Revert lots of Cryptlib updates.

OpenSSL changes quite a bit of the key validation, and most of the keys I can find in the wild aren't marked as trusted by the new checker. Intel noticed this too: vathpela/edk2@f536d7c3ed but instead of fixing the compatibility error, they switched their test data to match the bug. So that's pretty broken. For now, I'm reverting OpenSSL 1.1.0e, because we need those certs in the wild to work. This reverts commit 513cbe2. This reverts commit e9cc33d. This reverts commit 80d49f7. This reverts commit 9bc647e. This reverts commit ae75df6. This reverts commit e883479. This reverts commit 9746944. This reverts commit e396926. This reverts commit 0f3dfc0. This reverts commit 4da6ac8. This reverts commit d064bd7. This reverts commit 9bc86cf. This reverts commit ab9a05a. Signed-off-by: Peter Jones <pjones@redhat.com>
rhboot · Aug 31, 2017 · 1d39ada · 1d39ada · lcp · Sep 13, 2017
1 parent eae6427
commit 1d39ada
Show file tree

Hide file tree

Showing 704 changed files with 78,346 additions and 49,619 deletions.
diff --git a/Cryptlib/Cryptlib.diff b/Cryptlib/Cryptlib.diff
@@ -1,20 +1,8 @@
-diff --git a/Cryptlib/Include/openssl/e_os2.h b/Cryptlib/Include/openssl/e_os2.h
-index 99ea347..f11cffe 100644
---- a/Cryptlib/Include/openssl/e_os2.h
-+++ b/Cryptlib/Include/openssl/e_os2.h
-@@ -234,6 +234,7 @@ extern "C" {
-
- /* Standard integer types */
- # if defined(OPENSSL_SYS_UEFI)
-+#include <efi.h>
- typedef INT8 int8_t;
- typedef UINT8 uint8_t;
- typedef INT16 int16_t;
 diff --git a/Cryptlib/SysCall/BaseMemAllocation.c b/Cryptlib/SysCall/BaseMemAllocation.c
-index f390e0d..65e9938 100644
+index 68bc25a..1abe78e 100644
 --- a/Cryptlib/SysCall/BaseMemAllocation.c
 +++ b/Cryptlib/SysCall/BaseMemAllocation.c
-@@ -33,7 +33,7 @@ void *realloc (void *ptr, size_t size)
+@@ -32,7 +32,7 @@ void *realloc (void *ptr, size_t size)
    // BUG: hardcode OldSize == size! We have no any knowledge about
    // memory size of original pointer ptr.
    //
@@ -23,46 +11,21 @@ index f390e0d..65e9938 100644
  }
 
  /* De-allocates or frees a memory block */
-diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c
-index 20c9656..7878953 100644
---- a/Cryptlib/SysCall/CrtWrapper.c
-+++ b/Cryptlib/SysCall/CrtWrapper.c
-@@ -371,20 +371,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream)
-   return 0;
- }
-
--//
--//  -- Dummy OpenSSL Support Routines --
--//
--
--int BIO_printf (void *bio, const char *format, ...)
--{
--  return 0;
--}
--
--int BIO_snprintf(char *buf, size_t n, const char *format, ...)
--{
--  return 0;
--}
--
- #ifdef __GNUC__
-
- typedef
 diff --git a/Cryptlib/SysCall/TimerWrapper.c b/Cryptlib/SysCall/TimerWrapper.c
-index 581b8fb..04fe4ef 100644
+index 805e6b4..bb7bcba 100644
 --- a/Cryptlib/SysCall/TimerWrapper.c
 +++ b/Cryptlib/SysCall/TimerWrapper.c
 @@ -13,9 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
  **/
 
 -#include <Uefi.h>
- #include <CrtLibSupport.h>
+ #include <OpenSslSupport.h>
 -#include <Library/UefiRuntimeServicesTableLib.h>
 
  //
  // -- Time Management Routines --
-@@ -79,7 +77,7 @@ time_t time (time_t *timer)
+@@ -78,7 +76,7 @@ time_t time (time_t *timer)
    //
    // Get the current time and date information
    //
@@ -71,3 +34,24 @@ index 581b8fb..04fe4ef 100644
 
    //
    // Years Handling
+diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c
+index fb446b6..5a8322d 100644
+--- a/Cryptlib/SysCall/CrtWrapper.c
++++ b/Cryptlib/SysCall/CrtWrapper.c
+@@ -293,16 +293,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream)
+ //  -- Dummy OpenSSL Support Routines --
+ //
+
+-int BIO_printf (void *bio, const char *format, ...)
+-{
+-  return 0;
+-}
+-
+-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+-{
+-  return 0;
+-}
+-
+ void *UI_OpenSSL(void)
+ {
+   return NULL;
diff --git a/Cryptlib/Hmac/CryptHmacMd5Null.c b/Cryptlib/Hmac/CryptHmacMd5Null.c
@@ -1,7 +1,7 @@
 /** @file
   HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
 
-Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 /**
   Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
-  (NOTE: This API is deprecated.
-         Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.)
 
   Return zero to indicate this interface is not supported.
 
@@ -34,42 +32,6 @@ HmacMd5GetContextSize (
   return 0;
 }
 
-/**
-  Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
-  Return NULL to indicate this interface is not supported.
-
-  @retval NULL  This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
-  VOID
-  )
-{
-  ASSERT (FALSE);
-  return NULL;
-}
-
-/**
-  Release the specified HMAC_CTX context.
-
-  This function will do nothing.
-
-  @param[in]  HmacMd5Ctx  Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
-  IN  VOID  *HmacMd5Ctx
-  )
-{
-  ASSERT (FALSE);
-  return;
-}
-
 /**
   Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
   subsequent use. 

diff --git a/Cryptlib/Hmac/CryptHmacSha1Null.c b/Cryptlib/Hmac/CryptHmacSha1Null.c
@@ -1,7 +1,7 @@
 /** @file
   HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.  
 
-Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 /**
   Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
-  (NOTE: This API is deprecated.
-         Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operations.)
 
   Return zero to indicate this interface is not supported.
 
@@ -34,42 +32,6 @@ HmacSha1GetContextSize (
   return 0;
 }
 
-/**
-  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
-  Return NULL to indicate this interface is not supported.
-
-  @return  NULL  This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
-  VOID
-  )
-{
-  ASSERT (FALSE);
-  return NULL;
-}
-
-/**
-  Release the specified HMAC_CTX context.
-
-  This function will do nothing.
-
-  @param[in]  HmacSha1Ctx  Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
-  IN  VOID  *HmacSha1Ctx
-  )
-{
-  ASSERT (FALSE);
-  return;
-}
-
 /**
   Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
   subsequent use.

diff --git a/Cryptlib/Hmac/CryptHmacSha256Null.c b/Cryptlib/Hmac/CryptHmacSha256Null.c
@@ -1,7 +1,7 @@
 /** @file
   HMAC-SHA256 Wrapper Implementation which does not provide real capabilities.
 
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 /**
   Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
-  (NOTE: This API is deprecated.
-         Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.)
 
   Return zero to indicate this interface is not supported.
 
@@ -34,42 +32,6 @@ HmacSha256GetContextSize (
   return 0;
 }
 
-/**
-  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
-
-  Return NULL to indicate this interface is not supported.
-
-  @return  NULL  This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha256New (
-  VOID
-  )
-{
-  ASSERT (FALSE);
-  return NULL;
-}
-
-/**
-  Release the specified HMAC_CTX context.
-
-  This function will do nothing.
-
-  @param[in]  HmacSha256Ctx  Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha256Free (
-  IN  VOID  *HmacSha256Ctx
-  )
-{
-  ASSERT (FALSE);
-  return;
-}
-
 /**
   Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for
   subsequent use.