On 10 June 2015 at 12:22, Ard Biesheuvel <[email protected]> wrote:
> On 10 June 2015 at 04:21, qlong <[email protected]> wrote:
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Long, Qin <[email protected]>
>> Signed-off-by: qlong <[email protected]>
>
> Reviewed-by: Ard Biesheuvel <[email protected]>
>
I do have a question, though. Why does the underlying patch replace
__FILE__ and __LINE__ references? These macros appear in MdeModulePkg
unconditionally, so I suppose all supported toolchains can deal with
them
>> ---
>> .../Library/OpensslLib/EDKII_openssl-0.9.8zf.patch | 279 ----------------
>> .../Library/OpensslLib/EDKII_openssl-1.0.2a.patch | 358
>> +++++++++++++++++++++
>> 2 files changed, 358 insertions(+), 279 deletions(-)
>> delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
>> create mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
>>
>> diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
>> b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
>> deleted file mode 100644
>> index 4abe62c..0000000
>> --- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch
>> +++ /dev/null
>> @@ -1,279 +0,0 @@
>> -Index: crypto/bio/bss_file.c
>> -===================================================================
>> ---- crypto/bio/bss_file.c (revision 1)
>> -+++ crypto/bio/bss_file.c (working copy)
>> -@@ -418,6 +418,23 @@
>> - return (ret);
>> - }
>> -
>> -+#else
>> -+
>> -+BIO_METHOD *BIO_s_file(void)
>> -+{
>> -+ return NULL;
>> -+}
>> -+
>> -+BIO *BIO_new_file(const char *filename, const char *mode)
>> -+{
>> -+ return NULL;
>> -+}
>> -+
>> -+BIO *BIO_new_fp(FILE *stream, int close_flag)
>> -+{
>> -+ return NULL;
>> -+}
>> -+
>> - # endif /* OPENSSL_NO_STDIO */
>> -
>> - #endif /* HEADER_BSS_FILE_C */
>> -Index: crypto/crypto.h
>> -===================================================================
>> ---- crypto/crypto.h (revision 1)
>> -+++ crypto/crypto.h (working copy)
>> -@@ -239,15 +239,15 @@
>> - # ifndef OPENSSL_NO_LOCKING
>> - # ifndef CRYPTO_w_lock
>> - # define CRYPTO_w_lock(type) \
>> -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
>> -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
>> - # define CRYPTO_w_unlock(type) \
>> -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
>> -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
>> - # define CRYPTO_r_lock(type) \
>> -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
>> -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
>> - # define CRYPTO_r_unlock(type) \
>> -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
>> -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
>> - # define CRYPTO_add(addr,amount,type) \
>> -- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
>> -+ CRYPTO_add_lock(addr,amount,type,NULL,0)
>> - # endif
>> - # else
>> - # define CRYPTO_w_lock(a)
>> -@@ -374,19 +374,19 @@
>> - # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
>> - # define is_MemCheck_on() CRYPTO_is_mem_check_on()
>> -
>> --# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
>> --# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
>> -+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
>> -+# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
>> - # define OPENSSL_realloc(addr,num) \
>> -- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
>> -+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
>> - # define OPENSSL_realloc_clean(addr,old_num,num) \
>> -- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
>> -+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
>> - # define OPENSSL_remalloc(addr,num) \
>> -- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
>> -+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
>> - # define OPENSSL_freeFunc CRYPTO_free
>> - # define OPENSSL_free(addr) CRYPTO_free(addr)
>> -
>> - # define OPENSSL_malloc_locked(num) \
>> -- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
>> -+ CRYPTO_malloc_locked((int)num,NULL,0)
>> - # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
>> -
>> - const char *SSLeay_version(int type);
>> -@@ -531,7 +531,7 @@
>> - long CRYPTO_get_mem_debug_options(void);
>> -
>> - # define CRYPTO_push_info(info) \
>> -- CRYPTO_push_info_(info, __FILE__, __LINE__);
>> -+ CRYPTO_push_info_(info, NULL, 0);
>> - int CRYPTO_push_info_(const char *info, const char *file, int line);
>> - int CRYPTO_pop_info(void);
>> - int CRYPTO_remove_all_info(void);
>> -@@ -578,7 +578,7 @@
>> -
>> - /* die if we have to */
>> - void OpenSSLDie(const char *file, int line, const char *assertion);
>> --# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__,
>> __LINE__, #e),1))
>> -+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0,
>> #e),1))
>> -
>> - unsigned long *OPENSSL_ia32cap_loc(void);
>> - # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
>> -@@ -585,10 +585,10 @@
>> - int OPENSSL_isservice(void);
>> -
>> - # ifdef OPENSSL_FIPS
>> --# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
>> -+# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
>> - alg " previous FIPS forbidden algorithm error ignored");
>> -
>> --# define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
>> -+# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
>> - #alg " Algorithm forbidden in FIPS mode");
>> -
>> - # ifdef OPENSSL_FIPS_STRICT
>> -Index: crypto/err/err.c
>> -===================================================================
>> ---- crypto/err/err.c (revision 1)
>> -+++ crypto/err/err.c (working copy)
>> -@@ -321,7 +321,12 @@
>> - es->err_data_flags[i] = flags;
>> - }
>> -
>> -+/* Add EFIAPI for UEFI version. */
>> -+#if defined(OPENSSL_SYS_UEFI)
>> -+void EFIAPI ERR_add_error_data(int num, ...)
>> -+#else
>> - void ERR_add_error_data(int num, ...)
>> -+#endif
>> - {
>> - va_list args;
>> - int i, n, s;
>> -Index: crypto/err/err.h
>> -===================================================================
>> ---- crypto/err/err.h (revision 1)
>> -+++ crypto/err/err.h (working copy)
>> -@@ -285,7 +285,13 @@
>> - # endif
>> - # ifndef OPENSSL_NO_BIO
>> - void ERR_print_errors(BIO *bp);
>> -+
>> -+/* Add EFIAPI for UEFI version. */
>> -+#if defined(OPENSSL_SYS_UEFI)
>> -+void EFIAPI ERR_add_error_data(int num, ...);
>> -+#else
>> - void ERR_add_error_data(int num, ...);
>> -+#endif
>> - # endif
>> - void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
>> - void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
>> -Index: crypto/opensslconf.h
>> -===================================================================
>> ---- crypto/opensslconf.h (revision 1)
>> -+++ crypto/opensslconf.h (working copy)
>> -@@ -162,6 +162,9 @@
>> - /* The prime number generation stuff may not work when
>> - * EIGHT_BIT but I don't care since I've only used this mode
>> - * for debuging the bignum libraries */
>> -+
>> -+/* Bypass following definition for UEFI version. */
>> -+#if !defined(OPENSSL_SYS_UEFI)
>> - #undef SIXTY_FOUR_BIT_LONG
>> - #undef SIXTY_FOUR_BIT
>> - #define THIRTY_TWO_BIT
>> -@@ -169,6 +172,8 @@
>> - #undef EIGHT_BIT
>> - #endif
>> -
>> -+#endif
>> -+
>> - #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
>> - #define CONFIG_HEADER_RC4_LOCL_H
>> - /* if this is defined data[i] is used instead of *data, this is a %20
>> -Index: crypto/pkcs7/pk7_smime.c
>> -===================================================================
>> ---- crypto/pkcs7/pk7_smime.c (revision 1)
>> -+++ crypto/pkcs7/pk7_smime.c (working copy)
>> -@@ -90,7 +90,14 @@
>> - if (!PKCS7_content_new(p7, NID_pkcs7_data))
>> - goto err;
>> -
>> -+#if defined(OPENSSL_SYS_UEFI)
>> -+ /*
>> -+ * NOTE: Update to SHA-256 digest algorithm for UEFI version.
>> -+ */
>> -+ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha256()))) {
>> -+#else
>> - if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) {
>> -+#endif
>> - PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
>> - goto err;
>> - }
>> -@@ -175,7 +182,8 @@
>> - STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
>> - PKCS7_SIGNER_INFO *si;
>> - X509_STORE_CTX cert_ctx;
>> -- char buf[4096];
>> -+ char *buf = NULL;
>> -+ int bufsiz;
>> - int i, j = 0, k, ret = 0;
>> - BIO *p7bio;
>> - BIO *tmpin, *tmpout;
>> -@@ -286,6 +294,12 @@
>> - } else
>> - tmpout = out;
>> -
>> -+ bufsiz = 4096;
>> -+ buf = OPENSSL_malloc (bufsiz);
>> -+ if (buf == NULL) {
>> -+ goto err;
>> -+ }
>> -+
>> - /* We now have to 'read' from p7bio to calculate digests etc. */
>> - for (;;) {
>> - i = BIO_read(p7bio, buf, sizeof(buf));
>> -@@ -328,6 +342,10 @@
>> -
>> - sk_X509_free(signers);
>> -
>> -+ if (buf != NULL) {
>> -+ OPENSSL_free (buf);
>> -+ }
>> -+
>> - return ret;
>> - }
>> -
>> -Index: crypto/rand/rand_egd.c
>> -===================================================================
>> ---- crypto/rand/rand_egd.c (revision 1)
>> -+++ crypto/rand/rand_egd.c (working copy)
>> -@@ -95,7 +95,7 @@
>> - * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
>> - */
>> -
>> --#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
>> defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) ||
>> defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
>> -+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
>> defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) ||
>> defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) ||
>> defined(OPENSSL_SYS_UEFI)
>> - int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
>> - {
>> - return (-1);
>> -Index: crypto/rand/rand_unix.c
>> -===================================================================
>> ---- crypto/rand/rand_unix.c (revision 1)
>> -+++ crypto/rand/rand_unix.c (working copy)
>> -@@ -116,7 +116,7 @@
>> - #include <openssl/rand.h>
>> - #include "rand_lcl.h"
>> -
>> --#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
>> defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
>> defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
>> -+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
>> defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
>> defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) ||
>> defined(OPENSSL_SYS_UEFI))
>> -
>> - # include <sys/types.h>
>> - # include <sys/time.h>
>> -@@ -332,7 +332,7 @@
>> - * defined(OPENSSL_SYS_VXWORKS) ||
>> - * defined(OPENSSL_SYS_NETWARE)) */
>> -
>> --#if defined(OPENSSL_SYS_VXWORKS)
>> -+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
>> - int RAND_poll(void)
>> - {
>> - return 0;
>> -Index: crypto/x509/x509_vfy.c
>> -===================================================================
>> ---- crypto/x509/x509_vfy.c (revision 1)
>> -+++ crypto/x509/x509_vfy.c (working copy)
>> -@@ -871,6 +871,10 @@
>> -
>> - static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
>> - {
>> -+#if defined(OPENSSL_SYS_UEFI)
>> -+ /* Bypass Certificate Time Checking for UEFI version. */
>> -+ return 1;
>> -+#else
>> - time_t *ptime;
>> - int i;
>> -
>> -@@ -910,6 +914,7 @@
>> - }
>> -
>> - return 1;
>> -+#endif
>> - }
>> -
>> - static int internal_verify(X509_STORE_CTX *ctx)
>> diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
>> b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
>> new file mode 100644
>> index 0000000..55056ec
>> --- /dev/null
>> +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch
>> @@ -0,0 +1,358 @@
>> +diff U3 crypto/bio/bio.h crypto/bio/bio.h
>> +--- crypto/bio/bio.h Wed Jun 03 21:29:20 2015
>> ++++ crypto/bio/bio.h Thu Jun 04 16:28:25 2015
>> +@@ -646,10 +646,10 @@
>> + int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
>> + asn1_ps_func **psuffix_free);
>> +
>> +-# ifndef OPENSSL_NO_FP_API
>> + BIO_METHOD *BIO_s_file(void);
>> + BIO *BIO_new_file(const char *filename, const char *mode);
>> + BIO *BIO_new_fp(FILE *stream, int close_flag);
>> ++# ifndef OPENSSL_NO_FP_API
>> + # define BIO_s_file_internal BIO_s_file
>> + # endif
>> + BIO *BIO_new(BIO_METHOD *type);
>> +diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c
>> +--- crypto/bio/bss_file.c Wed Jun 03 21:29:20 2015
>> ++++ crypto/bio/bss_file.c Thu Jun 04 16:29:18 2015
>> +@@ -460,6 +460,23 @@
>> + return (ret);
>> + }
>> +
>> ++# else
>> ++
>> ++BIO_METHOD *BIO_s_file(void)
>> ++{
>> ++ return NULL;
>> ++}
>> ++
>> ++BIO *BIO_new_file(const char *filename, const char *mode)
>> ++{
>> ++ return NULL;
>> ++}
>> ++
>> ++BIO *BIO_new_fp(FILE *stream, int close_flag)
>> ++{
>> ++ return NULL;
>> ++}
>> ++
>> + # endif /* OPENSSL_NO_STDIO */
>> +
>> + #endif /* HEADER_BSS_FILE_C */
>> +diff U3 crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c
>> +--- crypto/dh/dh_pmeth.c Wed Jun 03 21:29:20 2015
>> ++++ crypto/dh/dh_pmeth.c Thu Jun 04 16:30:17 2015
>> +@@ -449,6 +449,9 @@
>> + *keylen = ret;
>> + return 1;
>> + } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
>> ++#ifdef OPENSSL_NO_CMS
>> ++ return 0;
>> ++#else
>> + unsigned char *Z = NULL;
>> + size_t Zlen = 0;
>> + if (!dctx->kdf_outlen || !dctx->kdf_oid)
>> +@@ -478,6 +481,7 @@
>> + OPENSSL_free(Z);
>> + }
>> + return ret;
>> ++#endif
>> + }
>> + return 1;
>> + }
>> +diff U3 crypto/pem/pem.h crypto/pem/pem.h
>> +--- crypto/pem/pem.h Wed Jun 03 21:29:20 2015
>> ++++ crypto/pem/pem.h Thu Jun 04 16:31:08 2015
>> +@@ -324,6 +324,7 @@
>> +
>> + # define DECLARE_PEM_read_fp(name, type) /**/
>> + # define DECLARE_PEM_write_fp(name, type) /**/
>> ++# define DECLARE_PEM_write_fp_const(name, type) /**/
>> + # define DECLARE_PEM_write_cb_fp(name, type) /**/
>> + # else
>> +
>> +diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
>> +--- crypto/pkcs7/pk7_smime.c Wed Jun 03 21:29:20 2015
>> ++++ crypto/pkcs7/pk7_smime.c Thu Jun 04 16:34:03 2015
>> +@@ -254,7 +254,8 @@
>> + STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
>> + PKCS7_SIGNER_INFO *si;
>> + X509_STORE_CTX cert_ctx;
>> +- char buf[4096];
>> ++ char *buf = NULL;
>> ++ int bufsiz;
>> + int i, j = 0, k, ret = 0;
>> + BIO *p7bio;
>> + BIO *tmpin, *tmpout;
>> +@@ -365,9 +366,14 @@
>> + } else
>> + tmpout = out;
>> +
>> ++ bufsiz = 4096;
>> ++ buf = OPENSSL_malloc (bufsiz);
>> ++ if (buf == NULL) {
>> ++ goto err;
>> ++ }
>> + /* We now have to 'read' from p7bio to calculate digests etc. */
>> + for (;;) {
>> +- i = BIO_read(p7bio, buf, sizeof(buf));
>> ++ i = BIO_read(p7bio, buf, bufsiz);
>> + if (i <= 0)
>> + break;
>> + if (tmpout)
>> +@@ -406,6 +412,10 @@
>> + BIO_free_all(p7bio);
>> +
>> + sk_X509_free(signers);
>> ++
>> ++ if (buf != NULL) {
>> ++ OPENSSL_free (buf);
>> ++ }
>> +
>> + return ret;
>> + }
>> +diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c
>> +--- crypto/rand/rand_unix.c Wed Jun 03 21:29:20 2015
>> ++++ crypto/rand/rand_unix.c Thu Jun 04 16:34:58 2015
>> +@@ -116,7 +116,7 @@
>> + #include <openssl/rand.h>
>> + #include "rand_lcl.h"
>> +
>> +-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
>> defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
>> defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
>> ++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ||
>> defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ||
>> defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) ||
>> defined(OPENSSL_SYS_UEFI))
>> +
>> + # include <sys/types.h>
>> + # include <sys/time.h>
>> +@@ -439,7 +439,7 @@
>> + * defined(OPENSSL_SYS_VXWORKS) ||
>> + * defined(OPENSSL_SYS_NETWARE)) */
>> +
>> +-#if defined(OPENSSL_SYS_VXWORKS)
>> ++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
>> + int RAND_poll(void)
>> + {
>> + return 0;
>> +diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c
>> +--- crypto/rsa/rsa_ameth.c Wed Jun 03 21:29:20 2015
>> ++++ crypto/rsa/rsa_ameth.c Thu Jun 04 16:36:28 2015
>> +@@ -68,10 +68,12 @@
>> + #endif
>> + #include "asn1_locl.h"
>> +
>> ++#ifndef OPENSSL_NO_CMS
>> + static int rsa_cms_sign(CMS_SignerInfo *si);
>> + static int rsa_cms_verify(CMS_SignerInfo *si);
>> + static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
>> + static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
>> ++#endif
>> +
>> + static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
>> + {
>> +@@ -665,6 +667,7 @@
>> + return rv;
>> + }
>> +
>> ++#ifndef OPENSSL_NO_CMS
>> + static int rsa_cms_verify(CMS_SignerInfo *si)
>> + {
>> + int nid, nid2;
>> +@@ -683,6 +686,7 @@
>> + }
>> + return 0;
>> + }
>> ++#endif
>> +
>> + /*
>> + * Customised RSA item verification routine. This is called when a
>> signature
>> +@@ -705,6 +709,7 @@
>> + return -1;
>> + }
>> +
>> ++#ifndef OPENSSL_NO_CMS
>> + static int rsa_cms_sign(CMS_SignerInfo *si)
>> + {
>> + int pad_mode = RSA_PKCS1_PADDING;
>> +@@ -729,6 +734,7 @@
>> + X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
>> + return 1;
>> + }
>> ++#endif
>> +
>> + static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
>> + X509_ALGOR *alg1, X509_ALGOR *alg2,
>> +@@ -785,6 +791,7 @@
>> + return pss;
>> + }
>> +
>> ++#ifndef OPENSSL_NO_CMS
>> + static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
>> + {
>> + EVP_PKEY_CTX *pkctx;
>> +@@ -857,7 +864,9 @@
>> + X509_ALGOR_free(maskHash);
>> + return rv;
>> + }
>> ++#endif
>> +
>> ++#ifndef OPENSSL_NO_CMS
>> + static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
>> + {
>> + const EVP_MD *md, *mgf1md;
>> +@@ -920,6 +929,7 @@
>> + ASN1_STRING_free(os);
>> + return rv;
>> + }
>> ++#endif
>> +
>> + const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
>> + {
>> +diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
>> +--- crypto/x509/x509_vfy.c Wed Jun 03 21:29:20 2015
>> ++++ crypto/x509/x509_vfy.c Thu Jun 04 16:37:39 2015
>> +@@ -1610,6 +1610,10 @@
>> +
>> + static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
>> + {
>> ++#if defined(OPENSSL_SYS_UEFI)
>> ++ /* Bypass Certificate Time Checking for UEFI version. */
>> ++ return 1;
>> ++#else
>> + time_t *ptime;
>> + int i;
>> +
>> +@@ -1649,6 +1653,7 @@
>> + }
>> +
>> + return 1;
>> ++#endif
>> + }
>> +
>> + static int internal_verify(X509_STORE_CTX *ctx)
>> +diff U3 crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c
>> +--- crypto/x509/x509_vpm.c Wed Jun 03 21:29:20 2015
>> ++++ crypto/x509/x509_vpm.c Thu Jun 04 16:40:04 2015
>> +@@ -175,7 +175,7 @@
>> + param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
>> + if (!param)
>> + return NULL;
>> +- paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
>> ++ paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM_ID));
>> + if (!paramid) {
>> + OPENSSL_free(param);
>> + return NULL;
>> +diff U3 crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h
>> +--- crypto/x509v3/ext_dat.h Wed Jun 03 21:29:20 2015
>> ++++ crypto/x509v3/ext_dat.h Thu Jun 04 16:38:15 2015
>> +@@ -127,8 +127,10 @@
>> + &v3_idp,
>> + &v3_alt[2],
>> + &v3_freshest_crl,
>> ++#ifndef OPENSSL_SYS_UEFI
>> + &v3_ct_scts[0],
>> + &v3_ct_scts[1],
>> ++#endif
>> + };
>> +
>> + /* Number of standard extensions */
>> +diff U3 crypto/crypto.h crypto/crypto.h
>> +--- crypto/crypto.h Wed Jun 03 21:29:20 2015
>> ++++ crypto/crypto.h Thu Jun 04 16:25:21 2015
>> +@@ -235,15 +235,15 @@
>> + # ifndef OPENSSL_NO_LOCKING
>> + # ifndef CRYPTO_w_lock
>> + # define CRYPTO_w_lock(type) \
>> +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
>> ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
>> + # define CRYPTO_w_unlock(type) \
>> +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
>> ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
>> + # define CRYPTO_r_lock(type) \
>> +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
>> ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
>> + # define CRYPTO_r_unlock(type) \
>> +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
>> ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
>> + # define CRYPTO_add(addr,amount,type) \
>> +- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
>> ++ CRYPTO_add_lock(addr,amount,type,NULL,0)
>> + # endif
>> + # else
>> + # define CRYPTO_w_lock(a)
>> +@@ -378,19 +378,19 @@
>> + # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
>> + # define is_MemCheck_on() CRYPTO_is_mem_check_on()
>> +
>> +-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
>> +-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
>> ++# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
>> ++# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
>> + # define OPENSSL_realloc(addr,num) \
>> +- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
>> ++ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
>> + # define OPENSSL_realloc_clean(addr,old_num,num) \
>> +- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
>> ++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
>> + # define OPENSSL_remalloc(addr,num) \
>> +- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
>> ++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
>> + # define OPENSSL_freeFunc CRYPTO_free
>> + # define OPENSSL_free(addr) CRYPTO_free(addr)
>> +
>> + # define OPENSSL_malloc_locked(num) \
>> +- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
>> ++ CRYPTO_malloc_locked((int)num,NULL,0)
>> + # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
>> +
>> + const char *SSLeay_version(int type);
>> +@@ -545,7 +545,7 @@
>> + long CRYPTO_get_mem_debug_options(void);
>> +
>> + # define CRYPTO_push_info(info) \
>> +- CRYPTO_push_info_(info, __FILE__, __LINE__);
>> ++ CRYPTO_push_info_(info, NULL, 0);
>> + int CRYPTO_push_info_(const char *info, const char *file, int line);
>> + int CRYPTO_pop_info(void);
>> + int CRYPTO_remove_all_info(void);
>> +@@ -588,7 +588,7 @@
>> +
>> + /* die if we have to */
>> + void OpenSSLDie(const char *file, int line, const char *assertion);
>> +-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__,
>> __LINE__, #e),1))
>> ++# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0,
>> #e),1))
>> +
>> + unsigned long *OPENSSL_ia32cap_loc(void);
>> + # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
>> +@@ -605,14 +605,14 @@
>> + # define fips_md_init_ctx(alg, cx) \
>> + int alg##_Init(cx##_CTX *c) \
>> + { \
>> +- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
>> ++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \
>> + "Low level API call to digest " #alg " forbidden in FIPS
>> mode!"); \
>> + return private_##alg##_Init(c); \
>> + } \
>> + int private_##alg##_Init(cx##_CTX *c)
>> +
>> + # define fips_cipher_abort(alg) \
>> +- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
>> ++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \
>> + "Low level API call to cipher " #alg " forbidden in FIPS
>> mode!")
>> +
>> + # else
>> +diff U3 crypto/opensslconf.h crypto/opensslconf.h
>> +--- crypto/opensslconf.h Wed Jun 03 21:29:20 2015
>> ++++ crypto/opensslconf.h Thu Jun 04 16:27:13 2015
>> +@@ -159,9 +159,12 @@
>> + /* Should we define BN_DIV2W here? */
>> +
>> + /* Only one for the following should be defined */
>> ++/* Bypass the following definitions for UEFI version. */
>> ++#if !defined(OPENSSL_SYS_UEFI)
>> + #undef SIXTY_FOUR_BIT_LONG
>> + #undef SIXTY_FOUR_BIT
>> + #define THIRTY_TWO_BIT
>> ++#endif
>> + #endif
>> +
>> + #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
>> --
>> 1.9.5.msysgit.1
>>
------------------------------------------------------------------------------
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-devel
