CryptoPkg/OpensslLib: Eliminate GETPID_IS_MEANINGLESS definition

[mirror_edk2.git] / CryptoPkg / Library / OpensslLib / EDKII_openssl-1.0.2d.patch

diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
index 72e5f3da54c47719d42533574ee7dfcddc2dda4b..4e1fd5b688616460800b4e74eaf0ead722549ae6 100644 (file)
--- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
+++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch
@@ -210,25 +210,36 @@ diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c
 diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c\r
 --- crypto/x509/x509_vfy.c     Thu Jun 11 21:52:58 2015\r
 +++ crypto/x509/x509_vfy.c     Fri Jun 12 11:29:37 2015\r
-@@ -1653,6 +1653,10 @@\r
- \r
- static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r
- {\r
-+#ifdef OPENSSL_SYS_UEFI\r
-+    /* Bypass Certificate Time Checking for UEFI version. */\r
-+    return 1;\r
-+#else\r
-     time_t *ptime;\r
-     int i;\r
- \r
-@@ -1692,6 +1696,7 @@\r
-     }\r
- \r
-     return 1;\r
-+#endif\r
- }\r
- \r
- static int internal_verify(X509_STORE_CTX *ctx)\r
+@@ -935,6 +935,8 @@\r
+         ctx->current_crl = crl;\r
+     if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
+         ptime = &ctx->param->check_time;\r
++    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
++        return 1;\r
+     else\r
+         ptime = NULL;\r
+ \r
+@@ -1658,6 +1660,8 @@\r
+ \r
+     if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
+         ptime = &ctx->param->check_time;\r
++    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
++        return 1;\r
+     else\r
+         ptime = NULL;\r
+ \r
+diff U3 crypto/x509/x509_vfy.h crypto/x509/x509_vfy.h\r
+--- crypto/x509/x509_vfy.h     Thu Jul 09 19:57:16 2015\r
++++ crypto/x509/x509_vfy.h     Thu Oct 29 14:05:57 2015\r
+@@ -438,6 +438,8 @@\r
+  * will force the behaviour to match that of previous versions.\r
+  */\r
+ # define X509_V_FLAG_NO_ALT_CHAINS               0x100000\r
++/* Do not check certificate/CRL validity against current time */\r
++# define X509_V_FLAG_NO_CHECK_TIME               0x200000\r
+ \r
+ # define X509_VP_FLAG_DEFAULT                    0x1\r
+ # define X509_VP_FLAG_OVERWRITE                  0x2\r
 diff U3 crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h\r
 --- crypto/x509v3/ext_dat.h    Thu Jun 11 21:50:12 2015\r
 +++ crypto/x509v3/ext_dat.h    Fri Jun 12 11:11:03 2015\r
@@ -331,50 +342,53 @@ diff U3 crypto/crypto.h crypto/crypto.h
 diff U3 crypto/opensslconf.h crypto/opensslconf.h\r
 --- crypto/opensslconf.h       Thu Jun 11 21:55:38 2015\r
 +++ crypto/opensslconf.h       Fri Jun 12 10:28:27 2015\r
-@@ -159,9 +159,12 @@\r
- /* Should we define BN_DIV2W here? */\r
- \r
- /* Only one for the following should be defined */\r
-+/* Bypass the following definitions for UEFI version. */\r
-+#if !defined(OPENSSL_SYS_UEFI)\r
- #undef SIXTY_FOUR_BIT_LONG\r
- #undef SIXTY_FOUR_BIT\r
- #define THIRTY_TWO_BIT\r
+@@ -5,6 +5,9 @@\r
+ extern "C" {\r
+ #endif\r
+ /* OpenSSL was configured with the following options: */\r
++#ifndef OPENSSL_SYSNAME_UEFI\r
++# define OPENSSL_SYSNAME_UEFI\r
 +#endif\r
+ #ifndef OPENSSL_DOING_MAKEDEPEND\r
+ \r
+ \r
+@@ -152,7 +155,7 @@\r
+ #endif\r
  #endif\r
  \r
- #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)\r
-diff U3 crypto/err/err.c crypto/err/err.c\r
---- crypto/err/err.c\r
-+++ crypto/err/err.c\r
-@@ -1072,7 +1072,12 @@ void ERR_set_error_data(char *data, int flags)\r
-     es->err_data_flags[i] = flags;\r
- }\r
+-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)\r
++#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI)\r
+ #define CONFIG_HEADER_BN_H\r
+ #undef BN_LLONG\r
  \r
-+/* Add EFIAPI for UEFI version. */\r
-+#if defined(OPENSSL_SYS_UEFI)\r
-+void EFIAPI ERR_add_error_data(int num, ...)\r
-+#else\r
- void ERR_add_error_data(int num, ...)\r
-+#endif\r
- {\r
-     va_list args;\r
-     va_start(args, num);\r
-diff U3 crypto/err/err.h crypto/err/err.h\r
---- crypto/err/err.h\r
-+++ crypto/err/err.h\r
-@@ -344,7 +344,14 @@ void ERR_print_errors_fp(FILE *fp);\r
- # ifndef OPENSSL_NO_BIO\r
- void ERR_print_errors(BIO *bp);\r
+diff U3 e_os.h e_os.h\r
+--- e_os.h     Thu Jul 09 19:57:16 2015\r
++++ e_os.h     Thu Oct 29 16:54:10 2015\r
+@@ -136,7 +136,7 @@\r
+ #  define MSDOS\r
  # endif\r
-+\r
-+/* Add EFIAPI for UEFI version. */\r
-+#if defined(OPENSSL_SYS_UEFI)\r
-+void EFIAPI ERR_add_error_data(int num, ...);\r
-+#else\r
- void ERR_add_error_data(int num, ...);\r
-+#endif\r
-+\r
- void ERR_add_error_vdata(int num, va_list args);\r
- void ERR_load_strings(int lib, ERR_STRING_DATA str[]);\r
- void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);\r
+ \r
+-# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)\r
++# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)\r
+ #  define GETPID_IS_MEANINGLESS\r
+ # endif\r
+ \r
+diff U3 e_os2.h e_os2.h\r
+--- e_os2.h    Thu Jul 09 19:57:16 2015\r
++++ e_os2.h    Thu Oct 29 15:08:19 2015\r
+@@ -97,7 +97,14 @@\r
+  * For 32 bit environment, there seems to be the CygWin environment and then\r
+  * all the others that try to do the same thing Microsoft does...\r
+  */\r
+-# if defined(OPENSSL_SYSNAME_UWIN)\r
++/*\r
++ * UEFI lives here because it might be built with a Microsoft toolchain and\r
++ * we need to avoid the false positive match on Windows.\r
++ */\r
++# if defined(OPENSSL_SYSNAME_UEFI)\r
++#  undef OPENSSL_SYS_UNIX\r
++#  define OPENSSL_SYS_UEFI\r
++# elif defined(OPENSSL_SYSNAME_UWIN)\r
+ #  undef OPENSSL_SYS_UNIX\r
+ #  define OPENSSL_SYS_WIN32_UWIN\r
+ # else\r