]>
Commit | Line | Data |
---|---|---|
1 | Index: crypto/bio/bss_file.c\r | |
2 | ===================================================================\r | |
3 | --- crypto/bio/bss_file.c (revision 1)\r | |
4 | +++ crypto/bio/bss_file.c (working copy)\r | |
5 | @@ -428,6 +428,23 @@\r | |
6 | return(ret);\r | |
7 | }\r | |
8 | \r | |
9 | +#else\r | |
10 | +\r | |
11 | +BIO_METHOD *BIO_s_file(void)\r | |
12 | + {\r | |
13 | + return NULL;\r | |
14 | + }\r | |
15 | +\r | |
16 | +BIO *BIO_new_file(const char *filename, const char *mode)\r | |
17 | + {\r | |
18 | + return NULL;\r | |
19 | + }\r | |
20 | +\r | |
21 | +BIO *BIO_new_fp(FILE *stream, int close_flag)\r | |
22 | + {\r | |
23 | + return NULL;\r | |
24 | + }\r | |
25 | +\r | |
26 | #endif /* OPENSSL_NO_STDIO */\r | |
27 | \r | |
28 | #endif /* HEADER_BSS_FILE_C */\r | |
29 | Index: crypto/err/err.c\r | |
30 | ===================================================================\r | |
31 | --- crypto/err/err.c (revision 1)\r | |
32 | +++ crypto/err/err.c (working copy)\r | |
33 | @@ -313,7 +313,12 @@\r | |
34 | es->err_data_flags[i]=flags;\r | |
35 | }\r | |
36 | \r | |
37 | +/* Add EFIAPI for UEFI version. */\r | |
38 | +#if defined(OPENSSL_SYS_UEFI)\r | |
39 | +void EFIAPI ERR_add_error_data(int num, ...)\r | |
40 | +#else\r | |
41 | void ERR_add_error_data(int num, ...)\r | |
42 | +#endif\r | |
43 | {\r | |
44 | va_list args;\r | |
45 | int i,n,s;\r | |
46 | Index: crypto/err/err.h\r | |
47 | ===================================================================\r | |
48 | --- crypto/err/err.h (revision 1)\r | |
49 | +++ crypto/err/err.h (working copy)\r | |
50 | @@ -286,8 +286,14 @@\r | |
51 | #endif\r | |
52 | #ifndef OPENSSL_NO_BIO\r | |
53 | void ERR_print_errors(BIO *bp);\r | |
54 | +\r | |
55 | +/* Add EFIAPI for UEFI version. */\r | |
56 | +#if defined(OPENSSL_SYS_UEFI)\r | |
57 | +void EFIAPI ERR_add_error_data(int num, ...);\r | |
58 | +#else\r | |
59 | void ERR_add_error_data(int num, ...);\r | |
60 | #endif\r | |
61 | +#endif\r | |
62 | void ERR_load_strings(int lib,ERR_STRING_DATA str[]);\r | |
63 | void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);\r | |
64 | void ERR_load_ERR_strings(void);\r | |
65 | Index: crypto/opensslconf.h\r | |
66 | ===================================================================\r | |
67 | --- crypto/opensslconf.h (revision 1)\r | |
68 | +++ crypto/opensslconf.h (working copy)\r | |
69 | @@ -162,6 +162,9 @@\r | |
70 | /* The prime number generation stuff may not work when\r | |
71 | * EIGHT_BIT but I don't care since I've only used this mode\r | |
72 | * for debuging the bignum libraries */\r | |
73 | +\r | |
74 | +/* Bypass following definition for UEFI version. */\r | |
75 | +#if !defined(OPENSSL_SYS_UEFI)\r | |
76 | #undef SIXTY_FOUR_BIT_LONG\r | |
77 | #undef SIXTY_FOUR_BIT\r | |
78 | #define THIRTY_TWO_BIT\r | |
79 | @@ -169,6 +172,8 @@\r | |
80 | #undef EIGHT_BIT\r | |
81 | #endif\r | |
82 | \r | |
83 | +#endif\r | |
84 | +\r | |
85 | #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)\r | |
86 | #define CONFIG_HEADER_RC4_LOCL_H\r | |
87 | /* if this is defined data[i] is used instead of *data, this is a %20\r | |
88 | Index: crypto/pkcs7/pk7_smime.c\r | |
89 | ===================================================================\r | |
90 | --- crypto/pkcs7/pk7_smime.c (revision 1)\r | |
91 | +++ crypto/pkcs7/pk7_smime.c (working copy)\r | |
92 | @@ -88,7 +88,10 @@\r | |
93 | if (!PKCS7_content_new(p7, NID_pkcs7_data))\r | |
94 | goto err;\r | |
95 | \r | |
96 | - if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {\r | |
97 | + /* \r | |
98 | + NOTE: Update to SHA-256 digest algorithm for UEFI version.\r | |
99 | + */\r | |
100 | + if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {\r | |
101 | PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);\r | |
102 | goto err;\r | |
103 | }\r | |
104 | Index: crypto/rand/rand_egd.c\r | |
105 | ===================================================================\r | |
106 | --- crypto/rand/rand_egd.c (revision 1)\r | |
107 | +++ crypto/rand/rand_egd.c (working copy)\r | |
108 | @@ -95,7 +95,7 @@\r | |
109 | * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.\r | |
110 | */\r | |
111 | \r | |
112 | -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)\r | |
113 | +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)\r | |
114 | int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)\r | |
115 | {\r | |
116 | return(-1);\r | |
117 | Index: crypto/rand/rand_unix.c\r | |
118 | ===================================================================\r | |
119 | --- crypto/rand/rand_unix.c (revision 1)\r | |
120 | +++ crypto/rand/rand_unix.c (working copy)\r | |
121 | @@ -116,7 +116,7 @@\r | |
122 | #include <openssl/rand.h>\r | |
123 | #include "rand_lcl.h"\r | |
124 | \r | |
125 | -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))\r | |
126 | +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))\r | |
127 | \r | |
128 | #include <sys/types.h>\r | |
129 | #include <sys/time.h>\r | |
130 | @@ -322,7 +322,7 @@\r | |
131 | #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */\r | |
132 | \r | |
133 | \r | |
134 | -#if defined(OPENSSL_SYS_VXWORKS)\r | |
135 | +#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)\r | |
136 | int RAND_poll(void)\r | |
137 | {\r | |
138 | return 0;\r | |
139 | Index: crypto/x509/x509_vfy.c\r | |
140 | ===================================================================\r | |
141 | --- crypto/x509/x509_vfy.c (revision 1)\r | |
142 | +++ crypto/x509/x509_vfy.c (working copy)\r | |
143 | @@ -386,7 +386,11 @@\r | |
144 | \r | |
145 | static int check_chain_extensions(X509_STORE_CTX *ctx)\r | |
146 | {\r | |
147 | -#ifdef OPENSSL_NO_CHAIN_VERIFY\r | |
148 | +#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)\r | |
149 | + /* \r | |
150 | + NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting\r | |
151 | + in Authenticode Signing Certificates. \r | |
152 | + */\r | |
153 | return 1;\r | |
154 | #else\r | |
155 | int i, ok=0, must_be_ca, plen = 0;\r | |
156 | @@ -899,6 +903,10 @@\r | |
157 | \r | |
158 | static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r | |
159 | {\r | |
160 | +#if defined(OPENSSL_SYS_UEFI)\r | |
161 | + /* Bypass Certificate Time Checking for UEFI version. */\r | |
162 | + return 1;\r | |
163 | +#else\r | |
164 | time_t *ptime;\r | |
165 | int i;\r | |
166 | \r | |
167 | @@ -942,6 +950,7 @@\r | |
168 | }\r | |
169 | \r | |
170 | return 1;\r | |
171 | +#endif \r | |
172 | }\r | |
173 | \r | |
174 | static int internal_verify(X509_STORE_CTX *ctx)\r |