On 10 June 2015 at 19:22, Long, Qin <qin.l...@intel.com> wrote: > Thanks, Ard. > > This is one historical changes, and come from some early user's requests: > they would like to keep the built result / image of this module identical as > possible, whatever any path was used (e.g. aaa/edk2/.../openssl v.s. > bbb/edk2/...openssl, ...). To meet this, we have to patch those __FILE__ > macro then. :-( >
OK, fair enough. > I keep this for all later updates. > I guess not all toolchains support #undef __FILE__ #define __FILE__ NULL ?? because that would be a bit simpler. -- Ard. > -----Original Message----- > From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] > Sent: Wednesday, June 10, 2015 7:55 PM > To: Long, Qin > Cc: Ye, Ting; edk2-devel@lists.sourceforge.net > Subject: Re: [patch 1/3] [CryptoPkg] Remove the old patch file for > openssl-0.9.8zf build, and add the patch file for openssl-1.0.2a. > > On 10 June 2015 at 12:22, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: >> On 10 June 2015 at 04:21, qlong <qin.l...@intel.com> wrote: >>> Contributed-under: TianoCore Contribution Agreement 1.0 >>> Signed-off-by: Long, Qin <qin.l...@intel.com> >>> Signed-off-by: qlong <qin.l...@intel.com> >> >> Reviewed-by: Ard Biesheuvel <ard.biesheu...@linaro.org> >> > > I do have a question, though. Why does the underlying patch replace __FILE__ > and __LINE__ references? These macros appear in MdeModulePkg unconditionally, > so I suppose all supported toolchains can deal with them > > >>> --- >>> .../Library/OpensslLib/EDKII_openssl-0.9.8zf.patch | 279 >>> ---------------- .../Library/OpensslLib/EDKII_openssl-1.0.2a.patch >>> | 358 +++++++++++++++++++++ >>> 2 files changed, 358 insertions(+), 279 deletions(-) delete mode >>> 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch >>> create mode 100644 >>> CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch >>> >>> diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch >>> b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch >>> deleted file mode 100644 >>> index 4abe62c..0000000 >>> --- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch >>> +++ /dev/null >>> @@ -1,279 +0,0 @@ >>> -Index: crypto/bio/bss_file.c >>> -=================================================================== >>> ---- crypto/bio/bss_file.c (revision 1) >>> -+++ crypto/bio/bss_file.c (working copy) >>> -@@ -418,6 +418,23 @@ >>> - return (ret); >>> - } >>> - >>> -+#else >>> -+ >>> -+BIO_METHOD *BIO_s_file(void) >>> -+{ >>> -+ return NULL; >>> -+} >>> -+ >>> -+BIO *BIO_new_file(const char *filename, const char *mode) { >>> -+ return NULL; >>> -+} >>> -+ >>> -+BIO *BIO_new_fp(FILE *stream, int close_flag) { >>> -+ return NULL; >>> -+} >>> -+ >>> - # endif /* OPENSSL_NO_STDIO */ >>> - >>> - #endif /* HEADER_BSS_FILE_C */ >>> -Index: crypto/crypto.h >>> -=================================================================== >>> ---- crypto/crypto.h (revision 1) >>> -+++ crypto/crypto.h (working copy) >>> -@@ -239,15 +239,15 @@ >>> - # ifndef OPENSSL_NO_LOCKING >>> - # ifndef CRYPTO_w_lock >>> - # define CRYPTO_w_lock(type) \ >>> -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) >>> -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) >>> - # define CRYPTO_w_unlock(type) \ >>> -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) >>> -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) >>> - # define CRYPTO_r_lock(type) \ >>> -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) >>> -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) >>> - # define CRYPTO_r_unlock(type) \ >>> -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) >>> -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) >>> - # define CRYPTO_add(addr,amount,type) \ >>> -- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) >>> -+ CRYPTO_add_lock(addr,amount,type,NULL,0) >>> - # endif >>> - # else >>> - # define CRYPTO_w_lock(a) >>> -@@ -374,19 +374,19 @@ >>> - # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) >>> - # define is_MemCheck_on() CRYPTO_is_mem_check_on() >>> - >>> --# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) >>> --# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) >>> -+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) >>> -+# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) >>> - # define OPENSSL_realloc(addr,num) \ >>> -- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) >>> -+ CRYPTO_realloc((char *)addr,(int)num,NULL,0) >>> - # define OPENSSL_realloc_clean(addr,old_num,num) \ >>> -- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) >>> -+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0) >>> - # define OPENSSL_remalloc(addr,num) \ >>> -- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) >>> -+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0) >>> - # define OPENSSL_freeFunc CRYPTO_free >>> - # define OPENSSL_free(addr) CRYPTO_free(addr) >>> - >>> - # define OPENSSL_malloc_locked(num) \ >>> -- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) >>> -+ CRYPTO_malloc_locked((int)num,NULL,0) >>> - # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) >>> - >>> - const char *SSLeay_version(int type); -@@ -531,7 +531,7 @@ >>> - long CRYPTO_get_mem_debug_options(void); >>> - >>> - # define CRYPTO_push_info(info) \ >>> -- CRYPTO_push_info_(info, __FILE__, __LINE__); >>> -+ CRYPTO_push_info_(info, NULL, 0); >>> - int CRYPTO_push_info_(const char *info, const char *file, int >>> line); >>> - int CRYPTO_pop_info(void); >>> - int CRYPTO_remove_all_info(void); >>> -@@ -578,7 +578,7 @@ >>> - >>> - /* die if we have to */ >>> - void OpenSSLDie(const char *file, int line, const char *assertion); >>> --# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, >>> __LINE__, #e),1)) >>> -+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, >>> #e),1)) >>> - >>> - unsigned long *OPENSSL_ia32cap_loc(void); >>> - # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) -@@ -585,10 >>> +585,10 @@ >>> - int OPENSSL_isservice(void); >>> - >>> - # ifdef OPENSSL_FIPS >>> --# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ >>> -+# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \ >>> - alg " previous FIPS forbidden algorithm error ignored"); >>> - >>> --# define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ >>> -+# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \ >>> - #alg " Algorithm forbidden in FIPS mode"); >>> - >>> - # ifdef OPENSSL_FIPS_STRICT >>> -Index: crypto/err/err.c >>> -=================================================================== >>> ---- crypto/err/err.c (revision 1) >>> -+++ crypto/err/err.c (working copy) >>> -@@ -321,7 +321,12 @@ >>> - es->err_data_flags[i] = flags; >>> - } >>> - >>> -+/* Add EFIAPI for UEFI version. */ >>> -+#if defined(OPENSSL_SYS_UEFI) >>> -+void EFIAPI ERR_add_error_data(int num, ...) #else >>> - void ERR_add_error_data(int num, ...) >>> -+#endif >>> - { >>> - va_list args; >>> - int i, n, s; >>> -Index: crypto/err/err.h >>> -=================================================================== >>> ---- crypto/err/err.h (revision 1) >>> -+++ crypto/err/err.h (working copy) >>> -@@ -285,7 +285,13 @@ >>> - # endif >>> - # ifndef OPENSSL_NO_BIO >>> - void ERR_print_errors(BIO *bp); >>> -+ >>> -+/* Add EFIAPI for UEFI version. */ >>> -+#if defined(OPENSSL_SYS_UEFI) >>> -+void EFIAPI ERR_add_error_data(int num, ...); #else >>> - void ERR_add_error_data(int num, ...); >>> -+#endif >>> - # endif >>> - void ERR_load_strings(int lib, ERR_STRING_DATA str[]); >>> - void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); >>> -Index: crypto/opensslconf.h >>> -=================================================================== >>> ---- crypto/opensslconf.h (revision 1) >>> -+++ crypto/opensslconf.h (working copy) >>> -@@ -162,6 +162,9 @@ >>> - /* The prime number generation stuff may not work when >>> - * EIGHT_BIT but I don't care since I've only used this mode >>> - * for debuging the bignum libraries */ >>> -+ >>> -+/* Bypass following definition for UEFI version. */ #if >>> -+!defined(OPENSSL_SYS_UEFI) >>> - #undef SIXTY_FOUR_BIT_LONG >>> - #undef SIXTY_FOUR_BIT >>> - #define THIRTY_TWO_BIT >>> -@@ -169,6 +172,8 @@ >>> - #undef EIGHT_BIT >>> - #endif >>> - >>> -+#endif >>> -+ >>> - #if defined(HEADER_RC4_LOCL_H) && >>> !defined(CONFIG_HEADER_RC4_LOCL_H) >>> - #define CONFIG_HEADER_RC4_LOCL_H >>> - /* if this is defined data[i] is used instead of *data, this is a >>> %20 >>> -Index: crypto/pkcs7/pk7_smime.c >>> -=================================================================== >>> ---- crypto/pkcs7/pk7_smime.c (revision 1) >>> -+++ crypto/pkcs7/pk7_smime.c (working copy) >>> -@@ -90,7 +90,14 @@ >>> - if (!PKCS7_content_new(p7, NID_pkcs7_data)) >>> - goto err; >>> - >>> -+#if defined(OPENSSL_SYS_UEFI) >>> -+ /* >>> -+ * NOTE: Update to SHA-256 digest algorithm for UEFI version. >>> -+ */ >>> -+ if (!(si = PKCS7_add_signature(p7, signcert, pkey, >>> -+EVP_sha256()))) { #else >>> - if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) { >>> -+#endif >>> - PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); >>> - goto err; >>> - } >>> -@@ -175,7 +182,8 @@ >>> - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; >>> - PKCS7_SIGNER_INFO *si; >>> - X509_STORE_CTX cert_ctx; >>> -- char buf[4096]; >>> -+ char *buf = NULL; >>> -+ int bufsiz; >>> - int i, j = 0, k, ret = 0; >>> - BIO *p7bio; >>> - BIO *tmpin, *tmpout; >>> -@@ -286,6 +294,12 @@ >>> - } else >>> - tmpout = out; >>> - >>> -+ bufsiz = 4096; >>> -+ buf = OPENSSL_malloc (bufsiz); >>> -+ if (buf == NULL) { >>> -+ goto err; >>> -+ } >>> -+ >>> - /* We now have to 'read' from p7bio to calculate digests etc. */ >>> - for (;;) { >>> - i = BIO_read(p7bio, buf, sizeof(buf)); >>> -@@ -328,6 +342,10 @@ >>> - >>> - sk_X509_free(signers); >>> - >>> -+ if (buf != NULL) { >>> -+ OPENSSL_free (buf); >>> -+ } >>> -+ >>> - return ret; >>> - } >>> - >>> -Index: crypto/rand/rand_egd.c >>> -=================================================================== >>> ---- crypto/rand/rand_egd.c (revision 1) >>> -+++ crypto/rand/rand_egd.c (working copy) >>> -@@ -95,7 +95,7 @@ >>> - * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. >>> - */ >>> - >>> --#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || >>> defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || >>> defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) >>> -+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || >>> -+defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || >>> -+defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || >>> -+defined(OPENSSL_SYS_UEFI) >>> - int RAND_query_egd_bytes(const char *path, unsigned char *buf, int >>> bytes) >>> - { >>> - return (-1); >>> -Index: crypto/rand/rand_unix.c >>> -=================================================================== >>> ---- crypto/rand/rand_unix.c (revision 1) >>> -+++ crypto/rand/rand_unix.c (working copy) >>> -@@ -116,7 +116,7 @@ >>> - #include <openssl/rand.h> >>> - #include "rand_lcl.h" >>> - >>> --#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || >>> defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || >>> defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) >>> -+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || >>> -+defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || >>> -+defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || >>> -+defined(OPENSSL_SYS_UEFI)) >>> - >>> - # include <sys/types.h> >>> - # include <sys/time.h> >>> -@@ -332,7 +332,7 @@ >>> - * defined(OPENSSL_SYS_VXWORKS) || >>> - * defined(OPENSSL_SYS_NETWARE)) */ >>> - >>> --#if defined(OPENSSL_SYS_VXWORKS) >>> -+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) >>> - int RAND_poll(void) >>> - { >>> - return 0; >>> -Index: crypto/x509/x509_vfy.c >>> -=================================================================== >>> ---- crypto/x509/x509_vfy.c (revision 1) >>> -+++ crypto/x509/x509_vfy.c (working copy) >>> -@@ -871,6 +871,10 @@ >>> - >>> - static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) >>> - { >>> -+#if defined(OPENSSL_SYS_UEFI) >>> -+ /* Bypass Certificate Time Checking for UEFI version. */ >>> -+ return 1; >>> -+#else >>> - time_t *ptime; >>> - int i; >>> - >>> -@@ -910,6 +914,7 @@ >>> - } >>> - >>> - return 1; >>> -+#endif >>> - } >>> - >>> - static int internal_verify(X509_STORE_CTX *ctx) diff --git >>> a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch >>> b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch >>> new file mode 100644 >>> index 0000000..55056ec >>> --- /dev/null >>> +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2a.patch >>> @@ -0,0 +1,358 @@ >>> +diff U3 crypto/bio/bio.h crypto/bio/bio.h >>> +--- crypto/bio/bio.h Wed Jun 03 21:29:20 2015 >>> ++++ crypto/bio/bio.h Thu Jun 04 16:28:25 2015 >>> +@@ -646,10 +646,10 @@ >>> + int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, >>> + asn1_ps_func **psuffix_free); >>> + >>> +-# ifndef OPENSSL_NO_FP_API >>> + BIO_METHOD *BIO_s_file(void); >>> + BIO *BIO_new_file(const char *filename, const char *mode); BIO >>> +*BIO_new_fp(FILE *stream, int close_flag); >>> ++# ifndef OPENSSL_NO_FP_API >>> + # define BIO_s_file_internal BIO_s_file >>> + # endif >>> + BIO *BIO_new(BIO_METHOD *type); >>> +diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c >>> +--- crypto/bio/bss_file.c Wed Jun 03 21:29:20 2015 >>> ++++ crypto/bio/bss_file.c Thu Jun 04 16:29:18 2015 >>> +@@ -460,6 +460,23 @@ >>> + return (ret); >>> + } >>> + >>> ++# else >>> ++ >>> ++BIO_METHOD *BIO_s_file(void) >>> ++{ >>> ++ return NULL; >>> ++} >>> ++ >>> ++BIO *BIO_new_file(const char *filename, const char *mode) { >>> ++ return NULL; >>> ++} >>> ++ >>> ++BIO *BIO_new_fp(FILE *stream, int close_flag) { >>> ++ return NULL; >>> ++} >>> ++ >>> + # endif /* OPENSSL_NO_STDIO */ >>> + >>> + #endif /* HEADER_BSS_FILE_C */ >>> +diff U3 crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c >>> +--- crypto/dh/dh_pmeth.c Wed Jun 03 21:29:20 2015 >>> ++++ crypto/dh/dh_pmeth.c Thu Jun 04 16:30:17 2015 >>> +@@ -449,6 +449,9 @@ >>> + *keylen = ret; >>> + return 1; >>> + } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { >>> ++#ifdef OPENSSL_NO_CMS >>> ++ return 0; >>> ++#else >>> + unsigned char *Z = NULL; >>> + size_t Zlen = 0; >>> + if (!dctx->kdf_outlen || !dctx->kdf_oid) @@ -478,6 +481,7 >>> +@@ >>> + OPENSSL_free(Z); >>> + } >>> + return ret; >>> ++#endif >>> + } >>> + return 1; >>> + } >>> +diff U3 crypto/pem/pem.h crypto/pem/pem.h >>> +--- crypto/pem/pem.h Wed Jun 03 21:29:20 2015 >>> ++++ crypto/pem/pem.h Thu Jun 04 16:31:08 2015 >>> +@@ -324,6 +324,7 @@ >>> + >>> + # define DECLARE_PEM_read_fp(name, type) /**/ # define >>> + DECLARE_PEM_write_fp(name, type) /**/ >>> ++# define DECLARE_PEM_write_fp_const(name, type) /**/ >>> + # define DECLARE_PEM_write_cb_fp(name, type) /**/ # else >>> + >>> +diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c >>> +--- crypto/pkcs7/pk7_smime.c Wed Jun 03 21:29:20 2015 >>> ++++ crypto/pkcs7/pk7_smime.c Thu Jun 04 16:34:03 2015 >>> +@@ -254,7 +254,8 @@ >>> + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; >>> + PKCS7_SIGNER_INFO *si; >>> + X509_STORE_CTX cert_ctx; >>> +- char buf[4096]; >>> ++ char *buf = NULL; >>> ++ int bufsiz; >>> + int i, j = 0, k, ret = 0; >>> + BIO *p7bio; >>> + BIO *tmpin, *tmpout; >>> +@@ -365,9 +366,14 @@ >>> + } else >>> + tmpout = out; >>> + >>> ++ bufsiz = 4096; >>> ++ buf = OPENSSL_malloc (bufsiz); >>> ++ if (buf == NULL) { >>> ++ goto err; >>> ++ } >>> + /* We now have to 'read' from p7bio to calculate digests etc. */ >>> + for (;;) { >>> +- i = BIO_read(p7bio, buf, sizeof(buf)); >>> ++ i = BIO_read(p7bio, buf, bufsiz); >>> + if (i <= 0) >>> + break; >>> + if (tmpout) >>> +@@ -406,6 +412,10 @@ >>> + BIO_free_all(p7bio); >>> + >>> + sk_X509_free(signers); >>> ++ >>> ++ if (buf != NULL) { >>> ++ OPENSSL_free (buf); >>> ++ } >>> + >>> + return ret; >>> + } >>> +diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c >>> +--- crypto/rand/rand_unix.c Wed Jun 03 21:29:20 2015 >>> ++++ crypto/rand/rand_unix.c Thu Jun 04 16:34:58 2015 >>> +@@ -116,7 +116,7 @@ >>> + #include <openssl/rand.h> >>> + #include "rand_lcl.h" >>> + >>> +-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || >>> +defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || >>> +defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) >>> ++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || >>> ++defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || >>> ++defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || >>> ++defined(OPENSSL_SYS_UEFI)) >>> + >>> + # include <sys/types.h> >>> + # include <sys/time.h> >>> +@@ -439,7 +439,7 @@ >>> + * defined(OPENSSL_SYS_VXWORKS) || >>> + * defined(OPENSSL_SYS_NETWARE)) */ >>> + >>> +-#if defined(OPENSSL_SYS_VXWORKS) >>> ++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) >>> + int RAND_poll(void) >>> + { >>> + return 0; >>> +diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c >>> +--- crypto/rsa/rsa_ameth.c Wed Jun 03 21:29:20 2015 >>> ++++ crypto/rsa/rsa_ameth.c Thu Jun 04 16:36:28 2015 >>> +@@ -68,10 +68,12 @@ >>> + #endif >>> + #include "asn1_locl.h" >>> + >>> ++#ifndef OPENSSL_NO_CMS >>> + static int rsa_cms_sign(CMS_SignerInfo *si); static int >>> + rsa_cms_verify(CMS_SignerInfo *si); static int >>> + rsa_cms_decrypt(CMS_RecipientInfo *ri); static int >>> + rsa_cms_encrypt(CMS_RecipientInfo *ri); >>> ++#endif >>> + >>> + static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { >>> +@@ -665,6 +667,7 @@ >>> + return rv; >>> + } >>> + >>> ++#ifndef OPENSSL_NO_CMS >>> + static int rsa_cms_verify(CMS_SignerInfo *si) { >>> + int nid, nid2; >>> +@@ -683,6 +686,7 @@ >>> + } >>> + return 0; >>> + } >>> ++#endif >>> + >>> + /* >>> + * Customised RSA item verification routine. This is called when a >>> +signature @@ -705,6 +709,7 @@ >>> + return -1; >>> + } >>> + >>> ++#ifndef OPENSSL_NO_CMS >>> + static int rsa_cms_sign(CMS_SignerInfo *si) { >>> + int pad_mode = RSA_PKCS1_PADDING; @@ -729,6 +734,7 @@ >>> + X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os); >>> + return 1; >>> + } >>> ++#endif >>> + >>> + static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, >>> + X509_ALGOR *alg1, X509_ALGOR *alg2, @@ >>> +-785,6 +791,7 @@ >>> + return pss; >>> + } >>> + >>> ++#ifndef OPENSSL_NO_CMS >>> + static int rsa_cms_decrypt(CMS_RecipientInfo *ri) { >>> + EVP_PKEY_CTX *pkctx; >>> +@@ -857,7 +864,9 @@ >>> + X509_ALGOR_free(maskHash); >>> + return rv; >>> + } >>> ++#endif >>> + >>> ++#ifndef OPENSSL_NO_CMS >>> + static int rsa_cms_encrypt(CMS_RecipientInfo *ri) { >>> + const EVP_MD *md, *mgf1md; >>> +@@ -920,6 +929,7 @@ >>> + ASN1_STRING_free(os); >>> + return rv; >>> + } >>> ++#endif >>> + >>> + const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { >>> + { >>> +diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c >>> +--- crypto/x509/x509_vfy.c Wed Jun 03 21:29:20 2015 >>> ++++ crypto/x509/x509_vfy.c Thu Jun 04 16:37:39 2015 >>> +@@ -1610,6 +1610,10 @@ >>> + >>> + static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) { >>> ++#if defined(OPENSSL_SYS_UEFI) >>> ++ /* Bypass Certificate Time Checking for UEFI version. */ >>> ++ return 1; >>> ++#else >>> + time_t *ptime; >>> + int i; >>> + >>> +@@ -1649,6 +1653,7 @@ >>> + } >>> + >>> + return 1; >>> ++#endif >>> + } >>> + >>> + static int internal_verify(X509_STORE_CTX *ctx) diff U3 >>> +crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c >>> +--- crypto/x509/x509_vpm.c Wed Jun 03 21:29:20 2015 >>> ++++ crypto/x509/x509_vpm.c Thu Jun 04 16:40:04 2015 >>> +@@ -175,7 +175,7 @@ >>> + param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); >>> + if (!param) >>> + return NULL; >>> +- paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); >>> ++ paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM_ID)); >>> + if (!paramid) { >>> + OPENSSL_free(param); >>> + return NULL; >>> +diff U3 crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h >>> +--- crypto/x509v3/ext_dat.h Wed Jun 03 21:29:20 2015 >>> ++++ crypto/x509v3/ext_dat.h Thu Jun 04 16:38:15 2015 >>> +@@ -127,8 +127,10 @@ >>> + &v3_idp, >>> + &v3_alt[2], >>> + &v3_freshest_crl, >>> ++#ifndef OPENSSL_SYS_UEFI >>> + &v3_ct_scts[0], >>> + &v3_ct_scts[1], >>> ++#endif >>> + }; >>> + >>> + /* Number of standard extensions */ diff U3 crypto/crypto.h >>> +crypto/crypto.h >>> +--- crypto/crypto.h Wed Jun 03 21:29:20 2015 >>> ++++ crypto/crypto.h Thu Jun 04 16:25:21 2015 >>> +@@ -235,15 +235,15 @@ >>> + # ifndef OPENSSL_NO_LOCKING >>> + # ifndef CRYPTO_w_lock >>> + # define CRYPTO_w_lock(type) \ >>> +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) >>> ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) >>> + # define CRYPTO_w_unlock(type) \ >>> +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) >>> ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) >>> + # define CRYPTO_r_lock(type) \ >>> +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) >>> ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) >>> + # define CRYPTO_r_unlock(type) \ >>> +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) >>> ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) >>> + # define CRYPTO_add(addr,amount,type) \ >>> +- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) >>> ++ CRYPTO_add_lock(addr,amount,type,NULL,0) >>> + # endif >>> + # else >>> + # define CRYPTO_w_lock(a) >>> +@@ -378,19 +378,19 @@ >>> + # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) >>> + # define is_MemCheck_on() CRYPTO_is_mem_check_on() >>> + >>> +-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) >>> +-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) >>> ++# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) >>> ++# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) >>> + # define OPENSSL_realloc(addr,num) \ >>> +- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) >>> ++ CRYPTO_realloc((char *)addr,(int)num,NULL,0) >>> + # define OPENSSL_realloc_clean(addr,old_num,num) \ >>> +- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) >>> ++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0) >>> + # define OPENSSL_remalloc(addr,num) \ >>> +- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) >>> ++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0) >>> + # define OPENSSL_freeFunc CRYPTO_free >>> + # define OPENSSL_free(addr) CRYPTO_free(addr) >>> + >>> + # define OPENSSL_malloc_locked(num) \ >>> +- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) >>> ++ CRYPTO_malloc_locked((int)num,NULL,0) >>> + # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) >>> + >>> + const char *SSLeay_version(int type); @@ -545,7 +545,7 @@ long >>> +CRYPTO_get_mem_debug_options(void); >>> + >>> + # define CRYPTO_push_info(info) \ >>> +- CRYPTO_push_info_(info, __FILE__, __LINE__); >>> ++ CRYPTO_push_info_(info, NULL, 0); >>> + int CRYPTO_push_info_(const char *info, const char *file, int >>> +line); int CRYPTO_pop_info(void); int >>> +CRYPTO_remove_all_info(void); @@ -588,7 +588,7 @@ >>> + >>> + /* die if we have to */ >>> + void OpenSSLDie(const char *file, int line, const char *assertion); >>> +-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, >>> __LINE__, #e),1)) >>> ++# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, >>> #e),1)) >>> + >>> + unsigned long *OPENSSL_ia32cap_loc(void); # define OPENSSL_ia32cap >>> +(*(OPENSSL_ia32cap_loc())) @@ -605,14 +605,14 @@ # define >>> +fips_md_init_ctx(alg, cx) \ >>> + int alg##_Init(cx##_CTX *c) \ >>> + { \ >>> +- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ >>> ++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \ >>> + "Low level API call to digest " #alg " forbidden in FIPS >>> mode!"); \ >>> + return private_##alg##_Init(c); \ >>> + } \ >>> + int private_##alg##_Init(cx##_CTX *c) >>> + >>> + # define fips_cipher_abort(alg) \ >>> +- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ >>> ++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \ >>> + "Low level API call to cipher " #alg " forbidden in >>> + FIPS mode!") >>> + >>> + # else >>> +diff U3 crypto/opensslconf.h crypto/opensslconf.h >>> +--- crypto/opensslconf.h Wed Jun 03 21:29:20 2015 >>> ++++ crypto/opensslconf.h Thu Jun 04 16:27:13 2015 >>> +@@ -159,9 +159,12 @@ >>> + /* Should we define BN_DIV2W here? */ >>> + >>> + /* Only one for the following should be defined */ >>> ++/* Bypass the following definitions for UEFI version. */ #if >>> ++!defined(OPENSSL_SYS_UEFI) >>> + #undef SIXTY_FOUR_BIT_LONG >>> + #undef SIXTY_FOUR_BIT >>> + #define THIRTY_TWO_BIT >>> ++#endif >>> + #endif >>> + >>> + #if defined(HEADER_RC4_LOCL_H) && >>> + !defined(CONFIG_HEADER_RC4_LOCL_H) >>> -- >>> 1.9.5.msysgit.1 >>> ------------------------------------------------------------------------------ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
