Not sure which version this is; let's call it v3 despite the fact that
I think it's actually the first time all this lot has been posted
together in a single coherent series.

All the OpenSSL fixes are filed in upstream RT and in my git tree at — and backported to
OpenSSL 1.0.2 in the OpenSSL_1_0_2-stable branch of the same repo.

This series cleans up a number of our outstanding OpenSSL patches to
match what's been submitted upstream, including the use of

It also cleans up places in our code where we access OpenSSL "internal"
structures which are going to be made opaque in OpenSSL 1.1 and
accessor functions should be used instead.

The build infrastructure is fixed to be more consistent with the way
that OpenSSL is usually built — all the OPENSSL_NO_xxx definitions are
moved into opensslconf.h, and the file list is properly synchronised
with the result of 'make files' in the suitably-configured OpenSSL

A script is provided which allows the opensslconf.h file and the list
of files in OpensslLib.inf to be automatically updated. This script is
not required during a normal build; it's only for when we update the
OpenSSL which is used by the EDK II repository.

Finally, we remove CryptoPkg/include/openssl and instead use the real
OpenSSL include directory. This Just Works on POSIX-compliant
platforms, and has symlinks to the original files. In OpenSSL 1.1 it'll
work even on Windows, as those files have been *moved* to the
include/openssl/ directory of the OpenSSL source tree. For the time
being, can die and Install.cmd is updated to copy the files
to $(OPENSSL_PATH)/include/openssl to work around Windows' lack of

Both the final commit (using OpenSSL HEAD) and the penultimate (still
using a patched 1.0.2d) have been build-tested for IA32 and X86 both
using GCC on Linux and VS2008 under Windows. And also using
MinGW32/MingGW64 under Linux, although the final link there fails due
to calls to __chkstk_ms (see GCC PR#67169).

Git tree at

David Woodhouse (16):
      CryptoPkg/BaseCryptLib: Add missing OpenSSL includes
      CryptoPkg/BaseCryptLib: Use i2d_X509_NAME() instead of abusing X509_NAME
      CryptoPkg/BaseCryptLib: Use accessor functions for X509_ATTRIBUTE
      CryptoPkg/BaseCryptLib: Use accessor functions for ASN1_OBJECT
      CryptoPkg/BaseCryptLib: Clean up checking of PKCS#7 contents type
      CryptoPkg/BaseCryptLib: Use X509_V_FLAG_PARTIAL_CHAIN
      CryptoPkg/BaseCryptLib: Use X509_V_FLAG_NO_CHECK_TIME
      CryptoPkg/OpensslLib: Undefine NO_BUILTIN_VA_FUNCS to fix varargs breakage
      CryptoPkg: Fix OpenSSL BN wordsize and OPENSSL_SYS_UEFI handling
      CryptoPkg/OpensslLib: Eliminate GETPID_IS_MEANINGLESS definition
      CryptoPkg/OpensslLib: Move OPENSSL_NO_xxx defines into opensslconf.h
      CryptoPkg: Use OpenSSL include directory directly
      CryptoPkg/OpensslLib: Include complete copy of opensslconf.h
      CryptoPkg/OpensslLib: Update OpenSSL patch
      CryptoPkg/OpensslLib: Automatically configure OpenSSL and generate file 
      CryptoPkg: Support building with OpenSSL HEAD (1.1.0-devel)

 CryptoPkg/CryptoPkg.dec                                               |   2 +
 CryptoPkg/Include/OpenSslSupport.h                                    |  26 ++
 CryptoPkg/Include/openssl/README                                      |   1 -
 CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h                     |  10 +-
 CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c                 |   7 +-
 CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c                           |   1 +
 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c                  |  94 
 CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c                     |   1 +
 CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c                       |   1 +
 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c                           | 102 
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c                         |  18 +-
 CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h |   8 -
 CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch               | 380 
 CryptoPkg/Library/OpensslLib/Install.cmd                              |  77 ---
 CryptoPkg/Library/OpensslLib/                               |  79 
 CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt                        |  44 ++
 CryptoPkg/Library/OpensslLib/OpensslLib.inf                           | 480 
 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt                          |  61 ---
 CryptoPkg/Library/OpensslLib/opensslconf.h                            | 488 
 CryptoPkg/Library/OpensslLib/                         |  38 ++
 20 files changed, 691 insertions(+), 1227 deletions(-)

David Woodhouse                            Open Source Technology Centre                              Intel Corporation

Attachment: smime.p7s
Description: S/MIME cryptographic signature

edk2-devel mailing list

Reply via email to