diff options
Diffstat (limited to 'CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch')
| -rw-r--r-- | CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch | 174 |
1 files changed, 174 insertions, 0 deletions
diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch new file mode 100644 index 0000000000..3b312482ee --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8w.patch @@ -0,0 +1,174 @@ +Index: crypto/bio/bss_file.c
+===================================================================
+--- crypto/bio/bss_file.c (revision 1)
++++ crypto/bio/bss_file.c (working copy)
+@@ -428,6 +428,23 @@
+ return(ret);
+ }
+
++#else
++
++BIO_METHOD *BIO_s_file(void)
++ {
++ return NULL;
++ }
++
++BIO *BIO_new_file(const char *filename, const char *mode)
++ {
++ return NULL;
++ }
++
++BIO *BIO_new_fp(FILE *stream, int close_flag)
++ {
++ return NULL;
++ }
++
+ #endif /* OPENSSL_NO_STDIO */
+
+ #endif /* HEADER_BSS_FILE_C */
+Index: crypto/err/err.c
+===================================================================
+--- crypto/err/err.c (revision 1)
++++ crypto/err/err.c (working copy)
+@@ -313,7 +313,12 @@
+ es->err_data_flags[i]=flags;
+ }
+
++/* Add EFIAPI for UEFI version. */
++#if defined(OPENSSL_SYS_UEFI)
++void EFIAPI ERR_add_error_data(int num, ...)
++#else
+ void ERR_add_error_data(int num, ...)
++#endif
+ {
+ va_list args;
+ int i,n,s;
+Index: crypto/err/err.h
+===================================================================
+--- crypto/err/err.h (revision 1)
++++ crypto/err/err.h (working copy)
+@@ -286,8 +286,14 @@
+ #endif
+ #ifndef OPENSSL_NO_BIO
+ void ERR_print_errors(BIO *bp);
++
++/* Add EFIAPI for UEFI version. */
++#if defined(OPENSSL_SYS_UEFI)
++void EFIAPI ERR_add_error_data(int num, ...);
++#else
+ void ERR_add_error_data(int num, ...);
+ #endif
++#endif
+ void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
+ void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
+ void ERR_load_ERR_strings(void);
+Index: crypto/opensslconf.h
+===================================================================
+--- crypto/opensslconf.h (revision 1)
++++ crypto/opensslconf.h (working copy)
+@@ -162,6 +162,9 @@
+ /* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
++
++/* Bypass following definition for UEFI version. */
++#if !defined(OPENSSL_SYS_UEFI)
+ #undef SIXTY_FOUR_BIT_LONG
+ #undef SIXTY_FOUR_BIT
+ #define THIRTY_TWO_BIT
+@@ -169,6 +172,8 @@
+ #undef EIGHT_BIT
+ #endif
+
++#endif
++
+ #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+ #define CONFIG_HEADER_RC4_LOCL_H
+ /* if this is defined data[i] is used instead of *data, this is a %20
+Index: crypto/pkcs7/pk7_smime.c
+===================================================================
+--- crypto/pkcs7/pk7_smime.c (revision 1)
++++ crypto/pkcs7/pk7_smime.c (working copy)
+@@ -88,7 +88,10 @@
+ if (!PKCS7_content_new(p7, NID_pkcs7_data))
+ goto err;
+
+- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
++ /*
++ NOTE: Update to SHA-256 digest algorithm for UEFI version.
++ */
++ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+ goto err;
+ }
+Index: crypto/rand/rand_egd.c
+===================================================================
+--- crypto/rand/rand_egd.c (revision 1)
++++ crypto/rand/rand_egd.c (working copy)
+@@ -95,7 +95,7 @@
+ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
+ */
+
+-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
++#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
+ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+ {
+ return(-1);
+Index: crypto/rand/rand_unix.c
+===================================================================
+--- crypto/rand/rand_unix.c (revision 1)
++++ crypto/rand/rand_unix.c (working copy)
+@@ -116,7 +116,7 @@
+ #include <openssl/rand.h>
+ #include "rand_lcl.h"
+
+-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
+
+ #include <sys/types.h>
+ #include <sys/time.h>
+@@ -322,7 +322,7 @@
+ #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
+
+
+-#if defined(OPENSSL_SYS_VXWORKS)
++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+ int RAND_poll(void)
+ {
+ return 0;
+Index: crypto/x509/x509_vfy.c
+===================================================================
+--- crypto/x509/x509_vfy.c (revision 1)
++++ crypto/x509/x509_vfy.c (working copy)
+@@ -386,7 +386,11 @@
+
+ static int check_chain_extensions(X509_STORE_CTX *ctx)
+ {
+-#ifdef OPENSSL_NO_CHAIN_VERIFY
++#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)
++ /*
++ NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting
++ in Authenticode Signing Certificates.
++ */
+ return 1;
+ #else
+ int i, ok=0, must_be_ca, plen = 0;
+@@ -899,6 +903,10 @@
+
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
+ {
++#if defined(OPENSSL_SYS_UEFI)
++ /* Bypass Certificate Time Checking for UEFI version. */
++ return 1;
++#else
+ time_t *ptime;
+ int i;
+
+@@ -942,6 +950,7 @@
+ }
+
+ return 1;
++#endif
+ }
+
+ static int internal_verify(X509_STORE_CTX *ctx)
|