New upstream version 13~git1505328970.9c1c35c5

parent 25f7fd1f
......@@ -2,6 +2,7 @@
certdb
shim_cert.h
*.a
*.CSV
*.cer
*.crl
*.crt
......
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/..
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/../Include/
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto
-I/usr/lib/gcc/x86_64-redhat-linux/7/include
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/../Include
-I/usr/include/efi
-I/usr/include/efi/x86_64
-I/usr/include/efi/protocol
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/asn1
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/evp
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/modes
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/include
-DL_ENDIAN
-D_CRT_SECURE_NO_DEPRECATE
-D_CRT_NONSTDC_NO_DEPRECATE
-DOPENSSL_SMALL_FOOTPRINT
-DPEDANTIC
-ggdb
-O0
-fno-stack-protector
-fno-strict-aliasing
-fpic
-fshort-wchar
-Wall
-Wsign-compare
-Werror
-fno-builtin
-Werror=sign-compare
-ffreestanding
-std=gnu89
-I/usr/lib/gcc/x86_64-redhat-linux/7/include
-nostdinc
-I/home/pjones/devel/github.com/shim/master/Cryptlib
-I/home/pjones/devel/github.com/shim/master/Cryptlib/Include
-I/usr/include/efi
-I/usr/include/efi/x86_64
-I/usr/include/efi/protocol
-I/home/pjones/devel/github.com/shim/master/include
-iquote
/home/pjones/devel/github.com/shim/master
-iquote
/home/pjones/devel/github.com/shim/master
-mno-mmx
-mno-sse
-mno-red-zone
-nostdinc
-maccumulate-outgoing-args
-DEFI_FUNCTION_WRAPPER
-DGNU_EFI_USE_MS_ABI
-DNO_BUILTIN_VA_FUNCS
-DMDE_CPU_X64
-DPAGE_SIZE=4096
It's pretty straightforward:
cp $MY_DER_ENCODED_CERT pub.cer
make VENDOR_CERT_FILE=pub.cer
make EFIDIR=my_esp_dir_name install
There are a couple of ways to customize the build:
Install targets:
- install
installs shim as if to a hard drive, including installing MokManager and
fallback appropriately.
- install-as-data
installs shim files to /usr/share/shim/$(EFI_ARCH)-$(VERSION)/
Variables you should set to customize the build:
- EFIDIR
This is the name of the ESP directory. The install targets won't work
without it.
- DESTDIR
This will be prepended to any install targets, so you don't have to
install to a live root directory.
- DEFAULT_LOADER
defaults to \\\\grub$(EFI_ARCH).efi , but you could set it to whatever.
Be careful with the leading backslashes, they can be hard to get
correct.
Variables you could set to customize the build:
- ENABLE_SHIM_CERT
if this variable is defined one the make command line, shim will
generate keys during the build and sign MokManager and fallback with
them, and the signed version will be what gets installed with the
install targets
- ENABLE_HTTPBOOT
build support for http booting
- ARCH
This allows you to do a build for a different arch that we support. For
instance, on x86_64 you could do "setarch linux32 make ARCH=ia32" to get
the ia32 build instead. (DEFAULT_LOADER will be automatically adjusted
in that case.)
- TOPDIR
You can use this along with make -f to build in a subdir. For instance,
on an x86_64 machine you could do:
mkdir build-ia32 build-x64 inst
cd build-ia32
setarch linux32 make TOPDIR=.. ARCH=ia32 -f ../Makefile
setarch linux32 make TOPDIR=.. ARCH=ia32 \
DESTDIR=../inst EFIDIR=debian \
-f ../Makefile install
cd ../build-x64
make TOPDIR=.. -f ../Makefile
make TOPDIR=.. DESTDIR=../inst EFIDIR=debian \
-f ../Makefile install
That would get you x86_64 and ia32 builds in the "inst" subdir.
- OSLABEL
This is the label that will be put in BOOT$(EFI_ARCH).CSV for your OS.
By default this is the same value as EFIDIR .
# vim:filetype=mail:tw=74
diff --git a/Cryptlib/Include/openssl/e_os2.h b/Cryptlib/Include/openssl/e_os2.h
index 99ea347..f11cffe 100644
--- a/Cryptlib/Include/openssl/e_os2.h
+++ b/Cryptlib/Include/openssl/e_os2.h
@@ -234,6 +234,7 @@ extern "C" {
/* Standard integer types */
# if defined(OPENSSL_SYS_UEFI)
+#include <efi.h>
typedef INT8 int8_t;
typedef UINT8 uint8_t;
typedef INT16 int16_t;
diff --git a/Cryptlib/SysCall/BaseMemAllocation.c b/Cryptlib/SysCall/BaseMemAllocation.c
index f390e0d..65e9938 100644
index 68bc25a..1abe78e 100644
--- a/Cryptlib/SysCall/BaseMemAllocation.c
+++ b/Cryptlib/SysCall/BaseMemAllocation.c
@@ -33,7 +33,7 @@ void *realloc (void *ptr, size_t size)
@@ -32,7 +32,7 @@ void *realloc (void *ptr, size_t size)
// BUG: hardcode OldSize == size! We have no any knowledge about
// memory size of original pointer ptr.
//
......@@ -23,33 +11,8 @@ index f390e0d..65e9938 100644
}
/* De-allocates or frees a memory block */
diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c
index 20c9656..7878953 100644
--- a/Cryptlib/SysCall/CrtWrapper.c
+++ b/Cryptlib/SysCall/CrtWrapper.c
@@ -371,20 +371,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream)
return 0;
}
-//
-// -- Dummy OpenSSL Support Routines --
-//
-
-int BIO_printf (void *bio, const char *format, ...)
-{
- return 0;
-}
-
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-{
- return 0;
-}
-
#ifdef __GNUC__
typedef
diff --git a/Cryptlib/SysCall/TimerWrapper.c b/Cryptlib/SysCall/TimerWrapper.c
index 581b8fb..04fe4ef 100644
index 805e6b4..bb7bcba 100644
--- a/Cryptlib/SysCall/TimerWrapper.c
+++ b/Cryptlib/SysCall/TimerWrapper.c
@@ -13,9 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
......@@ -57,12 +20,12 @@ index 581b8fb..04fe4ef 100644
**/
-#include <Uefi.h>
#include <CrtLibSupport.h>
#include <OpenSslSupport.h>
-#include <Library/UefiRuntimeServicesTableLib.h>
//
// -- Time Management Routines --
@@ -79,7 +77,7 @@ time_t time (time_t *timer)
@@ -78,7 +76,7 @@ time_t time (time_t *timer)
//
// Get the current time and date information
//
......@@ -71,3 +34,24 @@ index 581b8fb..04fe4ef 100644
//
// Years Handling
diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c
index fb446b6..5a8322d 100644
--- a/Cryptlib/SysCall/CrtWrapper.c
+++ b/Cryptlib/SysCall/CrtWrapper.c
@@ -293,16 +293,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream)
// -- Dummy OpenSSL Support Routines --
//
-int BIO_printf (void *bio, const char *format, ...)
-{
- return 0;
-}
-
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-{
- return 0;
-}
-
void *UI_OpenSSL(void)
{
return NULL;
/** @file
HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
......@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/**
Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
(NOTE: This API is deprecated.
Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.)
Return zero to indicate this interface is not supported.
......@@ -34,42 +32,6 @@ HmacMd5GetContextSize (
return 0;
}
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
Return NULL to indicate this interface is not supported.
@retval NULL This interface is not supported.
**/
VOID *
EFIAPI
HmacMd5New (
VOID
)
{
ASSERT (FALSE);
return NULL;
}
/**
Release the specified HMAC_CTX context.
This function will do nothing.
@param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
**/
VOID
EFIAPI
HmacMd5Free (
IN VOID *HmacMd5Ctx
)
{
ASSERT (FALSE);
return;
}
/**
Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
subsequent use.
......
/** @file
HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
......@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/**
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
(NOTE: This API is deprecated.
Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operations.)
Return zero to indicate this interface is not supported.
......@@ -34,42 +32,6 @@ HmacSha1GetContextSize (
return 0;
}
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
Return NULL to indicate this interface is not supported.
@return NULL This interface is not supported..
**/
VOID *
EFIAPI
HmacSha1New (
VOID
)
{
ASSERT (FALSE);
return NULL;
}
/**
Release the specified HMAC_CTX context.
This function will do nothing.
@param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
**/
VOID
EFIAPI
HmacSha1Free (
IN VOID *HmacSha1Ctx
)
{
ASSERT (FALSE);
return;
}
/**
Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
subsequent use.
......
/** @file
HMAC-SHA256 Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
......@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/**
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
(NOTE: This API is deprecated.
Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.)
Return zero to indicate this interface is not supported.
......@@ -34,42 +32,6 @@ HmacSha256GetContextSize (
return 0;
}
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
Return NULL to indicate this interface is not supported.
@return NULL This interface is not supported..
**/
VOID *
EFIAPI
HmacSha256New (
VOID
)
{
ASSERT (FALSE);
return NULL;
}
/**
Release the specified HMAC_CTX context.
This function will do nothing.
@param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
**/
VOID
EFIAPI
HmacSha256Free (
IN VOID *HmacSha256Ctx
)
{
ASSERT (FALSE);
return;
}
/**
Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for
subsequent use.
......
/** @file
Root include file of C runtime library to support building the third-party
cryptographic library.
Root include file to support building OpenSSL Crypto Library.
Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
......@@ -13,8 +12,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __CRT_LIB_SUPPORT_H__
#define __CRT_LIB_SUPPORT_H__
#ifndef __OPEN_SSL_SUPPORT_H__
#define __OPEN_SSL_SUPPORT_H__
#include <efi.h>
#include <efilib.h>
......@@ -29,9 +28,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
*/
#include <stddef.h>
#define OPENSSLDIR ""
#define ENGINESDIR ""
#define CONST const
//
......@@ -173,14 +169,27 @@ typedef CHAR8 *VA_LIST;
#endif
//
// Definitions for global constants used by CRT library routines
// #defines from EFI Application Toolkit required to buiild Open SSL
//
#define ENOMEM 12 /* Cannot allocate memory */
#define EINVAL 22 /* Invalid argument */
#define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */
#define LONG_MAX 0X7FFFFFFFL /* max value for a long */
#define LONG_MIN (-LONG_MAX-1) /* min value for a long */
#define ULONG_MAX 0xFFFFFFFF /* Maximum unsigned long value */
#define CHAR_BIT 8 /* Number of bits in a char */
#define BUFSIZ 1024 /* size of buffer used by setbuf */
#define INT_MAX 2147483647 /* max value for an int */
#define INT_MIN (-2147483647-1) /* min value for an int */
#define LONG_MAX 2147483647L /* max value for a long */
#define LONG_MIN (-2147483647-1) /* min value for a long */
#define ULONG_MAX 0xffffffff /* max value for an unsigned long */
#define LOG_DAEMON (3<<3) /* system daemons */