decoding.

Blibbet Fri, 05 Jun 2015 12:59:54 -0700

Has there been any thought to upstream the libOpenSSL changes?

It would be nice to be able to grab a current OpenSSL tarball and have
it include UEFI support, and not have to patch it each time. Having the
patches in truck also makes the main OpenSSL developers aware of how
their changes impact UEFI-centric codepaths, which they are currently
blind to.


The previous OpenSSL patch was apparently not acceptable to them. I hope
some consideration has been made for this patch.

Thanks,
Lee

On 06/05/2015 09:11 AM, Long, Qin wrote:
> Copy that. Thanks biesheuvel.
> I will double-check the GCC building.
>
>
> Best Regards & Thanks,
> LONG, Qin
>
> -----Original Message-----
> From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org]
> Sent: Friday, June 5, 2015 5:20 PM
> To: edk2-devel@lists.sourceforge.net
> Subject: Re: [edk2] [patch 3/3] [CryptoPkg] Updates some support
header files and wrapper files to support openssl-1.0.2a build, and
correct some openssl API usages when handling ASN.1 en/decoding.
>
> Hello Long Qin,
>
> This patch breaks the build on GCC due to UINT8* variables being
passed as 'const unsigned char*' parameters.
> Please see below.
>
> On 5 June 2015 at 03:06, qlong <qin.l...@intel.com> wrote:
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Long Qin <qin.l...@intel.com>
>> Signed-off-by: qlong <qin.l...@intel.com>
>> ---
>>  CryptoPkg/Include/OpenSslSupport.h                    |  8 +++++++-
>>  CryptoPkg/Include/memory.h                            | 16
++++++++++++++++
>>  CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c |  6 ++++--
>>  CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c    | 10 +++++-----
>>  CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c  |  9 +++++----
>>  CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c           | 10 +++++++---
>>  CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c         |  6 ++++--
>>  7 files changed, 48 insertions(+), 17 deletions(-)  create mode
>> 100644 CryptoPkg/Include/memory.h
>>
> [...]
>> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
>> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
>> index 4ce2b06..9ace5e6 100644
>> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
>> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
>> @@ -9,7 +9,7 @@
>>    AuthenticodeVerify() will get PE/COFF Authenticode and will do
basic check for
>>    data structure.
>>
>> -Copyright (c) 2011 - 2014, Intel Corporation. All rights
>> reserved.<BR>
>> +Copyright (c) 2011 - 2015, Intel Corporation. All rights
>> +reserved.<BR>
>>  This program and the accompanying materials  are licensed and made
>> available under the terms and conditions of the BSD License  which
>> accompanies this distribution.  The full text of the license may be
>> found at @@ -72,6 +72,7 @@ AuthenticodeVerify (  {
>>    BOOLEAN      Status;
>>    PKCS7        *Pkcs7;
>> +  UINT8        *Temp;
>
> CONST UINT8 *Temp;
>
>>    CONST UINT8  *OrigAuthData;
>>    UINT8        *SpcIndirectDataContent;
>>    UINT8        Asn1Byte;
>> @@ -96,7 +97,8 @@ AuthenticodeVerify (
>>    //
>>    // Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode
Signature
>>    //
>> -  Pkcs7 = d2i_PKCS7 (NULL, &AuthData, (int)DataSize);
>> +  Temp  = (UINT8 *)AuthData;
>> +  Pkcs7 = d2i_PKCS7 (NULL, &Temp, (int)DataSize);
>>    if (Pkcs7 == NULL) {
>>      goto _Exit;
>>    }
>
> [...]
>
>> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
>> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
>> index a9665d5..06e4bb2 100644
>> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
>> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
> [...]
>> @@ -618,7 +618,8 @@ Pkcs7Verify (
>>    //
>>    // Read DER-encoded root certificate and Construct X509 Certificate
>>    //
>> -  Cert = d2i_X509 (NULL, &TrustedCert, (long) CertLength);
>> +  Temp = (UINT8 *)TrustedCert;
>> +  Cert = d2i_X509 (NULL, &Temp, (long) CertLength);
>
> Same here: temp should be declared as CONST UINT8*
>
>>    if (Cert == NULL) {
>>      goto _Exit;
>>    }
> [...]
>> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
>> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
>> index e4b5a84..7456755 100644
>> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
>> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
> [...]
>> @@ -441,6 +441,7 @@ TimestampTokenVerify (
>>    CONST UINT8  *TokenTemp;
>>    PKCS7        *Pkcs7;
>>    X509         *Cert;
>> +  UINT8        *CertTemp;
>
> Same here
>
>>    X509_STORE   *CertStore;
>>    BIO          *OutBio;
>>    UINT8        *TstData;
>> @@ -490,7 +491,8 @@ TimestampTokenVerify (
>>    //
>>    // Read the trusted TSA certificate (DER-encoded), and Construct
X509 Certificate.
>>    //
>> -  Cert = d2i_X509 (NULL, &TsaCert, (long) CertSize);
>> +  CertTemp = (UINT8 *)TsaCert;
>> +  Cert = d2i_X509 (NULL, &CertTemp, (long) CertSize);
>>    if (Cert == NULL) {
>>      goto _Exit;
>>    }
> [...]
>> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
>> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
>> index 29efc42..66f79da 100644
>> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
>> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
>> @@ -1,7 +1,7 @@
>>  /** @file
>>    X.509 Certificate Handler Wrapper Implementation over OpenSSL.
>>
>> -Copyright (c) 2010 - 2014, Intel Corporation. All rights
>> reserved.<BR>
>> +Copyright (c) 2010 - 2015, Intel Corporation. All rights
>> +reserved.<BR>
>>  This program and the accompanying materials  are licensed and made
>> available under the terms and conditions of the BSD License  which
>> accompanies this distribution.  The full text of the license may be
>> found at @@ -39,6 +39,7 @@ X509ConstructCertificate (
>>    )
>>  {
>>    X509     *X509Cert;
>> +  UINT8    *Temp;
>
> ... and here
>
>>
>>    //
>>    // Check input parameters.
>> @@ -50,7 +51,8 @@ X509ConstructCertificate (
>>    //
>>    // Read DER-encoded X509 Certificate and Construct X509 object.
>>    //
>> -  X509Cert = d2i_X509 (NULL, &Cert, (long) CertSize);
>> +  Temp     = (UINT8 *)Cert;
>> +  X509Cert = d2i_X509 (NULL, &Temp, (long) CertSize);
>>    if (X509Cert == NULL) {
>>      return FALSE;
>>    }
>
>
> Thanks,
> Ard.
>
>
------------------------------------------------------------------------------
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/edk2-devel
>
>
------------------------------------------------------------------------------
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/edk2-devel
>


------------------------------------------------------------------------------
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Re: [edk2] [patch 3/3] [CryptoPkg] Updates some support header files and wrapper files to support openssl-1.0.2a build, and correct some openssl API usages when handling ASN.1 en/decoding.

Reply via email to