diff options
Diffstat (limited to 'meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch')
-rw-r--r-- | meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch new file mode 100644 index 0000000..7424a0c --- /dev/null +++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From 0b579e0382ac86d6a6a72bbd5898cee75457922e Mon Sep 17 00:00:00 2001 | ||
2 | From: Lans Zhang <jia.zhang@windriver.com> | ||
3 | Date: Wed, 16 Aug 2017 22:59:12 +0800 | ||
4 | Subject: [PATCH] Dynamically load openssl.cnf for openssl-1.0.x/1.1.x/3.0 | ||
5 | |||
6 | Signed-off-by: Lans Zhang <jia.zhang@windriver.com> | ||
7 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
8 | --- | ||
9 | Make.rules | 18 ++++++++++++++++-- | ||
10 | 1 file changed, 16 insertions(+), 2 deletions(-) | ||
11 | |||
12 | diff --git a/Make.rules b/Make.rules | ||
13 | index b90c4d3..faf2ae4 100644 | ||
14 | --- a/Make.rules | ||
15 | +++ b/Make.rules | ||
16 | @@ -116,13 +116,27 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec | ||
17 | $(CC) -S $(INCDIR) $(cflags) $(cppflags) -fno-toplevel-reorder -DBUILD_EFI -c $< -o $@ | ||
18 | |||
19 | %.crt: | ||
20 | - $(OPENSSL) req -new -x509 -newkey rsa:2048 -subj "/CN=$*/" -keyout $*.key -out $@ -days 3650 -nodes -sha256 | ||
21 | + @if [ -s "$(OPENSSL_LIB)/ssl-3/openssl.cnf" ]; then \ | ||
22 | + cfg="$(OPENSSL_LIB)/ssl-3/openssl.cnf"; \ | ||
23 | + elif [ -s "$(OPENSSL_LIB)/ssl-1.1/openssl.cnf" ]; then \ | ||
24 | + cfg="$(OPENSSL_LIB)/ssl-1.1/openssl.cnf"; \ | ||
25 | + else \ | ||
26 | + cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \ | ||
27 | + fi; \ | ||
28 | + $(OPENSSL) req -config $$cfg -new -x509 -newkey rsa:2048 -subj "/CN=$*/" -keyout $*.key -out $@ -days 3650 -nodes -sha256 | ||
29 | |||
30 | %.cer: %.crt | ||
31 | $(OPENSSL) x509 -in $< -out $@ -outform DER | ||
32 | |||
33 | %-subkey.csr: | ||
34 | - $(OPENSSL) req -new -newkey rsa:2048 -keyout $*-subkey.key -subj "/CN=Subkey $* of KEK/" -out $@ -nodes | ||
35 | + @if [ -s "$(OPENSSL_LIB)/ssl-3/openssl.cnf" ]; then \ | ||
36 | + cfg="$(OPENSSL_LIB)/ssl-3/openssl.cnf"; \ | ||
37 | + elif [ -s "$(OPENSSL_LIB)/ssl-1.1/openssl.cnf" ]; then \ | ||
38 | + cfg="$(OPENSSL_LIB)/ssl-1.1/openssl.cnf"; \ | ||
39 | + else \ | ||
40 | + cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \ | ||
41 | + fi; \ | ||
42 | + $(OPENSSL) req -config $$cfg -new -newkey rsa:2048 -keyout $*-subkey.key -subj "/CN=Subkey $* of KEK/" -out $@ -nodes | ||
43 | |||
44 | %-subkey.crt: %-subkey.csr KEK.crt | ||
45 | $(OPENSSL) x509 -req -in $< -CA DB.crt -CAkey DB.key -set_serial 1 -out $@ -days 365 | ||
46 | -- | ||
47 | 2.17.1 | ||
48 | |||