto/md2/md2_one.c
+
+ #
+ # DIsabled by OPENSSL_NO_MD2
+ #
+ # $(OPENSSL_PATH)/crypto/md2/md2_dgst.c
+ # $(OPENSSL_PATH)/crypto/md2/md2_one.c
$(OPENSSL_PATH)/crypto/md4/md4_dgst.c
$(OPENSSL_PATH)/crypto/md4/md4_one.c
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
@@ -90,8 +94,13 @@
$(OPENSSL_PATH)/crypto/sha/sha256.c
$(OPENSSL_PATH)/crypto/sha/sha512.c
$(OPENSSL_PATH)/crypto/hmac/hmac.c
- $(OPENSSL_PATH)/crypto/ripemd/rmd_dgst.c
- $(OPENSSL_PATH)/crypto/ripemd/rmd_one.c
+
+ #
+ # Disabled by OPENSSL_NO_RIPEMD
+ #
+ # $(OPENSSL_PATH)/crypto/ripemd/rmd_dgst.c
+ # $(OPENSSL_PATH)/crypto/ripemd/rmd_one.c
+
$(OPENSSL_PATH)/crypto/des/des_lib.c
$(OPENSSL_PATH)/crypto/des/set_key.c
$(OPENSSL_PATH)/crypto/des/ecb_enc.c
@@ -119,29 +128,45 @@
$(OPENSSL_PATH)/crypto/des/des_old.c
$(OPENSSL_PATH)/crypto/des/des_old2.c
$(OPENSSL_PATH)/crypto/des/read2pwd.c
- $(OPENSSL_PATH)/crypto/rc2/rc2_ecb.c
- $(OPENSSL_PATH)/crypto/rc2/rc2_skey.c
- $(OPENSSL_PATH)/crypto/rc2/rc2_cbc.c
- $(OPENSSL_PATH)/crypto/rc2/rc2cfb64.c
- $(OPENSSL_PATH)/crypto/rc2/rc2ofb64.c
+
+ #
+ # Disabled by OPENSSL_NO_RC2
+ #
+ # $(OPENSSL_PATH)/crypto/rc2/rc2_ecb.c
+ # $(OPENSSL_PATH)/crypto/rc2/rc2_skey.c
+ # $(OPENSSL_PATH)/crypto/rc2/rc2_cbc.c
+ # $(OPENSSL_PATH)/crypto/rc2/rc2cfb64.c
+ # $(OPENSSL_PATH)/crypto/rc2/rc2ofb64.c
+
$(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
$(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
$(OPENSSL_PATH)/crypto/rc4/rc4_fblk.c
- $(OPENSSL_PATH)/crypto/idea/i_cbc.c
- $(OPENSSL_PATH)/crypto/idea/i_cfb64.c
- $(OPENSSL_PATH)/crypto/idea/i_ofb64.c
- $(OPENSSL_PATH)/crypto/idea/i_ecb.c
- $(OPENSSL_PATH)/crypto/idea/i_skey.c
- $(OPENSSL_PATH)/crypto/bf/bf_skey.c
- $(OPENSSL_PATH)/crypto/bf/bf_ecb.c
- $(OPENSSL_PATH)/crypto/bf/bf_enc.c
- $(OPENSSL_PATH)/crypto/bf/bf_cfb64.c
- $(OPENSSL_PATH)/crypto/bf/bf_ofb64.c
- $(OPENSSL_PATH)/crypto/cast/c_skey.c
- $(OPENSSL_PATH)/crypto/cast/c_ecb.c
- $(OPENSSL_PATH)/crypto/cast/c_enc.c
- $(OPENSSL_PATH)/crypto/cast/c_cfb64.c
- $(OPENSSL_PATH)/crypto/cast/c_ofb64.c
+
+ #
+ # Disabled by OPENSSL_NO_IDEA
+ #
+ # $(OPENSSL_PATH)/crypto/idea/i_cbc.c
+ # $(OPENSSL_PATH)/crypto/idea/i_cfb64.c
+ # $(OPENSSL_PATH)/crypto/idea/i_ofb64.c
+ # $(OPENSSL_PATH)/crypto/idea/i_ecb.c
+ # $(OPENSSL_PATH)/crypto/idea/i_skey.c
+ #
+ # Disabled by OPENSSL_NO_BF
+ #
+ # $(OPENSSL_PATH)/crypto/bf/bf_skey.c
+ # $(OPENSSL_PATH)/crypto/bf/bf_ecb.c
+ # $(OPENSSL_PATH)/crypto/bf/bf_enc.c
+ # $(OPENSSL_PATH)/crypto/bf/bf_cfb64.c
+ # $(OPENSSL_PATH)/crypto/bf/bf_ofb64.c
+ #
+ # Disabled by OPENSSL_NO_CAST
+ #
+ # $(OPENSSL_PATH)/crypto/cast/c_skey.c
+ # $(OPENSSL_PATH)/crypto/cast/c_ecb.c
+ # $(OPENSSL_PATH)/crypto/cast/c_enc.c
+ # $(OPENSSL_PATH)/crypto/cast/c_cfb64.c
+ # $(OPENSSL_PATH)/crypto/cast/c_ofb64.c
+
$(OPENSSL_PATH)/crypto/aes/aes_misc.c
$(OPENSSL_PATH)/crypto/aes/aes_ecb.c
$(OPENSSL_PATH)/crypto/aes/aes_cfb.c
@@ -198,16 +223,21 @@
$(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
$(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
$(OPENSSL_PATH)/crypto/rsa/rsa_eng.c
- $(OPENSSL_PATH)/crypto/dsa/dsa_gen.c
- $(OPENSSL_PATH)/crypto/dsa/dsa_key.c
- $(OPENSSL_PATH)/crypto/dsa/dsa_lib.c
- $(OPENSSL_PATH)/crypto/dsa/dsa_asn1.c
- $(OPENSSL_PATH)/crypto/dsa/dsa_vrf.c
- $(OPENSSL_PATH)/crypto/dsa/dsa_sign.c
- $(OPENSSL_PATH)/crypto/dsa/dsa_err.c
- $(OPENSSL_PATH)/crypto/dsa/dsa_ossl.c
- $(OPENSSL_PATH)/crypto/dsa/dsa_depr.c
- $(OPENSSL_PATH)/crypto/dsa/dsa_utl.c
+
+ #
+ # Disabled by OPENSSL_NO_DSA
+ #
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_gen.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_key.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_lib.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_asn1.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_vrf.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_sign.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_err.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_ossl.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_depr.c
+ # $(OPENSSL_PATH)/crypto/dsa/dsa_utl.c
+
$(OPENSSL_PATH)/crypto/dso/dso_dl.c
$(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
$(OPENSSL_PATH)/crypto/dso/dso_err.c
@@ -223,30 +253,41 @@
$(OPENSSL_PATH)/crypto/dh/dh_check.c
$(OPENSSL_PATH)/crypto/dh/dh_err.c
$(OPENSSL_PATH)/crypto/dh/dh_depr.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec2_mult.c
- $(OPENSSL_PATH)/crypto/ecdh/ech_lib.c
- $(OPENSSL_PATH)/crypto/ecdh/ech_ossl.c
- $(OPENSSL_PATH)/crypto/ecdh/ech_key.c
- $(OPENSSL_PATH)/crypto/ecdh/ech_err.c
- $(OPENSSL_PATH)/crypto/ecdsa/ecs_lib.c
- $(OPENSSL_PATH)/crypto/ecdsa/ecs_asn1.c
- $(OPENSSL_PATH)/crypto/ecdsa/ecs_ossl.c
- $(OPENSSL_PATH)/crypto/ecdsa/ecs_sign.c
- $(OPENSSL_PATH)/crypto/ecdsa/ecs_vrf.c
- $(OPENSSL_PATH)/crypto/ecdsa/ecs_err.c
+
+ #
+ # Disabled by OPENSSL_NO_EC
+ #
+ # $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+ # $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_err.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_check.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_print.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+ # $(OPENSSL_PATH)/crypto/ec/ec_key.c
+ # $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+ # $(OPENSSL_PATH)/crypto/ec/ec2_mult.c
+ #
+ # Disabled by OPENSSL_NO_ECDH
+ #
+ # $(OPENSSL_PATH)/crypto/ecdh/ech_lib.c
+ # $(OPENSSL_PATH)/crypto/ecdh/ech_ossl.c
+ # $(OPENSSL_PATH)/crypto/ecdh/ech_key.c
+ # $(OPENSSL_PATH)/crypto/ecdh/ech_err.c
+ #
+ # Disabled by OPENSSL_NO_ECDSA
+ #
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_lib.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_asn1.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_ossl.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_sign.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_vrf.c
+ # $(OPENSSL_PATH)/crypto/ecdsa/ecs_err.c
+
$(OPENSSL_PATH)/crypto/buffer/buffer.c
$(OPENSSL_PATH)/crypto/buffer/buf_str.c
$(OPENSSL_PATH)/crypto/buffer/buf_err.c
@@ -523,38 +564,47 @@
$(OPENSSL_PATH)/crypto/comp/comp_err.c
$(OPENSSL_PATH)/crypto/comp/c_rle.c
$(OPENSSL_PATH)/crypto/comp/c_zlib.c
- $(OPENSSL_PATH)/crypto/engine/eng_err.c
- $(OPENSSL_PATH)/crypto/engine/eng_lib.c
- $(OPENSSL_PATH)/crypto/engine/eng_list.c
- $(OPENSSL_PATH)/crypto/engine/eng_init.c
- $(OPENSSL_PATH)/crypto/engine/eng_ctrl.c
- $(OPENSSL_PATH)/crypto/engine/eng_table.c
- $(OPENSSL_PATH)/crypto/engine/eng_pkey.c
- $(OPENSSL_PATH)/crypto/engine/eng_fat.c
- $(OPENSSL_PATH)/crypto/engine/eng_all.c
- $(OPENSSL_PATH)/crypto/engine/tb_rsa.c
- $(OPENSSL_PATH)/crypto/engine/tb_dsa.c
- $(OPENSSL_PATH)/crypto/engine/tb_ecdsa.c
- $(OPENSSL_PATH)/crypto/engine/tb_dh.c
- $(OPENSSL_PATH)/crypto/engine/tb_ecdh.c
- $(OPENSSL_PATH)/crypto/engine/tb_rand.c
- $(OPENSSL_PATH)/crypto/engine/tb_store.c
- $(OPENSSL_PATH)/crypto/engine/tb_cipher.c
- $(OPENSSL_PATH)/crypto/engine/tb_digest.c
- $(OPENSSL_PATH)/crypto/engine/eng_openssl.c
- $(OPENSSL_PATH)/crypto/engine/eng_cnf.c
- $(OPENSSL_PATH)/crypto/engine/eng_dyn.c
- $(OPENSSL_PATH)/crypto/engine/eng_cryptodev.c
- $(OPENSSL_PATH)/crypto/engine/eng_padlock.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
+
+ #
+ # Disabled by OPENSSL_NO_ENGINE
+ #
+ # $(OPENSSL_PATH)/crypto/engine/eng_err.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_lib.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_list.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_init.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_ctrl.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_table.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_pkey.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_fat.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_all.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_rsa.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_dsa.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_ecdsa.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_dh.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_ecdh.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_rand.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_store.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_cipher.c
+ # $(OPENSSL_PATH)/crypto/engine/tb_digest.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_openssl.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_cnf.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_dyn.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_cryptodev.c
+ # $(OPENSSL_PATH)/crypto/engine/eng_padlock.c
+
+ #
+ # Disabled by OPENSSL_NO_OCSP
+ #
+ # $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
+ # $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
+ # $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
+ # $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
+ # $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
+ # $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
+ # $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
+ # $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
+ # $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
+
$(OPENSSL_PATH)/crypto/ui/ui_err.c
$(OPENSSL_PATH)/crypto/ui/ui_lib.c
@@ -606,6 +656,21 @@
GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT
GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT
- RVCT:*_*_IA32_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT
- RVCT:*_*_X64_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DSIXTY_FOUR_BIT
- RVCT:*_*_IPF_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DSIXTY_FOUR_BIT
+ GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+ GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT
+
+ # suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
+ # 1295: Deprecated declaration <entity> - give arg types
+ # 550: <entity> was set but never used
+ # 1293: assignment in condition
+ # 111: statement is unreachable (invariably "break;" after "return X;" in case statement)
+ # 68: integer conversion resulted in a change of sign ("if (Status == -1)")
+ # 177: <entity> was declared but never referenced
+ # 223: function <entity> declared implicitly
+ # 144: a value of type <type> cannot be used to initialize an entity of type <type>
+ # 513: a value of type <type> cannot be assigned to an entity of type <type>
+ # 188: enumerated type mixed with another type (i.e. passing an integer as an enum without a cast)
+ # 1296: Extended constant initialiser used
+ RVCT:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188
+ XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
+ XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT
diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
index 7641da8..de60a5f 100644
--- a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
+++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
@@ -17,36 +17,36 @@
================================================================================
OpenSSL-Version
================================================================================
- Current supported OpenSSL version for UEFI Crypto Library is 0.9.8w.
- http://www.openssl.org/source/openssl-0.9.8w.tar.gz
+ Current supported OpenSSL version for UEFI Crypto Library is 0.9.8zf.
+ http://www.openssl.org/source/openssl-0.9.8zf.tar.gz
================================================================================
HOW to Install Openssl for UEFI Building
================================================================================
-1. Download OpenSSL 0.9.8w from official website:
- http://www.openssl.org/source/openssl-0.9.8w.tar.gz
+1. Download OpenSSL 0.9.8zf from official website:
+ http://www.openssl.org/source/openssl-0.9.8zf.tar.gz
- NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8w.tar.tar.
- When you do the download, rename the "openssl-0.9.8w.tar.tar" to
- "openssl-0.9.8w.tar.gz" or rename the local downloaded file with ".tar.tar"
+ NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8zf.tar.tar.
+ When you do the download, rename the "openssl-0.9.8zf.tar.tar" to
+ "openssl-0.9.8zf.tar.gz" or rename the local downloaded file with ".tar.tar"
extension to ".tar.gz".
-2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8w
+2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8zf
NOTE: If you use WinZip to unpack the openssl source in Windows, please
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options -->
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").
-3. Apply this patch: EDKII_openssl-0.9.8w.patch, and make installation
+3. Apply this patch: EDKII_openssl-0.9.8zf.patch, and make installation
For Windows Environment:
------------------------
1) Make sure the patch utility has been installed in your machine.
Install Cygwin or get the patch utility binary from
http://gnuwin32.sourceforge.net/packages/patch.htm
- 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8w
- 3) patch -p0 -i ..\EDKII_openssl-0.9.8w.patch
+ 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8zf
+ 3) patch -p0 -i ..\EDKII_openssl-0.9.8zf.patch
4) cd ..
5) Install.cmd
@@ -54,8 +54,8 @@
-----------------------
1) Make sure the patch utility has been installed in your machine.
Patch utility is available from http://directory.fsf.org/project/patch/
- 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8w
- 3) patch -p0 -i ../EDKII_openssl-0.9.8w.patch
+ 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8zf
+ 3) patch -p0 -i ../EDKII_openssl-0.9.8zf.patch
4) cd ..
5) ./Install.sh
diff --git a/CryptoPkg/License.txt b/CryptoPkg/License.txt
new file mode 100644
index 0000000..be68999
--- /dev/null
+++ b/CryptoPkg/License.txt
@@ -0,0 +1,25 @@
+Copyright (c) 2012, Intel Corporation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+* Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
