1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
|
Index: crypto/bio/bss_file.c
===================================================================
--- crypto/bio/bss_file.c (revision 1)
+++ crypto/bio/bss_file.c (working copy)
@@ -428,6 +428,23 @@
return(ret);
}
+#else
+
+BIO_METHOD *BIO_s_file(void)
+ {
+ return NULL;
+ }
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+ {
+ return NULL;
+ }
+
+BIO *BIO_new_fp(FILE *stream, int close_flag)
+ {
+ return NULL;
+ }
+
#endif /* OPENSSL_NO_STDIO */
#endif /* HEADER_BSS_FILE_C */
Index: crypto/crypto.h
===================================================================
--- crypto/crypto.h (revision 1)
+++ crypto/crypto.h (working copy)
@@ -235,15 +235,15 @@
#ifndef OPENSSL_NO_LOCKING
#ifndef CRYPTO_w_lock
#define CRYPTO_w_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
#define CRYPTO_w_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
#define CRYPTO_r_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
#define CRYPTO_r_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
#define CRYPTO_add(addr,amount,type) \
- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+ CRYPTO_add_lock(addr,amount,type,NULL,0)
#endif
#else
#define CRYPTO_w_lock(a)
@@ -361,19 +361,19 @@
#define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
#define is_MemCheck_on() CRYPTO_is_mem_check_on()
-#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
-#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
+#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
+#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
#define OPENSSL_realloc(addr,num) \
- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
#define OPENSSL_realloc_clean(addr,old_num,num) \
- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
#define OPENSSL_remalloc(addr,num) \
- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
#define OPENSSL_freeFunc CRYPTO_free
#define OPENSSL_free(addr) CRYPTO_free(addr)
#define OPENSSL_malloc_locked(num) \
- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
+ CRYPTO_malloc_locked((int)num,NULL,0)
#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
@@ -487,7 +487,7 @@
long CRYPTO_get_mem_debug_options(void);
#define CRYPTO_push_info(info) \
- CRYPTO_push_info_(info, __FILE__, __LINE__);
+ CRYPTO_push_info_(info, NULL, 0);
int CRYPTO_push_info_(const char *info, const char *file, int line);
int CRYPTO_pop_info(void);
int CRYPTO_remove_all_info(void);
@@ -528,17 +528,17 @@
/* die if we have to */
void OpenSSLDie(const char *file,int line,const char *assertion);
-#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
+#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
unsigned long *OPENSSL_ia32cap_loc(void);
#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
int OPENSSL_isservice(void);
#ifdef OPENSSL_FIPS
-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
alg " previous FIPS forbidden algorithm error ignored");
-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
+#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
#alg " Algorithm forbidden in FIPS mode");
#ifdef OPENSSL_FIPS_STRICT
Index: crypto/err/err.c
===================================================================
--- crypto/err/err.c (revision 1)
+++ crypto/err/err.c (working copy)
@@ -313,7 +313,12 @@
es->err_data_flags[i]=flags;
}
+/* Add EFIAPI for UEFI version. */
+#if defined(OPENSSL_SYS_UEFI)
+void EFIAPI ERR_add_error_data(int num, ...)
+#else
void ERR_add_error_data(int num, ...)
+#endif
{
va_list args;
int i,n,s;
Index: crypto/err/err.h
===================================================================
--- crypto/err/err.h (revision 1)
+++ crypto/err/err.h (working copy)
@@ -286,8 +286,14 @@
#endif
#ifndef OPENSSL_NO_BIO
void ERR_print_errors(BIO *bp);
+
+/* Add EFIAPI for UEFI version. */
+#if defined(OPENSSL_SYS_UEFI)
+void EFIAPI ERR_add_error_data(int num, ...);
+#else
void ERR_add_error_data(int num, ...);
#endif
+#endif
void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
void ERR_load_ERR_strings(void);
Index: crypto/opensslconf.h
===================================================================
--- crypto/opensslconf.h (revision 1)
+++ crypto/opensslconf.h (working copy)
@@ -162,6 +162,9 @@
/* The prime number generation stuff may not work when
* EIGHT_BIT but I don't care since I've only used this mode
* for debuging the bignum libraries */
+
+/* Bypass following definition for UEFI version. */
+#if !defined(OPENSSL_SYS_UEFI)
#undef SIXTY_FOUR_BIT_LONG
#undef SIXTY_FOUR_BIT
#define THIRTY_TWO_BIT
@@ -169,6 +172,8 @@
#undef EIGHT_BIT
#endif
+#endif
+
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
#define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20
Index: crypto/pkcs7/pk7_smime.c
===================================================================
--- crypto/pkcs7/pk7_smime.c (revision 1)
+++ crypto/pkcs7/pk7_smime.c (working copy)
@@ -88,7 +88,10 @@
if (!PKCS7_content_new(p7, NID_pkcs7_data))
goto err;
- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
+ /*
+ NOTE: Update to SHA-256 digest algorithm for UEFI version.
+ */
+ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {
PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
goto err;
}
Index: crypto/rand/rand_egd.c
===================================================================
--- crypto/rand/rand_egd.c (revision 1)
+++ crypto/rand/rand_egd.c (working copy)
@@ -95,7 +95,7 @@
* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
*/
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
{
return(-1);
Index: crypto/rand/rand_unix.c
===================================================================
--- crypto/rand/rand_unix.c (revision 1)
+++ crypto/rand/rand_unix.c (working copy)
@@ -116,7 +116,7 @@
#include <openssl/rand.h>
#include "rand_lcl.h"
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
#include <sys/types.h>
#include <sys/time.h>
@@ -322,7 +322,7 @@
#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
-#if defined(OPENSSL_SYS_VXWORKS)
+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
int RAND_poll(void)
{
return 0;
Index: crypto/x509/x509_vfy.c
===================================================================
--- crypto/x509/x509_vfy.c (revision 1)
+++ crypto/x509/x509_vfy.c (working copy)
@@ -386,7 +386,11 @@
static int check_chain_extensions(X509_STORE_CTX *ctx)
{
-#ifdef OPENSSL_NO_CHAIN_VERIFY
+#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)
+ /*
+ NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting
+ in Authenticode Signing Certificates.
+ */
return 1;
#else
int i, ok=0, must_be_ca, plen = 0;
@@ -899,6 +903,10 @@
static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
{
+#if defined(OPENSSL_SYS_UEFI)
+ /* Bypass Certificate Time Checking for UEFI version. */
+ return 1;
+#else
time_t *ptime;
int i;
@@ -942,6 +950,7 @@
}
return 1;
+#endif
}
static int internal_verify(X509_STORE_CTX *ctx)
|
