[mirror_edk2.git] / CryptoPkg / Library / OpensslLib / EDKII_openssl-0.9.8w.patch

Index: crypto/bio/bss_file.c\r
===================================================================\r
--- crypto/bio/bss_file.c	(revision 1)\r
+++ crypto/bio/bss_file.c	(working copy)\r
@@ -428,6 +428,23 @@\r
 	return(ret);\r
 	}\r
 \r
+#else\r
+\r
+BIO_METHOD *BIO_s_file(void)\r
+	{\r
+	return NULL;\r
+	}\r
+\r
+BIO *BIO_new_file(const char *filename, const char *mode)\r
+	{\r
+	return NULL;\r
+	}\r
+\r
+BIO *BIO_new_fp(FILE *stream, int close_flag)\r
+	{\r
+	return NULL;\r
+	}\r
+\r
 #endif /* OPENSSL_NO_STDIO */\r
 \r
 #endif /* HEADER_BSS_FILE_C */\r
Index: crypto/err/err.c\r
===================================================================\r
--- crypto/err/err.c	(revision 1)\r
+++ crypto/err/err.c	(working copy)\r
@@ -313,7 +313,12 @@\r
 	es->err_data_flags[i]=flags;\r
 	}\r
 \r
+/* Add EFIAPI for UEFI version. */\r
+#if defined(OPENSSL_SYS_UEFI)\r
+void EFIAPI ERR_add_error_data(int num, ...)\r
+#else\r
 void ERR_add_error_data(int num, ...)\r
+#endif\r
 	{\r
 	va_list args;\r
 	int i,n,s;\r
Index: crypto/err/err.h\r
===================================================================\r
--- crypto/err/err.h	(revision 1)\r
+++ crypto/err/err.h	(working copy)\r
@@ -286,8 +286,14 @@\r
 #endif\r
 #ifndef OPENSSL_NO_BIO\r
 void ERR_print_errors(BIO *bp);\r
+\r
+/* Add EFIAPI for UEFI version. */\r
+#if defined(OPENSSL_SYS_UEFI)\r
+void EFIAPI ERR_add_error_data(int num, ...);\r
+#else\r
 void ERR_add_error_data(int num, ...);\r
 #endif\r
+#endif\r
 void ERR_load_strings(int lib,ERR_STRING_DATA str[]);\r
 void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);\r
 void ERR_load_ERR_strings(void);\r
Index: crypto/opensslconf.h\r
===================================================================\r
--- crypto/opensslconf.h	(revision 1)\r
+++ crypto/opensslconf.h	(working copy)\r
@@ -162,6 +162,9 @@\r
 /* The prime number generation stuff may not work when\r
  * EIGHT_BIT but I don't care since I've only used this mode\r
  * for debuging the bignum libraries */\r
+\r
+/* Bypass following definition for UEFI version. */\r
+#if !defined(OPENSSL_SYS_UEFI)\r
 #undef SIXTY_FOUR_BIT_LONG\r
 #undef SIXTY_FOUR_BIT\r
 #define THIRTY_TWO_BIT\r
@@ -169,6 +172,8 @@\r
 #undef EIGHT_BIT\r
 #endif\r
 \r
+#endif\r
+\r
 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)\r
 #define CONFIG_HEADER_RC4_LOCL_H\r
 /* if this is defined data[i] is used instead of *data, this is a %20\r
Index: crypto/pkcs7/pk7_smime.c\r
===================================================================\r
--- crypto/pkcs7/pk7_smime.c	(revision 1)\r
+++ crypto/pkcs7/pk7_smime.c	(working copy)\r
@@ -88,7 +88,10 @@\r
 	if (!PKCS7_content_new(p7, NID_pkcs7_data))\r
 		goto err;\r
 \r
-	if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {\r
+  /* \r
+    NOTE: Update to SHA-256 digest algorithm for UEFI version.\r
+  */\r
+	if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {\r
 		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);\r
 		goto err;\r
 	}\r
Index: crypto/rand/rand_egd.c\r
===================================================================\r
--- crypto/rand/rand_egd.c	(revision 1)\r
+++ crypto/rand/rand_egd.c	(working copy)\r
@@ -95,7 +95,7 @@\r
  *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.\r
  */\r
 \r
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)\r
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)\r
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)\r
 	{\r
 	return(-1);\r
Index: crypto/rand/rand_unix.c\r
===================================================================\r
--- crypto/rand/rand_unix.c	(revision 1)\r
+++ crypto/rand/rand_unix.c	(working copy)\r
@@ -116,7 +116,7 @@\r
 #include <openssl/rand.h>\r
 #include "rand_lcl.h"\r
 \r
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))\r
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))\r
 \r
 #include <sys/types.h>\r
 #include <sys/time.h>\r
@@ -322,7 +322,7 @@\r
 #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */\r
 \r
 \r
-#if defined(OPENSSL_SYS_VXWORKS)\r
+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)\r
 int RAND_poll(void)\r
 	{\r
 	return 0;\r
Index: crypto/x509/x509_vfy.c\r
===================================================================\r
--- crypto/x509/x509_vfy.c	(revision 1)\r
+++ crypto/x509/x509_vfy.c	(working copy)\r
@@ -386,7 +386,11 @@\r
 \r
 static int check_chain_extensions(X509_STORE_CTX *ctx)\r
 {\r
-#ifdef OPENSSL_NO_CHAIN_VERIFY\r
+#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)\r
+  /* \r
+    NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting\r
+          in Authenticode Signing Certificates. \r
+  */\r
 	return 1;\r
 #else\r
 	int i, ok=0, must_be_ca, plen = 0;\r
@@ -899,6 +903,10 @@\r
 \r
 static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r
 	{\r
+#if defined(OPENSSL_SYS_UEFI)\r
+  /* Bypass Certificate Time Checking for UEFI version. */\r
+  return 1;\r
+#else\r
 	time_t *ptime;\r
 	int i;\r
 \r
@@ -942,6 +950,7 @@\r
 		}\r
 \r
 	return 1;\r
+#endif	\r
 	}\r
 \r
 static int internal_verify(X509_STORE_CTX *ctx)\r
Commit	Line	Data
53591743	1	Index: crypto/bio/bss_file.c\r
	2	===================================================================\r
	3	--- crypto/bio/bss_file.c (revision 1)\r
	4	+++ crypto/bio/bss_file.c (working copy)\r
	5	@@ -428,6 +428,23 @@\r
97f98500 HT	6	return(ret);\r
	7	}\r
	8	\r
	9	+#else\r
	10	+\r
	11	+BIO_METHOD *BIO_s_file(void)\r
	12	+ {\r
	13	+ return NULL;\r
	14	+ }\r
	15	+\r
	16	+BIO BIO_new_file(const char filename, const char *mode)\r
	17	+ {\r
	18	+ return NULL;\r
	19	+ }\r
	20	+\r
	21	+BIO BIO_new_fp(FILE stream, int close_flag)\r
	22	+ {\r
	23	+ return NULL;\r
	24	+ }\r
	25	+\r
	26	#endif /* OPENSSL_NO_STDIO */\r
	27	\r
	28	#endif /* HEADER_BSS_FILE_C */\r
53591743	29	Index: crypto/err/err.c\r
	30	===================================================================\r
	31	--- crypto/err/err.c (revision 1)\r
	32	+++ crypto/err/err.c (working copy)\r
4d6afad3	33	@@ -313,7 +313,12 @@\r
	34	es->err_data_flags[i]=flags;\r
	35	}\r
	36	\r
	37	+/* Add EFIAPI for UEFI version. */\r
	38	+#if defined(OPENSSL_SYS_UEFI)\r
	39	+void EFIAPI ERR_add_error_data(int num, ...)\r
	40	+#else\r
	41	void ERR_add_error_data(int num, ...)\r
	42	+#endif\r
	43	{\r
	44	va_list args;\r
	45	int i,n,s;\r
53591743	46	Index: crypto/err/err.h\r
	47	===================================================================\r
	48	--- crypto/err/err.h (revision 1)\r
	49	+++ crypto/err/err.h (working copy)\r
4d6afad3	50	@@ -286,8 +286,14 @@\r
	51	#endif\r
	52	#ifndef OPENSSL_NO_BIO\r
	53	void ERR_print_errors(BIO *bp);\r
	54	+\r
	55	+/* Add EFIAPI for UEFI version. */\r
	56	+#if defined(OPENSSL_SYS_UEFI)\r
	57	+void EFIAPI ERR_add_error_data(int num, ...);\r
	58	+#else\r
	59	void ERR_add_error_data(int num, ...);\r
	60	#endif\r
	61	+#endif\r
	62	void ERR_load_strings(int lib,ERR_STRING_DATA str[]);\r
	63	void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);\r
	64	void ERR_load_ERR_strings(void);\r
53591743	65	Index: crypto/opensslconf.h\r
	66	===================================================================\r
	67	--- crypto/opensslconf.h (revision 1)\r
	68	+++ crypto/opensslconf.h (working copy)\r
4d6afad3	69	@@ -162,6 +162,9 @@\r
	70	/* The prime number generation stuff may not work when\r
	71	* EIGHT_BIT but I don't care since I've only used this mode\r
	72	* for debuging the bignum libraries */\r
	73	+\r
	74	+/* Bypass following definition for UEFI version. */\r
	75	+#if !defined(OPENSSL_SYS_UEFI)\r
	76	#undef SIXTY_FOUR_BIT_LONG\r
	77	#undef SIXTY_FOUR_BIT\r
	78	#define THIRTY_TWO_BIT\r
	79	@@ -169,6 +172,8 @@\r
	80	#undef EIGHT_BIT\r
	81	#endif\r
	82	\r
	83	+#endif\r
	84	+\r
	85	#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)\r
	86	#define CONFIG_HEADER_RC4_LOCL_H\r
	87	/* if this is defined data[i] is used instead of *data, this is a %20\r
53591743	88	Index: crypto/pkcs7/pk7_smime.c\r
	89	===================================================================\r
	90	--- crypto/pkcs7/pk7_smime.c (revision 1)\r
	91	+++ crypto/pkcs7/pk7_smime.c (working copy)\r
a2d111ed	92	@@ -88,7 +88,10 @@\r
	93	if (!PKCS7_content_new(p7, NID_pkcs7_data))\r
	94	goto err;\r
	95	\r
	96	- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {\r
	97	+ /* \r
	98	+ NOTE: Update to SHA-256 digest algorithm for UEFI version.\r
	99	+ */\r
	100	+ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {\r
	101	PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);\r
	102	goto err;\r
	103	}\r
53591743	104	Index: crypto/rand/rand_egd.c\r
	105	===================================================================\r
	106	--- crypto/rand/rand_egd.c (revision 1)\r
	107	+++ crypto/rand/rand_egd.c (working copy)\r
97f98500 HT	108	@@ -95,7 +95,7 @@\r
	109	* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.\r
	110	*/\r
	111	\r
	112	-#if defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE) \|\| defined(OPENSSL_SYS_VOS)\r
	113	+#if defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE) \|\| defined(OPENSSL_SYS_VOS) \|\| defined(OPENSSL_SYS_UEFI)\r
	114	int RAND_query_egd_bytes(const char path, unsigned char buf, int bytes)\r
	115	{\r
	116	return(-1);\r
53591743	117	Index: crypto/rand/rand_unix.c\r
	118	===================================================================\r
	119	--- crypto/rand/rand_unix.c (revision 1)\r
	120	+++ crypto/rand/rand_unix.c (working copy)\r
97f98500 HT	121	@@ -116,7 +116,7 @@\r
	122	#include <openssl/rand.h>\r
	123	#include "rand_lcl.h"\r
	124	\r
	125	-#if !(defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_OS2) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE))\r
	126	+#if !(defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_OS2) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE) \|\| defined(OPENSSL_SYS_UEFI))\r
	127	\r
	128	#include <sys/types.h>\r
	129	#include <sys/time.h>\r
	130	@@ -322,7 +322,7 @@\r
	131	#endif /* !(defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_OS2) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE)) */\r
	132	\r
	133	\r
	134	-#if defined(OPENSSL_SYS_VXWORKS)\r
	135	+#if defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_UEFI)\r
	136	int RAND_poll(void)\r
	137	{\r
	138	return 0;\r
53591743	139	Index: crypto/x509/x509_vfy.c\r
	140	===================================================================\r
	141	--- crypto/x509/x509_vfy.c (revision 1)\r
	142	+++ crypto/x509/x509_vfy.c (working copy)\r
	143	@@ -386,7 +386,11 @@\r
97f98500 HT	144	\r
	145	static int check_chain_extensions(X509_STORE_CTX *ctx)\r
	146	{\r
	147	-#ifdef OPENSSL_NO_CHAIN_VERIFY\r
97f98500 HT	148	+#if defined(OPENSSL_NO_CHAIN_VERIFY) \|\| defined(OPENSSL_SYS_UEFI)\r
	149	+ /* \r
	150	+ NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting\r
	151	+ in Authenticode Signing Certificates. \r
	152	+ */\r
	153	return 1;\r
	154	#else\r
	155	int i, ok=0, must_be_ca, plen = 0;\r
53591743	156	@@ -899,6 +903,10 @@\r
97f98500 HT	157	\r
	158	static int check_cert_time(X509_STORE_CTX ctx, X509 x)\r
	159	{\r
	160	+#if defined(OPENSSL_SYS_UEFI)\r
	161	+ /* Bypass Certificate Time Checking for UEFI version. */\r
	162	+ return 1;\r
	163	+#else\r
	164	time_t *ptime;\r
	165	int i;\r
	166	\r
53591743	167	@@ -942,6 +950,7 @@\r
97f98500 HT	168	}\r
	169	\r
	170	return 1;\r
53591743	171	+#endif \r
97f98500 HT	172	}\r
	173	\r
	174	static int internal_verify(X509_STORE_CTX *ctx)\r