1 Index: crypto/bio/bss_file.c
2 ===================================================================
3 --- crypto/bio/bss_file.c (revision 1)
4 +++ crypto/bio/bss_file.c (working copy)
11 +BIO_METHOD *BIO_s_file(void)
16 +BIO *BIO_new_file(const char *filename, const char *mode)
21 +BIO *BIO_new_fp(FILE *stream, int close_flag)
26 #endif /* OPENSSL_NO_STDIO */
28 #endif /* HEADER_BSS_FILE_C */
29 Index: crypto/err/err.c
30 ===================================================================
31 --- crypto/err/err.c (revision 1)
32 +++ crypto/err/err.c (working copy)
34 es->err_data_flags[i]=flags;
37 +/* Add EFIAPI for UEFI version. */
38 +#if defined(OPENSSL_SYS_UEFI)
39 +void EFIAPI ERR_add_error_data(int num, ...)
41 void ERR_add_error_data(int num, ...)
46 Index: crypto/err/err.h
47 ===================================================================
48 --- crypto/err/err.h (revision 1)
49 +++ crypto/err/err.h (working copy)
52 #ifndef OPENSSL_NO_BIO
53 void ERR_print_errors(BIO *bp);
55 +/* Add EFIAPI for UEFI version. */
56 +#if defined(OPENSSL_SYS_UEFI)
57 +void EFIAPI ERR_add_error_data(int num, ...);
59 void ERR_add_error_data(int num, ...);
62 void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
63 void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
64 void ERR_load_ERR_strings(void);
65 Index: crypto/opensslconf.h
66 ===================================================================
67 --- crypto/opensslconf.h (revision 1)
68 +++ crypto/opensslconf.h (working copy)
70 /* The prime number generation stuff may not work when
71 * EIGHT_BIT but I don't care since I've only used this mode
72 * for debuging the bignum libraries */
74 +/* Bypass following definition for UEFI version. */
75 +#if !defined(OPENSSL_SYS_UEFI)
76 #undef SIXTY_FOUR_BIT_LONG
78 #define THIRTY_TWO_BIT
85 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
86 #define CONFIG_HEADER_RC4_LOCL_H
87 /* if this is defined data[i] is used instead of *data, this is a %20
88 Index: crypto/pkcs7/pk7_smime.c
89 ===================================================================
90 --- crypto/pkcs7/pk7_smime.c (revision 1)
91 +++ crypto/pkcs7/pk7_smime.c (working copy)
93 if (!PKCS7_content_new(p7, NID_pkcs7_data))
96 - if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
98 + NOTE: Update to SHA-256 digest algorithm for UEFI version.
100 + if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {
101 PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
104 Index: crypto/rand/rand_egd.c
105 ===================================================================
106 --- crypto/rand/rand_egd.c (revision 1)
107 +++ crypto/rand/rand_egd.c (working copy)
109 * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
112 -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
113 +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
114 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
117 Index: crypto/rand/rand_unix.c
118 ===================================================================
119 --- crypto/rand/rand_unix.c (revision 1)
120 +++ crypto/rand/rand_unix.c (working copy)
122 #include <openssl/rand.h>
123 #include "rand_lcl.h"
125 -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
126 +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
128 #include <sys/types.h>
129 #include <sys/time.h>
131 #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
134 -#if defined(OPENSSL_SYS_VXWORKS)
135 +#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
139 Index: crypto/x509/x509_vfy.c
140 ===================================================================
141 --- crypto/x509/x509_vfy.c (revision 1)
142 +++ crypto/x509/x509_vfy.c (working copy)
145 static int check_chain_extensions(X509_STORE_CTX *ctx)
147 -#ifdef OPENSSL_NO_CHAIN_VERIFY
148 +#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)
150 + NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting
151 + in Authenticode Signing Certificates.
155 int i, ok=0, must_be_ca, plen = 0;
158 static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
160 +#if defined(OPENSSL_SYS_UEFI)
161 + /* Bypass Certificate Time Checking for UEFI version. */
174 static int internal_verify(X509_STORE_CTX *ctx)