2 files changed, 19 insertions, 14 deletions

diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
index 6f2582a..79feff7 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
@@ -28,7 +28,7 @@ SRC_URI = "\
     file://Don-t-build-PreLoader.efi.patch \
     file://Reuse-xxdi.pl.patch \
     file://Add-static-keyword-for-IsValidVariableHeader.patch \
-    file://Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch \
+    file://Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch \
     file://0001-console.c-Fix-compilation-against-latest-usr-include.patch \
 "
 SRCREV = "392836a46ce3c92b55dc88a1aebbcfdfc5dcddce"
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch
index 5236893..7424a0c 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch
@@ -1,26 +1,29 @@
-From ae36390629bd9c92cb732800a341f04ca11cd9c7 Mon Sep 17 00:00:00 2001
+From 0b579e0382ac86d6a6a72bbd5898cee75457922e Mon Sep 17 00:00:00 2001
 From: Lans Zhang <jia.zhang@windriver.com>
 Date: Wed, 16 Aug 2017 22:59:12 +0800
-Subject: [PATCH] Dynamically load openssl.cnf for openssl-1.0.x and 1.1.x
+Subject: [PATCH] Dynamically load openssl.cnf for openssl-1.0.x/1.1.x/3.0
 
 Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 ---
- Make.rules | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
+ Make.rules | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
 
 diff --git a/Make.rules b/Make.rules
-index 38c7a22..69c57cb 100644
+index b90c4d3..faf2ae4 100644
 --- a/Make.rules
 +++ b/Make.rules
-@@ -117,13 +117,23 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec
+@@ -116,13 +116,27 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec
         $(CC) -S $(INCDIR) $(cflags) $(cppflags) -fno-toplevel-reorder -DBUILD_EFI -c $< -o $@
  
  %.crt:
 -       $(OPENSSL) req -new -x509 -newkey rsa:2048 -subj "/CN=$*/" -keyout $*.key -out $@ -days 3650 -nodes -sha256
-+       @if [ -s "$(OPENSSL_LIB)/ssl/openssl.cnf" ]; then \
-+           cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \
-+       else \
++       @if [ -s "$(OPENSSL_LIB)/ssl-3/openssl.cnf" ]; then \
++           cfg="$(OPENSSL_LIB)/ssl-3/openssl.cnf"; \
++       elif [ -s "$(OPENSSL_LIB)/ssl-1.1/openssl.cnf" ]; then \
 +           cfg="$(OPENSSL_LIB)/ssl-1.1/openssl.cnf"; \
++       else \
++           cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \
 +       fi; \
 +       $(OPENSSL) req -config $$cfg -new -x509 -newkey rsa:2048 -subj "/CN=$*/" -keyout $*.key -out $@ -days 3650 -nodes -sha256
  
@@ -29,15 +32,17 @@ index 38c7a22..69c57cb 100644
  
  %-subkey.csr:
 -       $(OPENSSL) req -new -newkey rsa:2048 -keyout $*-subkey.key -subj "/CN=Subkey $* of KEK/" -out $@ -nodes
-+       @if [ -s "$(OPENSSL_LIB)/ssl/openssl.cnf" ]; then \
-+           cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \
-+       else \
++       @if [ -s "$(OPENSSL_LIB)/ssl-3/openssl.cnf" ]; then \
++           cfg="$(OPENSSL_LIB)/ssl-3/openssl.cnf"; \
++       elif [ -s "$(OPENSSL_LIB)/ssl-1.1/openssl.cnf" ]; then \
 +           cfg="$(OPENSSL_LIB)/ssl-1.1/openssl.cnf"; \
++       else \
++           cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \
 +       fi; \
 +       $(OPENSSL) req -config $$cfg -new -newkey rsa:2048 -keyout $*-subkey.key -subj "/CN=Subkey $* of KEK/" -out $@ -nodes
  
  %-subkey.crt: %-subkey.csr KEK.crt
         $(OPENSSL) x509 -req -in $< -CA DB.crt -CAkey DB.key -set_serial 1 -out $@ -days 365
 -- 
-2.7.5
+2.17.1