Upgrade to OpenSSL-0.9.8zf (released on 19-MAR-2015).

[mirror_edk2.git] / CryptoPkg / Library / OpensslLib / EDKII_openssl-0.9.8zf.patch

Index: crypto/bio/bss_file.c\r
===================================================================\r
--- crypto/bio/bss_file.c	(revision 1)\r
+++ crypto/bio/bss_file.c	(working copy)\r
@@ -418,6 +418,23 @@\r
     return (ret);\r
 }\r
 \r
+#else\r
+\r
+BIO_METHOD *BIO_s_file(void)\r
+{\r
+    return NULL;\r
+}\r
+\r
+BIO *BIO_new_file(const char *filename, const char *mode)\r
+{\r
+    return NULL;\r
+}\r
+\r
+BIO *BIO_new_fp(FILE *stream, int close_flag)\r
+{\r
+    return NULL;\r
+}\r
+\r
 # endif                         /* OPENSSL_NO_STDIO */\r
 \r
 #endif                          /* HEADER_BSS_FILE_C */\r
Index: crypto/crypto.h\r
===================================================================\r
--- crypto/crypto.h	(revision 1)\r
+++ crypto/crypto.h	(working copy)\r
@@ -239,15 +239,15 @@\r
 # ifndef OPENSSL_NO_LOCKING\r
 #  ifndef CRYPTO_w_lock\r
 #   define CRYPTO_w_lock(type)     \\r
-        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
+        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)\r
 #   define CRYPTO_w_unlock(type)   \\r
-        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
+        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)\r
 #   define CRYPTO_r_lock(type)     \\r
-        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
+        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)\r
 #   define CRYPTO_r_unlock(type)   \\r
-        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
+        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)\r
 #   define CRYPTO_add(addr,amount,type)    \\r
-        CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
+        CRYPTO_add_lock(addr,amount,type,NULL,0)\r
 #  endif\r
 # else\r
 #  define CRYPTO_w_lock(a)\r
@@ -374,19 +374,19 @@\r
 # define MemCheck_off()  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)\r
 # define is_MemCheck_on() CRYPTO_is_mem_check_on()\r
 \r
-# define OPENSSL_malloc(num)     CRYPTO_malloc((int)num,__FILE__,__LINE__)\r
-# define OPENSSL_strdup(str)     CRYPTO_strdup((str),__FILE__,__LINE__)\r
+# define OPENSSL_malloc(num)     CRYPTO_malloc((int)num,NULL,0)\r
+# define OPENSSL_strdup(str)     CRYPTO_strdup((str),NULL,0)\r
 # define OPENSSL_realloc(addr,num) \\r
-        CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)\r
+        CRYPTO_realloc((char *)addr,(int)num,NULL,0)\r
 # define OPENSSL_realloc_clean(addr,old_num,num) \\r
-        CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)\r
+        CRYPTO_realloc_clean(addr,old_num,num,NULL,0)\r
 # define OPENSSL_remalloc(addr,num) \\r
-        CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)\r
+        CRYPTO_remalloc((char **)addr,(int)num,NULL,0)\r
 # define OPENSSL_freeFunc        CRYPTO_free\r
 # define OPENSSL_free(addr)      CRYPTO_free(addr)\r
 \r
 # define OPENSSL_malloc_locked(num) \\r
-        CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)\r
+        CRYPTO_malloc_locked((int)num,NULL,0)\r
 # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)\r
 \r
 const char *SSLeay_version(int type);\r
@@ -531,7 +531,7 @@\r
 long CRYPTO_get_mem_debug_options(void);\r
 \r
 # define CRYPTO_push_info(info) \\r
-        CRYPTO_push_info_(info, __FILE__, __LINE__);\r
+        CRYPTO_push_info_(info, NULL, 0);\r
 int CRYPTO_push_info_(const char *info, const char *file, int line);\r
 int CRYPTO_pop_info(void);\r
 int CRYPTO_remove_all_info(void);\r
@@ -578,7 +578,7 @@\r
 \r
 /* die if we have to */\r
 void OpenSSLDie(const char *file, int line, const char *assertion);\r
-# define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))\r
+# define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))\r
 \r
 unsigned long *OPENSSL_ia32cap_loc(void);\r
 # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))\r
@@ -585,10 +585,10 @@\r
 int OPENSSL_isservice(void);\r
 \r
 # ifdef OPENSSL_FIPS\r
-#  define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \\r
+#  define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \\r
                 alg " previous FIPS forbidden algorithm error ignored");\r
 \r
-#  define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \\r
+#  define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \\r
                 #alg " Algorithm forbidden in FIPS mode");\r
 \r
 #  ifdef OPENSSL_FIPS_STRICT\r
Index: crypto/err/err.c\r
===================================================================\r
--- crypto/err/err.c	(revision 1)\r
+++ crypto/err/err.c	(working copy)\r
@@ -321,7 +321,12 @@\r
     es->err_data_flags[i] = flags;\r
 }\r
 \r
+/* Add EFIAPI for UEFI version. */\r
+#if defined(OPENSSL_SYS_UEFI)\r
+void EFIAPI ERR_add_error_data(int num, ...)\r
+#else\r
 void ERR_add_error_data(int num, ...)\r
+#endif\r
 {\r
     va_list args;\r
     int i, n, s;\r
Index: crypto/err/err.h\r
===================================================================\r
--- crypto/err/err.h	(revision 1)\r
+++ crypto/err/err.h	(working copy)\r
@@ -285,7 +285,13 @@\r
 # endif\r
 # ifndef OPENSSL_NO_BIO\r
 void ERR_print_errors(BIO *bp);\r
+\r
+/* Add EFIAPI for UEFI version. */\r
+#if defined(OPENSSL_SYS_UEFI)\r
+void EFIAPI ERR_add_error_data(int num, ...);\r
+#else\r
 void ERR_add_error_data(int num, ...);\r
+#endif\r
 # endif\r
 void ERR_load_strings(int lib, ERR_STRING_DATA str[]);\r
 void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);\r
Index: crypto/opensslconf.h\r
===================================================================\r
--- crypto/opensslconf.h	(revision 1)\r
+++ crypto/opensslconf.h	(working copy)\r
@@ -162,6 +162,9 @@\r
 /* The prime number generation stuff may not work when\r
  * EIGHT_BIT but I don't care since I've only used this mode\r
  * for debuging the bignum libraries */\r
+\r
+/* Bypass following definition for UEFI version. */\r
+#if !defined(OPENSSL_SYS_UEFI)\r
 #undef SIXTY_FOUR_BIT_LONG\r
 #undef SIXTY_FOUR_BIT\r
 #define THIRTY_TWO_BIT\r
@@ -169,6 +172,8 @@\r
 #undef EIGHT_BIT\r
 #endif\r
 \r
+#endif\r
+\r
 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)\r
 #define CONFIG_HEADER_RC4_LOCL_H\r
 /* if this is defined data[i] is used instead of *data, this is a %20\r
Index: crypto/pkcs7/pk7_smime.c\r
===================================================================\r
--- crypto/pkcs7/pk7_smime.c	(revision 1)\r
+++ crypto/pkcs7/pk7_smime.c	(working copy)\r
@@ -90,7 +90,14 @@\r
     if (!PKCS7_content_new(p7, NID_pkcs7_data))\r
         goto err;\r
 \r
+#if defined(OPENSSL_SYS_UEFI)\r
+    /*\r
+     * NOTE: Update to SHA-256 digest algorithm for UEFI version.\r
+     */\r
+    if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha256()))) {\r
+#else\r
     if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) {\r
+#endif\r
         PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);\r
         goto err;\r
     }\r
@@ -175,7 +182,8 @@\r
     STACK_OF(PKCS7_SIGNER_INFO) *sinfos;\r
     PKCS7_SIGNER_INFO *si;\r
     X509_STORE_CTX cert_ctx;\r
-    char buf[4096];\r
+    char *buf = NULL;\r
+    int bufsiz;\r
     int i, j = 0, k, ret = 0;\r
     BIO *p7bio;\r
     BIO *tmpin, *tmpout;\r
@@ -286,6 +294,12 @@\r
     } else\r
         tmpout = out;\r
 \r
+    bufsiz = 4096;\r
+    buf = OPENSSL_malloc (bufsiz);\r
+    if (buf == NULL) {\r
+      goto err;\r
+    }\r
+\r
     /* We now have to 'read' from p7bio to calculate digests etc. */\r
     for (;;) {\r
         i = BIO_read(p7bio, buf, sizeof(buf));\r
@@ -328,6 +342,10 @@\r
 \r
     sk_X509_free(signers);\r
 \r
+    if (buf != NULL) {\r
+      OPENSSL_free (buf);\r
+    }\r
+\r
     return ret;\r
 }\r
 \r
Index: crypto/rand/rand_egd.c\r
===================================================================\r
--- crypto/rand/rand_egd.c	(revision 1)\r
+++ crypto/rand/rand_egd.c	(working copy)\r
@@ -95,7 +95,7 @@\r
  *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.\r
  */\r
 \r
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)\r
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)\r
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)\r
 {\r
     return (-1);\r
Index: crypto/rand/rand_unix.c\r
===================================================================\r
--- crypto/rand/rand_unix.c	(revision 1)\r
+++ crypto/rand/rand_unix.c	(working copy)\r
@@ -116,7 +116,7 @@\r
 #include <openssl/rand.h>\r
 #include "rand_lcl.h"\r
 \r
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))\r
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))\r
 \r
 # include <sys/types.h>\r
 # include <sys/time.h>\r
@@ -332,7 +332,7 @@\r
                                  * defined(OPENSSL_SYS_VXWORKS) ||\r
                                  * defined(OPENSSL_SYS_NETWARE)) */\r
 \r
-#if defined(OPENSSL_SYS_VXWORKS)\r
+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)\r
 int RAND_poll(void)\r
 {\r
     return 0;\r
Index: crypto/x509/x509_vfy.c\r
===================================================================\r
--- crypto/x509/x509_vfy.c	(revision 1)\r
+++ crypto/x509/x509_vfy.c	(working copy)\r
@@ -871,6 +871,10 @@\r
 \r
 static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r
 {\r
+#if defined(OPENSSL_SYS_UEFI)\r
+  /* Bypass Certificate Time Checking for UEFI version. */\r
+  return 1;\r
+#else\r
     time_t *ptime;\r
     int i;\r
 \r
@@ -910,6 +914,7 @@\r
     }\r
 \r
     return 1;\r
+#endif\r
 }\r
 \r
 static int internal_verify(X509_STORE_CTX *ctx)\r