dce03c46aa
Update the supported OpenSSL version to the latest 1.1.0g (02-Nov-2017). The changes includes: - Re-generate the OpensslLib[crypto].inf using process_files.pl script to reflect the openssl source changes. - Update OpenSSL-HOWTO.txt - On Visual Studio Build: adding "/wd4819" to disable one addition build warning issue, which was already fixed in OpenSSL-HEAD https://github.com/openssl/openssl/pull/4691. - On GCC Build: openssl-1.1.0g introduced one additional build warning: ...\openssl\crypto\asn1\x_int64.c:105:32: error: format '%ld' expects argument of type 'long int', but argument 3 has type 'int64_t {aka long long int}' [-Werror=format=] return BIO_printf(out, "%"BIO_PRI64"d\n", **(int64_t **)pval); ^ Adding "-Wno-error=format" to GCC build flag to suppress this warning, since we have no real printf usage in BaseCryptLib, and BIO_printf() was already wrappered as the dummy implementation in CryptoPkg. Cc: Ye Ting <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Long Qin <qin.long@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
54 lines
2.9 KiB
Plaintext
54 lines
2.9 KiB
Plaintext
|
|
=============================================================================
|
|
Introduction
|
|
=============================================================================
|
|
OpenSSL is a well-known open source implementation of SSL/TLS protocols.
|
|
The core library implements the cryptographic and SSL/TLS functions and
|
|
also provides various utility functions. The OpenSSL library is widely used
|
|
in variety of security products development as base crypto provider.
|
|
(See http://www.openssl.org/ for more information about OpenSSL).
|
|
UEFI (Unified Extensible Firmware Interface) is a specification detailing
|
|
the interfaces between OS and platform firmware. Several security features
|
|
were introduced (e.g. Authenticated Variable Service, Driver Signing, etc)
|
|
from UEFI 2.2 (http://www.uefi.org/). These security features highly depend
|
|
on the cryptography.
|
|
This HOWTO documents OpenSSL building under UEFI/EDKII environment.
|
|
|
|
=============================================================================
|
|
OpenSSL-Version
|
|
=============================================================================
|
|
EDKII supports building with the latest release of OpenSSL.
|
|
The latest official release is OpenSSL-1.1.0g (Released at 2017-Nov-02).
|
|
NOTE: Only latest release version was fully validated.
|
|
And no guarantees on build & functionality if using other versions.
|
|
|
|
=============================================================================
|
|
HOW to Install OpenSSL for UEFI Building
|
|
=============================================================================
|
|
1. Clone the latest official OpenSSL release into the directory
|
|
CryptoPkg/Library/OpensslLib/openssl/
|
|
|
|
Use OpenSSL-1.1.0g release as one example:
|
|
(OpenSSL_1_1_0g below is the tag name for the OpenSSL-1.1.0g release)
|
|
> cd CryptoPkg/Library/OpensslLib
|
|
> git clone -b OpenSSL_1_1_0g https://github.com/openssl/openssl openssl
|
|
or
|
|
> git clone https://github.com/openssl/openssl openssl
|
|
> git checkout OpenSSL_1_1_0g
|
|
Or
|
|
2. Download the latest OpenSSL release package from the official website:
|
|
https://www.openssl.org/source/
|
|
and unpack the OpenSSL source into:
|
|
CryptoPkg/Library/OpensslLib/openssl/
|
|
|
|
=============================================================================
|
|
About process_files.pl
|
|
=============================================================================
|
|
"process_files.pl" is one Perl script which runs the OpenSSL Configure,
|
|
then processes the resulting file list into our local OpensslLib.inf and
|
|
OpensslLibCrypto.inf.
|
|
This only needs to be done once by the maintainer / developer when
|
|
updating to a new version of OpenSSL (or changing options, etc.).
|
|
Normal users do not need do this, since the results are already stored in
|
|
the EDKII git repository for them.
|