Skip to content

Update openssl 4.0.0 beta1 #204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Flickdm wants to merge 18 commits into
base: main
Choose a base branch
from
Draft

Update openssl 4.0.0 beta1 #204

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
004ce26
OpensslPkg/BaseCryptLib: Migrate CryptHmac.c from HMAC_CTX to EVP_MAC…
Flickdm Mar 22, 2026
8abd378
OpensslPkg/BaseCryptLib: Migrate RSA key context to EVP_PKEY APIs
Flickdm Mar 22, 2026
ed2f562
OpensslPkg/BaseCryptLib: Migrate RSA consumers to RSA_PKEY_CTX
Flickdm Mar 22, 2026
90c2fbe
OpensslPkg/BaseCryptLib: Migrate CryptEc.c to EVP_PKEY APIs
Flickdm Mar 22, 2026
30be470
OpensslPkg/BaseCryptLib: Migrate CryptDh.c to EVP_PKEY APIs
Flickdm Mar 22, 2026
6a2ff40
OpensslPkg/BaseCryptLib: Migrate CryptX509 to EVP_PKEY APIs
Flickdm Mar 22, 2026
f02840f
OpensslPkg/BaseCryptLib: Migrate CryptPem to EVP_PKEY APIs
Flickdm Mar 22, 2026
ef12600
OpensslPkg/BaseCryptLib: Remove OPENSSL_NO_DEPRECATED override
Flickdm Mar 31, 2026
f52eaf6
OpensslPkg/BaseCryptLib: Fix memory leak in RsaExtractBigNums
Flickdm Mar 24, 2026
668f836
OpensslPkg: Update openssl submodule to 4.0.0-beta1
Flickdm Mar 26, 2026
dc365bb
OpensslPkg: Regenerate OpensslGen for OpenSSL 4.0.0-beta1
Flickdm Mar 26, 2026
feafe52
OpensslPkg: Update configure.py for OpenSSL 4.0.0-beta1
Flickdm Mar 26, 2026
5b193e4
OpensslPkg: Update INFs for OpenSSL 4.0.0-beta1 sources
Flickdm Mar 26, 2026
5f05563
OpensslPkg: Add OpensslGen root to package include paths
Flickdm Mar 26, 2026
0b0acfa
OpensslPkg: Add CRT compat macros for OpenSSL 4.0
Flickdm Mar 26, 2026
a248618
OpensslPkg: Update BaseCryptLib for OpenSSL 4.0 API changes
Flickdm Mar 26, 2026
4d6955c
OpensslPkg: Update stubs for OpenSSL 4.0 API changes
Flickdm Mar 26, 2026
a60ea5f
OpensslPkg: Add C-compatible vsnprintf and sprintf wrappers
Flickdm Apr 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
247 changes: 187 additions & 60 deletions OpensslPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
View file
Open in desktop

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions OpensslPkg/Library/BaseCryptLib/InternalCryptLib.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent

#include "CrtLibSupport.h"

// MU_CHANGE [BEGIN]
// TODO: remove in near future to stop using deprecated OpenSSL APIs
#undef OPENSSL_NO_DEPRECATED // MU_CHANGE
#define OPENSSL_NO_DEPRECATED 0

// #define OPENSSL_NO_DEPRECATED 0
// MU_CHANGE [END]
#include <openssl/opensslv.h>

#if OPENSSL_VERSION_NUMBER < 0x10100000L
Expand Down
106 changes: 96 additions & 10 deletions OpensslPkg/Library/BaseCryptLib/Pem/CryptPem.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent

#include "InternalCryptLib.h"
#include <openssl/pem.h>
// MU_CHANGE [BEGIN]
#include <openssl/evp.h>
#include <openssl/core_names.h>
#include <openssl/objects.h>
#include "Pk/CryptRsaPkeyCtx.h"
#include "Pk/CryptEcPkeyCtx.h"
// MU_CHANGE [END]

/**
Callback function for password phrase conversion used for retrieving the encrypted PEM.
Expand Down Expand Up @@ -70,8 +77,13 @@ RsaGetPrivateKeyFromPem (
OUT VOID **RsaContext
)
{
BOOLEAN Status;
BIO *PemBio;
// MU_CHANGE [BEGIN]
BOOLEAN Status;
BIO *PemBio;
EVP_PKEY *Pkey;
RSA_PKEY_CTX *RsaPkeyCtx;

// MU_CHANGE [END]

//
// Check input parameters.
Expand All @@ -97,6 +109,7 @@ RsaGetPrivateKeyFromPem (
}

Status = FALSE;
Pkey = NULL; // MU_CHANGE

//
// Read encrypted PEM Data.
Expand All @@ -113,15 +126,36 @@ RsaGetPrivateKeyFromPem (
//
// Retrieve RSA Private Key from encrypted PEM data.
//
*RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *)&PasswordCallback, (void *)Password);
if (*RsaContext != NULL) {
Status = TRUE;
// MU_CHANGE [BEGIN]
Pkey = PEM_read_bio_PrivateKey (PemBio, NULL, (pem_password_cb *)&PasswordCallback, (void *)Password);
if ((Pkey == NULL) || (EVP_PKEY_id (Pkey) != EVP_PKEY_RSA)) {
goto _Exit;
}

RsaPkeyCtx = AllocateZeroPool (sizeof (RSA_PKEY_CTX));
if (RsaPkeyCtx != NULL) {
RsaPkeyCtx->Pkey = Pkey;
if (RsaExtractBigNums (RsaPkeyCtx, RsaPkeyCtx->Pkey)) {
Pkey = NULL;
*RsaContext = (VOID *)RsaPkeyCtx;
Status = TRUE;
} else {
RsaFree ((VOID *)RsaPkeyCtx);
}

// MU_CHANGE [END]
}

_Exit:
//
// Release Resources.
//
// MU_CHANGE [BEGIN]
if (Pkey != NULL) {
EVP_PKEY_free (Pkey);
}

// MU_CHANGE [END]
BIO_free (PemBio);

return Status;
Expand Down Expand Up @@ -153,8 +187,16 @@ EcGetPrivateKeyFromPem (
OUT VOID **EcContext
)
{
BOOLEAN Status;
BIO *PemBio;
// MU_CHANGE [BEGIN]
BOOLEAN Status;
BIO *PemBio;
EVP_PKEY *Pkey;
EC_PKEY_CTX *EcPkeyCtx;
CHAR8 CurveNameBuf[64];
UINTN CurveNameLen;
INT32 OpenSslNid;

// MU_CHANGE [END]

//
// Check input parameters.
Expand All @@ -180,6 +222,7 @@ EcGetPrivateKeyFromPem (
}

Status = FALSE;
Pkey = NULL; // MU_CHANGE

//
// Read encrypted PEM Data.
Expand All @@ -196,15 +239,58 @@ EcGetPrivateKeyFromPem (
//
// Retrieve EC Private Key from encrypted PEM data.
//
*EcContext = PEM_read_bio_ECPrivateKey (PemBio, NULL, (pem_password_cb *)&PasswordCallback, (void *)Password);
if (*EcContext != NULL) {
Status = TRUE;
// MU_CHANGE [BEGIN]
Pkey = PEM_read_bio_PrivateKey (PemBio, NULL, (pem_password_cb *)&PasswordCallback, (void *)Password);
if ((Pkey == NULL) || (EVP_PKEY_id (Pkey) != EVP_PKEY_EC)) {
goto _Exit;
}

CurveNameLen = sizeof (CurveNameBuf);
if (EVP_PKEY_get_utf8_string_param (
Pkey,
OSSL_PKEY_PARAM_GROUP_NAME,
CurveNameBuf,
CurveNameLen,
&CurveNameLen
) != 1)
{
goto _Exit;
}

//
// Convert OpenSSL curve group name to an internal NID.
// Try short-name lookup first (for example, "prime256v1"), then
// fall back to long-name lookup if the short name is not recognized.
//
OpenSslNid = OBJ_sn2nid (CurveNameBuf);
if (OpenSslNid == NID_undef) {
OpenSslNid = OBJ_ln2nid (CurveNameBuf);
}

if (OpenSslNid == NID_undef) {
goto _Exit;
}

EcPkeyCtx = AllocateZeroPool (sizeof (EC_PKEY_CTX));
if (EcPkeyCtx != NULL) {
EcPkeyCtx->Nid = OpenSslNid;
EcPkeyCtx->Pkey = Pkey;
Pkey = NULL;
*EcContext = (VOID *)EcPkeyCtx;
Status = TRUE;
// MU_CHANGE [END]
}

_Exit:
//
// Release Resources.
//
// MU_CHANGE [BEGIN]
if (Pkey != NULL) {
EVP_PKEY_free (Pkey);
}

// MU_CHANGE [END]
BIO_free (PemBio);

return Status;
Expand Down
2 changes: 1 addition & 1 deletion OpensslPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ AuthenticodeVerify (
goto _Exit;
}

SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data);
SpcIndirectDataContent = (UINT8 *)ASN1_STRING_get0_data (Pkcs7->d.sign->contents->d.other->value.asn1_string);

//
// Retrieve the SEQUENCE data size from ASN.1-encoded SpcIndirectDataContent.
Expand Down
Loading
Loading