]> git.proxmox.com Git - mirror_edk2.git/blob - CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2f.patch
projects / mirror_edk2.git / blob
? search:


edd2425b11a22a94dae160a9894ce252d48db8e4
[mirror_edk2.git] / CryptoPkg / Library / OpensslLib / EDKII_openssl-1.0.2f.patch
1 diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h
2 index 6e2293b..325e5d2 100644
3 --- a/crypto/bio/bio.h
4 +++ b/crypto/bio/bio.h
5 @@ -650,10 +650,10 @@ int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
6 int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
7 asn1_ps_func **psuffix_free);
8
9 -# ifndef OPENSSL_NO_FP_API
10 BIO_METHOD *BIO_s_file(void);
11 BIO *BIO_new_file(const char *filename, const char *mode);
12 BIO *BIO_new_fp(FILE *stream, int close_flag);
13 +# ifndef OPENSSL_NO_FP_API
14 # define BIO_s_file_internal BIO_s_file
15 # endif
16 BIO *BIO_new(BIO_METHOD *type);
17 diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
18 index bfba93e..4f13d1b 100644
19 --- a/crypto/bio/bss_file.c
20 +++ b/crypto/bio/bss_file.c
21 @@ -467,6 +467,23 @@ static int MS_CALLBACK file_puts(BIO *bp, const char *str)
22 return (ret);
23 }
24
25 +# else
26 +
27 +BIO_METHOD *BIO_s_file(void)
28 +{
29 + return NULL;
30 +}
31 +
32 +BIO *BIO_new_file(const char *filename, const char *mode)
33 +{
34 + return NULL;
35 +}
36 +
37 +BIO *BIO_new_fp(FILE *stream, int close_flag)
38 +{
39 + return NULL;
40 +}
41 +
42 # endif /* OPENSSL_NO_STDIO */
43
44 #endif /* HEADER_BSS_FILE_C */
45 diff --git a/crypto/crypto.h b/crypto/crypto.h
46 index c450d7a..d6e804e 100644
47 --- a/crypto/crypto.h
48 +++ b/crypto/crypto.h
49 @@ -235,15 +235,15 @@ typedef struct openssl_item_st {
50 # ifndef OPENSSL_NO_LOCKING
51 # ifndef CRYPTO_w_lock
52 # define CRYPTO_w_lock(type) \
53 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
54 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
55 # define CRYPTO_w_unlock(type) \
56 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
57 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
58 # define CRYPTO_r_lock(type) \
59 - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
60 + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
61 # define CRYPTO_r_unlock(type) \
62 - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
63 + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
64 # define CRYPTO_add(addr,amount,type) \
65 - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
66 + CRYPTO_add_lock(addr,amount,type,NULL,0)
67 # endif
68 # else
69 # define CRYPTO_w_lock(a)
70 @@ -378,19 +378,19 @@ int CRYPTO_is_mem_check_on(void);
71 # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
72 # define is_MemCheck_on() CRYPTO_is_mem_check_on()
73
74 -# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
75 -# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
76 +# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
77 +# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
78 # define OPENSSL_realloc(addr,num) \
79 - CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
80 + CRYPTO_realloc((char *)addr,(int)num,NULL,0)
81 # define OPENSSL_realloc_clean(addr,old_num,num) \
82 - CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
83 + CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
84 # define OPENSSL_remalloc(addr,num) \
85 - CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
86 + CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
87 # define OPENSSL_freeFunc CRYPTO_free
88 # define OPENSSL_free(addr) CRYPTO_free(addr)
89
90 # define OPENSSL_malloc_locked(num) \
91 - CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
92 + CRYPTO_malloc_locked((int)num,NULL,0)
93 # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
94
95 const char *SSLeay_version(int type);
96 @@ -545,7 +545,7 @@ void CRYPTO_set_mem_debug_options(long bits);
97 long CRYPTO_get_mem_debug_options(void);
98
99 # define CRYPTO_push_info(info) \
100 - CRYPTO_push_info_(info, __FILE__, __LINE__);
101 + CRYPTO_push_info_(info, NULL, 0);
102 int CRYPTO_push_info_(const char *info, const char *file, int line);
103 int CRYPTO_pop_info(void);
104 int CRYPTO_remove_all_info(void);
105 @@ -588,7 +588,7 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
106
107 /* die if we have to */
108 void OpenSSLDie(const char *file, int line, const char *assertion);
109 -# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
110 +# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
111
112 unsigned long *OPENSSL_ia32cap_loc(void);
113 # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
114 @@ -605,14 +605,14 @@ void OPENSSL_init(void);
115 # define fips_md_init_ctx(alg, cx) \
116 int alg##_Init(cx##_CTX *c) \
117 { \
118 - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
119 + if (FIPS_mode()) OpenSSLDie(NULL, 0, \
120 "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
121 return private_##alg##_Init(c); \
122 } \
123 int private_##alg##_Init(cx##_CTX *c)
124
125 # define fips_cipher_abort(alg) \
126 - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
127 + if (FIPS_mode()) OpenSSLDie(NULL, 0, \
128 "Low level API call to cipher " #alg " forbidden in FIPS mode!")
129
130 # else
131 diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
132 index b58e3fa..e5f345a 100644
133 --- a/crypto/dh/dh_pmeth.c
134 +++ b/crypto/dh/dh_pmeth.c
135 @@ -449,6 +449,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
136 *keylen = ret;
137 return 1;
138 } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
139 +#ifdef OPENSSL_NO_CMS
140 + return 0;
141 +#else
142 unsigned char *Z = NULL;
143 size_t Zlen = 0;
144 if (!dctx->kdf_outlen || !dctx->kdf_oid)
145 @@ -478,6 +481,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
146 OPENSSL_free(Z);
147 }
148 return ret;
149 +#endif
150 }
151 return 1;
152 }
153 diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
154 index d3b23fc..d61605b 100644
155 --- a/crypto/pem/pem.h
156 +++ b/crypto/pem/pem.h
157 @@ -324,6 +324,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
158
159 # define DECLARE_PEM_read_fp(name, type) /**/
160 # define DECLARE_PEM_write_fp(name, type) /**/
161 +# define DECLARE_PEM_write_fp_const(name, type) /**/
162 # define DECLARE_PEM_write_cb_fp(name, type) /**/
163 # else
164
165 diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
166 index c4d3724..0996c39 100644
167 --- a/crypto/pkcs7/pk7_smime.c
168 +++ b/crypto/pkcs7/pk7_smime.c
169 @@ -254,7 +254,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
170 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
171 PKCS7_SIGNER_INFO *si;
172 X509_STORE_CTX cert_ctx;
173 - char buf[4096];
174 + char *buf = NULL;
175 + int bufsiz;
176 int i, j = 0, k, ret = 0;
177 BIO *p7bio = NULL;
178 BIO *tmpin = NULL, *tmpout = NULL;
179 @@ -275,12 +276,6 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
180 return 0;
181 }
182
183 - /* Check for data and content: two sets of data */
184 - if (!PKCS7_get_detached(p7) && indata) {
185 - PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
186 - return 0;
187 - }
188 -
189 sinfos = PKCS7_get_signer_info(p7);
190
191 if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
192 @@ -355,9 +350,14 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
193 } else
194 tmpout = out;
195
196 + bufsiz = 4096;
197 + buf = OPENSSL_malloc(bufsiz);
198 + if (buf == NULL) {
199 + goto err;
200 + }
201 /* We now have to 'read' from p7bio to calculate digests etc. */
202 for (;;) {
203 - i = BIO_read(p7bio, buf, sizeof(buf));
204 + i = BIO_read(p7bio, buf, bufsiz);
205 if (i <= 0)
206 break;
207 if (tmpout)
208 @@ -394,6 +394,9 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
209 }
210 BIO_free_all(p7bio);
211 sk_X509_free(signers);
212 + if (buf != NULL) {
213 + OPENSSL_free(buf);
214 + }
215 return ret;
216 }
217
218 diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
219 index 266111e..f60fac6 100644
220 --- a/crypto/rand/rand_unix.c
221 +++ b/crypto/rand/rand_unix.c
222 @@ -116,7 +116,7 @@
223 #include <openssl/rand.h>
224 #include "rand_lcl.h"
225
226 -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
227 +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
228
229 # include <sys/types.h>
230 # include <sys/time.h>
231 @@ -439,7 +439,7 @@ int RAND_poll(void)
232 * defined(OPENSSL_SYS_VXWORKS) ||
233 * defined(OPENSSL_SYS_NETWARE)) */
234
235 -#if defined(OPENSSL_SYS_VXWORKS)
236 +#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
237 int RAND_poll(void)
238 {
239 return 0;
240 diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
241 index 4e06218..f591f0f 100644
242 --- a/crypto/rsa/rsa_ameth.c
243 +++ b/crypto/rsa/rsa_ameth.c
244 @@ -68,10 +68,12 @@
245 #endif
246 #include "asn1_locl.h"
247
248 +#ifndef OPENSSL_NO_CMS
249 static int rsa_cms_sign(CMS_SignerInfo *si);
250 static int rsa_cms_verify(CMS_SignerInfo *si);
251 static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
252 static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
253 +#endif
254
255 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
256 {
257 @@ -665,6 +667,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
258 return rv;
259 }
260
261 +#ifndef OPENSSL_NO_CMS
262 static int rsa_cms_verify(CMS_SignerInfo *si)
263 {
264 int nid, nid2;
265 @@ -683,6 +686,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
266 }
267 return 0;
268 }
269 +#endif
270
271 /*
272 * Customised RSA item verification routine. This is called when a signature
273 @@ -705,6 +709,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
274 return -1;
275 }
276
277 +#ifndef OPENSSL_NO_CMS
278 static int rsa_cms_sign(CMS_SignerInfo *si)
279 {
280 int pad_mode = RSA_PKCS1_PADDING;
281 @@ -729,6 +734,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
282 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
283 return 1;
284 }
285 +#endif
286
287 static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
288 X509_ALGOR *alg1, X509_ALGOR *alg2,
289 @@ -785,6 +791,7 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
290 return pss;
291 }
292
293 +#ifndef OPENSSL_NO_CMS
294 static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
295 {
296 EVP_PKEY_CTX *pkctx;
297 @@ -857,7 +864,9 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
298 X509_ALGOR_free(maskHash);
299 return rv;
300 }
301 +#endif
302
303 +#ifndef OPENSSL_NO_CMS
304 static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
305 {
306 const EVP_MD *md, *mgf1md;
307 @@ -920,6 +929,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
308 ASN1_STRING_free(os);
309 return rv;
310 }
311 +#endif
312
313 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
314 {
315 diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
316 index 0429767..7ddc21c 100644
317 --- a/crypto/x509/x509_vfy.c
318 +++ b/crypto/x509/x509_vfy.c
319 @@ -940,6 +940,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
320 ctx->current_crl = crl;
321 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
322 ptime = &ctx->param->check_time;
323 + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
324 + return 1;
325 else
326 ptime = NULL;
327
328 @@ -1663,6 +1665,8 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
329
330 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
331 ptime = &ctx->param->check_time;
332 + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
333 + return 1;
334 else
335 ptime = NULL;
336
337 diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
338 index 2663e1c..98d0b4c 100644
339 --- a/crypto/x509/x509_vfy.h
340 +++ b/crypto/x509/x509_vfy.h
341 @@ -438,6 +438,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
342 * will force the behaviour to match that of previous versions.
343 */
344 # define X509_V_FLAG_NO_ALT_CHAINS 0x100000
345 +/* Do not check certificate/CRL validity against current time */
346 +# define X509_V_FLAG_NO_CHECK_TIME 0x200000
347
348 # define X509_VP_FLAG_DEFAULT 0x1
349 # define X509_VP_FLAG_OVERWRITE 0x2
350 diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
351 index c3a6fce..01edd2a 100644
352 --- a/crypto/x509v3/ext_dat.h
353 +++ b/crypto/x509v3/ext_dat.h
354 @@ -127,8 +127,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
355 &v3_idp,
356 &v3_alt[2],
357 &v3_freshest_crl,
358 +#ifndef OPENSSL_SYS_UEFI
359 &v3_ct_scts[0],
360 &v3_ct_scts[1],
361 +#endif
362 };
363
364 /* Number of standard extensions */
365 diff --git a/e_os.h b/e_os.h
366 index 1fa36c1..3e9dae2 100644
367 --- a/e_os.h
368 +++ b/e_os.h
369 @@ -136,7 +136,7 @@ extern "C" {
370 # define MSDOS
371 # endif
372
373 -# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
374 +# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)
375 # define GETPID_IS_MEANINGLESS
376 # endif
377
378 diff --git a/e_os2.h b/e_os2.h
379 index 7be9989..909e22f 100644
380 --- a/e_os2.h
381 +++ b/e_os2.h
382 @@ -97,7 +97,14 @@ extern "C" {
383 * For 32 bit environment, there seems to be the CygWin environment and then
384 * all the others that try to do the same thing Microsoft does...
385 */
386 -# if defined(OPENSSL_SYSNAME_UWIN)
387 +/*
388 + * UEFI lives here because it might be built with a Microsoft toolchain and
389 + * we need to avoid the false positive match on Windows.
390 + */
391 +# if defined(OPENSSL_SYSNAME_UEFI)
392 +# undef OPENSSL_SYS_UNIX
393 +# define OPENSSL_SYS_UEFI
394 +# elif defined(OPENSSL_SYSNAME_UWIN)
395 # undef OPENSSL_SYS_UNIX
396 # define OPENSSL_SYS_WIN32_UWIN
397 # else
EFI Development Kit II mirror for PVE