[mirror_edk2.git] / CryptoPkg / Library / OpensslLib / EDKII_openssl-0.9.8w.patch

Index: crypto/bio/bss_file.c\r
===================================================================\r
--- crypto/bio/bss_file.c	(revision 1)\r
+++ crypto/bio/bss_file.c	(working copy)\r
@@ -428,6 +428,23 @@\r
 	return(ret);\r
 	}\r
 \r
+#else\r
+\r
+BIO_METHOD *BIO_s_file(void)\r
+	{\r
+	return NULL;\r
+	}\r
+\r
+BIO *BIO_new_file(const char *filename, const char *mode)\r
+	{\r
+	return NULL;\r
+	}\r
+\r
+BIO *BIO_new_fp(FILE *stream, int close_flag)\r
+	{\r
+	return NULL;\r
+	}\r
+\r
 #endif /* OPENSSL_NO_STDIO */\r
 \r
 #endif /* HEADER_BSS_FILE_C */\r
Index: crypto/crypto.h\r
===================================================================\r
--- crypto/crypto.h	(revision 1)\r
+++ crypto/crypto.h	(working copy)\r
@@ -235,15 +235,15 @@\r
 #ifndef OPENSSL_NO_LOCKING\r
 #ifndef CRYPTO_w_lock\r
 #define CRYPTO_w_lock(type)	\\r
-	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
+	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)\r
 #define CRYPTO_w_unlock(type)	\\r
-	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
+	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)\r
 #define CRYPTO_r_lock(type)	\\r
-	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
+	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)\r
 #define CRYPTO_r_unlock(type)	\\r
-	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
+	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)\r
 #define CRYPTO_add(addr,amount,type)	\\r
-	CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
+	CRYPTO_add_lock(addr,amount,type,NULL,0)\r
 #endif\r
 #else\r
 #define CRYPTO_w_lock(a)\r
@@ -361,19 +361,19 @@\r
 #define MemCheck_off()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)\r
 #define is_MemCheck_on() CRYPTO_is_mem_check_on()\r
 \r
-#define OPENSSL_malloc(num)	CRYPTO_malloc((int)num,__FILE__,__LINE__)\r
-#define OPENSSL_strdup(str)	CRYPTO_strdup((str),__FILE__,__LINE__)\r
+#define OPENSSL_malloc(num)	CRYPTO_malloc((int)num,NULL,0)\r
+#define OPENSSL_strdup(str)	CRYPTO_strdup((str),NULL,0)\r
 #define OPENSSL_realloc(addr,num) \\r
-	CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)\r
+	CRYPTO_realloc((char *)addr,(int)num,NULL,0)\r
 #define OPENSSL_realloc_clean(addr,old_num,num) \\r
-	CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)\r
+	CRYPTO_realloc_clean(addr,old_num,num,NULL,0)\r
 #define OPENSSL_remalloc(addr,num) \\r
-	CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)\r
+	CRYPTO_remalloc((char **)addr,(int)num,NULL,0)\r
 #define OPENSSL_freeFunc	CRYPTO_free\r
 #define OPENSSL_free(addr)	CRYPTO_free(addr)\r
 \r
 #define OPENSSL_malloc_locked(num) \\r
-	CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)\r
+	CRYPTO_malloc_locked((int)num,NULL,0)\r
 #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)\r
 \r
 \r
@@ -487,7 +487,7 @@\r
 long CRYPTO_get_mem_debug_options(void);\r
 \r
 #define CRYPTO_push_info(info) \\r
-        CRYPTO_push_info_(info, __FILE__, __LINE__);\r
+        CRYPTO_push_info_(info, NULL, 0);\r
 int CRYPTO_push_info_(const char *info, const char *file, int line);\r
 int CRYPTO_pop_info(void);\r
 int CRYPTO_remove_all_info(void);\r
@@ -528,17 +528,17 @@\r
 \r
 /* die if we have to */\r
 void OpenSSLDie(const char *file,int line,const char *assertion);\r
-#define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))\r
+#define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))\r
 \r
 unsigned long *OPENSSL_ia32cap_loc(void);\r
 #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))\r
 int OPENSSL_isservice(void);\r
 \r
 #ifdef OPENSSL_FIPS\r
-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \\r
+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \\r
 		alg " previous FIPS forbidden algorithm error ignored");\r
 \r
-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \\r
+#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \\r
 		#alg " Algorithm forbidden in FIPS mode");\r
 \r
 #ifdef OPENSSL_FIPS_STRICT\r
Index: crypto/err/err.c\r
===================================================================\r
--- crypto/err/err.c	(revision 1)\r
+++ crypto/err/err.c	(working copy)\r
@@ -313,7 +313,12 @@\r
 	es->err_data_flags[i]=flags;\r
 	}\r
 \r
+/* Add EFIAPI for UEFI version. */\r
+#if defined(OPENSSL_SYS_UEFI)\r
+void EFIAPI ERR_add_error_data(int num, ...)\r
+#else\r
 void ERR_add_error_data(int num, ...)\r
+#endif\r
 	{\r
 	va_list args;\r
 	int i,n,s;\r
Index: crypto/err/err.h\r
===================================================================\r
--- crypto/err/err.h	(revision 1)\r
+++ crypto/err/err.h	(working copy)\r
@@ -286,8 +286,14 @@\r
 #endif\r
 #ifndef OPENSSL_NO_BIO\r
 void ERR_print_errors(BIO *bp);\r
+\r
+/* Add EFIAPI for UEFI version. */\r
+#if defined(OPENSSL_SYS_UEFI)\r
+void EFIAPI ERR_add_error_data(int num, ...);\r
+#else\r
 void ERR_add_error_data(int num, ...);\r
 #endif\r
+#endif\r
 void ERR_load_strings(int lib,ERR_STRING_DATA str[]);\r
 void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);\r
 void ERR_load_ERR_strings(void);\r
Index: crypto/opensslconf.h\r
===================================================================\r
--- crypto/opensslconf.h	(revision 1)\r
+++ crypto/opensslconf.h	(working copy)\r
@@ -162,6 +162,9 @@\r
 /* The prime number generation stuff may not work when\r
  * EIGHT_BIT but I don't care since I've only used this mode\r
  * for debuging the bignum libraries */\r
+\r
+/* Bypass following definition for UEFI version. */\r
+#if !defined(OPENSSL_SYS_UEFI)\r
 #undef SIXTY_FOUR_BIT_LONG\r
 #undef SIXTY_FOUR_BIT\r
 #define THIRTY_TWO_BIT\r
@@ -169,6 +172,8 @@\r
 #undef EIGHT_BIT\r
 #endif\r
 \r
+#endif\r
+\r
 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)\r
 #define CONFIG_HEADER_RC4_LOCL_H\r
 /* if this is defined data[i] is used instead of *data, this is a %20\r
Index: crypto/pkcs7/pk7_smime.c\r
===================================================================\r
--- crypto/pkcs7/pk7_smime.c	(revision 1)\r
+++ crypto/pkcs7/pk7_smime.c	(working copy)\r
@@ -88,7 +88,10 @@\r
 	if (!PKCS7_content_new(p7, NID_pkcs7_data))\r
 		goto err;\r
 \r
-	if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {\r
+  /* \r
+    NOTE: Update to SHA-256 digest algorithm for UEFI version.\r
+  */\r
+	if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {\r
 		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);\r
 		goto err;\r
 	}\r
@@ -173,7 +176,8 @@\r
 	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;\r
 	PKCS7_SIGNER_INFO *si;\r
 	X509_STORE_CTX cert_ctx;\r
-	char buf[4096];\r
+	char *buf = NULL;\r
+	int bufsiz;\r
 	int i, j=0, k, ret = 0;\r
 	BIO *p7bio;\r
 	BIO *tmpin, *tmpout;\r
@@ -284,10 +288,16 @@\r
 		BIO_set_mem_eof_return(tmpout, 0);\r
 	} else tmpout = out;\r
 \r
+	bufsiz = 4096;\r
+	buf = OPENSSL_malloc (bufsiz);\r
+		if (buf == NULL) {\r
+			goto err;\r
+	}\r
+\r
 	/* We now have to 'read' from p7bio to calculate digests etc. */\r
 	for (;;)\r
 	{\r
-		i=BIO_read(p7bio,buf,sizeof(buf));\r
+		i=BIO_read(p7bio,buf,bufsiz);\r
 		if (i <= 0) break;\r
 		if (tmpout) BIO_write(tmpout, buf, i);\r
 	}\r
@@ -326,6 +336,10 @@\r
 \r
 	sk_X509_free(signers);\r
 \r
+	if (buf != NULL) {\r
+		OPENSSL_free (buf);\r
+	}\r
+\r
 	return ret;\r
 }\r
 \r
Index: crypto/rand/rand_egd.c\r
===================================================================\r
--- crypto/rand/rand_egd.c	(revision 1)\r
+++ crypto/rand/rand_egd.c	(working copy)\r
@@ -95,7 +95,7 @@\r
  *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.\r
  */\r
 \r
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)\r
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)\r
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)\r
 	{\r
 	return(-1);\r
Index: crypto/rand/rand_unix.c\r
===================================================================\r
--- crypto/rand/rand_unix.c	(revision 1)\r
+++ crypto/rand/rand_unix.c	(working copy)\r
@@ -116,7 +116,7 @@\r
 #include <openssl/rand.h>\r
 #include "rand_lcl.h"\r
 \r
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))\r
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))\r
 \r
 #include <sys/types.h>\r
 #include <sys/time.h>\r
@@ -322,7 +322,7 @@\r
 #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */\r
 \r
 \r
-#if defined(OPENSSL_SYS_VXWORKS)\r
+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)\r
 int RAND_poll(void)\r
 	{\r
 	return 0;\r
Index: crypto/x509/x509_vfy.c\r
===================================================================\r
--- crypto/x509/x509_vfy.c	(revision 1)\r
+++ crypto/x509/x509_vfy.c	(working copy)\r
@@ -899,6 +899,10 @@\r
 \r
 static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r
 	{\r
+#if defined(OPENSSL_SYS_UEFI)\r
+  /* Bypass Certificate Time Checking for UEFI version. */\r
+  return 1;\r
+#else\r
 	time_t *ptime;\r
 	int i;\r
 \r
@@ -942,6 +946,7 @@\r
 		}\r
 \r
 	return 1;\r
+#endif	\r
 	}\r
 \r
 static int internal_verify(X509_STORE_CTX *ctx)\r
Commit	Line	Data
53591743	1	Index: crypto/bio/bss_file.c\r
	2	===================================================================\r
	3	--- crypto/bio/bss_file.c (revision 1)\r
	4	+++ crypto/bio/bss_file.c (working copy)\r
	5	@@ -428,6 +428,23 @@\r
97f98500 HT	6	return(ret);\r
	7	}\r
	8	\r
	9	+#else\r
	10	+\r
	11	+BIO_METHOD *BIO_s_file(void)\r
	12	+ {\r
	13	+ return NULL;\r
	14	+ }\r
	15	+\r
	16	+BIO BIO_new_file(const char filename, const char *mode)\r
	17	+ {\r
	18	+ return NULL;\r
	19	+ }\r
	20	+\r
	21	+BIO BIO_new_fp(FILE stream, int close_flag)\r
	22	+ {\r
	23	+ return NULL;\r
	24	+ }\r
	25	+\r
	26	#endif /* OPENSSL_NO_STDIO */\r
	27	\r
	28	#endif /* HEADER_BSS_FILE_C */\r
f4184cbd	29	Index: crypto/crypto.h\r
	30	===================================================================\r
	31	--- crypto/crypto.h (revision 1)\r
	32	+++ crypto/crypto.h (working copy)\r
	33	@@ -235,15 +235,15 @@\r
	34	#ifndef OPENSSL_NO_LOCKING\r
	35	#ifndef CRYPTO_w_lock\r
	36	#define CRYPTO_w_lock(type) \\r
	37	- CRYPTO_lock(CRYPTO_LOCK\|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
	38	+ CRYPTO_lock(CRYPTO_LOCK\|CRYPTO_WRITE,type,NULL,0)\r
	39	#define CRYPTO_w_unlock(type) \\r
	40	- CRYPTO_lock(CRYPTO_UNLOCK\|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
	41	+ CRYPTO_lock(CRYPTO_UNLOCK\|CRYPTO_WRITE,type,NULL,0)\r
	42	#define CRYPTO_r_lock(type) \\r
	43	- CRYPTO_lock(CRYPTO_LOCK\|CRYPTO_READ,type,__FILE__,__LINE__)\r
	44	+ CRYPTO_lock(CRYPTO_LOCK\|CRYPTO_READ,type,NULL,0)\r
	45	#define CRYPTO_r_unlock(type) \\r
	46	- CRYPTO_lock(CRYPTO_UNLOCK\|CRYPTO_READ,type,__FILE__,__LINE__)\r
	47	+ CRYPTO_lock(CRYPTO_UNLOCK\|CRYPTO_READ,type,NULL,0)\r
	48	#define CRYPTO_add(addr,amount,type) \\r
	49	- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
	50	+ CRYPTO_add_lock(addr,amount,type,NULL,0)\r
	51	#endif\r
	52	#else\r
	53	#define CRYPTO_w_lock(a)\r
	54	@@ -361,19 +361,19 @@\r
	55	#define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)\r
	56	#define is_MemCheck_on() CRYPTO_is_mem_check_on()\r
	57	\r
	58	-#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)\r
	59	-#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)\r
	60	+#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)\r
	61	+#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)\r
	62	#define OPENSSL_realloc(addr,num) \\r
	63	- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)\r
	64	+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)\r
	65	#define OPENSSL_realloc_clean(addr,old_num,num) \\r
	66	- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)\r
	67	+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)\r
	68	#define OPENSSL_remalloc(addr,num) \\r
	69	- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)\r
	70	+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)\r
	71	#define OPENSSL_freeFunc CRYPTO_free\r
	72	#define OPENSSL_free(addr) CRYPTO_free(addr)\r
	73	\r
	74	#define OPENSSL_malloc_locked(num) \\r
	75	- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)\r
	76	+ CRYPTO_malloc_locked((int)num,NULL,0)\r
	77	#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)\r
	78	\r
	79	\r
	80	@@ -487,7 +487,7 @@\r
	81	long CRYPTO_get_mem_debug_options(void);\r
	82	\r
	83	#define CRYPTO_push_info(info) \\r
	84	- CRYPTO_push_info_(info, __FILE__, __LINE__);\r
	85	+ CRYPTO_push_info_(info, NULL, 0);\r
	86	int CRYPTO_push_info_(const char info, const char file, int line);\r
	87	int CRYPTO_pop_info(void);\r
	88	int CRYPTO_remove_all_info(void);\r
	89	@@ -528,17 +528,17 @@\r
	90	\r
	91	/* die if we have to */\r
	92	void OpenSSLDie(const char file,int line,const char assertion);\r
93	-#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))\r
94	+#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))\r
95	\r
96	unsigned long *OPENSSL_ia32cap_loc(void);\r
97	#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))\r
98	int OPENSSL_isservice(void);\r
99	\r
100	#ifdef OPENSSL_FIPS\r
101	-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \\r
102	+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \\r
103	alg " previous FIPS forbidden algorithm error ignored");\r
104	\r
105	-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \\r
106	+#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \\r
107	#alg " Algorithm forbidden in FIPS mode");\r
108	\r
109	#ifdef OPENSSL_FIPS_STRICT\r
53591743	110	Index: crypto/err/err.c\r
	111	===================================================================\r
	112	--- crypto/err/err.c (revision 1)\r
	113	+++ crypto/err/err.c (working copy)\r
4d6afad3	114	@@ -313,7 +313,12 @@\r
	115	es->err_data_flags[i]=flags;\r
	116	}\r
	117	\r
	118	+/* Add EFIAPI for UEFI version. */\r
	119	+#if defined(OPENSSL_SYS_UEFI)\r
	120	+void EFIAPI ERR_add_error_data(int num, ...)\r
	121	+#else\r
	122	void ERR_add_error_data(int num, ...)\r
	123	+#endif\r
	124	{\r
	125	va_list args;\r
	126	int i,n,s;\r
53591743	127	Index: crypto/err/err.h\r
	128	===================================================================\r
	129	--- crypto/err/err.h (revision 1)\r
	130	+++ crypto/err/err.h (working copy)\r
4d6afad3	131	@@ -286,8 +286,14 @@\r
	132	#endif\r
	133	#ifndef OPENSSL_NO_BIO\r
	134	void ERR_print_errors(BIO *bp);\r
	135	+\r
	136	+/* Add EFIAPI for UEFI version. */\r
	137	+#if defined(OPENSSL_SYS_UEFI)\r
	138	+void EFIAPI ERR_add_error_data(int num, ...);\r
	139	+#else\r
	140	void ERR_add_error_data(int num, ...);\r
	141	#endif\r
	142	+#endif\r
	143	void ERR_load_strings(int lib,ERR_STRING_DATA str[]);\r
	144	void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);\r
	145	void ERR_load_ERR_strings(void);\r
53591743	146	Index: crypto/opensslconf.h\r
	147	===================================================================\r
	148	--- crypto/opensslconf.h (revision 1)\r
	149	+++ crypto/opensslconf.h (working copy)\r
4d6afad3	150	@@ -162,6 +162,9 @@\r
	151	/* The prime number generation stuff may not work when\r
	152	* EIGHT_BIT but I don't care since I've only used this mode\r
	153	* for debuging the bignum libraries */\r
	154	+\r
	155	+/* Bypass following definition for UEFI version. */\r
	156	+#if !defined(OPENSSL_SYS_UEFI)\r
	157	#undef SIXTY_FOUR_BIT_LONG\r
	158	#undef SIXTY_FOUR_BIT\r
	159	#define THIRTY_TWO_BIT\r
	160	@@ -169,6 +172,8 @@\r
	161	#undef EIGHT_BIT\r
	162	#endif\r
	163	\r
	164	+#endif\r
	165	+\r
	166	#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)\r
	167	#define CONFIG_HEADER_RC4_LOCL_H\r
	168	/* if this is defined data[i] is used instead of *data, this is a %20\r
53591743	169	Index: crypto/pkcs7/pk7_smime.c\r
	170	===================================================================\r
	171	--- crypto/pkcs7/pk7_smime.c (revision 1)\r
	172	+++ crypto/pkcs7/pk7_smime.c (working copy)\r
a2d111ed	173	@@ -88,7 +88,10 @@\r
	174	if (!PKCS7_content_new(p7, NID_pkcs7_data))\r
	175	goto err;\r
	176	\r
	177	- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {\r
	178	+ /* \r
	179	+ NOTE: Update to SHA-256 digest algorithm for UEFI version.\r
	180	+ */\r
	181	+ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {\r
	182	PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);\r
	183	goto err;\r
	184	}\r
e98e59c2	185	@@ -173,7 +176,8 @@\r
	186	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;\r
	187	PKCS7_SIGNER_INFO *si;\r
	188	X509_STORE_CTX cert_ctx;\r
	189	- char buf[4096];\r
	190	+ char *buf = NULL;\r
	191	+ int bufsiz;\r
	192	int i, j=0, k, ret = 0;\r
	193	BIO *p7bio;\r
	194	BIO tmpin, tmpout;\r
	195	@@ -284,10 +288,16 @@\r
	196	BIO_set_mem_eof_return(tmpout, 0);\r
	197	} else tmpout = out;\r
	198	\r
	199	+ bufsiz = 4096;\r
	200	+ buf = OPENSSL_malloc (bufsiz);\r
	201	+ if (buf == NULL) {\r
	202	+ goto err;\r
	203	+ }\r
	204	+\r
	205	/* We now have to 'read' from p7bio to calculate digests etc. */\r
	206	for (;;)\r
	207	{\r
	208	- i=BIO_read(p7bio,buf,sizeof(buf));\r
	209	+ i=BIO_read(p7bio,buf,bufsiz);\r
	210	if (i <= 0) break;\r
	211	if (tmpout) BIO_write(tmpout, buf, i);\r
	212	}\r
	213	@@ -326,6 +336,10 @@\r
	214	\r
	215	sk_X509_free(signers);\r
	216	\r
	217	+ if (buf != NULL) {\r
	218	+ OPENSSL_free (buf);\r
	219	+ }\r
	220	+\r
	221	return ret;\r
	222	}\r
	223	\r
53591743	224	Index: crypto/rand/rand_egd.c\r
	225	===================================================================\r
	226	--- crypto/rand/rand_egd.c (revision 1)\r
	227	+++ crypto/rand/rand_egd.c (working copy)\r
97f98500 HT	228	@@ -95,7 +95,7 @@\r
	229	* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.\r
	230	*/\r
	231	\r
	232	-#if defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE) \|\| defined(OPENSSL_SYS_VOS)\r
	233	+#if defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE) \|\| defined(OPENSSL_SYS_VOS) \|\| defined(OPENSSL_SYS_UEFI)\r
	234	int RAND_query_egd_bytes(const char path, unsigned char buf, int bytes)\r
	235	{\r
	236	return(-1);\r
53591743	237	Index: crypto/rand/rand_unix.c\r
	238	===================================================================\r
	239	--- crypto/rand/rand_unix.c (revision 1)\r
	240	+++ crypto/rand/rand_unix.c (working copy)\r
97f98500 HT	241	@@ -116,7 +116,7 @@\r
	242	#include <openssl/rand.h>\r
	243	#include "rand_lcl.h"\r
	244	\r
	245	-#if !(defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_OS2) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE))\r
	246	+#if !(defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_OS2) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE) \|\| defined(OPENSSL_SYS_UEFI))\r
	247	\r
	248	#include <sys/types.h>\r
	249	#include <sys/time.h>\r
	250	@@ -322,7 +322,7 @@\r
	251	#endif /* !(defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_WIN32) \|\| defined(OPENSSL_SYS_VMS) \|\| defined(OPENSSL_SYS_OS2) \|\| defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_NETWARE)) */\r
	252	\r
	253	\r
	254	-#if defined(OPENSSL_SYS_VXWORKS)\r
	255	+#if defined(OPENSSL_SYS_VXWORKS) \|\| defined(OPENSSL_SYS_UEFI)\r
	256	int RAND_poll(void)\r
	257	{\r
	258	return 0;\r
53591743	259	Index: crypto/x509/x509_vfy.c\r
	260	===================================================================\r
	261	--- crypto/x509/x509_vfy.c (revision 1)\r
	262	+++ crypto/x509/x509_vfy.c (working copy)\r
02ee8d3b	263	@@ -899,6 +899,10 @@\r
97f98500 HT	264	\r
	265	static int check_cert_time(X509_STORE_CTX ctx, X509 x)\r
	266	{\r
	267	+#if defined(OPENSSL_SYS_UEFI)\r
	268	+ /* Bypass Certificate Time Checking for UEFI version. */\r
	269	+ return 1;\r
	270	+#else\r
	271	time_t *ptime;\r
	272	int i;\r
	273	\r
02ee8d3b	274	@@ -942,6 +946,7 @@\r
97f98500 HT	275	}\r
	276	\r
	277	return 1;\r
53591743	278	+#endif \r
97f98500 HT	279	}\r
	280	\r
	281	static int internal_verify(X509_STORE_CTX *ctx)\r