[mirror_edk2.git] / CryptoPkg / Library / OpensslLib / EDKII_openssl-0.9.8l.patch

--- crypto/bio/bss_file.c	Thu Jan 15 17:14:12 1970\r
+++ crypto/bio/bss_file.c	Thu Jan 15 17:14:12 1970\r
@@ -421,6 +421,23 @@\r
 	return(ret);\r
 	}\r
 \r
+#else\r
+\r
+BIO_METHOD *BIO_s_file(void)\r
+	{\r
+	return NULL;\r
+	}\r
+\r
+BIO *BIO_new_file(const char *filename, const char *mode)\r
+	{\r
+	return NULL;\r
+	}\r
+\r
+BIO *BIO_new_fp(FILE *stream, int close_flag)\r
+	{\r
+	return NULL;\r
+	}\r
+\r
 #endif /* OPENSSL_NO_STDIO */\r
 \r
 #endif /* HEADER_BSS_FILE_C */\r
--- crypto/pkcs7/pk7_smime.c	2009-03-15 21:36:02.000000000 +0800\r
+++ crypto/pkcs7/pk7_smime.c	2011-09-13 14:11:36.019454700 +0800\r
@@ -88,7 +88,10 @@\r
 	if (!PKCS7_content_new(p7, NID_pkcs7_data))\r
 		goto err;\r
 \r
-	if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {\r
+  /* \r
+    NOTE: Update to SHA-256 digest algorithm for UEFI version.\r
+  */\r
+	if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {\r
 		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);\r
 		goto err;\r
 	}\r
--- crypto/rand/rand_egd.c	Thu Jan 15 17:14:12 1970\r
+++ crypto/rand/rand_egd.c	Thu Jan 15 17:14:12 1970\r
@@ -95,7 +95,7 @@\r
  *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.\r
  */\r
 \r
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)\r
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)\r
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)\r
 	{\r
 	return(-1);\r
--- crypto/rand/rand_unix.c	Thu Jan 15 17:14:12 1970\r
+++ crypto/rand/rand_unix.c	Thu Jan 15 17:14:12 1970\r
@@ -116,7 +116,7 @@\r
 #include <openssl/rand.h>\r
 #include "rand_lcl.h"\r
 \r
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))\r
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))\r
 \r
 #include <sys/types.h>\r
 #include <sys/time.h>\r
@@ -322,7 +322,7 @@\r
 #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */\r
 \r
 \r
-#if defined(OPENSSL_SYS_VXWORKS)\r
+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)\r
 int RAND_poll(void)\r
 	{\r
 	return 0;\r
--- crypto/x509/x509_vfy.c	Thu Jan 15 17:14:12 1970\r
+++ crypto/x509/x509_vfy.c	Thu Jan 15 17:14:12 1970\r
@@ -391,7 +391,12 @@\r
 \r
 static int check_chain_extensions(X509_STORE_CTX *ctx)\r
 {\r
-#ifdef OPENSSL_NO_CHAIN_VERIFY\r
+//#ifdef OPENSSL_NO_CHAIN_VERIFY\r
+#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)\r
+  /* \r
+    NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting\r
+          in Authenticode Signing Certificates. \r
+  */\r
 	return 1;\r
 #else\r
 	int i, ok=0, must_be_ca, plen = 0;\r
@@ -904,6 +909,10 @@\r
 \r
 static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r
 	{\r
+#if defined(OPENSSL_SYS_UEFI)\r
+  /* Bypass Certificate Time Checking for UEFI version. */\r
+  return 1;\r
+#else\r
 	time_t *ptime;\r
 	int i;\r
 \r
@@ -947,6 +956,7 @@\r
 		}\r
 \r
 	return 1;\r
+#endif  \r
 	}\r
 \r
 static int internal_verify(X509_STORE_CTX *ctx)\r
Commit	Line	Data
97f98500 HT	1	--- crypto/bio/bss_file.c Thu Jan 15 17:14:12 1970\r
	2	+++ crypto/bio/bss_file.c Thu Jan 15 17:14:12 1970\r
	3	@@ -421,6 +421,23 @@\r
	4	return(ret);\r
	5	}\r
	6	\r
	7	+#else\r
	8	+\r
	9	+BIO_METHOD *BIO_s_file(void)\r
	10	+ {\r
	11	+ return NULL;\r
	12	+ }\r
	13	+\r
	14	+BIO BIO_new_file(const char filename, const char *mode)\r
	15	+ {\r
	16	+ return NULL;\r
	17	+ }\r
	18	+\r
	19	+BIO BIO_new_fp(FILE stream, int close_flag)\r
	20	+ {\r
	21	+ return NULL;\r
	22	+ }\r
	23	+\r
	24	#endif /* OPENSSL_NO_STDIO */\r
	25	\r
	26	#endif /* HEADER_BSS_FILE_C */\r
a2d111ed	27	--- crypto/pkcs7/pk7_smime.c 2009-03-15 21:36:02.000000000 +0800\r
	28	+++ crypto/pkcs7/pk7_smime.c 2011-09-13 14:11:36.019454700 +0800\r
	29	@@ -88,7 +88,10 @@\r
	30	if (!PKCS7_content_new(p7, NID_pkcs7_data))\r
	31	goto err;\r
	32	\r
	33	- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {\r
	34	+ /* \r
	35	+ NOTE: Update to SHA-256 digest algorithm for UEFI version.\r
	36	+ */\r
	37	+ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {\r
	38	PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);\r
	39	goto err;\r
	40	}\r
97f98500 HT	41	--- crypto/rand/rand_egd.c Thu Jan 15 17:14:12 1970\r
	42	+++ crypto/rand/rand_egd.c Thu Jan 15 17:14:12 1970\r
	43	@@ -95,7 +95,7 @@\r
	44	* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.\r
	45	*/\r
	46	\r
	47	-#if defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE) \|\| defined(OPENSSL_SYS_VOS)\r
	48	+#if defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE) \|\| defined(OPENSSL_SYS_VOS) \|\| defined(OPENSSL_SYS_UEFI)\r
	49	int RAND_query_egd_bytes(const char path, unsigned char buf, int bytes)\r
	50	{\r
	51	return(-1);\r
	52	--- crypto/rand/rand_unix.c Thu Jan 15 17:14:12 1970\r
	53	+++ crypto/rand/rand_unix.c Thu Jan 15 17:14:12 1970\r
	54	@@ -116,7 +116,7 @@\r
	55	#include <openssl/rand.h>\r
	56	#include "rand_lcl.h"\r
	57	\r
	58	-#if !(defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_OS2) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE))\r
	59	+#if !(defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_OS2) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE) \|\| defined(OPENSSL_SYS_UEFI))\r
	60	\r
	61	#include <sys/types.h>\r
	62	#include <sys/time.h>\r
	63	@@ -322,7 +322,7 @@\r
	64	#endif /* !(defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_OS2) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE)) */\r
	65	\r
	66	\r
	67	-#if defined(OPENSSL_SYS_VXWORKS)\r
	68	+#if defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_UEFI)\r
	69	int RAND_poll(void)\r
	70	{\r
	71	return 0;\r
	72	--- crypto/x509/x509_vfy.c Thu Jan 15 17:14:12 1970\r
	73	+++ crypto/x509/x509_vfy.c Thu Jan 15 17:14:12 1970\r
	74	@@ -391,7 +391,12 @@\r
	75	\r
	76	static int check_chain_extensions(X509_STORE_CTX *ctx)\r
	77	{\r
	78	-#ifdef OPENSSL_NO_CHAIN_VERIFY\r
	79	+//#ifdef OPENSSL_NO_CHAIN_VERIFY\r
	80	+#if defined(OPENSSL_NO_CHAIN_VERIFY) \|\| defined(OPENSSL_SYS_UEFI)\r
	81	+ /* \r
	82	+ NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting\r
	83	+ in Authenticode Signing Certificates. \r
	84	+ */\r
	85	return 1;\r
	86	#else\r
	87	int i, ok=0, must_be_ca, plen = 0;\r
	88	@@ -904,6 +909,10 @@\r
	89	\r
	90	static int check_cert_time(X509_STORE_CTX ctx, X509 x)\r
	91	{\r
	92	+#if defined(OPENSSL_SYS_UEFI)\r
	93	+ /* Bypass Certificate Time Checking for UEFI version. */\r
	94	+ return 1;\r
	95	+#else\r
	96	time_t *ptime;\r
	97	int i;\r
	98	\r
	99	@@ -947,6 +956,7 @@\r
	100	}\r
	101	\r
	102	return 1;\r
	103	+#endif \r
	104	}\r
105	\r
106	static int internal_verify(X509_STORE_CTX *ctx)\r