From 4210fa29b612e855faf4f21a52d62dd0eadbc44a Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jun 25 2015 13:37:53 +0000 Subject: import shim-0.7-10.aa7a --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b1df45d --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/mokutil-0.2.0.tar.gz +SOURCES/shim-0.7.tar.bz2 diff --git a/.shim.metadata b/.shim.metadata new file mode 100644 index 0000000..e5cb147 --- /dev/null +++ b/.shim.metadata @@ -0,0 +1,2 @@ +ef680b489eb689a390ed2e1470eaaf2682ad5072 SOURCES/mokutil-0.2.0.tar.gz +90d69f28accc9319a2e08fc23df76a8f117fb668 SOURCES/shim-0.7.tar.bz2 diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/0001-Align-the-sections-we-re-loading-and-check-for-valid.patch b/SOURCES/0001-Align-the-sections-we-re-loading-and-check-for-valid.patch new file mode 100644 index 0000000..c2dbcba --- /dev/null +++ b/SOURCES/0001-Align-the-sections-we-re-loading-and-check-for-valid.patch @@ -0,0 +1,102 @@ +From ebd5dd071bb3194f335044a2c4928d527ff073ad Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 6 Feb 2015 17:48:07 -0500 +Subject: [PATCH] Align the sections we're loading, and check for validity + /after/ discarding. + +Turns out a) the codegen on aarch64 generates code that has real +alignment needs, and b) if we check the length of discardable sections +before discarding them, we error for no reason. + +So do the error checking in the right order, and always enforce some +alignment because we know we have to. + +Signed-off-by: Peter Jones +--- + include/PeImage.h | 1 + + shim.c | 28 +++++++++++++++++----------- + 2 files changed, 18 insertions(+), 11 deletions(-) + +diff --git a/include/PeImage.h b/include/PeImage.h +index 133e11e..05f32ea 100644 +--- a/include/PeImage.h ++++ b/include/PeImage.h +@@ -778,6 +778,7 @@ typedef struct { + UINTN SizeOfHeaders; + UINT16 ImageType; + UINT16 NumberOfSections; ++ UINT32 SectionAlignment; + EFI_IMAGE_SECTION_HEADER *FirstSection; + EFI_IMAGE_DATA_DIRECTORY *RelocDir; + EFI_IMAGE_DATA_DIRECTORY *SecDir; +diff --git a/shim.c b/shim.c +index 8076caa..6d577af 100644 +--- a/shim.c ++++ b/shim.c +@@ -1002,14 +1002,18 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; + context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; + context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; ++ context->SectionAlignment = PEHdr->Pe32Plus.OptionalHeader.SectionAlignment; + OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64); + } else { + context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes; + context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders; + context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage; ++ context->SectionAlignment = PEHdr->Pe32.OptionalHeader.SectionAlignment; + OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32); + } + ++ if (context->SectionAlignment < 0x1000) ++ context->SectionAlignment = 0x1000; + context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; + + if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) { +@@ -1128,7 +1132,8 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + } + } + +- buffer = AllocatePool(context.ImageSize); ++ buffer = AllocatePool(context.ImageSize + context.SectionAlignment); ++ buffer = ALIGN_POINTER(buffer, context.SectionAlignment); + + if (!buffer) { + perror(L"Failed to allocate image buffer\n"); +@@ -1159,16 +1164,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + + base = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress); + end = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress + size - 1); +- if (!base || !end) { +- perror(L"Invalid section size\n"); +- return EFI_UNSUPPORTED; +- } +- +- if (Section->VirtualAddress < context.SizeOfHeaders || +- Section->PointerToRawData < context.SizeOfHeaders) { +- perror(L"Section is inside image headers\n"); +- return EFI_UNSUPPORTED; +- } + + /* We do want to process .reloc, but it's often marked + * discardable, so we don't want to memcpy it. */ +@@ -1194,6 +1189,17 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + continue; + } + ++ if (!base || !end) { ++ perror(L"Section %d has invalid size\n", i); ++ return EFI_UNSUPPORTED; ++ } ++ ++ if (Section->VirtualAddress < context.SizeOfHeaders || ++ Section->PointerToRawData < context.SizeOfHeaders) { ++ perror(L"Section %d is inside image headers\n", i); ++ return EFI_UNSUPPORTED; ++ } ++ + if (Section->SizeOfRawData > 0) + CopyMem(base, data + Section->PointerToRawData, size); + +-- +2.1.0 + diff --git a/SOURCES/0001-Make-lib-build-right-with-the-cflags-it-should-be-us.patch b/SOURCES/0001-Make-lib-build-right-with-the-cflags-it-should-be-us.patch new file mode 100644 index 0000000..95037c9 --- /dev/null +++ b/SOURCES/0001-Make-lib-build-right-with-the-cflags-it-should-be-us.patch @@ -0,0 +1,215 @@ +From 5904ae56d328786f7e81fdd3cf129426cb34c415 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 25 Feb 2015 16:33:59 -0500 +Subject: [PATCH 1/2] Make lib/ build right with the cflags it should be + using... + +... but isn't. + +Signed-off-by: Peter Jones +--- + include/console.h | 9 ++++++--- + include/guid.h | 5 ----- + lib/configtable.c | 4 ++-- + lib/console.c | 23 +++++++++++++---------- + lib/execute.c | 2 +- + lib/guid.c | 26 -------------------------- + lib/shell.c | 2 +- + 7 files changed, 23 insertions(+), 48 deletions(-) + +diff --git a/include/console.h b/include/console.h +index 9c793ea..ecaa73f 100644 +--- a/include/console.h ++++ b/include/console.h +@@ -4,13 +4,16 @@ + EFI_STATUS + console_get_keystroke(EFI_INPUT_KEY *key); + void +-console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_row, int size_cols, int size_rows, int offset, int lines); ++console_print_box_at(CHAR16 *str_arr[], unsigned int highlight, ++ unsigned int start_col, unsigned int start_row, ++ unsigned int size_cols, unsigned int size_rows, ++ int offset, unsigned int lines); + void +-console_print_box(CHAR16 *str_arr[], int highlight); ++console_print_box(CHAR16 *str_arr[], unsigned int highlight); + int + console_yes_no(CHAR16 *str_arr[]); + int +-console_select(CHAR16 *title[], CHAR16* selectors[], int start); ++console_select(CHAR16 *title[], CHAR16* selectors[], unsigned int start); + void + console_errorbox(CHAR16 *err); + void +diff --git a/include/guid.h b/include/guid.h +index 3c58be0..86b709b 100644 +--- a/include/guid.h ++++ b/include/guid.h +@@ -1,10 +1,5 @@ + #include + +-#ifndef BUILD_EFI +-const char *guid_to_str(EFI_GUID *guid); +-void str_to_guid(const char *str, EFI_GUID *guid); +-#endif +- + extern EFI_GUID GV_GUID; + extern EFI_GUID SIG_DB; + extern EFI_GUID X509_GUID; +diff --git a/lib/configtable.c b/lib/configtable.c +index e2d92bf..edf2ed7 100644 +--- a/lib/configtable.c ++++ b/lib/configtable.c +@@ -14,7 +14,7 @@ + void * + configtable_get_table(EFI_GUID *guid) + { +- int i; ++ unsigned int i; + + for (i = 0; i < ST->NumberOfTableEntries; i++) { + EFI_CONFIGURATION_TABLE *CT = &ST->ConfigurationTable[i]; +@@ -82,7 +82,7 @@ configtable_find_image(const EFI_DEVICE_PATH *DevicePath) + } + EFI_DEVICE_PATH *dp = (EFI_DEVICE_PATH *)(e->Data + skip), *dpn = dp; + if (dp->Type == 0 || dp->Type > 6 || dp->SubType == 0 +- || (((dp->Length[1] << 8) + dp->Length[0]) > e->InfoSize)) { ++ || ((unsigned)((dp->Length[1] << 8) + dp->Length[0]) > e->InfoSize)) { + /* Parse error, table corrupt, bail */ + Print(L"Image Execution Information table corrupt\n"); + break; +diff --git a/lib/console.c b/lib/console.c +index 83ee679..10bc154 100644 +--- a/lib/console.c ++++ b/lib/console.c +@@ -33,7 +33,7 @@ count_lines(CHAR16 *str_arr[]) + static void + SetMem16(CHAR16 *dst, UINT32 n, CHAR16 c) + { +- int i; ++ unsigned int i; + + for (i = 0; i < n/2; i++) { + dst[i] = c; +@@ -55,9 +55,12 @@ console_get_keystroke(EFI_INPUT_KEY *key) + } + + void +-console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_row, int size_cols, int size_rows, int offset, int lines) ++console_print_box_at(CHAR16 *str_arr[], unsigned int highlight, ++ unsigned int start_col, unsigned int start_row, ++ unsigned int size_cols, unsigned int size_rows, ++ int offset, unsigned int lines) + { +- int i; ++ unsigned int i; + SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; + UINTN rows, cols; + CHAR16 *Line; +@@ -124,7 +127,7 @@ console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_ + + + for (i = start_row + 1; i < size_rows + start_row - 1; i++) { +- int line = i - start; ++ unsigned int line = i - start; + + SetMem16 (Line, size_cols*2, L' '); + Line[0] = BOXDRAW_VERTICAL; +@@ -160,7 +163,7 @@ console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_ + } + + void +-console_print_box(CHAR16 *str_arr[], int highlight) ++console_print_box(CHAR16 *str_arr[], unsigned int highlight) + { + SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode; + SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; +@@ -181,17 +184,17 @@ console_print_box(CHAR16 *str_arr[], int highlight) + } + + int +-console_select(CHAR16 *title[], CHAR16* selectors[], int start) ++console_select(CHAR16 *title[], CHAR16* selectors[], unsigned int start) + { + SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode; + SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; + EFI_INPUT_KEY k; + EFI_STATUS status; +- int selector; +- int selector_lines = count_lines(selectors); ++ unsigned int selector; ++ unsigned int selector_lines = count_lines(selectors); + int selector_max_cols = 0; +- int i, offs_col, offs_row, size_cols, size_rows, lines; +- int selector_offset; ++ unsigned int i, offs_col, offs_row, size_cols, size_rows, lines; ++ unsigned int selector_offset; + UINTN cols, rows; + + uefi_call_wrapper(co->QueryMode, 4, co, co->Mode->Mode, &cols, &rows); +diff --git a/lib/execute.c b/lib/execute.c +index 42d71c8..89328c6 100644 +--- a/lib/execute.c ++++ b/lib/execute.c +@@ -51,7 +51,7 @@ generate_path(CHAR16* name, EFI_LOADED_IMAGE *li, EFI_DEVICE_PATH **path, CHAR16 + EFI_STATUS efi_status = EFI_SUCCESS; + CHAR16 *devpathstr = DevicePathToStr(li->FilePath), + *found = NULL; +- int i; ++ unsigned int i; + + for (i = 0; i < StrLen(devpathstr); i++) { + if (devpathstr[i] == '/') +diff --git a/lib/guid.c b/lib/guid.c +index 56ec952..5f5a03f 100644 +--- a/lib/guid.c ++++ b/lib/guid.c +@@ -5,32 +5,6 @@ + */ + + #include +-#include +- +-#ifndef BUILD_EFI +-/* EFI has %g for this, so it's only needed in platform c */ +-const char *guid_to_str(EFI_GUID *guid) +-{ +- static char str[256]; +- +- sprintf(str, "%08x-%04hx-%04hx-%02hhx%02hhx-%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx", +- guid->Data1, guid->Data2, guid->Data3, +- guid->Data4[0], guid->Data4[1], guid->Data4[2], +- guid->Data4[3], guid->Data4[4], guid->Data4[5], +- guid->Data4[6], guid->Data4[7]); +- +- return str; +-} +- +-void str_to_guid(const char *str, EFI_GUID *guid) +-{ +- sscanf(str, "%8x-%4hx-%4hx-%2hhx%2hhx-%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx", +- &guid->Data1, &guid->Data2, &guid->Data3, +- guid->Data4, guid->Data4 + 1, guid->Data4 + 2, +- guid->Data4 + 3, guid->Data4 + 4, guid->Data4 + 5, +- guid->Data4 + 6, guid->Data4 + 7); +-} +-#endif + + /* all the necessary guids */ + EFI_GUID GV_GUID = EFI_GLOBAL_VARIABLE; +diff --git a/lib/shell.c b/lib/shell.c +index 7337834..afd3952 100644 +--- a/lib/shell.c ++++ b/lib/shell.c +@@ -13,7 +13,7 @@ + EFI_STATUS + argsplit(EFI_HANDLE image, int *argc, CHAR16*** ARGV) + { +- int i, count = 1; ++ unsigned int i, count = 1; + EFI_STATUS status; + EFI_LOADED_IMAGE *info; + CHAR16 *start; +-- +2.1.0 + diff --git a/SOURCES/0001-fallback-Fix-comparison-between-signed-and-unsigned-.patch b/SOURCES/0001-fallback-Fix-comparison-between-signed-and-unsigned-.patch new file mode 100644 index 0000000..45b2bc5 --- /dev/null +++ b/SOURCES/0001-fallback-Fix-comparison-between-signed-and-unsigned-.patch @@ -0,0 +1,48 @@ +From 8bd4477e3a28a6c7a32f2c1e338ed3ec8394f2e4 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Wed, 25 Feb 2015 18:03:37 +0000 +Subject: [PATCH 1/2] fallback: Fix comparison between signed and unsigned in + debugging code. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +fallback.c: In function ‘update_boot_order’: +fallback.c:334:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare] + for (j = 0 ; j < size / sizeof (CHAR16); j++) + ^ +fallback.c: In function ‘add_to_boot_list’: +fallback.c:402:16: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare] + for (i = 0; i < s; i++) { + ^ + +Signed-off-by: Richard W.M. Jones +--- + fallback.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fallback.c b/fallback.c +index d10fb62..e739b78 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -328,7 +328,7 @@ update_boot_order(void) + + #ifdef DEBUG_FALLBACK + Print(L"nbootorder: %d\nBootOrder: ", size / sizeof (CHAR16)); +- int j; ++ UINTN j; + for (j = 0 ; j < size / sizeof (CHAR16); j++) + Print(L"%04x ", newbootorder[j]); + Print(L"\n"); +@@ -395,7 +395,7 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * + #ifdef DEBUG_FALLBACK + { + UINTN s = DevicePathSize(dp); +- int i; ++ UINTN i; + UINT8 *dpv = (void *)dp; + for (i = 0; i < s; i++) { + if (i > 0 && i % 16 == 0) +-- +2.1.0 + diff --git a/SOURCES/0001-fix-verify_mok.patch b/SOURCES/0001-fix-verify_mok.patch new file mode 100644 index 0000000..100115b --- /dev/null +++ b/SOURCES/0001-fix-verify_mok.patch @@ -0,0 +1,54 @@ +From 11495d4019d44dce1487939f91f7d751ffbb9730 Mon Sep 17 00:00:00 2001 +From: Andrew Boie +Date: Mon, 15 Apr 2013 14:11:17 -0700 +Subject: [PATCH 01/74] fix verify_mok() + +() Fix the return value semantics. If the MokList doesn't +exist, we are OK. If the MokList was compromised but we +were able to erase it, that is OK too. Only if the list +can't be nuked do we return an error. + +() Fix use of potentially uninitialized attribute variable + +() Actually use the return value when called from verify_buffer. + +Change-Id: If16df21d79c52a1726928df96d133390cde4cb7e +Signed-off-by: Andrew Boie +--- + shim.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/shim.c b/shim.c +index 23dd0ee..dcb36d0 100644 +--- a/shim.c ++++ b/shim.c +@@ -670,13 +670,12 @@ static EFI_STATUS verify_mok (void) { + status = get_variable_attr(L"MokList", &MokListData, &MokListDataSize, + shim_lock_guid, &attributes); + +- if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { ++ if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) { + Print(L"MokList is compromised!\nErase all keys in MokList!\n"); + if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) { + Print(L"Failed to erase MokList\n"); ++ return EFI_ACCESS_DENIED; + } +- status = EFI_ACCESS_DENIED; +- return status; + } + + if (MokListData) +@@ -722,7 +721,9 @@ static EFI_STATUS verify_buffer (char *data, int datasize, + /* + * Check that the MOK database hasn't been modified + */ +- verify_mok(); ++ status = verify_mok(); ++ if (status != EFI_SUCCESS) ++ return status; + + /* + * Ensure that the binary isn't blacklisted +-- +1.9.3 + diff --git a/SOURCES/0002-Fix-length-of-allocated-buffer-for-boot-option-compa.patch b/SOURCES/0002-Fix-length-of-allocated-buffer-for-boot-option-compa.patch new file mode 100644 index 0000000..953951f --- /dev/null +++ b/SOURCES/0002-Fix-length-of-allocated-buffer-for-boot-option-compa.patch @@ -0,0 +1,55 @@ +From 8a72ee927a71806e00d1c7a45d77167f397102ae Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 25 Feb 2015 18:45:41 +0000 +Subject: [PATCH 2/2] Fix length of allocated buffer for boot option + comparison. + +The following commit: + + commit 4aac8a1179e160397d7ef8f1e3232cfb4f3373d6 + Author: Gary Ching-Pang Lin + Date: Thu Mar 6 10:57:02 2014 +0800 + + [fallback] Fix the data size for boot option comparison + +corrected the data size used for comparison, but also reduced the +allocation so it doesn't include the trailing UTF16LE '\0\0' at the +end of the string, with the result that the trailer of the buffer +containing the string is overwritten, which OVMF detects as memory +corruption. + +Increase the size of the storage buffer in a few places to correct +this problem. + +Signed-off-by: Richard W.M. Jones +Cc: Laszlo Ersek +Cc: Gary Ching-Pang Lin +--- + fallback.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fallback.c b/fallback.c +index e739b78..8489b2e 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -163,7 +163,7 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, + StrLen(label)*2 + 2 + DevicePathSize(hddp) + + StrLen(arguments) * 2; + +- CHAR8 *data = AllocateZeroPool(size); ++ CHAR8 *data = AllocateZeroPool(size + 2); + CHAR8 *cursor = data; + *(UINT32 *)cursor = LOAD_OPTION_ACTIVE; + cursor += sizeof (UINT32); +@@ -234,7 +234,7 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, + StrLen(label)*2 + 2 + DevicePathSize(dp) + + StrLen(arguments) * 2; + +- CHAR8 *data = AllocateZeroPool(size); ++ CHAR8 *data = AllocateZeroPool(size + 2); + if (!data) + return EFI_OUT_OF_RESOURCES; + CHAR8 *cursor = data; +-- +2.1.0 + diff --git a/SOURCES/0002-Make-lib-use-the-right-CFLAGS.patch b/SOURCES/0002-Make-lib-use-the-right-CFLAGS.patch new file mode 100644 index 0000000..15ab83a --- /dev/null +++ b/SOURCES/0002-Make-lib-use-the-right-CFLAGS.patch @@ -0,0 +1,74 @@ +From d3a8eedee05c8991117a8efb8bfa3fe606d6c2e9 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 25 Feb 2015 16:34:28 -0500 +Subject: [PATCH 2/2] Make lib/ use the right CFLAGS. + +Signed-off-by: Peter Jones +--- + Makefile | 4 ++-- + lib/Makefile | 11 ----------- + lib/console.c | 4 ++-- + 3 files changed, 4 insertions(+), 15 deletions(-) + +diff --git a/Makefile b/Makefile +index 332a29b..532bcf3 100644 +--- a/Makefile ++++ b/Makefile +@@ -9,7 +9,7 @@ SUBDIRS = Cryptlib lib + LIB_PATH = /usr/lib64 + + EFI_INCLUDE := /usr/include/efi +-EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude ++EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I$(shell pwd)/include + EFI_PATH := /usr/lib64/gnuefi + + LIB_GCC = $(shell $(CC) -print-libgcc-file-name) +@@ -115,7 +115,7 @@ Cryptlib/OpenSSL/libopenssl.a: + $(MAKE) -C Cryptlib/OpenSSL + + lib/lib.a: +- $(MAKE) -C lib ++ $(MAKE) CFLAGS="$(CFLAGS)" -C lib + + ifeq ($(ARCH),aarch64) + FORMAT := -O binary +diff --git a/lib/Makefile b/lib/Makefile +index ebd21a1..d93a26d 100644 +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -4,17 +4,6 @@ LIBFILES = simple_file.o guid.o console.o execute.o configtable.o shell.o variab + + EFI_INCLUDES = -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I../include + +-CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ +- -fshort-wchar -Wall -DBUILD_EFI -fno-builtin -Werror \ +- $(EFI_INCLUDES) +- +-ifeq ($(ARCH),x86_64) +- CFLAGS += -mno-red-zone -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI +-endif +-ifeq ($(ARCH),ia32) +- CFLAGS += -mno-red-zone -m32 +-endif +- + lib.a: $(LIBFILES) + ar rcs lib.a $(LIBFILES) + +diff --git a/lib/console.c b/lib/console.c +index 10bc154..e70ab48 100644 +--- a/lib/console.c ++++ b/lib/console.c +@@ -4,8 +4,8 @@ + * + * see COPYING file + */ +-#include +-#include ++#include ++#include + + #include + #include +-- +2.1.0 + diff --git a/SOURCES/0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch b/SOURCES/0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch new file mode 100644 index 0000000..e97a0a2 --- /dev/null +++ b/SOURCES/0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch @@ -0,0 +1,175 @@ +From 8e9d3af7b108cc76ce18017b3f58ad4b2e60989f Mon Sep 17 00:00:00 2001 +From: Mohanraj S +Date: Tue, 27 Aug 2013 09:27:00 -0700 +Subject: [PATCH 02/74] shim.c: Add support for hashing/relocation of 32-bit + binaries + +Change-Id: Ib93305f7f1691d1b142567507df1058de62dde06 +Signed-off-by: Andrew Boie +--- + shim.c | 72 +++++++++++++++++++++++++++++++++++++++++++++--------------------- + 1 file changed, 49 insertions(+), 23 deletions(-) + +diff --git a/shim.c b/shim.c +index dcb36d0..a043779 100644 +--- a/shim.c ++++ b/shim.c +@@ -126,7 +126,11 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + int size = context->ImageSize; + void *ImageEnd = (char *)data + size; + ++#if __LP64__ + context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data; ++#else ++ context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)data; ++#endif + + if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { + Print(L"Image has no relocation entry\n"); +@@ -141,7 +145,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + return EFI_UNSUPPORTED; + } + +- Adjust = (UINT64)data - context->ImageAddress; ++ Adjust = (UINTN)data - context->ImageAddress; + + if (Adjust == 0) + return EFI_SUCCESS; +@@ -549,9 +553,15 @@ static EFI_STATUS generate_hash (char *data, int datasize, + } + + /* Hash end of certificate table to end of image header */ ++#if __LP64__ + hashbase = (char *) &context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + hashsize = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders - + (int) ((char *) (&context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data); ++#else ++ hashbase = (char *) &context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; ++ hashsize = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders - ++ (int) ((char *) (&context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data); ++#endif + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +@@ -561,7 +571,11 @@ static EFI_STATUS generate_hash (char *data, int datasize, + } + + /* Sort sections */ ++#if __LP64__ + SumOfBytesHashed = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; ++#else ++ SumOfBytesHashed = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders; ++#endif + + Section = (EFI_IMAGE_SECTION_HEADER *) ( + (char *)context->PEHdr + sizeof (UINT32) + +@@ -628,7 +642,11 @@ static EFI_STATUS generate_hash (char *data, int datasize, + hashbase = data + SumOfBytesHashed; + hashsize = (unsigned int)( + size - ++#if __LP64__ + context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - ++#else ++ context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - ++#endif + SumOfBytesHashed); + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || +@@ -781,7 +799,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + { + EFI_IMAGE_DOS_HEADER *DosHdr = data; + EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr = data; +- unsigned long HeaderWithoutDataDir, SectionHeaderOffset; ++ unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize; + + if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) { + Print(L"Invalid image\n"); +@@ -790,18 +808,28 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + + if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) + PEHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)((char *)data + DosHdr->e_lfanew); ++#if __LP64__ ++ context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; ++ context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; ++ context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; ++ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64); ++#else ++ context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes; ++ context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders; ++ context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage; ++ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32); ++#endif ++ context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; + +- if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES +- < PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes) { ++ if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) { + Print(L"Image header too small\n"); + return EFI_UNSUPPORTED; + } + +- HeaderWithoutDataDir = sizeof (EFI_IMAGE_OPTIONAL_HEADER64) ++ HeaderWithoutDataDir = OptHeaderSize + - sizeof (EFI_IMAGE_DATA_DIRECTORY) * EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES; +- if (((UINT32)PEHdr->Pe32Plus.FileHeader.SizeOfOptionalHeader - HeaderWithoutDataDir) != +- PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes +- * sizeof (EFI_IMAGE_DATA_DIRECTORY)) { ++ if (((UINT32)PEHdr->Pe32.FileHeader.SizeOfOptionalHeader - HeaderWithoutDataDir) != ++ context->NumberOfRvaAndSizes * sizeof (EFI_IMAGE_DATA_DIRECTORY)) { + Print(L"Image header overflows data directory\n"); + return EFI_UNSUPPORTED; + } +@@ -809,15 +837,15 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + SectionHeaderOffset = DosHdr->e_lfanew + + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER) +- + PEHdr->Pe32Plus.FileHeader.SizeOfOptionalHeader; +- if ((PEHdr->Pe32Plus.OptionalHeader.SizeOfImage - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER +- <= PEHdr->Pe32Plus.FileHeader.NumberOfSections) { ++ + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader; ++ if (((UINT32)context->ImageSize - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER ++ <= context->NumberOfSections) { + Print(L"Image sections overflow image size\n"); + return EFI_UNSUPPORTED; + } + +- if ((PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER +- < (UINT32)PEHdr->Pe32Plus.FileHeader.NumberOfSections) { ++ if ((context->SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER ++ < (UINT32)context->NumberOfSections) { + Print(L"Image sections overflow section headers\n"); + return EFI_UNSUPPORTED; + } +@@ -837,21 +865,19 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + return EFI_UNSUPPORTED; + } + +- if (PEHdr->Pe32.OptionalHeader.Magic != EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) { +- Print(L"Only 64-bit images supported\n"); +- return EFI_UNSUPPORTED; +- } +- + context->PEHdr = PEHdr; ++#if __LP64__ + context->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase; +- context->ImageSize = (UINT64)PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; +- context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; + context->EntryPoint = PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint; + context->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; +- context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; +- context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; +- context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER)); + context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; ++#else ++ context->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase; ++ context->EntryPoint = PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint; ++ context->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; ++ context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; ++#endif ++ context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER)); + + if (context->ImageSize < context->SizeOfHeaders) { + Print(L"Invalid image\n"); +-- +1.9.3 + diff --git a/SOURCES/0003-netboot.h-fix-build-error-on-32-bit-systems.patch b/SOURCES/0003-netboot.h-fix-build-error-on-32-bit-systems.patch new file mode 100644 index 0000000..8d85654 --- /dev/null +++ b/SOURCES/0003-netboot.h-fix-build-error-on-32-bit-systems.patch @@ -0,0 +1,27 @@ +From 434e854202236ec5809dbb96589fc34313dbff9e Mon Sep 17 00:00:00 2001 +From: Andrew Boie +Date: Thu, 31 Oct 2013 13:56:56 -0700 +Subject: [PATCH 03/74] netboot.h: fix build error on 32-bit systems + +Function prototype/implementation mismatch. + +Change-Id: I89aaae1b49d0372d3aed76fc21c194e0ae55f72e +Signed-off-by: Andrew Boie +--- + netboot.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/netboot.h b/netboot.h +index 2cdb421..6417373 100644 +--- a/netboot.h ++++ b/netboot.h +@@ -5,5 +5,5 @@ extern BOOLEAN findNetboot(EFI_HANDLE image_handle); + + extern EFI_STATUS parseNetbootinfo(EFI_HANDLE image_handle); + +-extern EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINTN *bufsiz); ++extern EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINT64 *bufsiz); + #endif +-- +1.9.3 + diff --git a/SOURCES/0004-properly-compile-OpenSSL-in-32-bit-mode.patch b/SOURCES/0004-properly-compile-OpenSSL-in-32-bit-mode.patch new file mode 100644 index 0000000..f9b2147 --- /dev/null +++ b/SOURCES/0004-properly-compile-OpenSSL-in-32-bit-mode.patch @@ -0,0 +1,34 @@ +From c5ed2dfa5d9c2d5de33db290ae8cc237342dbc4c Mon Sep 17 00:00:00 2001 +From: Andrey Petrov +Date: Mon, 11 Nov 2013 13:46:42 -0800 +Subject: [PATCH 04/74] properly compile OpenSSL in 32-bit mode + +Change-Id: Iff3ee5ae0f0b95b282b99a23e465723b4e9f6104 +Signed-off-by: Andrey Petrov +Signed-off-by: Andrew Boie +--- + Cryptlib/OpenSSL/Makefile | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile +index c93d5af..3d5a87c 100644 +--- a/Cryptlib/OpenSSL/Makefile ++++ b/Cryptlib/OpenSSL/Makefile +@@ -10,9 +10,12 @@ LIB_GCC = $(shell $(CC) -print-libgcc-file-name) + EFI_LIBS = -lefi -lgnuefi $(LIB_GCC) + + CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ +- -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -DSIXTY_FOUR_BIT_LONG -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC ++ -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC + ifeq ($(ARCH),x86_64) +- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI ++ CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG ++endif ++ifeq ($(ARCH),ia32) ++ CFLAGS += -DTHIRTY_TWO_BIT + endif + LDFLAGS = -nostdlib -znocombreloc + +-- +1.9.3 + diff --git a/SOURCES/0005-fallback.c-fix-32-bit-compilation.patch b/SOURCES/0005-fallback.c-fix-32-bit-compilation.patch new file mode 100644 index 0000000..6380173 --- /dev/null +++ b/SOURCES/0005-fallback.c-fix-32-bit-compilation.patch @@ -0,0 +1,38 @@ +From d74ab697f7f20418eeb09f0291cc480d43241dea Mon Sep 17 00:00:00 2001 +From: Andrew Boie +Date: Mon, 11 Nov 2013 16:12:23 -0800 +Subject: [PATCH 05/74] fallback.c: fix 32-bit compilation + +fh->Read expects pointer to 32-bit int, use UINTN + +Change-Id: If1a728efd51a9a24dfcd8123e84bf4c0713491fe +Signed-off-by: Andrew Boie +--- + fallback.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fallback.c b/fallback.c +index 82ddbf2..c875144 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -15,7 +15,7 @@ + EFI_LOADED_IMAGE *this_image = NULL; + + static EFI_STATUS +-get_file_size(EFI_FILE_HANDLE fh, UINT64 *retsize) ++get_file_size(EFI_FILE_HANDLE fh, UINTN *retsize) + { + EFI_STATUS rc; + void *buffer = NULL; +@@ -60,7 +60,7 @@ read_file(EFI_FILE_HANDLE fh, CHAR16 *fullpath, CHAR16 **buffer, UINT64 *bs) + return rc; + } + +- UINT64 len = 0; ++ UINTN len = 0; + CHAR16 *b = NULL; + rc = get_file_size(fh2, &len); + if (EFI_ERROR(rc)) { +-- +1.9.3 + diff --git a/SOURCES/0006-fix-fallback.so-build-dependency.patch b/SOURCES/0006-fix-fallback.so-build-dependency.patch new file mode 100644 index 0000000..b03f3e8 --- /dev/null +++ b/SOURCES/0006-fix-fallback.so-build-dependency.patch @@ -0,0 +1,29 @@ +From 06e15d762966d4224f7e54480b9213c4dcf1fe35 Mon Sep 17 00:00:00 2001 +From: Andrew Boie +Date: Mon, 11 Nov 2013 16:14:22 -0800 +Subject: [PATCH 06/74] fix fallback.so build dependency + +Exposed during parallel builds + +Change-Id: I9867858166dcafd69438f37ee5da14a267ace8f4 +Signed-off-by: Andrew Boie +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index a22c6b3..2eab862 100644 +--- a/Makefile ++++ b/Makefile +@@ -83,7 +83,7 @@ shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a + + fallback.o: $(FALLBACK_SRCS) + +-fallback.so: $(FALLBACK_OBJS) ++fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) + + MokManager.o: $(MOK_SOURCES) +-- +1.9.3 + diff --git a/SOURCES/0007-propagate-some-path-variables.patch b/SOURCES/0007-propagate-some-path-variables.patch new file mode 100644 index 0000000..640d021 --- /dev/null +++ b/SOURCES/0007-propagate-some-path-variables.patch @@ -0,0 +1,38 @@ +From 476d376ed08e1431bf7e20bf47ea3fc6c36dd168 Mon Sep 17 00:00:00 2001 +From: Andrew Boie +Date: Mon, 11 Nov 2013 16:15:39 -0800 +Subject: [PATCH 07/74] propagate some path variables + +If these are overridden on the command line, pass them along to +the sub-makes. + +Change-Id: I531ccb5d2f5e4be8e99d4892cdcfffffc1ad9877 +Signed-off-by: Andrew Boie +--- + Makefile | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/Makefile b/Makefile +index 2eab862..d619ff4 100644 +--- a/Makefile ++++ b/Makefile +@@ -92,13 +92,13 @@ MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a + + Cryptlib/libcryptlib.a: +- $(MAKE) -C Cryptlib ++ $(MAKE) -C Cryptlib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) + + Cryptlib/OpenSSL/libopenssl.a: +- $(MAKE) -C Cryptlib/OpenSSL ++ $(MAKE) -C Cryptlib/OpenSSL EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) + + lib/lib.a: +- $(MAKE) -C lib EFI_PATH=$(EFI_PATH) ++ $(MAKE) -C lib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) + + %.efi: %.so + objcopy -j .text -j .sdata -j .data \ +-- +1.9.3 + diff --git a/SOURCES/0008-allow-32-bit-compilation-with-64-bit-compiler.patch b/SOURCES/0008-allow-32-bit-compilation-with-64-bit-compiler.patch new file mode 100644 index 0000000..5305778 --- /dev/null +++ b/SOURCES/0008-allow-32-bit-compilation-with-64-bit-compiler.patch @@ -0,0 +1,90 @@ +From 9712a7e77dc12f7569858b81d620d85301f50ede Mon Sep 17 00:00:00 2001 +From: Andrew Boie +Date: Mon, 11 Nov 2013 16:17:20 -0800 +Subject: [PATCH 08/74] allow 32-bit compilation with 64-bit compiler + +Also removed unused LIB_PATH from some Makefiles. + +Change-Id: I7d28d18f7531b51b6121a2ffb88bcaedec57c467 +Signed-off-by: Andrew Boie +--- + Cryptlib/Makefile | 5 +++-- + Cryptlib/OpenSSL/Makefile | 4 +--- + Makefile | 3 +++ + lib/Makefile | 3 +++ + 4 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile +index a05a4db..d24e59e 100644 +--- a/Cryptlib/Makefile ++++ b/Cryptlib/Makefile +@@ -1,7 +1,5 @@ + ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) + +-LIB_PATH = /usr/lib64 +- + EFI_INCLUDE = /usr/include/efi + EFI_INCLUDES = -nostdinc -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol + EFI_PATH = /usr/lib64/gnuefi +@@ -14,6 +12,9 @@ CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort- + ifeq ($(ARCH),x86_64) + CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI + endif ++ifeq ($(ARCH),ia32) ++ CFLAGS += -m32 ++endif + LDFLAGS = -nostdlib -znocombreloc + + TARGET = libcryptlib.a +diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile +index 3d5a87c..8e2f2a6 100644 +--- a/Cryptlib/OpenSSL/Makefile ++++ b/Cryptlib/OpenSSL/Makefile +@@ -1,7 +1,5 @@ + ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) + +-LIB_PATH = /usr/lib64 +- + EFI_INCLUDE = /usr/include/efi + EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol + EFI_PATH = /usr/lib64/gnuefi +@@ -15,7 +13,7 @@ ifeq ($(ARCH),x86_64) + CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG + endif + ifeq ($(ARCH),ia32) +- CFLAGS += -DTHIRTY_TWO_BIT ++ CFLAGS += -m32 -DTHIRTY_TWO_BIT + endif + LDFLAGS = -nostdlib -znocombreloc + +diff --git a/Makefile b/Makefile +index d619ff4..e65d28d 100644 +--- a/Makefile ++++ b/Makefile +@@ -28,6 +28,9 @@ endif + ifeq ($(ARCH),x86_64) + CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI + endif ++ifeq ($(ARCH),ia32) ++ CFLAGS += -m32 ++endif + ifneq ($(origin VENDOR_CERT_FILE), undefined) + CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" + endif +diff --git a/lib/Makefile b/lib/Makefile +index adb0347..a9c9cf6 100644 +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -17,6 +17,9 @@ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ + ifeq ($(ARCH),x86_64) + CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI + endif ++ifeq ($(ARCH),ia32) ++ CFLAGS += -m32 ++endif + + lib.a: $(LIBFILES) + ar rcs lib.a $(LIBFILES) +-- +1.9.3 + diff --git a/SOURCES/0009-shim-improve-error-messages.patch b/SOURCES/0009-shim-improve-error-messages.patch new file mode 100644 index 0000000..e18d66f --- /dev/null +++ b/SOURCES/0009-shim-improve-error-messages.patch @@ -0,0 +1,186 @@ +From 2f09d0ab290d9b0d8aa14c3243f1d85a20bc34e6 Mon Sep 17 00:00:00 2001 +From: Andrew Boie +Date: Mon, 11 Nov 2013 17:29:06 -0800 +Subject: [PATCH 09/74] shim: improve error messages + +%r when used in Print() will show a string representation of +an EFI_STATUS code. + +Change-Id: I6db47f5213454603bd66177aca378ad01e9f0bd4 +Signed-off-by: Andrew Boie +--- + shim.c | 38 +++++++++++++++++++------------------- + 1 file changed, 19 insertions(+), 19 deletions(-) + +diff --git a/shim.c b/shim.c +index a043779..9ae1936 100644 +--- a/shim.c ++++ b/shim.c +@@ -914,7 +914,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + */ + efi_status = read_header(data, datasize, &context); + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to read header\n"); ++ Print(L"Failed to read header: %r\n", efi_status); + return efi_status; + } + +@@ -981,7 +981,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + efi_status = relocate_coff(&context, buffer); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Relocation failed\n"); ++ Print(L"Relocation failed: %r\n", efi_status); + FreePool(buffer); + return efi_status; + } +@@ -1022,7 +1022,7 @@ should_use_fallback(EFI_HANDLE image_handle) + rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, + &loaded_image_protocol, (void **)&li); + if (EFI_ERROR(rc)) { +- Print(L"Could not get image for bootx64.efi: %d\n", rc); ++ Print(L"Could not get image for bootx64.efi: %r\n", rc); + return 0; + } + +@@ -1044,13 +1044,13 @@ should_use_fallback(EFI_HANDLE image_handle) + rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle, + &FileSystemProtocol, (void **)&fio); + if (EFI_ERROR(rc)) { +- Print(L"Could not get fio for li->DeviceHandle: %d\n", rc); ++ Print(L"Could not get fio for li->DeviceHandle: %r\n", rc); + return 0; + } + + rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh); + if (EFI_ERROR(rc)) { +- Print(L"Could not open fio volume: %d\n", rc); ++ Print(L"Could not open fio volume: %r\n", rc); + return 0; + } + +@@ -1172,14 +1172,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + (void **)&drive); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to find fs\n"); ++ Print(L"Failed to find fs: %r\n", efi_status); + goto error; + } + + efi_status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to open fs\n"); ++ Print(L"Failed to open fs: %r\n", efi_status); + goto error; + } + +@@ -1190,7 +1190,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + EFI_FILE_MODE_READ, 0); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to open %s - %lx\n", PathName, efi_status); ++ Print(L"Failed to open %s - %r\n", PathName, efi_status); + goto error; + } + +@@ -1223,7 +1223,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + } + + if (efi_status != EFI_SUCCESS) { +- Print(L"Unable to get file info\n"); ++ Print(L"Unable to get file info: %r\n", efi_status); + goto error; + } + +@@ -1251,7 +1251,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + } + + if (efi_status != EFI_SUCCESS) { +- Print(L"Unexpected return from initial read: %x, buffersize %x\n", efi_status, buffersize); ++ Print(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize); + goto error; + } + +@@ -1328,20 +1328,20 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + efi_status = generate_path(li, ImagePath, &path, &PathName); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Unable to generate path: %s\n", ImagePath); ++ Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status); + goto done; + } + + if (findNetboot(image_handle)) { + efi_status = parseNetbootinfo(image_handle); + if (efi_status != EFI_SUCCESS) { +- Print(L"Netboot parsing failed: %d\n", efi_status); ++ Print(L"Netboot parsing failed: %r\n", efi_status); + return EFI_PROTOCOL_ERROR; + } + efi_status = FetchNetbootimage(image_handle, &sourcebuffer, + &sourcesize); + if (efi_status != EFI_SUCCESS) { +- Print(L"Unable to fetch TFTP image\n"); ++ Print(L"Unable to fetch TFTP image: %r\n", efi_status); + return efi_status; + } + data = sourcebuffer; +@@ -1353,7 +1353,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + efi_status = load_image(li, &data, &datasize, PathName); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to load image\n"); ++ Print(L"Failed to load image %s: %r\n", PathName, efi_status); + goto done; + } + } +@@ -1370,7 +1370,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + efi_status = handle_image(data, datasize, li); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to load image\n"); ++ Print(L"Failed to load image: %r\n", efi_status); + CopyMem(li, &li_bak, sizeof(li_bak)); + goto done; + } +@@ -1473,7 +1473,7 @@ EFI_STATUS mirror_mok_list() + | EFI_VARIABLE_RUNTIME_ACCESS, + FullDataSize, FullData); + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to set MokListRT %d\n", efi_status); ++ Print(L"Failed to set MokListRT: %r\n", efi_status); + } + + return efi_status; +@@ -1514,7 +1514,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) + efi_status = start_image(image_handle, MOK_MANAGER); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to start MokManager\n"); ++ Print(L"Failed to start MokManager: %r\n", efi_status); + return efi_status; + } + } +@@ -1621,7 +1621,7 @@ static EFI_STATUS mok_ignore_db() + | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, (void *)&Data); + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to set MokIgnoreDB %d\n", efi_status); ++ Print(L"Failed to set MokIgnoreDB: %r\n", efi_status); + } + } + +@@ -1648,7 +1648,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) + status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, + &LoadedImageProtocol, (void **) &li); + if (status != EFI_SUCCESS) { +- Print (L"Failed to get load options\n"); ++ Print (L"Failed to get load options: %r\n", status); + return status; + } + +-- +1.9.3 + diff --git a/SOURCES/0010-Clarify-meaning-of-insecure_mode.patch b/SOURCES/0010-Clarify-meaning-of-insecure_mode.patch new file mode 100644 index 0000000..4807572 --- /dev/null +++ b/SOURCES/0010-Clarify-meaning-of-insecure_mode.patch @@ -0,0 +1,99 @@ +From d95b24bd02cf41cca9adebd95f10609d6424d2b3 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Tue, 19 Nov 2013 10:09:13 -0500 +Subject: [PATCH 10/74] Clarify meaning of insecure_mode + +insecure_mode was intended to indicate that the user had explicity disabled +checks with mokutil, which means it wasn't the opposite of secure_mode(). +Change the names to clarify this and don't show the insecure mode message +unless the user has explicitly enabled that mode. + +Signed-off-by: Matthew Garrett +--- + replacements.c | 6 ------ + shim.c | 12 ++++++------ + 2 files changed, 6 insertions(+), 12 deletions(-) + +diff --git a/replacements.c b/replacements.c +index bac5e5d..5ea5c32 100644 +--- a/replacements.c ++++ b/replacements.c +@@ -64,13 +64,9 @@ static typeof(systab->BootServices->StartImage) system_start_image; + static typeof(systab->BootServices->Exit) system_exit; + static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services; + +-extern UINT8 insecure_mode; +- + void + unhook_system_services(void) + { +- if (insecure_mode) +- return; + systab->BootServices->Exit = system_exit; + systab->BootServices->StartImage = system_start_image; + systab->BootServices->ExitBootServices = system_exit_boot_services; +@@ -123,8 +119,6 @@ exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, + void + hook_system_services(EFI_SYSTEM_TABLE *local_systab) + { +- if (insecure_mode) +- return; + systab = local_systab; + + /* We need to hook various calls to make this work... */ +diff --git a/shim.c b/shim.c +index 9ae1936..524f5fc 100644 +--- a/shim.c ++++ b/shim.c +@@ -85,7 +85,7 @@ int loader_is_participating; + + #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }} + +-UINT8 insecure_mode; ++UINT8 user_insecure_mode; + UINT8 ignore_db; + + typedef enum { +@@ -456,7 +456,7 @@ static BOOLEAN secure_mode (void) + UINT8 *Data; + UINT8 sb, setupmode; + +- if (insecure_mode) ++ if (user_insecure_mode) + return FALSE; + + status = get_variable(L"SecureBoot", &Data, &len, global_var); +@@ -1534,7 +1534,7 @@ static EFI_STATUS check_mok_sb (void) + UINTN MokSBStateSize = 0; + UINT32 attributes; + +- insecure_mode = 0; ++ user_insecure_mode = 0; + ignore_db = 0; + + status = get_variable_attr(L"MokSBState", &MokSBState, &MokSBStateSize, +@@ -1555,7 +1555,7 @@ static EFI_STATUS check_mok_sb (void) + status = EFI_ACCESS_DENIED; + } else { + if (*(UINT8 *)MokSBState == 1) { +- insecure_mode = 1; ++ user_insecure_mode = 1; + } + } + +@@ -1753,10 +1753,10 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) + /* + * Tell the user that we're in insecure mode if necessary + */ +- if (!secure_mode()) { ++ if (user_insecure_mode) { + Print(L"Booting in insecure mode\n"); + uefi_call_wrapper(BS->Stall, 1, 2000000); +- } else { ++ } else if (secure_mode()) { + /* + * Install our hooks for ExitBootServices() and StartImage() + */ +-- +1.9.3 + diff --git a/SOURCES/0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch b/SOURCES/0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch new file mode 100644 index 0000000..11b612d --- /dev/null +++ b/SOURCES/0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch @@ -0,0 +1,42 @@ +From 8b48ec5c70cd97d37f48581a4eab8139c1a95a1f Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Tue, 19 Nov 2013 10:15:55 -0500 +Subject: [PATCH 11/74] Don't hook system services if shim has no built-in keys + +Shim should only need to enforce its security policy when its launching +binaries signed with its built-in key. Binaries signed by keys in db or +Mokdb should be able to rely on their own security policy. + +Signed-off-by: Matthew Garrett +--- + shim.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/shim.c b/shim.c +index 524f5fc..cf93d65 100644 +--- a/shim.c ++++ b/shim.c +@@ -1757,11 +1757,15 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) + Print(L"Booting in insecure mode\n"); + uefi_call_wrapper(BS->Stall, 1, 2000000); + } else if (secure_mode()) { +- /* +- * Install our hooks for ExitBootServices() and StartImage() +- */ +- hook_system_services(systab); +- loader_is_participating = 0; ++ if (vendor_cert_size || vendor_dbx_size) { ++ /* ++ * If shim includes its own certificates then ensure ++ * that anything it boots has performed some ++ * validation of the next image. ++ */ ++ hook_system_services(systab); ++ loader_is_participating = 0; ++ } + } + + /* +-- +1.9.3 + diff --git a/SOURCES/0012-Fix-path-generation-for-Dhcpv4-bootloader.patch b/SOURCES/0012-Fix-path-generation-for-Dhcpv4-bootloader.patch new file mode 100644 index 0000000..9a19d58 --- /dev/null +++ b/SOURCES/0012-Fix-path-generation-for-Dhcpv4-bootloader.patch @@ -0,0 +1,124 @@ +From e62b69a5b0b87c6df7a4fc23906134945309e927 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 20 Nov 2013 12:20:23 -0500 +Subject: [PATCH 12/74] Fix path generation for Dhcpv4 bootloader. + +Right now we always look for e.g. "\grubx64.efi", which is completely +wrong. This makes it look for the path shim was loaded from and modify +that to end in a sanitized version of our default loader name. + +Resolves: rhbz#1032583 + +Signed-off-by: Peter Jones +--- + include/str.h | 45 +++++++++++++++++++++++++++++++++++++++++++++ + netboot.c | 28 +++++++++++++++++++++------- + 2 files changed, 66 insertions(+), 7 deletions(-) + create mode 100644 include/str.h + +diff --git a/include/str.h b/include/str.h +new file mode 100644 +index 0000000..0f3e003 +--- /dev/null ++++ b/include/str.h +@@ -0,0 +1,45 @@ ++#ifndef SHIM_STR_H ++#define SHIM_STR_H ++ ++static inline ++__attribute__((unused)) ++unsigned long strnlena(const CHAR8 *s, unsigned long n) ++{ ++ unsigned long i; ++ for (i = 0; i <= n; i++) ++ if (s[i] == '\0') ++ break; ++ return i; ++} ++ ++static inline ++__attribute__((unused)) ++CHAR8 * ++strncpya(CHAR8 *dest, const CHAR8 *src, unsigned long n) ++{ ++ unsigned long i; ++ ++ for (i = 0; i < n && src[i] != '\0'; i++) ++ dest[i] = src[i]; ++ for (; i < n; i++) ++ dest[i] = '\0'; ++ ++ return dest; ++} ++ ++static inline ++__attribute__((unused)) ++CHAR8 * ++strcata(CHAR8 *dest, const CHAR8 *src) ++{ ++ unsigned long dest_len = strlena(dest); ++ unsigned long i; ++ ++ for (i = 0; src[i] != '\0'; i++) ++ dest[dest_len + i] = src[i]; ++ dest[dest_len + i] = '\0'; ++ ++ return dest; ++} ++ ++#endif /* SHIM_STR_H */ +diff --git a/netboot.c b/netboot.c +index a83c82a..1732dc7 100644 +--- a/netboot.c ++++ b/netboot.c +@@ -38,6 +38,7 @@ + #include + #include "shim.h" + #include "netboot.h" ++#include "str.h" + + static inline unsigned short int __swap16(unsigned short int x) + { +@@ -305,19 +306,32 @@ static EFI_STATUS parseDhcp6() + + static EFI_STATUS parseDhcp4() + { +- CHAR8 *template = (CHAR8 *)DEFAULT_LOADER_CHAR; +- full_path = AllocateZeroPool(strlen(template)+1); ++ CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR); ++ UINTN template_len = strlen(template) + 1; ++ ++ UINTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127); ++ UINTN i; ++ UINT8 *dir = pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile; ++ ++ for (i = dir_len; i >= 0; i--) { ++ if (dir[i] == '/') ++ break; ++ } ++ dir_len = (i >= 0) ? i + 1 : 0; ++ ++ full_path = AllocateZeroPool(dir_len + template_len); + + if (!full_path) + return EFI_OUT_OF_RESOURCES; + ++ if (dir_len > 0) { ++ strncpya(full_path, dir, dir_len); ++ if (full_path[dir_len-1] == '/' && template[0] == '/') ++ full_path[dir_len-1] = '\0'; ++ } ++ strcata(full_path, template); + memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4); + +- memcpy(full_path, template, strlen(template)); +- +- /* Note we don't capture the filename option here because we know its shim.efi +- * We instead assume the filename at the end of the path is going to be grubx64.efi +- */ + return EFI_SUCCESS; + } + +-- +1.9.3 + diff --git a/SOURCES/0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch b/SOURCES/0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch new file mode 100644 index 0000000..ba79424 --- /dev/null +++ b/SOURCES/0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch @@ -0,0 +1,40 @@ +From 27129a5a05d1947e6f7479766e8281d50d6031f6 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 21 Nov 2013 11:26:08 -0500 +Subject: [PATCH 13/74] Lengths that might be -1 can't be unsigned, Peter. + +Signed-off-by: Peter Jones +--- + netboot.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/netboot.c b/netboot.c +index 1732dc7..07e2773 100644 +--- a/netboot.c ++++ b/netboot.c +@@ -307,10 +307,10 @@ static EFI_STATUS parseDhcp6() + static EFI_STATUS parseDhcp4() + { + CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR); +- UINTN template_len = strlen(template) + 1; ++ INTN template_len = strlen(template) + 1; + +- UINTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127); +- UINTN i; ++ INTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127); ++ INTN i; + UINT8 *dir = pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile; + + for (i = dir_len; i >= 0; i--) { +@@ -329,6 +329,8 @@ static EFI_STATUS parseDhcp4() + if (full_path[dir_len-1] == '/' && template[0] == '/') + full_path[dir_len-1] = '\0'; + } ++ if (dir_len == 0 && dir[0] != '/' && template[0] == '/') ++ template++; + strcata(full_path, template); + memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4); + +-- +1.9.3 + diff --git a/SOURCES/0014-Fix-wrong-sizeof.patch b/SOURCES/0014-Fix-wrong-sizeof.patch new file mode 100644 index 0000000..cc8bd29 --- /dev/null +++ b/SOURCES/0014-Fix-wrong-sizeof.patch @@ -0,0 +1,30 @@ +From af25679e166da9bd32a0ed7fbf67a408dda7f71a Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 15 Nov 2013 09:21:53 -0500 +Subject: [PATCH 14/74] Fix wrong sizeof(). + +CHAR16* vs CHAR16**, so the result is the same on all platforms. + +Detected by coverity. + +Signed-off-by: Peter Jones +--- + lib/shell.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/shell.c b/lib/shell.c +index 51de4e0..7337834 100644 +--- a/lib/shell.c ++++ b/lib/shell.c +@@ -35,7 +35,7 @@ argsplit(EFI_HANDLE image, int *argc, CHAR16*** ARGV) + + (*argc)++; /* we counted spaces, so add one for initial */ + +- *ARGV = AllocatePool(*argc * sizeof(*ARGV)); ++ *ARGV = AllocatePool(*argc * sizeof(**ARGV)); + if (!*ARGV) { + return EFI_OUT_OF_RESOURCES; + } +-- +1.9.3 + diff --git a/SOURCES/0015-Initialize-entries-before-we-pass-it-to-another-func.patch b/SOURCES/0015-Initialize-entries-before-we-pass-it-to-another-func.patch new file mode 100644 index 0000000..0249be8 --- /dev/null +++ b/SOURCES/0015-Initialize-entries-before-we-pass-it-to-another-func.patch @@ -0,0 +1,30 @@ +From 4dbef508ab6359e8ca14df53b83f970bdeec17ba Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 15 Nov 2013 09:24:01 -0500 +Subject: [PATCH 15/74] Initialize entries before we pass it to another + function. + +Coverity scan noticed that entries is uninitialized when we pass its +location to another function. + +Signed-off-by: Peter Jones +--- + lib/simple_file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/simple_file.c b/lib/simple_file.c +index 3af0ec8..d345d87 100644 +--- a/lib/simple_file.c ++++ b/lib/simple_file.c +@@ -415,7 +415,7 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name, + CHAR16 *filter, CHAR16 **result) + { + EFI_STATUS status; +- CHAR16 **entries; ++ CHAR16 **entries = NULL; + EFI_FILE_INFO *dmp; + int count, select, len; + CHAR16 *newname, *selected; +-- +1.9.3 + diff --git a/SOURCES/0016-Rewrite-directory-traversal-allocation-path-so-cover.patch b/SOURCES/0016-Rewrite-directory-traversal-allocation-path-so-cover.patch new file mode 100644 index 0000000..c373474 --- /dev/null +++ b/SOURCES/0016-Rewrite-directory-traversal-allocation-path-so-cover.patch @@ -0,0 +1,63 @@ +From 3a7feeff6cdb3b96a1ef2ccff8c150e2324d50a9 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 15 Nov 2013 09:38:41 -0500 +Subject: [PATCH 16/74] Rewrite directory traversal allocation path so coverity + can grok it. + +The things we do for our tools. In this case, make the AllocatePool() +happen outside of a conditional, even though that conditional will +always bee satisfied. This way coverity won't think we're setting fi +to NULL and passing it to StrCaseCmp. + +Signed-off-by: Peter Jones +--- + fallback.c | 21 ++++++++++++++------- + 1 file changed, 14 insertions(+), 7 deletions(-) + +diff --git a/fallback.c b/fallback.c +index c875144..ba864ee 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -445,25 +445,32 @@ find_boot_csv(EFI_FILE_HANDLE fh, CHAR16 *dirname) + return EFI_SUCCESS; + } + FreePool(buffer); ++ buffer = NULL; + + bs = 0; + do { + bs = 0; + rc = uefi_call_wrapper(fh->Read, 3, fh, &bs, NULL); +- if (rc == EFI_BUFFER_TOO_SMALL) { +- buffer = AllocateZeroPool(bs); +- if (!buffer) { +- Print(L"Could not allocate memory\n"); +- return EFI_OUT_OF_RESOURCES; +- } ++ if (EFI_ERROR(rc) && rc != EFI_BUFFER_TOO_SMALL) { ++ Print(L"Could not read \\EFI\\%s\\: %d\n", dirname, rc); ++ if (buffer) ++ FreePool(buffer); ++ return rc; ++ } + +- rc = uefi_call_wrapper(fh->Read, 3, fh, &bs, buffer); ++ buffer = AllocateZeroPool(bs); ++ if (!buffer) { ++ Print(L"Could not allocate memory\n"); ++ return EFI_OUT_OF_RESOURCES; + } ++ ++ rc = uefi_call_wrapper(fh->Read, 3, fh, &bs, buffer); + if (EFI_ERROR(rc)) { + Print(L"Could not read \\EFI\\%s\\: %d\n", dirname, rc); + FreePool(buffer); + return rc; + } ++ + if (bs == 0) + break; + +-- +1.9.3 + diff --git a/SOURCES/0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch b/SOURCES/0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch new file mode 100644 index 0000000..4e6ca54 --- /dev/null +++ b/SOURCES/0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch @@ -0,0 +1,27 @@ +From 293f28d1fe3921c5348c60948b4dedcef5042d5b Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 15 Nov 2013 10:55:37 -0500 +Subject: [PATCH 17/74] Error check the right thing in get_variable_attr() when + allocating. + +Signed-off-by: Peter Jones +--- + lib/variables.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/variables.c b/lib/variables.c +index 81bd34d..3a9735e 100644 +--- a/lib/variables.c ++++ b/lib/variables.c +@@ -224,7 +224,7 @@ get_variable_attr(CHAR16 *var, UINT8 **data, UINTN *len, EFI_GUID owner, + return efi_status; + + *data = AllocateZeroPool(*len); +- if (!data) ++ if (!*data) + return EFI_OUT_OF_RESOURCES; + + efi_status = uefi_call_wrapper(RT->GetVariable, 5, var, &owner, +-- +1.9.3 + diff --git a/SOURCES/0018-fallback-For-HD-device-paths-use-just-the-media-node.patch b/SOURCES/0018-fallback-For-HD-device-paths-use-just-the-media-node.patch new file mode 100644 index 0000000..dd329ba --- /dev/null +++ b/SOURCES/0018-fallback-For-HD-device-paths-use-just-the-media-node.patch @@ -0,0 +1,219 @@ +From dfd6c73a212f8cf6b32ce74807de9a08a87f0b79 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 31 Jan 2014 10:30:24 -0500 +Subject: [PATCH 18/74] [fallback] For HD() device paths, use just the media + node and later. + +UEFI 2.x section 3.1.2 provides for "short-form device path", where the +first element specified is a "hard drive media device path", so that you +can move a disk around on different buses without invalidating your +device path. Fallback has not been using this option, though in most +cases efibootmgr has. + +Note that we still keep the full device path, because LoadImage() +isn't necessarily the layer where HD() works - one some systems BDS is +responsible for resolving the full path and passes that to LoadImage() +instead. So we have to do LoadImage() with the full path. +--- + fallback.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++--------------- + 1 file changed, 78 insertions(+), 25 deletions(-) + +diff --git a/fallback.c b/fallback.c +index ba864ee..a12bb74 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -15,6 +15,27 @@ + EFI_LOADED_IMAGE *this_image = NULL; + + static EFI_STATUS ++FindSubDevicePath(EFI_DEVICE_PATH *In, UINT8 Type, UINT8 SubType, ++ EFI_DEVICE_PATH **Out) ++{ ++ EFI_DEVICE_PATH *dp = In; ++ if (!In || !Out) ++ return EFI_INVALID_PARAMETER; ++ ++ for (dp = In; !IsDevicePathEnd(dp); dp = NextDevicePathNode(dp)) { ++ if (DevicePathType(dp) == Type && ++ DevicePathSubType(dp) == SubType) { ++ *Out = DuplicateDevicePath(dp); ++ if (!*Out) ++ return EFI_OUT_OF_RESOURCES; ++ return EFI_SUCCESS; ++ } ++ } ++ *Out = NULL; ++ return EFI_NOT_FOUND; ++} ++ ++static EFI_STATUS + get_file_size(EFI_FILE_HANDLE fh, UINTN *retsize) + { + EFI_STATUS rc; +@@ -93,7 +114,9 @@ make_full_path(CHAR16 *dirname, CHAR16 *filename, CHAR16 **out, UINT64 *outlen) + { + UINT64 len; + +- len = StrLen(dirname) + StrLen(filename) + StrLen(L"\\EFI\\\\") + 2; ++ len = StrLen(L"\\EFI\\") + StrLen(dirname) ++ + StrLen(L"\\") + StrLen(filename) ++ + 2; + + CHAR16 *fullpath = AllocateZeroPool(len*sizeof(CHAR16)); + if (!fullpath) { +@@ -119,7 +142,8 @@ VOID *first_new_option_args = NULL; + UINTN first_new_option_size = 0; + + EFI_STATUS +-add_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, CHAR16 *arguments) ++add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, ++ CHAR16 *filename, CHAR16 *label, CHAR16 *arguments) + { + static int i = 0; + CHAR16 varname[] = L"Boot0000"; +@@ -136,24 +160,31 @@ add_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, CHAR16 *ar + void *var = LibGetVariable(varname, &global); + if (!var) { + int size = sizeof(UINT32) + sizeof (UINT16) + +- StrLen(label)*2 + 2 + DevicePathSize(dp) + +- StrLen(arguments) * 2 + 2; ++ StrLen(label)*2 + 2 + DevicePathSize(hddp) + ++ StrLen(arguments) * 2; + + CHAR8 *data = AllocateZeroPool(size); + CHAR8 *cursor = data; + *(UINT32 *)cursor = LOAD_OPTION_ACTIVE; + cursor += sizeof (UINT32); +- *(UINT16 *)cursor = DevicePathSize(dp); ++ *(UINT16 *)cursor = DevicePathSize(hddp); + cursor += sizeof (UINT16); + StrCpy((CHAR16 *)cursor, label); + cursor += StrLen(label)*2 + 2; +- CopyMem(cursor, dp, DevicePathSize(dp)); +- cursor += DevicePathSize(dp); ++ CopyMem(cursor, hddp, DevicePathSize(hddp)); ++ cursor += DevicePathSize(hddp); + StrCpy((CHAR16 *)cursor, arguments); + + Print(L"Creating boot entry \"%s\" with label \"%s\" " + L"for file \"%s\"\n", + varname, label, filename); ++ ++ if (!first_new_option) { ++ first_new_option = DuplicateDevicePath(fulldp); ++ first_new_option_args = arguments; ++ first_new_option_size = StrLen(arguments) * sizeof (CHAR16); ++ } ++ + rc = uefi_call_wrapper(RT->SetVariable, 5, varname, + &global, EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | +@@ -254,7 +285,10 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * + if (EFI_ERROR(rc)) + return rc; + +- EFI_DEVICE_PATH *dph = NULL, *dpf = NULL, *dp = NULL; ++ EFI_DEVICE_PATH *dph = NULL; ++ EFI_DEVICE_PATH *file = NULL; ++ EFI_DEVICE_PATH *full_device_path = NULL; ++ EFI_DEVICE_PATH *dp = NULL; + + dph = DevicePathFromHandle(this_image->DeviceHandle); + if (!dph) { +@@ -262,19 +296,31 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * + goto err; + } + +- dpf = FileDevicePath(fh, fullpath); +- if (!dpf) { ++ file = FileDevicePath(fh, fullpath); ++ if (!file) { + rc = EFI_OUT_OF_RESOURCES; + goto err; + } + +- dp = AppendDevicePath(dph, dpf); +- if (!dp) { ++ full_device_path = AppendDevicePath(dph, file); ++ if (!full_device_path) { + rc = EFI_OUT_OF_RESOURCES; + goto err; + } + ++ rc = FindSubDevicePath(full_device_path, ++ MEDIA_DEVICE_PATH, MEDIA_HARDDRIVE_DP, &dp); ++ if (EFI_ERROR(rc)) { ++ if (rc == EFI_NOT_FOUND) { ++ dp = full_device_path; ++ } else { ++ rc = EFI_OUT_OF_RESOURCES; ++ goto err; ++ } ++ } ++ + #ifdef DEBUG_FALLBACK ++ { + UINTN s = DevicePathSize(dp); + int i; + UINT8 *dpv = (void *)dp; +@@ -287,20 +333,16 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * + + CHAR16 *dps = DevicePathToStr(dp); + Print(L"device path: \"%s\"\n", dps); +-#endif +- if (!first_new_option) { +- CHAR16 *dps = DevicePathToStr(dp); +- Print(L"device path: \"%s\"\n", dps); +- first_new_option = DuplicateDevicePath(dp); +- first_new_option_args = arguments; +- first_new_option_size = StrLen(arguments) * sizeof (CHAR16); + } ++#endif + +- add_boot_option(dp, fullpath, label, arguments); ++ add_boot_option(dp, full_device_path, fullpath, label, arguments); + + err: +- if (dpf) +- FreePool(dpf); ++ if (file) ++ FreePool(file); ++ if (full_device_path) ++ FreePool(full_device_path); + if (dp) + FreePool(dp); + if (fullpath) +@@ -629,8 +671,19 @@ try_start_first_option(EFI_HANDLE parent_image_handle) + first_new_option, NULL, 0, + &image_handle); + if (EFI_ERROR(rc)) { +- Print(L"LoadImage failed: %d\n", rc); +- uefi_call_wrapper(BS->Stall, 1, 2000000); ++ CHAR16 *dps = DevicePathToStr(first_new_option); ++ UINTN s = DevicePathSize(first_new_option); ++ int i; ++ UINT8 *dpv = (void *)first_new_option; ++ Print(L"LoadImage failed: %d\nDevice path: \"%s\"\n", rc, dps); ++ for (i = 0; i < s; i++) { ++ if (i > 0 && i % 16 == 0) ++ Print(L"\n"); ++ Print(L"%02x ", dpv[i]); ++ } ++ Print(L"\n"); ++ ++ uefi_call_wrapper(BS->Stall, 1, 500000000); + return rc; + } + +@@ -644,7 +697,7 @@ try_start_first_option(EFI_HANDLE parent_image_handle) + rc = uefi_call_wrapper(BS->StartImage, 3, image_handle, NULL, NULL); + if (EFI_ERROR(rc)) { + Print(L"StartImage failed: %d\n", rc); +- uefi_call_wrapper(BS->Stall, 1, 2000000); ++ uefi_call_wrapper(BS->Stall, 1, 500000000); + } + return rc; + } +-- +1.9.3 + diff --git a/SOURCES/0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch b/SOURCES/0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch new file mode 100644 index 0000000..6828caf --- /dev/null +++ b/SOURCES/0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch @@ -0,0 +1,147 @@ +From 894a2738d6c843a7b51245fb92bb2f835901e613 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 31 Jan 2014 10:31:10 -0500 +Subject: [PATCH 19/74] [fallback] Attempt to re-use existing entries when + possible. + +Some firmwares seem to ignore our boot entries and put their fallback +entries back on top. Right now that results in a lot of boot entries +for our stuff, a la https://bugzilla.redhat.com/show_bug.cgi?id=995834 . + +Instead of that happening, if we simply find existing entries that match +the entry we would create and move them to the top of the boot order, +the machine will continue to operate in failure mode (which we can't +avoid), but at least we won't create thousands of extra entries. + +Signed-off-by: Peter Jones +--- + fallback.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 98 insertions(+), 1 deletion(-) + +diff --git a/fallback.c b/fallback.c +index a12bb74..44638ec 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -226,6 +226,85 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, + } + + EFI_STATUS ++find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, ++ CHAR16 *arguments, UINT16 *optnum) ++{ ++ int size = sizeof(UINT32) + sizeof (UINT16) + ++ StrLen(label)*2 + 2 + DevicePathSize(dp) + ++ StrLen(arguments) * 2 + 2; ++ ++ CHAR8 *data = AllocateZeroPool(size); ++ if (!data) ++ return EFI_OUT_OF_RESOURCES; ++ CHAR8 *cursor = data; ++ *(UINT32 *)cursor = LOAD_OPTION_ACTIVE; ++ cursor += sizeof (UINT32); ++ *(UINT16 *)cursor = DevicePathSize(dp); ++ cursor += sizeof (UINT16); ++ StrCpy((CHAR16 *)cursor, label); ++ cursor += StrLen(label)*2 + 2; ++ CopyMem(cursor, dp, DevicePathSize(dp)); ++ cursor += DevicePathSize(dp); ++ StrCpy((CHAR16 *)cursor, arguments); ++ ++ int i = 0; ++ CHAR16 varname[] = L"Boot0000"; ++ CHAR16 hexmap[] = L"0123456789ABCDEF"; ++ EFI_GUID global = EFI_GLOBAL_VARIABLE; ++ EFI_STATUS rc; ++ ++ CHAR8 *candidate = AllocateZeroPool(size); ++ if (!candidate) { ++ FreePool(data); ++ return EFI_OUT_OF_RESOURCES; ++ } ++ ++ for(i = 0; i < nbootorder && i < 0x10000; i++) { ++ varname[4] = hexmap[(bootorder[i] & 0xf000) >> 12]; ++ varname[5] = hexmap[(bootorder[i] & 0x0f00) >> 8]; ++ varname[6] = hexmap[(bootorder[i] & 0x00f0) >> 4]; ++ varname[7] = hexmap[(bootorder[i] & 0x000f) >> 0]; ++ ++ UINTN candidate_size = size; ++ rc = uefi_call_wrapper(RT->GetVariable, 5, varname, &global, ++ NULL, &candidate_size, candidate); ++ if (EFI_ERROR(rc)) ++ continue; ++ ++ if (candidate_size != size) ++ continue; ++ ++ if (CompareMem(candidate, data, size)) ++ continue; ++ ++ /* at this point, we have duplicate data. */ ++ *optnum = i; ++ FreePool(candidate); ++ FreePool(data); ++ return EFI_SUCCESS; ++ } ++ FreePool(candidate); ++ FreePool(data); ++ return EFI_NOT_FOUND; ++} ++ ++EFI_STATUS ++set_boot_order(void) ++{ ++ CHAR16 *oldbootorder; ++ UINTN size; ++ EFI_GUID global = EFI_GLOBAL_VARIABLE; ++ ++ oldbootorder = LibGetVariableAndSize(L"BootOrder", &global, &size); ++ if (oldbootorder) { ++ nbootorder = size / sizeof (CHAR16); ++ bootorder = oldbootorder; ++ } ++ return EFI_SUCCESS; ++ ++} ++ ++EFI_STATUS + update_boot_order(void) + { + CHAR16 *oldbootorder; +@@ -336,7 +415,23 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * + } + #endif + +- add_boot_option(dp, full_device_path, fullpath, label, arguments); ++ UINT16 option; ++ rc = find_boot_option(dp, fullpath, label, arguments, &option); ++ if (EFI_ERROR(rc)) { ++ add_boot_option(dp, full_device_path, fullpath, label, arguments); ++ } else if (option != 0) { ++ CHAR16 *newbootorder; ++ newbootorder = AllocateZeroPool(sizeof (CHAR16) * nbootorder); ++ if (!newbootorder) ++ return EFI_OUT_OF_RESOURCES; ++ ++ newbootorder[0] = bootorder[option]; ++ CopyMem(newbootorder + 1, bootorder, sizeof (CHAR16) * option); ++ CopyMem(newbootorder + option + 1, bootorder + option + 1, ++ sizeof (CHAR16) * (nbootorder - option - 1)); ++ FreePool(bootorder); ++ bootorder = newbootorder; ++ } + + err: + if (file) +@@ -717,6 +812,8 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) + + Print(L"System BootOrder not found. Initializing defaults.\n"); + ++ set_boot_order(); ++ + rc = find_boot_options(this_image->DeviceHandle); + if (EFI_ERROR(rc)) { + Print(L"Error: could not find boot options: %d\n", rc); +-- +1.9.3 + diff --git a/SOURCES/0020-Add-a-preliminary-test-plan.patch b/SOURCES/0020-Add-a-preliminary-test-plan.patch new file mode 100644 index 0000000..b1c5da4 --- /dev/null +++ b/SOURCES/0020-Add-a-preliminary-test-plan.patch @@ -0,0 +1,104 @@ +From ac356a0e7723662d0a83ca3991088ce346495772 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 14 Feb 2014 14:06:45 -0500 +Subject: [PATCH 20/74] Add a preliminary test plan. + +Because you know you wanted a test plan. You feel it deeply inside. + +Note that none of the /negative/ cases are tested yet. + +Signed-off-by: Peter Jones +--- + testplan.txt | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 80 insertions(+) + create mode 100644 testplan.txt + +diff --git a/testplan.txt b/testplan.txt +new file mode 100644 +index 0000000..118dfcd +--- /dev/null ++++ b/testplan.txt +@@ -0,0 +1,80 @@ ++How to test a new shim build for RHEL/fedora: ++ ++1) build pesign-test-app, and sign it with the appropriate key ++2) build shim with the appropriate key built in ++3) install pesign-test-app and shim-unsigned on the test machine ++4) make a lockdown.efi for "Red Hat Test Certificate" and put it in \EFI\test ++ mkdir /boot/efi/EFI/test/ ++ wget http://pjones.fedorapeople.org/shim/LockDown-rhtest.efi ++ mv LockDown-rhtest.efi /boot/efi/EFI/test/lockdown.efi ++5) sign shim with RHTC and put it in \EFI\test: ++ pesign -i /usr/share/shim/shim.efi -o /boot/efi/EFI/test/shim.efi \ ++ -s -c "Red Hat Test Certificate" ++6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi ++ cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \ ++ /boot/efi/EFI/test/test.efi ++7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\: ++ pesign -i /boot/efi/EFI/redhat/grubx64.efi -o grubx64-unsigned.efi \ ++ -r -u 0 ++ pesign -i grubx64-unsigned.efi -o /boot/efi/EFI/test/grub.efi \ ++ -s -c "Red Hat Test Certificate" ++8) sign a copy of mokmanager with RHTC and put it in \EFI\test: ++ pesign -i /usr/share/shim/MokManager.efi \ ++ -o /boot/efi/EFI/test/MokManager.efi -s \ ++ -c "Red Hat Test Certificate" ++9) copy grub.cfg to our test directory: ++ cp /boot/efi/EFI/redhat/grub.cfg /boot/efi/EFI/test/grub.cfg ++10) *move* \EFI\redhat\BOOT.CSV to \EFI\test ++ mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV ++11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi ++ rm -rf /boot/efi/EFI/BOOT/ ++ mkdir /boot/efi/EFI/BOOT/ ++ pesign -i /usr/share/shim/fallback.efi \ ++ -o /boot/efi/EFI/BOOT/fallback.efi \ ++ -s -c "Red Hat Test Certificate" ++12) put shim.efi there as well ++ cp /boot/efi/EFI/test/shim.efi /boot/efi/EFI/BOOT/BOOTX64.EFI ++13) enroll the current kernel's certificate with mokutil: ++ mokutil --import ~/redhatsecurebootca2.cer ++14) put machine in setup mode ++15) boot to the UEFI shell ++16) run lockdown.efi from #4: ++ fs0:\EFI\test\lockdown.efi ++17) enable secure boot verification ++18) verify it can't run other binaries: ++ fs0:\EFI\redhat\grubx64.efi ++ result should be an error, probably similar to: ++ "fs0:\...\grubx64.efi is not recognized as an internal or external command" ++19) copy test.efi to grubx64.efi: ++ cp \EFI\test\test.efi \EFI\test\grubx64.efi ++20) in the EFI shell, run fs0:\EFI\test\shim.efi ++21) you should see MokManager. Enroll the certificate you added in #13, and ++ the system will reboot. ++22) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi ++ result: "This is a test application that should be completely safe." ++ If you get the expected result, shim can run things signed by its internal ++ key ring. Check a box someplace that says it can do that. ++23) from the EFI shell, copy grub to grubx64.efi: ++ cp \EFI\test\grubx.efi \EFI\test\grubx64.efi ++24) in the EFI shell, run fs0:\EFI\test\shim.efi ++ result: this should start grub, which will let you boot a kernel ++ If grub starts, it means shim can run things signed by a key in the system's ++ db. Check a box someplace that says it can do that. ++ If the kernel boots, it means shim can run things from Mok. Check a box ++ someplace that says it can do that. ++25) remove all boot entries and the BootOrder variable: ++ [root@uefi ~]# cd /sys/firmware/efi/efivars/ ++ [root@uefi efivars]# rm -vf Boot[0123456789]* BootOrder-* ++ removed ‘Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c’ ++ removed ‘Boot0001-8be4df61-93ca-11d2-aa0d-00e098032b8c’ ++ removed ‘Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c’ ++ removed ‘Boot2001-8be4df61-93ca-11d2-aa0d-00e098032b8c’ ++ removed ‘BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c’ ++ [root@uefi efivars]# ++27) reboot ++28) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just ++ have an old machine. In that case, go to the EFI shell and run: ++ fs0:\EFI\BOOT\BOOTX64.EFI ++ If this works, you should see a bit of output very quickly and then the same ++ thing as #24. This means shim recognized it was in \EFI\BOOT and ran ++ fallback.efi, which worked. +-- +1.9.3 + diff --git a/SOURCES/0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch b/SOURCES/0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch new file mode 100644 index 0000000..a4cdb0d --- /dev/null +++ b/SOURCES/0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch @@ -0,0 +1,71 @@ +From a0bb7822bc0745cba1af1c119fb9f7a0e5ec828c Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 14 Feb 2014 14:44:31 -0500 +Subject: [PATCH 21/74] Add a failure case to the test plan and fix an ordering + error. + +Signed-off-by: Peter Jones +--- + testplan.txt | 27 +++++++++++++++++---------- + 1 file changed, 17 insertions(+), 10 deletions(-) + +diff --git a/testplan.txt b/testplan.txt +index 118dfcd..2fbf238 100644 +--- a/testplan.txt ++++ b/testplan.txt +@@ -12,23 +12,26 @@ How to test a new shim build for RHEL/fedora: + -s -c "Red Hat Test Certificate" + 6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi + cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \ +- /boot/efi/EFI/test/test.efi +-7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\: +- pesign -i /boot/efi/EFI/redhat/grubx64.efi -o grubx64-unsigned.efi \ +- -r -u 0 +- pesign -i grubx64-unsigned.efi -o /boot/efi/EFI/test/grub.efi \ +- -s -c "Red Hat Test Certificate" ++ /boot/efi/EFI/test/test.efi ++7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\ . Also ++ leave an unsigned copy there: ++ pesign -i /boot/efi/EFI/redhat/grubx64.efi \ ++ -o /boot/efi/EFI/test/grubx64-unsigned.efi \ ++ -r -u 0 ++ pesign -i /boot/efi/EFI/test/grubx64-unsigned.efi \ ++ -o /boot/efi/EFI/test/grub.efi \ ++ -s -c "Red Hat Test Certificate" + 8) sign a copy of mokmanager with RHTC and put it in \EFI\test: + pesign -i /usr/share/shim/MokManager.efi \ +- -o /boot/efi/EFI/test/MokManager.efi -s \ ++ -o /boot/efi/EFI/test/MokManager.efi -s \ + -c "Red Hat Test Certificate" + 9) copy grub.cfg to our test directory: + cp /boot/efi/EFI/redhat/grub.cfg /boot/efi/EFI/test/grub.cfg + 10) *move* \EFI\redhat\BOOT.CSV to \EFI\test +- mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV +-11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi + rm -rf /boot/efi/EFI/BOOT/ + mkdir /boot/efi/EFI/BOOT/ ++ mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV ++11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi + pesign -i /usr/share/shim/fallback.efi \ + -o /boot/efi/EFI/BOOT/fallback.efi \ + -s -c "Red Hat Test Certificate" +@@ -55,7 +58,7 @@ How to test a new shim build for RHEL/fedora: + If you get the expected result, shim can run things signed by its internal + key ring. Check a box someplace that says it can do that. + 23) from the EFI shell, copy grub to grubx64.efi: +- cp \EFI\test\grubx.efi \EFI\test\grubx64.efi ++ cp \EFI\test\grub.efi \EFI\test\grubx64.efi + 24) in the EFI shell, run fs0:\EFI\test\shim.efi + result: this should start grub, which will let you boot a kernel + If grub starts, it means shim can run things signed by a key in the system's +@@ -78,3 +81,7 @@ How to test a new shim build for RHEL/fedora: + If this works, you should see a bit of output very quickly and then the same + thing as #24. This means shim recognized it was in \EFI\BOOT and ran + fallback.efi, which worked. ++29) copy the unsigned grub into place and reboot: ++ cp /boot/efi/EFI/test/grubx64-unsigned.efi /boot/efi/EFI/test/grubx64.efi ++30) reboot again. ++ result: shim should refuse to load grub. +-- +1.9.3 + diff --git a/SOURCES/0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch b/SOURCES/0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch new file mode 100644 index 0000000..c92e451 --- /dev/null +++ b/SOURCES/0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch @@ -0,0 +1,250 @@ +From 06495f692fa748a553ffbde8bfae2974d8c791c0 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 14 Feb 2014 15:38:25 -0500 +Subject: [PATCH 22/74] Allow fallback to use the system's LoadImage/StartImage + . + +Track use of the system's LoadImage(), and when the next StartImage() +call is for an image the system verified, allow that to count as +participating, since it has been verified by the system's db. + +Signed-off-by: Peter Jones +--- + replacements.c | 68 +++++++++++++++++++++++++++++++++++++++++++++- + replacements.h | 3 +++ + shim.c | 85 +++++++++++++++++++++++++++++++++++----------------------- + 3 files changed, 121 insertions(+), 35 deletions(-) + +diff --git a/replacements.c b/replacements.c +index 5ea5c32..48dc437 100644 +--- a/replacements.c ++++ b/replacements.c +@@ -60,26 +60,82 @@ + + static EFI_SYSTEM_TABLE *systab; + ++static typeof(systab->BootServices->LoadImage) system_load_image; + static typeof(systab->BootServices->StartImage) system_start_image; + static typeof(systab->BootServices->Exit) system_exit; + static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services; + ++static EFI_HANDLE last_loaded_image; ++ + void + unhook_system_services(void) + { + systab->BootServices->Exit = system_exit; ++ systab->BootServices->LoadImage = system_load_image; + systab->BootServices->StartImage = system_start_image; + systab->BootServices->ExitBootServices = system_exit_boot_services; + } + + static EFI_STATUS EFIAPI ++load_image(BOOLEAN BootPolicy, EFI_HANDLE ParentImageHandle, ++ EFI_DEVICE_PATH *DevicePath, VOID *SourceBuffer, ++ UINTN SourceSize, EFI_HANDLE *ImageHandle) ++{ ++ EFI_STATUS status; ++ unhook_system_services(); ++ ++ status = systab->BootServices->LoadImage(BootPolicy, ++ ParentImageHandle, DevicePath, ++ SourceBuffer, SourceSize, ImageHandle); ++ hook_system_services(systab); ++ if (EFI_ERROR(status)) ++ last_loaded_image = NULL; ++ else ++ last_loaded_image = *ImageHandle; ++ return status; ++} ++ ++static EFI_STATUS EFIAPI + start_image(EFI_HANDLE image_handle, UINTN *exit_data_size, CHAR16 **exit_data) + { + EFI_STATUS status; + unhook_system_services(); ++ ++ /* We have to uninstall shim's protocol here, because if we're ++ * On the fallback.efi path, then our call pathway is: ++ * ++ * shim->fallback->shim->grub ++ * ^ ^ ^ ++ * | | \- gets protocol #0 ++ * | \- installs its protocol (#1) ++ * \- installs its protocol (#0) ++ * and if we haven't removed this, then grub will get the *first* ++ * shim's protocol, but it'll get the second shim's systab ++ * replacements. So even though it will participate and verify ++ * the kernel, the systab never finds out. ++ */ ++ if (image_handle == last_loaded_image) { ++ loader_is_participating = 1; ++ uninstall_shim_protocols(); ++ } + status = systab->BootServices->StartImage(image_handle, exit_data_size, exit_data); +- if (EFI_ERROR(status)) ++ if (EFI_ERROR(status)) { ++ if (image_handle == last_loaded_image) { ++ EFI_STATUS status2 = install_shim_protocols(); ++ ++ if (EFI_ERROR(status2)) { ++ Print(L"Something has gone seriously wrong: %d\n", ++ status2); ++ Print(L"shim cannot continue, sorry.\n"); ++ systab->BootServices->Stall(5000000); ++ systab->RuntimeServices->ResetSystem( ++ EfiResetShutdown, ++ EFI_SECURITY_VIOLATION, 0, NULL); ++ } ++ } + hook_system_services(systab); ++ loader_is_participating = 0; ++ } + return status; + } + +@@ -123,6 +179,16 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab) + + /* We need to hook various calls to make this work... */ + ++ /* We need LoadImage() hooked so that fallback.c can load shim ++ * without having to fake LoadImage as well. This allows it ++ * to call the system LoadImage(), and have us track the output ++ * and mark loader_is_participating in start_image. This means ++ * anything added by fallback has to be verified by the system db, ++ * which we want to preserve anyway, since that's all launching ++ * through BDS gives us. */ ++ system_load_image = systab->BootServices->LoadImage; ++ systab->BootServices->LoadImage = load_image; ++ + /* we need StartImage() so that we can allow chain booting to an + * image trusted by the firmware */ + system_start_image = systab->BootServices->StartImage; +diff --git a/replacements.h b/replacements.h +index 5b57bc2..bd09424 100644 +--- a/replacements.h ++++ b/replacements.h +@@ -41,4 +41,7 @@ extern int loader_is_participating; + extern void hook_system_services(EFI_SYSTEM_TABLE *local_systab); + extern void unhook_system_services(void); + ++extern EFI_STATUS install_shim_protocols(void); ++extern void uninstall_shim_protocols(void); ++ + #endif /* SHIM_REPLACEMENTS_H */ +diff --git a/shim.c b/shim.c +index cf93d65..0e18d38 100644 +--- a/shim.c ++++ b/shim.c +@@ -1707,11 +1707,56 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) + return EFI_SUCCESS; + } + +-EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) ++static SHIM_LOCK shim_lock_interface; ++static EFI_HANDLE shim_lock_handle; ++ ++EFI_STATUS ++install_shim_protocols(void) ++{ ++ EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; ++ EFI_STATUS efi_status; ++ /* ++ * Install the protocol ++ */ ++ efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4, ++ &shim_lock_handle, &shim_lock_guid, ++ EFI_NATIVE_INTERFACE, &shim_lock_interface); ++ if (EFI_ERROR(efi_status)) { ++ console_error(L"Could not install security protocol", ++ efi_status); ++ return efi_status; ++ } ++ ++#if defined(OVERRIDE_SECURITY_POLICY) ++ /* ++ * Install the security protocol hook ++ */ ++ security_policy_install(shim_verify); ++#endif ++ ++ return EFI_SUCCESS; ++} ++ ++void ++uninstall_shim_protocols(void) + { + EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; +- static SHIM_LOCK shim_lock_interface; +- EFI_HANDLE handle = NULL; ++#if defined(OVERRIDE_SECURITY_POLICY) ++ /* ++ * Clean up the security protocol hook ++ */ ++ security_policy_uninstall(); ++#endif ++ ++ /* ++ * If we're back here then clean everything up before exiting ++ */ ++ uefi_call_wrapper(BS->UninstallProtocolInterface, 3, shim_lock_handle, ++ &shim_lock_guid, &shim_lock_interface); ++} ++ ++EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) ++{ + EFI_STATUS efi_status; + + verification_method = VERIFIED_BY_NOTHING; +@@ -1768,24 +1813,9 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) + } + } + +- /* +- * Install the protocol +- */ +- efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4, +- &handle, &shim_lock_guid, EFI_NATIVE_INTERFACE, +- &shim_lock_interface); +- if (EFI_ERROR(efi_status)) { +- console_error(L"Could not install security protocol", +- efi_status); ++ efi_status = install_shim_protocols(); ++ if (EFI_ERROR(efi_status)) + return efi_status; +- } +- +-#if defined(OVERRIDE_SECURITY_POLICY) +- /* +- * Install the security protocol hook +- */ +- security_policy_install(shim_verify); +-#endif + + /* + * Enter MokManager if necessary +@@ -1810,20 +1840,7 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) + + efi_status = init_grub(image_handle); + +-#if defined(OVERRIDE_SECURITY_POLICY) +- /* +- * Clean up the security protocol hook +- */ +- security_policy_uninstall(); +-#endif +- +- /* +- * If we're back here then clean everything up before exiting +- */ +- uefi_call_wrapper(BS->UninstallProtocolInterface, 3, handle, +- &shim_lock_guid, &shim_lock_interface); +- +- ++ uninstall_shim_protocols(); + /* + * Remove our hooks from system services. + */ +-- +1.9.3 + diff --git a/SOURCES/0023-additional-bounds-checking-on-section-sizes.patch b/SOURCES/0023-additional-bounds-checking-on-section-sizes.patch new file mode 100644 index 0000000..da3bb7d --- /dev/null +++ b/SOURCES/0023-additional-bounds-checking-on-section-sizes.patch @@ -0,0 +1,295 @@ +From 5495694c043de510aaf8ff5dcbe17b6547794083 Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Mon, 3 Dec 2012 15:52:48 -0800 +Subject: [PATCH 23/74] additional bounds-checking on section sizes + +This adds additional bounds-checking on the section sizes. Also adds +-Wsign-compare to the Makefile and replaces some signed variables with +unsigned counteparts for robustness. + +Signed-off-by: Kees Cook +--- + Makefile | 3 ++- + MokManager.c | 6 ++--- + PasswordCrypt.c | 4 +-- + fallback.c | 4 +-- + shim.c | 83 +++++++++++++++++++++++++++++++++++++++------------------ + 5 files changed, 66 insertions(+), 34 deletions(-) + +diff --git a/Makefile b/Makefile +index e65d28d..46e5ef9 100644 +--- a/Makefile ++++ b/Makefile +@@ -16,7 +16,8 @@ EFI_LDS = elf_$(ARCH)_efi.lds + + DEFAULT_LOADER := \\\\grub.efi + CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ +- -fshort-wchar -Wall -Werror -mno-red-zone -maccumulate-outgoing-args \ ++ -fshort-wchar -Wall -Wsign-compare -Werror \ ++ -mno-red-zone -maccumulate-outgoing-args \ + -mno-mmx -mno-sse -fno-builtin \ + "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ + "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ +diff --git a/MokManager.c b/MokManager.c +index f5ed379..3da61f4 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -440,7 +440,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) + MokListNode *keys = NULL; + INTN key_num = 0; + CHAR16 **menu_strings; +- int i; ++ unsigned int i; + + if (KeyListSize < (sizeof(EFI_SIGNATURE_LIST) + + sizeof(EFI_SIGNATURE_DATA))) { +@@ -491,7 +491,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) + static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show) + { + EFI_INPUT_KEY key; +- int count = 0; ++ unsigned int count = 0; + + do { + key = console_get_keystroke(); +@@ -640,7 +640,7 @@ static EFI_STATUS match_password (PASSWORD_CRYPT *pw_crypt, + CHAR16 password[PASSWORD_MAX]; + UINT32 pw_length; + UINT8 fail_count = 0; +- int i; ++ unsigned int i; + + if (pw_crypt) { + auth_hash = pw_crypt->hash; +diff --git a/PasswordCrypt.c b/PasswordCrypt.c +index 8d72a82..e0a82cf 100644 +--- a/PasswordCrypt.c ++++ b/PasswordCrypt.c +@@ -154,7 +154,7 @@ static EFI_STATUS sha256_crypt (const char *key, UINT32 key_len, + CopyMem(cp, tmp_result, cnt); + + SHA256_Init(&alt_ctx); +- for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) ++ for (cnt = 0; cnt < 16ul + alt_result[0]; ++cnt) + SHA256_Update(&alt_ctx, salt, salt_size); + SHA256_Final(tmp_result, &alt_ctx); + +@@ -242,7 +242,7 @@ static EFI_STATUS sha512_crypt (const char *key, UINT32 key_len, + CopyMem(cp, tmp_result, cnt); + + SHA512_Init(&alt_ctx); +- for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) ++ for (cnt = 0; cnt < 16ul + alt_result[0]; ++cnt) + SHA512_Update(&alt_ctx, salt, salt_size); + SHA512_Final(tmp_result, &alt_ctx); + +diff --git a/fallback.c b/fallback.c +index 44638ec..bc9a3c9 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -229,7 +229,7 @@ EFI_STATUS + find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, + CHAR16 *arguments, UINT16 *optnum) + { +- int size = sizeof(UINT32) + sizeof (UINT16) + ++ unsigned int size = sizeof(UINT32) + sizeof (UINT16) + + StrLen(label)*2 + 2 + DevicePathSize(dp) + + StrLen(arguments) * 2 + 2; + +@@ -768,7 +768,7 @@ try_start_first_option(EFI_HANDLE parent_image_handle) + if (EFI_ERROR(rc)) { + CHAR16 *dps = DevicePathToStr(first_new_option); + UINTN s = DevicePathSize(first_new_option); +- int i; ++ unsigned int i; + UINT8 *dpv = (void *)first_new_option; + Print(L"LoadImage failed: %d\nDevice path: \"%s\"\n", rc, dps); + for (i = 0; i < s; i++) { +diff --git a/shim.c b/shim.c +index 0e18d38..8c583a4 100644 +--- a/shim.c ++++ b/shim.c +@@ -102,7 +102,7 @@ typedef struct { + /* + * Perform basic bounds checking of the intra-image pointers + */ +-static void *ImageAddress (void *image, int size, unsigned int address) ++static void *ImageAddress (void *image, unsigned int size, unsigned int address) + { + if (address > size) + return NULL; +@@ -494,18 +494,19 @@ static BOOLEAN secure_mode (void) + * Calculate the SHA1 and SHA256 hashes of a binary + */ + +-static EFI_STATUS generate_hash (char *data, int datasize, ++static EFI_STATUS generate_hash (char *data, int datasize_in, + PE_COFF_LOADER_IMAGE_CONTEXT *context, + UINT8 *sha256hash, UINT8 *sha1hash) + + { + unsigned int sha256ctxsize, sha1ctxsize; +- unsigned int size = datasize; ++ unsigned int size = datasize_in; + void *sha256ctx = NULL, *sha1ctx = NULL; + char *hashbase; + unsigned int hashsize; + unsigned int SumOfBytesHashed, SumOfSectionBytes; + unsigned int index, pos; ++ unsigned int datasize; + EFI_IMAGE_SECTION_HEADER *Section; + EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL; + EFI_IMAGE_SECTION_HEADER *SectionCache; +@@ -517,6 +518,12 @@ static EFI_STATUS generate_hash (char *data, int datasize, + sha1ctxsize = Sha1GetContextSize(); + sha1ctx = AllocatePool(sha1ctxsize); + ++ if (datasize_in < 0) { ++ Print(L"Invalid data size\n"); ++ return EFI_INVALID_PARAMETER; ++ } ++ size = datasize = (unsigned int)datasize_in; ++ + if (!sha256ctx || !sha1ctx) { + Print(L"Unable to allocate memory for hash context\n"); + return EFI_OUT_OF_RESOURCES; +@@ -577,22 +584,29 @@ static EFI_STATUS generate_hash (char *data, int datasize, + SumOfBytesHashed = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders; + #endif + +- Section = (EFI_IMAGE_SECTION_HEADER *) ( +- (char *)context->PEHdr + sizeof (UINT32) + +- sizeof (EFI_IMAGE_FILE_HEADER) + +- context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader +- ); +- +- SectionCache = Section; +- ++ /* Validate section locations and sizes */ + for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++, SectionCache++) { +- SumOfSectionBytes += SectionCache->SizeOfRawData; +- } +- +- if (SumOfSectionBytes >= datasize) { +- Print(L"Malformed binary: %x %x\n", SumOfSectionBytes, size); +- status = EFI_INVALID_PARAMETER; +- goto done; ++ EFI_IMAGE_SECTION_HEADER *SectionPtr; ++ ++ /* Validate SectionPtr is within image */ ++ SectionPtr = ImageAddress(data, datasize, ++ sizeof (UINT32) + ++ sizeof (EFI_IMAGE_FILE_HEADER) + ++ context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + ++ (index * sizeof(*SectionPtr))); ++ if (!SectionPtr) { ++ Print(L"Malformed section %d\n", index); ++ status = EFI_INVALID_PARAMETER; ++ goto done; ++ } ++ /* Validate section size is within image. */ ++ if (SectionPtr->SizeOfRawData > ++ datasize - SumOfBytesHashed - SumOfSectionBytes) { ++ Print(L"Malformed section %d size\n", index); ++ status = EFI_INVALID_PARAMETER; ++ goto done; ++ } ++ SumOfSectionBytes += SectionPtr->SizeOfRawData; + } + + SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * context->PEHdr->Pe32.FileHeader.NumberOfSections); +@@ -602,6 +616,11 @@ static EFI_STATUS generate_hash (char *data, int datasize, + goto done; + } + ++ /* Already validated above */ ++ Section = ImageAddress(data, datasize, sizeof (UINT32) + ++ sizeof (EFI_IMAGE_FILE_HEADER) + ++ context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader); ++ + /* Sort the section headers */ + for (index = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) { + pos = index; +@@ -620,7 +639,6 @@ static EFI_STATUS generate_hash (char *data, int datasize, + continue; + } + hashbase = ImageAddress(data, size, Section->PointerToRawData); +- hashsize = (unsigned int) Section->SizeOfRawData; + + if (!hashbase) { + Print(L"Malformed section header\n"); +@@ -628,6 +646,15 @@ static EFI_STATUS generate_hash (char *data, int datasize, + goto done; + } + ++ /* Verify hashsize within image. */ ++ if (Section->SizeOfRawData > ++ datasize - Section->PointerToRawData) { ++ Print(L"Malformed section raw size %d\n", index); ++ status = EFI_INVALID_PARAMETER; ++ goto done; ++ } ++ hashsize = (unsigned int) Section->SizeOfRawData; ++ + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { + Print(L"Unable to generate hash\n"); +@@ -638,10 +665,10 @@ static EFI_STATUS generate_hash (char *data, int datasize, + } + + /* Hash all remaining data */ +- if (size > SumOfBytesHashed) { ++ if (datasize > SumOfBytesHashed) { + hashbase = data + SumOfBytesHashed; + hashsize = (unsigned int)( +- size - ++ datasize - + #if __LP64__ + context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - + #else +@@ -884,7 +911,8 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + return EFI_UNSUPPORTED; + } + +- if (((UINT8 *)context->SecDir - (UINT8 *)data) > (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) { ++ if ((unsigned long)((UINT8 *)context->SecDir - (UINT8 *)data) > ++ (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) { + Print(L"Invalid image\n"); + return EFI_UNSUPPORTED; + } +@@ -904,7 +932,8 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + { + EFI_STATUS efi_status; + char *buffer; +- int i, size; ++ int i; ++ unsigned int size; + EFI_IMAGE_SECTION_HEADER *Section; + char *base, *end; + PE_COFF_LOADER_IMAGE_CONTEXT context; +@@ -1081,7 +1110,8 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, + { + EFI_DEVICE_PATH *devpath; + EFI_HANDLE device; +- int i, j, last = -1; ++ unsigned int i; ++ int j, last = -1; + unsigned int pathlen = 0; + EFI_STATUS efi_status = EFI_SUCCESS; + CHAR16 *bootpath; +@@ -1637,9 +1667,10 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) + EFI_STATUS status; + EFI_LOADED_IMAGE *li; + CHAR16 *start = NULL, *c; +- int i, remaining_size = 0; ++ unsigned int i; ++ int remaining_size = 0; + CHAR16 *loader_str = NULL; +- int loader_len = 0; ++ unsigned int loader_len = 0; + + second_stage = DEFAULT_LOADER; + load_options = NULL; +-- +1.9.3 + diff --git a/SOURCES/0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch b/SOURCES/0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch new file mode 100644 index 0000000..88b6f1c --- /dev/null +++ b/SOURCES/0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch @@ -0,0 +1,75 @@ +From a876037a0d4b91638fcb6274bd7a976f8318a7e2 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 11 Apr 2014 15:05:24 -0400 +Subject: [PATCH 24/74] Kees' patch missed the offset adjustment to PEHdr. + +In read_header, we adjust context->PEHdr's address by doshdr->e_lfanew. +If we're going to recompute that address, we have to adjust it here +too. + +Signed-off-by: Peter Jones +--- + shim.c | 26 +++++++++++++++++++------- + 1 file changed, 19 insertions(+), 7 deletions(-) + +diff --git a/shim.c b/shim.c +index 8c583a4..d06bd02 100644 +--- a/shim.c ++++ b/shim.c +@@ -511,12 +511,8 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL; + EFI_IMAGE_SECTION_HEADER *SectionCache; + EFI_STATUS status = EFI_SUCCESS; +- +- sha256ctxsize = Sha256GetContextSize(); +- sha256ctx = AllocatePool(sha256ctxsize); +- +- sha1ctxsize = Sha1GetContextSize(); +- sha1ctx = AllocatePool(sha1ctxsize); ++ EFI_IMAGE_DOS_HEADER *DosHdr = (void *)data; ++ unsigned int PEHdr_offset = 0; + + if (datasize_in < 0) { + Print(L"Invalid data size\n"); +@@ -524,6 +520,19 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + } + size = datasize = (unsigned int)datasize_in; + ++ if (datasize <= sizeof (*DosHdr) || ++ DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) { ++ Print(L"Invalid signature\n"); ++ return EFI_INVALID_PARAMETER; ++ } ++ PEHdr_offset = DosHdr->e_lfanew; ++ ++ sha256ctxsize = Sha256GetContextSize(); ++ sha256ctx = AllocatePool(sha256ctxsize); ++ ++ sha1ctxsize = Sha1GetContextSize(); ++ sha1ctx = AllocatePool(sha1ctxsize); ++ + if (!sha256ctx || !sha1ctx) { + Print(L"Unable to allocate memory for hash context\n"); + return EFI_OUT_OF_RESOURCES; +@@ -590,6 +599,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + /* Validate SectionPtr is within image */ + SectionPtr = ImageAddress(data, datasize, ++ PEHdr_offset + + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + +@@ -617,7 +627,9 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + } + + /* Already validated above */ +- Section = ImageAddress(data, datasize, sizeof (UINT32) + ++ Section = ImageAddress(data, datasize, ++ PEHdr_offset + ++ sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader); + +-- +1.9.3 + diff --git a/SOURCES/0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch b/SOURCES/0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch new file mode 100644 index 0000000..eb7e4df --- /dev/null +++ b/SOURCES/0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch @@ -0,0 +1,35 @@ +From 5103c3b368e04dd1eab1202b87363c7e6ba8f927 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 11 Apr 2014 15:07:45 -0400 +Subject: [PATCH 25/74] Get rid of SectionCache in generate_hash(), it is + unused. + +Signed-off-by: Peter Jones +--- + shim.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/shim.c b/shim.c +index d06bd02..48a6f2f 100644 +--- a/shim.c ++++ b/shim.c +@@ -509,7 +509,6 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + unsigned int datasize; + EFI_IMAGE_SECTION_HEADER *Section; + EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL; +- EFI_IMAGE_SECTION_HEADER *SectionCache; + EFI_STATUS status = EFI_SUCCESS; + EFI_IMAGE_DOS_HEADER *DosHdr = (void *)data; + unsigned int PEHdr_offset = 0; +@@ -594,7 +593,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + #endif + + /* Validate section locations and sizes */ +- for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++, SectionCache++) { ++ for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) { + EFI_IMAGE_SECTION_HEADER *SectionPtr; + + /* Validate SectionPtr is within image */ +-- +1.9.3 + diff --git a/SOURCES/0026-fallback-Avoid-duplicate-old-BootOrder.patch b/SOURCES/0026-fallback-Avoid-duplicate-old-BootOrder.patch new file mode 100644 index 0000000..3992ae1 --- /dev/null +++ b/SOURCES/0026-fallback-Avoid-duplicate-old-BootOrder.patch @@ -0,0 +1,90 @@ +From 382a0b66e6c06ccf6775e3c05d5f9ce5f0eab5db Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 6 Mar 2014 11:58:36 +0800 +Subject: [PATCH 26/74] [fallback] Avoid duplicate old BootOrder + +set_boot_order() already copies the old BootOrder to the variable, +bootorder. Besides, we can adjust BootOrder when adding the newly +generated boot option. So, we don't have to copy the old one again +in update_boot_order(). This avoid the duplicate entries in BootOrder. + +Signed-off-by: Gary Ching-Pang Lin +--- + fallback.c | 37 ++++++++++++------------------------- + 1 file changed, 12 insertions(+), 25 deletions(-) + +diff --git a/fallback.c b/fallback.c +index bc9a3c9..4bde9c1 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -204,12 +204,12 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, + return EFI_OUT_OF_RESOURCES; + + int j = 0; ++ newbootorder[0] = i & 0xffff; + if (nbootorder) { + for (j = 0; j < nbootorder; j++) +- newbootorder[j] = bootorder[j]; ++ newbootorder[j+1] = bootorder[j]; + FreePool(bootorder); + } +- newbootorder[j] = i & 0xffff; + bootorder = newbootorder; + nbootorder += 1; + #ifdef DEBUG_FALLBACK +@@ -307,28 +307,17 @@ set_boot_order(void) + EFI_STATUS + update_boot_order(void) + { +- CHAR16 *oldbootorder; + UINTN size; ++ UINTN len = 0; + EFI_GUID global = EFI_GLOBAL_VARIABLE; + CHAR16 *newbootorder = NULL; ++ EFI_STATUS rc; + +- oldbootorder = LibGetVariableAndSize(L"BootOrder", &global, &size); +- if (oldbootorder) { +- int n = size / sizeof (CHAR16) + nbootorder; +- +- newbootorder = AllocateZeroPool(n * sizeof (CHAR16)); +- if (!newbootorder) +- return EFI_OUT_OF_RESOURCES; +- CopyMem(newbootorder, bootorder, nbootorder * sizeof (CHAR16)); +- CopyMem(newbootorder + nbootorder, oldbootorder, size); +- size = n * sizeof (CHAR16); +- } else { +- size = nbootorder * sizeof(CHAR16); +- newbootorder = AllocateZeroPool(size); +- if (!newbootorder) +- return EFI_OUT_OF_RESOURCES; +- CopyMem(newbootorder, bootorder, size); +- } ++ size = nbootorder * sizeof(CHAR16); ++ newbootorder = AllocateZeroPool(size); ++ if (!newbootorder) ++ return EFI_OUT_OF_RESOURCES; ++ CopyMem(newbootorder, bootorder, size); + + #ifdef DEBUG_FALLBACK + Print(L"nbootorder: %d\nBootOrder: ", size / sizeof (CHAR16)); +@@ -337,13 +326,11 @@ update_boot_order(void) + Print(L"%04x ", newbootorder[j]); + Print(L"\n"); + #endif +- +- if (oldbootorder) { ++ rc = uefi_call_wrapper(RT->GetVariable, 5, L"BootOrder", &global, ++ NULL, &len, NULL); ++ if (rc == EFI_BUFFER_TOO_SMALL) + LibDeleteVariable(L"BootOrder", &global); +- FreePool(oldbootorder); +- } + +- EFI_STATUS rc; + rc = uefi_call_wrapper(RT->SetVariable, 5, L"BootOrder", &global, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | +-- +1.9.3 + diff --git a/SOURCES/0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch b/SOURCES/0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch new file mode 100644 index 0000000..f644711 --- /dev/null +++ b/SOURCES/0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch @@ -0,0 +1,26 @@ +From 4aac8a1179e160397d7ef8f1e3232cfb4f3373d6 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 6 Mar 2014 10:57:02 +0800 +Subject: [PATCH 27/74] [fallback] Fix the data size for boot option comparison + +Signed-off-by: Gary Ching-Pang Lin +--- + fallback.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fallback.c b/fallback.c +index 4bde9c1..7f242e1 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -231,7 +231,7 @@ find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, + { + unsigned int size = sizeof(UINT32) + sizeof (UINT16) + + StrLen(label)*2 + 2 + DevicePathSize(dp) + +- StrLen(arguments) * 2 + 2; ++ StrLen(arguments) * 2; + + CHAR8 *data = AllocateZeroPool(size); + if (!data) +-- +1.9.3 + diff --git a/SOURCES/0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch b/SOURCES/0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch new file mode 100644 index 0000000..82d5d29 --- /dev/null +++ b/SOURCES/0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch @@ -0,0 +1,58 @@ +From 0ba09477afac58ef2eadc7311440e695e6250029 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Wed, 5 Mar 2014 18:14:09 +0800 +Subject: [PATCH 28/74] [fallback] Try to boot the first boot option anyway + +Some UEFI implementations never care the boot options, so the +restored boot options could be just ignored and this results in +endless reboot. To avoid this situation, this commit makes +fallback.efi to load the first matched boot option even if there +is no boot option to be restored. It may not be perfect, but at +least the bootloader is loaded... + +Signed-off-by: Gary Ching-Pang Lin +--- + fallback.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/fallback.c b/fallback.c +index 7f242e1..d10fb62 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -226,8 +226,9 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, + } + + EFI_STATUS +-find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, +- CHAR16 *arguments, UINT16 *optnum) ++find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, ++ CHAR16 *filename, CHAR16 *label, CHAR16 *arguments, ++ UINT16 *optnum) + { + unsigned int size = sizeof(UINT32) + sizeof (UINT16) + + StrLen(label)*2 + 2 + DevicePathSize(dp) + +@@ -278,6 +279,12 @@ find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, + continue; + + /* at this point, we have duplicate data. */ ++ if (!first_new_option) { ++ first_new_option = DuplicateDevicePath(fulldp); ++ first_new_option_args = arguments; ++ first_new_option_size = StrLen(arguments) * sizeof (CHAR16); ++ } ++ + *optnum = i; + FreePool(candidate); + FreePool(data); +@@ -403,7 +410,7 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * + #endif + + UINT16 option; +- rc = find_boot_option(dp, fullpath, label, arguments, &option); ++ rc = find_boot_option(dp, full_device_path, fullpath, label, arguments, &option); + if (EFI_ERROR(rc)) { + add_boot_option(dp, full_device_path, fullpath, label, arguments); + } else if (option != 0) { +-- +1.9.3 + diff --git a/SOURCES/0029-Fetch-the-netboot-image-from-the-same-device.patch b/SOURCES/0029-Fetch-the-netboot-image-from-the-same-device.patch new file mode 100644 index 0000000..9b94ed1 --- /dev/null +++ b/SOURCES/0029-Fetch-the-netboot-image-from-the-same-device.patch @@ -0,0 +1,144 @@ +From f500a8742c19be604d33907b56ab9597fe448b65 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 27 May 2014 14:12:32 +0800 +Subject: [PATCH 29/74] Fetch the netboot image from the same device + +The previous strategy is to locate the first available PXE_BASE_CODE +protocol and to fetch the second stage image from it, and this may +cause shim to fetch the wrong second stage image, i.e. grub.efi. + +Consider the machine with the following boot order: +1. PXE Boot +2. Hard Drive + +Assume that the EFI image, e.g. bootx64.efi, in the PXE server is +broken, then "PXE Boot" will fail and fallback to "Hard Drive". While +shim.efi in "Hard Drive" is loaded, it will find the PXE protocol is +available and fetch grub.efi from the PXE server, not grub.efi in the +disk. + +This commit checks the DeviceHandle from Loaded Image. If the device +supports PXE, then shim fetches grub.efi with the PXE protocol. Otherwise, +shim loads grub.efi from the disk. + +Signed-off-by: Gary Ching-Pang Lin +--- + netboot.c | 77 +++++++++++++-------------------------------------------------- + shim.c | 2 +- + 2 files changed, 17 insertions(+), 62 deletions(-) + +diff --git a/netboot.c b/netboot.c +index 07e2773..5ef53f7 100644 +--- a/netboot.c ++++ b/netboot.c +@@ -85,78 +85,33 @@ translate_slashes(char *str) + * Returns TRUE if we identify a protocol that is enabled and Providing us with + * the needed information to fetch a grubx64.efi image + */ +-BOOLEAN findNetboot(EFI_HANDLE image_handle) ++BOOLEAN findNetboot(EFI_HANDLE device) + { +- UINTN bs = sizeof(EFI_HANDLE); +- EFI_GUID pxe_base_code_protocol = EFI_PXE_BASE_CODE_PROTOCOL; +- EFI_HANDLE *hbuf; +- BOOLEAN rc = FALSE; +- void *buffer = AllocatePool(bs); +- UINTN errcnt = 0; +- UINTN i; + EFI_STATUS status; + +- if (!buffer) ++ status = uefi_call_wrapper(BS->HandleProtocol, 3, device, ++ &PxeBaseCodeProtocol, (VOID **)&pxe); ++ if (status != EFI_SUCCESS) { ++ pxe = NULL; + return FALSE; +- +-try_again: +- status = uefi_call_wrapper(BS->LocateHandle,5, ByProtocol, +- &pxe_base_code_protocol, NULL, &bs, +- buffer); +- +- if (status == EFI_BUFFER_TOO_SMALL) { +- errcnt++; +- FreePool(buffer); +- if (errcnt > 1) +- return FALSE; +- buffer = AllocatePool(bs); +- if (!buffer) +- return FALSE; +- goto try_again; + } + +- if (status == EFI_NOT_FOUND) { +- FreePool(buffer); ++ if (!pxe || !pxe->Mode) { ++ pxe = NULL; + return FALSE; + } + +- /* +- * We have a list of pxe supporting protocols, lets see if any are +- * active +- */ +- hbuf = buffer; +- pxe = NULL; +- for (i=0; i < (bs / sizeof(EFI_HANDLE)); i++) { +- status = uefi_call_wrapper(BS->OpenProtocol, 6, hbuf[i], +- &pxe_base_code_protocol, +- (void **)&pxe, image_handle, NULL, +- EFI_OPEN_PROTOCOL_GET_PROTOCOL); +- +- if (status != EFI_SUCCESS) { +- pxe = NULL; +- continue; +- } +- +- if (!pxe || !pxe->Mode) { +- pxe = NULL; +- continue; +- } +- +- if (pxe->Mode->Started && pxe->Mode->DhcpAckReceived) { +- /* +- * We've located a pxe protocol handle thats been +- * started and has received an ACK, meaning its +- * something we'll be able to get tftp server info +- * out of +- */ +- rc = TRUE; +- break; +- } +- ++ if (!pxe->Mode->Started || !pxe->Mode->DhcpAckReceived) { ++ pxe = NULL; ++ return FALSE; + } + +- FreePool(buffer); +- return rc; ++ /* ++ * We've located a pxe protocol handle thats been started and has ++ * received an ACK, meaning its something we'll be able to get ++ * tftp server info out of ++ */ ++ return TRUE; + } + + static CHAR8 *get_v6_bootfile_url(EFI_PXE_BASE_CODE_DHCPV6_PACKET *pkt) +diff --git a/shim.c b/shim.c +index 48a6f2f..d8699f9 100644 +--- a/shim.c ++++ b/shim.c +@@ -1373,7 +1373,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + goto done; + } + +- if (findNetboot(image_handle)) { ++ if (findNetboot(li->DeviceHandle)) { + efi_status = parseNetbootinfo(image_handle); + if (efi_status != EFI_SUCCESS) { + Print(L"Netboot parsing failed: %r\n", efi_status); +-- +1.9.3 + diff --git a/SOURCES/0030-Check-the-first-4-bytes-of-the-certificate.patch b/SOURCES/0030-Check-the-first-4-bytes-of-the-certificate.patch new file mode 100644 index 0000000..8fa702a --- /dev/null +++ b/SOURCES/0030-Check-the-first-4-bytes-of-the-certificate.patch @@ -0,0 +1,140 @@ +From 5f18e2e3643524c6b6b38c44c6ce4eabdcfd59d1 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 27 May 2014 17:42:00 +0800 +Subject: [PATCH 30/74] Check the first 4 bytes of the certificate + +A non-DER encoding x509 certificate may be mistakenly enrolled into +db or MokList. This commit checks the first 4 bytes of the certificate +to ensure that it's DER encoding. + +This commit also removes the iteration of the x509 signature list. +Per UEFI SPEC, each x509 signature list contains only one x509 certificate. +Besides, the size of certificate is incorrect. The size of the header must +be substracted from the signature size. + +Signed-off-by: Gary Ching-Pang Lin +--- + MokManager.c | 23 +++++++++++++++++++++-- + shim.c | 45 +++++++++++++++++++++++++++++++-------------- + 2 files changed, 52 insertions(+), 16 deletions(-) + +diff --git a/MokManager.c b/MokManager.c +index 3da61f4..c9fbbac 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -1306,11 +1306,30 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) { + return -1; + } + +-static BOOLEAN verify_certificate(void *cert, UINTN size) ++static BOOLEAN verify_certificate(UINT8 *cert, UINTN size) + { + X509 *X509Cert; +- if (!cert || size == 0) ++ UINTN length; ++ if (!cert || size < 0) ++ return FALSE; ++ ++ /* ++ * A DER encoding x509 certificate starts with SEQUENCE(0x30), ++ * the number of length bytes, and the number of value bytes. ++ * The size of a x509 certificate is usually between 127 bytes ++ * and 64KB. For convenience, assume the number of value bytes ++ * is 2, i.e. the second byte is 0x82. ++ */ ++ if (cert[0] != 0x30 || cert[1] != 0x82) { ++ console_notify(L"Not a DER encoding X509 certificate"); + return FALSE; ++ } ++ ++ length = (cert[2]<<8 | cert[3]); ++ if (length != (size - 4)) { ++ console_notify(L"Invalid X509 certificate: Inconsistent size"); ++ return FALSE; ++ } + + if (!(X509ConstructCertificate(cert, size, (UINT8 **) &X509Cert)) || + X509Cert == NULL) { +diff --git a/shim.c b/shim.c +index d8699f9..cd26ce6 100644 +--- a/shim.c ++++ b/shim.c +@@ -226,44 +226,61 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + return EFI_SUCCESS; + } + ++static BOOLEAN verify_x509(UINT8 *Cert, UINTN CertSize) ++{ ++ UINTN length; ++ ++ if (!Cert || CertSize < 4) ++ return FALSE; ++ ++ /* ++ * A DER encoding x509 certificate starts with SEQUENCE(0x30), ++ * the number of length bytes, and the number of value bytes. ++ * The size of a x509 certificate is usually between 127 bytes ++ * and 64KB. For convenience, assume the number of value bytes ++ * is 2, i.e. the second byte is 0x82. ++ */ ++ if (Cert[0] != 0x30 || Cert[1] != 0x82) ++ return FALSE; ++ ++ length = Cert[2]<<8 | Cert[3]; ++ if (length != (CertSize - 4)) ++ return FALSE; ++ ++ return TRUE; ++} ++ + static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList, + UINTN dbsize, + WIN_CERTIFICATE_EFI_PKCS *data, + UINT8 *hash) + { + EFI_SIGNATURE_DATA *Cert; +- UINTN CertCount, Index; ++ UINTN CertSize; + BOOLEAN IsFound = FALSE; + EFI_GUID CertType = X509_GUID; + + while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { + if (CompareGuid (&CertList->SignatureType, &CertType) == 0) { +- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); +- for (Index = 0; Index < CertCount; Index++) { ++ CertSize = CertList->SignatureSize - sizeof(EFI_GUID); ++ if (verify_x509(Cert->SignatureData, CertSize)) { + IsFound = AuthenticodeVerify (data->CertData, + data->Hdr.dwLength - sizeof(data->Hdr), + Cert->SignatureData, +- CertList->SignatureSize, ++ CertSize, + hash, SHA256_DIGEST_SIZE); + if (IsFound) +- break; +- +- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); ++ return DATA_FOUND; ++ } else if (verbose) { ++ console_notify(L"Not a DER encoding x.509 Certificate"); + } +- + } + +- if (IsFound) +- break; +- + dbsize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + } + +- if (IsFound) +- return DATA_FOUND; +- + return DATA_NOT_FOUND; + } + +-- +1.9.3 + diff --git a/SOURCES/0031-Remove-grubpath-in-generate_path.patch b/SOURCES/0031-Remove-grubpath-in-generate_path.patch new file mode 100644 index 0000000..bc0dfba --- /dev/null +++ b/SOURCES/0031-Remove-grubpath-in-generate_path.patch @@ -0,0 +1,64 @@ +From 78aaad3003d53a14a009176ad5816937e18fa33f Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Mon, 26 May 2014 16:49:10 +0800 +Subject: [PATCH 31/74] Remove grubpath in generate_path() + +The variable is not used anymore. + +Signed-off-by: Gary Ching-Pang Lin +--- + shim.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/shim.c b/shim.c +index cd26ce6..eb8542a 100644 +--- a/shim.c ++++ b/shim.c +@@ -1134,17 +1134,15 @@ should_use_fallback(EFI_HANDLE image_handle) + * of the executable + */ + static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, +- EFI_DEVICE_PATH **grubpath, CHAR16 **PathName) ++ CHAR16 **PathName) + { + EFI_DEVICE_PATH *devpath; +- EFI_HANDLE device; + unsigned int i; + int j, last = -1; + unsigned int pathlen = 0; + EFI_STATUS efi_status = EFI_SUCCESS; + CHAR16 *bootpath; + +- device = li->DeviceHandle; + devpath = li->FilePath; + + bootpath = DevicePathToStr(devpath); +@@ -1197,8 +1195,6 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, + StrCat(*PathName, bootpath); + StrCat(*PathName, ImagePath); + +- *grubpath = FileDevicePath(device, *PathName); +- + error: + FreePool(bootpath); + +@@ -1361,7 +1357,6 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + EFI_GUID loaded_image_protocol = LOADED_IMAGE_PROTOCOL; + EFI_STATUS efi_status; + EFI_LOADED_IMAGE *li, li_bak; +- EFI_DEVICE_PATH *path; + CHAR16 *PathName = NULL; + void *sourcebuffer = NULL; + UINT64 sourcesize = 0; +@@ -1383,7 +1378,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + /* + * Build a new path from the existing one plus the executable name + */ +- efi_status = generate_path(li, ImagePath, &path, &PathName); ++ efi_status = generate_path(li, ImagePath, &PathName); + + if (efi_status != EFI_SUCCESS) { + Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status); +-- +1.9.3 + diff --git a/SOURCES/0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch b/SOURCES/0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch new file mode 100644 index 0000000..cc781c9 --- /dev/null +++ b/SOURCES/0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch @@ -0,0 +1,69 @@ +From 53a8f8721c7e26717a47b668309e3ecb1f78a250 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Fri, 7 Mar 2014 16:56:14 +0800 +Subject: [PATCH 32/74] MokManager: delete the BS+NV variables the right way + +LibDeleteVariable assumes that the variable is RT+NV and it +won't work on a BS+NV variable. + +Signed-off-by: Gary Ching-Pang Lin +--- + MokManager.c | 28 +++++++++++++++++++++++++--- + 1 file changed, 25 insertions(+), 3 deletions(-) + +diff --git a/MokManager.c b/MokManager.c +index c9fbbac..0ab308f 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -1112,7 +1112,16 @@ static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) { + return -1; + } + } else { +- LibDeleteVariable(L"MokSBState", &shim_lock_guid); ++ efi_status = uefi_call_wrapper(RT->SetVariable, ++ 5, L"MokSBState", ++ &shim_lock_guid, ++ EFI_VARIABLE_NON_VOLATILE | ++ EFI_VARIABLE_BOOTSERVICE_ACCESS, ++ 0, NULL); ++ if (efi_status != EFI_SUCCESS) { ++ console_notify(L"Failed to delete Secure Boot state"); ++ return -1; ++ } + } + + console_notify(L"The system must now be rebooted"); +@@ -1224,7 +1233,16 @@ static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) { + return -1; + } + } else { +- LibDeleteVariable(L"MokDBState", &shim_lock_guid); ++ efi_status = uefi_call_wrapper(RT->SetVariable, 5, ++ L"MokDBState", ++ &shim_lock_guid, ++ EFI_VARIABLE_NON_VOLATILE | ++ EFI_VARIABLE_BOOTSERVICE_ACCESS, ++ 0, NULL); ++ if (efi_status != EFI_SUCCESS) { ++ console_notify(L"Failed to delete DB state"); ++ return -1; ++ } + } + + console_notify(L"The system must now be rebooted"); +@@ -1261,7 +1279,11 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) { + if (console_yes_no((CHAR16 *[]){L"Clear MOK password?", NULL}) == 0) + return 0; + +- LibDeleteVariable(L"MokPWStore", &shim_lock_guid); ++ uefi_call_wrapper(RT->SetVariable, 5, L"MokPWStore", ++ &shim_lock_guid, ++ EFI_VARIABLE_NON_VOLATILE ++ | EFI_VARIABLE_BOOTSERVICE_ACCESS, ++ 0, NULL); + LibDeleteVariable(L"MokPW", &shim_lock_guid); + console_notify(L"The system must now be rebooted"); + uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, EFI_SUCCESS, 0, +-- +1.9.3 + diff --git a/SOURCES/0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch b/SOURCES/0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch new file mode 100644 index 0000000..cc73929 --- /dev/null +++ b/SOURCES/0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch @@ -0,0 +1,160 @@ +From 22254e2633d58edd0176ccdfab9dd35171f89963 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 3 Dec 2013 15:52:02 +0800 +Subject: [PATCH 33/74] MokManager: handle the error status from ReadKeyStroke + +On some machines, even though the key event was signaled, ReadKeyStroke +still got EFI_NOT_READY. This commit handles the error status to avoid +console_get_keystroke from returning unexpected keys. + +Signed-off-by: Gary Ching-Pang Lin + +Conflicts: + MokManager.c +--- + MokManager.c | 17 +++++++++++++---- + include/console.h | 4 ++-- + lib/console.c | 26 ++++++++++++++++++-------- + 3 files changed, 33 insertions(+), 14 deletions(-) + +diff --git a/MokManager.c b/MokManager.c +index 0ab308f..50cb9d7 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -488,13 +488,19 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) + return EFI_SUCCESS; + } + +-static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show) ++static EFI_STATUS get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show) + { + EFI_INPUT_KEY key; ++ EFI_STATUS status; + unsigned int count = 0; + + do { +- key = console_get_keystroke(); ++ status = console_get_keystroke(&key); ++ if (EFI_ERROR (status)) { ++ console_error(L"Failed to read the keystroke", status); ++ *length = 0; ++ return status; ++ } + + if ((count >= line_max && + key.UnicodeChar != CHAR_BACKSPACE) || +@@ -525,7 +531,7 @@ static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show + + *length = count; + +- return 1; ++ return EFI_SUCCESS; + } + + static EFI_STATUS compute_pw_hash (void *Data, UINTN DataSize, UINT8 *password, +@@ -989,6 +995,7 @@ static INTN mok_deletion_prompt (void *MokDel, UINTN MokDelSize) + static CHAR16 get_password_charater (CHAR16 *prompt) + { + SIMPLE_TEXT_OUTPUT_MODE SavedMode; ++ EFI_STATUS status; + CHAR16 *message[2]; + CHAR16 character; + UINTN length; +@@ -1003,7 +1010,9 @@ static CHAR16 get_password_charater (CHAR16 *prompt) + message[1] = NULL; + length = StrLen(message[0]); + console_print_box_at(message, -1, -length-4, -5, length+4, 3, 0, 1); +- get_line(&pw_length, &character, 1, 0); ++ status = get_line(&pw_length, &character, 1, 0); ++ if (EFI_ERROR(status)) ++ character = 0; + + console_restore_mode(&SavedMode); + +diff --git a/include/console.h b/include/console.h +index e6c2818..9c793ea 100644 +--- a/include/console.h ++++ b/include/console.h +@@ -1,8 +1,8 @@ + #ifndef _SHIM_LIB_CONSOLE_H + #define _SHIM_LIB_CONSOLE_H 1 + +-EFI_INPUT_KEY +-console_get_keystroke(void); ++EFI_STATUS ++console_get_keystroke(EFI_INPUT_KEY *key); + void + console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_row, int size_cols, int size_rows, int offset, int lines); + void +diff --git a/lib/console.c b/lib/console.c +index 2fc8db3..41ed83a 100644 +--- a/lib/console.c ++++ b/lib/console.c +@@ -40,16 +40,18 @@ SetMem16(CHAR16 *dst, UINT32 n, CHAR16 c) + } + } + +-EFI_INPUT_KEY +-console_get_keystroke(void) ++EFI_STATUS ++console_get_keystroke(EFI_INPUT_KEY *key) + { +- EFI_INPUT_KEY key; + UINTN EventIndex; ++ EFI_STATUS status; + +- uefi_call_wrapper(BS->WaitForEvent, 3, 1, &ST->ConIn->WaitForKey, &EventIndex); +- uefi_call_wrapper(ST->ConIn->ReadKeyStroke, 2, ST->ConIn, &key); ++ do { ++ uefi_call_wrapper(BS->WaitForEvent, 3, 1, &ST->ConIn->WaitForKey, &EventIndex); ++ status = uefi_call_wrapper(ST->ConIn->ReadKeyStroke, 2, ST->ConIn, key); ++ } while (status == EFI_NOT_READY); + +- return key; ++ return status; + } + + void +@@ -162,6 +164,8 @@ console_print_box(CHAR16 *str_arr[], int highlight) + { + SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode; + SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; ++ EFI_INPUT_KEY key; ++ + CopyMem(&SavedConsoleMode, co->Mode, sizeof(SavedConsoleMode)); + uefi_call_wrapper(co->EnableCursor, 2, co, FALSE); + uefi_call_wrapper(co->SetAttribute, 2, co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); +@@ -169,7 +173,7 @@ console_print_box(CHAR16 *str_arr[], int highlight) + console_print_box_at(str_arr, highlight, 0, 0, -1, -1, 0, + count_lines(str_arr)); + +- console_get_keystroke(); ++ console_get_keystroke(&key); + + uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); + +@@ -184,6 +188,7 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start) + SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode; + SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; + EFI_INPUT_KEY k; ++ EFI_STATUS status; + int selector; + int selector_lines = count_lines(selectors); + int selector_max_cols = 0; +@@ -237,7 +242,12 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start) + size_cols, size_rows, 0, lines); + + do { +- k = console_get_keystroke(); ++ status = console_get_keystroke(&k); ++ if (EFI_ERROR (status)) { ++ Print(L"Failed to read the keystroke: %r", status); ++ selector = -1; ++ break; ++ } + + if (k.ScanCode == SCAN_ESC) { + selector = -1; +-- +1.9.3 + diff --git a/SOURCES/0034-Exclude-ca.crt-while-signing-EFI-images.patch b/SOURCES/0034-Exclude-ca.crt-while-signing-EFI-images.patch new file mode 100644 index 0000000..a1c9da7 --- /dev/null +++ b/SOURCES/0034-Exclude-ca.crt-while-signing-EFI-images.patch @@ -0,0 +1,30 @@ +From 09283f08f001305db5a3299b53acba85bf6c9876 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Mon, 4 Nov 2013 17:51:55 +0800 +Subject: [PATCH 34/74] Exclude ca.crt while signing EFI images + +If ca.crt was added into the certificate database, ca.crt would be the first +certificate in the signature. Because shim couldn't verify ca.crt with the +embedded shim.cer, it failed to load MokManager.efi.signed and +fallback.efi.signed. + +Signed-off-by: Gary Ching-Pang Lin +--- + Makefile | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 46e5ef9..df190a2 100644 +--- a/Makefile ++++ b/Makefile +@@ -73,7 +73,6 @@ version.c : version.c.in + + certdb/secmod.db: shim.crt + -mkdir certdb +- certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt + pk12util -d certdb/ -i shim.p12 -W "" -K "" + certutil -d certdb/ -A -i shim.crt -n shim -t u + +-- +1.9.3 + diff --git a/SOURCES/0035-No-newline-for-console_notify.patch b/SOURCES/0035-No-newline-for-console_notify.patch new file mode 100644 index 0000000..a22e4b6 --- /dev/null +++ b/SOURCES/0035-No-newline-for-console_notify.patch @@ -0,0 +1,49 @@ +From dc8fc734b8d8c7720fd25ff8a35fc3f9ee384f3b Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Mon, 28 Oct 2013 16:36:34 +0800 +Subject: [PATCH 35/74] No newline for console_notify + +The newlines are for Print(), not console_notify(). + +Signed-off-by: Gary Ching-Pang Lin + +Conflicts: + shim.c +--- + shim.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/shim.c b/shim.c +index eb8542a..f9fa606 100644 +--- a/shim.c ++++ b/shim.c +@@ -479,7 +479,7 @@ static BOOLEAN secure_mode (void) + status = get_variable(L"SecureBoot", &Data, &len, global_var); + if (status != EFI_SUCCESS) { + if (verbose) +- console_notify(L"Secure boot not enabled\n"); ++ console_notify(L"Secure boot not enabled"); + return FALSE; + } + sb = *Data; +@@ -487,7 +487,7 @@ static BOOLEAN secure_mode (void) + + if (sb != 1) { + if (verbose) +- console_notify(L"Secure boot not enabled\n"); ++ console_notify(L"Secure boot not enabled"); + return FALSE; + } + +@@ -500,7 +500,7 @@ static BOOLEAN secure_mode (void) + + if (setupmode == 1) { + if (verbose) +- console_notify(L"Platform is in setup mode\n"); ++ console_notify(L"Platform is in setup mode"); + return FALSE; + } + +-- +1.9.3 + diff --git a/SOURCES/0036-Remove-the-duplicate-calls-in-lib-console.c.patch b/SOURCES/0036-Remove-the-duplicate-calls-in-lib-console.c.patch new file mode 100644 index 0000000..c6a4ced --- /dev/null +++ b/SOURCES/0036-Remove-the-duplicate-calls-in-lib-console.c.patch @@ -0,0 +1,35 @@ +From 8bd7bad4b77bb99c3978d328ee54e64a53b4dcfc Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 31 Oct 2013 17:55:17 +0800 +Subject: [PATCH 36/74] Remove the duplicate calls in lib/console.c + +Signed-off-by: Gary Ching-Pang Lin +--- + lib/console.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/lib/console.c b/lib/console.c +index 41ed83a..83ee679 100644 +--- a/lib/console.c ++++ b/lib/console.c +@@ -176,8 +176,6 @@ console_print_box(CHAR16 *str_arr[], int highlight) + console_get_keystroke(&key); + + uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); +- +- uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); + uefi_call_wrapper(co->SetCursorPosition, 3, co, SavedConsoleMode.CursorColumn, SavedConsoleMode.CursorRow); + uefi_call_wrapper(co->SetAttribute, 2, co, SavedConsoleMode.Attribute); + } +@@ -273,8 +271,6 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start) + && k.UnicodeChar == CHAR_CARRIAGE_RETURN)); + + uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); +- +- uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); + uefi_call_wrapper(co->SetCursorPosition, 3, co, SavedConsoleMode.CursorColumn, SavedConsoleMode.CursorRow); + uefi_call_wrapper(co->SetAttribute, 2, co, SavedConsoleMode.Attribute); + +-- +1.9.3 + diff --git a/SOURCES/0037-Silence-the-functions-of-shim-protocol.patch b/SOURCES/0037-Silence-the-functions-of-shim-protocol.patch new file mode 100644 index 0000000..11bdd55 --- /dev/null +++ b/SOURCES/0037-Silence-the-functions-of-shim-protocol.patch @@ -0,0 +1,716 @@ +From 4bfb13d803f4d8efe544e0f2aa9cd712b8cb84b1 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 1 Oct 2013 11:58:52 +0800 +Subject: [PATCH 37/74] Silence the functions of shim protocol + +When grub2 invokes the functions of shim protocol in gfx mode, +OutputString in shim could distort the screen. + +Signed-off-by: Gary Ching-Pang Lin + +Conflicts: + shim.c + +(modified by pjones to include some newer Prints that weren't there when +Gary did the initial work here.) +--- + shim.c | 192 ++++++++++++++++++++++++++++++++++++++--------------------------- + 1 file changed, 114 insertions(+), 78 deletions(-) + +diff --git a/shim.c b/shim.c +index f9fa606..69af766 100644 +--- a/shim.c ++++ b/shim.c +@@ -59,6 +59,14 @@ static EFI_STATUS (EFIAPI *entry_point) (EFI_HANDLE image_handle, EFI_SYSTEM_TAB + static CHAR16 *second_stage; + static void *load_options; + static UINT32 load_options_size; ++static UINT8 in_protocol; ++ ++#define perror(fmt, ...) ({ \ ++ UINTN __perror_ret = 0; \ ++ if (in_protocol) \ ++ __perror_ret = Print((fmt), ##__VA_ARGS__); \ ++ __perror_ret; \ ++ }) + + EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }; + +@@ -133,7 +141,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + #endif + + if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { +- Print(L"Image has no relocation entry\n"); ++ perror(L"Image has no relocation entry\n"); + return EFI_UNSUPPORTED; + } + +@@ -141,7 +149,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); + + if (!RelocBase || !RelocBaseEnd) { +- Print(L"Reloc table overflows binary\n"); ++ perror(L"Reloc table overflows binary\n"); + return EFI_UNSUPPORTED; + } + +@@ -154,19 +162,19 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION)); + + if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) { +- Print(L"Reloc block size is invalid\n"); ++ perror(L"Reloc block size is invalid\n"); + return EFI_UNSUPPORTED; + } + + RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock); + if ((void *)RelocEnd < data || (void *)RelocEnd > ImageEnd) { +- Print(L"Reloc entry overflows binary\n"); ++ perror(L"Reloc entry overflows binary\n"); + return EFI_UNSUPPORTED; + } + + FixupBase = ImageAddress(data, size, RelocBase->VirtualAddress); + if (!FixupBase) { +- Print(L"Invalid fixupbase\n"); ++ perror(L"Invalid fixupbase\n"); + return EFI_UNSUPPORTED; + } + +@@ -215,7 +223,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + break; + + default: +- Print(L"Unknown relocation\n"); ++ perror(L"Unknown relocation\n"); + return EFI_UNSUPPORTED; + } + Reloc += 1; +@@ -478,7 +486,7 @@ static BOOLEAN secure_mode (void) + + status = get_variable(L"SecureBoot", &Data, &len, global_var); + if (status != EFI_SUCCESS) { +- if (verbose) ++ if (verbose && !in_protocol) + console_notify(L"Secure boot not enabled"); + return FALSE; + } +@@ -486,7 +494,7 @@ static BOOLEAN secure_mode (void) + FreePool(Data); + + if (sb != 1) { +- if (verbose) ++ if (verbose && !in_protocol) + console_notify(L"Secure boot not enabled"); + return FALSE; + } +@@ -499,7 +507,7 @@ static BOOLEAN secure_mode (void) + FreePool(Data); + + if (setupmode == 1) { +- if (verbose) ++ if (verbose && !in_protocol) + console_notify(L"Platform is in setup mode"); + return FALSE; + } +@@ -531,14 +539,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + unsigned int PEHdr_offset = 0; + + if (datasize_in < 0) { +- Print(L"Invalid data size\n"); ++ perror(L"Invalid data size\n"); + return EFI_INVALID_PARAMETER; + } + size = datasize = (unsigned int)datasize_in; + + if (datasize <= sizeof (*DosHdr) || + DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) { +- Print(L"Invalid signature\n"); ++ perror(L"Invalid signature\n"); + return EFI_INVALID_PARAMETER; + } + PEHdr_offset = DosHdr->e_lfanew; +@@ -550,12 +558,12 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + sha1ctx = AllocatePool(sha1ctxsize); + + if (!sha256ctx || !sha1ctx) { +- Print(L"Unable to allocate memory for hash context\n"); ++ perror(L"Unable to allocate memory for hash context\n"); + return EFI_OUT_OF_RESOURCES; + } + + if (!Sha256Init(sha256ctx) || !Sha1Init(sha1ctx)) { +- Print(L"Unable to initialise hash\n"); ++ perror(L"Unable to initialise hash\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -567,7 +575,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +- Print(L"Unable to generate hash\n"); ++ perror(L"Unable to generate hash\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -579,7 +587,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +- Print(L"Unable to generate hash\n"); ++ perror(L"Unable to generate hash\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -597,7 +605,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +- Print(L"Unable to generate hash\n"); ++ perror(L"Unable to generate hash\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -621,14 +629,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + + (index * sizeof(*SectionPtr))); + if (!SectionPtr) { +- Print(L"Malformed section %d\n", index); ++ perror(L"Malformed section %d\n", index); + status = EFI_INVALID_PARAMETER; + goto done; + } + /* Validate section size is within image. */ + if (SectionPtr->SizeOfRawData > + datasize - SumOfBytesHashed - SumOfSectionBytes) { +- Print(L"Malformed section %d size\n", index); ++ perror(L"Malformed section %d size\n", index); + status = EFI_INVALID_PARAMETER; + goto done; + } +@@ -637,7 +645,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * context->PEHdr->Pe32.FileHeader.NumberOfSections); + if (SectionHeader == NULL) { +- Print(L"Unable to allocate section header\n"); ++ perror(L"Unable to allocate section header\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -669,7 +677,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + hashbase = ImageAddress(data, size, Section->PointerToRawData); + + if (!hashbase) { +- Print(L"Malformed section header\n"); ++ perror(L"Malformed section header\n"); + status = EFI_INVALID_PARAMETER; + goto done; + } +@@ -677,7 +685,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + /* Verify hashsize within image. */ + if (Section->SizeOfRawData > + datasize - Section->PointerToRawData) { +- Print(L"Malformed section raw size %d\n", index); ++ perror(L"Malformed section raw size %d\n", index); + status = EFI_INVALID_PARAMETER; + goto done; + } +@@ -685,7 +693,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +- Print(L"Unable to generate hash\n"); ++ perror(L"Unable to generate hash\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -706,7 +714,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +- Print(L"Unable to generate hash\n"); ++ perror(L"Unable to generate hash\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -714,7 +722,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + if (!(Sha256Final(sha256ctx, sha256hash)) || + !(Sha1Final(sha1ctx, sha1hash))) { +- Print(L"Unable to finalise hash\n"); ++ perror(L"Unable to finalise hash\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -744,9 +752,9 @@ static EFI_STATUS verify_mok (void) { + shim_lock_guid, &attributes); + + if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) { +- Print(L"MokList is compromised!\nErase all keys in MokList!\n"); ++ perror(L"MokList is compromised!\nErase all keys in MokList!\n"); + if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) { +- Print(L"Failed to erase MokList\n"); ++ perror(L"Failed to erase MokList\n"); + return EFI_ACCESS_DENIED; + } + } +@@ -774,13 +782,13 @@ static EFI_STATUS verify_buffer (char *data, int datasize, + context->SecDir->VirtualAddress); + + if (!cert) { +- Print(L"Certificate located outside the image\n"); ++ perror(L"Certificate located outside the image\n"); + return EFI_INVALID_PARAMETER; + } + + if (cert->Hdr.wCertificateType != + WIN_CERT_TYPE_PKCS_SIGNED_DATA) { +- Print(L"Unsupported certificate type %x\n", ++ perror(L"Unsupported certificate type %x\n", + cert->Hdr.wCertificateType); + return EFI_UNSUPPORTED; + } +@@ -804,7 +812,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, + status = check_blacklist(cert, sha256hash, sha1hash); + + if (status != EFI_SUCCESS) { +- Print(L"Binary is blacklisted\n"); ++ perror(L"Binary is blacklisted\n"); + return status; + } + +@@ -857,7 +865,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize; + + if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) { +- Print(L"Invalid image\n"); ++ perror(L"Invalid image\n"); + return EFI_UNSUPPORTED; + } + +@@ -877,7 +885,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; + + if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) { +- Print(L"Image header too small\n"); ++ perror(L"Image header too small\n"); + return EFI_UNSUPPORTED; + } + +@@ -885,7 +893,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + - sizeof (EFI_IMAGE_DATA_DIRECTORY) * EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES; + if (((UINT32)PEHdr->Pe32.FileHeader.SizeOfOptionalHeader - HeaderWithoutDataDir) != + context->NumberOfRvaAndSizes * sizeof (EFI_IMAGE_DATA_DIRECTORY)) { +- Print(L"Image header overflows data directory\n"); ++ perror(L"Image header overflows data directory\n"); + return EFI_UNSUPPORTED; + } + +@@ -895,28 +903,28 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader; + if (((UINT32)context->ImageSize - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER + <= context->NumberOfSections) { +- Print(L"Image sections overflow image size\n"); ++ perror(L"Image sections overflow image size\n"); + return EFI_UNSUPPORTED; + } + + if ((context->SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER + < (UINT32)context->NumberOfSections) { +- Print(L"Image sections overflow section headers\n"); ++ perror(L"Image sections overflow section headers\n"); + return EFI_UNSUPPORTED; + } + + if ((((UINT8 *)PEHdr - (UINT8 *)data) + sizeof(EFI_IMAGE_OPTIONAL_HEADER_UNION)) > datasize) { +- Print(L"Invalid image\n"); ++ perror(L"Invalid image\n"); + return EFI_UNSUPPORTED; + } + + if (PEHdr->Te.Signature != EFI_IMAGE_NT_SIGNATURE) { +- Print(L"Unsupported image type\n"); ++ perror(L"Unsupported image type\n"); + return EFI_UNSUPPORTED; + } + + if (PEHdr->Pe32.FileHeader.Characteristics & EFI_IMAGE_FILE_RELOCS_STRIPPED) { +- Print(L"Unsupported image - Relocations have been stripped\n"); ++ perror(L"Unsupported image - Relocations have been stripped\n"); + return EFI_UNSUPPORTED; + } + +@@ -935,23 +943,24 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER)); + + if (context->ImageSize < context->SizeOfHeaders) { +- Print(L"Invalid image\n"); ++ perror(L"Invalid image\n"); + return EFI_UNSUPPORTED; + } + + if ((unsigned long)((UINT8 *)context->SecDir - (UINT8 *)data) > + (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) { +- Print(L"Invalid image\n"); ++ perror(L"Invalid image\n"); + return EFI_UNSUPPORTED; + } + + if (context->SecDir->VirtualAddress >= datasize) { +- Print(L"Malformed security header\n"); ++ perror(L"Malformed security header\n"); + return EFI_INVALID_PARAMETER; + } + return EFI_SUCCESS; + } + ++ + /* + * Once the image has been loaded it needs to be validated and relocated + */ +@@ -971,7 +980,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + */ + efi_status = read_header(data, datasize, &context); + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to read header: %r\n", efi_status); ++ perror(L"Failed to read header: %r\n", efi_status); + return efi_status; + } + +@@ -993,7 +1002,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + buffer = AllocatePool(context.ImageSize); + + if (!buffer) { +- Print(L"Failed to allocate image buffer\n"); ++ perror(L"Failed to allocate image buffer\n"); + return EFI_OUT_OF_RESOURCES; + } + +@@ -1013,13 +1022,13 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + end = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress + size - 1); + + if (!base || !end) { +- Print(L"Invalid section size\n"); ++ perror(L"Invalid section size\n"); + return EFI_UNSUPPORTED; + } + + if (Section->VirtualAddress < context.SizeOfHeaders || + Section->PointerToRawData < context.SizeOfHeaders) { +- Print(L"Section is inside image headers\n"); ++ perror(L"Section is inside image headers\n"); + return EFI_UNSUPPORTED; + } + +@@ -1038,7 +1047,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + efi_status = relocate_coff(&context, buffer); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Relocation failed: %r\n", efi_status); ++ perror(L"Relocation failed: %r\n", efi_status); + FreePool(buffer); + return efi_status; + } +@@ -1056,7 +1065,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + li->LoadOptionsSize = load_options_size; + + if (!entry_point) { +- Print(L"Invalid entry point\n"); ++ perror(L"Invalid entry point\n"); + FreePool(buffer); + return EFI_UNSUPPORTED; + } +@@ -1079,7 +1088,7 @@ should_use_fallback(EFI_HANDLE image_handle) + rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, + &loaded_image_protocol, (void **)&li); + if (EFI_ERROR(rc)) { +- Print(L"Could not get image for bootx64.efi: %r\n", rc); ++ perror(L"Could not get image for bootx64.efi: %r\n", rc); + return 0; + } + +@@ -1101,13 +1110,13 @@ should_use_fallback(EFI_HANDLE image_handle) + rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle, + &FileSystemProtocol, (void **)&fio); + if (EFI_ERROR(rc)) { +- Print(L"Could not get fio for li->DeviceHandle: %r\n", rc); ++ perror(L"Could not get fio for li->DeviceHandle: %r\n", rc); + return 0; + } +- ++ + rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh); + if (EFI_ERROR(rc)) { +- Print(L"Could not open fio volume: %r\n", rc); ++ perror(L"Could not open fio volume: %r\n", rc); + return 0; + } + +@@ -1185,7 +1194,7 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, + *PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath)); + + if (!*PathName) { +- Print(L"Failed to allocate path buffer\n"); ++ perror(L"Failed to allocate path buffer\n"); + efi_status = EFI_OUT_OF_RESOURCES; + goto error; + } +@@ -1226,14 +1235,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + (void **)&drive); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to find fs: %r\n", efi_status); ++ perror(L"Failed to find fs: %r\n", efi_status); + goto error; + } + + efi_status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to open fs: %r\n", efi_status); ++ perror(L"Failed to open fs: %r\n", efi_status); + goto error; + } + +@@ -1244,14 +1253,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + EFI_FILE_MODE_READ, 0); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to open %s - %r\n", PathName, efi_status); ++ perror(L"Failed to open %s - %r\n", PathName, efi_status); + goto error; + } + + fileinfo = AllocatePool(buffersize); + + if (!fileinfo) { +- Print(L"Unable to allocate file info buffer\n"); ++ perror(L"Unable to allocate file info buffer\n"); + efi_status = EFI_OUT_OF_RESOURCES; + goto error; + } +@@ -1267,7 +1276,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + FreePool(fileinfo); + fileinfo = AllocatePool(buffersize); + if (!fileinfo) { +- Print(L"Unable to allocate file info buffer\n"); ++ perror(L"Unable to allocate file info buffer\n"); + efi_status = EFI_OUT_OF_RESOURCES; + goto error; + } +@@ -1277,7 +1286,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + } + + if (efi_status != EFI_SUCCESS) { +- Print(L"Unable to get file info: %r\n", efi_status); ++ perror(L"Unable to get file info: %r\n", efi_status); + goto error; + } + +@@ -1286,7 +1295,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + *data = AllocatePool(buffersize); + + if (!*data) { +- Print(L"Unable to allocate file buffer\n"); ++ perror(L"Unable to allocate file buffer\n"); + efi_status = EFI_OUT_OF_RESOURCES; + goto error; + } +@@ -1305,7 +1314,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + } + + if (efi_status != EFI_SUCCESS) { +- Print(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize); ++ perror(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize); + goto error; + } + +@@ -1335,6 +1344,7 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size) + PE_COFF_LOADER_IMAGE_CONTEXT context; + + loader_is_participating = 1; ++ in_protocol = 1; + + if (!secure_mode()) + return EFI_SUCCESS; +@@ -1342,9 +1352,35 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size) + status = read_header(buffer, size, &context); + + if (status != EFI_SUCCESS) +- return status; ++ goto done; + + status = verify_buffer(buffer, size, &context); ++done: ++ in_protocol = 0; ++ return status; ++} ++ ++static EFI_STATUS shim_hash (char *data, int datasize, ++ PE_COFF_LOADER_IMAGE_CONTEXT *context, ++ UINT8 *sha256hash, UINT8 *sha1hash) ++{ ++ EFI_STATUS status; ++ ++ in_protocol = 1; ++ status = generate_hash(data, datasize, context, sha256hash, sha1hash); ++ in_protocol = 0; ++ ++ return status; ++} ++ ++static EFI_STATUS shim_read_header(void *data, unsigned int datasize, ++ PE_COFF_LOADER_IMAGE_CONTEXT *context) ++{ ++ EFI_STATUS status; ++ ++ in_protocol = 1; ++ status = read_header(data, datasize, context); ++ in_protocol = 0; + + return status; + } +@@ -1371,7 +1407,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + &loaded_image_protocol, (void **)&li); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Unable to init protocol\n"); ++ perror(L"Unable to init protocol\n"); + return efi_status; + } + +@@ -1381,20 +1417,20 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + efi_status = generate_path(li, ImagePath, &PathName); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status); ++ perror(L"Unable to generate path %s: %r\n", ImagePath, efi_status); + goto done; + } + + if (findNetboot(li->DeviceHandle)) { + efi_status = parseNetbootinfo(image_handle); + if (efi_status != EFI_SUCCESS) { +- Print(L"Netboot parsing failed: %r\n", efi_status); ++ perror(L"Netboot parsing failed: %r\n", efi_status); + return EFI_PROTOCOL_ERROR; + } + efi_status = FetchNetbootimage(image_handle, &sourcebuffer, + &sourcesize); + if (efi_status != EFI_SUCCESS) { +- Print(L"Unable to fetch TFTP image: %r\n", efi_status); ++ perror(L"Unable to fetch TFTP image: %r\n", efi_status); + return efi_status; + } + data = sourcebuffer; +@@ -1406,7 +1442,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + efi_status = load_image(li, &data, &datasize, PathName); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to load image %s: %r\n", PathName, efi_status); ++ perror(L"Failed to load image %s: %r\n", PathName, efi_status); + goto done; + } + } +@@ -1423,7 +1459,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + efi_status = handle_image(data, datasize, li); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to load image: %r\n", efi_status); ++ perror(L"Failed to load image: %r\n", efi_status); + CopyMem(li, &li_bak, sizeof(li_bak)); + goto done; + } +@@ -1495,7 +1531,7 @@ EFI_STATUS mirror_mok_list() + ; + FullData = AllocatePool(FullDataSize); + if (!FullData) { +- Print(L"Failed to allocate space for MokListRT\n"); ++ perror(L"Failed to allocate space for MokListRT\n"); + return EFI_OUT_OF_RESOURCES; + } + p = FullData; +@@ -1526,7 +1562,7 @@ EFI_STATUS mirror_mok_list() + | EFI_VARIABLE_RUNTIME_ACCESS, + FullDataSize, FullData); + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to set MokListRT: %r\n", efi_status); ++ perror(L"Failed to set MokListRT: %r\n", efi_status); + } + + return efi_status; +@@ -1567,7 +1603,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) + efi_status = start_image(image_handle, MOK_MANAGER); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to start MokManager: %r\n", efi_status); ++ perror(L"Failed to start MokManager: %r\n", efi_status); + return efi_status; + } + } +@@ -1601,9 +1637,9 @@ static EFI_STATUS check_mok_sb (void) + * modified by the OS + */ + if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { +- Print(L"MokSBState is compromised! Clearing it\n"); ++ perror(L"MokSBState is compromised! Clearing it\n"); + if (LibDeleteVariable(L"MokSBState", &shim_lock_guid) != EFI_SUCCESS) { +- Print(L"Failed to erase MokSBState\n"); ++ perror(L"Failed to erase MokSBState\n"); + } + status = EFI_ACCESS_DENIED; + } else { +@@ -1642,9 +1678,9 @@ static EFI_STATUS check_mok_db (void) + * modified by the OS + */ + if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { +- Print(L"MokDBState is compromised! Clearing it\n"); ++ perror(L"MokDBState is compromised! Clearing it\n"); + if (LibDeleteVariable(L"MokDBState", &shim_lock_guid) != EFI_SUCCESS) { +- Print(L"Failed to erase MokDBState\n"); ++ perror(L"Failed to erase MokDBState\n"); + } + status = EFI_ACCESS_DENIED; + } else { +@@ -1674,7 +1710,7 @@ static EFI_STATUS mok_ignore_db() + | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, (void *)&Data); + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to set MokIgnoreDB: %r\n", efi_status); ++ perror(L"Failed to set MokIgnoreDB: %r\n", efi_status); + } + } + +@@ -1702,7 +1738,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) + status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, + &LoadedImageProtocol, (void **) &li); + if (status != EFI_SUCCESS) { +- Print (L"Failed to get load options: %r\n", status); ++ perror (L"Failed to get load options: %r\n", status); + return status; + } + +@@ -1746,7 +1782,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) + if (loader_len > 0) { + loader_str = AllocatePool((loader_len + 1) * sizeof(CHAR16)); + if (!loader_str) { +- Print(L"Failed to allocate loader string\n"); ++ perror(L"Failed to allocate loader string\n"); + return EFI_OUT_OF_RESOURCES; + } + for (i = 0; i < loader_len; i++) +@@ -1825,8 +1861,8 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) + * call back in and use shim functions + */ + shim_lock_interface.Verify = shim_verify; +- shim_lock_interface.Hash = generate_hash; +- shim_lock_interface.Context = read_header; ++ shim_lock_interface.Hash = shim_hash; ++ shim_lock_interface.Context = shim_read_header; + + systab = passed_systab; + +-- +1.9.3 + diff --git a/SOURCES/0038-Free-the-string-from-DevicePathToStr.patch b/SOURCES/0038-Free-the-string-from-DevicePathToStr.patch new file mode 100644 index 0000000..9885446 --- /dev/null +++ b/SOURCES/0038-Free-the-string-from-DevicePathToStr.patch @@ -0,0 +1,82 @@ +From c36d88cb16d10fdc8da2abcc00d3c51f0d425e34 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 31 Oct 2013 17:54:46 +0800 +Subject: [PATCH 38/74] Free the string from DevicePathToStr + +Signed-off-by: Gary Ching-Pang Lin + +Conflicts: + shim.c +--- + shim.c | 20 +++++++++++++------- + 1 file changed, 13 insertions(+), 7 deletions(-) + +diff --git a/shim.c b/shim.c +index 69af766..72d6072 100644 +--- a/shim.c ++++ b/shim.c +@@ -1079,11 +1079,12 @@ should_use_fallback(EFI_HANDLE image_handle) + EFI_GUID loaded_image_protocol = LOADED_IMAGE_PROTOCOL; + EFI_LOADED_IMAGE *li; + unsigned int pathlen = 0; +- CHAR16 *bootpath; ++ CHAR16 *bootpath = NULL; + EFI_FILE_IO_INTERFACE *fio = NULL; + EFI_FILE *vh; + EFI_FILE *fh; + EFI_STATUS rc; ++ int ret = 0; + + rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, + &loaded_image_protocol, (void **)&li); +@@ -1101,23 +1102,23 @@ should_use_fallback(EFI_HANDLE image_handle) + */ + if (StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\BOOT", 14) && + StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\/BOOT", 15)) +- return 0; ++ goto error; + + pathlen = StrLen(bootpath); + if (pathlen < 5 || StrCaseCmp(bootpath + pathlen - 4, L".EFI")) +- return 0; ++ goto error; + + rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle, + &FileSystemProtocol, (void **)&fio); + if (EFI_ERROR(rc)) { + perror(L"Could not get fio for li->DeviceHandle: %r\n", rc); +- return 0; ++ goto error; + } + + rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh); + if (EFI_ERROR(rc)) { + perror(L"Could not open fio volume: %r\n", rc); +- return 0; ++ goto error; + } + + rc = uefi_call_wrapper(vh->Open, 5, vh, &fh, L"\\EFI\\BOOT" FALLBACK, +@@ -1130,12 +1131,17 @@ should_use_fallback(EFI_HANDLE image_handle) + * rc); + */ + uefi_call_wrapper(vh->Close, 1, vh); +- return 0; ++ goto error; + } + uefi_call_wrapper(fh->Close, 1, fh); + uefi_call_wrapper(vh->Close, 1, vh); + +- return 1; ++ ret = 1; ++error: ++ if (bootpath) ++ FreePool(bootpath); ++ ++ return ret; + } + + /* +-- +1.9.3 + diff --git a/SOURCES/0039-Explain-the-logic-in-secure_mode-better.patch b/SOURCES/0039-Explain-the-logic-in-secure_mode-better.patch new file mode 100644 index 0000000..4c385a1 --- /dev/null +++ b/SOURCES/0039-Explain-the-logic-in-secure_mode-better.patch @@ -0,0 +1,33 @@ +From 86173dba42ad5ae002ac99cc515e60104da2245c Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 25 Jun 2014 10:46:19 -0400 +Subject: [PATCH 39/74] Explain the logic in secure_mode() better. + +I was getting confused reading it, and I wrote it, so clearly it needs +more commentry. + +Signed-off-by: Peter Jones +--- + shim.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/shim.c b/shim.c +index 72d6072..210e778 100644 +--- a/shim.c ++++ b/shim.c +@@ -499,6 +499,12 @@ static BOOLEAN secure_mode (void) + return FALSE; + } + ++ /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode", ++ * then the implementation is bad, but we assume that secure boot is ++ * enabled according to the status of "SecureBoot". If we have both ++ * of them, then "SetupMode" may tell us additional data, and we need ++ * to consider it. ++ */ + status = get_variable(L"SetupMode", &Data, &len, global_var); + if (status != EFI_SUCCESS) + return TRUE; +-- +1.9.3 + diff --git a/SOURCES/0040-Check-the-secure-variables-with-the-lib-functions.patch b/SOURCES/0040-Check-the-secure-variables-with-the-lib-functions.patch new file mode 100644 index 0000000..f8d0206 --- /dev/null +++ b/SOURCES/0040-Check-the-secure-variables-with-the-lib-functions.patch @@ -0,0 +1,106 @@ +From 868b3721159ee615a1b774645d610a13b5827e5e Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 31 Oct 2013 16:08:32 +0800 +Subject: [PATCH 40/74] Check the secure variables with the lib functions + +There are functions defined in lib to check the secure variables. +Use the functions to shun the duplicate code. + +Signed-off-by: Gary Ching-Pang Lin + +Conflicts: + shim.c +--- + lib/variables.c | 14 ++++++++++---- + shim.c | 32 ++------------------------------ + 2 files changed, 12 insertions(+), 34 deletions(-) + +diff --git a/lib/variables.c b/lib/variables.c +index 3a9735e..4c64d7e 100644 +--- a/lib/variables.c ++++ b/lib/variables.c +@@ -284,9 +284,12 @@ variable_is_setupmode(void) + /* set to 1 because we return true if SetupMode doesn't exist */ + UINT8 SetupMode = 1; + UINTN DataSize = sizeof(SetupMode); ++ EFI_STATUS status; + +- uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL, +- &DataSize, &SetupMode); ++ status = uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL, ++ &DataSize, &SetupMode); ++ if (EFI_ERROR(status)) ++ return 1; + + return SetupMode; + } +@@ -297,10 +300,13 @@ variable_is_secureboot(void) + /* return false if variable doesn't exist */ + UINT8 SecureBoot = 0; + UINTN DataSize; ++ EFI_STATUS status; + + DataSize = sizeof(SecureBoot); +- uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL, +- &DataSize, &SecureBoot); ++ status = uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL, ++ &DataSize, &SecureBoot); ++ if (EFI_ERROR(status)) ++ return 0; + + return SecureBoot; + } +diff --git a/shim.c b/shim.c +index 210e778..14fb601 100644 +--- a/shim.c ++++ b/shim.c +@@ -475,44 +475,16 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert, + + static BOOLEAN secure_mode (void) + { +- EFI_STATUS status; +- EFI_GUID global_var = EFI_GLOBAL_VARIABLE; +- UINTN len; +- UINT8 *Data; +- UINT8 sb, setupmode; +- + if (user_insecure_mode) + return FALSE; + +- status = get_variable(L"SecureBoot", &Data, &len, global_var); +- if (status != EFI_SUCCESS) { ++ if (variable_is_secureboot() != 1) { + if (verbose && !in_protocol) + console_notify(L"Secure boot not enabled"); + return FALSE; + } +- sb = *Data; +- FreePool(Data); +- +- if (sb != 1) { +- if (verbose && !in_protocol) +- console_notify(L"Secure boot not enabled"); +- return FALSE; +- } +- +- /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode", +- * then the implementation is bad, but we assume that secure boot is +- * enabled according to the status of "SecureBoot". If we have both +- * of them, then "SetupMode" may tell us additional data, and we need +- * to consider it. +- */ +- status = get_variable(L"SetupMode", &Data, &len, global_var); +- if (status != EFI_SUCCESS) +- return TRUE; +- +- setupmode = *Data; +- FreePool(Data); + +- if (setupmode == 1) { ++ if (variable_is_setupmode() == 1) { + if (verbose && !in_protocol) + console_notify(L"Platform is in setup mode"); + return FALSE; +-- +1.9.3 + diff --git a/SOURCES/0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch b/SOURCES/0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch new file mode 100644 index 0000000..c55346e --- /dev/null +++ b/SOURCES/0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch @@ -0,0 +1,84 @@ +From eb4cb6a50981f9ef4698b3847bd32e70081ab71d Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 25 Jun 2014 10:55:56 -0400 +Subject: [PATCH 41/74] Make sure we default to assuming we're locked down. + +If "SecureBoot" exists but "SetupMode" does not, assume "SetupMode" says +we're not in Setup Mode. + +Signed-off-by: Peter Jones +--- + include/variables.h | 2 +- + lib/variables.c | 8 ++++---- + shim.c | 8 +++++++- + 3 files changed, 12 insertions(+), 6 deletions(-) + +diff --git a/include/variables.h b/include/variables.h +index b207dbf..deed269 100644 +--- a/include/variables.h ++++ b/include/variables.h +@@ -50,7 +50,7 @@ SETOSIndicationsAndReboot(UINT64 indications); + int + variable_is_secureboot(void); + int +-variable_is_setupmode(void); ++variable_is_setupmode(int default_return); + EFI_STATUS + variable_enroll_hash(CHAR16 *var, EFI_GUID owner, + UINT8 hash[SHA256_DIGEST_SIZE]); +diff --git a/lib/variables.c b/lib/variables.c +index 4c64d7e..59d7d05 100644 +--- a/lib/variables.c ++++ b/lib/variables.c +@@ -139,7 +139,7 @@ SetSecureVariable(CHAR16 *var, UINT8 *Data, UINTN len, EFI_GUID owner, + /* Microsoft request: Bugs in some UEFI platforms mean that PK or any + * other secure variable can be updated or deleted programmatically, + * so prevent */ +- if (!variable_is_setupmode()) ++ if (!variable_is_setupmode(1)) + return EFI_SECURITY_VIOLATION; + + if (createtimebased) { +@@ -279,17 +279,17 @@ find_in_variable_esl(CHAR16* var, EFI_GUID owner, UINT8 *key, UINTN keylen) + } + + int +-variable_is_setupmode(void) ++variable_is_setupmode(int default_return) + { + /* set to 1 because we return true if SetupMode doesn't exist */ +- UINT8 SetupMode = 1; ++ UINT8 SetupMode = default_return; + UINTN DataSize = sizeof(SetupMode); + EFI_STATUS status; + + status = uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL, + &DataSize, &SetupMode); + if (EFI_ERROR(status)) +- return 1; ++ return default_return; + + return SetupMode; + } +diff --git a/shim.c b/shim.c +index 14fb601..fe73ec1 100644 +--- a/shim.c ++++ b/shim.c +@@ -484,7 +484,13 @@ static BOOLEAN secure_mode (void) + return FALSE; + } + +- if (variable_is_setupmode() == 1) { ++ /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode", ++ * then the implementation is bad, but we assume that secure boot is ++ * enabled according to the status of "SecureBoot". If we have both ++ * of them, then "SetupMode" may tell us additional data, and we need ++ * to consider it. ++ */ ++ if (variable_is_setupmode(0) == 1) { + if (verbose && !in_protocol) + console_notify(L"Platform is in setup mode"); + return FALSE; +-- +1.9.3 + diff --git a/SOURCES/0042-Simplify-the-checking-of-SB-and-DB-states.patch b/SOURCES/0042-Simplify-the-checking-of-SB-and-DB-states.patch new file mode 100644 index 0000000..6cb4f18 --- /dev/null +++ b/SOURCES/0042-Simplify-the-checking-of-SB-and-DB-states.patch @@ -0,0 +1,92 @@ +From e5f161147de6bea68e09f33bc294c6ab644d9a78 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 31 Oct 2013 17:32:13 +0800 +Subject: [PATCH 42/74] Simplify the checking of SB and DB states + +MokSBState and MokDBState are just 1 byte variables, so a UINT8 +local variable is sufficient to include the content. + +Signed-off-by: Gary Ching-Pang Lin + +Conflicts: + shim.c +--- + shim.c | 26 ++++++++++---------------- + 1 file changed, 10 insertions(+), 16 deletions(-) + +diff --git a/shim.c b/shim.c +index fe73ec1..ea8eba8 100644 +--- a/shim.c ++++ b/shim.c +@@ -1609,16 +1609,15 @@ static EFI_STATUS check_mok_sb (void) + { + EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; + EFI_STATUS status = EFI_SUCCESS; +- UINT8 *MokSBState = NULL; +- UINTN MokSBStateSize = 0; ++ UINT8 MokSBState; ++ UINTN MokSBStateSize = sizeof(MokSBState); + UINT32 attributes; + + user_insecure_mode = 0; + ignore_db = 0; + +- status = get_variable_attr(L"MokSBState", &MokSBState, &MokSBStateSize, +- shim_lock_guid, &attributes); +- ++ status = uefi_call_wrapper(RT->GetVariable, 5, L"MokSBState", &shim_lock_guid, ++ &attributes, &MokSBStateSize, &MokSBState); + if (status != EFI_SUCCESS) + return EFI_ACCESS_DENIED; + +@@ -1633,13 +1632,11 @@ static EFI_STATUS check_mok_sb (void) + } + status = EFI_ACCESS_DENIED; + } else { +- if (*(UINT8 *)MokSBState == 1) { ++ if (MokSBState == 1) { + user_insecure_mode = 1; + } + } + +- FreePool(MokSBState); +- + return status; + } + +@@ -1651,13 +1648,12 @@ static EFI_STATUS check_mok_db (void) + { + EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; + EFI_STATUS status = EFI_SUCCESS; +- UINT8 *MokDBState = NULL; +- UINTN MokDBStateSize = 0; ++ UINT8 MokDBState; ++ UINTN MokDBStateSize = sizeof(MokDBStateSize); + UINT32 attributes; + +- status = get_variable_attr(L"MokDBState", &MokDBState, &MokDBStateSize, +- shim_lock_guid, &attributes); +- ++ status = uefi_call_wrapper(RT->GetVariable, 5, L"MokDBState", &shim_lock_guid, ++ &attributes, &MokDBStateSize, &MokDBState); + if (status != EFI_SUCCESS) + return EFI_ACCESS_DENIED; + +@@ -1674,13 +1670,11 @@ static EFI_STATUS check_mok_db (void) + } + status = EFI_ACCESS_DENIED; + } else { +- if (*(UINT8 *)MokDBState == 1) { ++ if (MokDBState == 1) { + ignore_db = 1; + } + } + +- FreePool(MokDBState); +- + return status; + } + +-- +1.9.3 + diff --git a/SOURCES/0043-Update-openssl-to-0.9.8za.patch b/SOURCES/0043-Update-openssl-to-0.9.8za.patch new file mode 100644 index 0000000..a31ff6e --- /dev/null +++ b/SOURCES/0043-Update-openssl-to-0.9.8za.patch @@ -0,0 +1,3032 @@ +From 76f8050ff6003e6048fdc4430d8b503aff934255 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Wed, 9 Jul 2014 15:02:50 +0800 +Subject: [PATCH 43/74] Update openssl to 0.9.8za + +Also update to Tiano Cryptlib r15638 +--- + Cryptlib/Cryptlib.diff | 4 +- + Cryptlib/Include/openssl/bn.h | 11 + + Cryptlib/Include/openssl/crypto.h | 37 +- + Cryptlib/Include/openssl/ec.h | 10 +- + Cryptlib/Include/openssl/engine.h | 8 +- + Cryptlib/Include/openssl/opensslv.h | 6 +- + Cryptlib/Include/openssl/ssl.h | 13 +- + Cryptlib/Include/openssl/ssl3.h | 10 + + Cryptlib/Include/openssl/symhacks.h | 10 +- + Cryptlib/Include/openssl/tls1.h | 14 + + Cryptlib/Makefile | 6 +- + Cryptlib/OpenSSL/crypto/asn1/a_int.c | 2 +- + Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 1 + + Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 2 +- + Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 6 + + Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 5 - + Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 5 +- + Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 52 ++ + Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 46 +- + Cryptlib/OpenSSL/crypto/bn/bn_word.c | 25 +- + Cryptlib/OpenSSL/crypto/cryptlib.c | 16 + + Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 26 +- + Cryptlib/OpenSSL/crypto/ec/ec_key.c | 13 +- + Cryptlib/OpenSSL/crypto/ec/ec_lib.c | 10 +- + Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c | 11 +- + Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c | 11 +- + Cryptlib/OpenSSL/crypto/engine/eng_all.c | 6 +- + Cryptlib/OpenSSL/crypto/err/err_all.c | 2 + + Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 3 +- + Cryptlib/OpenSSL/crypto/evp/encode.c | 1 + + Cryptlib/OpenSSL/crypto/o_init.c | 14 + + Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 10 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 8 + + Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 2 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 4 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 2 +- + Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 6 +- + Cryptlib/OpenSSL/update.sh | 998 ++++++++++++----------- + Cryptlib/Pk/CryptPkcs7Sign.c | 207 +++++ + Cryptlib/Pk/CryptPkcs7SignNull.c | 59 ++ + Cryptlib/Pk/{CryptPkcs7.c => CryptPkcs7Verify.c} | 306 +++---- + Cryptlib/Pk/CryptPkcs7VerifyNull.c | 100 +++ + Cryptlib/Pk/CryptRsaExtNull.c | 125 +++ + Cryptlib/Rand/CryptRand.c | 11 +- + Cryptlib/update.sh | 9 +- + 45 files changed, 1425 insertions(+), 808 deletions(-) + create mode 100644 Cryptlib/Pk/CryptPkcs7Sign.c + create mode 100644 Cryptlib/Pk/CryptPkcs7SignNull.c + rename Cryptlib/Pk/{CryptPkcs7.c => CryptPkcs7Verify.c} (74%) + create mode 100644 Cryptlib/Pk/CryptPkcs7VerifyNull.c + create mode 100644 Cryptlib/Pk/CryptRsaExtNull.c + +diff --git a/Cryptlib/Cryptlib.diff b/Cryptlib/Cryptlib.diff +index 9663d90..a2f49d6 100644 +--- a/Cryptlib/Cryptlib.diff ++++ b/Cryptlib/Cryptlib.diff +@@ -6,8 +6,8 @@ index 68bc25a..1abe78e 100644 + // BUG: hardcode OldSize == size! We have no any knowledge about + // memory size of original pointer ptr. + // +-- return ReallocatePool ((UINTN)size, (UINTN)size, ptr); +-+ return ReallocatePool (ptr, (UINTN)size, (UINTN)size); ++- return ReallocatePool ((UINTN) size, (UINTN) size, ptr); +++ return ReallocatePool (ptr, (UINTN) size, (UINTN) size); + } + + /* De-allocates or frees a memory block */ +diff --git a/Cryptlib/Include/openssl/bn.h b/Cryptlib/Include/openssl/bn.h +index f1719a5..688a4e7 100644 +--- a/Cryptlib/Include/openssl/bn.h ++++ b/Cryptlib/Include/openssl/bn.h +@@ -511,6 +511,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, + BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); + ++void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); ++ + /* Deprecated versions */ + #ifndef OPENSSL_NO_DEPRECATED + BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, +@@ -740,11 +742,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); + + #define bn_fix_top(a) bn_check_top(a) + ++#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) ++#define bn_wcheck_size(bn, words) \ ++ do { \ ++ const BIGNUM *_bnum2 = (bn); \ ++ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ ++ } while(0) ++ + #else /* !BN_DEBUG */ + + #define bn_pollute(a) + #define bn_check_top(a) + #define bn_fix_top(a) bn_correct_top(a) ++#define bn_check_size(bn, bits) ++#define bn_wcheck_size(bn, words) + + #endif + +diff --git a/Cryptlib/Include/openssl/crypto.h b/Cryptlib/Include/openssl/crypto.h +index fc1374f..ac0c949 100644 +--- a/Cryptlib/Include/openssl/crypto.h ++++ b/Cryptlib/Include/openssl/crypto.h +@@ -235,15 +235,15 @@ typedef struct openssl_item_st + #ifndef OPENSSL_NO_LOCKING + #ifndef CRYPTO_w_lock + #define CRYPTO_w_lock(type) \ +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) + #define CRYPTO_w_unlock(type) \ +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) + #define CRYPTO_r_lock(type) \ +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) + #define CRYPTO_r_unlock(type) \ +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) + #define CRYPTO_add(addr,amount,type) \ +- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) ++ CRYPTO_add_lock(addr,amount,type,NULL,0) + #endif + #else + #define CRYPTO_w_lock(a) +@@ -361,19 +361,19 @@ int CRYPTO_is_mem_check_on(void); + #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) + #define is_MemCheck_on() CRYPTO_is_mem_check_on() + +-#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) +-#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) ++#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) ++#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) + #define OPENSSL_realloc(addr,num) \ +- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) ++ CRYPTO_realloc((char *)addr,(int)num,NULL,0) + #define OPENSSL_realloc_clean(addr,old_num,num) \ +- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) ++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0) + #define OPENSSL_remalloc(addr,num) \ +- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) ++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0) + #define OPENSSL_freeFunc CRYPTO_free + #define OPENSSL_free(addr) CRYPTO_free(addr) + + #define OPENSSL_malloc_locked(num) \ +- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) ++ CRYPTO_malloc_locked((int)num,NULL,0) + #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) + + +@@ -487,7 +487,7 @@ void CRYPTO_set_mem_debug_options(long bits); + long CRYPTO_get_mem_debug_options(void); + + #define CRYPTO_push_info(info) \ +- CRYPTO_push_info_(info, __FILE__, __LINE__); ++ CRYPTO_push_info_(info, NULL, 0); + int CRYPTO_push_info_(const char *info, const char *file, int line); + int CRYPTO_pop_info(void); + int CRYPTO_remove_all_info(void); +@@ -528,17 +528,17 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); + + /* die if we have to */ + void OpenSSLDie(const char *file,int line,const char *assertion); +-#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) ++#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1)) + + unsigned long *OPENSSL_ia32cap_loc(void); + #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) + int OPENSSL_isservice(void); + + #ifdef OPENSSL_FIPS +-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ ++#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \ + alg " previous FIPS forbidden algorithm error ignored"); + +-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ ++#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \ + #alg " Algorithm forbidden in FIPS mode"); + + #ifdef OPENSSL_FIPS_STRICT +@@ -591,6 +591,13 @@ int OPENSSL_isservice(void); + #define OPENSSL_HAVE_INIT 1 + void OPENSSL_init(void); + ++/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It ++ * takes an amount of time dependent on |len|, but independent of the contents ++ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a ++ * defined order as the return value when a != b is undefined, other than to be ++ * non-zero. */ ++int CRYPTO_memcmp(const void *a, const void *b, size_t len); ++ + /* BEGIN ERROR CODES */ + /* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. +diff --git a/Cryptlib/Include/openssl/ec.h b/Cryptlib/Include/openssl/ec.h +index 8bc2a23..367307f 100644 +--- a/Cryptlib/Include/openssl/ec.h ++++ b/Cryptlib/Include/openssl/ec.h +@@ -321,7 +321,15 @@ void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t); + /* functions to set/get method specific data */ + void *EC_KEY_get_key_method_data(EC_KEY *, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +-void EC_KEY_insert_key_method_data(EC_KEY *, void *data, ++/** Sets the key method data of an EC_KEY object, if none has yet been set. ++ * \param key EC_KEY object ++ * \param data opaque data to install. ++ * \param dup_func a function that duplicates |data|. ++ * \param free_func a function that frees |data|. ++ * \param clear_free_func a function that wipes and frees |data|. ++ * \return the previously set data pointer, or NULL if |data| was inserted. ++ */ ++void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); + /* wrapper functions for the underlying EC_GROUP object */ + void EC_KEY_set_asn1_flag(EC_KEY *, int); +diff --git a/Cryptlib/Include/openssl/engine.h b/Cryptlib/Include/openssl/engine.h +index d4bc1ef..b4e0444 100644 +--- a/Cryptlib/Include/openssl/engine.h ++++ b/Cryptlib/Include/openssl/engine.h +@@ -335,15 +335,15 @@ void ENGINE_load_gmp(void); + void ENGINE_load_nuron(void); + void ENGINE_load_sureware(void); + void ENGINE_load_ubsec(void); +-#endif +-void ENGINE_load_cryptodev(void); +-void ENGINE_load_padlock(void); +-void ENGINE_load_builtin_engines(void); + #ifdef OPENSSL_SYS_WIN32 + #ifndef OPENSSL_NO_CAPIENG + void ENGINE_load_capi(void); + #endif + #endif ++#endif ++void ENGINE_load_cryptodev(void); ++void ENGINE_load_padlock(void); ++void ENGINE_load_builtin_engines(void); + + /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation + * "registry" handling. */ +diff --git a/Cryptlib/Include/openssl/opensslv.h b/Cryptlib/Include/openssl/opensslv.h +index 4a5a5ae..e5ab5c4 100644 +--- a/Cryptlib/Include/openssl/opensslv.h ++++ b/Cryptlib/Include/openssl/opensslv.h +@@ -25,11 +25,11 @@ + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-#define OPENSSL_VERSION_NUMBER 0x0090817fL ++#define OPENSSL_VERSION_NUMBER 0x009081afL + #ifdef OPENSSL_FIPS +-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w-fips 23 Apr 2012" ++#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-fips 5 Jun 2014" + #else +-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w 23 Apr 2012" ++#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za 5 Jun 2014" + #endif + #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT + +diff --git a/Cryptlib/Include/openssl/ssl.h b/Cryptlib/Include/openssl/ssl.h +index eb50e14..5f2a04e 100644 +--- a/Cryptlib/Include/openssl/ssl.h ++++ b/Cryptlib/Include/openssl/ssl.h +@@ -490,11 +490,14 @@ typedef struct ssl_session_st + #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L + #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L + #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L +-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ ++#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L + #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L + #define SSL_OP_TLS_D5_BUG 0x00000100L + #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L + ++/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ ++#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 ++ + /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added + * in OpenSSL 0.9.6d. Usually (depending on the application protocol) + * the workaround is not needed. Unfortunately some broken SSL/TLS +@@ -1204,6 +1207,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE + #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME + #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE ++#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE ++#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ + + #define SSL_ERROR_NONE 0 + #define SSL_ERROR_SSL 1 +@@ -1820,6 +1825,7 @@ void ERR_load_SSL_strings(void); + #define SSL_F_SSL_GET_NEW_SESSION 181 + #define SSL_F_SSL_GET_PREV_SESSION 217 + #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 ++#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 + #define SSL_F_SSL_GET_SIGN_PKEY 183 + #define SSL_F_SSL_INIT_WBIO_BUFFER 184 + #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +@@ -2073,6 +2079,11 @@ void ERR_load_SSL_strings(void); + #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 + #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 + #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 ++#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 ++#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 ++#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 ++#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 ++#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 + #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 + #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 + #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 +diff --git a/Cryptlib/Include/openssl/ssl3.h b/Cryptlib/Include/openssl/ssl3.h +index b9a85ef..de5e559 100644 +--- a/Cryptlib/Include/openssl/ssl3.h ++++ b/Cryptlib/Include/openssl/ssl3.h +@@ -333,6 +333,7 @@ typedef struct ssl3_buffer_st + #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 + #define SSL3_FLAGS_POP_BUFFER 0x0004 + #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 ++#define SSL3_FLAGS_CCS_OK 0x0080 + + /* SSL3_FLAGS_SGC_RESTART_DONE is set when we + * restart a handshake because of MS SGC and so prevents us +@@ -460,6 +461,15 @@ typedef struct ssl3_state_st + unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_server_finished_len; + int send_connection_binding; /* TODOEKR */ ++ ++#ifndef OPENSSL_NO_TLSEXT ++#ifndef OPENSSL_NO_EC ++ /* This is set to true if we believe that this is a version of Safari ++ * running on OS X 10.6 or newer. We wish to know this because Safari ++ * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ ++ char is_probably_safari; ++#endif /* !OPENSSL_NO_EC */ ++#endif /* !OPENSSL_NO_TLSEXT */ + } SSL3_STATE; + + +diff --git a/Cryptlib/Include/openssl/symhacks.h b/Cryptlib/Include/openssl/symhacks.h +index 0114093..c540771 100644 +--- a/Cryptlib/Include/openssl/symhacks.h ++++ b/Cryptlib/Include/openssl/symhacks.h +@@ -252,15 +252,15 @@ + #define EC_POINT_set_compressed_coordinates_GF2m \ + EC_POINT_set_compr_coords_GF2m + #undef ec_GF2m_simple_group_clear_finish +-#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish ++#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish + #undef ec_GF2m_simple_group_check_discriminant + #define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim + #undef ec_GF2m_simple_point_clear_finish +-#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish ++#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish + #undef ec_GF2m_simple_point_set_to_infinity +-#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf ++#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf + #undef ec_GF2m_simple_points_make_affine +-#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine ++#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine + #undef ec_GF2m_simple_point_set_affine_coordinates + #define ec_GF2m_simple_point_set_affine_coordinates \ + ec_GF2m_smp_pt_set_af_coords +@@ -288,8 +288,6 @@ + #define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf + #undef ec_GFp_simple_points_make_affine + #define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine +-#undef ec_GFp_simple_group_get_curve_GFp +-#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp + #undef ec_GFp_simple_set_Jprojective_coordinates_GFp + #define ec_GFp_simple_set_Jprojective_coordinates_GFp \ + ec_GFp_smp_set_Jproj_coords_GFp +diff --git a/Cryptlib/Include/openssl/tls1.h b/Cryptlib/Include/openssl/tls1.h +index afe4807..47f25af 100644 +--- a/Cryptlib/Include/openssl/tls1.h ++++ b/Cryptlib/Include/openssl/tls1.h +@@ -80,10 +80,24 @@ extern "C" { + + #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 + ++#define TLS1_2_VERSION 0x0303 ++#define TLS1_2_VERSION_MAJOR 0x03 ++#define TLS1_2_VERSION_MINOR 0x03 ++ ++#define TLS1_1_VERSION 0x0302 ++#define TLS1_1_VERSION_MAJOR 0x03 ++#define TLS1_1_VERSION_MINOR 0x02 ++ + #define TLS1_VERSION 0x0301 + #define TLS1_VERSION_MAJOR 0x03 + #define TLS1_VERSION_MINOR 0x01 + ++#define TLS1_get_version(s) \ ++ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) ++ ++#define TLS1_get_client_version(s) \ ++ ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) ++ + #define TLS1_AD_DECRYPTION_FAILED 21 + #define TLS1_AD_RECORD_OVERFLOW 22 + #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ +diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile +index d24e59e..678baac 100644 +--- a/Cryptlib/Makefile ++++ b/Cryptlib/Makefile +@@ -30,7 +30,11 @@ OBJS = Hash/CryptMd4.o \ + Rand/CryptRand.o \ + Pk/CryptRsaBasic.o \ + Pk/CryptRsaExt.o \ +- Pk/CryptPkcs7.o \ ++ Pk/CryptRsaExtNull.o \ ++ Pk/CryptPkcs7Sign.o \ ++ Pk/CryptPkcs7SignNull.o \ ++ Pk/CryptPkcs7Verify.o \ ++ Pk/CryptPkcs7VerifyNull.o \ + Pk/CryptDh.o \ + Pk/CryptX509.o \ + Pk/CryptAuthenticode.o \ +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c +index f551bdb..ee26c31 100755 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_int.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_int.c +@@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) + int pad=0,ret,i,neg; + unsigned char *p,*n,pb=0; + +- if ((a == NULL) || (a->data == NULL)) return(0); ++ if (a == NULL) return(0); + neg=a->type & V_ASN1_NEG; + if (a->length == 0) + ret=1; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +index 264ebf2..ead37ac 100755 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +@@ -567,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) + if(mbflag == -1) return -1; + mbflag |= MBSTRING_FLAG; + stmp.data = NULL; ++ stmp.length = 0; + ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); + if(ret < 0) return ret; + *out = stmp.data; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +index b68ae43..9b7d688 100755 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +@@ -75,7 +75,7 @@ static int table_cmp(const void *a, const void *b); + * certain software (e.g. Netscape) has problems with them. + */ + +-static unsigned long global_mask = 0xFFFFFFFFL; ++static unsigned long global_mask = B_ASN1_UTF8STRING; + + void ASN1_STRING_set_default_mask(unsigned long mask) + { +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +index da3efaa..7ded69b 100755 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +@@ -138,6 +138,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat + unsigned char *buf_in=NULL; + int ret= -1,i,inl; + ++ if (!pkey) ++ { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); ++ return -1; ++ } ++ + EVP_MD_CTX_init(&ctx); + i=OBJ_obj2nid(a->algorithm); + type=EVP_get_digestbyname(OBJ_nid2sn(i)); +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +index afb95d6..bc23f56 100755 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +@@ -208,11 +208,6 @@ int DSA_print(BIO *bp, const DSA *x, int off) + + if (x->p) + buf_len = (size_t)BN_num_bytes(x->p); +- else +- { +- DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS); +- goto err; +- } + if (x->q) + if (buf_len < (i = (size_t)BN_num_bytes(x->q))) + buf_len = i; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +index 94d9f7e..bc8a7bf 100755 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +@@ -371,12 +371,15 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) + CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); + if (key->pkey) + { ++ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + EVP_PKEY_free(ret); + ret = key->pkey; + } + else ++ { + key->pkey = ret; +- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); ++ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); ++ } + CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); + return(ret); + err: +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +index 32a8fba..b66f507 100755 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +@@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, + } + return bn_cmp_words(a,b,cl); + } ++ ++/* ++ * Constant-time conditional swap of a and b. ++ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. ++ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, ++ * and that no more than nwords are used by either a or b. ++ * a and b cannot be the same number ++ */ ++void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) ++ { ++ BN_ULONG t; ++ int i; ++ ++ bn_wcheck_size(a, nwords); ++ bn_wcheck_size(b, nwords); ++ ++ assert(a != b); ++ assert((condition & (condition - 1)) == 0); ++ assert(sizeof(BN_ULONG) >= sizeof(int)); ++ ++ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; ++ ++ t = (a->top^b->top) & condition; ++ a->top ^= t; ++ b->top ^= t; ++ ++#define BN_CONSTTIME_SWAP(ind) \ ++ do { \ ++ t = (a->d[ind] ^ b->d[ind]) & condition; \ ++ a->d[ind] ^= t; \ ++ b->d[ind] ^= t; \ ++ } while (0) ++ ++ ++ switch (nwords) { ++ default: ++ for (i = 10; i < nwords; i++) ++ BN_CONSTTIME_SWAP(i); ++ /* Fallthrough */ ++ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ ++ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ ++ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ ++ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ ++ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ ++ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ ++ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ ++ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ ++ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ ++ case 1: BN_CONSTTIME_SWAP(0); ++ } ++#undef BN_CONSTTIME_SWAP ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +index 4799b15..27cafb1 100755 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +@@ -701,32 +701,38 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) + BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx) + { +- int got_write_lock = 0; + BN_MONT_CTX *ret; + + CRYPTO_r_lock(lock); +- if (!*pmont) ++ ret = *pmont; ++ CRYPTO_r_unlock(lock); ++ if (ret) ++ return ret; ++ ++ /* We don't want to serialise globally while doing our lazy-init math in ++ * BN_MONT_CTX_set. That punishes threads that are doing independent ++ * things. Instead, punish the case where more than one thread tries to ++ * lazy-init the same 'pmont', by having each do the lazy-init math work ++ * independently and only use the one from the thread that wins the race ++ * (the losers throw away the work they've done). */ ++ ret = BN_MONT_CTX_new(); ++ if (!ret) ++ return NULL; ++ if (!BN_MONT_CTX_set(ret, mod, ctx)) + { +- CRYPTO_r_unlock(lock); +- CRYPTO_w_lock(lock); +- got_write_lock = 1; ++ BN_MONT_CTX_free(ret); ++ return NULL; ++ } + +- if (!*pmont) +- { +- ret = BN_MONT_CTX_new(); +- if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) +- BN_MONT_CTX_free(ret); +- else +- *pmont = ret; +- } ++ /* The locked compare-and-set, after the local work is done. */ ++ CRYPTO_w_lock(lock); ++ if (*pmont) ++ { ++ BN_MONT_CTX_free(ret); ++ ret = *pmont; + } +- +- ret = *pmont; +- +- if (got_write_lock) +- CRYPTO_w_unlock(lock); + else +- CRYPTO_r_unlock(lock); +- ++ *pmont = ret; ++ CRYPTO_w_unlock(lock); + return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c +index ee7b87c..de83a15 100755 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_word.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_word.c +@@ -144,26 +144,17 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) + a->neg=!(a->neg); + return(i); + } +- /* Only expand (and risk failing) if it's possibly necessary */ +- if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) && +- (bn_wexpand(a,a->top+1) == NULL)) +- return(0); +- i=0; +- for (;;) ++ for (i=0;w!=0 && itop;i++) + { +- if (i >= a->top) +- l=w; +- else +- l=(a->d[i]+w)&BN_MASK2; +- a->d[i]=l; +- if (w > l) +- w=1; +- else +- break; +- i++; ++ a->d[i] = l = (a->d[i]+w)&BN_MASK2; ++ w = (w>l)?1:0; + } +- if (i >= a->top) ++ if (w && i==a->top) ++ { ++ if (bn_wexpand(a,a->top+1) == NULL) return 0; + a->top++; ++ a->d[i]=w; ++ } + bn_check_top(a); + return(1); + } +diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c +index dd74ea8..dec3286 100755 +--- a/Cryptlib/OpenSSL/crypto/cryptlib.c ++++ b/Cryptlib/OpenSSL/crypto/cryptlib.c +@@ -542,3 +542,19 @@ void OpenSSLDie(const char *file,int line,const char *assertion) + } + + void *OPENSSL_stderr(void) { return stderr; } ++ ++#ifndef OPENSSL_FIPS ++ ++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) ++ { ++ size_t i; ++ const unsigned char *a = in_a; ++ const unsigned char *b = in_b; ++ unsigned char x = 0; ++ ++ for (i = 0; i < len; i++) ++ x |= a[i] ^ b[i]; ++ ++ return x; ++ } ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c +index 7dca5e4..6b570a3 100755 +--- a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c +@@ -208,9 +208,12 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG + + /* Computes scalar*point and stores the result in r. + * point can not equal r. +- * Uses algorithm 2P of ++ * Uses a modified algorithm 2P of + * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation". ++ * ++ * To protect against side-channel attack the function uses constant time ++ * swap avoiding conditional branches. + */ + static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + const EC_POINT *point, BN_CTX *ctx) +@@ -244,6 +247,11 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, + x2 = &r->X; + z2 = &r->Y; + ++ bn_wexpand(x1, group->field.top); ++ bn_wexpand(z1, group->field.top); ++ bn_wexpand(x2, group->field.top); ++ bn_wexpand(z2, group->field.top); ++ + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ + if (!BN_one(z1)) goto err; /* z1 = 1 */ + if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ +@@ -266,16 +274,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, + { + for (; j >= 0; j--) + { +- if (scalar->d[i] & mask) +- { +- if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; +- if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; +- } +- else +- { +- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; +- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; +- } ++ BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); ++ BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); ++ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; ++ if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; ++ BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); ++ BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); + mask >>= 1; + } + j = BN_BITS2 - 1; +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c +index 522802c..6c933d2 100755 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_key.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_key.c +@@ -435,18 +435,27 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) + void *EC_KEY_get_key_method_data(EC_KEY *key, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { +- return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); ++ void *ret; ++ ++ CRYPTO_r_lock(CRYPTO_LOCK_EC); ++ ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); ++ CRYPTO_r_unlock(CRYPTO_LOCK_EC); ++ ++ return ret; + } + +-void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, ++void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + EC_EXTRA_DATA *ex_data; ++ + CRYPTO_w_lock(CRYPTO_LOCK_EC); + ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); + if (ex_data == NULL) + EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); + CRYPTO_w_unlock(CRYPTO_LOCK_EC); ++ ++ return ex_data; + } + + void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +index 5af8437..bbf2799 100755 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +@@ -480,10 +480,10 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) + if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != + EC_METHOD_get_field_type(EC_GROUP_method_of(b))) + return 1; +- /* compare the curve name (if present) */ ++ /* compare the curve name (if present in both) */ + if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && +- EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b)) +- return 0; ++ EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) ++ return 1; + + if (!ctx) + ctx_new = ctx = BN_CTX_new(); +@@ -1061,12 +1061,12 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN + if (group->meth->point_cmp == 0) + { + ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; ++ return -1; + } + if ((group->meth != a->meth) || (a->meth != b->meth)) + { + ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; ++ return -1; + } + return group->meth->point_cmp(group, a, b, ctx); + } +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c +index bf22234..f9ba5fb 100755 +--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c +@@ -205,8 +205,15 @@ ECDH_DATA *ecdh_check(EC_KEY *key) + ecdh_data = (ECDH_DATA *)ecdh_data_new(); + if (ecdh_data == NULL) + return NULL; +- EC_KEY_insert_key_method_data(key, (void *)ecdh_data, +- ecdh_data_dup, ecdh_data_free, ecdh_data_free); ++ data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, ++ ecdh_data_dup, ecdh_data_free, ecdh_data_free); ++ if (data != NULL) ++ { ++ /* Another thread raced us to install the key_method ++ * data and won. */ ++ ecdh_data_free(ecdh_data); ++ ecdh_data = (ECDH_DATA *)data; ++ } + } + else + ecdh_data = (ECDH_DATA *)data; +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c +index 2ebae3a..81082c9 100755 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c +@@ -188,8 +188,15 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key) + ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); + if (ecdsa_data == NULL) + return NULL; +- EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, +- ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); ++ data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, ++ ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); ++ if (data != NULL) ++ { ++ /* Another thread raced us to install the key_method ++ * data and won. */ ++ ecdsa_data_free(ecdsa_data); ++ ecdsa_data = (ECDSA_DATA *)data; ++ } + } + else + ecdsa_data = (ECDSA_DATA *)data; +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c +index f29c167..8a1b9c7 100755 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_all.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_all.c +@@ -102,14 +102,14 @@ void ENGINE_load_builtin_engines(void) + #if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) + ENGINE_load_gmp(); + #endif ++#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) ++ ENGINE_load_capi(); ++#endif + #endif + #ifndef OPENSSL_NO_HW + #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) + ENGINE_load_cryptodev(); + #endif +-#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) +- ENGINE_load_capi(); +-#endif + #endif + } + +diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c +index 39796f7..0429389 100755 +--- a/Cryptlib/OpenSSL/crypto/err/err_all.c ++++ b/Cryptlib/OpenSSL/crypto/err/err_all.c +@@ -104,7 +104,9 @@ + #ifndef OPENSSL_NO_JPAKE + #include + #endif ++#ifndef OPENSSL_NO_COMP + #include ++#endif + + void ERR_load_crypto_strings(void) + { +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +index 72a2a67..16863fe 100755 +--- a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c ++++ b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +@@ -226,6 +226,7 @@ static int b64_read(BIO *b, char *out, int outl) + else if (ctx->start) + { + q=p=(unsigned char *)ctx->tmp; ++ num = 0; + for (j=0; j v) { rv=-1; goto end; } + ret+=(v-eof); + } + else +diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c +index d767a90..c89fda5 100755 +--- a/Cryptlib/OpenSSL/crypto/o_init.c ++++ b/Cryptlib/OpenSSL/crypto/o_init.c +@@ -93,4 +93,18 @@ void OPENSSL_init(void) + #endif + } + ++#ifdef OPENSSL_FIPS ++ ++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) ++ { ++ size_t i; ++ const unsigned char *a = in_a; ++ const unsigned char *b = in_b; ++ unsigned char x = 0; + ++ for (i = 0; i < len; i++) ++ x |= a[i] ^ b[i]; ++ ++ return x; ++ } ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +index 4a0c387..f24080f 100755 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +@@ -91,9 +91,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + { + EVP_PKEY *skey; + skey = X509_get_pubkey(signer); +- ret = OCSP_BASICRESP_verify(bs, skey, 0); +- EVP_PKEY_free(skey); +- if(ret <= 0) ++ if (skey) ++ { ++ ret = OCSP_BASICRESP_verify(bs, skey, 0); ++ EVP_PKEY_free(skey); ++ } ++ if(!skey || ret <= 0) + { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); + goto end; +@@ -108,6 +111,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); + if(!init_res) + { ++ ret = -1; + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); + goto end; + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +index 9522342..3ef3be1 100755 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +@@ -100,7 +100,11 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else + #endif ++#ifdef OPENSSL_NO_RC2 ++ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; ++#else + nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; ++#endif + } + if (!nid_key) + nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; +@@ -290,7 +294,11 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + free_safes = 0; + + if (nid_safe == 0) ++#ifdef OPENSSL_NO_RC2 ++ nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; ++#else + nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; ++#endif + + if (nid_safe == -1) + p7 = PKCS12_pack_p7data(bags); +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +index 5c4c6ec..bdbbbec 100755 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +@@ -261,7 +261,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, + int len, r; + unsigned char *data; + len = ASN1_STRING_to_UTF8(&data, fname); +- if(len > 0) { ++ if(len >= 0) { + r = X509_alias_set1(x509, data, len); + OPENSSL_free(data); + if (!r) +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +index b0ff89a..49b450d 100755 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +@@ -290,8 +290,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + + bufsiz = 4096; + buf = OPENSSL_malloc (bufsiz); +- if (buf == NULL) { +- goto err; ++ if (buf == NULL) { ++ goto err; + } + + /* We now have to 'read' from p7bio to calculate digests etc. */ +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +index 546ae5f..b8e3edc 100755 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +@@ -143,7 +143,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + + EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); + +- if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) ++ if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) + goto decoding_err; + else + { +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +index af12520..b87617a 100755 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +@@ -386,11 +386,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) + + static int check_chain_extensions(X509_STORE_CTX *ctx) + { +-#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI) +- /* +- NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting +- in Authenticode Signing Certificates. +- */ ++#ifdef OPENSSL_NO_CHAIN_VERIFY + return 1; + #else + int i, ok=0, must_be_ca, plen = 0; +diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh +index cb25ccd..95875e7 100755 +--- a/Cryptlib/OpenSSL/update.sh ++++ b/Cryptlib/OpenSSL/update.sh +@@ -1,499 +1,501 @@ + #/bin/sh +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/e_os.h e_os.h +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cryptlib.c crypto/cryptlib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dyn_lck.c crypto/dyn_lck.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem.c crypto/mem.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem_clr.c crypto/mem_clr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem_dbg.c crypto/mem_dbg.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cversion.c crypto/cversion.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ex_data.c crypto/ex_data.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cpt_err.c crypto/cpt_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ebcdic.c crypto/ebcdic.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/uid.c crypto/uid.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_time.c crypto/o_time.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_str.c crypto/o_str.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_dir.c crypto/o_dir.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_init.c crypto/o_init.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/fips_err.c crypto/fips_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md2/md2_one.c crypto/md2/md2_one.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md4/md4_one.c crypto/md4/md4_one.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md5/md5_one.c crypto/md5/md5_one.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha_one.c crypto/sha/sha_one.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha1_one.c crypto/sha/sha1_one.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha256.c crypto/sha/sha256.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha512.c crypto/sha/sha512.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/hmac/hmac.c crypto/hmac/hmac.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_lib.c crypto/des/des_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/set_key.c crypto/des/set_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ecb_enc.c crypto/des/ecb_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cbc_enc.c crypto/des/cbc_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb64enc.c crypto/des/cfb64enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb64ede.c crypto/des/cfb64ede.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb_enc.c crypto/des/cfb_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb64ede.c crypto/des/ofb64ede.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/enc_read.c crypto/des/enc_read.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/enc_writ.c crypto/des/enc_writ.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb64enc.c crypto/des/ofb64enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb_enc.c crypto/des/ofb_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/str2key.c crypto/des/str2key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/qud_cksm.c crypto/des/qud_cksm.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/rand_key.c crypto/des/rand_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_enc.c crypto/des/des_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/fcrypt.c crypto/des/fcrypt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/rpc_enc.c crypto/des/rpc_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_old.c crypto/des/des_old.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_old2.c crypto/des/des_old2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/read2pwd.c crypto/des/read2pwd.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_cbc.c crypto/idea/i_cbc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_ecb.c crypto/idea/i_ecb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_skey.c crypto/idea/i_skey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_skey.c crypto/bf/bf_skey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_enc.c crypto/bf/bf_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_skey.c crypto/cast/c_skey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_ecb.c crypto/cast/c_ecb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_enc.c crypto/cast/c_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_misc.c crypto/aes/aes_misc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ige.c crypto/aes/aes_ige.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_core.c crypto/aes/aes_core.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_add.c crypto/bn/bn_add.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_div.c crypto/bn/bn_div.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_exp.c crypto/bn/bn_exp.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_lib.c crypto/bn/bn_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mul.c crypto/bn/bn_mul.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mod.c crypto/bn/bn_mod.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_print.c crypto/bn/bn_print.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_rand.c crypto/bn/bn_rand.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_shift.c crypto/bn/bn_shift.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_word.c crypto/bn/bn_word.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_blind.c crypto/bn/bn_blind.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_kron.c crypto/bn/bn_kron.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_prime.c crypto/bn/bn_prime.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_err.c crypto/bn/bn_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_asm.c crypto/bn/bn_asm.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_recp.c crypto/bn/bn_recp.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mont.c crypto/bn/bn_mont.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_nist.c crypto/bn/bn_nist.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_depr.c crypto/bn/bn_depr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_const.c crypto/bn/bn_const.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_opt.c crypto/bn/bn_opt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_dl.c crypto/dso/dso_dl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_err.c crypto/dso/dso_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_lib.c crypto/dso/dso_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_null.c crypto/dso/dso_null.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_win32.c crypto/dso/dso_win32.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_vms.c crypto/dso/dso_vms.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_gen.c crypto/dh/dh_gen.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_key.c crypto/dh/dh_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_lib.c crypto/dh/dh_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_check.c crypto/dh/dh_check.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_err.c crypto/dh/dh_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_depr.c crypto/dh/dh_depr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_lib.c crypto/ec/ec_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_mult.c crypto/ec/ec_mult.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_err.c crypto/ec/ec_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_curve.c crypto/ec/ec_curve.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_check.c crypto/ec/ec_check.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_print.c crypto/ec/ec_print.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_key.c crypto/ec/ec_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buffer.c crypto/buffer/buffer.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buf_str.c crypto/buffer/buf_str.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buf_err.c crypto/buffer/buf_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_lib.c crypto/bio/bio_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_cb.c crypto/bio/bio_cb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_err.c crypto/bio/bio_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_mem.c crypto/bio/bss_mem.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_null.c crypto/bio/bss_null.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_fd.c crypto/bio/bss_fd.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_file.c crypto/bio/bss_file.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_null.c crypto/bio/bf_null.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_buff.c crypto/bio/bf_buff.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/b_dump.c crypto/bio/b_dump.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_log.c crypto/bio/bss_log.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_bio.c crypto/bio/bss_bio.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/stack/stack.c crypto/stack/stack.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/lhash/lhash.c crypto/lhash/lhash.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/md_rand.c crypto/rand/md_rand.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/randfile.c crypto/rand/randfile.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_lib.c crypto/rand/rand_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_eng.c crypto/rand/rand_eng.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_err.c crypto/rand/rand_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_egd.c crypto/rand/rand_egd.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_win.c crypto/rand/rand_win.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_unix.c crypto/rand/rand_unix.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_os2.c crypto/rand/rand_os2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_nw.c crypto/rand/rand_nw.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err.c crypto/err/err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_def.c crypto/err/err_def.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_all.c crypto/err/err_all.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_prn.c crypto/err/err_prn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_str.c crypto/err/err_str.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_bio.c crypto/err/err_bio.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/o_names.c crypto/objects/o_names.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_dat.c crypto/objects/obj_dat.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_lib.c crypto/objects/obj_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_err.c crypto/objects/obj_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/encode.c crypto/evp/encode.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/digest.c crypto/evp/digest.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/dig_eng.c crypto/evp/dig_eng.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_enc.c crypto/evp/evp_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_key.c crypto/evp/evp_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_des.c crypto/evp/e_des.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_bf.c crypto/evp/e_bf.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_idea.c crypto/evp/e_idea.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_des3.c crypto/evp/e_des3.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc4.c crypto/evp/e_rc4.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_aes.c crypto/evp/e_aes.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/names.c crypto/evp/names.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc2.c crypto/evp/e_rc2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_cast.c crypto/evp/e_cast.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc5.c crypto/evp/e_rc5.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/enc_min.c crypto/evp/enc_min.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_null.c crypto/evp/m_null.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md2.c crypto/evp/m_md2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md4.c crypto/evp/m_md4.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md5.c crypto/evp/m_md5.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_sha.c crypto/evp/m_sha.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_sha1.c crypto/evp/m_sha1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_dss.c crypto/evp/m_dss.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_dss1.c crypto/evp/m_dss1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_open.c crypto/evp/p_open.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_seal.c crypto/evp/p_seal.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_sign.c crypto/evp/p_sign.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_verify.c crypto/evp/p_verify.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_lib.c crypto/evp/p_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_enc.c crypto/evp/p_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_dec.c crypto/evp/p_dec.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_md.c crypto/evp/bio_md.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_b64.c crypto/evp/bio_b64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_enc.c crypto/evp/bio_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_err.c crypto/evp/evp_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_null.c crypto/evp/e_null.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_all.c crypto/evp/c_all.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_allc.c crypto/evp/c_allc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_alld.c crypto/evp/c_alld.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_lib.c crypto/evp/evp_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_ok.c crypto/evp/bio_ok.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_old.c crypto/evp/e_old.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_object.c crypto/asn1/a_object.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_time.c crypto/asn1/a_time.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_int.c crypto/asn1/a_int.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_octet.c crypto/asn1/a_octet.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_print.c crypto/asn1/a_print.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_type.c crypto/asn1/a_type.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_set.c crypto/asn1/a_set.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_dup.c crypto/asn1/a_dup.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_enum.c crypto/asn1/a_enum.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_sign.c crypto/asn1/a_sign.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_digest.c crypto/asn1/a_digest.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_verify.c crypto/asn1/a_verify.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_strex.c crypto/asn1/a_strex.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_algor.c crypto/asn1/x_algor.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_val.c crypto/asn1/x_val.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_sig.c crypto/asn1/x_sig.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_req.c crypto/asn1/x_req.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_long.c crypto/asn1/x_long.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_name.c crypto/asn1/x_name.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_x509.c crypto/asn1/x_x509.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_crl.c crypto/asn1/x_crl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_info.c crypto/asn1/x_info.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_spki.c crypto/asn1/x_spki.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/nsseq.c crypto/asn1/nsseq.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_req.c crypto/asn1/t_req.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_x509.c crypto/asn1/t_x509.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_crl.c crypto/asn1/t_crl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_spki.c crypto/asn1/t_spki.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_int.c crypto/asn1/f_int.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_string.c crypto/asn1/f_string.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_enum.c crypto/asn1/f_enum.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bool.c crypto/asn1/a_bool.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_exten.c crypto/asn1/x_exten.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_meth.c crypto/asn1/a_meth.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_sign.c crypto/pem/pem_sign.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_seal.c crypto/pem/pem_seal.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_info.c crypto/pem/pem_info.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_lib.c crypto/pem/pem_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_all.c crypto/pem/pem_all.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_err.c crypto/pem/pem_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_x509.c crypto/pem/pem_x509.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_oth.c crypto/pem/pem_oth.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_def.c crypto/x509/x509_def.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_d2.c crypto/x509/x509_d2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_obj.c crypto/x509/x509_obj.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_req.c crypto/x509/x509_req.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509spki.c crypto/x509/x509spki.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_set.c crypto/x509/x509_set.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509cset.c crypto/x509/x509cset.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509rset.c crypto/x509/x509rset.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_err.c crypto/x509/x509_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509name.c crypto/x509/x509name.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_v3.c crypto/x509/x509_v3.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_ext.c crypto/x509/x509_ext.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_att.c crypto/x509/x509_att.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509type.c crypto/x509/x509type.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_lu.c crypto/x509/x509_lu.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x_all.c crypto/x509/x_all.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_txt.c crypto/x509/x509_txt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_trs.c crypto/x509/x509_trs.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/by_file.c crypto/x509/by_file.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/by_dir.c crypto/x509/by_dir.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3err.c crypto/x509v3/v3err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_err.c crypto/conf/conf_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_lib.c crypto/conf/conf_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_api.c crypto/conf/conf_api.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_def.c crypto/conf/conf_def.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_mod.c crypto/conf/conf_mod.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_mall.c crypto/conf/conf_mall.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_sap.c crypto/conf/conf_sap.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/comp_lib.c crypto/comp/comp_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/comp_err.c crypto/comp/comp_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/c_rle.c crypto/comp/c_rle.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/c_zlib.c crypto/comp/c_zlib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_err.c crypto/engine/eng_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_lib.c crypto/engine/eng_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_list.c crypto/engine/eng_list.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_init.c crypto/engine/eng_init.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_table.c crypto/engine/eng_table.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_fat.c crypto/engine/eng_fat.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_all.c crypto/engine/eng_all.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_dh.c crypto/engine/tb_dh.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_rand.c crypto/engine/tb_rand.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_store.c crypto/engine/tb_store.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_digest.c crypto/engine/tb_digest.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_err.c crypto/ui/ui_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_lib.c crypto/ui/ui_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_util.c crypto/ui/ui_util.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_compat.c crypto/ui/ui_compat.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_err.c crypto/store/str_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_lib.c crypto/store/str_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_meth.c crypto/store/str_meth.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_mem.c crypto/store/str_mem.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c ++DIR=$1 ++ ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/e_os.h e_os.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cryptlib.c crypto/cryptlib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dyn_lck.c crypto/dyn_lck.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem.c crypto/mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_clr.c crypto/mem_clr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_dbg.c crypto/mem_dbg.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cversion.c crypto/cversion.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ex_data.c crypto/ex_data.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cpt_err.c crypto/cpt_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ebcdic.c crypto/ebcdic.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/uid.c crypto/uid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_time.c crypto/o_time.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_str.c crypto/o_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_dir.c crypto/o_dir.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_init.c crypto/o_init.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/fips_err.c crypto/fips_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_one.c crypto/md2/md2_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_one.c crypto/md4/md4_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_one.c crypto/md5/md5_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_one.c crypto/sha/sha_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1_one.c crypto/sha/sha1_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha256.c crypto/sha/sha256.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha512.c crypto/sha/sha512.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/hmac/hmac.c crypto/hmac/hmac.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_lib.c crypto/des/des_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/set_key.c crypto/des/set_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb_enc.c crypto/des/ecb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_enc.c crypto/des/cbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64enc.c crypto/des/cfb64enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64ede.c crypto/des/cfb64ede.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb_enc.c crypto/des/cfb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64ede.c crypto/des/ofb64ede.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_read.c crypto/des/enc_read.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_writ.c crypto/des/enc_writ.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64enc.c crypto/des/ofb64enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb_enc.c crypto/des/ofb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/str2key.c crypto/des/str2key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/qud_cksm.c crypto/des/qud_cksm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rand_key.c crypto/des/rand_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_enc.c crypto/des/des_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt.c crypto/des/fcrypt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rpc_enc.c crypto/des/rpc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old.c crypto/des/des_old.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old2.c crypto/des/des_old2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/read2pwd.c crypto/des/read2pwd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cbc.c crypto/idea/i_cbc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ecb.c crypto/idea/i_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_skey.c crypto/idea/i_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_skey.c crypto/bf/bf_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_enc.c crypto/bf/bf_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_skey.c crypto/cast/c_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ecb.c crypto/cast/c_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_enc.c crypto/cast/c_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_misc.c crypto/aes/aes_misc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ige.c crypto/aes/aes_ige.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_core.c crypto/aes/aes_core.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_add.c crypto/bn/bn_add.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_div.c crypto/bn/bn_div.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp.c crypto/bn/bn_exp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_lib.c crypto/bn/bn_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mul.c crypto/bn/bn_mul.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mod.c crypto/bn/bn_mod.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_print.c crypto/bn/bn_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_rand.c crypto/bn/bn_rand.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_shift.c crypto/bn/bn_shift.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_word.c crypto/bn/bn_word.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_blind.c crypto/bn/bn_blind.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_kron.c crypto/bn/bn_kron.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_prime.c crypto/bn/bn_prime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_err.c crypto/bn/bn_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_asm.c crypto/bn/bn_asm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_recp.c crypto/bn/bn_recp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mont.c crypto/bn/bn_mont.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_nist.c crypto/bn/bn_nist.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_depr.c crypto/bn/bn_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_const.c crypto/bn/bn_const.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_opt.c crypto/bn/bn_opt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dl.c crypto/dso/dso_dl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_err.c crypto/dso/dso_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_lib.c crypto/dso/dso_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_null.c crypto/dso/dso_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_win32.c crypto/dso/dso_win32.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_vms.c crypto/dso/dso_vms.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_gen.c crypto/dh/dh_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_key.c crypto/dh/dh_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_lib.c crypto/dh/dh_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_check.c crypto/dh/dh_check.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_err.c crypto/dh/dh_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_depr.c crypto/dh/dh_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_lib.c crypto/ec/ec_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_mult.c crypto/ec/ec_mult.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_err.c crypto/ec/ec_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_curve.c crypto/ec/ec_curve.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_check.c crypto/ec/ec_check.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_print.c crypto/ec/ec_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_key.c crypto/ec/ec_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buffer.c crypto/buffer/buffer.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_str.c crypto/buffer/buf_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_err.c crypto/buffer/buf_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_lib.c crypto/bio/bio_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_cb.c crypto/bio/bio_cb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_err.c crypto/bio/bio_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_mem.c crypto/bio/bss_mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_null.c crypto/bio/bss_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_fd.c crypto/bio/bss_fd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_file.c crypto/bio/bss_file.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_null.c crypto/bio/bf_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_buff.c crypto/bio/bf_buff.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/b_dump.c crypto/bio/b_dump.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_log.c crypto/bio/bss_log.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_bio.c crypto/bio/bss_bio.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/stack/stack.c crypto/stack/stack.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lhash.c crypto/lhash/lhash.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/md_rand.c crypto/rand/md_rand.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/randfile.c crypto/rand/randfile.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_lib.c crypto/rand/rand_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_eng.c crypto/rand/rand_eng.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_err.c crypto/rand/rand_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_egd.c crypto/rand/rand_egd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_win.c crypto/rand/rand_win.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_unix.c crypto/rand/rand_unix.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_os2.c crypto/rand/rand_os2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_nw.c crypto/rand/rand_nw.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err.c crypto/err/err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_def.c crypto/err/err_def.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_all.c crypto/err/err_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_prn.c crypto/err/err_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_str.c crypto/err/err_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_bio.c crypto/err/err_bio.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/o_names.c crypto/objects/o_names.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_dat.c crypto/objects/obj_dat.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_lib.c crypto/objects/obj_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_err.c crypto/objects/obj_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/encode.c crypto/evp/encode.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/digest.c crypto/evp/digest.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/dig_eng.c crypto/evp/dig_eng.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_enc.c crypto/evp/evp_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_key.c crypto/evp/evp_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des.c crypto/evp/e_des.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_bf.c crypto/evp/e_bf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_idea.c crypto/evp/e_idea.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des3.c crypto/evp/e_des3.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc4.c crypto/evp/e_rc4.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_aes.c crypto/evp/e_aes.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/names.c crypto/evp/names.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc2.c crypto/evp/e_rc2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_cast.c crypto/evp/e_cast.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc5.c crypto/evp/e_rc5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/enc_min.c crypto/evp/enc_min.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_null.c crypto/evp/m_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md2.c crypto/evp/m_md2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md4.c crypto/evp/m_md4.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md5.c crypto/evp/m_md5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha.c crypto/evp/m_sha.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha1.c crypto/evp/m_sha1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss.c crypto/evp/m_dss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss1.c crypto/evp/m_dss1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_open.c crypto/evp/p_open.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_seal.c crypto/evp/p_seal.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_sign.c crypto/evp/p_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_verify.c crypto/evp/p_verify.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_lib.c crypto/evp/p_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_enc.c crypto/evp/p_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_dec.c crypto/evp/p_dec.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_md.c crypto/evp/bio_md.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_b64.c crypto/evp/bio_b64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_enc.c crypto/evp/bio_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_err.c crypto/evp/evp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_null.c crypto/evp/e_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_all.c crypto/evp/c_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_allc.c crypto/evp/c_allc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_alld.c crypto/evp/c_alld.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_lib.c crypto/evp/evp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_ok.c crypto/evp/bio_ok.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_old.c crypto/evp/e_old.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_object.c crypto/asn1/a_object.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_time.c crypto/asn1/a_time.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_int.c crypto/asn1/a_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_octet.c crypto/asn1/a_octet.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_print.c crypto/asn1/a_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_type.c crypto/asn1/a_type.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_set.c crypto/asn1/a_set.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_dup.c crypto/asn1/a_dup.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_enum.c crypto/asn1/a_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_sign.c crypto/asn1/a_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_digest.c crypto/asn1/a_digest.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_verify.c crypto/asn1/a_verify.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strex.c crypto/asn1/a_strex.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_algor.c crypto/asn1/x_algor.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_val.c crypto/asn1/x_val.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_sig.c crypto/asn1/x_sig.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_req.c crypto/asn1/x_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_long.c crypto/asn1/x_long.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_name.c crypto/asn1/x_name.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509.c crypto/asn1/x_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_crl.c crypto/asn1/x_crl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_info.c crypto/asn1/x_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_spki.c crypto/asn1/x_spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/nsseq.c crypto/asn1/nsseq.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_req.c crypto/asn1/t_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509.c crypto/asn1/t_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_crl.c crypto/asn1/t_crl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_spki.c crypto/asn1/t_spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_int.c crypto/asn1/f_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_string.c crypto/asn1/f_string.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_enum.c crypto/asn1/f_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bool.c crypto/asn1/a_bool.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_exten.c crypto/asn1/x_exten.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_meth.c crypto/asn1/a_meth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_sign.c crypto/pem/pem_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_seal.c crypto/pem/pem_seal.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_info.c crypto/pem/pem_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_lib.c crypto/pem/pem_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_all.c crypto/pem/pem_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_err.c crypto/pem/pem_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_x509.c crypto/pem/pem_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_oth.c crypto/pem/pem_oth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_def.c crypto/x509/x509_def.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_d2.c crypto/x509/x509_d2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_obj.c crypto/x509/x509_obj.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_req.c crypto/x509/x509_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509spki.c crypto/x509/x509spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_set.c crypto/x509/x509_set.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509cset.c crypto/x509/x509cset.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509rset.c crypto/x509/x509rset.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_err.c crypto/x509/x509_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509name.c crypto/x509/x509name.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_v3.c crypto/x509/x509_v3.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_ext.c crypto/x509/x509_ext.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_att.c crypto/x509/x509_att.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509type.c crypto/x509/x509type.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_lu.c crypto/x509/x509_lu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x_all.c crypto/x509/x_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_txt.c crypto/x509/x509_txt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_trs.c crypto/x509/x509_trs.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_file.c crypto/x509/by_file.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_dir.c crypto/x509/by_dir.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3err.c crypto/x509v3/v3err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_err.c crypto/conf/conf_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_lib.c crypto/conf/conf_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_api.c crypto/conf/conf_api.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_def.c crypto/conf/conf_def.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mod.c crypto/conf/conf_mod.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mall.c crypto/conf/conf_mall.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_sap.c crypto/conf/conf_sap.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_lib.c crypto/comp/comp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_err.c crypto/comp/comp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_rle.c crypto/comp/c_rle.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_zlib.c crypto/comp/c_zlib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_err.c crypto/engine/eng_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_lib.c crypto/engine/eng_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_list.c crypto/engine/eng_list.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_init.c crypto/engine/eng_init.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_table.c crypto/engine/eng_table.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_fat.c crypto/engine/eng_fat.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_all.c crypto/engine/eng_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dh.c crypto/engine/tb_dh.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rand.c crypto/engine/tb_rand.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_store.c crypto/engine/tb_store.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_digest.c crypto/engine/tb_digest.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_err.c crypto/ui/ui_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_lib.c crypto/ui/ui_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_util.c crypto/ui/ui_util.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_compat.c crypto/ui/ui_compat.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_err.c crypto/store/str_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_lib.c crypto/store/str_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_meth.c crypto/store/str_meth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_mem.c crypto/store/str_mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c +diff --git a/Cryptlib/Pk/CryptPkcs7Sign.c b/Cryptlib/Pk/CryptPkcs7Sign.c +new file mode 100644 +index 0000000..63fe78f +--- /dev/null ++++ b/Cryptlib/Pk/CryptPkcs7Sign.c +@@ -0,0 +1,207 @@ ++/** @file ++ PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL. ++ ++Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include "InternalCryptLib.h" ++ ++#include ++#include ++#include ++ ++ ++/** ++ Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message ++ Syntax Standard, version 1.5". This interface is only intended to be used for ++ application to perform PKCS#7 functionality validation. ++ ++ @param[in] PrivateKey Pointer to the PEM-formatted private key data for ++ data signing. ++ @param[in] PrivateKeySize Size of the PEM private key data in bytes. ++ @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM ++ key data. ++ @param[in] InData Pointer to the content to be signed. ++ @param[in] InDataSize Size of InData in bytes. ++ @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. ++ @param[in] OtherCerts Pointer to an optional additional set of certificates to ++ include in the PKCS#7 signedData (e.g. any intermediate ++ CAs in the chain). ++ @param[out] SignedData Pointer to output PKCS#7 signedData. ++ @param[out] SignedDataSize Size of SignedData in bytes. ++ ++ @retval TRUE PKCS#7 data signing succeeded. ++ @retval FALSE PKCS#7 data signing failed. ++ ++**/ ++BOOLEAN ++EFIAPI ++Pkcs7Sign ( ++ IN CONST UINT8 *PrivateKey, ++ IN UINTN PrivateKeySize, ++ IN CONST UINT8 *KeyPassword, ++ IN UINT8 *InData, ++ IN UINTN InDataSize, ++ IN UINT8 *SignCert, ++ IN UINT8 *OtherCerts OPTIONAL, ++ OUT UINT8 **SignedData, ++ OUT UINTN *SignedDataSize ++ ) ++{ ++ BOOLEAN Status; ++ EVP_PKEY *Key; ++ BIO *DataBio; ++ PKCS7 *Pkcs7; ++ UINT8 *RsaContext; ++ UINT8 *P7Data; ++ UINTN P7DataSize; ++ UINT8 *Tmp; ++ ++ // ++ // Check input parameters. ++ // ++ if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL || ++ SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) { ++ return FALSE; ++ } ++ ++ RsaContext = NULL; ++ Key = NULL; ++ Pkcs7 = NULL; ++ DataBio = NULL; ++ Status = FALSE; ++ ++ // ++ // Retrieve RSA private key from PEM data. ++ // ++ Status = RsaGetPrivateKeyFromPem ( ++ PrivateKey, ++ PrivateKeySize, ++ (CONST CHAR8 *) KeyPassword, ++ (VOID **) &RsaContext ++ ); ++ if (!Status) { ++ return Status; ++ } ++ ++ Status = FALSE; ++ ++ // ++ // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling ++ // ++ if (EVP_add_digest (EVP_md5 ()) == 0) { ++ goto _Exit; ++ } ++ if (EVP_add_digest (EVP_sha1 ()) == 0) { ++ goto _Exit; ++ } ++ if (EVP_add_digest (EVP_sha256 ()) == 0) { ++ goto _Exit; ++ } ++ ++ RandomSeed (NULL, 0); ++ ++ // ++ // Construct OpenSSL EVP_PKEY for private key. ++ // ++ Key = EVP_PKEY_new (); ++ if (Key == NULL) { ++ goto _Exit; ++ } ++ Key->save_type = EVP_PKEY_RSA; ++ Key->type = EVP_PKEY_type (EVP_PKEY_RSA); ++ Key->pkey.rsa = (RSA *) RsaContext; ++ ++ // ++ // Convert the data to be signed to BIO format. ++ // ++ DataBio = BIO_new (BIO_s_mem ()); ++ if (DataBio == NULL) { ++ goto _Exit; ++ } ++ ++ if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) { ++ goto _Exit; ++ } ++ ++ // ++ // Create the PKCS#7 signedData structure. ++ // ++ Pkcs7 = PKCS7_sign ( ++ (X509 *) SignCert, ++ Key, ++ (STACK_OF(X509) *) OtherCerts, ++ DataBio, ++ PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED ++ ); ++ if (Pkcs7 == NULL) { ++ goto _Exit; ++ } ++ ++ // ++ // Convert PKCS#7 signedData structure into DER-encoded buffer. ++ // ++ P7DataSize = i2d_PKCS7 (Pkcs7, NULL); ++ if (P7DataSize <= 19) { ++ goto _Exit; ++ } ++ ++ P7Data = malloc (P7DataSize); ++ if (P7Data == NULL) { ++ goto _Exit; ++ } ++ ++ Tmp = P7Data; ++ P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp); ++ ASSERT (P7DataSize > 19); ++ ++ // ++ // Strip ContentInfo to content only for signeddata. The data be trimmed off ++ // is totally 19 bytes. ++ // ++ *SignedDataSize = P7DataSize - 19; ++ *SignedData = malloc (*SignedDataSize); ++ if (*SignedData == NULL) { ++ OPENSSL_free (P7Data); ++ goto _Exit; ++ } ++ ++ CopyMem (*SignedData, P7Data + 19, *SignedDataSize); ++ ++ OPENSSL_free (P7Data); ++ ++ Status = TRUE; ++ ++_Exit: ++ // ++ // Release Resources ++ // ++ if (RsaContext != NULL) { ++ RsaFree (RsaContext); ++ if (Key != NULL) { ++ Key->pkey.rsa = NULL; ++ } ++ } ++ ++ if (Key != NULL) { ++ EVP_PKEY_free (Key); ++ } ++ ++ if (DataBio != NULL) { ++ BIO_free (DataBio); ++ } ++ ++ if (Pkcs7 != NULL) { ++ PKCS7_free (Pkcs7); ++ } ++ ++ return Status; ++} +diff --git a/Cryptlib/Pk/CryptPkcs7SignNull.c b/Cryptlib/Pk/CryptPkcs7SignNull.c +new file mode 100644 +index 0000000..539bb6b +--- /dev/null ++++ b/Cryptlib/Pk/CryptPkcs7SignNull.c +@@ -0,0 +1,59 @@ ++/** @file ++ PKCS#7 SignedData Sign Wrapper Implementation which does not provide real ++ capabilities. ++ ++Copyright (c) 2012, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include "InternalCryptLib.h" ++ ++/** ++ Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message ++ Syntax Standard, version 1.5". This interface is only intended to be used for ++ application to perform PKCS#7 functionality validation. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in] PrivateKey Pointer to the PEM-formatted private key data for ++ data signing. ++ @param[in] PrivateKeySize Size of the PEM private key data in bytes. ++ @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM ++ key data. ++ @param[in] InData Pointer to the content to be signed. ++ @param[in] InDataSize Size of InData in bytes. ++ @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. ++ @param[in] OtherCerts Pointer to an optional additional set of certificates to ++ include in the PKCS#7 signedData (e.g. any intermediate ++ CAs in the chain). ++ @param[out] SignedData Pointer to output PKCS#7 signedData. ++ @param[out] SignedDataSize Size of SignedData in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++Pkcs7Sign ( ++ IN CONST UINT8 *PrivateKey, ++ IN UINTN PrivateKeySize, ++ IN CONST UINT8 *KeyPassword, ++ IN UINT8 *InData, ++ IN UINTN InDataSize, ++ IN UINT8 *SignCert, ++ IN UINT8 *OtherCerts OPTIONAL, ++ OUT UINT8 **SignedData, ++ OUT UINTN *SignedDataSize ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ +diff --git a/Cryptlib/Pk/CryptPkcs7.c b/Cryptlib/Pk/CryptPkcs7Verify.c +similarity index 74% +rename from Cryptlib/Pk/CryptPkcs7.c +rename to Cryptlib/Pk/CryptPkcs7Verify.c +index 218e7ac..05c3f87 100644 +--- a/Cryptlib/Pk/CryptPkcs7.c ++++ b/Cryptlib/Pk/CryptPkcs7Verify.c +@@ -10,7 +10,7 @@ + WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated + Variable and will do basic check for data structure. + +-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
++Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -25,6 +25,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + #include + #include ++#include + #include + + UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 }; +@@ -111,182 +112,6 @@ X509VerifyCb ( + } + + /** +- Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message +- Syntax Standard, version 1.5". This interface is only intended to be used for +- application to perform PKCS#7 functionality validation. +- +- @param[in] PrivateKey Pointer to the PEM-formatted private key data for +- data signing. +- @param[in] PrivateKeySize Size of the PEM private key data in bytes. +- @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM +- key data. +- @param[in] InData Pointer to the content to be signed. +- @param[in] InDataSize Size of InData in bytes. +- @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. +- @param[in] OtherCerts Pointer to an optional additional set of certificates to +- include in the PKCS#7 signedData (e.g. any intermediate +- CAs in the chain). +- @param[out] SignedData Pointer to output PKCS#7 signedData. +- @param[out] SignedDataSize Size of SignedData in bytes. +- +- @retval TRUE PKCS#7 data signing succeeded. +- @retval FALSE PKCS#7 data signing failed. +- +-**/ +-BOOLEAN +-EFIAPI +-Pkcs7Sign ( +- IN CONST UINT8 *PrivateKey, +- IN UINTN PrivateKeySize, +- IN CONST UINT8 *KeyPassword, +- IN UINT8 *InData, +- IN UINTN InDataSize, +- IN UINT8 *SignCert, +- IN UINT8 *OtherCerts OPTIONAL, +- OUT UINT8 **SignedData, +- OUT UINTN *SignedDataSize +- ) +-{ +- BOOLEAN Status; +- EVP_PKEY *Key; +- BIO *DataBio; +- PKCS7 *Pkcs7; +- UINT8 *RsaContext; +- UINT8 *P7Data; +- UINTN P7DataSize; +- UINT8 *Tmp; +- +- // +- // Check input parameters. +- // +- if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL || +- SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) { +- return FALSE; +- } +- +- RsaContext = NULL; +- Key = NULL; +- Pkcs7 = NULL; +- DataBio = NULL; +- Status = FALSE; +- +- // +- // Retrieve RSA private key from PEM data. +- // +- Status = RsaGetPrivateKeyFromPem ( +- PrivateKey, +- PrivateKeySize, +- (CONST CHAR8 *) KeyPassword, +- (VOID **) &RsaContext +- ); +- if (!Status) { +- return Status; +- } +- +- // +- // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling +- // +- EVP_add_digest (EVP_md5()); +- EVP_add_digest (EVP_sha1()); +- EVP_add_digest (EVP_sha256()); +- RandomSeed (NULL, 0); +- +- // +- // Construct OpenSSL EVP_PKEY for private key. +- // +- Key = EVP_PKEY_new (); +- if (Key == NULL) { +- Status = FALSE; +- goto _Exit; +- } +- Key->save_type = EVP_PKEY_RSA; +- Key->type = EVP_PKEY_type (EVP_PKEY_RSA); +- Key->pkey.rsa = (RSA *) RsaContext; +- +- // +- // Convert the data to be signed to BIO format. +- // +- DataBio = BIO_new (BIO_s_mem ()); +- BIO_write (DataBio, InData, (int) InDataSize); +- +- // +- // Create the PKCS#7 signedData structure. +- // +- Pkcs7 = PKCS7_sign ( +- (X509 *) SignCert, +- Key, +- (STACK_OF(X509) *) OtherCerts, +- DataBio, +- PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED +- ); +- if (Pkcs7 == NULL) { +- Status = FALSE; +- goto _Exit; +- } +- +- // +- // Convert PKCS#7 signedData structure into DER-encoded buffer. +- // +- P7DataSize = i2d_PKCS7 (Pkcs7, NULL); +- if (P7DataSize <= 19) { +- Status = FALSE; +- goto _Exit; +- } +- +- P7Data = malloc (P7DataSize); +- if (P7Data == NULL) { +- Status = FALSE; +- goto _Exit; +- } +- +- Tmp = P7Data; +- P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp); +- +- // +- // Strip ContentInfo to content only for signeddata. The data be trimmed off +- // is totally 19 bytes. +- // +- *SignedDataSize = P7DataSize - 19; +- *SignedData = malloc (*SignedDataSize); +- if (*SignedData == NULL) { +- Status = FALSE; +- OPENSSL_free (P7Data); +- goto _Exit; +- } +- +- CopyMem (*SignedData, P7Data + 19, *SignedDataSize); +- +- OPENSSL_free (P7Data); +- +- Status = TRUE; +- +-_Exit: +- // +- // Release Resources +- // +- if (RsaContext != NULL) { +- RsaFree (RsaContext); +- if (Key != NULL) { +- Key->pkey.rsa = NULL; +- } +- } +- +- if (Key != NULL) { +- EVP_PKEY_free (Key); +- } +- +- if (DataBio != NULL) { +- BIO_free (DataBio); +- } +- +- if (Pkcs7 != NULL) { +- PKCS7_free (Pkcs7); +- } +- +- return Status; +-} +- +-/** + Check input P7Data is a wrapped ContentInfo structure or not. If not construct + a new structure to wrap P7Data. + +@@ -395,6 +220,91 @@ WrapPkcs7Data ( + } + + /** ++ Pop single certificate from STACK_OF(X509). ++ ++ If X509Stack, Cert, or CertSize is NULL, then return FALSE. ++ ++ @param[in] X509Stack Pointer to a X509 stack object. ++ @param[out] Cert Pointer to a X509 certificate. ++ @param[out] CertSize Length of output X509 certificate in bytes. ++ ++ @retval TRUE The X509 stack pop succeeded. ++ @retval FALSE The pop operation failed. ++ ++**/ ++BOOLEAN ++X509PopCertificate ( ++ IN VOID *X509Stack, ++ OUT UINT8 **Cert, ++ OUT UINTN *CertSize ++ ) ++{ ++ BIO *CertBio; ++ X509 *X509Cert; ++ STACK_OF(X509) *CertStack; ++ BOOLEAN Status; ++ INT32 Result; ++ INT32 Length; ++ VOID *Buffer; ++ ++ Status = FALSE; ++ ++ if ((X509Stack == NULL) || (Cert == NULL) || (CertSize == NULL)) { ++ return Status; ++ } ++ ++ CertStack = (STACK_OF(X509) *) X509Stack; ++ ++ X509Cert = sk_X509_pop (CertStack); ++ ++ if (X509Cert == NULL) { ++ return Status; ++ } ++ ++ Buffer = NULL; ++ ++ CertBio = BIO_new (BIO_s_mem ()); ++ if (CertBio == NULL) { ++ return Status; ++ } ++ ++ Result = i2d_X509_bio (CertBio, X509Cert); ++ if (Result == 0) { ++ goto _Exit; ++ } ++ ++ Length = ((BUF_MEM *) CertBio->ptr)->length; ++ if (Length <= 0) { ++ goto _Exit; ++ } ++ ++ Buffer = malloc (Length); ++ if (Buffer == NULL) { ++ goto _Exit; ++ } ++ ++ Result = BIO_read (CertBio, Buffer, Length); ++ if (Result != Length) { ++ goto _Exit; ++ } ++ ++ *Cert = Buffer; ++ *CertSize = Length; ++ ++ Status = TRUE; ++ ++_Exit: ++ ++ BIO_free (CertBio); ++ ++ if (!Status && (Buffer != NULL)) { ++ free (Buffer); ++ } ++ ++ return Status; ++} ++ ++/** + Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: + Cryptographic Message Syntax Standard". The input signed data could be wrapped + in a ContentInfo structure. +@@ -634,7 +544,6 @@ Pkcs7Verify ( + ) + { + PKCS7 *Pkcs7; +- BIO *CertBio; + BIO *DataBio; + BOOLEAN Status; + X509 *Cert; +@@ -653,7 +562,6 @@ Pkcs7Verify ( + } + + Pkcs7 = NULL; +- CertBio = NULL; + DataBio = NULL; + Cert = NULL; + CertStore = NULL; +@@ -661,10 +569,19 @@ Pkcs7Verify ( + // + // Register & Initialize necessary digest algorithms for PKCS#7 Handling + // +- EVP_add_digest (EVP_md5()); +- EVP_add_digest (EVP_sha1()); +- EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA); +- EVP_add_digest (EVP_sha256()); ++ if (EVP_add_digest (EVP_md5 ()) == 0) { ++ return FALSE; ++ } ++ if (EVP_add_digest (EVP_sha1 ()) == 0) { ++ return FALSE; ++ } ++ if (EVP_add_digest (EVP_sha256 ()) == 0) { ++ return FALSE; ++ } ++ if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) { ++ return FALSE; ++ } ++ + + Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize); + if (!Status) { +@@ -696,12 +613,7 @@ Pkcs7Verify ( + // + // Read DER-encoded root certificate and Construct X509 Certificate + // +- CertBio = BIO_new (BIO_s_mem ()); +- BIO_write (CertBio, TrustedCert, (int)CertLength); +- if (CertBio == NULL) { +- goto _Exit; +- } +- Cert = d2i_X509_bio (CertBio, NULL); ++ Cert = d2i_X509 (NULL, &TrustedCert, (long) CertLength); + if (Cert == NULL) { + goto _Exit; + } +@@ -728,7 +640,20 @@ Pkcs7Verify ( + // in PKCS#7 structure. So ignore NULL checking here. + // + DataBio = BIO_new (BIO_s_mem ()); +- BIO_write (DataBio, InData, (int)DataLength); ++ if (DataBio == NULL) { ++ goto _Exit; ++ } ++ ++ if (BIO_write (DataBio, InData, (int) DataLength) <= 0) { ++ goto _Exit; ++ } ++ ++ // ++ // OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and ++ // doesn't support the extended key usage for Authenticode Code Signing. ++ // Bypass the certificate purpose checking by enabling any purposes setting. ++ // ++ X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY); + + // + // Verifies the PKCS#7 signedData structure +@@ -740,7 +665,6 @@ _Exit: + // Release Resources + // + BIO_free (DataBio); +- BIO_free (CertBio); + X509_free (Cert); + X509_STORE_free (CertStore); + PKCS7_free (Pkcs7); +diff --git a/Cryptlib/Pk/CryptPkcs7VerifyNull.c b/Cryptlib/Pk/CryptPkcs7VerifyNull.c +new file mode 100644 +index 0000000..9a4c77a +--- /dev/null ++++ b/Cryptlib/Pk/CryptPkcs7VerifyNull.c +@@ -0,0 +1,100 @@ ++/** @file ++ PKCS#7 SignedData Verification Wrapper Implementation which does not provide ++ real capabilities. ++ ++Copyright (c) 2012, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include "InternalCryptLib.h" ++ ++/** ++ Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: ++ Cryptographic Message Syntax Standard". The input signed data could be wrapped ++ in a ContentInfo structure. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in] P7Data Pointer to the PKCS#7 message to verify. ++ @param[in] P7Length Length of the PKCS#7 message in bytes. ++ @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. ++ It's caller's responsiblity to free the buffer. ++ @param[out] StackLength Length of signer's certificates in bytes. ++ @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. ++ It's caller's responsiblity to free the buffer. ++ @param[out] CertLength Length of the trusted certificate in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++Pkcs7GetSigners ( ++ IN CONST UINT8 *P7Data, ++ IN UINTN P7Length, ++ OUT UINT8 **CertStack, ++ OUT UINTN *StackLength, ++ OUT UINT8 **TrustedCert, ++ OUT UINTN *CertLength ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++/** ++ Wrap function to use free() to free allocated memory for certificates. ++ ++ If the interface is not supported, then ASSERT(). ++ ++ @param[in] Certs Pointer to the certificates to be freed. ++ ++**/ ++VOID ++EFIAPI ++Pkcs7FreeSigners ( ++ IN UINT8 *Certs ++ ) ++{ ++ ASSERT (FALSE); ++} ++ ++/** ++ Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: ++ Cryptographic Message Syntax Standard". The input signed data could be wrapped ++ in a ContentInfo structure. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in] P7Data Pointer to the PKCS#7 message to verify. ++ @param[in] P7Length Length of the PKCS#7 message in bytes. ++ @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which ++ is used for certificate chain verification. ++ @param[in] CertLength Length of the trusted certificate in bytes. ++ @param[in] InData Pointer to the content to be verified. ++ @param[in] DataLength Length of InData in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++Pkcs7Verify ( ++ IN CONST UINT8 *P7Data, ++ IN UINTN P7Length, ++ IN CONST UINT8 *TrustedCert, ++ IN UINTN CertLength, ++ IN CONST UINT8 *InData, ++ IN UINTN DataLength ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} +diff --git a/Cryptlib/Pk/CryptRsaExtNull.c b/Cryptlib/Pk/CryptRsaExtNull.c +new file mode 100644 +index 0000000..e44cdde +--- /dev/null ++++ b/Cryptlib/Pk/CryptRsaExtNull.c +@@ -0,0 +1,125 @@ ++/** @file ++ RSA Asymmetric Cipher Wrapper Implementation over OpenSSL. ++ ++ This file does not provide real capabilities for following APIs in RSA handling: ++ 1) RsaGetKey ++ 2) RsaGenerateKey ++ 3) RsaCheckKey ++ 4) RsaPkcs1Sign ++ ++Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include "InternalCryptLib.h" ++ ++/** ++ Gets the tag-designated RSA key component from the established RSA context. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in, out] RsaContext Pointer to RSA context being set. ++ @param[in] KeyTag Tag of RSA key component being set. ++ @param[out] BigNumber Pointer to octet integer buffer. ++ @param[in, out] BnSize On input, the size of big number buffer in bytes. ++ On output, the size of data returned in big number buffer in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++RsaGetKey ( ++ IN OUT VOID *RsaContext, ++ IN RSA_KEY_TAG KeyTag, ++ OUT UINT8 *BigNumber, ++ IN OUT UINTN *BnSize ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++/** ++ Generates RSA key components. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in, out] RsaContext Pointer to RSA context being set. ++ @param[in] ModulusLength Length of RSA modulus N in bits. ++ @param[in] PublicExponent Pointer to RSA public exponent. ++ @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++RsaGenerateKey ( ++ IN OUT VOID *RsaContext, ++ IN UINTN ModulusLength, ++ IN CONST UINT8 *PublicExponent, ++ IN UINTN PublicExponentSize ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++/** ++ Validates key components of RSA context. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in] RsaContext Pointer to RSA context to check. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++RsaCheckKey ( ++ IN VOID *RsaContext ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++/** ++ Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in] RsaContext Pointer to RSA context for signature generation. ++ @param[in] MessageHash Pointer to octet message hash to be signed. ++ @param[in] HashSize Size of the message hash in bytes. ++ @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature. ++ @param[in, out] SigSize On input, the size of Signature buffer in bytes. ++ On output, the size of data returned in Signature buffer in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++RsaPkcs1Sign ( ++ IN VOID *RsaContext, ++ IN CONST UINT8 *MessageHash, ++ IN UINTN HashSize, ++ OUT UINT8 *Signature, ++ IN OUT UINTN *SigSize ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++ +diff --git a/Cryptlib/Rand/CryptRand.c b/Cryptlib/Rand/CryptRand.c +index dc3ab99..895ce83 100644 +--- a/Cryptlib/Rand/CryptRand.c ++++ b/Cryptlib/Rand/CryptRand.c +@@ -1,7 +1,7 @@ + /** @file + Pseudorandom Number Generator Wrapper Implementation over OpenSSL. + +-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
++Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + #include "InternalCryptLib.h" + #include ++#include + + // + // Default seed for UEFI Crypto Library +@@ -48,6 +49,14 @@ RandomSeed ( + } + + // ++ // The software PRNG implementation built in OpenSSL depends on message digest algorithm. ++ // Make sure SHA-1 digest algorithm is available here. ++ // ++ if (EVP_add_digest (EVP_sha1 ()) == 0) { ++ return FALSE; ++ } ++ ++ // + // Seed the pseudorandom number generator with user-supplied value. + // NOTE: A cryptographic PRNG must be seeded with unpredictable data. + // +diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh +index 96bbece..57b6631 100755 +--- a/Cryptlib/update.sh ++++ b/Cryptlib/update.sh +@@ -13,8 +13,13 @@ cp $DIR/Cipher/CryptAes.c Cipher/CryptAes.c + cp $DIR/Cipher/CryptTdes.c Cipher/CryptTdes.c + cp $DIR/Cipher/CryptArc4.c Cipher/CryptArc4.c + cp $DIR/Rand/CryptRand.c Rand/CryptRand.c +-cp $DIR/Pk/CryptRsa.c Pk/CryptRsa.c +-cp $DIR/Pk/CryptPkcs7.c Pk/CryptPkcs7.c ++cp $DIR/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c ++cp $DIR/Pk/CryptRsaExt.c Pk/CryptRsaExt.c ++cp $DIR/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c ++cp $DIR/Pk/CryptPkcs7Sign.c Pk/CryptPkcs7Sign.c ++cp $DIR/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c ++cp $DIR/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c ++cp $DIR/Pk/CryptPkcs7VerifyNull.c Pk/CryptPkcs7VerifyNull.c + cp $DIR/Pk/CryptDh.c Pk/CryptDh.c + cp $DIR/Pk/CryptX509.c Pk/CryptX509.c + cp $DIR/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c +-- +1.9.3 + diff --git a/SOURCES/0044-Replace-build-instructions-in-README-with-something-.patch b/SOURCES/0044-Replace-build-instructions-in-README-with-something-.patch new file mode 100644 index 0000000..b2a0f0c --- /dev/null +++ b/SOURCES/0044-Replace-build-instructions-in-README-with-something-.patch @@ -0,0 +1,27 @@ +From 81ee561dde0213bc487aa1b701799f6d2faeaf31 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 21 Jul 2014 16:15:07 -0400 +Subject: [PATCH 44/74] Replace build instructions in README with something not + completely wrong. + +These were really, really out of date. +--- + README | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/README b/README +index 2977f2a..24a39df 100644 +--- a/README ++++ b/README +@@ -12,5 +12,5 @@ in the shim.h header file and provides a single entry point. On 64-bit systems + this entry point expects to be called with SysV ABI rather than MSABI, and + so calls to it should not be wrapped. + +-To use shim, simply place a hex dump of the public certificate in cert.h +-and build it with make. +\ No newline at end of file ++To use shim, simply place a DER-encoded public certificate in a file such as ++pub.cer and build with "make VENDOR_CERT_FILE=pub.cer". +-- +1.9.3 + diff --git a/SOURCES/0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch b/SOURCES/0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch new file mode 100644 index 0000000..8372361 --- /dev/null +++ b/SOURCES/0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch @@ -0,0 +1,37 @@ +From a30276e095c10be69b5282d01c20cf5daf3fa671 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 12 Aug 2014 15:33:18 +0200 +Subject: [PATCH 45/74] CryptLib: undefine va_arg and friends before redefining + them + +Upstream GNU-EFI contains changes to efistdarg.h resulting in the va_start, +va_arg and va_end macros to be #defined unconditionally. Make sure we #undef +them before overriding the definitions. + +Signed-off-by: Ard Biesheuvel +--- + Cryptlib/Include/OpenSslSupport.h | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h +index 5a2745d..9e56ced 100644 +--- a/Cryptlib/Include/OpenSslSupport.h ++++ b/Cryptlib/Include/OpenSslSupport.h +@@ -35,6 +35,14 @@ typedef VOID *FILE; + // Map all va_xxxx elements to VA_xxx defined in MdePkg/Include/Base.h + // + #if !defined(__CC_ARM) // if va_list is not already defined ++/* ++ * These are now unconditionally #defined by GNU_EFI's efistdarg.h, ++ * so we should #undef them here before providing a new definition. ++ */ ++#undef va_arg ++#undef va_start ++#undef va_end ++ + #define va_list VA_LIST + #define va_arg VA_ARG + #define va_start VA_START +-- +1.9.3 + diff --git a/SOURCES/0046-unhook_system_services-bail-on-systab-NULL.patch b/SOURCES/0046-unhook_system_services-bail-on-systab-NULL.patch new file mode 100644 index 0000000..3f0bb9d --- /dev/null +++ b/SOURCES/0046-unhook_system_services-bail-on-systab-NULL.patch @@ -0,0 +1,30 @@ +From 77cdb40423e29a5f9d1318cd0ada874ee1916450 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 12 Aug 2014 15:33:19 +0200 +Subject: [PATCH 46/74] unhook_system_services: bail on systab == NULL + +Prevent unhook_system_services() from dereferencing a NULL systab, which +may occur if hook_system_services() has never been called. + +Signed-off-by: Ard Biesheuvel +--- + replacements.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/replacements.c b/replacements.c +index 48dc437..5dfa355 100644 +--- a/replacements.c ++++ b/replacements.c +@@ -70,6 +70,9 @@ static EFI_HANDLE last_loaded_image; + void + unhook_system_services(void) + { ++ if (!systab) ++ return; ++ + systab->BootServices->Exit = system_exit; + systab->BootServices->LoadImage = system_load_image; + systab->BootServices->StartImage = system_start_image; +-- +1.9.3 + diff --git a/SOURCES/0047-Factor-out-x86-isms-and-add-cross-compile-support.patch b/SOURCES/0047-Factor-out-x86-isms-and-add-cross-compile-support.patch new file mode 100644 index 0000000..7d178f3 --- /dev/null +++ b/SOURCES/0047-Factor-out-x86-isms-and-add-cross-compile-support.patch @@ -0,0 +1,235 @@ +From 99d7b5e858945b8bb160fe3fea77596b2daf07ff Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 12 Aug 2014 15:33:20 +0200 +Subject: [PATCH 47/74] Factor out x86-isms and add cross compile support + +This patch cleans up and refactors the Makefiles to better allow new +architectures to be added: +- remove unused Makefile definitions +- import Makefile definitions from top level rather than redefining +- move x86 specific CFLAGS to inside ifeq() blocks +- remove x86 inline asm +- allow $(FORMAT) to be overridden: this is necessary as there exists no + EFI or PE/COFF aware objcopy for ARM + +Signed-off-by: Ard Biesheuvel +--- + Cryptlib/Makefile | 16 ++++++---------- + Cryptlib/OpenSSL/Makefile | 15 ++++++--------- + Makefile | 45 +++++++++++++++++++++++++++------------------ + lib/Makefile | 14 ++++---------- + netboot.c | 10 +--------- + 5 files changed, 44 insertions(+), 56 deletions(-) + +diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile +index 678baac..73a1e2b 100644 +--- a/Cryptlib/Makefile ++++ b/Cryptlib/Makefile +@@ -1,19 +1,15 @@ +-ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) + +-EFI_INCLUDE = /usr/include/efi +-EFI_INCLUDES = -nostdinc -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol +-EFI_PATH = /usr/lib64/gnuefi +- +-LIB_GCC = $(shell $(CC) -print-libgcc-file-name) +-EFI_LIBS = -lefi -lgnuefi $(LIB_GCC) ++EFI_INCLUDES = -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol + + CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar \ +- -Wall $(EFI_INCLUDES) -mno-red-zone -maccumulate-outgoing-args -mno-sse -mno-mmx ++ -Wall $(EFI_INCLUDES) ++ + ifeq ($(ARCH),x86_64) +- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI ++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \ ++ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI + endif + ifeq ($(ARCH),ia32) +- CFLAGS += -m32 ++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 + endif + LDFLAGS = -nostdlib -znocombreloc + +diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile +index 8e2f2a6..9097580 100644 +--- a/Cryptlib/OpenSSL/Makefile ++++ b/Cryptlib/OpenSSL/Makefile +@@ -1,19 +1,16 @@ +-ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) + +-EFI_INCLUDE = /usr/include/efi + EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol +-EFI_PATH = /usr/lib64/gnuefi + +-LIB_GCC = $(shell $(CC) -print-libgcc-file-name) +-EFI_LIBS = -lefi -lgnuefi $(LIB_GCC) +- +-CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ ++CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \ + -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC ++ + ifeq ($(ARCH),x86_64) +- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG ++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ ++ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG + endif + ifeq ($(ARCH),ia32) +- CFLAGS += -m32 -DTHIRTY_TWO_BIT ++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ ++ -m32 -DTHIRTY_TWO_BIT + endif + LDFLAGS = -nostdlib -znocombreloc + +diff --git a/Makefile b/Makefile +index df190a2..f65bb3b 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,10 +1,14 @@ +-ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) ++CC = $(CROSS_COMPILE)gcc ++LD = $(CROSS_COMPILE)ld ++OBJCOPY = $(CROSS_COMPILE)objcopy ++ ++ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) + + SUBDIRS = Cryptlib lib + + LIB_PATH = /usr/lib64 + +-EFI_INCLUDE = /usr/include/efi ++EFI_INCLUDE := /usr/include/efi + EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude + EFI_PATH := /usr/lib64/gnuefi + +@@ -16,9 +20,7 @@ EFI_LDS = elf_$(ARCH)_efi.lds + + DEFAULT_LOADER := \\\\grub.efi + CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ +- -fshort-wchar -Wall -Wsign-compare -Werror \ +- -mno-red-zone -maccumulate-outgoing-args \ +- -mno-mmx -mno-sse -fno-builtin \ ++ -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ + "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ + "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ + $(EFI_INCLUDES) +@@ -26,12 +28,15 @@ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ + ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined) + CFLAGS += -DOVERRIDE_SECURITY_POLICY + endif ++ + ifeq ($(ARCH),x86_64) +- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI ++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \ ++ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI + endif + ifeq ($(ARCH),ia32) +- CFLAGS += -m32 ++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 + endif ++ + ifneq ($(origin VENDOR_CERT_FILE), undefined) + CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" + endif +@@ -95,26 +100,28 @@ MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a + + Cryptlib/libcryptlib.a: +- $(MAKE) -C Cryptlib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) ++ $(MAKE) -C Cryptlib + + Cryptlib/OpenSSL/libopenssl.a: +- $(MAKE) -C Cryptlib/OpenSSL EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) ++ $(MAKE) -C Cryptlib/OpenSSL + + lib/lib.a: +- $(MAKE) -C lib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) ++ $(MAKE) -C lib ++ ++FORMAT ?= --target efi-app-$(ARCH) + + %.efi: %.so +- objcopy -j .text -j .sdata -j .data \ +- -j .dynamic -j .dynsym -j .rel \ +- -j .rela -j .reloc -j .eh_frame \ ++ $(OBJCOPY) -j .text -j .sdata -j .data \ ++ -j .dynamic -j .dynsym -j .rel* \ ++ -j .rela* -j .reloc -j .eh_frame \ + -j .vendor_cert \ +- --target=efi-app-$(ARCH) $^ $@ +- objcopy -j .text -j .sdata -j .data \ +- -j .dynamic -j .dynsym -j .rel \ +- -j .rela -j .reloc -j .eh_frame \ ++ $(FORMAT) $^ $@ ++ $(OBJCOPY) -j .text -j .sdata -j .data \ ++ -j .dynamic -j .dynsym -j .rel* \ ++ -j .rela* -j .reloc -j .eh_frame \ + -j .debug_info -j .debug_abbrev -j .debug_aranges \ + -j .debug_line -j .debug_str -j .debug_ranges \ +- --target=efi-app-$(ARCH) $^ $@.debug ++ $(FORMAT) $^ $@.debug + + %.efi.signed: %.efi certdb/secmod.db + pesign -n certdb -i $< -c "shim" -s -o $@ -f +@@ -151,3 +158,5 @@ archive: tag + @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) + @rm -rf /tmp/shim-$(VERSION) + @echo "The archive is in shim-$(VERSION).tar.bz2" ++ ++export ARCH CC LD OBJCOPY EFI_INCLUDE +diff --git a/lib/Makefile b/lib/Makefile +index a9c9cf6..ebd21a1 100644 +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -2,23 +2,17 @@ TARGET = lib.a + + LIBFILES = simple_file.o guid.o console.o execute.o configtable.o shell.o variables.o security_policy.o + +-ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) +- +-EFI_INCLUDE = /usr/include/efi + EFI_INCLUDES = -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I../include + +-EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o +-EFI_LDS = $(EFI_PATH)/elf_$(ARCH)_efi.lds +- + CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ +- -fshort-wchar -Wall -mno-red-zone -DBUILD_EFI -fno-builtin \ +- -Werror \ ++ -fshort-wchar -Wall -DBUILD_EFI -fno-builtin -Werror \ + $(EFI_INCLUDES) ++ + ifeq ($(ARCH),x86_64) +- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI ++ CFLAGS += -mno-red-zone -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI + endif + ifeq ($(ARCH),ia32) +- CFLAGS += -m32 ++ CFLAGS += -mno-red-zone -m32 + endif + + lib.a: $(LIBFILES) +diff --git a/netboot.c b/netboot.c +index 5ef53f7..238937d 100644 +--- a/netboot.c ++++ b/netboot.c +@@ -40,15 +40,7 @@ + #include "netboot.h" + #include "str.h" + +-static inline unsigned short int __swap16(unsigned short int x) +-{ +- __asm__("xchgb %b0,%h0" +- : "=q" (x) +- : "0" (x)); +- return x; +-} +- +-#define ntohs(x) __swap16(x) ++#define ntohs(x) __builtin_bswap16(x) /* supported both by GCC and clang */ + #define htons(x) ntohs(x) + + static EFI_PXE_BASE_CODE *pxe; +-- +1.9.3 + diff --git a/SOURCES/0048-Add-support-for-64-bit-ARM-AArch64.patch b/SOURCES/0048-Add-support-for-64-bit-ARM-AArch64.patch new file mode 100644 index 0000000..838e655 --- /dev/null +++ b/SOURCES/0048-Add-support-for-64-bit-ARM-AArch64.patch @@ -0,0 +1,131 @@ +From 04cba93d64b5ffd3a05be82aacea5c2b2d0ea94c Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 12 Aug 2014 15:33:21 +0200 +Subject: [PATCH 48/74] Add support for 64-bit ARM (AArch64) + +This adds support for building the shim for a 64-bit ARM UEFI environment. + +Signed-off-by: Ard Biesheuvel +--- + Cryptlib/OpenSSL/Makefile | 3 +++ + Makefile | 10 ++++++++ + elf_aarch64_efi.lds | 65 +++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 78 insertions(+) + create mode 100644 elf_aarch64_efi.lds + +diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile +index 9097580..17b5695 100644 +--- a/Cryptlib/OpenSSL/Makefile ++++ b/Cryptlib/OpenSSL/Makefile +@@ -12,6 +12,9 @@ ifeq ($(ARCH),ia32) + CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ + -m32 -DTHIRTY_TWO_BIT + endif ++ifeq ($(ARCH),aarch64) ++ CFLAGS += -O2 -DSIXTY_FOUR_BIT_LONG -ffreestanding -I$(shell $(CC) -print-file-name=include) ++endif + LDFLAGS = -nostdlib -znocombreloc + + TARGET = libopenssl.a +diff --git a/Makefile b/Makefile +index f65bb3b..3529b45 100644 +--- a/Makefile ++++ b/Makefile +@@ -37,6 +37,10 @@ ifeq ($(ARCH),ia32) + CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 + endif + ++ifeq ($(ARCH),aarch64) ++ CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include) ++endif ++ + ifneq ($(origin VENDOR_CERT_FILE), undefined) + CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" + endif +@@ -108,6 +112,12 @@ Cryptlib/OpenSSL/libopenssl.a: + lib/lib.a: + $(MAKE) -C lib + ++ifeq ($(ARCH),aarch64) ++FORMAT := -O binary ++SUBSYSTEM := 0xa ++LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) ++endif ++ + FORMAT ?= --target efi-app-$(ARCH) + + %.efi: %.so +diff --git a/elf_aarch64_efi.lds b/elf_aarch64_efi.lds +new file mode 100644 +index 0000000..9c9a055 +--- /dev/null ++++ b/elf_aarch64_efi.lds +@@ -0,0 +1,65 @@ ++OUTPUT_FORMAT("elf64-littleaarch64", "elf64-littleaarch64", "elf64-littleaarch64") ++OUTPUT_ARCH(aarch64) ++ENTRY(_start) ++SECTIONS ++{ ++ .text 0x0 : { ++ *(.text.head) ++ *(.text) ++ *(.text.*) ++ *(.gnu.linkonce.t.*) ++ *(.srodata) ++ *(.rodata*) ++ . = ALIGN(16); ++ _etext = .; ++ } ++ .dynamic : { *(.dynamic) } ++ .data : ++ { ++ *(.sdata) ++ *(.data) ++ *(.data1) ++ *(.data.*) ++ *(.got.plt) ++ *(.got) ++ ++ /* the EFI loader doesn't seem to like a .bss section, so we stick ++ it all into .data: */ ++ . = ALIGN(16); ++ _bss = .; ++ *(.sbss) ++ *(.scommon) ++ *(.dynbss) ++ *(.bss) ++ *(COMMON) ++ . = ALIGN(16); ++ _bss_end = .; ++ } ++ ++ . = ALIGN(4096); ++ .vendor_cert : ++ { ++ *(.vendor_cert) ++ } ++ . = ALIGN(4096); ++ ++ .rela.dyn : { *(.rela.dyn) } ++ .rela.plt : { *(.rela.plt) } ++ .rela.got : { *(.rela.got) } ++ .rela.data : { *(.rela.data) *(.rela.data*) } ++ _edata = .; ++ _data_size = . - _etext; ++ ++ . = ALIGN(4096); ++ .dynsym : { *(.dynsym) } ++ . = ALIGN(4096); ++ .dynstr : { *(.dynstr) } ++ . = ALIGN(4096); ++ /DISCARD/ : ++ { ++ *(.rel.reloc) ++ *(.eh_frame) ++ *(.note.GNU-stack) ++ } ++ .comment 0 : { *(.comment) } ++} +-- +1.9.3 + diff --git a/SOURCES/0049-Add-support-for-32-bit-ARM.patch b/SOURCES/0049-Add-support-for-32-bit-ARM.patch new file mode 100644 index 0000000..49d4975 --- /dev/null +++ b/SOURCES/0049-Add-support-for-32-bit-ARM.patch @@ -0,0 +1,209 @@ +From fa525bc4632e04346fae82a98ce23b31c6cfc86d Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 12 Aug 2014 15:33:22 +0200 +Subject: [PATCH 49/74] Add support for 32-bit ARM + +This adds support for building the shim for a 32-bit ARM UEFI environment. + +Signed-off-by: Ard Biesheuvel +--- + Cryptlib/OpenSSL/Makefile | 3 +++ + Makefile | 10 ++++++++ + cert.S | 30 ++++++++++------------ + elf_arm_efi.lds | 65 +++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 92 insertions(+), 16 deletions(-) + create mode 100644 elf_arm_efi.lds + +diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile +index 17b5695..7990b3c 100644 +--- a/Cryptlib/OpenSSL/Makefile ++++ b/Cryptlib/OpenSSL/Makefile +@@ -15,6 +15,9 @@ endif + ifeq ($(ARCH),aarch64) + CFLAGS += -O2 -DSIXTY_FOUR_BIT_LONG -ffreestanding -I$(shell $(CC) -print-file-name=include) + endif ++ifeq ($(ARCH),arm) ++ CFLAGS += -O2 -DTHIRTY_TWO_BIT -ffreestanding -I$(shell $(CC) -print-file-name=include) ++endif + LDFLAGS = -nostdlib -znocombreloc + + TARGET = libopenssl.a +diff --git a/Makefile b/Makefile +index 3529b45..5bc513c 100644 +--- a/Makefile ++++ b/Makefile +@@ -41,6 +41,10 @@ ifeq ($(ARCH),aarch64) + CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include) + endif + ++ifeq ($(ARCH),arm) ++ CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include) ++endif ++ + ifneq ($(origin VENDOR_CERT_FILE), undefined) + CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" + endif +@@ -118,6 +122,12 @@ SUBSYSTEM := 0xa + LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) + endif + ++ifeq ($(ARCH),arm) ++FORMAT := -O binary ++SUBSYSTEM := 0xa ++LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) ++endif ++ + FORMAT ?= --target efi-app-$(ARCH) + + %.efi: %.so +diff --git a/cert.S b/cert.S +index 3cfd665..cfc4525 100644 +--- a/cert.S ++++ b/cert.S +@@ -1,9 +1,7 @@ + .globl cert_table +- .data +- .align 16 +- .type cert_table, @object ++ .type cert_table, %object + .size cert_table, 4 +- .section .vendor_cert, "a", @progbits ++ .section .vendor_cert, "a", %progbits + cert_table: + #if defined(VENDOR_CERT_FILE) + .long vendor_cert_priv_end - vendor_cert_priv +@@ -20,48 +18,48 @@ cert_table: + #if defined(VENDOR_CERT_FILE) + .data + .align 1 +- .type vendor_cert_priv, @object ++ .type vendor_cert_priv, %object + .size vendor_cert_priv, vendor_cert_priv_end-vendor_cert_priv +- .section .vendor_cert, "a", @progbits ++ .section .vendor_cert, "a", %progbits + vendor_cert_priv: + .incbin VENDOR_CERT_FILE + vendor_cert_priv_end: + #else + .bss +- .type vendor_cert_priv, @object ++ .type vendor_cert_priv, %object + .size vendor_cert_priv, 1 +- .section .vendor_cert, "a", @progbits ++ .section .vendor_cert, "a", %progbits + vendor_cert_priv: + .zero 1 + + .data + .align 4 +- .type vendor_cert_size_priv, @object ++ .type vendor_cert_size_priv, %object + .size vendor_cert_size_priv, 4 +- .section .vendor_cert, "a", @progbits ++ .section .vendor_cert, "a", %progbits + vendor_cert_priv_end: + #endif + #if defined(VENDOR_DBX_FILE) + .data + .align 1 +- .type vendor_dbx_priv, @object ++ .type vendor_dbx_priv, %object + .size vendor_dbx_priv, vendor_dbx_priv_end-vendor_dbx_priv +- .section .vendor_cert, "a", @progbits ++ .section .vendor_cert, "a", %progbits + vendor_dbx_priv: + .incbin VENDOR_DBX_FILE + vendor_dbx_priv_end: + #else + .bss +- .type vendor_dbx_priv, @object ++ .type vendor_dbx_priv, %object + .size vendor_dbx_priv, 1 +- .section .vendor_cert, "a", @progbits ++ .section .vendor_cert, "a", %progbits + vendor_dbx_priv: + .zero 1 + + .data + .align 4 +- .type vendor_dbx_size_priv, @object ++ .type vendor_dbx_size_priv, %object + .size vendor_dbx_size_priv, 4 +- .section .vendor_cert, "a", @progbits ++ .section .vendor_cert, "a", %progbits + vendor_dbx_priv_end: + #endif +diff --git a/elf_arm_efi.lds b/elf_arm_efi.lds +new file mode 100644 +index 0000000..fd1075d +--- /dev/null ++++ b/elf_arm_efi.lds +@@ -0,0 +1,65 @@ ++OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm") ++OUTPUT_ARCH(arm) ++ENTRY(_start) ++SECTIONS ++{ ++ .text 0x0 : { ++ *(.text.head) ++ *(.text) ++ *(.text.*) ++ *(.gnu.linkonce.t.*) ++ *(.srodata) ++ *(.rodata*) ++ . = ALIGN(16); ++ _etext = .; ++ } ++ .dynamic : { *(.dynamic) } ++ .data : ++ { ++ *(.sdata) ++ *(.data) ++ *(.data1) ++ *(.data) ++ *(.got.plt) ++ *(.got) ++ ++ /* the EFI loader doesn't seem to like a .bss section, so we stick ++ it all into .data: */ ++ . = ALIGN(16); ++ _bss = .; ++ *(.sbss) ++ *(.scommon) ++ *(.dynbss) ++ *(.bss) ++ *(COMMON) ++ . = ALIGN(16); ++ _bss_end = .; ++ } ++ ++ . = ALIGN(4096); ++ .vendor_cert : ++ { ++ *(.vendor_cert) ++ } ++ . = ALIGN(4096); ++ ++ .rel.dyn : { *(.rel.dyn) } ++ .rel.plt : { *(.rel.plt) } ++ .rel.got : { *(.rel.got) } ++ .rel.data : { *(.rel.data) *(.rel.data*) } ++ _edata = .; ++ _data_size = . - _etext; ++ ++ . = ALIGN(4096); ++ .dynsym : { *(.dynsym) } ++ . = ALIGN(4096); ++ .dynstr : { *(.dynstr) } ++ . = ALIGN(4096); ++ /DISCARD/ : ++ { ++ *(.rel.reloc) ++ *(.eh_frame) ++ *(.note.GNU-stack) ++ } ++ .comment 0 : { *(.comment) } ++} +-- +1.9.3 + diff --git a/SOURCES/0050-Update-openssl-to-0.9.8zb.patch b/SOURCES/0050-Update-openssl-to-0.9.8zb.patch new file mode 100644 index 0000000..825c0e8 --- /dev/null +++ b/SOURCES/0050-Update-openssl-to-0.9.8zb.patch @@ -0,0 +1,4231 @@ +From 21f96e586351fc8b535353f2dea7c784e931d14a Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 19 Aug 2014 12:15:00 +0800 +Subject: [PATCH 50/74] Update openssl to 0.9.8zb + +Also update to Tiano Cryptlib r15802 and remove the execute mode +bits from the C and header files of openssl +--- + Cryptlib/OpenSSL/crypto/aes/aes_cbc.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_cfb.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_core.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_ctr.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_ecb.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_ige.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_misc.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_ofb.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_wrap.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_bool.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_bytes.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_digest.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_dup.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_enum.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_gentm.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_hdr.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_int.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_meth.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_object.c | 30 +- + Cryptlib/OpenSSL/crypto/asn1/a_octet.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_print.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_set.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_sign.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_time.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_type.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_utctm.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_utf8.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 0 + Cryptlib/OpenSSL/crypto/asn1/asn1_err.c | 0 + Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c | 0 + Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c | 3 + + Cryptlib/OpenSSL/crypto/asn1/asn1_par.c | 0 + Cryptlib/OpenSSL/crypto/asn1/asn_mime.c | 2 + + Cryptlib/OpenSSL/crypto/asn1/asn_moid.c | 0 + Cryptlib/OpenSSL/crypto/asn1/asn_pack.c | 12 +- + Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c | 0 + Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c | 0 + Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c | 6 +- + Cryptlib/OpenSSL/crypto/asn1/f_enum.c | 0 + Cryptlib/OpenSSL/crypto/asn1/f_int.c | 0 + Cryptlib/OpenSSL/crypto/asn1/f_string.c | 0 + Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c | 0 + Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c | 0 + Cryptlib/OpenSSL/crypto/asn1/n_pkey.c | 0 + Cryptlib/OpenSSL/crypto/asn1/nsseq.c | 0 + Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c | 0 + Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c | 0 + Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c | 0 + Cryptlib/OpenSSL/crypto/asn1/t_bitst.c | 0 + Cryptlib/OpenSSL/crypto/asn1/t_crl.c | 0 + Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 0 + Cryptlib/OpenSSL/crypto/asn1/t_req.c | 0 + Cryptlib/OpenSSL/crypto/asn1/t_spki.c | 0 + Cryptlib/OpenSSL/crypto/asn1/t_x509.c | 2 + + Cryptlib/OpenSSL/crypto/asn1/t_x509a.c | 0 + Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c | 0 + Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c | 7 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c | 0 + Cryptlib/OpenSSL/crypto/asn1/tasn_new.c | 0 + Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c | 0 + Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_algor.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_attrib.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_bignum.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_crl.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_exten.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_info.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_long.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_name.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_pkey.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_req.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_sig.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_spki.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_val.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_x509.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_x509a.c | 0 + Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c | 0 + Cryptlib/OpenSSL/crypto/bf/bf_ecb.c | 0 + Cryptlib/OpenSSL/crypto/bf/bf_enc.c | 0 + Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c | 0 + Cryptlib/OpenSSL/crypto/bf/bf_skey.c | 0 + Cryptlib/OpenSSL/crypto/bio/b_dump.c | 0 + Cryptlib/OpenSSL/crypto/bio/bf_buff.c | 0 + Cryptlib/OpenSSL/crypto/bio/bf_nbio.c | 0 + Cryptlib/OpenSSL/crypto/bio/bf_null.c | 0 + Cryptlib/OpenSSL/crypto/bio/bio_cb.c | 0 + Cryptlib/OpenSSL/crypto/bio/bio_err.c | 0 + Cryptlib/OpenSSL/crypto/bio/bio_lib.c | 4 +- + Cryptlib/OpenSSL/crypto/bio/bss_bio.c | 0 + Cryptlib/OpenSSL/crypto/bio/bss_dgram.c | 0 + Cryptlib/OpenSSL/crypto/bio/bss_fd.c | 0 + Cryptlib/OpenSSL/crypto/bio/bss_file.c | 0 + Cryptlib/OpenSSL/crypto/bio/bss_log.c | 0 + Cryptlib/OpenSSL/crypto/bio/bss_mem.c | 0 + Cryptlib/OpenSSL/crypto/bio/bss_null.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_add.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_asm.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_blind.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_const.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_ctx.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_depr.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_div.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_err.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_exp.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_exp2.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_gcd.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c | 51 ++ + Cryptlib/OpenSSL/crypto/bn/bn_kron.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 61 +- + Cryptlib/OpenSSL/crypto/bn/bn_mod.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_mpi.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_mul.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_nist.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_opt.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_prime.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_print.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_rand.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_recp.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_shift.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_sqr.c | 1 + + Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_word.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_x931p.c | 0 + Cryptlib/OpenSSL/crypto/buffer/buf_err.c | 0 + Cryptlib/OpenSSL/crypto/buffer/buf_str.c | 0 + Cryptlib/OpenSSL/crypto/buffer/buffer.c | 0 + Cryptlib/OpenSSL/crypto/cast/c_cfb64.c | 0 + Cryptlib/OpenSSL/crypto/cast/c_ecb.c | 0 + Cryptlib/OpenSSL/crypto/cast/c_enc.c | 0 + Cryptlib/OpenSSL/crypto/cast/c_ofb64.c | 0 + Cryptlib/OpenSSL/crypto/cast/c_skey.c | 0 + Cryptlib/OpenSSL/crypto/comp/c_rle.c | 0 + Cryptlib/OpenSSL/crypto/comp/c_zlib.c | 0 + Cryptlib/OpenSSL/crypto/comp/comp_err.c | 0 + Cryptlib/OpenSSL/crypto/comp/comp_lib.c | 0 + Cryptlib/OpenSSL/crypto/conf/conf_api.c | 2 +- + Cryptlib/OpenSSL/crypto/conf/conf_def.c | 2 +- + Cryptlib/OpenSSL/crypto/conf/conf_err.c | 0 + Cryptlib/OpenSSL/crypto/conf/conf_lib.c | 0 + Cryptlib/OpenSSL/crypto/conf/conf_mall.c | 0 + Cryptlib/OpenSSL/crypto/conf/conf_mod.c | 0 + Cryptlib/OpenSSL/crypto/conf/conf_sap.c | 0 + Cryptlib/OpenSSL/crypto/cpt_err.c | 0 + Cryptlib/OpenSSL/crypto/cryptlib.c | 0 + Cryptlib/OpenSSL/crypto/cversion.c | 0 + Cryptlib/OpenSSL/crypto/des/cbc_cksm.c | 0 + Cryptlib/OpenSSL/crypto/des/cbc_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/cfb64ede.c | 0 + Cryptlib/OpenSSL/crypto/des/cfb64enc.c | 0 + Cryptlib/OpenSSL/crypto/des/cfb_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/des_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/des_lib.c | 0 + Cryptlib/OpenSSL/crypto/des/des_old.c | 0 + Cryptlib/OpenSSL/crypto/des/des_old2.c | 0 + Cryptlib/OpenSSL/crypto/des/ecb3_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/ecb_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/enc_read.c | 0 + Cryptlib/OpenSSL/crypto/des/enc_writ.c | 0 + Cryptlib/OpenSSL/crypto/des/fcrypt.c | 0 + Cryptlib/OpenSSL/crypto/des/fcrypt_b.c | 0 + Cryptlib/OpenSSL/crypto/des/ofb64ede.c | 0 + Cryptlib/OpenSSL/crypto/des/ofb64enc.c | 0 + Cryptlib/OpenSSL/crypto/des/ofb_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/pcbc_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/qud_cksm.c | 0 + Cryptlib/OpenSSL/crypto/des/rand_key.c | 0 + Cryptlib/OpenSSL/crypto/des/read2pwd.c | 0 + Cryptlib/OpenSSL/crypto/des/rpc_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/set_key.c | 0 + Cryptlib/OpenSSL/crypto/des/str2key.c | 0 + Cryptlib/OpenSSL/crypto/des/xcbc_enc.c | 0 + Cryptlib/OpenSSL/crypto/dh/dh_asn1.c | 0 + Cryptlib/OpenSSL/crypto/dh/dh_check.c | 0 + Cryptlib/OpenSSL/crypto/dh/dh_depr.c | 0 + Cryptlib/OpenSSL/crypto/dh/dh_err.c | 0 + Cryptlib/OpenSSL/crypto/dh/dh_gen.c | 0 + Cryptlib/OpenSSL/crypto/dh/dh_key.c | 0 + Cryptlib/OpenSSL/crypto/dh/dh_lib.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_err.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_key.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_dl.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_err.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_lib.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_null.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_openssl.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_vms.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_win32.c | 0 + Cryptlib/OpenSSL/crypto/dyn_lck.c | 0 + Cryptlib/OpenSSL/crypto/ebcdic.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_asn1.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_check.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_curve.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_cvt.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_err.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_key.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_lib.c | 2 +- + Cryptlib/OpenSSL/crypto/ec/ec_mult.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_print.c | 0 + Cryptlib/OpenSSL/crypto/ec/ecp_mont.c | 0 + Cryptlib/OpenSSL/crypto/ec/ecp_nist.c | 0 + Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c | 174 ++--- + Cryptlib/OpenSSL/crypto/ecdh/ech_err.c | 0 + Cryptlib/OpenSSL/crypto/ecdh/ech_key.c | 0 + Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c | 0 + Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c | 0 + Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c | 0 + Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c | 0 + Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c | 0 + Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c | 0 + Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c | 0 + Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_all.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_cnf.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_dyn.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_err.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_fat.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_init.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_lib.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_list.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_openssl.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_padlock.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_pkey.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_table.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_cipher.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_dh.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_digest.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_dsa.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_rand.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_rsa.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_store.c | 0 + Cryptlib/OpenSSL/crypto/err/err.c | 0 + Cryptlib/OpenSSL/crypto/err/err_all.c | 0 + Cryptlib/OpenSSL/crypto/err/err_bio.c | 0 + Cryptlib/OpenSSL/crypto/err/err_def.c | 0 + Cryptlib/OpenSSL/crypto/err/err_prn.c | 0 + Cryptlib/OpenSSL/crypto/err/err_str.c | 0 + Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 0 + Cryptlib/OpenSSL/crypto/evp/bio_enc.c | 0 + Cryptlib/OpenSSL/crypto/evp/bio_md.c | 0 + Cryptlib/OpenSSL/crypto/evp/bio_ok.c | 0 + Cryptlib/OpenSSL/crypto/evp/c_all.c | 0 + Cryptlib/OpenSSL/crypto/evp/c_allc.c | 0 + Cryptlib/OpenSSL/crypto/evp/c_alld.c | 0 + Cryptlib/OpenSSL/crypto/evp/dig_eng.c | 0 + Cryptlib/OpenSSL/crypto/evp/digest.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_aes.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_bf.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_cast.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_des.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_des3.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_idea.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_null.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_old.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_rc2.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_rc4.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_rc5.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c | 0 + Cryptlib/OpenSSL/crypto/evp/enc_min.c | 0 + Cryptlib/OpenSSL/crypto/evp/encode.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_acnf.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_cnf.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_enc.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_err.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_key.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_lib.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_pbe.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_pkey.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_dss.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_dss1.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_md2.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_md4.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_md5.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_null.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_ripemd.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_sha.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_sha1.c | 0 + Cryptlib/OpenSSL/crypto/evp/names.c | 0 + Cryptlib/OpenSSL/crypto/evp/p5_crpt.c | 0 + Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c | 0 + Cryptlib/OpenSSL/crypto/evp/p_dec.c | 0 + Cryptlib/OpenSSL/crypto/evp/p_enc.c | 0 + Cryptlib/OpenSSL/crypto/evp/p_lib.c | 0 + Cryptlib/OpenSSL/crypto/evp/p_open.c | 0 + Cryptlib/OpenSSL/crypto/evp/p_seal.c | 0 + Cryptlib/OpenSSL/crypto/evp/p_sign.c | 0 + Cryptlib/OpenSSL/crypto/evp/p_verify.c | 0 + Cryptlib/OpenSSL/crypto/ex_data.c | 0 + Cryptlib/OpenSSL/crypto/fips_err.c | 0 + Cryptlib/OpenSSL/crypto/hmac/hmac.c | 0 + Cryptlib/OpenSSL/crypto/idea/i_cbc.c | 0 + Cryptlib/OpenSSL/crypto/idea/i_cfb64.c | 0 + Cryptlib/OpenSSL/crypto/idea/i_ecb.c | 0 + Cryptlib/OpenSSL/crypto/idea/i_ofb64.c | 0 + Cryptlib/OpenSSL/crypto/idea/i_skey.c | 0 + Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c | 0 + Cryptlib/OpenSSL/crypto/lhash/lh_stats.c | 0 + Cryptlib/OpenSSL/crypto/lhash/lhash.c | 0 + Cryptlib/OpenSSL/crypto/md2/md2_dgst.c | 0 + Cryptlib/OpenSSL/crypto/md2/md2_one.c | 0 + Cryptlib/OpenSSL/crypto/md4/md4_dgst.c | 0 + Cryptlib/OpenSSL/crypto/md4/md4_one.c | 0 + Cryptlib/OpenSSL/crypto/md5/md5_dgst.c | 0 + Cryptlib/OpenSSL/crypto/md5/md5_one.c | 0 + Cryptlib/OpenSSL/crypto/mem.c | 0 + Cryptlib/OpenSSL/crypto/mem_clr.c | 0 + Cryptlib/OpenSSL/crypto/mem_dbg.c | 0 + Cryptlib/OpenSSL/crypto/o_dir.c | 0 + Cryptlib/OpenSSL/crypto/o_init.c | 0 + Cryptlib/OpenSSL/crypto/o_str.c | 0 + Cryptlib/OpenSSL/crypto/o_time.c | 0 + Cryptlib/OpenSSL/crypto/objects/o_names.c | 0 + Cryptlib/OpenSSL/crypto/objects/obj_dat.c | 16 +- + Cryptlib/OpenSSL/crypto/objects/obj_err.c | 0 + Cryptlib/OpenSSL/crypto/objects/obj_lib.c | 0 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c | 0 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c | 0 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c | 0 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c | 0 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c | 3 + + Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c | 13 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c | 0 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c | 0 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_all.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_err.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_info.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_lib.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_oth.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_pk8.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_pkey.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_seal.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_sign.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_x509.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_xaux.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c | 0 + Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c | 0 + Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c | 0 + Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 0 + Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c | 0 + Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c | 0 + Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 0 + Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c | 0 + Cryptlib/OpenSSL/crypto/pqueue/pqueue.c | 0 + Cryptlib/OpenSSL/crypto/rand/md_rand.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_egd.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_eng.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_err.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_lib.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_nw.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_os2.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_unix.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_win.c | 0 + Cryptlib/OpenSSL/crypto/rand/randfile.c | 0 + Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c | 0 + Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c | 0 + Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c | 0 + Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c | 0 + Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c | 0 + Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c | 0 + Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c | 0 + Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c | 0 + Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c | 0 + Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c | 2 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_err.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_none.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_null.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c | 0 + Cryptlib/OpenSSL/crypto/sha/sha1_one.c | 0 + Cryptlib/OpenSSL/crypto/sha/sha1dgst.c | 0 + Cryptlib/OpenSSL/crypto/sha/sha256.c | 0 + Cryptlib/OpenSSL/crypto/sha/sha512.c | 0 + Cryptlib/OpenSSL/crypto/sha/sha_dgst.c | 0 + Cryptlib/OpenSSL/crypto/sha/sha_one.c | 0 + Cryptlib/OpenSSL/crypto/stack/stack.c | 0 + Cryptlib/OpenSSL/crypto/store/str_err.c | 0 + Cryptlib/OpenSSL/crypto/store/str_lib.c | 0 + Cryptlib/OpenSSL/crypto/store/str_mem.c | 0 + Cryptlib/OpenSSL/crypto/store/str_meth.c | 0 + Cryptlib/OpenSSL/crypto/txt_db/txt_db.c | 0 + Cryptlib/OpenSSL/crypto/ui/ui_compat.c | 0 + Cryptlib/OpenSSL/crypto/ui/ui_err.c | 0 + Cryptlib/OpenSSL/crypto/ui/ui_lib.c | 2 +- + Cryptlib/OpenSSL/crypto/ui/ui_util.c | 0 + Cryptlib/OpenSSL/crypto/uid.c | 0 + Cryptlib/OpenSSL/crypto/x509/by_dir.c | 0 + Cryptlib/OpenSSL/crypto/x509/by_file.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_att.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_cmp.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_d2.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_def.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_err.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_ext.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_lu.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_obj.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_r2x.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_req.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_set.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_trs.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_txt.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_v3.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_vpm.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509cset.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509name.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509rset.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509spki.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509type.c | 0 + Cryptlib/OpenSSL/crypto/x509/x_all.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_info.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_int.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3err.c | 0 + Cryptlib/OpenSSL/e_os.h | 0 + Cryptlib/OpenSSL/update.sh | 999 +++++++++++++------------ + Cryptlib/Pk/CryptAuthenticode.c | 4 +- + 500 files changed, 720 insertions(+), 678 deletions(-) + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_cbc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_cfb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_core.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ctr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ecb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ige.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_misc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ofb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_wrap.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bool.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bytes.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_digest.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_dup.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_enum.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_gentm.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_hdr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_int.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_meth.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_object.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_octet.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_print.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_set.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_sign.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_strex.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_strnid.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_time.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_type.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_utctm.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_utf8.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_verify.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_par.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_mime.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_moid.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_pack.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_enum.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_int.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_string.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/n_pkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/nsseq.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_bitst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_crl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_pkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_req.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_spki.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_x509.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_x509a.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_new.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_algor.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_attrib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_bignum.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_crl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_exten.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_info.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_long.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_name.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_pkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_req.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_sig.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_spki.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_val.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_x509.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_x509a.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_ecb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_skey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/b_dump.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_buff.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_nbio.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_null.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_cb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_bio.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_dgram.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_fd.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_file.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_log.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_mem.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_null.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_add.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_asm.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_blind.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_const.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_ctx.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_depr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_div.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_exp.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_exp2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_gcd.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_kron.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mod.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mont.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mpi.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mul.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_nist.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_opt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_prime.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_print.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_rand.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_recp.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_shift.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_sqr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_word.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_x931p.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buf_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buf_str.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buffer.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_cfb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_ecb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_ofb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_skey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/c_rle.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/c_zlib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/comp_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/comp_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_api.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_def.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_mall.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_mod.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_sap.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cpt_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cryptlib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cversion.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cbc_cksm.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cbc_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb64ede.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb64enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_old.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_old2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ecb3_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ecb_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/enc_read.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/enc_writ.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/fcrypt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/fcrypt_b.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb64ede.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb64enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/pcbc_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/qud_cksm.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/rand_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/read2pwd.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/rpc_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/set_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/str2key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/xcbc_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_asn1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_check.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_depr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_gen.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_dl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_null.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_openssl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_vms.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_win32.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dyn_lck.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ebcdic.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec2_mult.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_asn1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_check.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_curve.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_cvt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_mult.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_print.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_mont.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_nist.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_all.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_cnf.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_dyn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_fat.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_init.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_list.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_openssl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_padlock.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_pkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_table.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_cipher.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_dh.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_digest.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_dsa.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_rand.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_rsa.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_store.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_all.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_bio.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_def.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_prn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_str.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_b64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_md.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_ok.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_all.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_allc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_alld.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/dig_eng.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/digest.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_aes.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_bf.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_cast.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_des.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_des3.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_idea.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_null.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_old.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc4.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc5.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/enc_min.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/encode.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_acnf.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_cnf.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_pbe.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_pkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_dss.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_dss1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md4.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md5.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_null.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_ripemd.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_sha.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_sha1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/names.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p5_crpt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_dec.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_open.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_seal.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_sign.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_verify.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ex_data.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/fips_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/hmac/hmac.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_cbc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_cfb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_ecb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_ofb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_skey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/lhash/lh_stats.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/lhash/lhash.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md2/md2_dgst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md2/md2_one.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md4/md4_dgst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md4/md4_one.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md5/md5_dgst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md5/md5_one.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem_clr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem_dbg.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_dir.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_init.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_str.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_time.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/o_names.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_dat.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_all.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_info.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_oth.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_pk8.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_pkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_seal.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_sign.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_x509.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_xaux.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pqueue/pqueue.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/md_rand.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_egd.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_eng.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_nw.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_os2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_unix.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_win.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/randfile.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_none.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_null.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha1_one.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha1dgst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha256.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha512.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha_dgst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha_one.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/stack/stack.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_mem.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_meth.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/txt_db/txt_db.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_compat.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_util.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/uid.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/by_dir.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/by_file.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_att.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_cmp.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_d2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_def.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_ext.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_lu.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_obj.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_r2x.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_req.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_set.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_trs.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_txt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_v3.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_vfy.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_vpm.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509cset.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509name.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509rset.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509spki.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509type.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x_all.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_info.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_int.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/e_os.h + +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_core.c b/Cryptlib/OpenSSL/crypto/aes/aes_core.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bool.c b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_enum.c b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c b/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_meth.c b/Cryptlib/OpenSSL/crypto/asn1/a_meth.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_object.c b/Cryptlib/OpenSSL/crypto/asn1/a_object.c +old mode 100755 +new mode 100644 +index 3ac2bc2..e50501a +--- a/Cryptlib/OpenSSL/crypto/asn1/a_object.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_object.c +@@ -285,16 +285,28 @@ err: + ASN1_OBJECT_free(ret); + return(NULL); + } ++ + ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long len) + { + ASN1_OBJECT *ret=NULL; + const unsigned char *p; +- int i; +- /* Sanity check OID encoding: can't have leading 0x80 in +- * subidentifiers, see: X.690 8.19.2 ++ int i, length; ++ ++ /* Sanity check OID encoding. ++ * Need at least one content octet. ++ * MSB must be clear in the last octet. ++ * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 + */ +- for (i = 0, p = *pp; i < len; i++, p++) ++ if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || ++ p[len - 1] & 0x80) ++ { ++ ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); ++ return NULL; ++ } ++ /* Now 0 < len <= INT_MAX, so the cast is safe. */ ++ length = (int)len; ++ for (i = 0; i < length; i++, p++) + { + if (*p == 0x80 && (!i || !(p[-1] & 0x80))) + { +@@ -313,20 +325,20 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + else ret=(*a); + + p= *pp; +- if ((ret->data == NULL) || (ret->length < len)) ++ if ((ret->data == NULL) || (ret->length < length)) + { + if (ret->data != NULL) OPENSSL_free(ret->data); +- ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); ++ ret->data=(unsigned char *)OPENSSL_malloc(length); + ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; + if (ret->data == NULL) + { i=ERR_R_MALLOC_FAILURE; goto err; } + } +- memcpy(ret->data,p,(int)len); +- ret->length=(int)len; ++ memcpy(ret->data,p,length); ++ ret->length=length; + ret->sn=NULL; + ret->ln=NULL; + /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ +- p+=len; ++ p+=length; + + if (a != NULL) (*a)=ret; + *pp=p; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_print.c b/Cryptlib/OpenSSL/crypto/asn1/a_print.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_set.c b/Cryptlib/OpenSSL/crypto/asn1/a_set.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_time.c b/Cryptlib/OpenSSL/crypto/asn1/a_time.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_type.c b/Cryptlib/OpenSSL/crypto/asn1/a_type.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c +old mode 100755 +new mode 100644 +index 5af559e..d345155 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c +@@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + *pclass=xclass; + if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; + ++ if (inf && !(ret & V_ASN1_CONSTRUCTED)) ++ goto err; ++ + #if 0 + fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", + (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c +old mode 100755 +new mode 100644 +index ad8fbed..095887f +--- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c +@@ -595,6 +595,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) + int len, state, save_state = 0; + + headers = sk_MIME_HEADER_new(mime_hdr_cmp); ++ if (!headers) ++ return NULL; + while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + /* If whitespace at line start then continuation line */ + if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c +old mode 100755 +new mode 100644 +index f1a5a05..c373714 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c +@@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct) + + if (!(octmp->length = i2d(obj, NULL))) { + ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); +- return NULL; ++ goto err; + } + if (!(p = OPENSSL_malloc (octmp->length))) { + ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); +- return NULL; ++ goto err; + } + octmp->data = p; + i2d (obj, &p); + return octmp; ++ err: ++ if (!oct || !*oct) ++ { ++ ASN1_STRING_free(octmp); ++ if (oct) ++ *oct = NULL; ++ } ++ return NULL; + } + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c +old mode 100755 +new mode 100644 +index f3d9804..1b94459 +--- a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c +@@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) + ASN1_STRING *os; + + if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); +- if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0); ++ if (!M_ASN1_OCTET_STRING_set(os,data,len)) ++ { ++ M_ASN1_OCTET_STRING_free(os); ++ return 0; ++ } + ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); + return(1); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_enum.c b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_int.c b/Cryptlib/OpenSSL/crypto/asn1/f_int.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_string.c b/Cryptlib/OpenSSL/crypto/asn1/f_string.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c +old mode 100755 +new mode 100644 +index 6f295b4..f9dad0e +--- a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c +@@ -465,6 +465,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) + l=80-2-obase; + + b=X509_NAME_oneline(name,NULL,0); ++ if (!b) ++ return 0; + if (!*b) + { + OPENSSL_free(b); +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c +old mode 100755 +new mode 100644 +index 2721f90..b3687f9 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c +@@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, + { + derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) + * sizeof(*derlst)); ++ if (!derlst) ++ return 0; + tmpdat = OPENSSL_malloc(skcontlen); +- if (!derlst || !tmpdat) ++ if (!tmpdat) ++ { ++ OPENSSL_free(derlst); + return 0; ++ } + } + } + /* If not sorting just output each item */ +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_exten.c b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_info.c b/Cryptlib/OpenSSL/crypto/asn1/x_info.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_long.c b/Cryptlib/OpenSSL/crypto/asn1/x_long.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_name.c b/Cryptlib/OpenSSL/crypto/asn1/x_name.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_req.c b/Cryptlib/OpenSSL/crypto/asn1/x_req.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_val.c b/Cryptlib/OpenSSL/crypto/asn1/x_val.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c b/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_enc.c b/Cryptlib/OpenSSL/crypto/bf/bf_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_skey.c b/Cryptlib/OpenSSL/crypto/bf/bf_skey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/b_dump.c b/Cryptlib/OpenSSL/crypto/bio/b_dump.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_null.c b/Cryptlib/OpenSSL/crypto/bio/bf_null.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_err.c b/Cryptlib/OpenSSL/crypto/bio/bio_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c +old mode 100755 +new mode 100644 +index 371cdf5..6346c19 +--- a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c +@@ -132,8 +132,8 @@ int BIO_free(BIO *a) + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); + +- if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); +- a->method->destroy(a); ++ if ((a->method != NULL) && (a->method->destroy != NULL)) ++ a->method->destroy(a); + OPENSSL_free(a); + return(1); + } +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_file.c b/Cryptlib/OpenSSL/crypto/bio/bss_file.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_log.c b/Cryptlib/OpenSSL/crypto/bio/bss_log.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_null.c b/Cryptlib/OpenSSL/crypto/bio/bss_null.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_add.c b/Cryptlib/OpenSSL/crypto/bn/bn_add.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_const.c b/Cryptlib/OpenSSL/crypto/bn/bn_const.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_div.c b/Cryptlib/OpenSSL/crypto/bn/bn_div.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_err.c b/Cryptlib/OpenSSL/crypto/bn/bn_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c +old mode 100755 +new mode 100644 +index 5d90f1e..28f1fa8 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c +@@ -1095,3 +1095,54 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) + return 1; + } + ++/* ++ * Constant-time conditional swap of a and b. ++ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. ++ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, ++ * and that no more than nwords are used by either a or b. ++ * a and b cannot be the same number ++ */ ++void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) ++ { ++ BN_ULONG t; ++ int i; ++ ++ bn_wcheck_size(a, nwords); ++ bn_wcheck_size(b, nwords); ++ ++ assert(a != b); ++ assert((condition & (condition - 1)) == 0); ++ assert(sizeof(BN_ULONG) >= sizeof(int)); ++ ++ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; ++ ++ t = (a->top^b->top) & condition; ++ a->top ^= t; ++ b->top ^= t; ++ ++#define BN_CONSTTIME_SWAP(ind) \ ++ do { \ ++ t = (a->d[ind] ^ b->d[ind]) & condition; \ ++ a->d[ind] ^= t; \ ++ b->d[ind] ^= t; \ ++ } while (0) ++ ++ ++ switch (nwords) { ++ default: ++ for (i = 10; i < nwords; i++) ++ BN_CONSTTIME_SWAP(i); ++ /* Fallthrough */ ++ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ ++ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ ++ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ ++ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ ++ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ ++ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ ++ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ ++ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ ++ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ ++ case 1: BN_CONSTTIME_SWAP(0); ++ } ++#undef BN_CONSTTIME_SWAP ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +old mode 100755 +new mode 100644 +index b66f507..c288844 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +@@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) + BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); + return(NULL); + } ++#ifdef PURIFY ++ /* Valgrind complains in BN_consttime_swap because we process the whole ++ * array even if it's not initialised yet. This doesn't matter in that ++ * function - what's important is constant time operation (we're not ++ * actually going to use the data) ++ */ ++ memset(a, 0, sizeof(BN_ULONG)*words); ++#endif ++ + #if 1 + B=b->d; + /* Check if the previous number needs to be copied */ +@@ -824,55 +833,3 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, + } + return bn_cmp_words(a,b,cl); + } +- +-/* +- * Constant-time conditional swap of a and b. +- * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. +- * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, +- * and that no more than nwords are used by either a or b. +- * a and b cannot be the same number +- */ +-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) +- { +- BN_ULONG t; +- int i; +- +- bn_wcheck_size(a, nwords); +- bn_wcheck_size(b, nwords); +- +- assert(a != b); +- assert((condition & (condition - 1)) == 0); +- assert(sizeof(BN_ULONG) >= sizeof(int)); +- +- condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; +- +- t = (a->top^b->top) & condition; +- a->top ^= t; +- b->top ^= t; +- +-#define BN_CONSTTIME_SWAP(ind) \ +- do { \ +- t = (a->d[ind] ^ b->d[ind]) & condition; \ +- a->d[ind] ^= t; \ +- b->d[ind] ^= t; \ +- } while (0) +- +- +- switch (nwords) { +- default: +- for (i = 10; i < nwords; i++) +- BN_CONSTTIME_SWAP(i); +- /* Fallthrough */ +- case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ +- case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ +- case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ +- case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ +- case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ +- case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ +- case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ +- case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ +- case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ +- case 1: BN_CONSTTIME_SWAP(0); +- } +-#undef BN_CONSTTIME_SWAP +-} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c b/Cryptlib/OpenSSL/crypto/bn/bn_opt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_print.c b/Cryptlib/OpenSSL/crypto/bn/bn_print.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c +old mode 100755 +new mode 100644 +index 270d0cd..65bbf16 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c +@@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) + if (al <= 0) + { + r->top=0; ++ r->neg = 0; + return 1; + } + +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buffer.c b/Cryptlib/OpenSSL/crypto/buffer/buffer.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c b/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ecb.c b/Cryptlib/OpenSSL/crypto/cast/c_ecb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_enc.c b/Cryptlib/OpenSSL/crypto/cast/c_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c b/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_skey.c b/Cryptlib/OpenSSL/crypto/cast/c_skey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/comp/c_rle.c b/Cryptlib/OpenSSL/crypto/comp/c_rle.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_err.c b/Cryptlib/OpenSSL/crypto/comp/comp_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_api.c b/Cryptlib/OpenSSL/crypto/conf/conf_api.c +old mode 100755 +new mode 100644 +index 17bae83..55d1d50 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_api.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_api.c +@@ -294,7 +294,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) + v->value=(char *)sk; + + vv=(CONF_VALUE *)lh_insert(conf->data,v); +- assert(vv == NULL); ++ OPENSSL_assert(vv == NULL); + ok=1; + err: + if (!ok) +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.c b/Cryptlib/OpenSSL/crypto/conf/conf_def.c +old mode 100755 +new mode 100644 +index 3c58936..a168339 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_def.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.c +@@ -324,7 +324,7 @@ again: + p=eat_ws(conf, end); + if (*p != ']') + { +- if (*p != '\0') ++ if (*p != '\0' && ss != p) + { + ss=p; + goto again; +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_err.c b/Cryptlib/OpenSSL/crypto/conf/conf_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cpt_err.c b/Cryptlib/OpenSSL/crypto/cpt_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cversion.c b/Cryptlib/OpenSSL/crypto/cversion.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_enc.c b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64ede.c b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64enc.c b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/cfb_enc.c b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/des_enc.c b/Cryptlib/OpenSSL/crypto/des/des_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/des_lib.c b/Cryptlib/OpenSSL/crypto/des/des_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/des_old.c b/Cryptlib/OpenSSL/crypto/des/des_old.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/des_old2.c b/Cryptlib/OpenSSL/crypto/des/des_old2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/enc_read.c b/Cryptlib/OpenSSL/crypto/des/enc_read.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/enc_writ.c b/Cryptlib/OpenSSL/crypto/des/enc_writ.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt.c b/Cryptlib/OpenSSL/crypto/des/fcrypt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64ede.c b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64enc.c b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/ofb_enc.c b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/qud_cksm.c b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/rand_key.c b/Cryptlib/OpenSSL/crypto/des/rand_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/read2pwd.c b/Cryptlib/OpenSSL/crypto/des/read2pwd.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/rpc_enc.c b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/set_key.c b/Cryptlib/OpenSSL/crypto/des/set_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/str2key.c b/Cryptlib/OpenSSL/crypto/des/str2key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_check.c b/Cryptlib/OpenSSL/crypto/dh/dh_check.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_err.c b/Cryptlib/OpenSSL/crypto/dh/dh_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_key.c b/Cryptlib/OpenSSL/crypto/dh/dh_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_err.c b/Cryptlib/OpenSSL/crypto/dso/dso_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_null.c b/Cryptlib/OpenSSL/crypto/dso/dso_null.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dyn_lck.c b/Cryptlib/OpenSSL/crypto/dyn_lck.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ebcdic.c b/Cryptlib/OpenSSL/crypto/ebcdic.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c b/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_check.c b/Cryptlib/OpenSSL/crypto/ec/ec_check.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_curve.c b/Cryptlib/OpenSSL/crypto/ec/ec_curve.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c b/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_err.c b/Cryptlib/OpenSSL/crypto/ec/ec_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +old mode 100755 +new mode 100644 +index bbf2799..e7d11ff +--- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +@@ -1010,7 +1010,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX * + + int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) + { +- if (group->meth->dbl == 0) ++ if (group->meth->invert == 0) + { + ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec_mult.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_print.c b/Cryptlib/OpenSSL/crypto/ec/ec_print.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c b/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c b/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c +old mode 100755 +new mode 100644 +index 66a92e2..b239088 +--- a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c +@@ -1540,9 +1540,8 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ct + int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) + { + BN_CTX *new_ctx = NULL; +- BIGNUM *tmp0, *tmp1; +- size_t pow2 = 0; +- BIGNUM **heap = NULL; ++ BIGNUM *tmp, *tmp_Z; ++ BIGNUM **prod_Z = NULL; + size_t i; + int ret = 0; + +@@ -1557,124 +1556,104 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT + } + + BN_CTX_start(ctx); +- tmp0 = BN_CTX_get(ctx); +- tmp1 = BN_CTX_get(ctx); +- if (tmp0 == NULL || tmp1 == NULL) goto err; ++ tmp = BN_CTX_get(ctx); ++ tmp_Z = BN_CTX_get(ctx); ++ if (tmp == NULL || tmp_Z == NULL) goto err; + +- /* Before converting the individual points, compute inverses of all Z values. +- * Modular inversion is rather slow, but luckily we can do with a single +- * explicit inversion, plus about 3 multiplications per input value. +- */ ++ prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); ++ if (prod_Z == NULL) goto err; ++ for (i = 0; i < num; i++) ++ { ++ prod_Z[i] = BN_new(); ++ if (prod_Z[i] == NULL) goto err; ++ } + +- pow2 = 1; +- while (num > pow2) +- pow2 <<= 1; +- /* Now pow2 is the smallest power of 2 satifsying pow2 >= num. +- * We need twice that. */ +- pow2 <<= 1; ++ /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, ++ * skipping any zero-valued inputs (pretend that they're 1). */ + +- heap = OPENSSL_malloc(pow2 * sizeof heap[0]); +- if (heap == NULL) goto err; +- +- /* The array is used as a binary tree, exactly as in heapsort: +- * +- * heap[1] +- * heap[2] heap[3] +- * heap[4] heap[5] heap[6] heap[7] +- * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15] +- * +- * We put the Z's in the last line; +- * then we set each other node to the product of its two child-nodes (where +- * empty or 0 entries are treated as ones); +- * then we invert heap[1]; +- * then we invert each other node by replacing it by the product of its +- * parent (after inversion) and its sibling (before inversion). +- */ +- heap[0] = NULL; +- for (i = pow2/2 - 1; i > 0; i--) +- heap[i] = NULL; +- for (i = 0; i < num; i++) +- heap[pow2/2 + i] = &points[i]->Z; +- for (i = pow2/2 + num; i < pow2; i++) +- heap[i] = NULL; +- +- /* set each node to the product of its children */ +- for (i = pow2/2 - 1; i > 0; i--) ++ if (!BN_is_zero(&points[0]->Z)) + { +- heap[i] = BN_new(); +- if (heap[i] == NULL) goto err; +- +- if (heap[2*i] != NULL) ++ if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err; ++ } ++ else ++ { ++ if (group->meth->field_set_to_one != 0) + { +- if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1])) +- { +- if (!BN_copy(heap[i], heap[2*i])) goto err; +- } +- else +- { +- if (BN_is_zero(heap[2*i])) +- { +- if (!BN_copy(heap[i], heap[2*i + 1])) goto err; +- } +- else +- { +- if (!group->meth->field_mul(group, heap[i], +- heap[2*i], heap[2*i + 1], ctx)) goto err; +- } +- } ++ if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err; ++ } ++ else ++ { ++ if (!BN_one(prod_Z[0])) goto err; + } + } + +- /* invert heap[1] */ +- if (!BN_is_zero(heap[1])) ++ for (i = 1; i < num; i++) + { +- if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx)) ++ if (!BN_is_zero(&points[i]->Z)) + { +- ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); +- goto err; ++ if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err; ++ } ++ else ++ { ++ if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err; + } + } ++ ++ /* Now use a single explicit inversion to replace every ++ * non-zero points[i]->Z by its inverse. */ ++ ++ if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) ++ { ++ ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); ++ goto err; ++ } + if (group->meth->field_encode != 0) + { +- /* in the Montgomery case, we just turned R*H (representing H) ++ /* In the Montgomery case, we just turned R*H (representing H) + * into 1/(R*H), but we need R*(1/H) (representing 1/H); +- * i.e. we have need to multiply by the Montgomery factor twice */ +- if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; +- if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; ++ * i.e. we need to multiply by the Montgomery factor twice. */ ++ if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; ++ if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; + } + +- /* set other heap[i]'s to their inverses */ +- for (i = 2; i < pow2/2 + num; i += 2) ++ for (i = num - 1; i > 0; --i) + { +- /* i is even */ +- if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1])) +- { +- if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err; +- if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err; +- if (!BN_copy(heap[i], tmp0)) goto err; +- if (!BN_copy(heap[i + 1], tmp1)) goto err; +- } +- else ++ /* Loop invariant: tmp is the product of the inverses of ++ * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */ ++ if (!BN_is_zero(&points[i]->Z)) + { +- if (!BN_copy(heap[i], heap[i/2])) goto err; ++ /* Set tmp_Z to the inverse of points[i]->Z (as product ++ * of Z inverses 0 .. i, Z values 0 .. i - 1). */ ++ if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err; ++ /* Update tmp to satisfy the loop invariant for i - 1. */ ++ if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err; ++ /* Replace points[i]->Z by its inverse. */ ++ if (!BN_copy(&points[i]->Z, tmp_Z)) goto err; + } + } + +- /* we have replaced all non-zero Z's by their inverses, now fix up all the points */ ++ if (!BN_is_zero(&points[0]->Z)) ++ { ++ /* Replace points[0]->Z by its inverse. */ ++ if (!BN_copy(&points[0]->Z, tmp)) goto err; ++ } ++ ++ /* Finally, fix up the X and Y coordinates for all points. */ ++ + for (i = 0; i < num; i++) + { + EC_POINT *p = points[i]; +- ++ + if (!BN_is_zero(&p->Z)) + { + /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ + +- if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err; +- if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err; ++ if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err; ++ if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err; ++ ++ if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err; ++ if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err; + +- if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err; +- if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err; +- + if (group->meth->field_set_to_one != 0) + { + if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err; +@@ -1688,20 +1667,19 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT + } + + ret = 1; +- ++ + err: + BN_CTX_end(ctx); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); +- if (heap != NULL) ++ if (prod_Z != NULL) + { +- /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */ +- for (i = pow2/2 - 1; i > 0; i--) ++ for (i = 0; i < num; i++) + { +- if (heap[i] != NULL) +- BN_clear_free(heap[i]); ++ if (prod_Z[i] != NULL) ++ BN_clear_free(prod_Z[i]); + } +- OPENSSL_free(heap); ++ OPENSSL_free(prod_Z); + } + return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c b/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c b/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c b/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c b/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_err.c b/Cryptlib/OpenSSL/crypto/engine/eng_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_fat.c b/Cryptlib/OpenSSL/crypto/engine/eng_fat.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_init.c b/Cryptlib/OpenSSL/crypto/engine/eng_init.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_lib.c b/Cryptlib/OpenSSL/crypto/engine/eng_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_list.c b/Cryptlib/OpenSSL/crypto/engine/eng_list.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c b/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c b/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c b/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_table.c b/Cryptlib/OpenSSL/crypto/engine/eng_table.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c b/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dh.c b/Cryptlib/OpenSSL/crypto/engine/tb_dh.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_digest.c b/Cryptlib/OpenSSL/crypto/engine/tb_digest.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rand.c b/Cryptlib/OpenSSL/crypto/engine/tb_rand.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_store.c b/Cryptlib/OpenSSL/crypto/engine/tb_store.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/err/err_bio.c b/Cryptlib/OpenSSL/crypto/err/err_bio.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/err/err_def.c b/Cryptlib/OpenSSL/crypto/err/err_def.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/err/err_prn.c b/Cryptlib/OpenSSL/crypto/err/err_prn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/err/err_str.c b/Cryptlib/OpenSSL/crypto/err/err_str.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_md.c b/Cryptlib/OpenSSL/crypto/evp/bio_md.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_all.c b/Cryptlib/OpenSSL/crypto/evp/c_all.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_allc.c b/Cryptlib/OpenSSL/crypto/evp/c_allc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_alld.c b/Cryptlib/OpenSSL/crypto/evp/c_alld.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/dig_eng.c b/Cryptlib/OpenSSL/crypto/evp/dig_eng.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/digest.c b/Cryptlib/OpenSSL/crypto/evp/digest.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes.c b/Cryptlib/OpenSSL/crypto/evp/e_aes.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_bf.c b/Cryptlib/OpenSSL/crypto/evp/e_bf.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_cast.c b/Cryptlib/OpenSSL/crypto/evp/e_cast.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des.c b/Cryptlib/OpenSSL/crypto/evp/e_des.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des3.c b/Cryptlib/OpenSSL/crypto/evp/e_des3.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_idea.c b/Cryptlib/OpenSSL/crypto/evp/e_idea.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_null.c b/Cryptlib/OpenSSL/crypto/evp/e_null.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_old.c b/Cryptlib/OpenSSL/crypto/evp/e_old.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/enc_min.c b/Cryptlib/OpenSSL/crypto/evp/enc_min.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_err.c b/Cryptlib/OpenSSL/crypto/evp/evp_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_key.c b/Cryptlib/OpenSSL/crypto/evp/evp_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss.c b/Cryptlib/OpenSSL/crypto/evp/m_dss.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md2.c b/Cryptlib/OpenSSL/crypto/evp/m_md2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md4.c b/Cryptlib/OpenSSL/crypto/evp/m_md4.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5.c b/Cryptlib/OpenSSL/crypto/evp/m_md5.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_null.c b/Cryptlib/OpenSSL/crypto/evp/m_null.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha.c b/Cryptlib/OpenSSL/crypto/evp/m_sha.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/names.c b/Cryptlib/OpenSSL/crypto/evp/names.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_dec.c b/Cryptlib/OpenSSL/crypto/evp/p_dec.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_enc.c b/Cryptlib/OpenSSL/crypto/evp/p_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_lib.c b/Cryptlib/OpenSSL/crypto/evp/p_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_open.c b/Cryptlib/OpenSSL/crypto/evp/p_open.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_seal.c b/Cryptlib/OpenSSL/crypto/evp/p_seal.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_sign.c b/Cryptlib/OpenSSL/crypto/evp/p_sign.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_verify.c b/Cryptlib/OpenSSL/crypto/evp/p_verify.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ex_data.c b/Cryptlib/OpenSSL/crypto/ex_data.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/fips_err.c b/Cryptlib/OpenSSL/crypto/fips_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/hmac/hmac.c b/Cryptlib/OpenSSL/crypto/hmac/hmac.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cbc.c b/Cryptlib/OpenSSL/crypto/idea/i_cbc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c b/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ecb.c b/Cryptlib/OpenSSL/crypto/idea/i_ecb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c b/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_skey.c b/Cryptlib/OpenSSL/crypto/idea/i_skey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash.c b/Cryptlib/OpenSSL/crypto/lhash/lhash.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c b/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_one.c b/Cryptlib/OpenSSL/crypto/md2/md2_one.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_one.c b/Cryptlib/OpenSSL/crypto/md4/md4_one.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_one.c b/Cryptlib/OpenSSL/crypto/md5/md5_one.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/mem.c b/Cryptlib/OpenSSL/crypto/mem.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/mem_clr.c b/Cryptlib/OpenSSL/crypto/mem_clr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/o_dir.c b/Cryptlib/OpenSSL/crypto/o_dir.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/o_str.c b/Cryptlib/OpenSSL/crypto/o_str.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/o_time.c b/Cryptlib/OpenSSL/crypto/o_time.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/objects/o_names.c b/Cryptlib/OpenSSL/crypto/objects/o_names.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c +old mode 100755 +new mode 100644 +index 760af16..cf5ba2a +--- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c +@@ -444,11 +444,12 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) + unsigned char *p; + char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; + +- if ((a == NULL) || (a->data == NULL)) { +- buf[0]='\0'; +- return(0); +- } ++ /* Ensure that, at every state, |buf| is NUL-terminated. */ ++ if (buf && buf_len > 0) ++ buf[0] = '\0'; + ++ if ((a == NULL) || (a->data == NULL)) ++ return(0); + + if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef) + { +@@ -527,9 +528,10 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) + i=(int)(l/40); + l-=(long)(i*40); + } +- if (buf && (buf_len > 0)) ++ if (buf && (buf_len > 1)) + { + *buf++ = i + '0'; ++ *buf = '\0'; + buf_len--; + } + n++; +@@ -544,9 +546,10 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) + i = strlen(bndec); + if (buf) + { +- if (buf_len > 0) ++ if (buf_len > 1) + { + *buf++ = '.'; ++ *buf = '\0'; + buf_len--; + } + BUF_strlcpy(buf,bndec,buf_len); +@@ -786,4 +789,3 @@ err: + OPENSSL_free(buf); + return(ok); + } +- +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_err.c b/Cryptlib/OpenSSL/crypto/objects/obj_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c +old mode 100755 +new mode 100644 +index 92aba08..fb87cd7 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c +@@ -464,6 +464,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) + + ctx = OCSP_sendreq_new(b, path, req, -1); + ++ if (!ctx) ++ return NULL; ++ + do + { + rv = OCSP_sendreq_nbio(&resp, ctx); +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c +old mode 100755 +new mode 100644 +index 441ccb7..5883b4e +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c +@@ -220,8 +220,19 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss + + if (!*ppath) goto mem_err; + ++ p = host; ++ if(host[0] == '[') ++ { ++ /* ipv6 literal */ ++ host++; ++ p = strchr(host, ']'); ++ if(!p) goto parse_err; ++ *p = '\0'; ++ p++; ++ } ++ + /* Look for optional ':' for port number */ +- if ((p = strchr(host, ':'))) ++ if ((p = strchr(p, ':'))) + { + *p = 0; + port = p + 1; +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_all.c b/Cryptlib/OpenSSL/crypto/pem/pem_all.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_err.c b/Cryptlib/OpenSSL/crypto/pem/pem_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_info.c b/Cryptlib/OpenSSL/crypto/pem/pem_info.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/md_rand.c b/Cryptlib/OpenSSL/crypto/rand/md_rand.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_eng.c b/Cryptlib/OpenSSL/crypto/rand/rand_eng.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_err.c b/Cryptlib/OpenSSL/crypto/rand/rand_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_nw.c b/Cryptlib/OpenSSL/crypto/rand/rand_nw.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_os2.c b/Cryptlib/OpenSSL/crypto/rand/rand_os2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_win.c b/Cryptlib/OpenSSL/crypto/rand/rand_win.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/randfile.c b/Cryptlib/OpenSSL/crypto/rand/randfile.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c +old mode 100755 +new mode 100644 +index d477f08..203d702 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c +@@ -457,7 +457,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, + if (padding == RSA_X931_PADDING) + { + BN_sub(f, rsa->n, ret); +- if (BN_cmp(ret, f)) ++ if (BN_cmp(ret, f) > 0) + res = f; + else + res = ret; +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha256.c b/Cryptlib/OpenSSL/crypto/sha/sha256.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha512.c b/Cryptlib/OpenSSL/crypto/sha/sha512.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_one.c b/Cryptlib/OpenSSL/crypto/sha/sha_one.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/stack/stack.c b/Cryptlib/OpenSSL/crypto/stack/stack.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/store/str_err.c b/Cryptlib/OpenSSL/crypto/store/str_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/store/str_lib.c b/Cryptlib/OpenSSL/crypto/store/str_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/store/str_mem.c b/Cryptlib/OpenSSL/crypto/store/str_mem.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/store/str_meth.c b/Cryptlib/OpenSSL/crypto/store/str_meth.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_compat.c b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_err.c b/Cryptlib/OpenSSL/crypto/ui/ui_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c +old mode 100755 +new mode 100644 +index ac01008..67013f8 +--- a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c +@@ -897,9 +897,9 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) + break; + } + } ++ } + default: + break; + } +- } + return 0; + } +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_util.c b/Cryptlib/OpenSSL/crypto/ui/ui_util.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/uid.c b/Cryptlib/OpenSSL/crypto/uid.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/by_dir.c b/Cryptlib/OpenSSL/crypto/x509/by_dir.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/by_file.c b/Cryptlib/OpenSSL/crypto/x509/by_file.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_att.c b/Cryptlib/OpenSSL/crypto/x509/x509_att.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_def.c b/Cryptlib/OpenSSL/crypto/x509/x509_def.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_err.c b/Cryptlib/OpenSSL/crypto/x509/x509_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_req.c b/Cryptlib/OpenSSL/crypto/x509/x509_req.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_set.c b/Cryptlib/OpenSSL/crypto/x509/x509_set.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509cset.c b/Cryptlib/OpenSSL/crypto/x509/x509cset.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509name.c b/Cryptlib/OpenSSL/crypto/x509/x509name.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509rset.c b/Cryptlib/OpenSSL/crypto/x509/x509rset.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509spki.c b/Cryptlib/OpenSSL/crypto/x509/x509spki.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509type.c b/Cryptlib/OpenSSL/crypto/x509/x509type.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x_all.c b/Cryptlib/OpenSSL/crypto/x509/x_all.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/e_os.h b/Cryptlib/OpenSSL/e_os.h +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh +index 95875e7..897ef2d 100755 +--- a/Cryptlib/OpenSSL/update.sh ++++ b/Cryptlib/OpenSSL/update.sh +@@ -1,501 +1,504 @@ + #/bin/sh + DIR=$1 ++version="0.9.8zb" + +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/e_os.h e_os.h +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cryptlib.c crypto/cryptlib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dyn_lck.c crypto/dyn_lck.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem.c crypto/mem.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_clr.c crypto/mem_clr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_dbg.c crypto/mem_dbg.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cversion.c crypto/cversion.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ex_data.c crypto/ex_data.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cpt_err.c crypto/cpt_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ebcdic.c crypto/ebcdic.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/uid.c crypto/uid.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_time.c crypto/o_time.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_str.c crypto/o_str.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_dir.c crypto/o_dir.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_init.c crypto/o_init.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/fips_err.c crypto/fips_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_one.c crypto/md2/md2_one.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_one.c crypto/md4/md4_one.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_one.c crypto/md5/md5_one.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_one.c crypto/sha/sha_one.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1_one.c crypto/sha/sha1_one.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha256.c crypto/sha/sha256.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha512.c crypto/sha/sha512.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/hmac/hmac.c crypto/hmac/hmac.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_lib.c crypto/des/des_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/set_key.c crypto/des/set_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb_enc.c crypto/des/ecb_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_enc.c crypto/des/cbc_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64enc.c crypto/des/cfb64enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64ede.c crypto/des/cfb64ede.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb_enc.c crypto/des/cfb_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64ede.c crypto/des/ofb64ede.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_read.c crypto/des/enc_read.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_writ.c crypto/des/enc_writ.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64enc.c crypto/des/ofb64enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb_enc.c crypto/des/ofb_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/str2key.c crypto/des/str2key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/qud_cksm.c crypto/des/qud_cksm.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rand_key.c crypto/des/rand_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_enc.c crypto/des/des_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt.c crypto/des/fcrypt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rpc_enc.c crypto/des/rpc_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old.c crypto/des/des_old.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old2.c crypto/des/des_old2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/read2pwd.c crypto/des/read2pwd.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cbc.c crypto/idea/i_cbc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ecb.c crypto/idea/i_ecb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_skey.c crypto/idea/i_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_skey.c crypto/bf/bf_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_enc.c crypto/bf/bf_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_skey.c crypto/cast/c_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ecb.c crypto/cast/c_ecb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_enc.c crypto/cast/c_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_misc.c crypto/aes/aes_misc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ige.c crypto/aes/aes_ige.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_core.c crypto/aes/aes_core.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_add.c crypto/bn/bn_add.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_div.c crypto/bn/bn_div.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp.c crypto/bn/bn_exp.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_lib.c crypto/bn/bn_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mul.c crypto/bn/bn_mul.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mod.c crypto/bn/bn_mod.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_print.c crypto/bn/bn_print.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_rand.c crypto/bn/bn_rand.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_shift.c crypto/bn/bn_shift.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_word.c crypto/bn/bn_word.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_blind.c crypto/bn/bn_blind.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_kron.c crypto/bn/bn_kron.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_prime.c crypto/bn/bn_prime.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_err.c crypto/bn/bn_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_asm.c crypto/bn/bn_asm.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_recp.c crypto/bn/bn_recp.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mont.c crypto/bn/bn_mont.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_nist.c crypto/bn/bn_nist.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_depr.c crypto/bn/bn_depr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_const.c crypto/bn/bn_const.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_opt.c crypto/bn/bn_opt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dl.c crypto/dso/dso_dl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_err.c crypto/dso/dso_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_lib.c crypto/dso/dso_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_null.c crypto/dso/dso_null.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_win32.c crypto/dso/dso_win32.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_vms.c crypto/dso/dso_vms.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_gen.c crypto/dh/dh_gen.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_key.c crypto/dh/dh_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_lib.c crypto/dh/dh_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_check.c crypto/dh/dh_check.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_err.c crypto/dh/dh_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_depr.c crypto/dh/dh_depr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_lib.c crypto/ec/ec_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_mult.c crypto/ec/ec_mult.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_err.c crypto/ec/ec_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_curve.c crypto/ec/ec_curve.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_check.c crypto/ec/ec_check.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_print.c crypto/ec/ec_print.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_key.c crypto/ec/ec_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buffer.c crypto/buffer/buffer.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_str.c crypto/buffer/buf_str.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_err.c crypto/buffer/buf_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_lib.c crypto/bio/bio_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_cb.c crypto/bio/bio_cb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_err.c crypto/bio/bio_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_mem.c crypto/bio/bss_mem.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_null.c crypto/bio/bss_null.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_fd.c crypto/bio/bss_fd.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_file.c crypto/bio/bss_file.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_null.c crypto/bio/bf_null.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_buff.c crypto/bio/bf_buff.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/b_dump.c crypto/bio/b_dump.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_log.c crypto/bio/bss_log.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_bio.c crypto/bio/bss_bio.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/stack/stack.c crypto/stack/stack.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lhash.c crypto/lhash/lhash.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/md_rand.c crypto/rand/md_rand.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/randfile.c crypto/rand/randfile.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_lib.c crypto/rand/rand_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_eng.c crypto/rand/rand_eng.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_err.c crypto/rand/rand_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_egd.c crypto/rand/rand_egd.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_win.c crypto/rand/rand_win.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_unix.c crypto/rand/rand_unix.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_os2.c crypto/rand/rand_os2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_nw.c crypto/rand/rand_nw.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err.c crypto/err/err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_def.c crypto/err/err_def.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_all.c crypto/err/err_all.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_prn.c crypto/err/err_prn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_str.c crypto/err/err_str.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_bio.c crypto/err/err_bio.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/o_names.c crypto/objects/o_names.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_dat.c crypto/objects/obj_dat.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_lib.c crypto/objects/obj_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_err.c crypto/objects/obj_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/encode.c crypto/evp/encode.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/digest.c crypto/evp/digest.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/dig_eng.c crypto/evp/dig_eng.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_enc.c crypto/evp/evp_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_key.c crypto/evp/evp_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des.c crypto/evp/e_des.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_bf.c crypto/evp/e_bf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_idea.c crypto/evp/e_idea.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des3.c crypto/evp/e_des3.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc4.c crypto/evp/e_rc4.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_aes.c crypto/evp/e_aes.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/names.c crypto/evp/names.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc2.c crypto/evp/e_rc2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_cast.c crypto/evp/e_cast.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc5.c crypto/evp/e_rc5.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/enc_min.c crypto/evp/enc_min.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_null.c crypto/evp/m_null.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md2.c crypto/evp/m_md2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md4.c crypto/evp/m_md4.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md5.c crypto/evp/m_md5.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha.c crypto/evp/m_sha.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha1.c crypto/evp/m_sha1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss.c crypto/evp/m_dss.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss1.c crypto/evp/m_dss1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_open.c crypto/evp/p_open.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_seal.c crypto/evp/p_seal.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_sign.c crypto/evp/p_sign.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_verify.c crypto/evp/p_verify.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_lib.c crypto/evp/p_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_enc.c crypto/evp/p_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_dec.c crypto/evp/p_dec.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_md.c crypto/evp/bio_md.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_b64.c crypto/evp/bio_b64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_enc.c crypto/evp/bio_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_err.c crypto/evp/evp_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_null.c crypto/evp/e_null.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_all.c crypto/evp/c_all.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_allc.c crypto/evp/c_allc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_alld.c crypto/evp/c_alld.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_lib.c crypto/evp/evp_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_ok.c crypto/evp/bio_ok.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_old.c crypto/evp/e_old.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_object.c crypto/asn1/a_object.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_time.c crypto/asn1/a_time.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_int.c crypto/asn1/a_int.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_octet.c crypto/asn1/a_octet.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_print.c crypto/asn1/a_print.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_type.c crypto/asn1/a_type.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_set.c crypto/asn1/a_set.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_dup.c crypto/asn1/a_dup.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_enum.c crypto/asn1/a_enum.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_sign.c crypto/asn1/a_sign.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_digest.c crypto/asn1/a_digest.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_verify.c crypto/asn1/a_verify.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strex.c crypto/asn1/a_strex.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_algor.c crypto/asn1/x_algor.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_val.c crypto/asn1/x_val.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_sig.c crypto/asn1/x_sig.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_req.c crypto/asn1/x_req.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_long.c crypto/asn1/x_long.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_name.c crypto/asn1/x_name.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509.c crypto/asn1/x_x509.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_crl.c crypto/asn1/x_crl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_info.c crypto/asn1/x_info.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_spki.c crypto/asn1/x_spki.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/nsseq.c crypto/asn1/nsseq.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_req.c crypto/asn1/t_req.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509.c crypto/asn1/t_x509.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_crl.c crypto/asn1/t_crl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_spki.c crypto/asn1/t_spki.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_int.c crypto/asn1/f_int.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_string.c crypto/asn1/f_string.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_enum.c crypto/asn1/f_enum.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bool.c crypto/asn1/a_bool.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_exten.c crypto/asn1/x_exten.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_meth.c crypto/asn1/a_meth.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_sign.c crypto/pem/pem_sign.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_seal.c crypto/pem/pem_seal.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_info.c crypto/pem/pem_info.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_lib.c crypto/pem/pem_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_all.c crypto/pem/pem_all.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_err.c crypto/pem/pem_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_x509.c crypto/pem/pem_x509.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_oth.c crypto/pem/pem_oth.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_def.c crypto/x509/x509_def.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_d2.c crypto/x509/x509_d2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_obj.c crypto/x509/x509_obj.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_req.c crypto/x509/x509_req.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509spki.c crypto/x509/x509spki.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_set.c crypto/x509/x509_set.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509cset.c crypto/x509/x509cset.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509rset.c crypto/x509/x509rset.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_err.c crypto/x509/x509_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509name.c crypto/x509/x509name.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_v3.c crypto/x509/x509_v3.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_ext.c crypto/x509/x509_ext.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_att.c crypto/x509/x509_att.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509type.c crypto/x509/x509type.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_lu.c crypto/x509/x509_lu.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x_all.c crypto/x509/x_all.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_txt.c crypto/x509/x509_txt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_trs.c crypto/x509/x509_trs.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_file.c crypto/x509/by_file.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_dir.c crypto/x509/by_dir.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3err.c crypto/x509v3/v3err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_err.c crypto/conf/conf_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_lib.c crypto/conf/conf_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_api.c crypto/conf/conf_api.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_def.c crypto/conf/conf_def.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mod.c crypto/conf/conf_mod.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mall.c crypto/conf/conf_mall.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_sap.c crypto/conf/conf_sap.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_lib.c crypto/comp/comp_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_err.c crypto/comp/comp_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_rle.c crypto/comp/c_rle.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_zlib.c crypto/comp/c_zlib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_err.c crypto/engine/eng_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_lib.c crypto/engine/eng_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_list.c crypto/engine/eng_list.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_init.c crypto/engine/eng_init.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_table.c crypto/engine/eng_table.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_fat.c crypto/engine/eng_fat.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_all.c crypto/engine/eng_all.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dh.c crypto/engine/tb_dh.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rand.c crypto/engine/tb_rand.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_store.c crypto/engine/tb_store.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_digest.c crypto/engine/tb_digest.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_err.c crypto/ui/ui_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_lib.c crypto/ui/ui_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_util.c crypto/ui/ui_util.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_compat.c crypto/ui/ui_compat.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_err.c crypto/store/str_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_lib.c crypto/store/str_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_meth.c crypto/store/str_meth.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_mem.c crypto/store/str_mem.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/e_os.h e_os.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cryptlib.c crypto/cryptlib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dyn_lck.c crypto/dyn_lck.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem.c crypto/mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_clr.c crypto/mem_clr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_dbg.c crypto/mem_dbg.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cversion.c crypto/cversion.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ex_data.c crypto/ex_data.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cpt_err.c crypto/cpt_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ebcdic.c crypto/ebcdic.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/uid.c crypto/uid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_time.c crypto/o_time.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_str.c crypto/o_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_dir.c crypto/o_dir.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_init.c crypto/o_init.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/fips_err.c crypto/fips_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md2/md2_one.c crypto/md2/md2_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_one.c crypto/md4/md4_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_one.c crypto/md5/md5_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_one.c crypto/sha/sha_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1_one.c crypto/sha/sha1_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha256.c crypto/sha/sha256.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha512.c crypto/sha/sha512.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/hmac/hmac.c crypto/hmac/hmac.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_lib.c crypto/des/des_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/set_key.c crypto/des/set_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb_enc.c crypto/des/ecb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_enc.c crypto/des/cbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64enc.c crypto/des/cfb64enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64ede.c crypto/des/cfb64ede.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb_enc.c crypto/des/cfb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb64ede.c crypto/des/ofb64ede.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/enc_read.c crypto/des/enc_read.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/enc_writ.c crypto/des/enc_writ.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb64enc.c crypto/des/ofb64enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb_enc.c crypto/des/ofb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/str2key.c crypto/des/str2key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/qud_cksm.c crypto/des/qud_cksm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rand_key.c crypto/des/rand_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_enc.c crypto/des/des_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/fcrypt.c crypto/des/fcrypt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rpc_enc.c crypto/des/rpc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old.c crypto/des/des_old.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old2.c crypto/des/des_old2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/read2pwd.c crypto/des/read2pwd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_cbc.c crypto/idea/i_cbc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_ecb.c crypto/idea/i_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_skey.c crypto/idea/i_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_skey.c crypto/bf/bf_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_enc.c crypto/bf/bf_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_skey.c crypto/cast/c_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_ecb.c crypto/cast/c_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_enc.c crypto/cast/c_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_misc.c crypto/aes/aes_misc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ige.c crypto/aes/aes_ige.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_core.c crypto/aes/aes_core.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_add.c crypto/bn/bn_add.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_div.c crypto/bn/bn_div.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp.c crypto/bn/bn_exp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_lib.c crypto/bn/bn_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mul.c crypto/bn/bn_mul.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mod.c crypto/bn/bn_mod.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_print.c crypto/bn/bn_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_rand.c crypto/bn/bn_rand.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_shift.c crypto/bn/bn_shift.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_word.c crypto/bn/bn_word.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_blind.c crypto/bn/bn_blind.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_kron.c crypto/bn/bn_kron.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_prime.c crypto/bn/bn_prime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_err.c crypto/bn/bn_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_asm.c crypto/bn/bn_asm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_recp.c crypto/bn/bn_recp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mont.c crypto/bn/bn_mont.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_nist.c crypto/bn/bn_nist.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_depr.c crypto/bn/bn_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_const.c crypto/bn/bn_const.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_opt.c crypto/bn/bn_opt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dl.c crypto/dso/dso_dl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_err.c crypto/dso/dso_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_lib.c crypto/dso/dso_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_null.c crypto/dso/dso_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_win32.c crypto/dso/dso_win32.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_vms.c crypto/dso/dso_vms.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_gen.c crypto/dh/dh_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_key.c crypto/dh/dh_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_lib.c crypto/dh/dh_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_check.c crypto/dh/dh_check.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_err.c crypto/dh/dh_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_depr.c crypto/dh/dh_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_lib.c crypto/ec/ec_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_mult.c crypto/ec/ec_mult.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_err.c crypto/ec/ec_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_curve.c crypto/ec/ec_curve.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_check.c crypto/ec/ec_check.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_print.c crypto/ec/ec_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_key.c crypto/ec/ec_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buffer.c crypto/buffer/buffer.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_str.c crypto/buffer/buf_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_err.c crypto/buffer/buf_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_lib.c crypto/bio/bio_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_cb.c crypto/bio/bio_cb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_err.c crypto/bio/bio_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_mem.c crypto/bio/bss_mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_null.c crypto/bio/bss_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_fd.c crypto/bio/bss_fd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_file.c crypto/bio/bss_file.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_null.c crypto/bio/bf_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_buff.c crypto/bio/bf_buff.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/b_dump.c crypto/bio/b_dump.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_log.c crypto/bio/bss_log.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_bio.c crypto/bio/bss_bio.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/stack/stack.c crypto/stack/stack.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lhash.c crypto/lhash/lhash.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/md_rand.c crypto/rand/md_rand.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/randfile.c crypto/rand/randfile.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_lib.c crypto/rand/rand_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_eng.c crypto/rand/rand_eng.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_err.c crypto/rand/rand_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_egd.c crypto/rand/rand_egd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_win.c crypto/rand/rand_win.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_unix.c crypto/rand/rand_unix.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_os2.c crypto/rand/rand_os2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_nw.c crypto/rand/rand_nw.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err.c crypto/err/err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_def.c crypto/err/err_def.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_all.c crypto/err/err_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_prn.c crypto/err/err_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_str.c crypto/err/err_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_bio.c crypto/err/err_bio.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/o_names.c crypto/objects/o_names.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_dat.c crypto/objects/obj_dat.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_lib.c crypto/objects/obj_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_err.c crypto/objects/obj_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/encode.c crypto/evp/encode.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/digest.c crypto/evp/digest.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/dig_eng.c crypto/evp/dig_eng.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_enc.c crypto/evp/evp_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_key.c crypto/evp/evp_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des.c crypto/evp/e_des.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_bf.c crypto/evp/e_bf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_idea.c crypto/evp/e_idea.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des3.c crypto/evp/e_des3.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc4.c crypto/evp/e_rc4.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_aes.c crypto/evp/e_aes.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/names.c crypto/evp/names.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc2.c crypto/evp/e_rc2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_cast.c crypto/evp/e_cast.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc5.c crypto/evp/e_rc5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/enc_min.c crypto/evp/enc_min.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_null.c crypto/evp/m_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md2.c crypto/evp/m_md2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md4.c crypto/evp/m_md4.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md5.c crypto/evp/m_md5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha.c crypto/evp/m_sha.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha1.c crypto/evp/m_sha1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss.c crypto/evp/m_dss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss1.c crypto/evp/m_dss1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_open.c crypto/evp/p_open.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_seal.c crypto/evp/p_seal.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_sign.c crypto/evp/p_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_verify.c crypto/evp/p_verify.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_lib.c crypto/evp/p_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_enc.c crypto/evp/p_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_dec.c crypto/evp/p_dec.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_md.c crypto/evp/bio_md.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_b64.c crypto/evp/bio_b64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_enc.c crypto/evp/bio_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_err.c crypto/evp/evp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_null.c crypto/evp/e_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_all.c crypto/evp/c_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_allc.c crypto/evp/c_allc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_alld.c crypto/evp/c_alld.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_lib.c crypto/evp/evp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_ok.c crypto/evp/bio_ok.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_old.c crypto/evp/e_old.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_object.c crypto/asn1/a_object.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_time.c crypto/asn1/a_time.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_int.c crypto/asn1/a_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_octet.c crypto/asn1/a_octet.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_print.c crypto/asn1/a_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_type.c crypto/asn1/a_type.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_set.c crypto/asn1/a_set.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_dup.c crypto/asn1/a_dup.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_enum.c crypto/asn1/a_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_sign.c crypto/asn1/a_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_digest.c crypto/asn1/a_digest.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_verify.c crypto/asn1/a_verify.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strex.c crypto/asn1/a_strex.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_algor.c crypto/asn1/x_algor.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_val.c crypto/asn1/x_val.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_sig.c crypto/asn1/x_sig.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_req.c crypto/asn1/x_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_long.c crypto/asn1/x_long.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_name.c crypto/asn1/x_name.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_x509.c crypto/asn1/x_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_crl.c crypto/asn1/x_crl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_info.c crypto/asn1/x_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_spki.c crypto/asn1/x_spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/nsseq.c crypto/asn1/nsseq.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_req.c crypto/asn1/t_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_x509.c crypto/asn1/t_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_crl.c crypto/asn1/t_crl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_spki.c crypto/asn1/t_spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_int.c crypto/asn1/f_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_string.c crypto/asn1/f_string.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_enum.c crypto/asn1/f_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bool.c crypto/asn1/a_bool.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_exten.c crypto/asn1/x_exten.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_meth.c crypto/asn1/a_meth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_sign.c crypto/pem/pem_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_seal.c crypto/pem/pem_seal.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_info.c crypto/pem/pem_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_lib.c crypto/pem/pem_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_all.c crypto/pem/pem_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_err.c crypto/pem/pem_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_x509.c crypto/pem/pem_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_oth.c crypto/pem/pem_oth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_def.c crypto/x509/x509_def.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_d2.c crypto/x509/x509_d2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_obj.c crypto/x509/x509_obj.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_req.c crypto/x509/x509_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509spki.c crypto/x509/x509spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_set.c crypto/x509/x509_set.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509cset.c crypto/x509/x509cset.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509rset.c crypto/x509/x509rset.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_err.c crypto/x509/x509_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509name.c crypto/x509/x509name.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_v3.c crypto/x509/x509_v3.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_ext.c crypto/x509/x509_ext.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_att.c crypto/x509/x509_att.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509type.c crypto/x509/x509type.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_lu.c crypto/x509/x509_lu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x_all.c crypto/x509/x_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_txt.c crypto/x509/x509_txt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_trs.c crypto/x509/x509_trs.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/by_file.c crypto/x509/by_file.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/by_dir.c crypto/x509/by_dir.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3err.c crypto/x509v3/v3err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_err.c crypto/conf/conf_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_lib.c crypto/conf/conf_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_api.c crypto/conf/conf_api.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_def.c crypto/conf/conf_def.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mod.c crypto/conf/conf_mod.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mall.c crypto/conf/conf_mall.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_sap.c crypto/conf/conf_sap.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_lib.c crypto/comp/comp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_err.c crypto/comp/comp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_rle.c crypto/comp/c_rle.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_zlib.c crypto/comp/c_zlib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_err.c crypto/engine/eng_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_lib.c crypto/engine/eng_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_list.c crypto/engine/eng_list.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_init.c crypto/engine/eng_init.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_table.c crypto/engine/eng_table.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_fat.c crypto/engine/eng_fat.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_all.c crypto/engine/eng_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_dh.c crypto/engine/tb_dh.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_rand.c crypto/engine/tb_rand.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_store.c crypto/engine/tb_store.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_digest.c crypto/engine/tb_digest.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_err.c crypto/ui/ui_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_lib.c crypto/ui/ui_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_util.c crypto/ui/ui_util.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_compat.c crypto/ui/ui_compat.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_err.c crypto/store/str_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_lib.c crypto/store/str_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_meth.c crypto/store/str_meth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_mem.c crypto/store/str_mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c ++ ++find . -name "*.[ch]" -exec chmod -x {} \; +diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c +index bb5f6d4..7b8bca5 100644 +--- a/Cryptlib/Pk/CryptAuthenticode.c ++++ b/Cryptlib/Pk/CryptAuthenticode.c +@@ -146,8 +146,8 @@ AuthenticodeVerify ( + // + // Long Form of Length Encoding, only support two bytes. + // +- ContentSize = (UINTN) (*(SpcIndirectDataContent + 2)); +- ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3)); ++ ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2)); ++ ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 3)); + // + // Skip the SEQUENCE Tag; + // +-- +1.9.3 + diff --git a/SOURCES/0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch b/SOURCES/0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch new file mode 100644 index 0000000..9ebc9e2 --- /dev/null +++ b/SOURCES/0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch @@ -0,0 +1,30 @@ +From 14acaa4a3361403e06b284bf8e1e32ad9cec5457 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 27 Aug 2014 11:48:39 -0400 +Subject: [PATCH 51/74] Fix typo from Ard's old tree 32-bit ARM patch. + +We don't need to .data entries; the second one should be .data*. He's +since fixed this in his tree, but I'd already pulled it and pushed to +master. + +Signed-off-by: Peter Jones +--- + elf_arm_efi.lds | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/elf_arm_efi.lds b/elf_arm_efi.lds +index fd1075d..c5dc298 100644 +--- a/elf_arm_efi.lds ++++ b/elf_arm_efi.lds +@@ -19,7 +19,7 @@ SECTIONS + *(.sdata) + *(.data) + *(.data1) +- *(.data) ++ *(.data*) + *(.got.plt) + *(.got) + +-- +1.9.3 + diff --git a/SOURCES/0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch b/SOURCES/0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch new file mode 100644 index 0000000..d2038fb --- /dev/null +++ b/SOURCES/0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch @@ -0,0 +1,54 @@ +From 94c9a77f6504170a6bd38b0aa29039208987650e Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Wed, 13 Aug 2014 13:35:38 +0200 +Subject: [PATCH 52/74] Handle empty .reloc section in PE/COFF loader + +On archs where no EFI aware objcopy is available, the generated PE/COFF +header contains a .reloc section which is completely empty. Handle this by +- returning early from relocate_coff() with EFI_SUCCESS, +- ignoring discardable sections in the section loader. + +Signed-off-by: Ard Biesheuvel +--- + shim.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/shim.c b/shim.c +index ea8eba8..1329212 100644 +--- a/shim.c ++++ b/shim.c +@@ -145,6 +145,9 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + return EFI_UNSUPPORTED; + } + ++ if (!context->RelocDir->Size) ++ return EFI_SUCCESS; ++ + RelocBase = ImageAddress(data, size, context->RelocDir->VirtualAddress); + RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); + +@@ -996,7 +999,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + * Copy the executable's sections to their desired offsets + */ + Section = context.FirstSection; +- for (i = 0; i < context.NumberOfSections; i++) { ++ for (i = 0; i < context.NumberOfSections; i++, Section++) { ++ if (Section->Characteristics & 0x02000000) ++ /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */ ++ continue; ++ + size = Section->Misc.VirtualSize; + + if (size > Section->SizeOfRawData) +@@ -1021,8 +1028,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + + if (size < Section->Misc.VirtualSize) + ZeroMem (base + size, Section->Misc.VirtualSize - size); +- +- Section += 1; + } + + /* +-- +1.9.3 + diff --git a/SOURCES/0053-Don-t-name-something-exit.patch b/SOURCES/0053-Don-t-name-something-exit.patch new file mode 100644 index 0000000..d7dd5e5 --- /dev/null +++ b/SOURCES/0053-Don-t-name-something-exit.patch @@ -0,0 +1,37 @@ +From 32f10548cdf1919103654ab65601c8b15c3976a1 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 27 Aug 2014 13:26:23 -0400 +Subject: [PATCH 53/74] Don't name something exit(). + +On aarch64 due to some terrifying include chain we wind up with +Cryptlib's definition of exit here. I'm not a glutton for punishment, +so I'm just changing the name so it's not coliding. + +Signed-off-by: Peter Jones +--- + replacements.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/replacements.c b/replacements.c +index 5dfa355..f7623d9 100644 +--- a/replacements.c ++++ b/replacements.c +@@ -162,7 +162,7 @@ exit_boot_services(EFI_HANDLE image_key, UINTN map_key) + } + + static EFI_STATUS EFIAPI +-exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, ++do_exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, + UINTN ExitDataSize, CHAR16 *ExitData) + { + EFI_STATUS status; +@@ -206,5 +206,5 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab) + * bootloader and still e.g. start a new one or run an internal + * shell. */ + system_exit = systab->BootServices->Exit; +- systab->BootServices->Exit = exit; ++ systab->BootServices->Exit = do_exit; + } +-- +1.9.3 + diff --git a/SOURCES/0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch b/SOURCES/0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch new file mode 100644 index 0000000..c807b9c --- /dev/null +++ b/SOURCES/0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch @@ -0,0 +1,68 @@ +From fa2a35ce78b3dc4e9b29f47a9ebc675a97a9a7c7 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 27 Aug 2014 16:39:51 -0400 +Subject: [PATCH 54/74] Make sure we don't try to load a binary from a + different arch. + +Since in theory you could, for example, get an x86_64 binary signed that +also behaves as an ARM executable, we should be checking this before +people build on other architectures. + +Signed-off-by: Peter Jones +--- + include/PeImage.h | 1 + + shim.c | 19 +++++++++++++++++++ + 2 files changed, 20 insertions(+) + +diff --git a/include/PeImage.h b/include/PeImage.h +index ec13404..133e11e 100644 +--- a/include/PeImage.h ++++ b/include/PeImage.h +@@ -49,6 +49,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + #define IMAGE_FILE_MACHINE_EBC 0x0EBC + #define IMAGE_FILE_MACHINE_X64 0x8664 + #define IMAGE_FILE_MACHINE_ARMTHUMB_MIXED 0x01c2 ++#define IMAGE_FILE_MACHINE_ARM64 0xaa64 + + // + // EXE file formats +diff --git a/shim.c b/shim.c +index 1329212..1ec1e11 100644 +--- a/shim.c ++++ b/shim.c +@@ -947,6 +947,20 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + return EFI_SUCCESS; + } + ++static const UINT16 machine_type = ++#if defined(__x86_64__) ++ IMAGE_FILE_MACHINE_X64; ++#elif defined(__aarch64__) ++ IMAGE_FILE_MACHINE_ARM64; ++#elif defined(__arm__) ++ IMAGE_FILE_MACHINE_ARMTHUMB_MIXED; ++#elif defined(__i386__) || defined(__i486__) || defined(__i686__) ++ IMAGE_FILE_MACHINE_I386; ++#elif defined(__ia64__) ++ IMAGE_FILE_MACHINE_IA64; ++#else ++#error this architecture is not supported by shim ++#endif + + /* + * Once the image has been loaded it needs to be validated and relocated +@@ -971,6 +985,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + return efi_status; + } + ++ if (context.PEHdr->Pe32.FileHeader.Machine != machine_type) { ++ perror(L"Image is for a different architecture\n"); ++ return EFI_UNSUPPORTED; ++ } ++ + /* + * We only need to verify the binary if we're in secure mode + */ +-- +1.9.3 + diff --git a/SOURCES/0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch b/SOURCES/0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch new file mode 100644 index 0000000..82ec5df --- /dev/null +++ b/SOURCES/0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch @@ -0,0 +1,140 @@ +From a7249a65aff174d2a51d6a7bf77dbbf58744a170 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 18 Sep 2014 18:34:38 -0400 +Subject: [PATCH 55/74] Actually refer to the base relocation table of our + loaded image. + +Currently when we process base relocations, we get the correct Data +Directory pointer from the headers (context->RelocDir), and that header +has been copied into our pristine allocated image when we copied up to +SizeOfHeaders. But the data it points to has not been mirrored in to +the new image, so it is whatever data AllocPool() gave us. + +This patch changes relocate_coff() to refer to the base relocation table +from the image we loaded from disk, but apply the fixups to the new +copy. + +I have no idea how x86_64 worked without this, but I can't make aarch64 +work without it. I also don't know how Ard or Leif have seen aarch64 +work. Maybe they haven't? Leif indicated on irc that they may have +only tested shim with simple "hello world" applications from gnu-efi; +they are certainly much less complex than grub.efi, and are generated +through a different linking process. + +My only theory is that we're getting recycled data there pretty reliably +that just makes us /not/ process any relocations, but since our +ImageBase is 0, and I don't think we ever load grub with 0 as its base +virtual address, that doesn't follow. I'm open to any other ideas +anybody has. + +I do know that on x86_64 (and presumably aarch64 as well), we don't +actually start seeing *symptoms* of this bug until the first chunk[0] of +94c9a77f is applied[1]. Once that is applied, relocate_coff() starts +seeing zero[2] for both RelocBase->VirtualAddress and +RelocBase->SizeOfBlock, because RelocBase is a (generated, relative) +pointer that only makes sense in the context of the original binary, not +our partial copy. Since RelocBase->SizeOfBlock is tested first, +relocate_base() gives us "Reloc block size is invalid"[3] and returns +EFI_UNSUPPORTED. At that point shim exits with an error. + +[0] The second chunk of 94c9a77f patch makes no difference on this + issue. +[1] I don't see why at all. +[2] Which could really be any value since it's AllocatePool() and not + AllocateZeroPool() results, but 0 is all I've observed; I think + AllocatePool() has simply never recycled any memory in my test + cases. +[3] which is silent because perror() tries to avoid talking because that + has caused much crashing in the past; work needs to go in to 0.9 for + this. + +Signed-off-by: Peter Jones +--- + shim.c | 42 +++++++++++++++++++++--------------------- + 1 file changed, 21 insertions(+), 21 deletions(-) + +diff --git a/shim.c b/shim.c +index 1ec1e11..4b4d31a 100644 +--- a/shim.c ++++ b/shim.c +@@ -122,7 +122,7 @@ static void *ImageAddress (void *image, unsigned int size, unsigned int address) + * Perform the actual relocation + */ + static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, +- void *data) ++ void *orig, void *data) + { + EFI_IMAGE_BASE_RELOCATION *RelocBase, *RelocBaseEnd; + UINT64 Adjust; +@@ -132,7 +132,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + UINT32 *Fixup32; + UINT64 *Fixup64; + int size = context->ImageSize; +- void *ImageEnd = (char *)data + size; ++ void *ImageEnd = (char *)orig + size; + + #if __LP64__ + context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data; +@@ -140,16 +140,8 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)data; + #endif + +- if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { +- perror(L"Image has no relocation entry\n"); +- return EFI_UNSUPPORTED; +- } +- +- if (!context->RelocDir->Size) +- return EFI_SUCCESS; +- +- RelocBase = ImageAddress(data, size, context->RelocDir->VirtualAddress); +- RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); ++ RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress); ++ RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); + + if (!RelocBase || !RelocBaseEnd) { + perror(L"Reloc table overflows binary\n"); +@@ -170,7 +162,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + } + + RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock); +- if ((void *)RelocEnd < data || (void *)RelocEnd > ImageEnd) { ++ if ((void *)RelocEnd < orig || (void *)RelocEnd > ImageEnd) { + perror(L"Reloc entry overflows binary\n"); + return EFI_UNSUPPORTED; + } +@@ -1049,15 +1041,23 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + ZeroMem (base + size, Section->Misc.VirtualSize - size); + } + +- /* +- * Run the relocation fixups +- */ +- efi_status = relocate_coff(&context, buffer); +- +- if (efi_status != EFI_SUCCESS) { +- perror(L"Relocation failed: %r\n", efi_status); ++ if (context.NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { ++ perror(L"Image has no relocation entry\n"); + FreePool(buffer); +- return efi_status; ++ return EFI_UNSUPPORTED; ++ } ++ ++ if (context.RelocDir->Size) { ++ /* ++ * Run the relocation fixups ++ */ ++ efi_status = relocate_coff(&context, data, buffer); ++ ++ if (efi_status != EFI_SUCCESS) { ++ perror(L"Relocation failed: %r\n", efi_status); ++ FreePool(buffer); ++ return efi_status; ++ } + } + + entry_point = ImageAddress(buffer, context.ImageSize, context.EntryPoint); +-- +1.9.3 + diff --git a/SOURCES/0056-Make-64-on-32-maybe-work-on-x86_64.patch b/SOURCES/0056-Make-64-on-32-maybe-work-on-x86_64.patch new file mode 100644 index 0000000..97ad998 --- /dev/null +++ b/SOURCES/0056-Make-64-on-32-maybe-work-on-x86_64.patch @@ -0,0 +1,331 @@ +From 750584c207757688cbab47f51a18a33c3e36fb8b Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Sep 2014 11:37:35 -0400 +Subject: [PATCH 56/74] Make 64-on-32 maybe work on x86_64. + +This is mostly based on a patch (https://github.com/mjg59/shim/issues/30) +from https://github.com/TBOpen , which refactors our __LP64__ +tests to be tests of the header magic instead. I've simplified things +by using what we've pre-loaded into "context" and making some helper +functions so the conditionals in most of the code say what they do, +instead of how they work. + +Note that we're only allowing that from in_protocol's loader - that is, +we'll let 64-bit grub load a 32-bit kernel or 32-bit grub load a 64-bit +kernel, but 32-bit shim isn't loading a 64-bit grub. + +Signed-off-by: Peter Jones +--- + shim.c | 220 ++++++++++++++++++++++++++++++++++++++++++++--------------------- + 1 file changed, 148 insertions(+), 72 deletions(-) + +diff --git a/shim.c b/shim.c +index 4b4d31a..c1b5c17 100644 +--- a/shim.c ++++ b/shim.c +@@ -118,6 +118,106 @@ static void *ImageAddress (void *image, unsigned int size, unsigned int address) + return image + address; + } + ++/* here's a chart: ++ * i686 x86_64 aarch64 ++ * 64-on-64: nyet yes yes ++ * 64-on-32: nyet yes nyet ++ * 32-on-32: yes yes no ++ */ ++static int ++allow_64_bit(void) ++{ ++#if defined(__x86_64__) || defined(__aarch64__) ++ return 1; ++#elif defined(__i386__) || defined(__i686__) ++ /* Right now blindly assuming the kernel will correctly detect this ++ * and /halt the system/ if you're not really on a 64-bit cpu */ ++ if (in_protocol) ++ return 1; ++ return 0; ++#else /* assuming everything else is 32-bit... */ ++ return 0; ++#endif ++} ++ ++static int ++allow_32_bit(void) ++{ ++#if defined(__x86_64__) ++#if defined(ALLOW_32BIT_KERNEL_ON_X64) ++ if (in_protocol) ++ return 1; ++ return 0; ++#else ++ return 0; ++#endif ++#elif defined(__i386__) || defined(__i686__) ++ return 1; ++#elif defined(__arch64__) ++ return 0; ++#else /* assuming everything else is 32-bit... */ ++ return 1; ++#endif ++} ++ ++static int ++image_is_64_bit(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr) ++{ ++ /* .Magic is the same offset in all cases */ ++ if (PEHdr->Pe32Plus.OptionalHeader.Magic ++ == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) ++ return 1; ++ return 0; ++} ++ ++static const UINT16 machine_type = ++#if defined(__x86_64__) ++ IMAGE_FILE_MACHINE_X64; ++#elif defined(__aarch64__) ++ IMAGE_FILE_MACHINE_ARM64; ++#elif defined(__arm__) ++ IMAGE_FILE_MACHINE_ARMTHUMB_MIXED; ++#elif defined(__i386__) || defined(__i486__) || defined(__i686__) ++ IMAGE_FILE_MACHINE_I386; ++#elif defined(__ia64__) ++ IMAGE_FILE_MACHINE_IA64; ++#else ++#error this architecture is not supported by shim ++#endif ++ ++static int ++image_is_loadable(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr) ++{ ++ /* If the machine type doesn't match the binary, bail, unless ++ * we're in an allowed 64-on-32 scenario */ ++ if (PEHdr->Pe32.FileHeader.Machine != machine_type) { ++ if (!(machine_type == IMAGE_FILE_MACHINE_I386 && ++ PEHdr->Pe32.FileHeader.Machine == IMAGE_FILE_MACHINE_X64 && ++ allow_64_bit())) { ++ return 0; ++ } ++ } ++ ++ /* If it's not a header type we recognize at all, bail */ ++ switch (PEHdr->Pe32Plus.OptionalHeader.Magic) { ++ case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC: ++ case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC: ++ break; ++ default: ++ return 0; ++ } ++ ++ /* and now just check for general 64-vs-32 compatibility */ ++ if (image_is_64_bit(PEHdr)) { ++ if (allow_64_bit()) ++ return 1; ++ } else { ++ if (allow_32_bit()) ++ return 1; ++ } ++ return 0; ++} ++ + /* + * Perform the actual relocation + */ +@@ -134,11 +234,10 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + int size = context->ImageSize; + void *ImageEnd = (char *)orig + size; + +-#if __LP64__ +- context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data; +-#else +- context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)data; +-#endif ++ if (image_is_64_bit(context->PEHdr)) ++ context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)(unsigned long)data; ++ else ++ context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)(unsigned long)data; + + RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress); + RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); +@@ -157,7 +256,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION)); + + if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) { +- perror(L"Reloc block size is invalid\n"); ++ perror(L"Reloc block size %d is invalid\n", RelocBase->SizeOfBlock); + return EFI_UNSUPPORTED; + } + +@@ -498,7 +597,7 @@ static BOOLEAN secure_mode (void) + * Calculate the SHA1 and SHA256 hashes of a binary + */ + +-static EFI_STATUS generate_hash (char *data, int datasize_in, ++static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, + PE_COFF_LOADER_IMAGE_CONTEXT *context, + UINT8 *sha256hash, UINT8 *sha1hash) + +@@ -572,15 +671,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + } + + /* Hash end of certificate table to end of image header */ +-#if __LP64__ +- hashbase = (char *) &context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; +- hashsize = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders - +- (int) ((char *) (&context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data); +-#else +- hashbase = (char *) &context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; +- hashsize = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders - +- (int) ((char *) (&context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data); +-#endif ++ EFI_IMAGE_DATA_DIRECTORY *dd = context->SecDir + 1; ++ hashbase = (char *)dd; ++ hashsize = context->SizeOfHeaders - (unsigned long)((char *)dd - data); ++ if (hashsize > datasize_in) { ++ perror(L"Data Directory size %d is invalid\n", hashsize); ++ status = EFI_INVALID_PARAMETER; ++ goto done; ++ } + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +@@ -590,11 +688,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + } + + /* Sort sections */ +-#if __LP64__ +- SumOfBytesHashed = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; +-#else +- SumOfBytesHashed = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders; +-#endif ++ SumOfBytesHashed = context->SizeOfHeaders; + + /* Validate section locations and sizes */ + for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) { +@@ -682,14 +776,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + /* Hash all remaining data */ + if (datasize > SumOfBytesHashed) { + hashbase = data + SumOfBytesHashed; +- hashsize = (unsigned int)( +- datasize - +-#if __LP64__ +- context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - +-#else +- context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - +-#endif +- SumOfBytesHashed); ++ hashsize = datasize - context->SecDir->Size - SumOfBytesHashed; + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +@@ -843,24 +930,31 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr = data; + unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize; + +- if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) { ++ if (datasize < sizeof (PEHdr->Pe32)) { + perror(L"Invalid image\n"); + return EFI_UNSUPPORTED; + } + + if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) + PEHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)((char *)data + DosHdr->e_lfanew); +-#if __LP64__ +- context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; +- context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; +- context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; +- OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64); +-#else +- context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes; +- context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders; +- context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage; +- OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32); +-#endif ++ ++ if (!image_is_loadable(PEHdr)) { ++ perror(L"Platform does not support this image\n"); ++ return EFI_UNSUPPORTED; ++ } ++ ++ if (image_is_64_bit(PEHdr)) { ++ context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; ++ context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; ++ context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; ++ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64); ++ } else { ++ context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes; ++ context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders; ++ context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage; ++ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32); ++ } ++ + context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; + + if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) { +@@ -908,17 +1002,19 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + } + + context->PEHdr = PEHdr; +-#if __LP64__ +- context->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase; +- context->EntryPoint = PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint; +- context->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; +- context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; +-#else +- context->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase; +- context->EntryPoint = PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint; +- context->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; +- context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; +-#endif ++ ++ if (image_is_64_bit(PEHdr)) { ++ context->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase; ++ context->EntryPoint = PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint; ++ context->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; ++ context->SecDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; ++ } else { ++ context->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase; ++ context->EntryPoint = PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint; ++ context->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; ++ context->SecDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; ++ } ++ + context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER)); + + if (context->ImageSize < context->SizeOfHeaders) { +@@ -939,21 +1035,6 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + return EFI_SUCCESS; + } + +-static const UINT16 machine_type = +-#if defined(__x86_64__) +- IMAGE_FILE_MACHINE_X64; +-#elif defined(__aarch64__) +- IMAGE_FILE_MACHINE_ARM64; +-#elif defined(__arm__) +- IMAGE_FILE_MACHINE_ARMTHUMB_MIXED; +-#elif defined(__i386__) || defined(__i486__) || defined(__i686__) +- IMAGE_FILE_MACHINE_I386; +-#elif defined(__ia64__) +- IMAGE_FILE_MACHINE_IA64; +-#else +-#error this architecture is not supported by shim +-#endif +- + /* + * Once the image has been loaded it needs to be validated and relocated + */ +@@ -977,11 +1058,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + return efi_status; + } + +- if (context.PEHdr->Pe32.FileHeader.Machine != machine_type) { +- perror(L"Image is for a different architecture\n"); +- return EFI_UNSUPPORTED; +- } +- + /* + * We only need to verify the binary if we're in secure mode + */ +-- +1.9.3 + diff --git a/SOURCES/0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch b/SOURCES/0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch new file mode 100644 index 0000000..1ad40eb --- /dev/null +++ b/SOURCES/0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch @@ -0,0 +1,84 @@ +From f04d50b74770f5c7f7e0a1c3c24b7713fbec0802 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sat, 20 Sep 2014 16:47:08 -0400 +Subject: [PATCH 57/74] Validate computed hash bases/hash sizes more + thoroughly. + +I screwed one of these up when working on 750584c, and it's a real pain +to figure out, so that means we should be validating them. + +Signed-off-by: Peter Jones +--- + shim.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/shim.c b/shim.c +index c1b5c17..cfa90d1 100644 +--- a/shim.c ++++ b/shim.c +@@ -593,6 +593,22 @@ static BOOLEAN secure_mode (void) + return TRUE; + } + ++#define check_size_line(data, datasize_in, hashbase, hashsize, l) ({ \ ++ if ((unsigned long)hashbase > \ ++ (unsigned long)data + datasize_in) { \ ++ perror(L"shim.c:%d Invalid hash base 0x%016x\n", l, \ ++ hashbase); \ ++ goto done; \ ++ } \ ++ if ((unsigned long)hashbase + hashsize > \ ++ (unsigned long)data + datasize_in) { \ ++ perror(L"shim.c:%d Invalid hash size 0x%016x\n", l, \ ++ hashsize); \ ++ goto done; \ ++ } \ ++}) ++#define check_size(d,ds,h,hs) check_size_line(d,ds,h,hs,__LINE__) ++ + /* + * Calculate the SHA1 and SHA256 hashes of a binary + */ +@@ -650,6 +666,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, + hashbase = data; + hashsize = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum - + hashbase; ++ check_size(data, datasize_in, hashbase, hashsize); + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +@@ -662,6 +679,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, + hashbase = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum + + sizeof (int); + hashsize = (char *)context->SecDir - hashbase; ++ check_size(data, datasize_in, hashbase, hashsize); + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +@@ -679,6 +697,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, + status = EFI_INVALID_PARAMETER; + goto done; + } ++ check_size(data, datasize_in, hashbase, hashsize); + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +@@ -763,6 +782,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, + goto done; + } + hashsize = (unsigned int) Section->SizeOfRawData; ++ check_size(data, datasize_in, hashbase, hashsize); + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +@@ -777,6 +797,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, + if (datasize > SumOfBytesHashed) { + hashbase = data + SumOfBytesHashed; + hashsize = datasize - context->SecDir->Size - SumOfBytesHashed; ++ check_size(data, datasize_in, hashbase, hashsize); + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +-- +1.9.3 + diff --git a/SOURCES/0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch b/SOURCES/0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch new file mode 100644 index 0000000..8b1f939 --- /dev/null +++ b/SOURCES/0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch @@ -0,0 +1,47 @@ +From 3d1cdbc4e3815dd8e489b8a9c95e945b67d3a045 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Sep 2014 11:48:56 -0400 +Subject: [PATCH 58/74] Don't call AuthenticodeVerify if vendor_cert_size is 0. + +Actually check the size of our vendor cert quite early, so that there's +no confusion as to what's going on. + +This isn't strictly necessary, in that in all cases if vendor_cert_size +is 0, then AuthenticodeVerify -> Pkcs7Verify() -> d2i_X509() will result +in a NULL "Cert", and it will return FALSE, and we'll reject the +signature, but better to avoid all that code in the first place. Belt +and suspenders and whatnot. + +Based on a patch from https://github.com/TBOpen . + +Signed-off-by: Peter Jones +--- + shim.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/shim.c b/shim.c +index cfa90d1..caa05d8 100644 +--- a/shim.c ++++ b/shim.c +@@ -923,14 +923,13 @@ static EFI_STATUS verify_buffer (char *data, int datasize, + return status; + } + +- + /* + * And finally, check against shim's built-in key + */ +- if (AuthenticodeVerify(cert->CertData, +- context->SecDir->Size - sizeof(cert->Hdr), +- vendor_cert, vendor_cert_size, sha256hash, +- SHA256_DIGEST_SIZE)) { ++ if (vendor_cert_size && AuthenticodeVerify(cert->CertData, ++ context->SecDir->Size - sizeof(cert->Hdr), ++ vendor_cert, vendor_cert_size, sha256hash, ++ SHA256_DIGEST_SIZE)) { + status = EFI_SUCCESS; + return status; + } +-- +1.9.3 + diff --git a/SOURCES/0059-Fix-our-in_protocol-printing.patch b/SOURCES/0059-Fix-our-in_protocol-printing.patch new file mode 100644 index 0000000..6895765 --- /dev/null +++ b/SOURCES/0059-Fix-our-in_protocol-printing.patch @@ -0,0 +1,30 @@ +From eb72a4c3a1be9a10512886d2c95f9c015b77e15f Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Sep 2014 16:46:01 -0400 +Subject: [PATCH 59/74] Fix our "in_protocol" printing. + +When I merged 4bfb13d and fixed the conflicts, I managed to make the +in_protocol test exactly backwards, so that's why we don't currently see +error messages. + +Signed-off-by: Peter Jones +--- + shim.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/shim.c b/shim.c +index caa05d8..7cd4182 100644 +--- a/shim.c ++++ b/shim.c +@@ -63,7 +63,7 @@ static UINT8 in_protocol; + + #define perror(fmt, ...) ({ \ + UINTN __perror_ret = 0; \ +- if (in_protocol) \ ++ if (!in_protocol) \ + __perror_ret = Print((fmt), ##__VA_ARGS__); \ + __perror_ret; \ + }) +-- +1.9.3 + diff --git a/SOURCES/0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch b/SOURCES/0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch new file mode 100644 index 0000000..cef43e7 --- /dev/null +++ b/SOURCES/0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch @@ -0,0 +1,417 @@ +From 0e7ba5947eb38b79de2051ecf3b95055e620475c Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sat, 20 Sep 2014 14:03:03 -0400 +Subject: [PATCH 60/74] Generate a sane PE header on shim, fallback, and + MokManager. + +It turns out a7249a65 was masking a second problem - on some binaries, +when we actually don't have any base relocations at all, binutils' +"objcopy --target efi-app-x86_64" is generating a PE header with a base +relocations pointer that happily points into the middle of our text +section. So with shim processing base relocations correctly, it refuses +to load those binaries. + +For example, on one binary I just built: + +00000130 00 a0 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 |................| + +which says there's a Base Relocation Table at 0xa000 that's 0xa bytes long. +That's here: + +0000a000 58 00 29 00 00 00 00 00 48 00 44 00 28 00 50 00 |X.).....H.D.(.P.| +0000a010 61 00 72 00 74 00 25 00 64 00 2c 00 53 00 69 00 |a.r.t.%.d.,.S.i.| +0000a020 67 00 25 00 67 00 29 00 00 00 00 00 00 00 00 00 |g.%.g.).........| +0000a030 48 00 44 00 28 00 50 00 61 00 72 00 74 00 25 00 |H.D.(.P.a.r.t.%.| + +So the table is: + +0000a000 58 00 29 00 00 00 00 00 48 00 |X.).....H. | + +That wouldn't be so bad, except those binaries are MokManager.efi, +fallback.efi, and shim.efi, and sometimes they're .reloc, which we're +actually trying to handle correctly now because grub builds with a real +and valid .reloc table. So though I didn't think there was any hair +left on this yak, more shaving ensues. + +With this change, instead of letting objcopy do whatever it likes, we +switch to "-O binary" and merely link in a header that's appropriate for +our binaries. This is the same method Ard wrote for aarch64, and it +seems to work fine in either place (modulo some minor changes.) + +At some point this should be merged into gnu-efi instead of carrying our +own crt0-efi-x86_64.S, but that's a less immediate problem. + +I did not need this problem. + +Signed-off-by: Peter Jones +--- + Makefile | 24 ++++++-- + crt0-efi-x86_64.S | 177 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + elf_x86_64_efi.lds | 85 +++++++++++++------------ + 3 files changed, 236 insertions(+), 50 deletions(-) + create mode 100644 crt0-efi-x86_64.S + +diff --git a/Makefile b/Makefile +index 5bc513c..d5fd55b 100644 +--- a/Makefile ++++ b/Makefile +@@ -15,7 +15,10 @@ EFI_PATH := /usr/lib64/gnuefi + LIB_GCC = $(shell $(CC) -print-libgcc-file-name) + EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) + +-EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o ++ifeq ($(ARCH),x86_64) ++EFI_CRT_OBJS := crt0-efi-$(ARCH).o ++endif ++EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o + EFI_LDS = elf_$(ARCH)_efi.lds + + DEFAULT_LOADER := \\\\grub.efi +@@ -52,11 +55,11 @@ ifneq ($(origin VENDOR_DBX_FILE), undefined) + CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" + endif + +-LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) ++LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL + + VERSION = 0.7 + +-TARGET = shim.efi MokManager.efi.signed fallback.efi.signed ++TARGET += shim.efi MokManager.efi.signed fallback.efi.signed + OBJS = shim.o netboot.o cert.o replacements.o version.o + KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer + SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h +@@ -94,17 +97,17 @@ shim.o: $(SOURCES) shim_cert.h + cert.o : cert.S + $(CC) $(CFLAGS) -c -o $@ $< + +-shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a ++shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) + + fallback.o: $(FALLBACK_SRCS) + +-fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a ++fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) + + MokManager.o: $(MOK_SOURCES) + +-MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a ++MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a + + Cryptlib/libcryptlib.a: +@@ -128,8 +131,17 @@ SUBSYSTEM := 0xa + LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) + endif + ++ifeq ($(ARCH),x86_64) ++FORMAT := -O binary ++SUBSYSTEM := 0xa ++LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) ++endif ++ + FORMAT ?= --target efi-app-$(ARCH) + ++crt0-efi-x86_64.o : crt0-efi-x86_64.S ++ $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $< ++ + %.efi: %.so + $(OBJCOPY) -j .text -j .sdata -j .data \ + -j .dynamic -j .dynsym -j .rel* \ +diff --git a/crt0-efi-x86_64.S b/crt0-efi-x86_64.S +new file mode 100644 +index 0000000..f334a63 +--- /dev/null ++++ b/crt0-efi-x86_64.S +@@ -0,0 +1,177 @@ ++/* crt0-efi-x86_64.S - x86_64 EFI startup code. ++ * ++ * Copyright 2014 Red Hat, Inc. ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the ++ * distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS ++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE ++ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ .section .text.head ++ ++ /* ++ * Magic "MZ" signature for PE/COFF ++ */ ++ .globl ImageBase ++ImageBase: ++ .ascii "MZ" ++ .skip 58 // 'MZ' + pad + offset == 64 ++ .long pe_header - ImageBase // Offset to the PE header. ++ .long 0x0eba1f0e /* terrifying code */ ++ .long 0xcd09b400 /* terrifying code */ ++ .long 0x4c01b821 /* terrifying code */ ++ .short 0x21cd /* terrfiying code */ ++ .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ ++ .skip 9 ++pe_header: ++ .ascii "PE" ++ .short 0 ++coff_header: ++ .short 0x8664 // x86_64 ++ .short 1 // nr_sections ++ .long 0 // TimeDateStamp ++ .long 0 // PointerToSymbolTable ++ .long 0 // NumberOfSymbols ++ .short section_table - optional_header // SizeOfOptionalHeader ++ .short 0x206 // Characteristics. ++ // IMAGE_FILE_DEBUG_STRIPPED | ++ // IMAGE_FILE_EXECUTABLE_IMAGE | ++ // IMAGE_FILE_LINE_NUMS_STRIPPED ++optional_header: ++ .short 0x20b // PE32+ format ++ .byte 0x02 // MajorLinkerVersion ++ .byte 0x18 // MinorLinkerVersion ++ .long _edata - _start // SizeOfCode ++ .long 0 // SizeOfInitializedData ++ .long 0 // SizeOfUninitializedData ++ .long _start - ImageBase // AddressOfEntryPoint ++ .long _start - ImageBase // BaseOfCode ++ ++extra_header_fields: ++ .quad 0 // ImageBase ++ .long 0x20 // SectionAlignment ++ .long 0x8 // FileAlignment ++ .short 0 // MajorOperatingSystemVersion ++ .short 0 // MinorOperatingSystemVersion ++ .short 0 // MajorImageVersion ++ .short 0 // MinorImageVersion ++ .short 0 // MajorSubsystemVersion ++ .short 0 // MinorSubsystemVersion ++ .long 0 // Win32VersionValue ++ ++ .long _edata - ImageBase // SizeOfImage ++ ++ // Everything before the kernel image is considered part of the header ++ .long _start - ImageBase // SizeOfHeaders ++ .long 0 // CheckSum ++ .short EFI_SUBSYSTEM // Subsystem ++ .short 0 // DllCharacteristics ++ .quad 0 // SizeOfStackReserve ++ .quad 0 // SizeOfStackCommit ++ .quad 0 // SizeOfHeapReserve ++ .quad 0 // SizeOfHeapCommit ++ .long 0 // LoaderFlags ++ .long 0x10 // NumberOfRvaAndSizes ++ ++ .quad 0 // ExportTable ++ .quad 0 // ImportTable ++ .quad 0 // ResourceTable ++ .quad 0 // ExceptionTable ++ .quad 0 // CertificationTable ++ .quad 0 // BaseRelocationTable ++ .quad 0 // DebugTable ++ .quad 0 // ArchTable ++ .quad 0 // GlobalPointerTable ++ .quad 0 // .tls ++ .quad 0 // LoadConfigTable ++ .quad 0 // BoundImportsTable ++ .quad 0 // ImportAddressTable ++ .quad 0 // DelayLoadImportTable ++ .quad 0 // ClrRuntimeHeader (.cor) ++ .quad 0 // Reserved ++ ++ // Section table ++section_table: ++ .ascii ".text" ++ .byte 0 ++ .byte 0 ++ .byte 0 // end of 0 padding of section name ++ ++ .long _edata - _start // VirtualSize ++ .long _start - ImageBase // VirtualAddress ++ .long _edata - _start // SizeOfRawData ++ .long _start - ImageBase // PointerToRawData ++ .long 0 // PointerToRelocations (0 for executables) ++ .long 0 // PointerToLineNumbers (0 for executables) ++ .short 0 // NumberOfRelocations (0 for executables) ++ .short 0 // NumberOfLineNumbers (0 for executables) ++ .long 0x60500020 // Characteristics (section flags) ++ ++ /* ++ * The EFI application loader requires a relocation section ++ * because EFI applications must be relocatable. This is a ++ * dummy section as far as we are concerned. ++ */ ++ .ascii ".reloc" ++ .byte 0 ++ .byte 0 // end of 0 padding of section name ++ ++ .long 0 // VirtualSize ++ .long 0 // VirtualAddress ++ .long 0 // SizeOfRawData ++ .long 0 // PointerToRawData ++ .long 0 // PointerToRelocations ++ .long 0 // PointerToLineNumbers ++ .short 0 // NumberOfRelocations ++ .short 0 // NumberOfLineNumbers ++ .long 0x42100040 // Characteristics (section flags) ++ ++ /* x86-64 needs this padding here; without it, some machines simply ++ * refuse to admit this is an EFI binary. I'm not really sure why; ++ * reading the spec, it's unclear, but you'd expect it would need to ++ * be aligned to (1 << FileAlignment), which would mean not having ++ * the spacing. ++ */ ++ .quad 0 ++_start: ++ subq $8, %rsp ++ pushq %rcx ++ pushq %rdx ++ ++0: ++ lea ImageBase(%rip), %rdi ++ lea _DYNAMIC(%rip), %rsi ++ ++ popq %rcx ++ popq %rdx ++ pushq %rcx ++ pushq %rdx ++ call _relocate ++ ++ popq %rdi ++ popq %rsi ++ ++ call efi_main ++ addq $8, %rsp ++ ++.exit: ++ ret +diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds +index f981102..091187b 100644 +--- a/elf_x86_64_efi.lds ++++ b/elf_x86_64_efi.lds +@@ -4,63 +4,60 @@ OUTPUT_ARCH(i386:x86-64) + ENTRY(_start) + SECTIONS + { +- . = 0; +- ImageBase = .; +- .hash : { *(.hash) } /* this MUST come first! */ +- . = ALIGN(4096); +- .eh_frame : +- { +- *(.eh_frame) +- } +- . = ALIGN(4096); +- .text : +- { +- *(.text) +- } +- . = ALIGN(4096); +- .reloc : +- { +- *(.reloc) ++ .text 0x0 : { ++ *(.text.head) ++ *(.text) ++ *(.text.*) ++ *(.gnu.linkonce.t.*) ++ *(.srodata) ++ *(.rodata*) ++ . = ALIGN(16); ++ _etext = .; + } +- . = ALIGN(4096); ++ .dynamic : { *(.dynamic) } + .data : + { +- *(.rodata*) +- *(.got.plt) +- *(.got) +- *(.data*) +- *(.sdata) +- /* the EFI loader doesn't seem to like a .bss section, so we stick +- it all into .data: */ +- *(.sbss) +- *(.scommon) +- *(.dynbss) +- *(.bss) +- *(COMMON) +- *(.rel.local) ++ *(.sdata) ++ *(.data) ++ *(.data1) ++ *(.data.*) ++ *(.got.plt) ++ *(.got) ++ ++ /* the EFI loader doesn't seem to like a .bss section, so we stick ++ * it all into .data: */ ++ . = ALIGN(16); ++ _bss = .; ++ *(.sbss) ++ *(.scommon) ++ *(.dynbss) ++ *(.bss) ++ *(COMMON) ++ . = ALIGN(16); ++ _bss_end = .; + } + . = ALIGN(4096); + .vendor_cert : + { +- *(.vendor_cert) ++ *(.vendor_cert) + } ++ + . = ALIGN(4096); +- .dynamic : { *(.dynamic) } +- . = ALIGN(4096); +- .rela : +- { +- *(.rela.data*) +- *(.rela.got) +- *(.rela.stab) +- } ++ .rela.dyn : { *(.rela.dyn) } ++ .rela.plt : { *(.rela.plt) } ++ .rela.got : { *(.rela.got) } ++ .rela.data : { *(.rela.data) *(.rela.data*) } ++ _edata = .; ++ _data_size = . - _etext; ++ + . = ALIGN(4096); +- .dynsym : { *(.dynsym) } ++ .dynsym : { *(.dynsym) } + . = ALIGN(4096); +- .dynstr : { *(.dynstr) } ++ .dynstr : { *(.dynstr) } + . = ALIGN(4096); +- .ignored.reloc : ++ /DISCARD/ : + { +- *(.rela.reloc) ++ *(.rel.reloc) + *(.eh_frame) + *(.note.GNU-stack) + } +-- +1.9.3 + diff --git a/SOURCES/0061-Do-the-same-for-ia32.patch b/SOURCES/0061-Do-the-same-for-ia32.patch new file mode 100644 index 0000000..575a312 --- /dev/null +++ b/SOURCES/0061-Do-the-same-for-ia32.patch @@ -0,0 +1,383 @@ +From 6744a7ef8eca44948565c3d1244ec931ed3f6fee Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 21 Sep 2014 13:11:11 -0400 +Subject: [PATCH 61/74] Do the same for ia32... + +Once again, on ia32 this time, we see: + +00000120 47 84 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 |G...............| + +Which is where the pointer on ia32 for the Base Relocation Table should +be. It points to 0x8447, which isn't a particularly reasonable address as +numbers go, and happens to have this data there: + +00008440 6f 00 6e 00 66 00 69 00 67 00 75 00 72 00 65 00 |o.n.f.i.g.u.r.e.| +00008450 00 00 49 00 50 00 76 00 36 00 28 00 00 00 2c 00 |..I.P.v.6.(...,.| +00008460 25 00 73 00 2c 00 00 00 29 00 00 00 25 00 64 00 |%.s.,...)...%.d.| +00008470 2e 00 25 00 64 00 2e 00 25 00 64 00 2e 00 25 00 |..%.d...%.d...%.| +00008480 64 00 00 00 44 00 48 00 43 00 50 00 00 00 49 00 |d...D.H.C.P...I.| +00008490 50 00 76 00 34 00 28 00 00 00 2c 00 25 00 73 00 |P.v.4.(...,.%.s.| + +And so that table is, in theory, this part: + +00008447 00 67 00 75 00 72 00 65 00 | .g.u.r.e.| +00008450 00 |. | + +Which is pretty clearly not a pointer table of any kind. + +So give ia32 the same treatment as x86_64, and now all arches work basically +the same. + +Signed-off-by: Peter Jones +--- + Makefile | 22 +++++-- + crt0-efi-ia32.S | 180 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + elf_ia32_efi.lds | 83 ++++++++++++------------- + 3 files changed, 236 insertions(+), 49 deletions(-) + create mode 100644 crt0-efi-ia32.S + +diff --git a/Makefile b/Makefile +index d5fd55b..a52984f 100644 +--- a/Makefile ++++ b/Makefile +@@ -6,19 +6,25 @@ ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) + + SUBDIRS = Cryptlib lib + +-LIB_PATH = /usr/lib64 +- + EFI_INCLUDE := /usr/include/efi + EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude +-EFI_PATH := /usr/lib64/gnuefi ++ifeq ($(ARCH),ia32) ++LIB_PATH := /usr/lib ++EFI_PATH := /usr/lib/gnuefi ++endif ++LIB_PATH ?= /usr/lib64 ++EFI_PATH ?= /usr/lib64/gnuefi + + LIB_GCC = $(shell $(CC) -print-libgcc-file-name) + EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) + + ifeq ($(ARCH),x86_64) + EFI_CRT_OBJS := crt0-efi-$(ARCH).o +-endif ++else ifeq ($(ARCH),ia32) ++EFI_CRT_OBJS := crt0-efi-$(ARCH).o ++else + EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o ++endif + EFI_LDS = elf_$(ARCH)_efi.lds + + DEFAULT_LOADER := \\\\grub.efi +@@ -137,9 +143,15 @@ SUBSYSTEM := 0xa + LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) + endif + ++ifeq ($(ARCH),ia32) ++FORMAT := -O binary ++SUBSYSTEM := 0xa ++LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) ++endif ++ + FORMAT ?= --target efi-app-$(ARCH) + +-crt0-efi-x86_64.o : crt0-efi-x86_64.S ++crt0-efi-$(ARCH).o : crt0-efi-$(ARCH).S + $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $< + + %.efi: %.so +diff --git a/crt0-efi-ia32.S b/crt0-efi-ia32.S +new file mode 100644 +index 0000000..70b5b44 +--- /dev/null ++++ b/crt0-efi-ia32.S +@@ -0,0 +1,180 @@ ++/* crt0-efi-x86_64.S - x86_64 EFI startup code. ++ * ++ * Copyright 2014 Red Hat, Inc. ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the ++ * distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS ++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE ++ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ .section .text.head ++ ++ /* ++ * Magic "MZ" signature for PE/COFF ++ */ ++ .globl ImageBase ++ImageBase: ++ .ascii "MZ" ++ .skip 58 // 'MZ' + pad + offset == 64 ++ .long pe_header - ImageBase // Offset to the PE header. ++ .long 0x0eba1f0e /* terrifying code */ ++ .long 0xcd09b400 /* terrifying code */ ++ .long 0x4c01b821 /* terrifying code */ ++ .short 0x21cd /* terrfiying code */ ++ .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ ++ .skip 9 ++pe_header: ++ .ascii "PE" ++ .short 0 ++coff_header: ++ .short 0x014c // i386 ++ .short 1 // nr_sections ++ .long 0 // TimeDateStamp ++ .long 0 // PointerToSymbolTable ++ .long 0 // NumberOfSymbols ++ .short section_table - optional_header // SizeOfOptionalHeader ++ .short 0x306 // Characteristics. ++ // IMAGE_FILE_DEBUG_STRIPPED | ++ // IMAGE_FILE_EXECUTABLE_IMAGE | ++ // IMAGE_FILE_LINE_NUMS_STRIPPED ++ // | IMAGE_FILE_32BIT_MACHINE ++optional_header: ++ .short 0x10b // PE32+ format ++ .byte 0x02 // MajorLinkerVersion ++ .byte 0x18 // MinorLinkerVersion ++ .long _edata - _start // SizeOfCode ++ .long 0 // SizeOfInitializedData ++ .long 0 // SizeOfUninitializedData ++ .long _start - ImageBase // AddressOfEntryPoint ++ .long _start - ImageBase // BaseOfCode ++ .long 0 // BaseOfData ++ ++extra_header_fields: ++ .long 0 // ImageBase ++ .long 0x20 // SectionAlignment ++ .long 0x8 // FileAlignment ++ .short 0 // MajorOperatingSystemVersion ++ .short 0 // MinorOperatingSystemVersion ++ .short 0 // MajorImageVersion ++ .short 0 // MinorImageVersion ++ .short 0 // MajorSubsystemVersion ++ .short 0 // MinorSubsystemVersion ++ .long 0 // Win32VersionValue ++ ++ .long _edata - ImageBase // SizeOfImage ++ ++ // Everything before the kernel image is considered part of the header ++ .long _start - ImageBase // SizeOfHeaders ++ .long 0 // CheckSum ++ .short EFI_SUBSYSTEM // Subsystem ++ .short 0 // DllCharacteristics ++ .long 0 // SizeOfStackReserve ++ .long 0 // SizeOfStackCommit ++ .long 0 // SizeOfHeapReserve ++ .long 0 // SizeOfHeapCommit ++ .long 0 // LoaderFlags ++ .long 0x10 // NumberOfRvaAndSizes ++ ++ .quad 0 // ExportTable ++ .quad 0 // ImportTable ++ .quad 0 // ResourceTable ++ .quad 0 // ExceptionTable ++ .quad 0 // CertificationTable ++ .quad 0 // BaseRelocationTable ++ .quad 0 // DebugTable ++ .quad 0 // ArchTable ++ .quad 0 // GlobalPointerTable ++ .quad 0 // .tls ++ .quad 0 // LoadConfigTable ++ .quad 0 // BoundImportsTable ++ .quad 0 // ImportAddressTable ++ .quad 0 // DelayLoadImportTable ++ .quad 0 // ClrRuntimeHeader (.cor) ++ .quad 0 // Reserved ++ ++ // Section table ++section_table: ++ .ascii ".text" ++ .byte 0 ++ .byte 0 ++ .byte 0 // end of 0 padding of section name ++ ++ .long _edata - _start // VirtualSize ++ .long _start - ImageBase // VirtualAddress ++ .long _edata - _start // SizeOfRawData ++ .long _start - ImageBase // PointerToRawData ++ .long 0 // PointerToRelocations (0 for executables) ++ .long 0 // PointerToLineNumbers (0 for executables) ++ .short 0 // NumberOfRelocations (0 for executables) ++ .short 0 // NumberOfLineNumbers (0 for executables) ++ .long 0x60500020 // Characteristics (section flags) ++ ++ /* ++ * The EFI application loader requires a relocation section ++ * because EFI applications must be relocatable. This is a ++ * dummy section as far as we are concerned. ++ */ ++ .ascii ".reloc" ++ .byte 0 ++ .byte 0 // end of 0 padding of section name ++ ++ .long 0 // VirtualSize ++ .long 0 // VirtualAddress ++ .long 0 // SizeOfRawData ++ .long 0 // PointerToRawData ++ .long 0 // PointerToRelocations ++ .long 0 // PointerToLineNumbers ++ .short 0 // NumberOfRelocations ++ .short 0 // NumberOfLineNumbers ++ .long 0x42100040 // Characteristics (section flags) ++ ++ /* most if not all ia32 binaries binutils makes seem to have .text ++ * starting at 0x400; no reason to assume that's a bad idea. */ ++ .align 1024 ++ ++_start: ++ pushl %ebp ++ movl %esp,%ebp ++ ++ pushl 12(%ebp) # copy "image" argument ++ pushl 8(%ebp) # copy "systab" argument ++ ++ call 0f ++0: popl %eax ++ movl %eax,%ebx ++ ++ addl $ImageBase-0b,%eax # %eax = ldbase ++ addl $_DYNAMIC-0b,%ebx # %ebx = _DYNAMIC ++ ++ pushl %ebx # pass _DYNAMIC as second argument ++ pushl %eax # pass ldbase as first argument ++ call _relocate ++ popl %ebx ++ popl %ebx ++ testl %eax,%eax ++ jne .exit ++ ++ call efi_main # call app with "image" and "systab" argument ++ ++.exit: ++ leave ++ ret +diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds +index 12d4085..b649e15 100644 +--- a/elf_ia32_efi.lds ++++ b/elf_ia32_efi.lds +@@ -3,61 +3,56 @@ OUTPUT_ARCH(i386) + ENTRY(_start) + SECTIONS + { +- . = 0; +- ImageBase = .; +- .hash : { *(.hash) } /* this MUST come first! */ +- . = ALIGN(4096); +- .text : +- { +- *(.text) +- *(.text.*) +- *(.gnu.linkonce.t.*) +- } +- .reloc : +- { +- *(.reloc) ++ .text 0x0 : { ++ *(.text.head) ++ *(.text) ++ *(.text.*) ++ *(.gnu.linkonce.t.*) ++ *(.srodata) ++ *(.rodata*) ++ . = ALIGN(16); ++ _etext = .; + } +- . = ALIGN(4096); ++ .dynamic : { *(.dynamic) } + .data : + { +- *(.rodata*) +- *(.data) +- *(.data1) +- *(.data.*) +- *(.sdata) +- *(.got.plt) +- *(.got) +- /* the EFI loader doesn't seem to like a .bss section, so we stick +- it all into .data: */ +- *(.sbss) +- *(.scommon) +- *(.dynbss) +- *(.bss) +- *(COMMON) ++ *(.sdata) ++ *(.data) ++ *(.data1) ++ *(.data.*) ++ *(.got.plt) ++ *(.got) ++ ++ /* the EFI loader doesn't seem to like a .bss section, so we stick ++ * it all into .data: */ ++ . = ALIGN(16); ++ _bss = .; ++ *(.sbss) ++ *(.scommon) ++ *(.dynbss) ++ *(.bss) ++ *(COMMON) ++ . = ALIGN(16); ++ _bss_end = .; + } + . = ALIGN(4096); + .vendor_cert : + { +- *(.vendor_cert) ++ *(.vendor_cert) + } ++ + . = ALIGN(4096); +- .dynamic : { *(.dynamic) } +- . = ALIGN(4096); +- .rel : +- { +- *(.rel.data) +- *(.rel.data.*) +- *(.rel.got) +- *(.rel.stab) +- *(.data.rel.ro.local) +- *(.data.rel.local) +- *(.data.rel.ro) +- *(.data.rel*) +- } ++ .rel.dyn : { *(.rel.dyn) } ++ .rel.plt : { *(.rel.plt) } ++ .rel.got : { *(.rel.got) } ++ .rel.data : { *(.rel.data) *(.rel.data*) } ++ _edata = .; ++ _data_size = . - _etext; ++ + . = ALIGN(4096); +- .dynsym : { *(.dynsym) } ++ .dynsym : { *(.dynsym) } + . = ALIGN(4096); +- .dynstr : { *(.dynstr) } ++ .dynstr : { *(.dynstr) } + . = ALIGN(4096); + /DISCARD/ : + { +-- +1.9.3 + diff --git a/SOURCES/0062-Make-list_keys-index-variables-all-be-signed.patch b/SOURCES/0062-Make-list_keys-index-variables-all-be-signed.patch new file mode 100644 index 0000000..c93d5be --- /dev/null +++ b/SOURCES/0062-Make-list_keys-index-variables-all-be-signed.patch @@ -0,0 +1,34 @@ +From 9db91ca0e1f7ac94871f34f654b41cbb7f9e2da1 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 21 Sep 2014 13:19:30 -0400 +Subject: [PATCH 62/74] Make list_keys() index variables all be signed. + +We build with -Werror=signed-compare in fedora/rhel rpms, and this +showed up. + +Signed-off-by: Peter Jones +--- + MokManager.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/MokManager.c b/MokManager.c +index 50cb9d7..ecbcdd3 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -436,11 +436,11 @@ static void show_mok_info (void *Mok, UINTN MokSize) + + static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) + { +- UINT32 MokNum = 0; ++ INTN MokNum = 0; + MokListNode *keys = NULL; + INTN key_num = 0; + CHAR16 **menu_strings; +- unsigned int i; ++ int i; + + if (KeyListSize < (sizeof(EFI_SIGNATURE_LIST) + + sizeof(EFI_SIGNATURE_DATA))) { +-- +1.9.3 + diff --git a/SOURCES/0063-Revert-header-changes.patch b/SOURCES/0063-Revert-header-changes.patch new file mode 100644 index 0000000..3a70cf7 --- /dev/null +++ b/SOURCES/0063-Revert-header-changes.patch @@ -0,0 +1,702 @@ +From c6281c6a195edee611858a8d802ff5f3dee34aa5 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 30 Sep 2014 22:47:39 -0400 +Subject: [PATCH 63/74] Revert header changes + +Revert "Do the same for ia32..." +and "Generate a sane PE header on shim, fallback, and MokManager." +This reverts commit 6744a7ef8eca44948565c3d1244ec931ed3f6fee. +and commit 0e7ba5947eb38b79de2051ecf3b95055e620475c. + +These are premature and I can do this without such drastic measures. + +Signed-off-by: Peter Jones +--- + Makefile | 42 +++---------- + crt0-efi-ia32.S | 180 ----------------------------------------------------- + crt0-efi-x86_64.S | 177 ---------------------------------------------------- + elf_ia32_efi.lds | 83 ++++++++++++------------ + elf_x86_64_efi.lds | 85 +++++++++++++------------ + 5 files changed, 97 insertions(+), 470 deletions(-) + delete mode 100644 crt0-efi-ia32.S + delete mode 100644 crt0-efi-x86_64.S + +diff --git a/Makefile b/Makefile +index a52984f..5bc513c 100644 +--- a/Makefile ++++ b/Makefile +@@ -6,25 +6,16 @@ ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) + + SUBDIRS = Cryptlib lib + ++LIB_PATH = /usr/lib64 ++ + EFI_INCLUDE := /usr/include/efi + EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude +-ifeq ($(ARCH),ia32) +-LIB_PATH := /usr/lib +-EFI_PATH := /usr/lib/gnuefi +-endif +-LIB_PATH ?= /usr/lib64 +-EFI_PATH ?= /usr/lib64/gnuefi ++EFI_PATH := /usr/lib64/gnuefi + + LIB_GCC = $(shell $(CC) -print-libgcc-file-name) + EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) + +-ifeq ($(ARCH),x86_64) +-EFI_CRT_OBJS := crt0-efi-$(ARCH).o +-else ifeq ($(ARCH),ia32) +-EFI_CRT_OBJS := crt0-efi-$(ARCH).o +-else +-EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o +-endif ++EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o + EFI_LDS = elf_$(ARCH)_efi.lds + + DEFAULT_LOADER := \\\\grub.efi +@@ -61,11 +52,11 @@ ifneq ($(origin VENDOR_DBX_FILE), undefined) + CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" + endif + +-LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL ++LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) + + VERSION = 0.7 + +-TARGET += shim.efi MokManager.efi.signed fallback.efi.signed ++TARGET = shim.efi MokManager.efi.signed fallback.efi.signed + OBJS = shim.o netboot.o cert.o replacements.o version.o + KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer + SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h +@@ -103,17 +94,17 @@ shim.o: $(SOURCES) shim_cert.h + cert.o : cert.S + $(CC) $(CFLAGS) -c -o $@ $< + +-shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) ++shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) + + fallback.o: $(FALLBACK_SRCS) + +-fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) ++fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) + + MokManager.o: $(MOK_SOURCES) + +-MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) ++MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a + + Cryptlib/libcryptlib.a: +@@ -137,23 +128,8 @@ SUBSYSTEM := 0xa + LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) + endif + +-ifeq ($(ARCH),x86_64) +-FORMAT := -O binary +-SUBSYSTEM := 0xa +-LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) +-endif +- +-ifeq ($(ARCH),ia32) +-FORMAT := -O binary +-SUBSYSTEM := 0xa +-LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) +-endif +- + FORMAT ?= --target efi-app-$(ARCH) + +-crt0-efi-$(ARCH).o : crt0-efi-$(ARCH).S +- $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $< +- + %.efi: %.so + $(OBJCOPY) -j .text -j .sdata -j .data \ + -j .dynamic -j .dynsym -j .rel* \ +diff --git a/crt0-efi-ia32.S b/crt0-efi-ia32.S +deleted file mode 100644 +index 70b5b44..0000000 +--- a/crt0-efi-ia32.S ++++ /dev/null +@@ -1,180 +0,0 @@ +-/* crt0-efi-x86_64.S - x86_64 EFI startup code. +- * +- * Copyright 2014 Red Hat, Inc. +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the +- * distribution. +- * +- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +- * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- */ +- .section .text.head +- +- /* +- * Magic "MZ" signature for PE/COFF +- */ +- .globl ImageBase +-ImageBase: +- .ascii "MZ" +- .skip 58 // 'MZ' + pad + offset == 64 +- .long pe_header - ImageBase // Offset to the PE header. +- .long 0x0eba1f0e /* terrifying code */ +- .long 0xcd09b400 /* terrifying code */ +- .long 0x4c01b821 /* terrifying code */ +- .short 0x21cd /* terrfiying code */ +- .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ +- .skip 9 +-pe_header: +- .ascii "PE" +- .short 0 +-coff_header: +- .short 0x014c // i386 +- .short 1 // nr_sections +- .long 0 // TimeDateStamp +- .long 0 // PointerToSymbolTable +- .long 0 // NumberOfSymbols +- .short section_table - optional_header // SizeOfOptionalHeader +- .short 0x306 // Characteristics. +- // IMAGE_FILE_DEBUG_STRIPPED | +- // IMAGE_FILE_EXECUTABLE_IMAGE | +- // IMAGE_FILE_LINE_NUMS_STRIPPED +- // | IMAGE_FILE_32BIT_MACHINE +-optional_header: +- .short 0x10b // PE32+ format +- .byte 0x02 // MajorLinkerVersion +- .byte 0x18 // MinorLinkerVersion +- .long _edata - _start // SizeOfCode +- .long 0 // SizeOfInitializedData +- .long 0 // SizeOfUninitializedData +- .long _start - ImageBase // AddressOfEntryPoint +- .long _start - ImageBase // BaseOfCode +- .long 0 // BaseOfData +- +-extra_header_fields: +- .long 0 // ImageBase +- .long 0x20 // SectionAlignment +- .long 0x8 // FileAlignment +- .short 0 // MajorOperatingSystemVersion +- .short 0 // MinorOperatingSystemVersion +- .short 0 // MajorImageVersion +- .short 0 // MinorImageVersion +- .short 0 // MajorSubsystemVersion +- .short 0 // MinorSubsystemVersion +- .long 0 // Win32VersionValue +- +- .long _edata - ImageBase // SizeOfImage +- +- // Everything before the kernel image is considered part of the header +- .long _start - ImageBase // SizeOfHeaders +- .long 0 // CheckSum +- .short EFI_SUBSYSTEM // Subsystem +- .short 0 // DllCharacteristics +- .long 0 // SizeOfStackReserve +- .long 0 // SizeOfStackCommit +- .long 0 // SizeOfHeapReserve +- .long 0 // SizeOfHeapCommit +- .long 0 // LoaderFlags +- .long 0x10 // NumberOfRvaAndSizes +- +- .quad 0 // ExportTable +- .quad 0 // ImportTable +- .quad 0 // ResourceTable +- .quad 0 // ExceptionTable +- .quad 0 // CertificationTable +- .quad 0 // BaseRelocationTable +- .quad 0 // DebugTable +- .quad 0 // ArchTable +- .quad 0 // GlobalPointerTable +- .quad 0 // .tls +- .quad 0 // LoadConfigTable +- .quad 0 // BoundImportsTable +- .quad 0 // ImportAddressTable +- .quad 0 // DelayLoadImportTable +- .quad 0 // ClrRuntimeHeader (.cor) +- .quad 0 // Reserved +- +- // Section table +-section_table: +- .ascii ".text" +- .byte 0 +- .byte 0 +- .byte 0 // end of 0 padding of section name +- +- .long _edata - _start // VirtualSize +- .long _start - ImageBase // VirtualAddress +- .long _edata - _start // SizeOfRawData +- .long _start - ImageBase // PointerToRawData +- .long 0 // PointerToRelocations (0 for executables) +- .long 0 // PointerToLineNumbers (0 for executables) +- .short 0 // NumberOfRelocations (0 for executables) +- .short 0 // NumberOfLineNumbers (0 for executables) +- .long 0x60500020 // Characteristics (section flags) +- +- /* +- * The EFI application loader requires a relocation section +- * because EFI applications must be relocatable. This is a +- * dummy section as far as we are concerned. +- */ +- .ascii ".reloc" +- .byte 0 +- .byte 0 // end of 0 padding of section name +- +- .long 0 // VirtualSize +- .long 0 // VirtualAddress +- .long 0 // SizeOfRawData +- .long 0 // PointerToRawData +- .long 0 // PointerToRelocations +- .long 0 // PointerToLineNumbers +- .short 0 // NumberOfRelocations +- .short 0 // NumberOfLineNumbers +- .long 0x42100040 // Characteristics (section flags) +- +- /* most if not all ia32 binaries binutils makes seem to have .text +- * starting at 0x400; no reason to assume that's a bad idea. */ +- .align 1024 +- +-_start: +- pushl %ebp +- movl %esp,%ebp +- +- pushl 12(%ebp) # copy "image" argument +- pushl 8(%ebp) # copy "systab" argument +- +- call 0f +-0: popl %eax +- movl %eax,%ebx +- +- addl $ImageBase-0b,%eax # %eax = ldbase +- addl $_DYNAMIC-0b,%ebx # %ebx = _DYNAMIC +- +- pushl %ebx # pass _DYNAMIC as second argument +- pushl %eax # pass ldbase as first argument +- call _relocate +- popl %ebx +- popl %ebx +- testl %eax,%eax +- jne .exit +- +- call efi_main # call app with "image" and "systab" argument +- +-.exit: +- leave +- ret +diff --git a/crt0-efi-x86_64.S b/crt0-efi-x86_64.S +deleted file mode 100644 +index f334a63..0000000 +--- a/crt0-efi-x86_64.S ++++ /dev/null +@@ -1,177 +0,0 @@ +-/* crt0-efi-x86_64.S - x86_64 EFI startup code. +- * +- * Copyright 2014 Red Hat, Inc. +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the +- * distribution. +- * +- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +- * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- */ +- .section .text.head +- +- /* +- * Magic "MZ" signature for PE/COFF +- */ +- .globl ImageBase +-ImageBase: +- .ascii "MZ" +- .skip 58 // 'MZ' + pad + offset == 64 +- .long pe_header - ImageBase // Offset to the PE header. +- .long 0x0eba1f0e /* terrifying code */ +- .long 0xcd09b400 /* terrifying code */ +- .long 0x4c01b821 /* terrifying code */ +- .short 0x21cd /* terrfiying code */ +- .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ +- .skip 9 +-pe_header: +- .ascii "PE" +- .short 0 +-coff_header: +- .short 0x8664 // x86_64 +- .short 1 // nr_sections +- .long 0 // TimeDateStamp +- .long 0 // PointerToSymbolTable +- .long 0 // NumberOfSymbols +- .short section_table - optional_header // SizeOfOptionalHeader +- .short 0x206 // Characteristics. +- // IMAGE_FILE_DEBUG_STRIPPED | +- // IMAGE_FILE_EXECUTABLE_IMAGE | +- // IMAGE_FILE_LINE_NUMS_STRIPPED +-optional_header: +- .short 0x20b // PE32+ format +- .byte 0x02 // MajorLinkerVersion +- .byte 0x18 // MinorLinkerVersion +- .long _edata - _start // SizeOfCode +- .long 0 // SizeOfInitializedData +- .long 0 // SizeOfUninitializedData +- .long _start - ImageBase // AddressOfEntryPoint +- .long _start - ImageBase // BaseOfCode +- +-extra_header_fields: +- .quad 0 // ImageBase +- .long 0x20 // SectionAlignment +- .long 0x8 // FileAlignment +- .short 0 // MajorOperatingSystemVersion +- .short 0 // MinorOperatingSystemVersion +- .short 0 // MajorImageVersion +- .short 0 // MinorImageVersion +- .short 0 // MajorSubsystemVersion +- .short 0 // MinorSubsystemVersion +- .long 0 // Win32VersionValue +- +- .long _edata - ImageBase // SizeOfImage +- +- // Everything before the kernel image is considered part of the header +- .long _start - ImageBase // SizeOfHeaders +- .long 0 // CheckSum +- .short EFI_SUBSYSTEM // Subsystem +- .short 0 // DllCharacteristics +- .quad 0 // SizeOfStackReserve +- .quad 0 // SizeOfStackCommit +- .quad 0 // SizeOfHeapReserve +- .quad 0 // SizeOfHeapCommit +- .long 0 // LoaderFlags +- .long 0x10 // NumberOfRvaAndSizes +- +- .quad 0 // ExportTable +- .quad 0 // ImportTable +- .quad 0 // ResourceTable +- .quad 0 // ExceptionTable +- .quad 0 // CertificationTable +- .quad 0 // BaseRelocationTable +- .quad 0 // DebugTable +- .quad 0 // ArchTable +- .quad 0 // GlobalPointerTable +- .quad 0 // .tls +- .quad 0 // LoadConfigTable +- .quad 0 // BoundImportsTable +- .quad 0 // ImportAddressTable +- .quad 0 // DelayLoadImportTable +- .quad 0 // ClrRuntimeHeader (.cor) +- .quad 0 // Reserved +- +- // Section table +-section_table: +- .ascii ".text" +- .byte 0 +- .byte 0 +- .byte 0 // end of 0 padding of section name +- +- .long _edata - _start // VirtualSize +- .long _start - ImageBase // VirtualAddress +- .long _edata - _start // SizeOfRawData +- .long _start - ImageBase // PointerToRawData +- .long 0 // PointerToRelocations (0 for executables) +- .long 0 // PointerToLineNumbers (0 for executables) +- .short 0 // NumberOfRelocations (0 for executables) +- .short 0 // NumberOfLineNumbers (0 for executables) +- .long 0x60500020 // Characteristics (section flags) +- +- /* +- * The EFI application loader requires a relocation section +- * because EFI applications must be relocatable. This is a +- * dummy section as far as we are concerned. +- */ +- .ascii ".reloc" +- .byte 0 +- .byte 0 // end of 0 padding of section name +- +- .long 0 // VirtualSize +- .long 0 // VirtualAddress +- .long 0 // SizeOfRawData +- .long 0 // PointerToRawData +- .long 0 // PointerToRelocations +- .long 0 // PointerToLineNumbers +- .short 0 // NumberOfRelocations +- .short 0 // NumberOfLineNumbers +- .long 0x42100040 // Characteristics (section flags) +- +- /* x86-64 needs this padding here; without it, some machines simply +- * refuse to admit this is an EFI binary. I'm not really sure why; +- * reading the spec, it's unclear, but you'd expect it would need to +- * be aligned to (1 << FileAlignment), which would mean not having +- * the spacing. +- */ +- .quad 0 +-_start: +- subq $8, %rsp +- pushq %rcx +- pushq %rdx +- +-0: +- lea ImageBase(%rip), %rdi +- lea _DYNAMIC(%rip), %rsi +- +- popq %rcx +- popq %rdx +- pushq %rcx +- pushq %rdx +- call _relocate +- +- popq %rdi +- popq %rsi +- +- call efi_main +- addq $8, %rsp +- +-.exit: +- ret +diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds +index b649e15..12d4085 100644 +--- a/elf_ia32_efi.lds ++++ b/elf_ia32_efi.lds +@@ -3,56 +3,61 @@ OUTPUT_ARCH(i386) + ENTRY(_start) + SECTIONS + { +- .text 0x0 : { +- *(.text.head) +- *(.text) +- *(.text.*) +- *(.gnu.linkonce.t.*) +- *(.srodata) +- *(.rodata*) +- . = ALIGN(16); +- _etext = .; ++ . = 0; ++ ImageBase = .; ++ .hash : { *(.hash) } /* this MUST come first! */ ++ . = ALIGN(4096); ++ .text : ++ { ++ *(.text) ++ *(.text.*) ++ *(.gnu.linkonce.t.*) ++ } ++ .reloc : ++ { ++ *(.reloc) + } +- .dynamic : { *(.dynamic) } ++ . = ALIGN(4096); + .data : + { +- *(.sdata) +- *(.data) +- *(.data1) +- *(.data.*) +- *(.got.plt) +- *(.got) +- +- /* the EFI loader doesn't seem to like a .bss section, so we stick +- * it all into .data: */ +- . = ALIGN(16); +- _bss = .; +- *(.sbss) +- *(.scommon) +- *(.dynbss) +- *(.bss) +- *(COMMON) +- . = ALIGN(16); +- _bss_end = .; ++ *(.rodata*) ++ *(.data) ++ *(.data1) ++ *(.data.*) ++ *(.sdata) ++ *(.got.plt) ++ *(.got) ++ /* the EFI loader doesn't seem to like a .bss section, so we stick ++ it all into .data: */ ++ *(.sbss) ++ *(.scommon) ++ *(.dynbss) ++ *(.bss) ++ *(COMMON) + } + . = ALIGN(4096); + .vendor_cert : + { +- *(.vendor_cert) ++ *(.vendor_cert) + } +- + . = ALIGN(4096); +- .rel.dyn : { *(.rel.dyn) } +- .rel.plt : { *(.rel.plt) } +- .rel.got : { *(.rel.got) } +- .rel.data : { *(.rel.data) *(.rel.data*) } +- _edata = .; +- _data_size = . - _etext; +- ++ .dynamic : { *(.dynamic) } ++ . = ALIGN(4096); ++ .rel : ++ { ++ *(.rel.data) ++ *(.rel.data.*) ++ *(.rel.got) ++ *(.rel.stab) ++ *(.data.rel.ro.local) ++ *(.data.rel.local) ++ *(.data.rel.ro) ++ *(.data.rel*) ++ } + . = ALIGN(4096); +- .dynsym : { *(.dynsym) } ++ .dynsym : { *(.dynsym) } + . = ALIGN(4096); +- .dynstr : { *(.dynstr) } ++ .dynstr : { *(.dynstr) } + . = ALIGN(4096); + /DISCARD/ : + { +diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds +index 091187b..f981102 100644 +--- a/elf_x86_64_efi.lds ++++ b/elf_x86_64_efi.lds +@@ -4,60 +4,63 @@ OUTPUT_ARCH(i386:x86-64) + ENTRY(_start) + SECTIONS + { +- .text 0x0 : { +- *(.text.head) +- *(.text) +- *(.text.*) +- *(.gnu.linkonce.t.*) +- *(.srodata) +- *(.rodata*) +- . = ALIGN(16); +- _etext = .; ++ . = 0; ++ ImageBase = .; ++ .hash : { *(.hash) } /* this MUST come first! */ ++ . = ALIGN(4096); ++ .eh_frame : ++ { ++ *(.eh_frame) ++ } ++ . = ALIGN(4096); ++ .text : ++ { ++ *(.text) ++ } ++ . = ALIGN(4096); ++ .reloc : ++ { ++ *(.reloc) + } +- .dynamic : { *(.dynamic) } ++ . = ALIGN(4096); + .data : + { +- *(.sdata) +- *(.data) +- *(.data1) +- *(.data.*) +- *(.got.plt) +- *(.got) +- +- /* the EFI loader doesn't seem to like a .bss section, so we stick +- * it all into .data: */ +- . = ALIGN(16); +- _bss = .; +- *(.sbss) +- *(.scommon) +- *(.dynbss) +- *(.bss) +- *(COMMON) +- . = ALIGN(16); +- _bss_end = .; ++ *(.rodata*) ++ *(.got.plt) ++ *(.got) ++ *(.data*) ++ *(.sdata) ++ /* the EFI loader doesn't seem to like a .bss section, so we stick ++ it all into .data: */ ++ *(.sbss) ++ *(.scommon) ++ *(.dynbss) ++ *(.bss) ++ *(COMMON) ++ *(.rel.local) + } + . = ALIGN(4096); + .vendor_cert : + { +- *(.vendor_cert) ++ *(.vendor_cert) + } +- + . = ALIGN(4096); +- .rela.dyn : { *(.rela.dyn) } +- .rela.plt : { *(.rela.plt) } +- .rela.got : { *(.rela.got) } +- .rela.data : { *(.rela.data) *(.rela.data*) } +- _edata = .; +- _data_size = . - _etext; +- ++ .dynamic : { *(.dynamic) } ++ . = ALIGN(4096); ++ .rela : ++ { ++ *(.rela.data*) ++ *(.rela.got) ++ *(.rela.stab) ++ } + . = ALIGN(4096); +- .dynsym : { *(.dynsym) } ++ .dynsym : { *(.dynsym) } + . = ALIGN(4096); +- .dynstr : { *(.dynstr) } ++ .dynstr : { *(.dynstr) } + . = ALIGN(4096); +- /DISCARD/ : ++ .ignored.reloc : + { +- *(.rel.reloc) ++ *(.rela.reloc) + *(.eh_frame) + *(.note.GNU-stack) + } +-- +1.9.3 + diff --git a/SOURCES/0064-Actually-find-the-relocations-correctly-and-process-.patch b/SOURCES/0064-Actually-find-the-relocations-correctly-and-process-.patch new file mode 100644 index 0000000..f9e8c05 --- /dev/null +++ b/SOURCES/0064-Actually-find-the-relocations-correctly-and-process-.patch @@ -0,0 +1,200 @@ +From a846aedd0e9dfe26ca6afaf6a1db8a54c20363c1 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 30 Sep 2014 18:52:59 -0400 +Subject: [PATCH 64/74] Actually find the relocations correctly and process + them that way. + +Find the relocations based on the *file* address in the old binary, +because it's only the same as the virtual address some of the time. + +Also perform some extra validation before processing it, and don't bail +out in /error/ if both ReloceBase and RelocEnd are null - that condition +is fine. + +Signed-off-by: Peter Jones +--- + shim.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 77 insertions(+), 13 deletions(-) + +diff --git a/shim.c b/shim.c +index 7cd4182..4baf8b1 100644 +--- a/shim.c ++++ b/shim.c +@@ -222,6 +222,7 @@ image_is_loadable(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr) + * Perform the actual relocation + */ + static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, ++ EFI_IMAGE_SECTION_HEADER *Section, + void *orig, void *data) + { + EFI_IMAGE_BASE_RELOCATION *RelocBase, *RelocBaseEnd; +@@ -233,14 +234,46 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + UINT64 *Fixup64; + int size = context->ImageSize; + void *ImageEnd = (char *)orig + size; ++ int n = 0; + + if (image_is_64_bit(context->PEHdr)) + context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)(unsigned long)data; + else + context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)(unsigned long)data; + +- RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress); +- RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); ++ /* Alright, so here's how this works: ++ * ++ * context->RelocDir gives us two things: ++ * - the VA the table of base relocation blocks are (maybe) to be ++ * mapped at (RelocDir->VirtualAddress) ++ * - the virtual size (RelocDir->Size) ++ * ++ * The .reloc section (Section here) gives us some other things: ++ * - the name! kind of. (Section->Name) ++ * - the virtual size (Section->VirtualSize), which should be the same ++ * as RelocDir->Size ++ * - the virtual address (Section->VirtualAddress) ++ * - the file section size (Section->SizeOfRawData), which is ++ * a multiple of OptHdr->FileAlignment. Only useful for image ++ * validation, not really useful for iteration bounds. ++ * - the file address (Section->PointerToRawData) ++ * - a bunch of stuff we don't use that's 0 in our binaries usually ++ * - Flags (Section->Characteristics) ++ * ++ * and then the thing that's actually at the file address is an array ++ * of EFI_IMAGE_BASE_RELOCATION structs with some values packed behind ++ * them. The SizeOfBlock field of this structure includes the ++ * structure itself, and adding it to that structure's address will ++ * yield the next entry in the array. ++ */ ++ RelocBase = ImageAddress(orig, size, Section->PointerToRawData); ++ /* RelocBaseEnd here is the address of the first entry /past/ the ++ * table. */ ++ RelocBaseEnd = ImageAddress(orig, size, Section->PointerToRawData + ++ Section->Misc.VirtualSize); ++ ++ if (!RelocBase && !RelocBaseEnd) ++ return EFI_SUCCESS; + + if (!RelocBase || !RelocBaseEnd) { + perror(L"Reloc table overflows binary\n"); +@@ -256,19 +289,19 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION)); + + if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) { +- perror(L"Reloc block size %d is invalid\n", RelocBase->SizeOfBlock); ++ perror(L"Reloc %d block size %d is invalid\n", n, RelocBase->SizeOfBlock); + return EFI_UNSUPPORTED; + } + + RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock); + if ((void *)RelocEnd < orig || (void *)RelocEnd > ImageEnd) { +- perror(L"Reloc entry overflows binary\n"); ++ perror(L"Reloc %d entry overflows binary\n", n); + return EFI_UNSUPPORTED; + } + + FixupBase = ImageAddress(data, size, RelocBase->VirtualAddress); + if (!FixupBase) { +- perror(L"Invalid fixupbase\n"); ++ perror(L"Reloc %d Invalid fixupbase\n", n); + return EFI_UNSUPPORTED; + } + +@@ -317,12 +350,13 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + break; + + default: +- perror(L"Unknown relocation\n"); ++ perror(L"Reloc %d Unknown relocation\n", n); + return EFI_UNSUPPORTED; + } + Reloc += 1; + } + RelocBase = (EFI_IMAGE_BASE_RELOCATION *) RelocEnd; ++ n++; + } + + return EFI_SUCCESS; +@@ -1102,15 +1136,21 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + + CopyMem(buffer, data, context.SizeOfHeaders); + ++ char *RelocBase, *RelocBaseEnd; ++ RelocBase = ImageAddress(buffer, datasize, ++ context.RelocDir->VirtualAddress); ++ /* RelocBaseEnd here is the address of the last byte of the table */ ++ RelocBaseEnd = ImageAddress(buffer, datasize, ++ context.RelocDir->VirtualAddress + ++ context.RelocDir->Size - 1); ++ ++ EFI_IMAGE_SECTION_HEADER *RelocSection = NULL; ++ + /* + * Copy the executable's sections to their desired offsets + */ + Section = context.FirstSection; + for (i = 0; i < context.NumberOfSections; i++, Section++) { +- if (Section->Characteristics & 0x02000000) +- /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */ +- continue; +- + size = Section->Misc.VirtualSize; + + if (size > Section->SizeOfRawData) +@@ -1118,7 +1158,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + + base = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress); + end = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress + size - 1); +- + if (!base || !end) { + perror(L"Invalid section size\n"); + return EFI_UNSUPPORTED; +@@ -1130,6 +1169,30 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + return EFI_UNSUPPORTED; + } + ++ /* We do want to process .reloc, but it's often marked ++ * discardable, so we don't want to memcpy it. */ ++ if (CompareMem(Section->Name, ".reloc\0\0", 8) == 0) { ++ if (RelocSection) { ++ perror(L"Image has multiple relocation sections\n"); ++ return EFI_UNSUPPORTED; ++ } ++ /* If it has nonzero sizes, and our bounds check ++ * made sense, and the VA and size match RelocDir's ++ * versions, then we believe in this section table. */ ++ if (Section->SizeOfRawData && ++ Section->Misc.VirtualSize && ++ base && end && ++ RelocBase == base && ++ RelocBaseEnd == end) { ++ RelocSection = Section; ++ } ++ } ++ ++ if (Section->Characteristics & 0x02000000) { ++ /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */ ++ continue; ++ } ++ + if (Section->SizeOfRawData > 0) + CopyMem(base, data + Section->PointerToRawData, size); + +@@ -1143,11 +1206,12 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + return EFI_UNSUPPORTED; + } + +- if (context.RelocDir->Size) { ++ if (context.RelocDir->Size && RelocSection) { + /* + * Run the relocation fixups + */ +- efi_status = relocate_coff(&context, data, buffer); ++ efi_status = relocate_coff(&context, RelocSection, data, ++ buffer); + + if (efi_status != EFI_SUCCESS) { + perror(L"Relocation failed: %r\n", efi_status); +-- +1.9.3 + diff --git a/SOURCES/0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch b/SOURCES/0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch new file mode 100644 index 0000000..7b48e8f --- /dev/null +++ b/SOURCES/0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch @@ -0,0 +1,90 @@ +From f14119502ee3301e1ae80b5ab7fbe1ba46580e23 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 1 Oct 2014 22:47:20 -0400 +Subject: [PATCH 65/74] Don't append an empty cert list to MokListRT if + vendor_cert_size is 0. + +Signed-off-by: Peter Jones +--- + shim.c | 63 ++++++++++++++++++++++++++++++++++----------------------------- + 1 file changed, 34 insertions(+), 29 deletions(-) + +diff --git a/shim.c b/shim.c +index 4baf8b1..a282ee3 100644 +--- a/shim.c ++++ b/shim.c +@@ -1698,37 +1698,42 @@ EFI_STATUS mirror_mok_list() + if (efi_status != EFI_SUCCESS) + DataSize = 0; + +- FullDataSize = DataSize +- + sizeof (*CertList) +- + sizeof (EFI_GUID) +- + vendor_cert_size +- ; +- FullData = AllocatePool(FullDataSize); +- if (!FullData) { +- perror(L"Failed to allocate space for MokListRT\n"); +- return EFI_OUT_OF_RESOURCES; +- } +- p = FullData; ++ if (vendor_cert_size) { ++ FullDataSize = DataSize ++ + sizeof (*CertList) ++ + sizeof (EFI_GUID) ++ + vendor_cert_size ++ ; ++ FullData = AllocatePool(FullDataSize); ++ if (!FullData) { ++ perror(L"Failed to allocate space for MokListRT\n"); ++ return EFI_OUT_OF_RESOURCES; ++ } ++ p = FullData; + +- if (efi_status == EFI_SUCCESS && DataSize > 0) { +- CopyMem(p, Data, DataSize); +- p += DataSize; ++ if (efi_status == EFI_SUCCESS && DataSize > 0) { ++ CopyMem(p, Data, DataSize); ++ p += DataSize; ++ } ++ CertList = (EFI_SIGNATURE_LIST *)p; ++ p += sizeof (*CertList); ++ CertData = (EFI_SIGNATURE_DATA *)p; ++ p += sizeof (EFI_GUID); ++ ++ CertList->SignatureType = EFI_CERT_X509_GUID; ++ CertList->SignatureListSize = vendor_cert_size ++ + sizeof (*CertList) ++ + sizeof (*CertData) ++ -1; ++ CertList->SignatureHeaderSize = 0; ++ CertList->SignatureSize = vendor_cert_size + sizeof (EFI_GUID); ++ ++ CertData->SignatureOwner = SHIM_LOCK_GUID; ++ CopyMem(p, vendor_cert, vendor_cert_size); ++ } else { ++ FullDataSize = DataSize; ++ FullData = Data; + } +- CertList = (EFI_SIGNATURE_LIST *)p; +- p += sizeof (*CertList); +- CertData = (EFI_SIGNATURE_DATA *)p; +- p += sizeof (EFI_GUID); +- +- CertList->SignatureType = EFI_CERT_X509_GUID; +- CertList->SignatureListSize = vendor_cert_size +- + sizeof (*CertList) +- + sizeof (*CertData) +- -1; +- CertList->SignatureHeaderSize = 0; +- CertList->SignatureSize = vendor_cert_size + sizeof (EFI_GUID); +- +- CertData->SignatureOwner = SHIM_LOCK_GUID; +- CopyMem(p, vendor_cert, vendor_cert_size); + + efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokListRT", + &shim_lock_guid, +-- +1.9.3 + diff --git a/SOURCES/0066-Fix-some-minor-testplan-errors.patch b/SOURCES/0066-Fix-some-minor-testplan-errors.patch new file mode 100644 index 0000000..f304978 --- /dev/null +++ b/SOURCES/0066-Fix-some-minor-testplan-errors.patch @@ -0,0 +1,37 @@ +From aa818fe639f103d9c40fcbc8342edd82ff5d49d2 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 1 Oct 2014 23:42:11 -0400 +Subject: [PATCH 66/74] Fix some minor testplan errors. + +Signed-off-by: Peter Jones +--- + testplan.txt | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/testplan.txt b/testplan.txt +index 2fbf238..ab88781 100644 +--- a/testplan.txt ++++ b/testplan.txt +@@ -12,7 +12,7 @@ How to test a new shim build for RHEL/fedora: + -s -c "Red Hat Test Certificate" + 6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi + cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \ +- /boot/efi/EFI/test/test.efi ++ /boot/efi/EFI/test/grubx64.efi + 7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\ . Also + leave an unsigned copy there: + pesign -i /boot/efi/EFI/redhat/grubx64.efi \ +@@ -38,7 +38,9 @@ How to test a new shim build for RHEL/fedora: + 12) put shim.efi there as well + cp /boot/efi/EFI/test/shim.efi /boot/efi/EFI/BOOT/BOOTX64.EFI + 13) enroll the current kernel's certificate with mokutil: +- mokutil --import ~/redhatsecurebootca2.cer ++ # this should be a /different/ cert than the one signing pesign-test-app. ++ # for instance use a RHEL cert for p-t-a and a fedora cert+kernel here. ++ mokutil --import ~/fedora-ca.cer + 14) put machine in setup mode + 15) boot to the UEFI shell + 16) run lockdown.efi from #4: +-- +1.9.3 + diff --git a/SOURCES/0067-Don-t-verify-images-with-the-empty-build-key.patch b/SOURCES/0067-Don-t-verify-images-with-the-empty-build-key.patch new file mode 100644 index 0000000..9ac183b --- /dev/null +++ b/SOURCES/0067-Don-t-verify-images-with-the-empty-build-key.patch @@ -0,0 +1,31 @@ +From db43ba5a5fcb88e3b0acac0da5737e499be236a2 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 30 Sep 2014 16:13:27 +0800 +Subject: [PATCH 67/74] Don't verify images with the empty build key + +We replaced the build key with an empty file while compiling shim +for our distro. Skip the verification with the empty build key +since this makes no sense. + +Signed-off-by: Gary Ching-Pang Lin +--- + shim.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/shim.c b/shim.c +index a282ee3..8076caa 100644 +--- a/shim.c ++++ b/shim.c +@@ -949,7 +949,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize, + /* + * Check against the shim build key + */ +- if (AuthenticodeVerify(cert->CertData, ++ if (sizeof(shim_cert) && ++ AuthenticodeVerify(cert->CertData, + context->SecDir->Size - sizeof(cert->Hdr), + shim_cert, sizeof(shim_cert), sha256hash, + SHA256_DIGEST_SIZE)) { +-- +1.9.3 + diff --git a/SOURCES/0068-Cryptlib-remove-the-unused-files.patch b/SOURCES/0068-Cryptlib-remove-the-unused-files.patch new file mode 100644 index 0000000..6a1eea2 --- /dev/null +++ b/SOURCES/0068-Cryptlib-remove-the-unused-files.patch @@ -0,0 +1,1265 @@ +From 663a5ca59d8b0037b3d1b445ce93ae3181f03685 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 30 Sep 2014 15:27:19 +0800 +Subject: [PATCH 68/74] Cryptlib: remove the unused files + +I mistakenly added CryptPkcs7VerifyNull.c which may make Pkcs7Verify +always return FALSE. Besides CryptPkcs7VerifyNull.c, there are some +functions we would never use. This commit removes those files to +avoid any potential trouble. + +Signed-off-by: Gary Ching-Pang Lin +--- + Cryptlib/Makefile | 5 +- + Cryptlib/Pk/CryptDh.c | 328 -------------------------------- + Cryptlib/Pk/CryptDhNull.c | 156 +++++++++++++++ + Cryptlib/Pk/CryptPkcs7Sign.c | 207 -------------------- + Cryptlib/Pk/CryptPkcs7VerifyNull.c | 100 ---------- + Cryptlib/Pk/CryptRsaExt.c | 377 ------------------------------------- + Cryptlib/update.sh | 5 +- + 7 files changed, 158 insertions(+), 1020 deletions(-) + delete mode 100644 Cryptlib/Pk/CryptDh.c + create mode 100644 Cryptlib/Pk/CryptDhNull.c + delete mode 100644 Cryptlib/Pk/CryptPkcs7Sign.c + delete mode 100644 Cryptlib/Pk/CryptPkcs7VerifyNull.c + delete mode 100644 Cryptlib/Pk/CryptRsaExt.c + +diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile +index 73a1e2b..9719a27 100644 +--- a/Cryptlib/Makefile ++++ b/Cryptlib/Makefile +@@ -25,13 +25,10 @@ OBJS = Hash/CryptMd4.o \ + Cipher/CryptArc4.o \ + Rand/CryptRand.o \ + Pk/CryptRsaBasic.o \ +- Pk/CryptRsaExt.o \ + Pk/CryptRsaExtNull.o \ +- Pk/CryptPkcs7Sign.o \ + Pk/CryptPkcs7SignNull.o \ + Pk/CryptPkcs7Verify.o \ +- Pk/CryptPkcs7VerifyNull.o \ +- Pk/CryptDh.o \ ++ Pk/CryptDhNull.o \ + Pk/CryptX509.o \ + Pk/CryptAuthenticode.o \ + Pem/CryptPem.o \ +diff --git a/Cryptlib/Pk/CryptDh.c b/Cryptlib/Pk/CryptDh.c +deleted file mode 100644 +index 942b3d1..0000000 +--- a/Cryptlib/Pk/CryptDh.c ++++ /dev/null +@@ -1,328 +0,0 @@ +-/** @file +- Diffie-Hellman Wrapper Implementation over OpenSSL. +- +-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
+-This program and the accompanying materials +-are licensed and made available under the terms and conditions of the BSD License +-which accompanies this distribution. The full text of the license may be found at +-http://opensource.org/licenses/bsd-license.php +- +-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +- +-**/ +- +-#include "InternalCryptLib.h" +-#include +- +- +-/** +- Allocates and Initializes one Diffie-Hellman Context for subsequent use. +- +- @return Pointer to the Diffie-Hellman Context that has been initialized. +- If the allocations fails, DhNew() returns NULL. +- +-**/ +-VOID * +-EFIAPI +-DhNew ( +- VOID +- ) +-{ +- // +- // Allocates & Initializes DH Context by OpenSSL DH_new() +- // +- return (VOID *) DH_new (); +-} +- +-/** +- Release the specified DH context. +- +- If DhContext is NULL, then return FALSE. +- +- @param[in] DhContext Pointer to the DH context to be released. +- +-**/ +-VOID +-EFIAPI +-DhFree ( +- IN VOID *DhContext +- ) +-{ +- // +- // Free OpenSSL DH Context +- // +- DH_free ((DH *) DhContext); +-} +- +-/** +- Generates DH parameter. +- +- Given generator g, and length of prime number p in bits, this function generates p, +- and sets DH context according to value of g and p. +- +- Before this function can be invoked, pseudorandom number generator must be correctly +- initialized by RandomSeed(). +- +- If DhContext is NULL, then return FALSE. +- If Prime is NULL, then return FALSE. +- +- @param[in, out] DhContext Pointer to the DH context. +- @param[in] Generator Value of generator. +- @param[in] PrimeLength Length in bits of prime to be generated. +- @param[out] Prime Pointer to the buffer to receive the generated prime number. +- +- @retval TRUE DH pamameter generation succeeded. +- @retval FALSE Value of Generator is not supported. +- @retval FALSE PRNG fails to generate random prime number with PrimeLength. +- +-**/ +-BOOLEAN +-EFIAPI +-DhGenerateParameter ( +- IN OUT VOID *DhContext, +- IN UINTN Generator, +- IN UINTN PrimeLength, +- OUT UINT8 *Prime +- ) +-{ +- BOOLEAN RetVal; +- +- // +- // Check input parameters. +- // +- if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) { +- return FALSE; +- } +- +- if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) { +- return FALSE; +- } +- +- RetVal = (BOOLEAN) DH_generate_parameters_ex (DhContext, (UINT32) PrimeLength, (UINT32) Generator, NULL); +- if (!RetVal) { +- return FALSE; +- } +- +- BN_bn2bin (((DH *) DhContext)->p, Prime); +- +- return TRUE; +-} +- +-/** +- Sets generator and prime parameters for DH. +- +- Given generator g, and prime number p, this function and sets DH +- context accordingly. +- +- If DhContext is NULL, then return FALSE. +- If Prime is NULL, then return FALSE. +- +- @param[in, out] DhContext Pointer to the DH context. +- @param[in] Generator Value of generator. +- @param[in] PrimeLength Length in bits of prime to be generated. +- @param[in] Prime Pointer to the prime number. +- +- @retval TRUE DH pamameter setting succeeded. +- @retval FALSE Value of Generator is not supported. +- @retval FALSE Value of Generator is not suitable for the Prime. +- @retval FALSE Value of Prime is not a prime number. +- @retval FALSE Value of Prime is not a safe prime number. +- +-**/ +-BOOLEAN +-EFIAPI +-DhSetParameter ( +- IN OUT VOID *DhContext, +- IN UINTN Generator, +- IN UINTN PrimeLength, +- IN CONST UINT8 *Prime +- ) +-{ +- DH *Dh; +- BIGNUM *Bn; +- +- // +- // Check input parameters. +- // +- if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) { +- return FALSE; +- } +- +- if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) { +- return FALSE; +- } +- +- Bn = NULL; +- +- Dh = (DH *) DhContext; +- Dh->g = NULL; +- Dh->p = BN_new (); +- if (Dh->p == NULL) { +- goto Error; +- } +- +- Dh->g = BN_new (); +- if (Dh->g == NULL) { +- goto Error; +- } +- +- Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p); +- if (Bn == NULL) { +- goto Error; +- } +- +- if (BN_set_word (Dh->g, (UINT32) Generator) == 0) { +- goto Error; +- } +- +- return TRUE; +- +-Error: +- +- if (Dh->p != NULL) { +- BN_free (Dh->p); +- } +- +- if (Dh->g != NULL) { +- BN_free (Dh->g); +- } +- +- if (Bn != NULL) { +- BN_free (Bn); +- } +- +- return FALSE; +-} +- +-/** +- Generates DH public key. +- +- This function generates random secret exponent, and computes the public key, which is +- returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly. +- If the PublicKey buffer is too small to hold the public key, FALSE is returned and +- PublicKeySize is set to the required buffer size to obtain the public key. +- +- If DhContext is NULL, then return FALSE. +- If PublicKeySize is NULL, then return FALSE. +- If PublicKeySize is large enough but PublicKey is NULL, then return FALSE. +- +- @param[in, out] DhContext Pointer to the DH context. +- @param[out] PublicKey Pointer to the buffer to receive generated public key. +- @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes. +- On output, the size of data returned in PublicKey buffer in bytes. +- +- @retval TRUE DH public key generation succeeded. +- @retval FALSE DH public key generation failed. +- @retval FALSE PublicKeySize is not large enough. +- +-**/ +-BOOLEAN +-EFIAPI +-DhGenerateKey ( +- IN OUT VOID *DhContext, +- OUT UINT8 *PublicKey, +- IN OUT UINTN *PublicKeySize +- ) +-{ +- BOOLEAN RetVal; +- DH *Dh; +- INTN Size; +- +- // +- // Check input parameters. +- // +- if (DhContext == NULL || PublicKeySize == NULL) { +- return FALSE; +- } +- +- if (PublicKey == NULL && *PublicKeySize != 0) { +- return FALSE; +- } +- +- Dh = (DH *) DhContext; +- +- RetVal = (BOOLEAN) DH_generate_key (DhContext); +- if (RetVal) { +- Size = BN_num_bytes (Dh->pub_key); +- if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) { +- *PublicKeySize = Size; +- return FALSE; +- } +- +- BN_bn2bin (Dh->pub_key, PublicKey); +- *PublicKeySize = Size; +- } +- +- return RetVal; +-} +- +-/** +- Computes exchanged common key. +- +- Given peer's public key, this function computes the exchanged common key, based on its own +- context including value of prime modulus and random secret exponent. +- +- If DhContext is NULL, then return FALSE. +- If PeerPublicKey is NULL, then return FALSE. +- If KeySize is NULL, then return FALSE. +- If Key is NULL, then return FALSE. +- If KeySize is not large enough, then return FALSE. +- +- @param[in, out] DhContext Pointer to the DH context. +- @param[in] PeerPublicKey Pointer to the peer's public key. +- @param[in] PeerPublicKeySize Size of peer's public key in bytes. +- @param[out] Key Pointer to the buffer to receive generated key. +- @param[in, out] KeySize On input, the size of Key buffer in bytes. +- On output, the size of data returned in Key buffer in bytes. +- +- @retval TRUE DH exchanged key generation succeeded. +- @retval FALSE DH exchanged key generation failed. +- @retval FALSE KeySize is not large enough. +- +-**/ +-BOOLEAN +-EFIAPI +-DhComputeKey ( +- IN OUT VOID *DhContext, +- IN CONST UINT8 *PeerPublicKey, +- IN UINTN PeerPublicKeySize, +- OUT UINT8 *Key, +- IN OUT UINTN *KeySize +- ) +-{ +- BIGNUM *Bn; +- INTN Size; +- +- // +- // Check input parameters. +- // +- if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) { +- return FALSE; +- } +- +- if (PeerPublicKeySize > INT_MAX) { +- return FALSE; +- } +- +- Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL); +- if (Bn == NULL) { +- return FALSE; +- } +- +- Size = DH_compute_key (Key, Bn, DhContext); +- if (Size < 0) { +- BN_free (Bn); +- return FALSE; +- } +- +- if (*KeySize < (UINTN) Size) { +- *KeySize = Size; +- BN_free (Bn); +- return FALSE; +- } +- +- *KeySize = Size; +- BN_free (Bn); +- return TRUE; +-} +diff --git a/Cryptlib/Pk/CryptDhNull.c b/Cryptlib/Pk/CryptDhNull.c +new file mode 100644 +index 0000000..35045db +--- /dev/null ++++ b/Cryptlib/Pk/CryptDhNull.c +@@ -0,0 +1,156 @@ ++/** @file ++ Diffie-Hellman Wrapper Implementation which does not provide ++ real capabilities. ++ ++Copyright (c) 2012, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include "InternalCryptLib.h" ++ ++/** ++ Allocates and Initializes one Diffie-Hellman Context for subsequent use. ++ ++ @return Pointer to the Diffie-Hellman Context that has been initialized. ++ If the interface is not supported, DhNew() returns NULL. ++ ++**/ ++VOID * ++EFIAPI ++DhNew ( ++ VOID ++ ) ++{ ++ ASSERT (FALSE); ++ return NULL; ++} ++ ++/** ++ Release the specified DH context. ++ ++ If the interface is not supported, then ASSERT(). ++ ++ @param[in] DhContext Pointer to the DH context to be released. ++ ++**/ ++VOID ++EFIAPI ++DhFree ( ++ IN VOID *DhContext ++ ) ++{ ++ ASSERT (FALSE); ++} ++ ++/** ++ Generates DH parameter. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in, out] DhContext Pointer to the DH context. ++ @param[in] Generator Value of generator. ++ @param[in] PrimeLength Length in bits of prime to be generated. ++ @param[out] Prime Pointer to the buffer to receive the generated prime number. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++DhGenerateParameter ( ++ IN OUT VOID *DhContext, ++ IN UINTN Generator, ++ IN UINTN PrimeLength, ++ OUT UINT8 *Prime ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++/** ++ Sets generator and prime parameters for DH. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in, out] DhContext Pointer to the DH context. ++ @param[in] Generator Value of generator. ++ @param[in] PrimeLength Length in bits of prime to be generated. ++ @param[in] Prime Pointer to the prime number. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++DhSetParameter ( ++ IN OUT VOID *DhContext, ++ IN UINTN Generator, ++ IN UINTN PrimeLength, ++ IN CONST UINT8 *Prime ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++/** ++ Generates DH public key. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in, out] DhContext Pointer to the DH context. ++ @param[out] PublicKey Pointer to the buffer to receive generated public key. ++ @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes. ++ On output, the size of data returned in PublicKey buffer in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++DhGenerateKey ( ++ IN OUT VOID *DhContext, ++ OUT UINT8 *PublicKey, ++ IN OUT UINTN *PublicKeySize ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++/** ++ Computes exchanged common key. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in, out] DhContext Pointer to the DH context. ++ @param[in] PeerPublicKey Pointer to the peer's public key. ++ @param[in] PeerPublicKeySize Size of peer's public key in bytes. ++ @param[out] Key Pointer to the buffer to receive generated key. ++ @param[in, out] KeySize On input, the size of Key buffer in bytes. ++ On output, the size of data returned in Key buffer in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++DhComputeKey ( ++ IN OUT VOID *DhContext, ++ IN CONST UINT8 *PeerPublicKey, ++ IN UINTN PeerPublicKeySize, ++ OUT UINT8 *Key, ++ IN OUT UINTN *KeySize ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} +diff --git a/Cryptlib/Pk/CryptPkcs7Sign.c b/Cryptlib/Pk/CryptPkcs7Sign.c +deleted file mode 100644 +index 63fe78f..0000000 +--- a/Cryptlib/Pk/CryptPkcs7Sign.c ++++ /dev/null +@@ -1,207 +0,0 @@ +-/** @file +- PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL. +- +-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
+-This program and the accompanying materials +-are licensed and made available under the terms and conditions of the BSD License +-which accompanies this distribution. The full text of the license may be found at +-http://opensource.org/licenses/bsd-license.php +- +-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +- +-**/ +- +-#include "InternalCryptLib.h" +- +-#include +-#include +-#include +- +- +-/** +- Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message +- Syntax Standard, version 1.5". This interface is only intended to be used for +- application to perform PKCS#7 functionality validation. +- +- @param[in] PrivateKey Pointer to the PEM-formatted private key data for +- data signing. +- @param[in] PrivateKeySize Size of the PEM private key data in bytes. +- @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM +- key data. +- @param[in] InData Pointer to the content to be signed. +- @param[in] InDataSize Size of InData in bytes. +- @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. +- @param[in] OtherCerts Pointer to an optional additional set of certificates to +- include in the PKCS#7 signedData (e.g. any intermediate +- CAs in the chain). +- @param[out] SignedData Pointer to output PKCS#7 signedData. +- @param[out] SignedDataSize Size of SignedData in bytes. +- +- @retval TRUE PKCS#7 data signing succeeded. +- @retval FALSE PKCS#7 data signing failed. +- +-**/ +-BOOLEAN +-EFIAPI +-Pkcs7Sign ( +- IN CONST UINT8 *PrivateKey, +- IN UINTN PrivateKeySize, +- IN CONST UINT8 *KeyPassword, +- IN UINT8 *InData, +- IN UINTN InDataSize, +- IN UINT8 *SignCert, +- IN UINT8 *OtherCerts OPTIONAL, +- OUT UINT8 **SignedData, +- OUT UINTN *SignedDataSize +- ) +-{ +- BOOLEAN Status; +- EVP_PKEY *Key; +- BIO *DataBio; +- PKCS7 *Pkcs7; +- UINT8 *RsaContext; +- UINT8 *P7Data; +- UINTN P7DataSize; +- UINT8 *Tmp; +- +- // +- // Check input parameters. +- // +- if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL || +- SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) { +- return FALSE; +- } +- +- RsaContext = NULL; +- Key = NULL; +- Pkcs7 = NULL; +- DataBio = NULL; +- Status = FALSE; +- +- // +- // Retrieve RSA private key from PEM data. +- // +- Status = RsaGetPrivateKeyFromPem ( +- PrivateKey, +- PrivateKeySize, +- (CONST CHAR8 *) KeyPassword, +- (VOID **) &RsaContext +- ); +- if (!Status) { +- return Status; +- } +- +- Status = FALSE; +- +- // +- // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling +- // +- if (EVP_add_digest (EVP_md5 ()) == 0) { +- goto _Exit; +- } +- if (EVP_add_digest (EVP_sha1 ()) == 0) { +- goto _Exit; +- } +- if (EVP_add_digest (EVP_sha256 ()) == 0) { +- goto _Exit; +- } +- +- RandomSeed (NULL, 0); +- +- // +- // Construct OpenSSL EVP_PKEY for private key. +- // +- Key = EVP_PKEY_new (); +- if (Key == NULL) { +- goto _Exit; +- } +- Key->save_type = EVP_PKEY_RSA; +- Key->type = EVP_PKEY_type (EVP_PKEY_RSA); +- Key->pkey.rsa = (RSA *) RsaContext; +- +- // +- // Convert the data to be signed to BIO format. +- // +- DataBio = BIO_new (BIO_s_mem ()); +- if (DataBio == NULL) { +- goto _Exit; +- } +- +- if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) { +- goto _Exit; +- } +- +- // +- // Create the PKCS#7 signedData structure. +- // +- Pkcs7 = PKCS7_sign ( +- (X509 *) SignCert, +- Key, +- (STACK_OF(X509) *) OtherCerts, +- DataBio, +- PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED +- ); +- if (Pkcs7 == NULL) { +- goto _Exit; +- } +- +- // +- // Convert PKCS#7 signedData structure into DER-encoded buffer. +- // +- P7DataSize = i2d_PKCS7 (Pkcs7, NULL); +- if (P7DataSize <= 19) { +- goto _Exit; +- } +- +- P7Data = malloc (P7DataSize); +- if (P7Data == NULL) { +- goto _Exit; +- } +- +- Tmp = P7Data; +- P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp); +- ASSERT (P7DataSize > 19); +- +- // +- // Strip ContentInfo to content only for signeddata. The data be trimmed off +- // is totally 19 bytes. +- // +- *SignedDataSize = P7DataSize - 19; +- *SignedData = malloc (*SignedDataSize); +- if (*SignedData == NULL) { +- OPENSSL_free (P7Data); +- goto _Exit; +- } +- +- CopyMem (*SignedData, P7Data + 19, *SignedDataSize); +- +- OPENSSL_free (P7Data); +- +- Status = TRUE; +- +-_Exit: +- // +- // Release Resources +- // +- if (RsaContext != NULL) { +- RsaFree (RsaContext); +- if (Key != NULL) { +- Key->pkey.rsa = NULL; +- } +- } +- +- if (Key != NULL) { +- EVP_PKEY_free (Key); +- } +- +- if (DataBio != NULL) { +- BIO_free (DataBio); +- } +- +- if (Pkcs7 != NULL) { +- PKCS7_free (Pkcs7); +- } +- +- return Status; +-} +diff --git a/Cryptlib/Pk/CryptPkcs7VerifyNull.c b/Cryptlib/Pk/CryptPkcs7VerifyNull.c +deleted file mode 100644 +index 9a4c77a..0000000 +--- a/Cryptlib/Pk/CryptPkcs7VerifyNull.c ++++ /dev/null +@@ -1,100 +0,0 @@ +-/** @file +- PKCS#7 SignedData Verification Wrapper Implementation which does not provide +- real capabilities. +- +-Copyright (c) 2012, Intel Corporation. All rights reserved.
+-This program and the accompanying materials +-are licensed and made available under the terms and conditions of the BSD License +-which accompanies this distribution. The full text of the license may be found at +-http://opensource.org/licenses/bsd-license.php +- +-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +- +-**/ +- +-#include "InternalCryptLib.h" +- +-/** +- Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: +- Cryptographic Message Syntax Standard". The input signed data could be wrapped +- in a ContentInfo structure. +- +- Return FALSE to indicate this interface is not supported. +- +- @param[in] P7Data Pointer to the PKCS#7 message to verify. +- @param[in] P7Length Length of the PKCS#7 message in bytes. +- @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. +- It's caller's responsiblity to free the buffer. +- @param[out] StackLength Length of signer's certificates in bytes. +- @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. +- It's caller's responsiblity to free the buffer. +- @param[out] CertLength Length of the trusted certificate in bytes. +- +- @retval FALSE This interface is not supported. +- +-**/ +-BOOLEAN +-EFIAPI +-Pkcs7GetSigners ( +- IN CONST UINT8 *P7Data, +- IN UINTN P7Length, +- OUT UINT8 **CertStack, +- OUT UINTN *StackLength, +- OUT UINT8 **TrustedCert, +- OUT UINTN *CertLength +- ) +-{ +- ASSERT (FALSE); +- return FALSE; +-} +- +-/** +- Wrap function to use free() to free allocated memory for certificates. +- +- If the interface is not supported, then ASSERT(). +- +- @param[in] Certs Pointer to the certificates to be freed. +- +-**/ +-VOID +-EFIAPI +-Pkcs7FreeSigners ( +- IN UINT8 *Certs +- ) +-{ +- ASSERT (FALSE); +-} +- +-/** +- Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: +- Cryptographic Message Syntax Standard". The input signed data could be wrapped +- in a ContentInfo structure. +- +- Return FALSE to indicate this interface is not supported. +- +- @param[in] P7Data Pointer to the PKCS#7 message to verify. +- @param[in] P7Length Length of the PKCS#7 message in bytes. +- @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which +- is used for certificate chain verification. +- @param[in] CertLength Length of the trusted certificate in bytes. +- @param[in] InData Pointer to the content to be verified. +- @param[in] DataLength Length of InData in bytes. +- +- @retval FALSE This interface is not supported. +- +-**/ +-BOOLEAN +-EFIAPI +-Pkcs7Verify ( +- IN CONST UINT8 *P7Data, +- IN UINTN P7Length, +- IN CONST UINT8 *TrustedCert, +- IN UINTN CertLength, +- IN CONST UINT8 *InData, +- IN UINTN DataLength +- ) +-{ +- ASSERT (FALSE); +- return FALSE; +-} +diff --git a/Cryptlib/Pk/CryptRsaExt.c b/Cryptlib/Pk/CryptRsaExt.c +deleted file mode 100644 +index 5c21d12..0000000 +--- a/Cryptlib/Pk/CryptRsaExt.c ++++ /dev/null +@@ -1,377 +0,0 @@ +-/** @file +- RSA Asymmetric Cipher Wrapper Implementation over OpenSSL. +- +- This file implements following APIs which provide more capabilities for RSA: +- 1) RsaGetKey +- 2) RsaGenerateKey +- 3) RsaCheckKey +- 4) RsaPkcs1Sign +- +-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
+-This program and the accompanying materials +-are licensed and made available under the terms and conditions of the BSD License +-which accompanies this distribution. The full text of the license may be found at +-http://opensource.org/licenses/bsd-license.php +- +-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +- +-**/ +- +-#include "InternalCryptLib.h" +- +-#include +-#include +-#include +- +-/** +- Gets the tag-designated RSA key component from the established RSA context. +- +- This function retrieves the tag-designated RSA key component from the +- established RSA context as a non-negative integer (octet string format +- represented in RSA PKCS#1). +- If specified key component has not been set or has been cleared, then returned +- BnSize is set to 0. +- If the BigNumber buffer is too small to hold the contents of the key, FALSE +- is returned and BnSize is set to the required buffer size to obtain the key. +- +- If RsaContext is NULL, then return FALSE. +- If BnSize is NULL, then return FALSE. +- If BnSize is large enough but BigNumber is NULL, then return FALSE. +- +- @param[in, out] RsaContext Pointer to RSA context being set. +- @param[in] KeyTag Tag of RSA key component being set. +- @param[out] BigNumber Pointer to octet integer buffer. +- @param[in, out] BnSize On input, the size of big number buffer in bytes. +- On output, the size of data returned in big number buffer in bytes. +- +- @retval TRUE RSA key component was retrieved successfully. +- @retval FALSE Invalid RSA key component tag. +- @retval FALSE BnSize is too small. +- +-**/ +-BOOLEAN +-EFIAPI +-RsaGetKey ( +- IN OUT VOID *RsaContext, +- IN RSA_KEY_TAG KeyTag, +- OUT UINT8 *BigNumber, +- IN OUT UINTN *BnSize +- ) +-{ +- RSA *RsaKey; +- BIGNUM *BnKey; +- UINTN Size; +- +- // +- // Check input parameters. +- // +- if (RsaContext == NULL || BnSize == NULL) { +- return FALSE; +- } +- +- RsaKey = (RSA *) RsaContext; +- Size = *BnSize; +- *BnSize = 0; +- +- switch (KeyTag) { +- +- // +- // RSA Public Modulus (N) +- // +- case RsaKeyN: +- if (RsaKey->n == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->n; +- break; +- +- // +- // RSA Public Exponent (e) +- // +- case RsaKeyE: +- if (RsaKey->e == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->e; +- break; +- +- // +- // RSA Private Exponent (d) +- // +- case RsaKeyD: +- if (RsaKey->d == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->d; +- break; +- +- // +- // RSA Secret Prime Factor of Modulus (p) +- // +- case RsaKeyP: +- if (RsaKey->p == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->p; +- break; +- +- // +- // RSA Secret Prime Factor of Modules (q) +- // +- case RsaKeyQ: +- if (RsaKey->q == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->q; +- break; +- +- // +- // p's CRT Exponent (== d mod (p - 1)) +- // +- case RsaKeyDp: +- if (RsaKey->dmp1 == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->dmp1; +- break; +- +- // +- // q's CRT Exponent (== d mod (q - 1)) +- // +- case RsaKeyDq: +- if (RsaKey->dmq1 == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->dmq1; +- break; +- +- // +- // The CRT Coefficient (== 1/q mod p) +- // +- case RsaKeyQInv: +- if (RsaKey->iqmp == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->iqmp; +- break; +- +- default: +- return FALSE; +- } +- +- *BnSize = Size; +- Size = BN_num_bytes (BnKey); +- +- if (*BnSize < Size) { +- *BnSize = Size; +- return FALSE; +- } +- +- if (BigNumber == NULL) { +- return FALSE; +- } +- *BnSize = BN_bn2bin (BnKey, BigNumber) ; +- +- return TRUE; +-} +- +-/** +- Generates RSA key components. +- +- This function generates RSA key components. It takes RSA public exponent E and +- length in bits of RSA modulus N as input, and generates all key components. +- If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used. +- +- Before this function can be invoked, pseudorandom number generator must be correctly +- initialized by RandomSeed(). +- +- If RsaContext is NULL, then return FALSE. +- +- @param[in, out] RsaContext Pointer to RSA context being set. +- @param[in] ModulusLength Length of RSA modulus N in bits. +- @param[in] PublicExponent Pointer to RSA public exponent. +- @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. +- +- @retval TRUE RSA key component was generated successfully. +- @retval FALSE Invalid RSA key component tag. +- +-**/ +-BOOLEAN +-EFIAPI +-RsaGenerateKey ( +- IN OUT VOID *RsaContext, +- IN UINTN ModulusLength, +- IN CONST UINT8 *PublicExponent, +- IN UINTN PublicExponentSize +- ) +-{ +- BIGNUM *KeyE; +- BOOLEAN RetVal; +- +- // +- // Check input parameters. +- // +- if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) { +- return FALSE; +- } +- +- KeyE = BN_new (); +- if (KeyE == NULL) { +- return FALSE; +- } +- +- RetVal = FALSE; +- +- if (PublicExponent == NULL) { +- if (BN_set_word (KeyE, 0x10001) == 0) { +- goto _Exit; +- } +- } else { +- if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) { +- goto _Exit; +- } +- } +- +- if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) { +- RetVal = TRUE; +- } +- +-_Exit: +- BN_free (KeyE); +- return RetVal; +-} +- +-/** +- Validates key components of RSA context. +- +- This function validates key compoents of RSA context in following aspects: +- - Whether p is a prime +- - Whether q is a prime +- - Whether n = p * q +- - Whether d*e = 1 mod lcm(p-1,q-1) +- +- If RsaContext is NULL, then return FALSE. +- +- @param[in] RsaContext Pointer to RSA context to check. +- +- @retval TRUE RSA key components are valid. +- @retval FALSE RSA key components are not valid. +- +-**/ +-BOOLEAN +-EFIAPI +-RsaCheckKey ( +- IN VOID *RsaContext +- ) +-{ +- UINTN Reason; +- +- // +- // Check input parameters. +- // +- if (RsaContext == NULL) { +- return FALSE; +- } +- +- if (RSA_check_key ((RSA *) RsaContext) != 1) { +- Reason = ERR_GET_REASON (ERR_peek_last_error ()); +- if (Reason == RSA_R_P_NOT_PRIME || +- Reason == RSA_R_Q_NOT_PRIME || +- Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q || +- Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) { +- return FALSE; +- } +- } +- +- return TRUE; +-} +- +-/** +- Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme. +- +- This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in +- RSA PKCS#1. +- If the Signature buffer is too small to hold the contents of signature, FALSE +- is returned and SigSize is set to the required buffer size to obtain the signature. +- +- If RsaContext is NULL, then return FALSE. +- If MessageHash is NULL, then return FALSE. +- If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. +- If SigSize is large enough but Signature is NULL, then return FALSE. +- +- @param[in] RsaContext Pointer to RSA context for signature generation. +- @param[in] MessageHash Pointer to octet message hash to be signed. +- @param[in] HashSize Size of the message hash in bytes. +- @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature. +- @param[in, out] SigSize On input, the size of Signature buffer in bytes. +- On output, the size of data returned in Signature buffer in bytes. +- +- @retval TRUE Signature successfully generated in PKCS1-v1_5. +- @retval FALSE Signature generation failed. +- @retval FALSE SigSize is too small. +- +-**/ +-BOOLEAN +-EFIAPI +-RsaPkcs1Sign ( +- IN VOID *RsaContext, +- IN CONST UINT8 *MessageHash, +- IN UINTN HashSize, +- OUT UINT8 *Signature, +- IN OUT UINTN *SigSize +- ) +-{ +- RSA *Rsa; +- UINTN Size; +- INT32 DigestType; +- +- // +- // Check input parameters. +- // +- if (RsaContext == NULL || MessageHash == NULL) { +- return FALSE; +- } +- +- Rsa = (RSA *) RsaContext; +- Size = BN_num_bytes (Rsa->n); +- +- if (*SigSize < Size) { +- *SigSize = Size; +- return FALSE; +- } +- +- if (Signature == NULL) { +- return FALSE; +- } +- +- // +- // Determine the message digest algorithm according to digest size. +- // Only MD5, SHA-1 or SHA-256 algorithm is supported. +- // +- switch (HashSize) { +- case MD5_DIGEST_SIZE: +- DigestType = NID_md5; +- break; +- +- case SHA1_DIGEST_SIZE: +- DigestType = NID_sha1; +- break; +- +- case SHA256_DIGEST_SIZE: +- DigestType = NID_sha256; +- break; +- +- default: +- return FALSE; +- } +- +- return (BOOLEAN) RSA_sign ( +- DigestType, +- MessageHash, +- (UINT32) HashSize, +- Signature, +- (UINT32 *) SigSize, +- (RSA *) RsaContext +- ); +-} +diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh +index 57b6631..0e34db9 100755 +--- a/Cryptlib/update.sh ++++ b/Cryptlib/update.sh +@@ -14,13 +14,10 @@ cp $DIR/Cipher/CryptTdes.c Cipher/CryptTdes.c + cp $DIR/Cipher/CryptArc4.c Cipher/CryptArc4.c + cp $DIR/Rand/CryptRand.c Rand/CryptRand.c + cp $DIR/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c +-cp $DIR/Pk/CryptRsaExt.c Pk/CryptRsaExt.c + cp $DIR/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c +-cp $DIR/Pk/CryptPkcs7Sign.c Pk/CryptPkcs7Sign.c + cp $DIR/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c + cp $DIR/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c +-cp $DIR/Pk/CryptPkcs7VerifyNull.c Pk/CryptPkcs7VerifyNull.c +-cp $DIR/Pk/CryptDh.c Pk/CryptDh.c ++cp $DIR/Pk/CryptDhNull.c Pk/CryptDhNull.c + cp $DIR/Pk/CryptX509.c Pk/CryptX509.c + cp $DIR/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c + cp $DIR/Pem/CryptPem.c Pem/CryptPem.c +-- +1.9.3 + diff --git a/SOURCES/0069-Another-testplan-error.patch b/SOURCES/0069-Another-testplan-error.patch new file mode 100644 index 0000000..e3475b6 --- /dev/null +++ b/SOURCES/0069-Another-testplan-error.patch @@ -0,0 +1,71 @@ +From a2e66ece4d6b46ba2195cef76913c42177e6b4a2 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 2 Oct 2014 01:01:17 -0400 +Subject: [PATCH 69/74] Another testplan error. + +Signed-off-by: Peter Jones +--- + testplan.txt | 24 +++++++++++------------- + 1 file changed, 11 insertions(+), 13 deletions(-) + +diff --git a/testplan.txt b/testplan.txt +index ab88781..0b0569e 100644 +--- a/testplan.txt ++++ b/testplan.txt +@@ -47,27 +47,25 @@ How to test a new shim build for RHEL/fedora: + fs0:\EFI\test\lockdown.efi + 17) enable secure boot verification + 18) verify it can't run other binaries: +- fs0:\EFI\redhat\grubx64.efi ++ fs0:\EFI\test\grubx64.efi + result should be an error, probably similar to: + "fs0:\...\grubx64.efi is not recognized as an internal or external command" +-19) copy test.efi to grubx64.efi: +- cp \EFI\test\test.efi \EFI\test\grubx64.efi +-20) in the EFI shell, run fs0:\EFI\test\shim.efi +-21) you should see MokManager. Enroll the certificate you added in #13, and ++19) in the EFI shell, run fs0:\EFI\test\shim.efi ++20) you should see MokManager. Enroll the certificate you added in #13, and + the system will reboot. +-22) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi ++21) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi + result: "This is a test application that should be completely safe." + If you get the expected result, shim can run things signed by its internal + key ring. Check a box someplace that says it can do that. +-23) from the EFI shell, copy grub to grubx64.efi: ++22) from the EFI shell, copy grub to grubx64.efi: + cp \EFI\test\grub.efi \EFI\test\grubx64.efi +-24) in the EFI shell, run fs0:\EFI\test\shim.efi ++23) in the EFI shell, run fs0:\EFI\test\shim.efi + result: this should start grub, which will let you boot a kernel + If grub starts, it means shim can run things signed by a key in the system's + db. Check a box someplace that says it can do that. + If the kernel boots, it means shim can run things from Mok. Check a box + someplace that says it can do that. +-25) remove all boot entries and the BootOrder variable: ++24) remove all boot entries and the BootOrder variable: + [root@uefi ~]# cd /sys/firmware/efi/efivars/ + [root@uefi efivars]# rm -vf Boot[0123456789]* BootOrder-* + removed ‘Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c’ +@@ -76,14 +74,14 @@ How to test a new shim build for RHEL/fedora: + removed ‘Boot2001-8be4df61-93ca-11d2-aa0d-00e098032b8c’ + removed ‘BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c’ + [root@uefi efivars]# +-27) reboot +-28) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just ++25) reboot ++26) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just + have an old machine. In that case, go to the EFI shell and run: + fs0:\EFI\BOOT\BOOTX64.EFI + If this works, you should see a bit of output very quickly and then the same + thing as #24. This means shim recognized it was in \EFI\BOOT and ran + fallback.efi, which worked. +-29) copy the unsigned grub into place and reboot: ++27) copy the unsigned grub into place and reboot: + cp /boot/efi/EFI/test/grubx64-unsigned.efi /boot/efi/EFI/test/grubx64.efi +-30) reboot again. ++28) reboot again. + result: shim should refuse to load grub. +-- +1.9.3 + diff --git a/SOURCES/0070-shim-buffer-overflow-on-ipv6-option-parsing.patch b/SOURCES/0070-shim-buffer-overflow-on-ipv6-option-parsing.patch new file mode 100644 index 0000000..a61889e --- /dev/null +++ b/SOURCES/0070-shim-buffer-overflow-on-ipv6-option-parsing.patch @@ -0,0 +1,173 @@ +From e253c2a2c07bc526de1528ed9839b2b584025fa2 Mon Sep 17 00:00:00 2001 +From: Sebastian Krahmer +Date: Tue, 29 Jul 2014 09:55:00 +0000 +Subject: [PATCH 70/74] shim buffer overflow on ipv6 option parsing + +--- + netboot.c | 102 ++++++++++++++++++++++++++++++++++++++------------------------ + 1 file changed, 62 insertions(+), 40 deletions(-) + +diff --git a/netboot.c b/netboot.c +index 238937d..f884cba 100644 +--- a/netboot.c ++++ b/netboot.c +@@ -108,29 +108,34 @@ BOOLEAN findNetboot(EFI_HANDLE device) + + static CHAR8 *get_v6_bootfile_url(EFI_PXE_BASE_CODE_DHCPV6_PACKET *pkt) + { +- void *optr; +- EFI_DHCP6_PACKET_OPTION *option; +- CHAR8 *url; +- UINT32 urllen; ++ void *optr = NULL, *end = NULL; ++ EFI_DHCP6_PACKET_OPTION *option = NULL; ++ CHAR8 *url = NULL; ++ UINT32 urllen = 0; + + optr = pkt->DhcpOptions; ++ end = optr + sizeof(pkt->DhcpOptions); + +- for(;;) { ++ for (;;) { + option = (EFI_DHCP6_PACKET_OPTION *)optr; + + if (ntohs(option->OpCode) == 0) +- return NULL; ++ break; + + if (ntohs(option->OpCode) == 59) { + /* This is the bootfile url option */ + urllen = ntohs(option->Length); +- url = AllocateZeroPool(urllen+1); ++ if ((void *)(option->Data + urllen) > end) ++ break; ++ url = AllocateZeroPool(urllen + 1); + if (!url) +- return NULL; ++ break; + memcpy(url, option->Data, urllen); + return url; + } + optr += 4 + ntohs(option->Length); ++ if (optr + sizeof(EFI_DHCP6_PACKET_OPTION) > end) ++ break; + } + + return NULL; +@@ -156,45 +161,60 @@ static CHAR16 str2ns(CHAR8 *str) + + static CHAR8 *str2ip6(CHAR8 *str) + { +- UINT8 i, j, p; +- size_t len; +- CHAR8 *a, *b, t; +- static UINT16 ip[8]; ++ UINT8 i = 0, j = 0, p = 0; ++ size_t len = 0, dotcount = 0; ++ enum { MAX_IP6_DOTS = 7 }; ++ CHAR8 *a = NULL, *b = NULL, t = 0; ++ static UINT16 ip[8]; + +- for(i=0; i < 8; i++) { +- ip[i] = 0; +- } +- len = strlen(str); +- a = b = str; +- for(i=p=0; i < len; i++, b++) { +- if (*b != ':') +- continue; +- *b = '\0'; +- ip[p++] = str2ns(a); +- *b = ':'; +- a = b + 1; +- if ( *(b+1) == ':' ) +- break; +- } +- a = b = (str + len); +- for(j=len, p=7; j > i; j--, a--) { +- if (*a != ':') +- continue; +- t = *b; +- *b = '\0'; +- ip[p--] = str2ns(a+1); +- *b = t; +- b = a; +- } +- return (CHAR8 *)ip; ++ memset(ip, 0, sizeof(ip)); ++ ++ /* Count amount of ':' to prevent overflows. ++ * max. count = 7. Returns an invalid ip6 that ++ * can be checked against ++ */ ++ for (a = str; *a != 0; ++a) { ++ if (*a == ':') ++ ++dotcount; ++ } ++ if (dotcount > MAX_IP6_DOTS) ++ return (CHAR8 *)ip; ++ ++ len = strlen(str); ++ a = b = str; ++ for (i = p = 0; i < len; i++, b++) { ++ if (*b != ':') ++ continue; ++ *b = '\0'; ++ ip[p++] = str2ns(a); ++ *b = ':'; ++ a = b + 1; ++ if (b[1] == ':' ) ++ break; ++ } ++ a = b = (str + len); ++ for (j = len, p = 7; j > i; j--, a--) { ++ if (*a != ':') ++ continue; ++ t = *b; ++ *b = '\0'; ++ ip[p--] = str2ns(a+1); ++ *b = t; ++ b = a; ++ } ++ return (CHAR8 *)ip; + } + + static BOOLEAN extract_tftp_info(CHAR8 *url) + { + CHAR8 *start, *end; + CHAR8 ip6str[40]; ++ CHAR8 ip6inv[16]; + CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR); + ++ // to check against str2ip6() errors ++ memset(ip6inv, 0, sizeof(ip6inv)); ++ + if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) { + Print(L"URLS MUST START WITH tftp://\n"); + return FALSE; +@@ -209,7 +229,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url) + end = start; + while ((*end != '\0') && (*end != ']')) { + end++; +- if (end - start > 39) { ++ if (end - start >= (int)sizeof(ip6str)) { + Print(L"TFTP URL includes malformed IPv6 address\n"); + return FALSE; + } +@@ -218,10 +238,12 @@ static BOOLEAN extract_tftp_info(CHAR8 *url) + Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n"); + return FALSE; + } +- memset(ip6str, 0, 40); ++ memset(ip6str, 0, sizeof(ip6str)); + memcpy(ip6str, start, end - start); + end++; + memcpy(&tftp_addr.v6, str2ip6(ip6str), 16); ++ if (memcmp(&tftp_addr.v6, ip6inv, sizeof(ip6inv)) == 0) ++ return FALSE; + full_path = AllocateZeroPool(strlen(end)+strlen(template)+1); + if (!full_path) + return FALSE; +-- +1.9.3 + diff --git a/SOURCES/0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch b/SOURCES/0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch new file mode 100644 index 0000000..448d03a --- /dev/null +++ b/SOURCES/0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch @@ -0,0 +1,88 @@ +From 034466b7734a2749346151d903bbd7c8a1288db1 Mon Sep 17 00:00:00 2001 +From: Sebastian Krahmer +Date: Tue, 12 Aug 2014 09:23:28 +0000 +Subject: [PATCH 71/74] OOB access when parsing MOK List/Certificates on MOK + enrollment + +--- + MokManager.c | 30 ++++++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +diff --git a/MokManager.c b/MokManager.c +index ecbcdd3..4a9b102 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -100,8 +100,18 @@ static UINT32 count_keys(void *Data, UINTN DataSize) + EFI_GUID HashType = EFI_CERT_SHA256_GUID; + UINTN dbsize = DataSize; + UINT32 MokNum = 0; ++ void *end = Data + DataSize; + + while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { ++ ++ /* Use ptr arithmetics to ensure bounded access. Do not allow 0 ++ * SignatureListSize that will cause endless loop. ++ */ ++ if ((void *)(CertList + 1) > end || CertList->SignatureListSize == 0) { ++ console_notify(L"Invalid MOK detected! Ignoring MOK List."); ++ return 0; ++ } ++ + if ((CompareGuid (&CertList->SignatureType, &CertType) != 0) && + (CompareGuid (&CertList->SignatureType, &HashType) != 0)) { + console_notify(L"Doesn't look like a key or hash"); +@@ -137,6 +147,7 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { + EFI_GUID HashType = EFI_CERT_SHA256_GUID; + UINTN dbsize = DataSize; + UINTN count = 0; ++ void *end = Data + DataSize; + + list = AllocatePool(sizeof(MokListNode) * num); + +@@ -146,6 +157,11 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { + } + + while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { ++ /* CertList out of bounds? */ ++ if ((void *)(CertList + 1) > end || CertList->SignatureListSize == 0) { ++ FreePool(list); ++ return NULL; ++ } + if ((CompareGuid (&CertList->SignatureType, &CertType) != 0) && + (CompareGuid (&CertList->SignatureType, &HashType) != 0)) { + dbsize -= CertList->SignatureListSize; +@@ -165,10 +181,22 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { + Cert = (EFI_SIGNATURE_DATA *) (((UINT8 *) CertList) + + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + ++ /* Cert out of bounds? */ ++ if ((void *)(Cert + 1) > end || CertList->SignatureSize <= sizeof(EFI_GUID)) { ++ FreePool(list); ++ return NULL; ++ } ++ + list[count].MokSize = CertList->SignatureSize - sizeof(EFI_GUID); + list[count].Mok = (void *)Cert->SignatureData; + list[count].Type = CertList->SignatureType; + ++ /* MOK out of bounds? */ ++ if (list[count].MokSize > end - (void *)list[count].Mok) { ++ FreePool(list); ++ return NULL; ++ } ++ + count++; + dbsize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + +@@ -449,6 +477,8 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) + } + + MokNum = count_keys(KeyList, KeyListSize); ++ if (MokNum == 0) ++ return 0; + keys = build_mok_list(MokNum, KeyList, KeyListSize); + + if (!keys) { +-- +1.9.3 + diff --git a/SOURCES/0072-Make-another-integer-compare-be-signed-unsigned-safe.patch b/SOURCES/0072-Make-another-integer-compare-be-signed-unsigned-safe.patch new file mode 100644 index 0000000..cb6cb15 --- /dev/null +++ b/SOURCES/0072-Make-another-integer-compare-be-signed-unsigned-safe.patch @@ -0,0 +1,28 @@ +From c622b677d67ebd88b94f13555b30da80ca74a8c1 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 21 Sep 2014 13:45:38 -0400 +Subject: [PATCH 72/74] Make another integer compare be signed/unsigned safe as + well. + +Signed-off-by: Peter Jones +--- + MokManager.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/MokManager.c b/MokManager.c +index 4a9b102..ee29051 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -192,7 +192,8 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { + list[count].Type = CertList->SignatureType; + + /* MOK out of bounds? */ +- if (list[count].MokSize > end - (void *)list[count].Mok) { ++ if (list[count].MokSize > (unsigned long)end - ++ (unsigned long)list[count].Mok) { + FreePool(list); + return NULL; + } +-- +1.9.3 + diff --git a/SOURCES/0073-Use-Werror-sign-compare.patch b/SOURCES/0073-Use-Werror-sign-compare.patch new file mode 100644 index 0000000..be6ff0c --- /dev/null +++ b/SOURCES/0073-Use-Werror-sign-compare.patch @@ -0,0 +1,28 @@ +From 6a115d038af259dd5b42f1651193eb0b8a83a5c8 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 21 Sep 2014 13:50:13 -0400 +Subject: [PATCH 73/74] Use -Werror=sign-compare . + +I'm going to have to fix any errors that have this anyway, so may as +well do it here properly. + +Signed-off-by: Peter Jones +--- + Makefile | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Makefile b/Makefile +index 5bc513c..694480b 100644 +--- a/Makefile ++++ b/Makefile +@@ -21,6 +21,7 @@ EFI_LDS = elf_$(ARCH)_efi.lds + DEFAULT_LOADER := \\\\grub.efi + CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ + -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ ++ -Werror=sign-compare \ + "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ + "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ + $(EFI_INCLUDES) +-- +1.9.3 + diff --git a/SOURCES/0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch b/SOURCES/0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch new file mode 100644 index 0000000..dea5584 --- /dev/null +++ b/SOURCES/0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch @@ -0,0 +1,32 @@ +From c0949c0a7916e81767ab35f67005b80cfb565e2c Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 21 Sep 2014 15:19:34 -0400 +Subject: [PATCH 74/74] Correctly reject bad tftp addresses earlier, rather + than later. + +This check is for end == NULL but was meant to be *end == '\0'. Without +this change, we'll pass a plausibly bad address (i.e. one with no ']' at +the end) to Mtftp(... READ_FILE ...), which should fail correctly, but +our error messaging will be inconsistent. + +Signed-off-by: Peter Jones +--- + netboot.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/netboot.c b/netboot.c +index f884cba..ad5d37e 100644 +--- a/netboot.c ++++ b/netboot.c +@@ -234,7 +234,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url) + return FALSE; + } + } +- if (end == '\0') { ++ if (*end == '\0') { + Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n"); + return FALSE; + } +-- +1.9.3 + diff --git a/SOURCES/rhtest.cer b/SOURCES/rhtest.cer new file mode 100644 index 0000000..7c21c7a Binary files /dev/null and b/SOURCES/rhtest.cer differ diff --git a/SOURCES/securebootca.cer b/SOURCES/securebootca.cer new file mode 100644 index 0000000..b235400 Binary files /dev/null and b/SOURCES/securebootca.cer differ diff --git a/SPECS/shim.spec b/SPECS/shim.spec new file mode 100644 index 0000000..ab52105 --- /dev/null +++ b/SPECS/shim.spec @@ -0,0 +1,297 @@ +Name: shim +Version: 0.7 +Release: 10%{?dist} +Summary: First-stage UEFI bootloader + +License: BSD +URL: http://www.codon.org.uk/~mjg59/shim/ +Source0: https://github.com/mjg59/shim/releases/download/%{version}/shim-%{version}.tar.bz2 +Source1: securebootca.cer +ExclusiveArch: aarch64 + +# incorporate mokutil for packaging simplicity +%global mokutilver 0.2.0 +Source2: https://github.com/lcp/mokutil/archive/mokutil-%{mokutilver}.tar.gz +# currently here's what's in our dbx: +# nothing. +#Source3: dbx.esl +Source4: rhtest.cer + +Patch0001: 0001-fix-verify_mok.patch +Patch0002: 0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch +Patch0003: 0003-netboot.h-fix-build-error-on-32-bit-systems.patch +Patch0004: 0004-properly-compile-OpenSSL-in-32-bit-mode.patch +Patch0005: 0005-fallback.c-fix-32-bit-compilation.patch +Patch0006: 0006-fix-fallback.so-build-dependency.patch +Patch0007: 0007-propagate-some-path-variables.patch +Patch0008: 0008-allow-32-bit-compilation-with-64-bit-compiler.patch +Patch0009: 0009-shim-improve-error-messages.patch +Patch0010: 0010-Clarify-meaning-of-insecure_mode.patch +Patch0011: 0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch +Patch0012: 0012-Fix-path-generation-for-Dhcpv4-bootloader.patch +Patch0013: 0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch +Patch0014: 0014-Fix-wrong-sizeof.patch +Patch0015: 0015-Initialize-entries-before-we-pass-it-to-another-func.patch +Patch0016: 0016-Rewrite-directory-traversal-allocation-path-so-cover.patch +Patch0017: 0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch +Patch0018: 0018-fallback-For-HD-device-paths-use-just-the-media-node.patch +Patch0019: 0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch +Patch0020: 0020-Add-a-preliminary-test-plan.patch +Patch0021: 0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch +Patch0022: 0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch +Patch0023: 0023-additional-bounds-checking-on-section-sizes.patch +Patch0024: 0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch +Patch0025: 0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch +Patch0026: 0026-fallback-Avoid-duplicate-old-BootOrder.patch +Patch0027: 0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch +Patch0028: 0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch +Patch0029: 0029-Fetch-the-netboot-image-from-the-same-device.patch +Patch0030: 0030-Check-the-first-4-bytes-of-the-certificate.patch +Patch0031: 0031-Remove-grubpath-in-generate_path.patch +Patch0032: 0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch +Patch0033: 0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch +Patch0034: 0034-Exclude-ca.crt-while-signing-EFI-images.patch +Patch0035: 0035-No-newline-for-console_notify.patch +Patch0036: 0036-Remove-the-duplicate-calls-in-lib-console.c.patch +Patch0037: 0037-Silence-the-functions-of-shim-protocol.patch +Patch0038: 0038-Free-the-string-from-DevicePathToStr.patch +Patch0039: 0039-Explain-the-logic-in-secure_mode-better.patch +Patch0040: 0040-Check-the-secure-variables-with-the-lib-functions.patch +Patch0041: 0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch +Patch0042: 0042-Simplify-the-checking-of-SB-and-DB-states.patch +Patch0043: 0043-Update-openssl-to-0.9.8za.patch +Patch0044: 0044-Replace-build-instructions-in-README-with-something-.patch +Patch0045: 0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch +Patch0046: 0046-unhook_system_services-bail-on-systab-NULL.patch +Patch0047: 0047-Factor-out-x86-isms-and-add-cross-compile-support.patch +Patch0048: 0048-Add-support-for-64-bit-ARM-AArch64.patch +Patch0049: 0049-Add-support-for-32-bit-ARM.patch +Patch0050: 0050-Update-openssl-to-0.9.8zb.patch +Patch0051: 0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch +Patch0052: 0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch +Patch0053: 0053-Don-t-name-something-exit.patch +Patch0054: 0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch +Patch0055: 0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch +Patch0056: 0056-Make-64-on-32-maybe-work-on-x86_64.patch +Patch0057: 0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch +Patch0058: 0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch +Patch0059: 0059-Fix-our-in_protocol-printing.patch +Patch0060: 0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch +Patch0061: 0061-Do-the-same-for-ia32.patch +Patch0062: 0062-Make-list_keys-index-variables-all-be-signed.patch +Patch0063: 0063-Revert-header-changes.patch +Patch0064: 0064-Actually-find-the-relocations-correctly-and-process-.patch +Patch0065: 0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch +Patch0066: 0066-Fix-some-minor-testplan-errors.patch +Patch0067: 0067-Don-t-verify-images-with-the-empty-build-key.patch +Patch0068: 0068-Cryptlib-remove-the-unused-files.patch +Patch0069: 0069-Another-testplan-error.patch +Patch0070: 0070-shim-buffer-overflow-on-ipv6-option-parsing.patch +Patch0071: 0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch +Patch0072: 0072-Make-another-integer-compare-be-signed-unsigned-safe.patch +Patch0073: 0073-Use-Werror-sign-compare.patch +Patch0074: 0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch +Patch0075: 0001-Align-the-sections-we-re-loading-and-check-for-valid.patch +Patch0076: 0001-fallback-Fix-comparison-between-signed-and-unsigned-.patch +Patch0077: 0002-Fix-length-of-allocated-buffer-for-boot-option-compa.patch +Patch0078: 0001-Make-lib-build-right-with-the-cflags-it-should-be-us.patch +Patch0079: 0002-Make-lib-use-the-right-CFLAGS.patch + +BuildRequires: git openssl-devel openssl +BuildRequires: pesign >= 0.106-1 +BuildRequires: gnu-efi = 3.0w, gnu-efi-devel = 3.0w + +# for xxd +BuildRequires: vim-common + +# for mokutil's configure +BuildRequires: autoconf automake + +# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not +# compatible with SysV (there's no red zone under UEFI) and there isn't a +# POSIX-style C library. +# BuildRequires: OpenSSL +Provides: bundled(openssl) = 0.9.8w + +# Shim is only required on platforms implementing the UEFI secure boot +# protocol. The only one of those we currently wish to support is 64-bit x86. +# Adding further platforms will require adding appropriate relocation code. +ExclusiveArch: x86_64 aarch64 + +%ifarch x86_64 +%global efiarch x64 +%endif +%ifarch aarch64 +%global efiarch aa64 +%endif + +# Figure out the right file path to use +%if 0%{?rhel} +%global efidir redhat +%endif +%if 0%{?fedora} +%global efidir fedora +%endif + +%description +Initial UEFI bootloader that handles chaining to a trusted full bootloader +under secure boot environments. + +%package -n shim-unsigned +Summary: First-stage UEFI bootloader (unsigned data) + +%description -n shim-unsigned +Initial UEFI bootloader that handles chaining to a trusted full bootloader +under secure boot environments. + +%package -n mokutil +Summary: Utilities for managing Secure Boot/MoK keys. + +%description -n mokutil +Utilities for managing the "Machine's Own Keys" list. + +%prep +%setup -q +%setup -q -a 2 -D -T + +git init +git config user.email "example@example.com" +git config user.name "rpmbuild -bp" +git add . +git commit -a -q -m "%{version} baseline." +git am --ignore-whitespace %{patches} shim.hash +install -D -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/shim/ +install -m 0644 shim.efi $RPM_BUILD_ROOT%{_datadir}/shim/shim.efi +install -m 0644 shim.hash $RPM_BUILD_ROOT%{_datadir}/shim/shim.hash +install -m 0644 fallback.efi $RPM_BUILD_ROOT%{_datadir}/shim/fallback.efi +install -m 0644 MokManager.efi $RPM_BUILD_ROOT%{_datadir}/shim/MokManager.efi +cd mokutil-%{mokutilver} +make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install + +%files -n shim-unsigned +%doc +%dir %{_datadir}/shim +%{_datadir}/shim/* + +%files -n mokutil +/usr/bin/mokutil +/usr/share/man/man1/mokutil.1.gz + +%changelog +* Wed Feb 25 2015 Peter Jones - 0.7-10 +- Fix a couple more minor bugs aavmf has found in fallback. + Related: rhbz#1190191 +- Build lib/ with the right CFLAGS + Related: rhbz#1190191 + +* Tue Feb 24 2015 Peter Jones - 0.7-9 +- Fix aarch64 section loading. + Related: rhbz#1190191 + +* Tue Sep 30 2014 Peter Jones - 0.7-8 +- Build -8 for arm as well. + Related: rhbz#1100048 +- out-of-bounds memory read flaw in DHCPv6 packet processing + Resolves: CVE-2014-3675 +- heap-based buffer overflow flaw in IPv6 address parsing + Resolves: CVE-2014-3676 +- memory corruption flaw when processing Machine Owner Keys (MOKs) + Resolves: CVE-2014-3677 + +* Tue Sep 23 2014 Peter Jones - 0.7-7 +- Use the right key for ARM Aarch64. + +* Sun Sep 21 2014 Peter Jones - 0.7-6 +- Preliminary build for ARM Aarch64. + +* Tue Feb 18 2014 Peter Jones - 0.7-5 +- Update for production signing + Resolves: rhbz#1064424 + Related: rhbz#1064449 + +* Thu Nov 21 2013 Peter Jones - 0.7-4 +- Make dhcpv4 paths work better when netbooting. + Resolves: rhbz#1032583 + +* Thu Nov 14 2013 Peter Jones - 0.7-3 +- Make lockdown include UEFI and other KEK/DB entries. + Resolves: rhbz#1030492 + +* Fri Nov 08 2013 Peter Jones - 0.7-2 +- Update lockdown to reflect SetupMode better as well + Related: rhbz#996863 + +* Wed Nov 06 2013 Peter Jones - 0.7-1 +- Fix logic to handle SetupMode efi variable. + Related: rhbz#996863 + +* Thu Oct 31 2013 Peter Jones - 0.6-1 +- Fix a FreePool(NULL) call on machines too old for SB + +* Fri Oct 04 2013 Peter Jones - 0.5-1 +- Update to 0.5 + +* Tue Aug 06 2013 Peter Jones - 0.4-3 +- Build with early RHEL test keys. + Related: rhbz#989442 + +* Thu Jul 25 2013 Peter Jones - 0.4-2 +- Fix minor RHEL 7.0 build issues + Resolves: rhbz#978766 +- Be less verbose by default + +* Tue Jun 11 2013 Peter Jones - 0.4-1 +- Update to 0.4 + +* Fri Jun 07 2013 Peter Jones - 0.3-2 +- Require gnu-efi-3.0q for now. +- Don't allow mmx or sse during compilation. +- Re-organize this so all real signing happens in shim-signed instead. +- Split out mokutil + +* Wed Dec 12 2012 Peter Jones - 0.2-3 +- Fix mokutil's idea of signature sizes. + +* Wed Nov 28 2012 Matthew Garrett - 0.2-2 +- Fix secure_mode() always returning true + +* Mon Nov 26 2012 Matthew Garrett - 0.2-1 +- Update shim +- Include mokutil +- Add debuginfo package since mokutil is a userspace executable + +* Mon Oct 22 2012 Peter Jones - 0.1-4 +- Produce an unsigned shim + +* Tue Aug 14 2012 Peter Jones - 0.1-3 +- Update how embedded cert and signing work. + +* Mon Aug 13 2012 Josh Boyer - 0.1-2 +- Add patch to fix image size calculation + +* Mon Aug 13 2012 Matthew Garrett - 0.1-1 +- initial release