CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch

   1 Index: crypto/bio/bss_file.c
   2 ===================================================================
   3 --- crypto/bio/bss_file.c       (revision 1)
   4 +++ crypto/bio/bss_file.c       (working copy)
   5 @@ -428,6 +428,23 @@
   6         return(ret);
   7         }
   8
   9 +#else
  10 +
  11 +BIO_METHOD *BIO_s_file(void)
  12 +       {
  13 +       return NULL;
  14 +       }
  15 +
  16 +BIO *BIO_new_file(const char *filename, const char *mode)
  17 +       {
  18 +       return NULL;
  19 +       }
  20 +
  21 +BIO *BIO_new_fp(FILE *stream, int close_flag)
  22 +       {
  23 +       return NULL;
  24 +       }
  25 +
  26  #endif /* OPENSSL_NO_STDIO */
  27
  28  #endif /* HEADER_BSS_FILE_C */
  29 Index: crypto/crypto.h
  30 ===================================================================
  31 --- crypto/crypto.h     (revision 1)
  32 +++ crypto/crypto.h     (working copy)
  33 @@ -235,15 +235,15 @@
  34  #ifndef OPENSSL_NO_LOCKING
  35  #ifndef CRYPTO_w_lock
  36  #define CRYPTO_w_lock(type)    \
  37 -       CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
  38 +       CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
  39  #define CRYPTO_w_unlock(type)  \
  40 -       CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
  41 +       CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
  42  #define CRYPTO_r_lock(type)    \
  43 -       CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
  44 +       CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
  45  #define CRYPTO_r_unlock(type)  \
  46 -       CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
  47 +       CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
  48  #define CRYPTO_add(addr,amount,type)   \
  49 -       CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
  50 +       CRYPTO_add_lock(addr,amount,type,NULL,0)
  51  #endif
  52  #else
  53  #define CRYPTO_w_lock(a)
  54 @@ -361,19 +361,19 @@
  55  #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
  56  #define is_MemCheck_on() CRYPTO_is_mem_check_on()
  57
  58 -#define OPENSSL_malloc(num)    CRYPTO_malloc((int)num,__FILE__,__LINE__)
  59 -#define OPENSSL_strdup(str)    CRYPTO_strdup((str),__FILE__,__LINE__)
  60 +#define OPENSSL_malloc(num)    CRYPTO_malloc((int)num,NULL,0)
  61 +#define OPENSSL_strdup(str)    CRYPTO_strdup((str),NULL,0)
  62  #define OPENSSL_realloc(addr,num) \
  63 -       CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
  64 +       CRYPTO_realloc((char *)addr,(int)num,NULL,0)
  65  #define OPENSSL_realloc_clean(addr,old_num,num) \
  66 -       CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
  67 +       CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
  68  #define OPENSSL_remalloc(addr,num) \
  69 -       CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
  70 +       CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
  71  #define OPENSSL_freeFunc       CRYPTO_free
  72  #define OPENSSL_free(addr)     CRYPTO_free(addr)
  73
  74  #define OPENSSL_malloc_locked(num) \
  75 -       CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
  76 +       CRYPTO_malloc_locked((int)num,NULL,0)
  77  #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
  78
  79
  80 @@ -487,7 +487,7 @@
  81  long CRYPTO_get_mem_debug_options(void);
  82
  83  #define CRYPTO_push_info(info) \
  84 -        CRYPTO_push_info_(info, __FILE__, __LINE__);
  85 +        CRYPTO_push_info_(info, NULL, 0);
  86  int CRYPTO_push_info_(const char *info, const char *file, int line);
  87  int CRYPTO_pop_info(void);
  88  int CRYPTO_remove_all_info(void);
  89 @@ -528,17 +528,17 @@
  90
  91  /* die if we have to */
  92  void OpenSSLDie(const char *file,int line,const char *assertion);
  93 -#define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
  94 +#define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
  95
  96  unsigned long *OPENSSL_ia32cap_loc(void);
  97  #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
  98  int OPENSSL_isservice(void);
  99
 100  #ifdef OPENSSL_FIPS
 101 -#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
 102 +#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
 103                 alg " previous FIPS forbidden algorithm error ignored");
 104
 105 -#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
 106 +#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
 107                 #alg " Algorithm forbidden in FIPS mode");
 108
 109  #ifdef OPENSSL_FIPS_STRICT
 110 Index: crypto/err/err.c
 111 ===================================================================
 112 --- crypto/err/err.c    (revision 1)
 113 +++ crypto/err/err.c    (working copy)
 114 @@ -313,7 +313,12 @@
 115         es->err_data_flags[i]=flags;
 116         }
 117
 118 +/* Add EFIAPI for UEFI version. */
 119 +#if defined(OPENSSL_SYS_UEFI)
 120 +void EFIAPI ERR_add_error_data(int num, ...)
 121 +#else
 122  void ERR_add_error_data(int num, ...)
 123 +#endif
 124         {
 125         va_list args;
 126         int i,n,s;
 127 Index: crypto/err/err.h
 128 ===================================================================
 129 --- crypto/err/err.h    (revision 1)
 130 +++ crypto/err/err.h    (working copy)
 131 @@ -286,8 +286,14 @@
 132  #endif
 133  #ifndef OPENSSL_NO_BIO
 134  void ERR_print_errors(BIO *bp);
 135 +
 136 +/* Add EFIAPI for UEFI version. */
 137 +#if defined(OPENSSL_SYS_UEFI)
 138 +void EFIAPI ERR_add_error_data(int num, ...);
 139 +#else
 140  void ERR_add_error_data(int num, ...);
 141  #endif
 142 +#endif
 143  void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
 144  void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
 145  void ERR_load_ERR_strings(void);
 146 Index: crypto/opensslconf.h
 147 ===================================================================
 148 --- crypto/opensslconf.h        (revision 1)
 149 +++ crypto/opensslconf.h        (working copy)
 150 @@ -162,6 +162,9 @@
 151  /* The prime number generation stuff may not work when
 152   * EIGHT_BIT but I don't care since I've only used this mode
 153   * for debuging the bignum libraries */
 154 +
 155 +/* Bypass following definition for UEFI version. */
 156 +#if !defined(OPENSSL_SYS_UEFI)
 157  #undef SIXTY_FOUR_BIT_LONG
 158  #undef SIXTY_FOUR_BIT
 159  #define THIRTY_TWO_BIT
 160 @@ -169,6 +172,8 @@
 161  #undef EIGHT_BIT
 162  #endif
 163
 164 +#endif
 165 +
 166  #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
 167  #define CONFIG_HEADER_RC4_LOCL_H
 168  /* if this is defined data[i] is used instead of *data, this is a %20
 169 Index: crypto/pkcs7/pk7_smime.c
 170 ===================================================================
 171 --- crypto/pkcs7/pk7_smime.c    (revision 1)
 172 +++ crypto/pkcs7/pk7_smime.c    (working copy)
 173 @@ -88,7 +88,10 @@
 174         if (!PKCS7_content_new(p7, NID_pkcs7_data))
 175                 goto err;
 176
 177 -       if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
 178 +  /*
 179 +    NOTE: Update to SHA-256 digest algorithm for UEFI version.
 180 +  */
 181 +       if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {
 182                 PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
 183                 goto err;
 184         }
 185 @@ -173,7 +176,8 @@
 186         STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
 187         PKCS7_SIGNER_INFO *si;
 188         X509_STORE_CTX cert_ctx;
 189 -       char buf[4096];
 190 +       char *buf = NULL;
 191 +       int bufsiz;
 192         int i, j=0, k, ret = 0;
 193         BIO *p7bio;
 194         BIO *tmpin, *tmpout;
 195 @@ -284,10 +288,16 @@
 196                 BIO_set_mem_eof_return(tmpout, 0);
 197         } else tmpout = out;
 198
 199 +       bufsiz = 4096;
 200 +       buf = OPENSSL_malloc (bufsiz);
 201 +               if (buf == NULL) {
 202 +                       goto err;
 203 +       }
 204 +
 205         /* We now have to 'read' from p7bio to calculate digests etc. */
 206         for (;;)
 207         {
 208 -               i=BIO_read(p7bio,buf,sizeof(buf));
 209 +               i=BIO_read(p7bio,buf,bufsiz);
 210                 if (i <= 0) break;
 211                 if (tmpout) BIO_write(tmpout, buf, i);
 212         }
 213 @@ -326,6 +336,10 @@
 214
 215         sk_X509_free(signers);
 216
 217 +       if (buf != NULL) {
 218 +               OPENSSL_free (buf);
 219 +       }
 220 +
 221         return ret;
 222  }
 223
 224 Index: crypto/rand/rand_egd.c
 225 ===================================================================
 226 --- crypto/rand/rand_egd.c      (revision 1)
 227 +++ crypto/rand/rand_egd.c      (working copy)
 228 @@ -95,7 +95,7 @@
 229   *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
 230   */
 231
 232 -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
 233 +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
 234  int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 235         {
 236         return(-1);
 237 Index: crypto/rand/rand_unix.c
 238 ===================================================================
 239 --- crypto/rand/rand_unix.c     (revision 1)
 240 +++ crypto/rand/rand_unix.c     (working copy)
 241 @@ -116,7 +116,7 @@
 242  #include <openssl/rand.h>
 243  #include "rand_lcl.h"
 244
 245 -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
 246 +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
 247
 248  #include <sys/types.h>
 249  #include <sys/time.h>
 250 @@ -322,7 +322,7 @@
 251  #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
 252
 253
 254 -#if defined(OPENSSL_SYS_VXWORKS)
 255 +#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
 256  int RAND_poll(void)
 257         {
 258         return 0;
 259 Index: crypto/x509/x509_vfy.c
 260 ===================================================================
 261 --- crypto/x509/x509_vfy.c      (revision 1)
 262 +++ crypto/x509/x509_vfy.c      (working copy)
 263 @@ -386,7 +386,11 @@
 264
 265  static int check_chain_extensions(X509_STORE_CTX *ctx)
 266  {
 267 -#ifdef OPENSSL_NO_CHAIN_VERIFY
 268 +#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)
 269 +  /*
 270 +    NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting
 271 +          in Authenticode Signing Certificates.
 272 +  */
 273         return 1;
 274  #else
 275         int i, ok=0, must_be_ca, plen = 0;
 276 @@ -899,6 +903,10 @@
 277
 278  static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
 279         {
 280 +#if defined(OPENSSL_SYS_UEFI)
 281 +  /* Bypass Certificate Time Checking for UEFI version. */
 282 +  return 1;
 283 +#else
 284         time_t *ptime;
 285         int i;
 286
 287 @@ -942,6 +950,7 @@
 288                 }
 289
 290         return 1;
 291 +#endif
 292         }
 293
 294  static int internal_verify(X509_STORE_CTX *ctx)