CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2f.patch

   1 diff U3 crypto/bio/bio.h crypto/bio/bio.h
   2 --- crypto/bio/bio.h    Thu Jan 28 21:56:08 2016
   3 +++ crypto/bio/bio.h    Wed Feb 17 16:43:40 2016
   4 @@ -650,10 +650,10 @@
   5  int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
   6                          asn1_ps_func **psuffix_free);
   7
   8 -# ifndef OPENSSL_NO_FP_API
   9  BIO_METHOD *BIO_s_file(void);
  10  BIO *BIO_new_file(const char *filename, const char *mode);
  11  BIO *BIO_new_fp(FILE *stream, int close_flag);
  12 +# ifndef OPENSSL_NO_FP_API
  13  #  define BIO_s_file_internal    BIO_s_file
  14  # endif
  15  BIO *BIO_new(BIO_METHOD *type);
  16 diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c
  17 --- crypto/bio/bss_file.c       Thu Jan 28 21:38:30 2016
  18 +++ crypto/bio/bss_file.c       Wed Feb 17 16:01:02 2016
  19 @@ -467,6 +467,23 @@
  20      return (ret);
  21  }
  22
  23 +# else
  24 +
  25 +BIO_METHOD *BIO_s_file(void)
  26 +{
  27 +    return NULL;
  28 +}
  29 +
  30 +BIO *BIO_new_file(const char *filename, const char *mode)
  31 +{
  32 +    return NULL;
  33 +}
  34 +
  35 +BIO *BIO_new_fp(FILE *stream, int close_flag)
  36 +{
  37 +    return NULL;
  38 +}
  39 +
  40  # endif                         /* OPENSSL_NO_STDIO */
  41
  42  #endif                          /* HEADER_BSS_FILE_C */
  43 diff U3 crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c
  44 --- crypto/dh/dh_pmeth.c        Thu Jan 28 21:56:08 2016
  45 +++ crypto/dh/dh_pmeth.c        Wed Feb 17 16:15:58 2016
  46 @@ -449,6 +449,9 @@
  47          *keylen = ret;
  48          return 1;
  49      } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
  50 +#ifdef OPENSSL_NO_CMS
  51 +        return 0;
  52 +#else
  53          unsigned char *Z = NULL;
  54          size_t Zlen = 0;
  55          if (!dctx->kdf_outlen || !dctx->kdf_oid)
  56 @@ -478,6 +481,7 @@
  57              OPENSSL_free(Z);
  58          }
  59          return ret;
  60 +#endif
  61      }
  62      return 1;
  63  }
  64 diff U3 crypto/pem/pem.h crypto/pem/pem.h
  65 --- crypto/pem/pem.h    Thu Jan 28 21:56:08 2016
  66 +++ crypto/pem/pem.h    Wed Feb 17 15:56:26 2016
  67 @@ -324,6 +324,7 @@
  68
  69  #  define DECLARE_PEM_read_fp(name, type) /**/
  70  #  define DECLARE_PEM_write_fp(name, type) /**/
  71 +#  define DECLARE_PEM_write_fp_const(name, type) /**/
  72  #  define DECLARE_PEM_write_cb_fp(name, type) /**/
  73  # else
  74
  75 diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
  76 --- crypto/pkcs7/pk7_smime.c    Thu Jan 28 21:56:08 2016
  77 +++ crypto/pkcs7/pk7_smime.c    Wed Feb 17 16:22:45 2016
  78 @@ -254,7 +254,8 @@
  79      STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
  80      PKCS7_SIGNER_INFO *si;
  81      X509_STORE_CTX cert_ctx;
  82 -    char buf[4096];
  83 +    char *buf = NULL;
  84 +    int bufsiz;
  85      int i, j = 0, k, ret = 0;
  86      BIO *p7bio = NULL;
  87      BIO *tmpin = NULL, *tmpout = NULL;
  88 @@ -275,12 +276,6 @@
  89          return 0;
  90      }
  91
  92 -    /* Check for data and content: two sets of data */
  93 -    if (!PKCS7_get_detached(p7) && indata) {
  94 -        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
  95 -        return 0;
  96 -    }
  97 -
  98      sinfos = PKCS7_get_signer_info(p7);
  99
 100      if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
 101 @@ -355,9 +350,14 @@
 102      } else
 103          tmpout = out;
 104
 105 +    bufsiz = 4096;
 106 +    buf = OPENSSL_malloc(bufsiz);
 107 +    if (buf == NULL) {
 108 +        goto err;
 109 +    }
 110      /* We now have to 'read' from p7bio to calculate digests etc. */
 111      for (;;) {
 112 -        i = BIO_read(p7bio, buf, sizeof(buf));
 113 +        i = BIO_read(p7bio, buf, bufsiz);
 114          if (i <= 0)
 115              break;
 116          if (tmpout)
 117 @@ -394,6 +394,9 @@
 118      }
 119      BIO_free_all(p7bio);
 120      sk_X509_free(signers);
 121 +    if (buf != NULL) {
 122 +        OPENSSL_free(buf);
 123 +    }
 124      return ret;
 125  }
 126
 127 diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c
 128 --- crypto/rand/rand_unix.c     Thu Jan 28 21:38:32 2016
 129 +++ crypto/rand/rand_unix.c     Wed Feb 17 15:40:02 2016
 130 @@ -116,7 +116,7 @@
 131  #include <openssl/rand.h>
 132  #include "rand_lcl.h"
 133
 134 -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
 135 +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
 136
 137  # include <sys/types.h>
 138  # include <sys/time.h>
 139 @@ -439,7 +439,7 @@
 140                                   * defined(OPENSSL_SYS_VXWORKS) ||
 141                                   * defined(OPENSSL_SYS_NETWARE)) */
 142
 143 -#if defined(OPENSSL_SYS_VXWORKS)
 144 +#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
 145  int RAND_poll(void)
 146  {
 147      return 0;
 148 diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c
 149 --- crypto/rsa/rsa_ameth.c      Thu Jan 28 21:56:08 2016
 150 +++ crypto/rsa/rsa_ameth.c      Wed Feb 17 15:09:46 2016
 151 @@ -68,10 +68,12 @@
 152  #endif
 153  #include "asn1_locl.h"
 154
 155 +#ifndef OPENSSL_NO_CMS
 156  static int rsa_cms_sign(CMS_SignerInfo *si);
 157  static int rsa_cms_verify(CMS_SignerInfo *si);
 158  static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
 159  static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
 160 +#endif
 161
 162  static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 163  {
 164 @@ -665,6 +667,7 @@
 165      return rv;
 166  }
 167
 168 +#ifndef OPENSSL_NO_CMS
 169  static int rsa_cms_verify(CMS_SignerInfo *si)
 170  {
 171      int nid, nid2;
 172 @@ -683,6 +686,7 @@
 173      }
 174      return 0;
 175  }
 176 +#endif
 177
 178  /*
 179   * Customised RSA item verification routine. This is called when a signature
 180 @@ -705,6 +709,7 @@
 181      return -1;
 182  }
 183
 184 +#ifndef OPENSSL_NO_CMS
 185  static int rsa_cms_sign(CMS_SignerInfo *si)
 186  {
 187      int pad_mode = RSA_PKCS1_PADDING;
 188 @@ -729,6 +734,7 @@
 189      X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
 190      return 1;
 191  }
 192 +#endif
 193
 194  static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
 195                           X509_ALGOR *alg1, X509_ALGOR *alg2,
 196 @@ -785,6 +791,7 @@
 197      return pss;
 198  }
 199
 200 +#ifndef OPENSSL_NO_CMS
 201  static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
 202  {
 203      EVP_PKEY_CTX *pkctx;
 204 @@ -857,7 +864,9 @@
 205          X509_ALGOR_free(maskHash);
 206      return rv;
 207  }
 208 +#endif
 209
 210 +#ifndef OPENSSL_NO_CMS
 211  static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
 212  {
 213      const EVP_MD *md, *mgf1md;
 214 @@ -920,6 +929,7 @@
 215          ASN1_STRING_free(os);
 216      return rv;
 217  }
 218 +#endif
 219
 220  const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
 221      {
 222 diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
 223 --- crypto/x509/x509_vfy.c      Thu Jan 28 21:56:08 2016
 224 +++ crypto/x509/x509_vfy.c      Wed Feb 17 16:09:58 2016
 225 @@ -940,6 +940,8 @@
 226          ctx->current_crl = crl;
 227      if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
 228          ptime = &ctx->param->check_time;
 229 +    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
 230 +        return 1;
 231      else
 232          ptime = NULL;
 233
 234 @@ -1663,6 +1665,8 @@
 235
 236      if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
 237          ptime = &ctx->param->check_time;
 238 +    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
 239 +        return 1;
 240      else
 241          ptime = NULL;
 242
 243 diff U3 crypto/x509/x509_vfy.h crypto/x509/x509_vfy.h
 244 --- crypto/x509/x509_vfy.h      Thu Jan 28 21:56:08 2016
 245 +++ crypto/x509/x509_vfy.h      Wed Feb 17 16:08:18 2016
 246 @@ -438,6 +438,8 @@
 247   * will force the behaviour to match that of previous versions.
 248   */
 249  # define X509_V_FLAG_NO_ALT_CHAINS               0x100000
 250 +/* Do not check certificate/CRL validity against current time */
 251 +# define X509_V_FLAG_NO_CHECK_TIME               0x200000
 252
 253  # define X509_VP_FLAG_DEFAULT                    0x1
 254  # define X509_VP_FLAG_OVERWRITE                  0x2
 255 diff U3 crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h
 256 --- crypto/x509v3/ext_dat.h     Thu Jan 28 21:56:08 2016
 257 +++ crypto/x509v3/ext_dat.h     Wed Feb 17 16:13:30 2016
 258 @@ -127,8 +127,10 @@
 259      &v3_idp,
 260      &v3_alt[2],
 261      &v3_freshest_crl,
 262 +#ifndef OPENSSL_SYS_UEFI
 263      &v3_ct_scts[0],
 264      &v3_ct_scts[1],
 265 +#endif
 266  };
 267
 268  /* Number of standard extensions */
 269 diff U3 crypto/crypto.h crypto/crypto.h
 270 --- crypto/crypto.h     Thu Jan 28 21:38:30 2016
 271 +++ crypto/crypto.h     Wed Feb 17 16:33:00 2016
 272 @@ -235,15 +235,15 @@
 273  # ifndef OPENSSL_NO_LOCKING
 274  #  ifndef CRYPTO_w_lock
 275  #   define CRYPTO_w_lock(type)     \
 276 -        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
 277 +        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
 278  #   define CRYPTO_w_unlock(type)   \
 279 -        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
 280 +        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
 281  #   define CRYPTO_r_lock(type)     \
 282 -        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
 283 +        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
 284  #   define CRYPTO_r_unlock(type)   \
 285 -        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
 286 +        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
 287  #   define CRYPTO_add(addr,amount,type)    \
 288 -        CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
 289 +        CRYPTO_add_lock(addr,amount,type,NULL,0)
 290  #  endif
 291  # else
 292  #  define CRYPTO_w_lock(a)
 293 @@ -378,19 +378,19 @@
 294  # define MemCheck_off()  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
 295  # define is_MemCheck_on() CRYPTO_is_mem_check_on()
 296
 297 -# define OPENSSL_malloc(num)     CRYPTO_malloc((int)num,__FILE__,__LINE__)
 298 -# define OPENSSL_strdup(str)     CRYPTO_strdup((str),__FILE__,__LINE__)
 299 +# define OPENSSL_malloc(num)     CRYPTO_malloc((int)num,NULL,0)
 300 +# define OPENSSL_strdup(str)     CRYPTO_strdup((str),NULL,0)
 301  # define OPENSSL_realloc(addr,num) \
 302 -        CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
 303 +        CRYPTO_realloc((char *)addr,(int)num,NULL,0)
 304  # define OPENSSL_realloc_clean(addr,old_num,num) \
 305 -        CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
 306 +        CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
 307  # define OPENSSL_remalloc(addr,num) \
 308 -        CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
 309 +        CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
 310  # define OPENSSL_freeFunc        CRYPTO_free
 311  # define OPENSSL_free(addr)      CRYPTO_free(addr)
 312
 313  # define OPENSSL_malloc_locked(num) \
 314 -        CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
 315 +        CRYPTO_malloc_locked((int)num,NULL,0)
 316  # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
 317
 318  const char *SSLeay_version(int type);
 319 @@ -545,7 +545,7 @@
 320  long CRYPTO_get_mem_debug_options(void);
 321
 322  # define CRYPTO_push_info(info) \
 323 -        CRYPTO_push_info_(info, __FILE__, __LINE__);
 324 +        CRYPTO_push_info_(info, NULL, 0);
 325  int CRYPTO_push_info_(const char *info, const char *file, int line);
 326  int CRYPTO_pop_info(void);
 327  int CRYPTO_remove_all_info(void);
 328 @@ -588,7 +588,7 @@
 329
 330  /* die if we have to */
 331  void OpenSSLDie(const char *file, int line, const char *assertion);
 332 -# define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
 333 +# define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
 334
 335  unsigned long *OPENSSL_ia32cap_loc(void);
 336  # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
 337 @@ -605,14 +605,14 @@
 338  #  define fips_md_init_ctx(alg, cx) \
 339          int alg##_Init(cx##_CTX *c) \
 340          { \
 341 -        if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
 342 +        if (FIPS_mode()) OpenSSLDie(NULL, 0, \
 343                  "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
 344          return private_##alg##_Init(c); \
 345          } \
 346          int private_##alg##_Init(cx##_CTX *c)
 347
 348  #  define fips_cipher_abort(alg) \
 349 -        if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
 350 +        if (FIPS_mode()) OpenSSLDie(NULL, 0, \
 351                  "Low level API call to cipher " #alg " forbidden in FIPS mode!")
 352
 353  # else
 354 diff U3 e_os.h e_os.h
 355 --- e_os.h      Thu Jan 28 21:56:08 2016
 356 +++ e_os.h      Wed Feb 17 15:52:08 2016
 357 @@ -136,7 +136,7 @@
 358  #  define MSDOS
 359  # endif
 360
 361 -# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
 362 +# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)
 363  #  define GETPID_IS_MEANINGLESS
 364  # endif
 365
 366 diff U3 e_os2.h e_os2.h
 367 --- e_os2.h     Thu Jan 28 21:56:08 2016
 368 +++ e_os2.h     Wed Feb 17 15:53:08 2016
 369 @@ -97,7 +97,14 @@
 370   * For 32 bit environment, there seems to be the CygWin environment and then
 371   * all the others that try to do the same thing Microsoft does...
 372   */
 373 -# if defined(OPENSSL_SYSNAME_UWIN)
 374 +/*
 375 + * UEFI lives here because it might be built with a Microsoft toolchain and
 376 + * we need to avoid the false positive match on Windows.
 377 + */
 378 +# if defined(OPENSSL_SYSNAME_UEFI)
 379 +#  undef OPENSSL_SYS_UNIX
 380 +#  define OPENSSL_SYS_UEFI
 381 +# elif defined(OPENSSL_SYSNAME_UWIN)
 382  #  undef OPENSSL_SYS_UNIX
 383  #  define OPENSSL_SYS_WIN32_UWIN
 384  # else