* New upstream release.debian/15+1533136590.3beb971-1

  - debian/patches/second-stage-path: dropped; the default loader path now
    includes an arch suffix.
  - debian/patches/sbsigntool-no-pesign: dropped; no longer needed.
* Drop remaining patches that were not being applied.
* Sync packaging from Ubuntu:
  - debian/copyright: Update upstream source location.
  - debian/control: add a Build-Depends on libelf-dev.
  - Enable arm64 build.
  - debian/patches/fixup_git.patch: don't run git in clean; we're not
    really in a git tree.
  - debian/rules, debian/shim.install: use the upstream install target as
    intended, and move files to the target directory using dh_install.
  - define RELEASE and COMMIT_ID for the snapshot.
  - Set ENABLE_HTTPBOOT to enable the HTTP Boot feature.
  - Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream
    options: set MAKELEVEL.
  - Define an EFI_ARCH variable, and use that for paths to shim. This
    makes it possible to build a shim for other architectures than amd64.
  - Set EFIDIR=$distro for dh_auto_install; that will let files be installed
    in the "right" final directories, and makes boot.csv for us.
  - Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built
    at compile-time for MokManager and fallback.
  - Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback
    and MokManager.

1 files changed, 72 insertions, 68 deletions

diff --git a/Cryptlib/OpenSSL/crypto/objects/o_names.c b/Cryptlib/OpenSSL/crypto/objects/o_names.c
index 24859926..ed98df8c 100644
--- a/Cryptlib/OpenSSL/crypto/objects/o_names.c
+++ b/Cryptlib/OpenSSL/crypto/objects/o_names.c
@@ -1,3 +1,12 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -7,35 +16,40 @@
 #include <openssl/objects.h>
 #include <openssl/safestack.h>
 #include <openssl/e_os2.h>
+#include "obj_lcl.h"
 
 /*
- * Later versions of DEC C has started to add lnkage information to certain
- * functions, which makes it tricky to use them as values to regular function
- * pointers.  One way is to define a macro that takes care of casting them
- * correctly.
+ * We define this wrapper for two reasons. Firstly, later versions of
+ * DEC C add linkage information to certain functions, which makes it
+ * tricky to use them as values to regular function pointers.
+ * Secondly, in the EDK2 build environment, the strcmp function is
+ * actually an external function (AsciiStrCmp) with the Microsoft ABI,
+ * so we can't transparently assign function pointers to it.
+ * Arguably the latter is a stupidity of the UEFI environment, but
+ * since the wrapper solves the DEC C issue too, let's just use the
+ * same solution.
  */
-#ifdef OPENSSL_SYS_VMS_DECC
-# define OPENSSL_strcmp (int (*)(const char *,const char *))strcmp
+#if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI)
+static int obj_strcmp(const char *a, const char *b)
+{
+    return strcmp(a, b);
+}
 #else
-# define OPENSSL_strcmp strcmp
+#define obj_strcmp strcmp
 #endif
 
 /*
  * I use the ex_data stuff to manage the identifiers for the obj_name_types
  * that applications may define.  I only really use the free function field.
  */
-DECLARE_LHASH_OF(OBJ_NAME);
 static LHASH_OF(OBJ_NAME) *names_lh = NULL;
 static int names_type_num = OBJ_NAME_TYPE_NUM;
 
-typedef struct name_funcs_st {
+struct name_funcs_st {
     unsigned long (*hash_func) (const char *name);
     int (*cmp_func) (const char *a, const char *b);
     void (*free_func) (const char *, int, const char *);
-} NAME_FUNCS;
-
-DECLARE_STACK_OF(NAME_FUNCS)
-IMPLEMENT_STACK_OF(NAME_FUNCS)
+};
 
 static STACK_OF(NAME_FUNCS) *name_funcs_stack;
 
@@ -45,21 +59,16 @@ static STACK_OF(NAME_FUNCS) *name_funcs_stack;
  * casting without the need for macro-generated wrapper functions.
  */
 
-/* static unsigned long obj_name_hash(OBJ_NAME *a); */
-static unsigned long obj_name_hash(const void *a_void);
-/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */
-static int obj_name_cmp(const void *a_void, const void *b_void);
-
-static IMPLEMENT_LHASH_HASH_FN(obj_name, OBJ_NAME)
-static IMPLEMENT_LHASH_COMP_FN(obj_name, OBJ_NAME)
+static unsigned long obj_name_hash(const OBJ_NAME *a);
+static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b);
 
 int OBJ_NAME_init(void)
 {
     if (names_lh != NULL)
         return (1);
-    MemCheck_off();
-    names_lh = lh_OBJ_NAME_new();
-    MemCheck_on();
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
     return (names_lh != NULL);
 }
 
@@ -67,14 +76,13 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
                        int (*cmp_func) (const char *, const char *),
                        void (*free_func) (const char *, int, const char *))
 {
-    int ret;
-    int i;
+    int ret, i, push;
     NAME_FUNCS *name_funcs;
 
     if (name_funcs_stack == NULL) {
-        MemCheck_off();
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
         name_funcs_stack = sk_NAME_FUNCS_new_null();
-        MemCheck_on();
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
     }
     if (name_funcs_stack == NULL) {
         /* ERROR */
@@ -83,22 +91,25 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
     ret = names_type_num;
     names_type_num++;
     for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) {
-        MemCheck_off();
-        name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
-        MemCheck_on();
-        if (!name_funcs) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+        name_funcs = OPENSSL_zalloc(sizeof(*name_funcs));
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        if (name_funcs == NULL) {
             OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
             return (0);
         }
-        name_funcs->hash_func = lh_strhash;
-        name_funcs->cmp_func = OPENSSL_strcmp;
-        name_funcs->free_func = 0; /* NULL is often declared to * ((void
-                                    * *)0), which according * to Compaq C is
-                                    * not really * compatible with a function
-                                    * * pointer.  -- Richard Levitte */
-        MemCheck_off();
-        sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
-        MemCheck_on();
+        name_funcs->hash_func = OPENSSL_LH_strhash;
+        name_funcs->cmp_func = obj_strcmp;
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+        push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+
+        if (!push) {
+            OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(name_funcs);
+            return 0;
+        }
     }
     name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
     if (hash_func != NULL)
@@ -110,12 +121,9 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
     return (ret);
 }
 
-/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */
-static int obj_name_cmp(const void *a_void, const void *b_void)
+static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b)
 {
     int ret;
-    const OBJ_NAME *a = (const OBJ_NAME *)a_void;
-    const OBJ_NAME *b = (const OBJ_NAME *)b_void;
 
     ret = a->type - b->type;
     if (ret == 0) {
@@ -129,11 +137,9 @@ static int obj_name_cmp(const void *a_void, const void *b_void)
     return (ret);
 }
 
-/* static unsigned long obj_name_hash(OBJ_NAME *a) */
-static unsigned long obj_name_hash(const void *a_void)
+static unsigned long obj_name_hash(const OBJ_NAME *a)
 {
     unsigned long ret;
-    const OBJ_NAME *a = (const OBJ_NAME *)a_void;
 
     if ((name_funcs_stack != NULL)
         && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
@@ -141,7 +147,7 @@ static unsigned long obj_name_hash(const void *a_void)
             sk_NAME_FUNCS_value(name_funcs_stack,
                                 a->type)->hash_func(a->name);
     } else {
-        ret = lh_strhash(a->name);
+        ret = OPENSSL_LH_strhash(a->name);
     }
     ret ^= a->type;
     return (ret);
@@ -188,10 +194,10 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
     alias = type & OBJ_NAME_ALIAS;
     type &= ~OBJ_NAME_ALIAS;
 
-    onp = (OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME));
+    onp = OPENSSL_malloc(sizeof(*onp));
     if (onp == NULL) {
         /* ERROR */
-        return (0);
+        return 0;
     }
 
     onp->name = name;
@@ -216,10 +222,11 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
     } else {
         if (lh_OBJ_NAME_error(names_lh)) {
             /* ERROR */
-            return (0);
+            OPENSSL_free(onp);
+            return 0;
         }
     }
-    return (1);
+    return 1;
 }
 
 int OBJ_NAME_remove(const char *name, int type)
@@ -251,31 +258,30 @@ int OBJ_NAME_remove(const char *name, int type)
         return (0);
 }
 
-struct doall {
+typedef struct {
     int type;
     void (*fn) (const OBJ_NAME *, void *arg);
     void *arg;
-};
+} OBJ_DOALL;
 
-static void do_all_fn_doall_arg(const OBJ_NAME *name, struct doall *d)
+static void do_all_fn(const OBJ_NAME *name, OBJ_DOALL *d)
 {
     if (name->type == d->type)
         d->fn(name, d->arg);
 }
 
-static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME, struct doall)
+IMPLEMENT_LHASH_DOALL_ARG_CONST(OBJ_NAME, OBJ_DOALL);
 
 void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg),
                      void *arg)
 {
-    struct doall d;
+    OBJ_DOALL d;
 
     d.type = type;
     d.fn = fn;
     d.arg = arg;
 
-    lh_OBJ_NAME_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn),
-                          struct doall, &d);
+    lh_OBJ_NAME_doall_OBJ_DOALL(names_lh, do_all_fn, &d);
 }
 
 struct doall_sorted {
@@ -311,13 +317,13 @@ void OBJ_NAME_do_all_sorted(int type,
 
     d.type = type;
     d.names =
-        OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names);
+        OPENSSL_malloc(sizeof(*d.names) * lh_OBJ_NAME_num_items(names_lh));
     /* Really should return an error if !d.names...but its a void function! */
-    if (d.names) {
+    if (d.names != NULL) {
         d.n = 0;
         OBJ_NAME_do_all(type, do_all_sorted_fn, &d);
 
-        qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp);
+        qsort((void *)d.names, d.n, sizeof(*d.names), do_all_sorted_cmp);
 
         for (n = 0; n < d.n; ++n)
             fn(d.names[n], arg);
@@ -337,8 +343,6 @@ static void names_lh_free_doall(OBJ_NAME *onp)
         OBJ_NAME_remove(onp->name, onp->type);
 }
 
-static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME)
-
 static void name_funcs_free(NAME_FUNCS *ptr)
 {
     OPENSSL_free(ptr);
@@ -352,15 +356,15 @@ void OBJ_NAME_cleanup(int type)
         return;
 
     free_type = type;
-    down_load = lh_OBJ_NAME_down_load(names_lh);
-    lh_OBJ_NAME_down_load(names_lh) = 0;
+    down_load = lh_OBJ_NAME_get_down_load(names_lh);
+    lh_OBJ_NAME_set_down_load(names_lh, 0);
 
-    lh_OBJ_NAME_doall(names_lh, LHASH_DOALL_FN(names_lh_free));
+    lh_OBJ_NAME_doall(names_lh, names_lh_free_doall);
     if (type < 0) {
         lh_OBJ_NAME_free(names_lh);
         sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free);
         names_lh = NULL;
         name_funcs_stack = NULL;
     } else
-        lh_OBJ_NAME_down_load(names_lh) = down_load;
+        lh_OBJ_NAME_set_down_load(names_lh, down_load);
 }