From 3fa3fc6dcb41fb6392de84154445502d0668153c Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Wed, 20 Oct 2021 16:57:23 +0800 Subject: [PATCH] efitools: fix openssl.cnf path for openssl 3.0 Fix openssl.cnf path for openssl 3.0 to make sure openssl command can find it. Signed-off-by: Yi Zhao --- .../recipes-bsp/efitools/efitools.inc | 2 +- ...openssl.cnf-for-openssl-1.0.x-1.1.x.patch} | 31 +++++++++++-------- 2 files changed, 19 insertions(+), 14 deletions(-) rename meta-efi-secure-boot/recipes-bsp/efitools/efitools/{Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch => Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch} (64%) diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc index 6f2582a..79feff7 100644 --- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc +++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc @@ -28,7 +28,7 @@ SRC_URI = "\ file://Don-t-build-PreLoader.efi.patch \ file://Reuse-xxdi.pl.patch \ file://Add-static-keyword-for-IsValidVariableHeader.patch \ - file://Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch \ + file://Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch \ file://0001-console.c-Fix-compilation-against-latest-usr-include.patch \ " SRCREV = "392836a46ce3c92b55dc88a1aebbcfdfc5dcddce" diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch similarity index 64% rename from meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch rename to meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch index 5236893..7424a0c 100644 --- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch +++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch @@ -1,26 +1,29 @@ -From ae36390629bd9c92cb732800a341f04ca11cd9c7 Mon Sep 17 00:00:00 2001 +From 0b579e0382ac86d6a6a72bbd5898cee75457922e Mon Sep 17 00:00:00 2001 From: Lans Zhang Date: Wed, 16 Aug 2017 22:59:12 +0800 -Subject: [PATCH] Dynamically load openssl.cnf for openssl-1.0.x and 1.1.x +Subject: [PATCH] Dynamically load openssl.cnf for openssl-1.0.x/1.1.x/3.0 Signed-off-by: Lans Zhang +Signed-off-by: Yi Zhao --- - Make.rules | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) + Make.rules | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/Make.rules b/Make.rules -index 38c7a22..69c57cb 100644 +index b90c4d3..faf2ae4 100644 --- a/Make.rules +++ b/Make.rules -@@ -117,13 +117,23 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec +@@ -116,13 +116,27 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec $(CC) -S $(INCDIR) $(cflags) $(cppflags) -fno-toplevel-reorder -DBUILD_EFI -c $< -o $@ %.crt: - $(OPENSSL) req -new -x509 -newkey rsa:2048 -subj "/CN=$*/" -keyout $*.key -out $@ -days 3650 -nodes -sha256 -+ @if [ -s "$(OPENSSL_LIB)/ssl/openssl.cnf" ]; then \ -+ cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \ -+ else \ ++ @if [ -s "$(OPENSSL_LIB)/ssl-3/openssl.cnf" ]; then \ ++ cfg="$(OPENSSL_LIB)/ssl-3/openssl.cnf"; \ ++ elif [ -s "$(OPENSSL_LIB)/ssl-1.1/openssl.cnf" ]; then \ + cfg="$(OPENSSL_LIB)/ssl-1.1/openssl.cnf"; \ ++ else \ ++ cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \ + fi; \ + $(OPENSSL) req -config $$cfg -new -x509 -newkey rsa:2048 -subj "/CN=$*/" -keyout $*.key -out $@ -days 3650 -nodes -sha256 @@ -29,15 +32,17 @@ index 38c7a22..69c57cb 100644 %-subkey.csr: - $(OPENSSL) req -new -newkey rsa:2048 -keyout $*-subkey.key -subj "/CN=Subkey $* of KEK/" -out $@ -nodes -+ @if [ -s "$(OPENSSL_LIB)/ssl/openssl.cnf" ]; then \ -+ cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \ -+ else \ ++ @if [ -s "$(OPENSSL_LIB)/ssl-3/openssl.cnf" ]; then \ ++ cfg="$(OPENSSL_LIB)/ssl-3/openssl.cnf"; \ ++ elif [ -s "$(OPENSSL_LIB)/ssl-1.1/openssl.cnf" ]; then \ + cfg="$(OPENSSL_LIB)/ssl-1.1/openssl.cnf"; \ ++ else \ ++ cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \ + fi; \ + $(OPENSSL) req -config $$cfg -new -newkey rsa:2048 -keyout $*-subkey.key -subj "/CN=Subkey $* of KEK/" -out $@ -nodes %-subkey.crt: %-subkey.csr KEK.crt $(OPENSSL) x509 -req -in $< -CA DB.crt -CAkey DB.key -set_serial 1 -out $@ -days 365 -- -2.7.5 +2.17.1