efi-boot-shim.git/Cryptlib, branch latest-release

Cryptlib: replace CryptPem with the Null version

2017-04-11T14:42:19+00:00

CryptPem only provides one function: RsaGetPrivateKeyFromPem(). Since we don't need to retrieve any private key, it's safe to disable the function. Signed-off-by: Gary Lin

Cryptlib: remove DES

2017-04-11T14:42:19+00:00

Disable DES completely since it's already old and insecure. This makes MokManager not support the DES based password hash but probably no one is using it. Signed-off-by: Gary Lin

Cryptlib: Remove MD4

2017-04-11T14:42:19+00:00

MD4 is known to be insecure and shim never uses it. Signed-off-by: Gary Lin

Cryptlib: implement strcmp() and strcasecmp()

2017-04-11T14:42:19+00:00

strcmp() and strcasecmp() are widely used in openssl. Implement those two functions to eliminate the gcc warnings and the potential crash. Signed-off-by: Gary Lin

Cryptlib: amend the headers and fix signness

2017-04-11T14:42:19+00:00

- Declare some functions in the proper headers + We missed them for a long time... - Cast offsetof to UINTN + The original casting triggers the gcc warning since int can not present the offset for the 64bit machines. - Cast the "char" array to "CHAR8 *" to avoid the gcc warnings - Implement atoi correctly Signed-off-by: Gary Lin

Cryptlib: Include stddef.h in CrtLibSupport.h

2017-04-11T14:42:19+00:00

The changes in the openssl headers cause the inclusion of CrtLibSupport.h eariler than the inclusion of stddef.h, so "offsetof" was defined twice and this caused the followling build error: In file included from Cryptlib/Include/openssl/buffer.h:23:0, from Cryptlib/Include/openssl/x509.h:22, from shim.c:56: /usr/lib64/gcc/x86_64-suse-linux/6/include/stddef.h:417:0: error: "offsetof" redefined [-Werror] #define offsetof(TYPE, MEMBER) __builtin_offsetof (TYPE, MEMBER) In file included from Cryptlib/Include/limits.h:15:0, from Cryptlib/Include/openssl/ossl_typ.h:13, from Cryptlib/Include/openssl/x509.h:20, from shim.c:56: Cryptlib/Include/CrtLibSupport.h:192:0: note: this is the location of the previous definition #define offsetof(type, member) ( (int) & ((type*)0) -> member ) We can lower the priority of the gcc include path or just remove the path, but this might cause problem since the path was introduced on purpose(*). Instead, including stddef.h first is more feasible. (*) https://github.com/rhinstaller/shim/commit/d51739a416400ad348d8a1c7e3886abce11fff1b Signed-off-by: Gary Lin

Cryptlib/OpenSSL: update to openssl 1.1.0e

2017-04-11T14:42:18+00:00

- Delete the old openssl files and use the script to copy the new files - Add "-DNO_SYSLOG" to CFLAGS and add crypto/include to the include path Signed-off-by: Gary Lin

Cryptlib/OpenSSL: Update the script to copy the new openssl files

2017-04-11T14:42:18+00:00

- Update update.sh to copy the openssl 1.1.0 source files - Refresh the supplemental patch to reflect the change Signed-off-by: Gary Lin

Cryptlib: Update to the latest edk2 commit

2017-04-11T14:42:18+00:00

- Update to edk2 commit 7c410b3d4180087020c7734bf67cdc4ad9fdb136 CryptoPkg/BaseCryptLib: Adding NULL checking in time() wrapper. - Update headers in Cryptlib/Include/openssl/ to 1.1.0e + Also copy the openssl internal headers Signed-off-by: Gary Lin

Cryptlib: Amend update.sh and refresh Cryptlib.diff

2017-04-11T14:42:18+00:00

- Remove the openssl version from update.sh since edk2 doesn't use the version number in the directory name anymore. - Refresh Cryptlib.diff to reflect the change Signed-off-by: Gary Lin