+++ /dev/null
-Index: crypto/bio/bss_file.c\r
-===================================================================\r
---- crypto/bio/bss_file.c (revision 1)\r
-+++ crypto/bio/bss_file.c (working copy)\r
-@@ -428,6 +428,23 @@\r
- return(ret);\r
- }\r
- \r
-+#else\r
-+\r
-+BIO_METHOD *BIO_s_file(void)\r
-+ {\r
-+ return NULL;\r
-+ }\r
-+\r
-+BIO *BIO_new_file(const char *filename, const char *mode)\r
-+ {\r
-+ return NULL;\r
-+ }\r
-+\r
-+BIO *BIO_new_fp(FILE *stream, int close_flag)\r
-+ {\r
-+ return NULL;\r
-+ }\r
-+\r
- #endif /* OPENSSL_NO_STDIO */\r
- \r
- #endif /* HEADER_BSS_FILE_C */\r
-Index: crypto/crypto.h\r
-===================================================================\r
---- crypto/crypto.h (revision 1)\r
-+++ crypto/crypto.h (working copy)\r
-@@ -235,15 +235,15 @@\r
- #ifndef OPENSSL_NO_LOCKING\r
- #ifndef CRYPTO_w_lock\r
- #define CRYPTO_w_lock(type) \\r
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)\r
- #define CRYPTO_w_unlock(type) \\r
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)\r
- #define CRYPTO_r_lock(type) \\r
-- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
-+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)\r
- #define CRYPTO_r_unlock(type) \\r
-- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
-+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)\r
- #define CRYPTO_add(addr,amount,type) \\r
-- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
-+ CRYPTO_add_lock(addr,amount,type,NULL,0)\r
- #endif\r
- #else\r
- #define CRYPTO_w_lock(a)\r
-@@ -361,19 +361,19 @@\r
- #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)\r
- #define is_MemCheck_on() CRYPTO_is_mem_check_on()\r
- \r
--#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)\r
--#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)\r
-+#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)\r
-+#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)\r
- #define OPENSSL_realloc(addr,num) \\r
-- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)\r
-+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)\r
- #define OPENSSL_realloc_clean(addr,old_num,num) \\r
-- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)\r
-+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)\r
- #define OPENSSL_remalloc(addr,num) \\r
-- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)\r
-+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)\r
- #define OPENSSL_freeFunc CRYPTO_free\r
- #define OPENSSL_free(addr) CRYPTO_free(addr)\r
- \r
- #define OPENSSL_malloc_locked(num) \\r
-- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)\r
-+ CRYPTO_malloc_locked((int)num,NULL,0)\r
- #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)\r
- \r
- \r
-@@ -487,7 +487,7 @@\r
- long CRYPTO_get_mem_debug_options(void);\r
- \r
- #define CRYPTO_push_info(info) \\r
-- CRYPTO_push_info_(info, __FILE__, __LINE__);\r
-+ CRYPTO_push_info_(info, NULL, 0);\r
- int CRYPTO_push_info_(const char *info, const char *file, int line);\r
- int CRYPTO_pop_info(void);\r
- int CRYPTO_remove_all_info(void);\r
-@@ -528,17 +528,17 @@\r
- \r
- /* die if we have to */\r
- void OpenSSLDie(const char *file,int line,const char *assertion);\r
--#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))\r
-+#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))\r
- \r
- unsigned long *OPENSSL_ia32cap_loc(void);\r
- #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))\r
- int OPENSSL_isservice(void);\r
- \r
- #ifdef OPENSSL_FIPS\r
--#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \\r
-+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \\r
- alg " previous FIPS forbidden algorithm error ignored");\r
- \r
--#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \\r
-+#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \\r
- #alg " Algorithm forbidden in FIPS mode");\r
- \r
- #ifdef OPENSSL_FIPS_STRICT\r
-Index: crypto/err/err.c\r
-===================================================================\r
---- crypto/err/err.c (revision 1)\r
-+++ crypto/err/err.c (working copy)\r
-@@ -313,7 +313,12 @@\r
- es->err_data_flags[i]=flags;\r
- }\r
- \r
-+/* Add EFIAPI for UEFI version. */\r
-+#if defined(OPENSSL_SYS_UEFI)\r
-+void EFIAPI ERR_add_error_data(int num, ...)\r
-+#else\r
- void ERR_add_error_data(int num, ...)\r
-+#endif\r
- {\r
- va_list args;\r
- int i,n,s;\r
-Index: crypto/err/err.h\r
-===================================================================\r
---- crypto/err/err.h (revision 1)\r
-+++ crypto/err/err.h (working copy)\r
-@@ -286,8 +286,14 @@\r
- #endif\r
- #ifndef OPENSSL_NO_BIO\r
- void ERR_print_errors(BIO *bp);\r
-+\r
-+/* Add EFIAPI for UEFI version. */\r
-+#if defined(OPENSSL_SYS_UEFI)\r
-+void EFIAPI ERR_add_error_data(int num, ...);\r
-+#else\r
- void ERR_add_error_data(int num, ...);\r
- #endif\r
-+#endif\r
- void ERR_load_strings(int lib,ERR_STRING_DATA str[]);\r
- void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);\r
- void ERR_load_ERR_strings(void);\r
-Index: crypto/opensslconf.h\r
-===================================================================\r
---- crypto/opensslconf.h (revision 1)\r
-+++ crypto/opensslconf.h (working copy)\r
-@@ -162,6 +162,9 @@\r
- /* The prime number generation stuff may not work when\r
- * EIGHT_BIT but I don't care since I've only used this mode\r
- * for debuging the bignum libraries */\r
-+\r
-+/* Bypass following definition for UEFI version. */\r
-+#if !defined(OPENSSL_SYS_UEFI)\r
- #undef SIXTY_FOUR_BIT_LONG\r
- #undef SIXTY_FOUR_BIT\r
- #define THIRTY_TWO_BIT\r
-@@ -169,6 +172,8 @@\r
- #undef EIGHT_BIT\r
- #endif\r
- \r
-+#endif\r
-+\r
- #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)\r
- #define CONFIG_HEADER_RC4_LOCL_H\r
- /* if this is defined data[i] is used instead of *data, this is a %20\r
-Index: crypto/pkcs7/pk7_smime.c\r
-===================================================================\r
---- crypto/pkcs7/pk7_smime.c (revision 1)\r
-+++ crypto/pkcs7/pk7_smime.c (working copy)\r
-@@ -88,7 +88,10 @@\r
- if (!PKCS7_content_new(p7, NID_pkcs7_data))\r
- goto err;\r
- \r
-- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {\r
-+ /* \r
-+ NOTE: Update to SHA-256 digest algorithm for UEFI version.\r
-+ */\r
-+ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {\r
- PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);\r
- goto err;\r
- }\r
-@@ -173,7 +176,8 @@\r
- STACK_OF(PKCS7_SIGNER_INFO) *sinfos;\r
- PKCS7_SIGNER_INFO *si;\r
- X509_STORE_CTX cert_ctx;\r
-- char buf[4096];\r
-+ char *buf = NULL;\r
-+ int bufsiz;\r
- int i, j=0, k, ret = 0;\r
- BIO *p7bio;\r
- BIO *tmpin, *tmpout;\r
-@@ -284,10 +288,16 @@\r
- BIO_set_mem_eof_return(tmpout, 0);\r
- } else tmpout = out;\r
- \r
-+ bufsiz = 4096;\r
-+ buf = OPENSSL_malloc (bufsiz);\r
-+ if (buf == NULL) {\r
-+ goto err;\r
-+ }\r
-+\r
- /* We now have to 'read' from p7bio to calculate digests etc. */\r
- for (;;)\r
- {\r
-- i=BIO_read(p7bio,buf,sizeof(buf));\r
-+ i=BIO_read(p7bio,buf,bufsiz);\r
- if (i <= 0) break;\r
- if (tmpout) BIO_write(tmpout, buf, i);\r
- }\r
-@@ -326,6 +336,10 @@\r
- \r
- sk_X509_free(signers);\r
- \r
-+ if (buf != NULL) {\r
-+ OPENSSL_free (buf);\r
-+ }\r
-+\r
- return ret;\r
- }\r
- \r
-Index: crypto/rand/rand_egd.c\r
-===================================================================\r
---- crypto/rand/rand_egd.c (revision 1)\r
-+++ crypto/rand/rand_egd.c (working copy)\r
-@@ -95,7 +95,7 @@\r
- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.\r
- */\r
- \r
--#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)\r
-+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)\r
- int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)\r
- {\r
- return(-1);\r
-Index: crypto/rand/rand_unix.c\r
-===================================================================\r
---- crypto/rand/rand_unix.c (revision 1)\r
-+++ crypto/rand/rand_unix.c (working copy)\r
-@@ -116,7 +116,7 @@\r
- #include <openssl/rand.h>\r
- #include "rand_lcl.h"\r
- \r
--#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))\r
-+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))\r
- \r
- #include <sys/types.h>\r
- #include <sys/time.h>\r
-@@ -322,7 +322,7 @@\r
- #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */\r
- \r
- \r
--#if defined(OPENSSL_SYS_VXWORKS)\r
-+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)\r
- int RAND_poll(void)\r
- {\r
- return 0;\r
-Index: crypto/x509/x509_vfy.c\r
-===================================================================\r
---- crypto/x509/x509_vfy.c (revision 1)\r
-+++ crypto/x509/x509_vfy.c (working copy)\r
-@@ -899,6 +899,10 @@\r
- \r
- static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r
- {\r
-+#if defined(OPENSSL_SYS_UEFI)\r
-+ /* Bypass Certificate Time Checking for UEFI version. */\r
-+ return 1;\r
-+#else\r
- time_t *ptime;\r
- int i;\r
- \r
-@@ -942,6 +946,7 @@\r
- }\r
- \r
- return 1;\r
-+#endif \r
- }\r
- \r
- static int internal_verify(X509_STORE_CTX *ctx)\r
--- /dev/null
+Index: crypto/bio/bss_file.c\r
+===================================================================\r
+--- crypto/bio/bss_file.c (revision 1)\r
++++ crypto/bio/bss_file.c (working copy)\r
+@@ -428,6 +428,23 @@\r
+ return(ret);\r
+ }\r
+ \r
++#else\r
++\r
++BIO_METHOD *BIO_s_file(void)\r
++ {\r
++ return NULL;\r
++ }\r
++\r
++BIO *BIO_new_file(const char *filename, const char *mode)\r
++ {\r
++ return NULL;\r
++ }\r
++\r
++BIO *BIO_new_fp(FILE *stream, int close_flag)\r
++ {\r
++ return NULL;\r
++ }\r
++\r
+ #endif /* OPENSSL_NO_STDIO */\r
+ \r
+ #endif /* HEADER_BSS_FILE_C */\r
+Index: crypto/crypto.h\r
+===================================================================\r
+--- crypto/crypto.h (revision 1)\r
++++ crypto/crypto.h (working copy)\r
+@@ -235,15 +235,15 @@\r
+ #ifndef OPENSSL_NO_LOCKING\r
+ #ifndef CRYPTO_w_lock\r
+ #define CRYPTO_w_lock(type) \\r
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)\r
+ #define CRYPTO_w_unlock(type) \\r
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)\r
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)\r
+ #define CRYPTO_r_lock(type) \\r
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)\r
+ #define CRYPTO_r_unlock(type) \\r
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)\r
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)\r
+ #define CRYPTO_add(addr,amount,type) \\r
+- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)\r
++ CRYPTO_add_lock(addr,amount,type,NULL,0)\r
+ #endif\r
+ #else\r
+ #define CRYPTO_w_lock(a)\r
+@@ -361,19 +361,19 @@\r
+ #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)\r
+ #define is_MemCheck_on() CRYPTO_is_mem_check_on()\r
+ \r
+-#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)\r
+-#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)\r
++#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)\r
++#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)\r
+ #define OPENSSL_realloc(addr,num) \\r
+- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)\r
++ CRYPTO_realloc((char *)addr,(int)num,NULL,0)\r
+ #define OPENSSL_realloc_clean(addr,old_num,num) \\r
+- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)\r
++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)\r
+ #define OPENSSL_remalloc(addr,num) \\r
+- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)\r
++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)\r
+ #define OPENSSL_freeFunc CRYPTO_free\r
+ #define OPENSSL_free(addr) CRYPTO_free(addr)\r
+ \r
+ #define OPENSSL_malloc_locked(num) \\r
+- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)\r
++ CRYPTO_malloc_locked((int)num,NULL,0)\r
+ #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)\r
+ \r
+ \r
+@@ -487,7 +487,7 @@\r
+ long CRYPTO_get_mem_debug_options(void);\r
+ \r
+ #define CRYPTO_push_info(info) \\r
+- CRYPTO_push_info_(info, __FILE__, __LINE__);\r
++ CRYPTO_push_info_(info, NULL, 0);\r
+ int CRYPTO_push_info_(const char *info, const char *file, int line);\r
+ int CRYPTO_pop_info(void);\r
+ int CRYPTO_remove_all_info(void);\r
+@@ -528,17 +528,17 @@\r
+ \r
+ /* die if we have to */\r
+ void OpenSSLDie(const char *file,int line,const char *assertion);\r
+-#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))\r
++#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))\r
+ \r
+ unsigned long *OPENSSL_ia32cap_loc(void);\r
+ #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))\r
+ int OPENSSL_isservice(void);\r
+ \r
+ #ifdef OPENSSL_FIPS\r
+-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \\r
++#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \\r
+ alg " previous FIPS forbidden algorithm error ignored");\r
+ \r
+-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \\r
++#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \\r
+ #alg " Algorithm forbidden in FIPS mode");\r
+ \r
+ #ifdef OPENSSL_FIPS_STRICT\r
+Index: crypto/err/err.c\r
+===================================================================\r
+--- crypto/err/err.c (revision 1)\r
++++ crypto/err/err.c (working copy)\r
+@@ -313,7 +313,12 @@\r
+ es->err_data_flags[i]=flags;\r
+ }\r
+ \r
++/* Add EFIAPI for UEFI version. */\r
++#if defined(OPENSSL_SYS_UEFI)\r
++void EFIAPI ERR_add_error_data(int num, ...)\r
++#else\r
+ void ERR_add_error_data(int num, ...)\r
++#endif\r
+ {\r
+ va_list args;\r
+ int i,n,s;\r
+Index: crypto/err/err.h\r
+===================================================================\r
+--- crypto/err/err.h (revision 1)\r
++++ crypto/err/err.h (working copy)\r
+@@ -286,8 +286,14 @@\r
+ #endif\r
+ #ifndef OPENSSL_NO_BIO\r
+ void ERR_print_errors(BIO *bp);\r
++\r
++/* Add EFIAPI for UEFI version. */\r
++#if defined(OPENSSL_SYS_UEFI)\r
++void EFIAPI ERR_add_error_data(int num, ...);\r
++#else\r
+ void ERR_add_error_data(int num, ...);\r
+ #endif\r
++#endif\r
+ void ERR_load_strings(int lib,ERR_STRING_DATA str[]);\r
+ void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);\r
+ void ERR_load_ERR_strings(void);\r
+Index: crypto/opensslconf.h\r
+===================================================================\r
+--- crypto/opensslconf.h (revision 1)\r
++++ crypto/opensslconf.h (working copy)\r
+@@ -162,6 +162,9 @@\r
+ /* The prime number generation stuff may not work when\r
+ * EIGHT_BIT but I don't care since I've only used this mode\r
+ * for debuging the bignum libraries */\r
++\r
++/* Bypass following definition for UEFI version. */\r
++#if !defined(OPENSSL_SYS_UEFI)\r
+ #undef SIXTY_FOUR_BIT_LONG\r
+ #undef SIXTY_FOUR_BIT\r
+ #define THIRTY_TWO_BIT\r
+@@ -169,6 +172,8 @@\r
+ #undef EIGHT_BIT\r
+ #endif\r
+ \r
++#endif\r
++\r
+ #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)\r
+ #define CONFIG_HEADER_RC4_LOCL_H\r
+ /* if this is defined data[i] is used instead of *data, this is a %20\r
+Index: crypto/pkcs7/pk7_smime.c\r
+===================================================================\r
+--- crypto/pkcs7/pk7_smime.c (revision 1)\r
++++ crypto/pkcs7/pk7_smime.c (working copy)\r
+@@ -88,7 +88,10 @@\r
+ if (!PKCS7_content_new(p7, NID_pkcs7_data))\r
+ goto err;\r
+ \r
+- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {\r
++ /* \r
++ NOTE: Update to SHA-256 digest algorithm for UEFI version.\r
++ */\r
++ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {\r
+ PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);\r
+ goto err;\r
+ }\r
+@@ -173,7 +176,8 @@\r
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;\r
+ PKCS7_SIGNER_INFO *si;\r
+ X509_STORE_CTX cert_ctx;\r
+- char buf[4096];\r
++ char *buf = NULL;\r
++ int bufsiz;\r
+ int i, j=0, k, ret = 0;\r
+ BIO *p7bio;\r
+ BIO *tmpin, *tmpout;\r
+@@ -284,10 +288,16 @@\r
+ BIO_set_mem_eof_return(tmpout, 0);\r
+ } else tmpout = out;\r
+ \r
++ bufsiz = 4096;\r
++ buf = OPENSSL_malloc (bufsiz);\r
++ if (buf == NULL) {\r
++ goto err;\r
++ }\r
++\r
+ /* We now have to 'read' from p7bio to calculate digests etc. */\r
+ for (;;)\r
+ {\r
+- i=BIO_read(p7bio,buf,sizeof(buf));\r
++ i=BIO_read(p7bio,buf,bufsiz);\r
+ if (i <= 0) break;\r
+ if (tmpout) BIO_write(tmpout, buf, i);\r
+ }\r
+@@ -326,6 +336,10 @@\r
+ \r
+ sk_X509_free(signers);\r
+ \r
++ if (buf != NULL) {\r
++ OPENSSL_free (buf);\r
++ }\r
++\r
+ return ret;\r
+ }\r
+ \r
+Index: crypto/rand/rand_egd.c\r
+===================================================================\r
+--- crypto/rand/rand_egd.c (revision 1)\r
++++ crypto/rand/rand_egd.c (working copy)\r
+@@ -95,7 +95,7 @@\r
+ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.\r
+ */\r
+ \r
+-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)\r
++#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)\r
+ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)\r
+ {\r
+ return(-1);\r
+Index: crypto/rand/rand_unix.c\r
+===================================================================\r
+--- crypto/rand/rand_unix.c (revision 1)\r
++++ crypto/rand/rand_unix.c (working copy)\r
+@@ -116,7 +116,7 @@\r
+ #include <openssl/rand.h>\r
+ #include "rand_lcl.h"\r
+ \r
+-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))\r
++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))\r
+ \r
+ #include <sys/types.h>\r
+ #include <sys/time.h>\r
+@@ -322,7 +322,7 @@\r
+ #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */\r
+ \r
+ \r
+-#if defined(OPENSSL_SYS_VXWORKS)\r
++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)\r
+ int RAND_poll(void)\r
+ {\r
+ return 0;\r
+Index: crypto/x509/x509_vfy.c\r
+===================================================================\r
+--- crypto/x509/x509_vfy.c (revision 1)\r
++++ crypto/x509/x509_vfy.c (working copy)\r
+@@ -899,6 +899,10 @@\r
+ \r
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r
+ {\r
++#if defined(OPENSSL_SYS_UEFI)\r
++ /* Bypass Certificate Time Checking for UEFI version. */\r
++ return 1;\r
++#else\r
+ time_t *ptime;\r
+ int i;\r
+ \r
+@@ -942,6 +946,7 @@\r
+ }\r
+ \r
+ return 1;\r
++#endif \r
+ }\r
+ \r
+ static int internal_verify(X509_STORE_CTX *ctx)\r
-cd openssl-0.9.8za\r
+cd openssl-0.9.8zb\r
copy e_os2.h ..\..\..\Include\openssl\r
copy crypto\crypto.h ..\..\..\Include\openssl\r
copy crypto\tmdiff.h ..\..\..\Include\openssl\r
#!/bin/sh
-cd openssl-0.9.8za
+cd openssl-0.9.8zb
cp e_os2.h ../../../Include/openssl
cp crypto/crypto.h ../../../Include/openssl
cp crypto/tmdiff.h ../../../Include/openssl
MODULE_TYPE = BASE\r
VERSION_STRING = 1.0\r
LIBRARY_CLASS = OpensslLib\r
- DEFINE OPENSSL_PATH = openssl-0.9.8za\r
+ DEFINE OPENSSL_PATH = openssl-0.9.8zb\r
DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM\r
DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_MD2 -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ENGINE\r
\r
================================================================================\r
OpenSSL-Version\r
================================================================================\r
- Current supported OpenSSL version for UEFI Crypto Library is 0.9.8za.\r
- http://www.openssl.org/source/openssl-0.9.8za.tar.gz\r
+ Current supported OpenSSL version for UEFI Crypto Library is 0.9.8zb.\r
+ http://www.openssl.org/source/openssl-0.9.8zb.tar.gz\r
\r
\r
================================================================================\r
HOW to Install Openssl for UEFI Building\r
================================================================================\r
-1. Download OpenSSL 0.9.8za from official website:\r
- http://www.openssl.org/source/openssl-0.9.8za.tar.gz\r
+1. Download OpenSSL 0.9.8zb from official website:\r
+ http://www.openssl.org/source/openssl-0.9.8zb.tar.gz\r
\r
- NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8za.tar.tar.\r
- When you do the download, rename the "openssl-0.9.8za.tar.tar" to\r
- "openssl-0.9.8za.tar.gz" or rename the local downloaded file with ".tar.tar"\r
+ NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8zb.tar.tar.\r
+ When you do the download, rename the "openssl-0.9.8zb.tar.tar" to\r
+ "openssl-0.9.8zb.tar.gz" or rename the local downloaded file with ".tar.tar"\r
extension to ".tar.gz".\r
\r
-2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8za\r
+2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8zb\r
\r
NOTE: If you use WinZip to unpack the openssl source in Windows, please \r
uncheck the WinZip smart CR/LF conversion option (WINZIP: Options --> \r
Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion").\r
\r
-3. Apply this patch: EDKII_openssl-0.9.8za.patch, and make installation\r
+3. Apply this patch: EDKII_openssl-0.9.8zb.patch, and make installation\r
\r
For Windows Environment:\r
------------------------\r
1) Make sure the patch utility has been installed in your machine.\r
Install Cygwin or get the patch utility binary from \r
http://gnuwin32.sourceforge.net/packages/patch.htm\r
- 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8za\r
- 3) patch -p0 -i ..\EDKII_openssl-0.9.8za.patch\r
+ 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8zb\r
+ 3) patch -p0 -i ..\EDKII_openssl-0.9.8zb.patch\r
4) cd ..\r
5) Install.cmd\r
\r
-----------------------\r
1) Make sure the patch utility has been installed in your machine.\r
Patch utility is available from http://directory.fsf.org/project/patch/\r
- 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8za\r
- 3) patch -p0 -i ../EDKII_openssl-0.9.8za.patch\r
+ 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8zb\r
+ 3) patch -p0 -i ../EDKII_openssl-0.9.8zb.patch\r
4) cd ..\r
5) ./Install.sh\r
\r
projects / mirror_edk2.git / commitdiff