On 2015-06-12 04:19:09, qlong wrote: > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Long, Qin <qin.l...@intel.com> > Signed-off-by: qlong <qin.l...@intel.com>
Your commit message doesn't match the recommended format: https://github.com/tianocore/tianocore.github.io/wiki/Commit-Message-Format (Lines too long. Double signature seems odd.) Another tip... If you look under "Your Identity" on: https://git-scm.com/book/en/v2/Getting-Started-First-Time-Git-Setup Then you can setup your username and email so 'git commit -s' will automatically add your Signed-off-by. $ git config --global user.name "Qin Long" $ git config --global user.email qin.l...@intel.com For your commit message, I recommend this change: ==== You have ==== [CryptoPkg] Remove the old patch file for openssl-0.9.8zf build, and add the patch file for openssl-1.0.2b. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long, Qin <qin.l...@intel.com> Signed-off-by: qlong <qin.l...@intel.com> ==== I recommend === CryptoPkg: Update openssl patch file from 0.9.8zf to 1.0.2b This patch adds a patch file for openssl-1.0.2b, and removes the patch file for openssl-0.9.8zf. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Long, Qin" <qin.l...@intel.com> ==== Can you make similar changes for patches 2 & 3? Thanks, -Jordan > --- > .../Library/OpensslLib/EDKII_openssl-0.9.8zf.patch | 279 ----------------- > .../Library/OpensslLib/EDKII_openssl-1.0.2b.patch | 346 > +++++++++++++++++++++ > 2 files changed, 346 insertions(+), 279 deletions(-) > delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch > create mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2b.patch > > diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch > b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch > deleted file mode 100644 > index 4abe62c..0000000 > --- a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch > +++ /dev/null > @@ -1,279 +0,0 @@ > -Index: crypto/bio/bss_file.c > -=================================================================== > ---- crypto/bio/bss_file.c (revision 1) > -+++ crypto/bio/bss_file.c (working copy) > -@@ -418,6 +418,23 @@ > - return (ret); > - } > - > -+#else > -+ > -+BIO_METHOD *BIO_s_file(void) > -+{ > -+ return NULL; > -+} > -+ > -+BIO *BIO_new_file(const char *filename, const char *mode) > -+{ > -+ return NULL; > -+} > -+ > -+BIO *BIO_new_fp(FILE *stream, int close_flag) > -+{ > -+ return NULL; > -+} > -+ > - # endif /* OPENSSL_NO_STDIO */ > - > - #endif /* HEADER_BSS_FILE_C */ > -Index: crypto/crypto.h > -=================================================================== > ---- crypto/crypto.h (revision 1) > -+++ crypto/crypto.h (working copy) > -@@ -239,15 +239,15 @@ > - # ifndef OPENSSL_NO_LOCKING > - # ifndef CRYPTO_w_lock > - # define CRYPTO_w_lock(type) \ > -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) > -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) > - # define CRYPTO_w_unlock(type) \ > -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) > -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) > - # define CRYPTO_r_lock(type) \ > -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) > -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) > - # define CRYPTO_r_unlock(type) \ > -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) > -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) > - # define CRYPTO_add(addr,amount,type) \ > -- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) > -+ CRYPTO_add_lock(addr,amount,type,NULL,0) > - # endif > - # else > - # define CRYPTO_w_lock(a) > -@@ -374,19 +374,19 @@ > - # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) > - # define is_MemCheck_on() CRYPTO_is_mem_check_on() > - > --# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) > --# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) > -+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) > -+# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) > - # define OPENSSL_realloc(addr,num) \ > -- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) > -+ CRYPTO_realloc((char *)addr,(int)num,NULL,0) > - # define OPENSSL_realloc_clean(addr,old_num,num) \ > -- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) > -+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0) > - # define OPENSSL_remalloc(addr,num) \ > -- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) > -+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0) > - # define OPENSSL_freeFunc CRYPTO_free > - # define OPENSSL_free(addr) CRYPTO_free(addr) > - > - # define OPENSSL_malloc_locked(num) \ > -- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) > -+ CRYPTO_malloc_locked((int)num,NULL,0) > - # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) > - > - const char *SSLeay_version(int type); > -@@ -531,7 +531,7 @@ > - long CRYPTO_get_mem_debug_options(void); > - > - # define CRYPTO_push_info(info) \ > -- CRYPTO_push_info_(info, __FILE__, __LINE__); > -+ CRYPTO_push_info_(info, NULL, 0); > - int CRYPTO_push_info_(const char *info, const char *file, int line); > - int CRYPTO_pop_info(void); > - int CRYPTO_remove_all_info(void); > -@@ -578,7 +578,7 @@ > - > - /* die if we have to */ > - void OpenSSLDie(const char *file, int line, const char *assertion); > --# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, > __LINE__, #e),1)) > -+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, > #e),1)) > - > - unsigned long *OPENSSL_ia32cap_loc(void); > - # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) > -@@ -585,10 +585,10 @@ > - int OPENSSL_isservice(void); > - > - # ifdef OPENSSL_FIPS > --# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ > -+# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \ > - alg " previous FIPS forbidden algorithm error ignored"); > - > --# define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ > -+# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \ > - #alg " Algorithm forbidden in FIPS mode"); > - > - # ifdef OPENSSL_FIPS_STRICT > -Index: crypto/err/err.c > -=================================================================== > ---- crypto/err/err.c (revision 1) > -+++ crypto/err/err.c (working copy) > -@@ -321,7 +321,12 @@ > - es->err_data_flags[i] = flags; > - } > - > -+/* Add EFIAPI for UEFI version. */ > -+#if defined(OPENSSL_SYS_UEFI) > -+void EFIAPI ERR_add_error_data(int num, ...) > -+#else > - void ERR_add_error_data(int num, ...) > -+#endif > - { > - va_list args; > - int i, n, s; > -Index: crypto/err/err.h > -=================================================================== > ---- crypto/err/err.h (revision 1) > -+++ crypto/err/err.h (working copy) > -@@ -285,7 +285,13 @@ > - # endif > - # ifndef OPENSSL_NO_BIO > - void ERR_print_errors(BIO *bp); > -+ > -+/* Add EFIAPI for UEFI version. */ > -+#if defined(OPENSSL_SYS_UEFI) > -+void EFIAPI ERR_add_error_data(int num, ...); > -+#else > - void ERR_add_error_data(int num, ...); > -+#endif > - # endif > - void ERR_load_strings(int lib, ERR_STRING_DATA str[]); > - void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); > -Index: crypto/opensslconf.h > -=================================================================== > ---- crypto/opensslconf.h (revision 1) > -+++ crypto/opensslconf.h (working copy) > -@@ -162,6 +162,9 @@ > - /* The prime number generation stuff may not work when > - * EIGHT_BIT but I don't care since I've only used this mode > - * for debuging the bignum libraries */ > -+ > -+/* Bypass following definition for UEFI version. */ > -+#if !defined(OPENSSL_SYS_UEFI) > - #undef SIXTY_FOUR_BIT_LONG > - #undef SIXTY_FOUR_BIT > - #define THIRTY_TWO_BIT > -@@ -169,6 +172,8 @@ > - #undef EIGHT_BIT > - #endif > - > -+#endif > -+ > - #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) > - #define CONFIG_HEADER_RC4_LOCL_H > - /* if this is defined data[i] is used instead of *data, this is a %20 > -Index: crypto/pkcs7/pk7_smime.c > -=================================================================== > ---- crypto/pkcs7/pk7_smime.c (revision 1) > -+++ crypto/pkcs7/pk7_smime.c (working copy) > -@@ -90,7 +90,14 @@ > - if (!PKCS7_content_new(p7, NID_pkcs7_data)) > - goto err; > - > -+#if defined(OPENSSL_SYS_UEFI) > -+ /* > -+ * NOTE: Update to SHA-256 digest algorithm for UEFI version. > -+ */ > -+ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha256()))) { > -+#else > - if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) { > -+#endif > - PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); > - goto err; > - } > -@@ -175,7 +182,8 @@ > - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; > - PKCS7_SIGNER_INFO *si; > - X509_STORE_CTX cert_ctx; > -- char buf[4096]; > -+ char *buf = NULL; > -+ int bufsiz; > - int i, j = 0, k, ret = 0; > - BIO *p7bio; > - BIO *tmpin, *tmpout; > -@@ -286,6 +294,12 @@ > - } else > - tmpout = out; > - > -+ bufsiz = 4096; > -+ buf = OPENSSL_malloc (bufsiz); > -+ if (buf == NULL) { > -+ goto err; > -+ } > -+ > - /* We now have to 'read' from p7bio to calculate digests etc. */ > - for (;;) { > - i = BIO_read(p7bio, buf, sizeof(buf)); > -@@ -328,6 +342,10 @@ > - > - sk_X509_free(signers); > - > -+ if (buf != NULL) { > -+ OPENSSL_free (buf); > -+ } > -+ > - return ret; > - } > - > -Index: crypto/rand/rand_egd.c > -=================================================================== > ---- crypto/rand/rand_egd.c (revision 1) > -+++ crypto/rand/rand_egd.c (working copy) > -@@ -95,7 +95,7 @@ > - * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. > - */ > - > --#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || > defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || > defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) > -+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || > defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || > defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || > defined(OPENSSL_SYS_UEFI) > - int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) > - { > - return (-1); > -Index: crypto/rand/rand_unix.c > -=================================================================== > ---- crypto/rand/rand_unix.c (revision 1) > -+++ crypto/rand/rand_unix.c (working copy) > -@@ -116,7 +116,7 @@ > - #include <openssl/rand.h> > - #include "rand_lcl.h" > - > --#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || > defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || > defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) > -+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || > defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || > defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || > defined(OPENSSL_SYS_UEFI)) > - > - # include <sys/types.h> > - # include <sys/time.h> > -@@ -332,7 +332,7 @@ > - * defined(OPENSSL_SYS_VXWORKS) || > - * defined(OPENSSL_SYS_NETWARE)) */ > - > --#if defined(OPENSSL_SYS_VXWORKS) > -+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) > - int RAND_poll(void) > - { > - return 0; > -Index: crypto/x509/x509_vfy.c > -=================================================================== > ---- crypto/x509/x509_vfy.c (revision 1) > -+++ crypto/x509/x509_vfy.c (working copy) > -@@ -871,6 +871,10 @@ > - > - static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) > - { > -+#if defined(OPENSSL_SYS_UEFI) > -+ /* Bypass Certificate Time Checking for UEFI version. */ > -+ return 1; > -+#else > - time_t *ptime; > - int i; > - > -@@ -910,6 +914,7 @@ > - } > - > - return 1; > -+#endif > - } > - > - static int internal_verify(X509_STORE_CTX *ctx) > diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2b.patch > b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2b.patch > new file mode 100644 > index 0000000..54e14d8 > --- /dev/null > +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2b.patch > @@ -0,0 +1,346 @@ > +diff U3 crypto/bio/bio.h crypto/bio/bio.h > +--- crypto/bio/bio.h Thu Jun 11 21:50:12 2015 > ++++ crypto/bio/bio.h Fri Jun 12 11:00:52 2015 > +@@ -646,10 +646,10 @@ > + int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, > + asn1_ps_func **psuffix_free); > + > +-# ifndef OPENSSL_NO_FP_API > + BIO_METHOD *BIO_s_file(void); > + BIO *BIO_new_file(const char *filename, const char *mode); > + BIO *BIO_new_fp(FILE *stream, int close_flag); > ++# ifndef OPENSSL_NO_FP_API > + # define BIO_s_file_internal BIO_s_file > + # endif > + BIO *BIO_new(BIO_METHOD *type); > +diff U3 crypto/bio/bss_file.c crypto/bio/bss_file.c > +--- crypto/bio/bss_file.c Thu Jun 11 21:01:06 2015 > ++++ crypto/bio/bss_file.c Fri Jun 12 11:01:28 2015 > +@@ -460,6 +460,23 @@ > + return (ret); > + } > + > ++# else > ++ > ++BIO_METHOD *BIO_s_file(void) > ++{ > ++ return NULL; > ++} > ++ > ++BIO *BIO_new_file(const char *filename, const char *mode) > ++{ > ++ return NULL; > ++} > ++ > ++BIO *BIO_new_fp(FILE *stream, int close_flag) > ++{ > ++ return NULL; > ++} > ++ > + # endif /* OPENSSL_NO_STDIO */ > + > + #endif /* HEADER_BSS_FILE_C */ > +diff U3 crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c > +--- crypto/dh/dh_pmeth.c Thu Jun 11 21:50:12 2015 > ++++ crypto/dh/dh_pmeth.c Fri Jun 12 11:08:48 2015 > +@@ -449,6 +449,9 @@ > + *keylen = ret; > + return 1; > + } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { > ++#ifdef OPENSSL_NO_CMS > ++ return 0; > ++#else > + unsigned char *Z = NULL; > + size_t Zlen = 0; > + if (!dctx->kdf_outlen || !dctx->kdf_oid) > +@@ -478,6 +481,7 @@ > + OPENSSL_free(Z); > + } > + return ret; > ++#endif > + } > + return 1; > + } > +diff U3 crypto/pem/pem.h crypto/pem/pem.h > +--- crypto/pem/pem.h Thu Jun 11 21:50:12 2015 > ++++ crypto/pem/pem.h Fri Jun 12 10:58:18 2015 > +@@ -324,6 +324,7 @@ > + > + # define DECLARE_PEM_read_fp(name, type) /**/ > + # define DECLARE_PEM_write_fp(name, type) /**/ > ++# define DECLARE_PEM_write_fp_const(name, type) /**/ > + # define DECLARE_PEM_write_cb_fp(name, type) /**/ > + # else > + > +diff U3 crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c > +--- crypto/pkcs7/pk7_smime.c Thu Jun 11 21:01:06 2015 > ++++ crypto/pkcs7/pk7_smime.c Fri Jun 12 11:23:38 2015 > +@@ -254,7 +254,8 @@ > + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; > + PKCS7_SIGNER_INFO *si; > + X509_STORE_CTX cert_ctx; > +- char buf[4096]; > ++ char *buf = NULL; > ++ int bufsiz; > + int i, j = 0, k, ret = 0; > + BIO *p7bio; > + BIO *tmpin, *tmpout; > +@@ -365,9 +366,14 @@ > + } else > + tmpout = out; > + > ++ bufsiz = 4096; > ++ buf = OPENSSL_malloc(bufsiz); > ++ if (buf == NULL) { > ++ goto err; > ++ } > + /* We now have to 'read' from p7bio to calculate digests etc. */ > + for (;;) { > +- i = BIO_read(p7bio, buf, sizeof(buf)); > ++ i = BIO_read(p7bio, buf, bufsiz); > + if (i <= 0) > + break; > + if (tmpout) > +@@ -406,6 +412,10 @@ > + BIO_free_all(p7bio); > + > + sk_X509_free(signers); > ++ > ++ if (buf != NULL) { > ++ OPENSSL_free(buf); > ++ } > + > + return ret; > + } > +diff U3 crypto/rand/rand_unix.c crypto/rand/rand_unix.c > +--- crypto/rand/rand_unix.c Thu Jun 11 21:01:06 2015 > ++++ crypto/rand/rand_unix.c Fri Jun 12 10:51:21 2015 > +@@ -116,7 +116,7 @@ > + #include <openssl/rand.h> > + #include "rand_lcl.h" > + > +-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || > defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || > defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) > ++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || > defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || > defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || > defined(OPENSSL_SYS_UEFI)) > + > + # include <sys/types.h> > + # include <sys/time.h> > +@@ -439,7 +439,7 @@ > + * defined(OPENSSL_SYS_VXWORKS) || > + * defined(OPENSSL_SYS_NETWARE)) */ > + > +-#if defined(OPENSSL_SYS_VXWORKS) > ++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) > + int RAND_poll(void) > + { > + return 0; > +diff U3 crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c > +--- crypto/rsa/rsa_ameth.c Thu Jun 11 21:50:12 2015 > ++++ crypto/rsa/rsa_ameth.c Fri Jun 12 10:45:38 2015 > +@@ -68,10 +68,12 @@ > + #endif > + #include "asn1_locl.h" > + > ++#ifndef OPENSSL_NO_CMS > + static int rsa_cms_sign(CMS_SignerInfo *si); > + static int rsa_cms_verify(CMS_SignerInfo *si); > + static int rsa_cms_decrypt(CMS_RecipientInfo *ri); > + static int rsa_cms_encrypt(CMS_RecipientInfo *ri); > ++#endif > + > + static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) > + { > +@@ -665,6 +667,7 @@ > + return rv; > + } > + > ++#ifndef OPENSSL_NO_CMS > + static int rsa_cms_verify(CMS_SignerInfo *si) > + { > + int nid, nid2; > +@@ -683,6 +686,7 @@ > + } > + return 0; > + } > ++#endif > + > + /* > + * Customised RSA item verification routine. This is called when a signature > +@@ -705,6 +709,7 @@ > + return -1; > + } > + > ++#ifndef OPENSSL_NO_CMS > + static int rsa_cms_sign(CMS_SignerInfo *si) > + { > + int pad_mode = RSA_PKCS1_PADDING; > +@@ -729,6 +734,7 @@ > + X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os); > + return 1; > + } > ++#endif > + > + static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, > + X509_ALGOR *alg1, X509_ALGOR *alg2, > +@@ -785,6 +791,7 @@ > + return pss; > + } > + > ++#ifndef OPENSSL_NO_CMS > + static int rsa_cms_decrypt(CMS_RecipientInfo *ri) > + { > + EVP_PKEY_CTX *pkctx; > +@@ -857,7 +864,9 @@ > + X509_ALGOR_free(maskHash); > + return rv; > + } > ++#endif > + > ++#ifndef OPENSSL_NO_CMS > + static int rsa_cms_encrypt(CMS_RecipientInfo *ri) > + { > + const EVP_MD *md, *mgf1md; > +@@ -920,6 +929,7 @@ > + ASN1_STRING_free(os); > + return rv; > + } > ++#endif > + > + const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { > + { > +diff U3 crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c > +--- crypto/x509/x509_vfy.c Thu Jun 11 21:52:58 2015 > ++++ crypto/x509/x509_vfy.c Fri Jun 12 11:29:37 2015 > +@@ -1647,6 +1647,10 @@ > + > + static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) > + { > ++#ifdef OPENSSL_SYS_UEFI > ++ /* Bypass Certificate Time Checking for UEFI version. */ > ++ return 1; > ++#else > + time_t *ptime; > + int i; > + > +@@ -1686,6 +1690,7 @@ > + } > + > + return 1; > ++#endif > + } > + > + static int internal_verify(X509_STORE_CTX *ctx) > +diff U3 crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h > +--- crypto/x509v3/ext_dat.h Thu Jun 11 21:50:12 2015 > ++++ crypto/x509v3/ext_dat.h Fri Jun 12 11:11:03 2015 > +@@ -127,8 +127,10 @@ > + &v3_idp, > + &v3_alt[2], > + &v3_freshest_crl, > ++#ifndef OPENSSL_SYS_UEFI > + &v3_ct_scts[0], > + &v3_ct_scts[1], > ++#endif > + }; > + > + /* Number of standard extensions */ > +diff U3 crypto/crypto.h crypto/crypto.h > +--- crypto/crypto.h Thu Jun 11 21:01:06 2015 > ++++ crypto/crypto.h Fri Jun 12 11:33:27 2015 > +@@ -235,15 +235,15 @@ > + # ifndef OPENSSL_NO_LOCKING > + # ifndef CRYPTO_w_lock > + # define CRYPTO_w_lock(type) \ > +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) > ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) > + # define CRYPTO_w_unlock(type) \ > +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) > ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) > + # define CRYPTO_r_lock(type) \ > +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) > ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) > + # define CRYPTO_r_unlock(type) \ > +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) > ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) > + # define CRYPTO_add(addr,amount,type) \ > +- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) > ++ CRYPTO_add_lock(addr,amount,type,NULL,0) > + # endif > + # else > + # define CRYPTO_w_lock(a) > +@@ -378,19 +378,19 @@ > + # define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) > + # define is_MemCheck_on() CRYPTO_is_mem_check_on() > + > +-# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) > +-# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) > ++# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) > ++# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) > + # define OPENSSL_realloc(addr,num) \ > +- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) > ++ CRYPTO_realloc((char *)addr,(int)num,NULL,0) > + # define OPENSSL_realloc_clean(addr,old_num,num) \ > +- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) > ++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0) > + # define OPENSSL_remalloc(addr,num) \ > +- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) > ++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0) > + # define OPENSSL_freeFunc CRYPTO_free > + # define OPENSSL_free(addr) CRYPTO_free(addr) > + > + # define OPENSSL_malloc_locked(num) \ > +- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) > ++ CRYPTO_malloc_locked((int)num,NULL,0) > + # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) > + > + const char *SSLeay_version(int type); > +@@ -545,7 +545,7 @@ > + long CRYPTO_get_mem_debug_options(void); > + > + # define CRYPTO_push_info(info) \ > +- CRYPTO_push_info_(info, __FILE__, __LINE__); > ++ CRYPTO_push_info_(info, NULL, 0); > + int CRYPTO_push_info_(const char *info, const char *file, int line); > + int CRYPTO_pop_info(void); > + int CRYPTO_remove_all_info(void); > +@@ -588,7 +588,7 @@ > + > + /* die if we have to */ > + void OpenSSLDie(const char *file, int line, const char *assertion); > +-# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, > __LINE__, #e),1)) > ++# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, > #e),1)) > + > + unsigned long *OPENSSL_ia32cap_loc(void); > + # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) > +@@ -605,14 +605,14 @@ > + # define fips_md_init_ctx(alg, cx) \ > + int alg##_Init(cx##_CTX *c) \ > + { \ > +- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ > ++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \ > + "Low level API call to digest " #alg " forbidden in FIPS > mode!"); \ > + return private_##alg##_Init(c); \ > + } \ > + int private_##alg##_Init(cx##_CTX *c) > + > + # define fips_cipher_abort(alg) \ > +- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ > ++ if (FIPS_mode()) OpenSSLDie(NULL, 0, \ > + "Low level API call to cipher " #alg " forbidden in FIPS > mode!") > + > + # else > +diff U3 crypto/opensslconf.h crypto/opensslconf.h > +--- crypto/opensslconf.h Thu Jun 11 21:55:38 2015 > ++++ crypto/opensslconf.h Fri Jun 12 10:28:27 2015 > +@@ -159,9 +159,12 @@ > + /* Should we define BN_DIV2W here? */ > + > + /* Only one for the following should be defined */ > ++/* Bypass the following definitions for UEFI version. */ > ++#if !defined(OPENSSL_SYS_UEFI) > + #undef SIXTY_FOUR_BIT_LONG > + #undef SIXTY_FOUR_BIT > + #define THIRTY_TWO_BIT > ++#endif > + #endif > + > + #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) > -- > 1.9.5.msysgit.1 > > > ------------------------------------------------------------------------------ > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/edk2-devel ------------------------------------------------------------------------------ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
