From 7adeae169d9ed249b159f68bcae28f809333385c Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 19 2015 16:00:40 +0000 Subject: import shim-0.9-1.el7 --- diff --git a/.gitignore b/.gitignore index b1df45d..953d727 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ -SOURCES/mokutil-0.2.0.tar.gz -SOURCES/shim-0.7.tar.bz2 +SOURCES/shim-0.9.tar.bz2 diff --git a/.shim.metadata b/.shim.metadata index e5cb147..93bda97 100644 --- a/.shim.metadata +++ b/.shim.metadata @@ -1,2 +1 @@ -ef680b489eb689a390ed2e1470eaaf2682ad5072 SOURCES/mokutil-0.2.0.tar.gz -90d69f28accc9319a2e08fc23df76a8f117fb668 SOURCES/shim-0.7.tar.bz2 +44c1b426f515b86581f163ec85c9e3bb08bc9042 SOURCES/shim-0.9.tar.bz2 diff --git a/SOURCES/0001-Typo-on-aarch64.patch b/SOURCES/0001-Typo-on-aarch64.patch new file mode 100644 index 0000000..851fe4a --- /dev/null +++ b/SOURCES/0001-Typo-on-aarch64.patch @@ -0,0 +1,26 @@ +From db142ce288a63db2e8f7858ba7564158cc7a64e5 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 30 Jun 2015 14:54:43 -0400 +Subject: [PATCH] Typo on aarch64 :/ + +Signed-off-by: Peter Jones +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 46d0234..1181b8a 100644 +--- a/Makefile ++++ b/Makefile +@@ -52,7 +52,7 @@ ifeq ($(ARCH),ia32) + "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/ia32-$(VERSION)$(RELEASE)/\"" + endif + ifeq ($(ARCH),aarch64) +- CFLAGS += "-DEFI_ARCH=L\"aa64\"" ++ CFLAGS += "-DEFI_ARCH=L\"aa64\"" \ + "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/aa64-$(VERSION)$(RELEASE)/\"" + endif + +-- +2.4.3 + diff --git a/SOURCES/0001-fix-verify_mok.patch b/SOURCES/0001-fix-verify_mok.patch deleted file mode 100644 index 100115b..0000000 --- a/SOURCES/0001-fix-verify_mok.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 11495d4019d44dce1487939f91f7d751ffbb9730 Mon Sep 17 00:00:00 2001 -From: Andrew Boie -Date: Mon, 15 Apr 2013 14:11:17 -0700 -Subject: [PATCH 01/74] fix verify_mok() - -() Fix the return value semantics. If the MokList doesn't -exist, we are OK. If the MokList was compromised but we -were able to erase it, that is OK too. Only if the list -can't be nuked do we return an error. - -() Fix use of potentially uninitialized attribute variable - -() Actually use the return value when called from verify_buffer. - -Change-Id: If16df21d79c52a1726928df96d133390cde4cb7e -Signed-off-by: Andrew Boie ---- - shim.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/shim.c b/shim.c -index 23dd0ee..dcb36d0 100644 ---- a/shim.c -+++ b/shim.c -@@ -670,13 +670,12 @@ static EFI_STATUS verify_mok (void) { - status = get_variable_attr(L"MokList", &MokListData, &MokListDataSize, - shim_lock_guid, &attributes); - -- if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { -+ if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) { - Print(L"MokList is compromised!\nErase all keys in MokList!\n"); - if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) { - Print(L"Failed to erase MokList\n"); -+ return EFI_ACCESS_DENIED; - } -- status = EFI_ACCESS_DENIED; -- return status; - } - - if (MokListData) -@@ -722,7 +721,9 @@ static EFI_STATUS verify_buffer (char *data, int datasize, - /* - * Check that the MOK database hasn't been modified - */ -- verify_mok(); -+ status = verify_mok(); -+ if (status != EFI_SUCCESS) -+ return status; - - /* - * Ensure that the binary isn't blacklisted --- -1.9.3 - diff --git a/SOURCES/0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch b/SOURCES/0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch deleted file mode 100644 index e97a0a2..0000000 --- a/SOURCES/0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch +++ /dev/null @@ -1,175 +0,0 @@ -From 8e9d3af7b108cc76ce18017b3f58ad4b2e60989f Mon Sep 17 00:00:00 2001 -From: Mohanraj S -Date: Tue, 27 Aug 2013 09:27:00 -0700 -Subject: [PATCH 02/74] shim.c: Add support for hashing/relocation of 32-bit - binaries - -Change-Id: Ib93305f7f1691d1b142567507df1058de62dde06 -Signed-off-by: Andrew Boie ---- - shim.c | 72 +++++++++++++++++++++++++++++++++++++++++++++--------------------- - 1 file changed, 49 insertions(+), 23 deletions(-) - -diff --git a/shim.c b/shim.c -index dcb36d0..a043779 100644 ---- a/shim.c -+++ b/shim.c -@@ -126,7 +126,11 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - int size = context->ImageSize; - void *ImageEnd = (char *)data + size; - -+#if __LP64__ - context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data; -+#else -+ context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)data; -+#endif - - if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { - Print(L"Image has no relocation entry\n"); -@@ -141,7 +145,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - return EFI_UNSUPPORTED; - } - -- Adjust = (UINT64)data - context->ImageAddress; -+ Adjust = (UINTN)data - context->ImageAddress; - - if (Adjust == 0) - return EFI_SUCCESS; -@@ -549,9 +553,15 @@ static EFI_STATUS generate_hash (char *data, int datasize, - } - - /* Hash end of certificate table to end of image header */ -+#if __LP64__ - hashbase = (char *) &context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - hashsize = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders - - (int) ((char *) (&context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data); -+#else -+ hashbase = (char *) &context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; -+ hashsize = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders - -+ (int) ((char *) (&context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data); -+#endif - - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || - !(Sha1Update(sha1ctx, hashbase, hashsize))) { -@@ -561,7 +571,11 @@ static EFI_STATUS generate_hash (char *data, int datasize, - } - - /* Sort sections */ -+#if __LP64__ - SumOfBytesHashed = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; -+#else -+ SumOfBytesHashed = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders; -+#endif - - Section = (EFI_IMAGE_SECTION_HEADER *) ( - (char *)context->PEHdr + sizeof (UINT32) + -@@ -628,7 +642,11 @@ static EFI_STATUS generate_hash (char *data, int datasize, - hashbase = data + SumOfBytesHashed; - hashsize = (unsigned int)( - size - -+#if __LP64__ - context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - -+#else -+ context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - -+#endif - SumOfBytesHashed); - - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || -@@ -781,7 +799,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - { - EFI_IMAGE_DOS_HEADER *DosHdr = data; - EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr = data; -- unsigned long HeaderWithoutDataDir, SectionHeaderOffset; -+ unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize; - - if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) { - Print(L"Invalid image\n"); -@@ -790,18 +808,28 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - - if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) - PEHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)((char *)data + DosHdr->e_lfanew); -+#if __LP64__ -+ context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; -+ context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; -+ context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; -+ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64); -+#else -+ context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes; -+ context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders; -+ context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage; -+ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32); -+#endif -+ context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; - -- if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES -- < PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes) { -+ if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) { - Print(L"Image header too small\n"); - return EFI_UNSUPPORTED; - } - -- HeaderWithoutDataDir = sizeof (EFI_IMAGE_OPTIONAL_HEADER64) -+ HeaderWithoutDataDir = OptHeaderSize - - sizeof (EFI_IMAGE_DATA_DIRECTORY) * EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES; -- if (((UINT32)PEHdr->Pe32Plus.FileHeader.SizeOfOptionalHeader - HeaderWithoutDataDir) != -- PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes -- * sizeof (EFI_IMAGE_DATA_DIRECTORY)) { -+ if (((UINT32)PEHdr->Pe32.FileHeader.SizeOfOptionalHeader - HeaderWithoutDataDir) != -+ context->NumberOfRvaAndSizes * sizeof (EFI_IMAGE_DATA_DIRECTORY)) { - Print(L"Image header overflows data directory\n"); - return EFI_UNSUPPORTED; - } -@@ -809,15 +837,15 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - SectionHeaderOffset = DosHdr->e_lfanew - + sizeof (UINT32) - + sizeof (EFI_IMAGE_FILE_HEADER) -- + PEHdr->Pe32Plus.FileHeader.SizeOfOptionalHeader; -- if ((PEHdr->Pe32Plus.OptionalHeader.SizeOfImage - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER -- <= PEHdr->Pe32Plus.FileHeader.NumberOfSections) { -+ + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader; -+ if (((UINT32)context->ImageSize - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER -+ <= context->NumberOfSections) { - Print(L"Image sections overflow image size\n"); - return EFI_UNSUPPORTED; - } - -- if ((PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER -- < (UINT32)PEHdr->Pe32Plus.FileHeader.NumberOfSections) { -+ if ((context->SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER -+ < (UINT32)context->NumberOfSections) { - Print(L"Image sections overflow section headers\n"); - return EFI_UNSUPPORTED; - } -@@ -837,21 +865,19 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - return EFI_UNSUPPORTED; - } - -- if (PEHdr->Pe32.OptionalHeader.Magic != EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) { -- Print(L"Only 64-bit images supported\n"); -- return EFI_UNSUPPORTED; -- } -- - context->PEHdr = PEHdr; -+#if __LP64__ - context->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase; -- context->ImageSize = (UINT64)PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; -- context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; - context->EntryPoint = PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint; - context->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; -- context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; -- context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; -- context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER)); - context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; -+#else -+ context->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase; -+ context->EntryPoint = PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint; -+ context->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; -+ context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; -+#endif -+ context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER)); - - if (context->ImageSize < context->SizeOfHeaders) { - Print(L"Invalid image\n"); --- -1.9.3 - diff --git a/SOURCES/0003-netboot.h-fix-build-error-on-32-bit-systems.patch b/SOURCES/0003-netboot.h-fix-build-error-on-32-bit-systems.patch deleted file mode 100644 index 8d85654..0000000 --- a/SOURCES/0003-netboot.h-fix-build-error-on-32-bit-systems.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 434e854202236ec5809dbb96589fc34313dbff9e Mon Sep 17 00:00:00 2001 -From: Andrew Boie -Date: Thu, 31 Oct 2013 13:56:56 -0700 -Subject: [PATCH 03/74] netboot.h: fix build error on 32-bit systems - -Function prototype/implementation mismatch. - -Change-Id: I89aaae1b49d0372d3aed76fc21c194e0ae55f72e -Signed-off-by: Andrew Boie ---- - netboot.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/netboot.h b/netboot.h -index 2cdb421..6417373 100644 ---- a/netboot.h -+++ b/netboot.h -@@ -5,5 +5,5 @@ extern BOOLEAN findNetboot(EFI_HANDLE image_handle); - - extern EFI_STATUS parseNetbootinfo(EFI_HANDLE image_handle); - --extern EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINTN *bufsiz); -+extern EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINT64 *bufsiz); - #endif --- -1.9.3 - diff --git a/SOURCES/0004-properly-compile-OpenSSL-in-32-bit-mode.patch b/SOURCES/0004-properly-compile-OpenSSL-in-32-bit-mode.patch deleted file mode 100644 index f9b2147..0000000 --- a/SOURCES/0004-properly-compile-OpenSSL-in-32-bit-mode.patch +++ /dev/null @@ -1,34 +0,0 @@ -From c5ed2dfa5d9c2d5de33db290ae8cc237342dbc4c Mon Sep 17 00:00:00 2001 -From: Andrey Petrov -Date: Mon, 11 Nov 2013 13:46:42 -0800 -Subject: [PATCH 04/74] properly compile OpenSSL in 32-bit mode - -Change-Id: Iff3ee5ae0f0b95b282b99a23e465723b4e9f6104 -Signed-off-by: Andrey Petrov -Signed-off-by: Andrew Boie ---- - Cryptlib/OpenSSL/Makefile | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile -index c93d5af..3d5a87c 100644 ---- a/Cryptlib/OpenSSL/Makefile -+++ b/Cryptlib/OpenSSL/Makefile -@@ -10,9 +10,12 @@ LIB_GCC = $(shell $(CC) -print-libgcc-file-name) - EFI_LIBS = -lefi -lgnuefi $(LIB_GCC) - - CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ -- -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -DSIXTY_FOUR_BIT_LONG -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC -+ -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC - ifeq ($(ARCH),x86_64) -- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -+ CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG -+endif -+ifeq ($(ARCH),ia32) -+ CFLAGS += -DTHIRTY_TWO_BIT - endif - LDFLAGS = -nostdlib -znocombreloc - --- -1.9.3 - diff --git a/SOURCES/0005-fallback.c-fix-32-bit-compilation.patch b/SOURCES/0005-fallback.c-fix-32-bit-compilation.patch deleted file mode 100644 index 6380173..0000000 --- a/SOURCES/0005-fallback.c-fix-32-bit-compilation.patch +++ /dev/null @@ -1,38 +0,0 @@ -From d74ab697f7f20418eeb09f0291cc480d43241dea Mon Sep 17 00:00:00 2001 -From: Andrew Boie -Date: Mon, 11 Nov 2013 16:12:23 -0800 -Subject: [PATCH 05/74] fallback.c: fix 32-bit compilation - -fh->Read expects pointer to 32-bit int, use UINTN - -Change-Id: If1a728efd51a9a24dfcd8123e84bf4c0713491fe -Signed-off-by: Andrew Boie ---- - fallback.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/fallback.c b/fallback.c -index 82ddbf2..c875144 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -15,7 +15,7 @@ - EFI_LOADED_IMAGE *this_image = NULL; - - static EFI_STATUS --get_file_size(EFI_FILE_HANDLE fh, UINT64 *retsize) -+get_file_size(EFI_FILE_HANDLE fh, UINTN *retsize) - { - EFI_STATUS rc; - void *buffer = NULL; -@@ -60,7 +60,7 @@ read_file(EFI_FILE_HANDLE fh, CHAR16 *fullpath, CHAR16 **buffer, UINT64 *bs) - return rc; - } - -- UINT64 len = 0; -+ UINTN len = 0; - CHAR16 *b = NULL; - rc = get_file_size(fh2, &len); - if (EFI_ERROR(rc)) { --- -1.9.3 - diff --git a/SOURCES/0006-fix-fallback.so-build-dependency.patch b/SOURCES/0006-fix-fallback.so-build-dependency.patch deleted file mode 100644 index b03f3e8..0000000 --- a/SOURCES/0006-fix-fallback.so-build-dependency.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 06e15d762966d4224f7e54480b9213c4dcf1fe35 Mon Sep 17 00:00:00 2001 -From: Andrew Boie -Date: Mon, 11 Nov 2013 16:14:22 -0800 -Subject: [PATCH 06/74] fix fallback.so build dependency - -Exposed during parallel builds - -Change-Id: I9867858166dcafd69438f37ee5da14a267ace8f4 -Signed-off-by: Andrew Boie ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index a22c6b3..2eab862 100644 ---- a/Makefile -+++ b/Makefile -@@ -83,7 +83,7 @@ shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a - - fallback.o: $(FALLBACK_SRCS) - --fallback.so: $(FALLBACK_OBJS) -+fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a - $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) - - MokManager.o: $(MOK_SOURCES) --- -1.9.3 - diff --git a/SOURCES/0007-propagate-some-path-variables.patch b/SOURCES/0007-propagate-some-path-variables.patch deleted file mode 100644 index 640d021..0000000 --- a/SOURCES/0007-propagate-some-path-variables.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 476d376ed08e1431bf7e20bf47ea3fc6c36dd168 Mon Sep 17 00:00:00 2001 -From: Andrew Boie -Date: Mon, 11 Nov 2013 16:15:39 -0800 -Subject: [PATCH 07/74] propagate some path variables - -If these are overridden on the command line, pass them along to -the sub-makes. - -Change-Id: I531ccb5d2f5e4be8e99d4892cdcfffffc1ad9877 -Signed-off-by: Andrew Boie ---- - Makefile | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/Makefile b/Makefile -index 2eab862..d619ff4 100644 ---- a/Makefile -+++ b/Makefile -@@ -92,13 +92,13 @@ MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a - $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a - - Cryptlib/libcryptlib.a: -- $(MAKE) -C Cryptlib -+ $(MAKE) -C Cryptlib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) - - Cryptlib/OpenSSL/libopenssl.a: -- $(MAKE) -C Cryptlib/OpenSSL -+ $(MAKE) -C Cryptlib/OpenSSL EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) - - lib/lib.a: -- $(MAKE) -C lib EFI_PATH=$(EFI_PATH) -+ $(MAKE) -C lib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) - - %.efi: %.so - objcopy -j .text -j .sdata -j .data \ --- -1.9.3 - diff --git a/SOURCES/0008-allow-32-bit-compilation-with-64-bit-compiler.patch b/SOURCES/0008-allow-32-bit-compilation-with-64-bit-compiler.patch deleted file mode 100644 index 5305778..0000000 --- a/SOURCES/0008-allow-32-bit-compilation-with-64-bit-compiler.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 9712a7e77dc12f7569858b81d620d85301f50ede Mon Sep 17 00:00:00 2001 -From: Andrew Boie -Date: Mon, 11 Nov 2013 16:17:20 -0800 -Subject: [PATCH 08/74] allow 32-bit compilation with 64-bit compiler - -Also removed unused LIB_PATH from some Makefiles. - -Change-Id: I7d28d18f7531b51b6121a2ffb88bcaedec57c467 -Signed-off-by: Andrew Boie ---- - Cryptlib/Makefile | 5 +++-- - Cryptlib/OpenSSL/Makefile | 4 +--- - Makefile | 3 +++ - lib/Makefile | 3 +++ - 4 files changed, 10 insertions(+), 5 deletions(-) - -diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile -index a05a4db..d24e59e 100644 ---- a/Cryptlib/Makefile -+++ b/Cryptlib/Makefile -@@ -1,7 +1,5 @@ - ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) - --LIB_PATH = /usr/lib64 -- - EFI_INCLUDE = /usr/include/efi - EFI_INCLUDES = -nostdinc -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol - EFI_PATH = /usr/lib64/gnuefi -@@ -14,6 +12,9 @@ CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort- - ifeq ($(ARCH),x86_64) - CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI - endif -+ifeq ($(ARCH),ia32) -+ CFLAGS += -m32 -+endif - LDFLAGS = -nostdlib -znocombreloc - - TARGET = libcryptlib.a -diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile -index 3d5a87c..8e2f2a6 100644 ---- a/Cryptlib/OpenSSL/Makefile -+++ b/Cryptlib/OpenSSL/Makefile -@@ -1,7 +1,5 @@ - ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) - --LIB_PATH = /usr/lib64 -- - EFI_INCLUDE = /usr/include/efi - EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol - EFI_PATH = /usr/lib64/gnuefi -@@ -15,7 +13,7 @@ ifeq ($(ARCH),x86_64) - CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG - endif - ifeq ($(ARCH),ia32) -- CFLAGS += -DTHIRTY_TWO_BIT -+ CFLAGS += -m32 -DTHIRTY_TWO_BIT - endif - LDFLAGS = -nostdlib -znocombreloc - -diff --git a/Makefile b/Makefile -index d619ff4..e65d28d 100644 ---- a/Makefile -+++ b/Makefile -@@ -28,6 +28,9 @@ endif - ifeq ($(ARCH),x86_64) - CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI - endif -+ifeq ($(ARCH),ia32) -+ CFLAGS += -m32 -+endif - ifneq ($(origin VENDOR_CERT_FILE), undefined) - CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" - endif -diff --git a/lib/Makefile b/lib/Makefile -index adb0347..a9c9cf6 100644 ---- a/lib/Makefile -+++ b/lib/Makefile -@@ -17,6 +17,9 @@ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ - ifeq ($(ARCH),x86_64) - CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI - endif -+ifeq ($(ARCH),ia32) -+ CFLAGS += -m32 -+endif - - lib.a: $(LIBFILES) - ar rcs lib.a $(LIBFILES) --- -1.9.3 - diff --git a/SOURCES/0009-shim-improve-error-messages.patch b/SOURCES/0009-shim-improve-error-messages.patch deleted file mode 100644 index e18d66f..0000000 --- a/SOURCES/0009-shim-improve-error-messages.patch +++ /dev/null @@ -1,186 +0,0 @@ -From 2f09d0ab290d9b0d8aa14c3243f1d85a20bc34e6 Mon Sep 17 00:00:00 2001 -From: Andrew Boie -Date: Mon, 11 Nov 2013 17:29:06 -0800 -Subject: [PATCH 09/74] shim: improve error messages - -%r when used in Print() will show a string representation of -an EFI_STATUS code. - -Change-Id: I6db47f5213454603bd66177aca378ad01e9f0bd4 -Signed-off-by: Andrew Boie ---- - shim.c | 38 +++++++++++++++++++------------------- - 1 file changed, 19 insertions(+), 19 deletions(-) - -diff --git a/shim.c b/shim.c -index a043779..9ae1936 100644 ---- a/shim.c -+++ b/shim.c -@@ -914,7 +914,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - */ - efi_status = read_header(data, datasize, &context); - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to read header\n"); -+ Print(L"Failed to read header: %r\n", efi_status); - return efi_status; - } - -@@ -981,7 +981,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - efi_status = relocate_coff(&context, buffer); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Relocation failed\n"); -+ Print(L"Relocation failed: %r\n", efi_status); - FreePool(buffer); - return efi_status; - } -@@ -1022,7 +1022,7 @@ should_use_fallback(EFI_HANDLE image_handle) - rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, - &loaded_image_protocol, (void **)&li); - if (EFI_ERROR(rc)) { -- Print(L"Could not get image for bootx64.efi: %d\n", rc); -+ Print(L"Could not get image for bootx64.efi: %r\n", rc); - return 0; - } - -@@ -1044,13 +1044,13 @@ should_use_fallback(EFI_HANDLE image_handle) - rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle, - &FileSystemProtocol, (void **)&fio); - if (EFI_ERROR(rc)) { -- Print(L"Could not get fio for li->DeviceHandle: %d\n", rc); -+ Print(L"Could not get fio for li->DeviceHandle: %r\n", rc); - return 0; - } - - rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh); - if (EFI_ERROR(rc)) { -- Print(L"Could not open fio volume: %d\n", rc); -+ Print(L"Could not open fio volume: %r\n", rc); - return 0; - } - -@@ -1172,14 +1172,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, - (void **)&drive); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to find fs\n"); -+ Print(L"Failed to find fs: %r\n", efi_status); - goto error; - } - - efi_status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to open fs\n"); -+ Print(L"Failed to open fs: %r\n", efi_status); - goto error; - } - -@@ -1190,7 +1190,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, - EFI_FILE_MODE_READ, 0); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to open %s - %lx\n", PathName, efi_status); -+ Print(L"Failed to open %s - %r\n", PathName, efi_status); - goto error; - } - -@@ -1223,7 +1223,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, - } - - if (efi_status != EFI_SUCCESS) { -- Print(L"Unable to get file info\n"); -+ Print(L"Unable to get file info: %r\n", efi_status); - goto error; - } - -@@ -1251,7 +1251,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, - } - - if (efi_status != EFI_SUCCESS) { -- Print(L"Unexpected return from initial read: %x, buffersize %x\n", efi_status, buffersize); -+ Print(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize); - goto error; - } - -@@ -1328,20 +1328,20 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - efi_status = generate_path(li, ImagePath, &path, &PathName); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Unable to generate path: %s\n", ImagePath); -+ Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status); - goto done; - } - - if (findNetboot(image_handle)) { - efi_status = parseNetbootinfo(image_handle); - if (efi_status != EFI_SUCCESS) { -- Print(L"Netboot parsing failed: %d\n", efi_status); -+ Print(L"Netboot parsing failed: %r\n", efi_status); - return EFI_PROTOCOL_ERROR; - } - efi_status = FetchNetbootimage(image_handle, &sourcebuffer, - &sourcesize); - if (efi_status != EFI_SUCCESS) { -- Print(L"Unable to fetch TFTP image\n"); -+ Print(L"Unable to fetch TFTP image: %r\n", efi_status); - return efi_status; - } - data = sourcebuffer; -@@ -1353,7 +1353,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - efi_status = load_image(li, &data, &datasize, PathName); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to load image\n"); -+ Print(L"Failed to load image %s: %r\n", PathName, efi_status); - goto done; - } - } -@@ -1370,7 +1370,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - efi_status = handle_image(data, datasize, li); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to load image\n"); -+ Print(L"Failed to load image: %r\n", efi_status); - CopyMem(li, &li_bak, sizeof(li_bak)); - goto done; - } -@@ -1473,7 +1473,7 @@ EFI_STATUS mirror_mok_list() - | EFI_VARIABLE_RUNTIME_ACCESS, - FullDataSize, FullData); - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to set MokListRT %d\n", efi_status); -+ Print(L"Failed to set MokListRT: %r\n", efi_status); - } - - return efi_status; -@@ -1514,7 +1514,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) - efi_status = start_image(image_handle, MOK_MANAGER); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to start MokManager\n"); -+ Print(L"Failed to start MokManager: %r\n", efi_status); - return efi_status; - } - } -@@ -1621,7 +1621,7 @@ static EFI_STATUS mok_ignore_db() - | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, (void *)&Data); - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to set MokIgnoreDB %d\n", efi_status); -+ Print(L"Failed to set MokIgnoreDB: %r\n", efi_status); - } - } - -@@ -1648,7 +1648,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) - status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, - &LoadedImageProtocol, (void **) &li); - if (status != EFI_SUCCESS) { -- Print (L"Failed to get load options\n"); -+ Print (L"Failed to get load options: %r\n", status); - return status; - } - --- -1.9.3 - diff --git a/SOURCES/0010-Clarify-meaning-of-insecure_mode.patch b/SOURCES/0010-Clarify-meaning-of-insecure_mode.patch deleted file mode 100644 index 4807572..0000000 --- a/SOURCES/0010-Clarify-meaning-of-insecure_mode.patch +++ /dev/null @@ -1,99 +0,0 @@ -From d95b24bd02cf41cca9adebd95f10609d6424d2b3 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Tue, 19 Nov 2013 10:09:13 -0500 -Subject: [PATCH 10/74] Clarify meaning of insecure_mode - -insecure_mode was intended to indicate that the user had explicity disabled -checks with mokutil, which means it wasn't the opposite of secure_mode(). -Change the names to clarify this and don't show the insecure mode message -unless the user has explicitly enabled that mode. - -Signed-off-by: Matthew Garrett ---- - replacements.c | 6 ------ - shim.c | 12 ++++++------ - 2 files changed, 6 insertions(+), 12 deletions(-) - -diff --git a/replacements.c b/replacements.c -index bac5e5d..5ea5c32 100644 ---- a/replacements.c -+++ b/replacements.c -@@ -64,13 +64,9 @@ static typeof(systab->BootServices->StartImage) system_start_image; - static typeof(systab->BootServices->Exit) system_exit; - static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services; - --extern UINT8 insecure_mode; -- - void - unhook_system_services(void) - { -- if (insecure_mode) -- return; - systab->BootServices->Exit = system_exit; - systab->BootServices->StartImage = system_start_image; - systab->BootServices->ExitBootServices = system_exit_boot_services; -@@ -123,8 +119,6 @@ exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, - void - hook_system_services(EFI_SYSTEM_TABLE *local_systab) - { -- if (insecure_mode) -- return; - systab = local_systab; - - /* We need to hook various calls to make this work... */ -diff --git a/shim.c b/shim.c -index 9ae1936..524f5fc 100644 ---- a/shim.c -+++ b/shim.c -@@ -85,7 +85,7 @@ int loader_is_participating; - - #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }} - --UINT8 insecure_mode; -+UINT8 user_insecure_mode; - UINT8 ignore_db; - - typedef enum { -@@ -456,7 +456,7 @@ static BOOLEAN secure_mode (void) - UINT8 *Data; - UINT8 sb, setupmode; - -- if (insecure_mode) -+ if (user_insecure_mode) - return FALSE; - - status = get_variable(L"SecureBoot", &Data, &len, global_var); -@@ -1534,7 +1534,7 @@ static EFI_STATUS check_mok_sb (void) - UINTN MokSBStateSize = 0; - UINT32 attributes; - -- insecure_mode = 0; -+ user_insecure_mode = 0; - ignore_db = 0; - - status = get_variable_attr(L"MokSBState", &MokSBState, &MokSBStateSize, -@@ -1555,7 +1555,7 @@ static EFI_STATUS check_mok_sb (void) - status = EFI_ACCESS_DENIED; - } else { - if (*(UINT8 *)MokSBState == 1) { -- insecure_mode = 1; -+ user_insecure_mode = 1; - } - } - -@@ -1753,10 +1753,10 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) - /* - * Tell the user that we're in insecure mode if necessary - */ -- if (!secure_mode()) { -+ if (user_insecure_mode) { - Print(L"Booting in insecure mode\n"); - uefi_call_wrapper(BS->Stall, 1, 2000000); -- } else { -+ } else if (secure_mode()) { - /* - * Install our hooks for ExitBootServices() and StartImage() - */ --- -1.9.3 - diff --git a/SOURCES/0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch b/SOURCES/0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch deleted file mode 100644 index 11b612d..0000000 --- a/SOURCES/0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 8b48ec5c70cd97d37f48581a4eab8139c1a95a1f Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Tue, 19 Nov 2013 10:15:55 -0500 -Subject: [PATCH 11/74] Don't hook system services if shim has no built-in keys - -Shim should only need to enforce its security policy when its launching -binaries signed with its built-in key. Binaries signed by keys in db or -Mokdb should be able to rely on their own security policy. - -Signed-off-by: Matthew Garrett ---- - shim.c | 14 +++++++++----- - 1 file changed, 9 insertions(+), 5 deletions(-) - -diff --git a/shim.c b/shim.c -index 524f5fc..cf93d65 100644 ---- a/shim.c -+++ b/shim.c -@@ -1757,11 +1757,15 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) - Print(L"Booting in insecure mode\n"); - uefi_call_wrapper(BS->Stall, 1, 2000000); - } else if (secure_mode()) { -- /* -- * Install our hooks for ExitBootServices() and StartImage() -- */ -- hook_system_services(systab); -- loader_is_participating = 0; -+ if (vendor_cert_size || vendor_dbx_size) { -+ /* -+ * If shim includes its own certificates then ensure -+ * that anything it boots has performed some -+ * validation of the next image. -+ */ -+ hook_system_services(systab); -+ loader_is_participating = 0; -+ } - } - - /* --- -1.9.3 - diff --git a/SOURCES/0012-Fix-path-generation-for-Dhcpv4-bootloader.patch b/SOURCES/0012-Fix-path-generation-for-Dhcpv4-bootloader.patch deleted file mode 100644 index 9a19d58..0000000 --- a/SOURCES/0012-Fix-path-generation-for-Dhcpv4-bootloader.patch +++ /dev/null @@ -1,124 +0,0 @@ -From e62b69a5b0b87c6df7a4fc23906134945309e927 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 20 Nov 2013 12:20:23 -0500 -Subject: [PATCH 12/74] Fix path generation for Dhcpv4 bootloader. - -Right now we always look for e.g. "\grubx64.efi", which is completely -wrong. This makes it look for the path shim was loaded from and modify -that to end in a sanitized version of our default loader name. - -Resolves: rhbz#1032583 - -Signed-off-by: Peter Jones ---- - include/str.h | 45 +++++++++++++++++++++++++++++++++++++++++++++ - netboot.c | 28 +++++++++++++++++++++------- - 2 files changed, 66 insertions(+), 7 deletions(-) - create mode 100644 include/str.h - -diff --git a/include/str.h b/include/str.h -new file mode 100644 -index 0000000..0f3e003 ---- /dev/null -+++ b/include/str.h -@@ -0,0 +1,45 @@ -+#ifndef SHIM_STR_H -+#define SHIM_STR_H -+ -+static inline -+__attribute__((unused)) -+unsigned long strnlena(const CHAR8 *s, unsigned long n) -+{ -+ unsigned long i; -+ for (i = 0; i <= n; i++) -+ if (s[i] == '\0') -+ break; -+ return i; -+} -+ -+static inline -+__attribute__((unused)) -+CHAR8 * -+strncpya(CHAR8 *dest, const CHAR8 *src, unsigned long n) -+{ -+ unsigned long i; -+ -+ for (i = 0; i < n && src[i] != '\0'; i++) -+ dest[i] = src[i]; -+ for (; i < n; i++) -+ dest[i] = '\0'; -+ -+ return dest; -+} -+ -+static inline -+__attribute__((unused)) -+CHAR8 * -+strcata(CHAR8 *dest, const CHAR8 *src) -+{ -+ unsigned long dest_len = strlena(dest); -+ unsigned long i; -+ -+ for (i = 0; src[i] != '\0'; i++) -+ dest[dest_len + i] = src[i]; -+ dest[dest_len + i] = '\0'; -+ -+ return dest; -+} -+ -+#endif /* SHIM_STR_H */ -diff --git a/netboot.c b/netboot.c -index a83c82a..1732dc7 100644 ---- a/netboot.c -+++ b/netboot.c -@@ -38,6 +38,7 @@ - #include - #include "shim.h" - #include "netboot.h" -+#include "str.h" - - static inline unsigned short int __swap16(unsigned short int x) - { -@@ -305,19 +306,32 @@ static EFI_STATUS parseDhcp6() - - static EFI_STATUS parseDhcp4() - { -- CHAR8 *template = (CHAR8 *)DEFAULT_LOADER_CHAR; -- full_path = AllocateZeroPool(strlen(template)+1); -+ CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR); -+ UINTN template_len = strlen(template) + 1; -+ -+ UINTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127); -+ UINTN i; -+ UINT8 *dir = pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile; -+ -+ for (i = dir_len; i >= 0; i--) { -+ if (dir[i] == '/') -+ break; -+ } -+ dir_len = (i >= 0) ? i + 1 : 0; -+ -+ full_path = AllocateZeroPool(dir_len + template_len); - - if (!full_path) - return EFI_OUT_OF_RESOURCES; - -+ if (dir_len > 0) { -+ strncpya(full_path, dir, dir_len); -+ if (full_path[dir_len-1] == '/' && template[0] == '/') -+ full_path[dir_len-1] = '\0'; -+ } -+ strcata(full_path, template); - memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4); - -- memcpy(full_path, template, strlen(template)); -- -- /* Note we don't capture the filename option here because we know its shim.efi -- * We instead assume the filename at the end of the path is going to be grubx64.efi -- */ - return EFI_SUCCESS; - } - --- -1.9.3 - diff --git a/SOURCES/0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch b/SOURCES/0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch deleted file mode 100644 index ba79424..0000000 --- a/SOURCES/0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 27129a5a05d1947e6f7479766e8281d50d6031f6 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 21 Nov 2013 11:26:08 -0500 -Subject: [PATCH 13/74] Lengths that might be -1 can't be unsigned, Peter. - -Signed-off-by: Peter Jones ---- - netboot.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/netboot.c b/netboot.c -index 1732dc7..07e2773 100644 ---- a/netboot.c -+++ b/netboot.c -@@ -307,10 +307,10 @@ static EFI_STATUS parseDhcp6() - static EFI_STATUS parseDhcp4() - { - CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR); -- UINTN template_len = strlen(template) + 1; -+ INTN template_len = strlen(template) + 1; - -- UINTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127); -- UINTN i; -+ INTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127); -+ INTN i; - UINT8 *dir = pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile; - - for (i = dir_len; i >= 0; i--) { -@@ -329,6 +329,8 @@ static EFI_STATUS parseDhcp4() - if (full_path[dir_len-1] == '/' && template[0] == '/') - full_path[dir_len-1] = '\0'; - } -+ if (dir_len == 0 && dir[0] != '/' && template[0] == '/') -+ template++; - strcata(full_path, template); - memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4); - --- -1.9.3 - diff --git a/SOURCES/0014-Fix-wrong-sizeof.patch b/SOURCES/0014-Fix-wrong-sizeof.patch deleted file mode 100644 index cc8bd29..0000000 --- a/SOURCES/0014-Fix-wrong-sizeof.patch +++ /dev/null @@ -1,30 +0,0 @@ -From af25679e166da9bd32a0ed7fbf67a408dda7f71a Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 15 Nov 2013 09:21:53 -0500 -Subject: [PATCH 14/74] Fix wrong sizeof(). - -CHAR16* vs CHAR16**, so the result is the same on all platforms. - -Detected by coverity. - -Signed-off-by: Peter Jones ---- - lib/shell.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/shell.c b/lib/shell.c -index 51de4e0..7337834 100644 ---- a/lib/shell.c -+++ b/lib/shell.c -@@ -35,7 +35,7 @@ argsplit(EFI_HANDLE image, int *argc, CHAR16*** ARGV) - - (*argc)++; /* we counted spaces, so add one for initial */ - -- *ARGV = AllocatePool(*argc * sizeof(*ARGV)); -+ *ARGV = AllocatePool(*argc * sizeof(**ARGV)); - if (!*ARGV) { - return EFI_OUT_OF_RESOURCES; - } --- -1.9.3 - diff --git a/SOURCES/0015-Initialize-entries-before-we-pass-it-to-another-func.patch b/SOURCES/0015-Initialize-entries-before-we-pass-it-to-another-func.patch deleted file mode 100644 index 0249be8..0000000 --- a/SOURCES/0015-Initialize-entries-before-we-pass-it-to-another-func.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 4dbef508ab6359e8ca14df53b83f970bdeec17ba Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 15 Nov 2013 09:24:01 -0500 -Subject: [PATCH 15/74] Initialize entries before we pass it to another - function. - -Coverity scan noticed that entries is uninitialized when we pass its -location to another function. - -Signed-off-by: Peter Jones ---- - lib/simple_file.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/simple_file.c b/lib/simple_file.c -index 3af0ec8..d345d87 100644 ---- a/lib/simple_file.c -+++ b/lib/simple_file.c -@@ -415,7 +415,7 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name, - CHAR16 *filter, CHAR16 **result) - { - EFI_STATUS status; -- CHAR16 **entries; -+ CHAR16 **entries = NULL; - EFI_FILE_INFO *dmp; - int count, select, len; - CHAR16 *newname, *selected; --- -1.9.3 - diff --git a/SOURCES/0016-Rewrite-directory-traversal-allocation-path-so-cover.patch b/SOURCES/0016-Rewrite-directory-traversal-allocation-path-so-cover.patch deleted file mode 100644 index c373474..0000000 --- a/SOURCES/0016-Rewrite-directory-traversal-allocation-path-so-cover.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 3a7feeff6cdb3b96a1ef2ccff8c150e2324d50a9 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 15 Nov 2013 09:38:41 -0500 -Subject: [PATCH 16/74] Rewrite directory traversal allocation path so coverity - can grok it. - -The things we do for our tools. In this case, make the AllocatePool() -happen outside of a conditional, even though that conditional will -always bee satisfied. This way coverity won't think we're setting fi -to NULL and passing it to StrCaseCmp. - -Signed-off-by: Peter Jones ---- - fallback.c | 21 ++++++++++++++------- - 1 file changed, 14 insertions(+), 7 deletions(-) - -diff --git a/fallback.c b/fallback.c -index c875144..ba864ee 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -445,25 +445,32 @@ find_boot_csv(EFI_FILE_HANDLE fh, CHAR16 *dirname) - return EFI_SUCCESS; - } - FreePool(buffer); -+ buffer = NULL; - - bs = 0; - do { - bs = 0; - rc = uefi_call_wrapper(fh->Read, 3, fh, &bs, NULL); -- if (rc == EFI_BUFFER_TOO_SMALL) { -- buffer = AllocateZeroPool(bs); -- if (!buffer) { -- Print(L"Could not allocate memory\n"); -- return EFI_OUT_OF_RESOURCES; -- } -+ if (EFI_ERROR(rc) && rc != EFI_BUFFER_TOO_SMALL) { -+ Print(L"Could not read \\EFI\\%s\\: %d\n", dirname, rc); -+ if (buffer) -+ FreePool(buffer); -+ return rc; -+ } - -- rc = uefi_call_wrapper(fh->Read, 3, fh, &bs, buffer); -+ buffer = AllocateZeroPool(bs); -+ if (!buffer) { -+ Print(L"Could not allocate memory\n"); -+ return EFI_OUT_OF_RESOURCES; - } -+ -+ rc = uefi_call_wrapper(fh->Read, 3, fh, &bs, buffer); - if (EFI_ERROR(rc)) { - Print(L"Could not read \\EFI\\%s\\: %d\n", dirname, rc); - FreePool(buffer); - return rc; - } -+ - if (bs == 0) - break; - --- -1.9.3 - diff --git a/SOURCES/0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch b/SOURCES/0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch deleted file mode 100644 index 4e6ca54..0000000 --- a/SOURCES/0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 293f28d1fe3921c5348c60948b4dedcef5042d5b Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 15 Nov 2013 10:55:37 -0500 -Subject: [PATCH 17/74] Error check the right thing in get_variable_attr() when - allocating. - -Signed-off-by: Peter Jones ---- - lib/variables.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/variables.c b/lib/variables.c -index 81bd34d..3a9735e 100644 ---- a/lib/variables.c -+++ b/lib/variables.c -@@ -224,7 +224,7 @@ get_variable_attr(CHAR16 *var, UINT8 **data, UINTN *len, EFI_GUID owner, - return efi_status; - - *data = AllocateZeroPool(*len); -- if (!data) -+ if (!*data) - return EFI_OUT_OF_RESOURCES; - - efi_status = uefi_call_wrapper(RT->GetVariable, 5, var, &owner, --- -1.9.3 - diff --git a/SOURCES/0018-fallback-For-HD-device-paths-use-just-the-media-node.patch b/SOURCES/0018-fallback-For-HD-device-paths-use-just-the-media-node.patch deleted file mode 100644 index dd329ba..0000000 --- a/SOURCES/0018-fallback-For-HD-device-paths-use-just-the-media-node.patch +++ /dev/null @@ -1,219 +0,0 @@ -From dfd6c73a212f8cf6b32ce74807de9a08a87f0b79 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 31 Jan 2014 10:30:24 -0500 -Subject: [PATCH 18/74] [fallback] For HD() device paths, use just the media - node and later. - -UEFI 2.x section 3.1.2 provides for "short-form device path", where the -first element specified is a "hard drive media device path", so that you -can move a disk around on different buses without invalidating your -device path. Fallback has not been using this option, though in most -cases efibootmgr has. - -Note that we still keep the full device path, because LoadImage() -isn't necessarily the layer where HD() works - one some systems BDS is -responsible for resolving the full path and passes that to LoadImage() -instead. So we have to do LoadImage() with the full path. ---- - fallback.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++--------------- - 1 file changed, 78 insertions(+), 25 deletions(-) - -diff --git a/fallback.c b/fallback.c -index ba864ee..a12bb74 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -15,6 +15,27 @@ - EFI_LOADED_IMAGE *this_image = NULL; - - static EFI_STATUS -+FindSubDevicePath(EFI_DEVICE_PATH *In, UINT8 Type, UINT8 SubType, -+ EFI_DEVICE_PATH **Out) -+{ -+ EFI_DEVICE_PATH *dp = In; -+ if (!In || !Out) -+ return EFI_INVALID_PARAMETER; -+ -+ for (dp = In; !IsDevicePathEnd(dp); dp = NextDevicePathNode(dp)) { -+ if (DevicePathType(dp) == Type && -+ DevicePathSubType(dp) == SubType) { -+ *Out = DuplicateDevicePath(dp); -+ if (!*Out) -+ return EFI_OUT_OF_RESOURCES; -+ return EFI_SUCCESS; -+ } -+ } -+ *Out = NULL; -+ return EFI_NOT_FOUND; -+} -+ -+static EFI_STATUS - get_file_size(EFI_FILE_HANDLE fh, UINTN *retsize) - { - EFI_STATUS rc; -@@ -93,7 +114,9 @@ make_full_path(CHAR16 *dirname, CHAR16 *filename, CHAR16 **out, UINT64 *outlen) - { - UINT64 len; - -- len = StrLen(dirname) + StrLen(filename) + StrLen(L"\\EFI\\\\") + 2; -+ len = StrLen(L"\\EFI\\") + StrLen(dirname) -+ + StrLen(L"\\") + StrLen(filename) -+ + 2; - - CHAR16 *fullpath = AllocateZeroPool(len*sizeof(CHAR16)); - if (!fullpath) { -@@ -119,7 +142,8 @@ VOID *first_new_option_args = NULL; - UINTN first_new_option_size = 0; - - EFI_STATUS --add_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, CHAR16 *arguments) -+add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, -+ CHAR16 *filename, CHAR16 *label, CHAR16 *arguments) - { - static int i = 0; - CHAR16 varname[] = L"Boot0000"; -@@ -136,24 +160,31 @@ add_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, CHAR16 *ar - void *var = LibGetVariable(varname, &global); - if (!var) { - int size = sizeof(UINT32) + sizeof (UINT16) + -- StrLen(label)*2 + 2 + DevicePathSize(dp) + -- StrLen(arguments) * 2 + 2; -+ StrLen(label)*2 + 2 + DevicePathSize(hddp) + -+ StrLen(arguments) * 2; - - CHAR8 *data = AllocateZeroPool(size); - CHAR8 *cursor = data; - *(UINT32 *)cursor = LOAD_OPTION_ACTIVE; - cursor += sizeof (UINT32); -- *(UINT16 *)cursor = DevicePathSize(dp); -+ *(UINT16 *)cursor = DevicePathSize(hddp); - cursor += sizeof (UINT16); - StrCpy((CHAR16 *)cursor, label); - cursor += StrLen(label)*2 + 2; -- CopyMem(cursor, dp, DevicePathSize(dp)); -- cursor += DevicePathSize(dp); -+ CopyMem(cursor, hddp, DevicePathSize(hddp)); -+ cursor += DevicePathSize(hddp); - StrCpy((CHAR16 *)cursor, arguments); - - Print(L"Creating boot entry \"%s\" with label \"%s\" " - L"for file \"%s\"\n", - varname, label, filename); -+ -+ if (!first_new_option) { -+ first_new_option = DuplicateDevicePath(fulldp); -+ first_new_option_args = arguments; -+ first_new_option_size = StrLen(arguments) * sizeof (CHAR16); -+ } -+ - rc = uefi_call_wrapper(RT->SetVariable, 5, varname, - &global, EFI_VARIABLE_NON_VOLATILE | - EFI_VARIABLE_BOOTSERVICE_ACCESS | -@@ -254,7 +285,10 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * - if (EFI_ERROR(rc)) - return rc; - -- EFI_DEVICE_PATH *dph = NULL, *dpf = NULL, *dp = NULL; -+ EFI_DEVICE_PATH *dph = NULL; -+ EFI_DEVICE_PATH *file = NULL; -+ EFI_DEVICE_PATH *full_device_path = NULL; -+ EFI_DEVICE_PATH *dp = NULL; - - dph = DevicePathFromHandle(this_image->DeviceHandle); - if (!dph) { -@@ -262,19 +296,31 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * - goto err; - } - -- dpf = FileDevicePath(fh, fullpath); -- if (!dpf) { -+ file = FileDevicePath(fh, fullpath); -+ if (!file) { - rc = EFI_OUT_OF_RESOURCES; - goto err; - } - -- dp = AppendDevicePath(dph, dpf); -- if (!dp) { -+ full_device_path = AppendDevicePath(dph, file); -+ if (!full_device_path) { - rc = EFI_OUT_OF_RESOURCES; - goto err; - } - -+ rc = FindSubDevicePath(full_device_path, -+ MEDIA_DEVICE_PATH, MEDIA_HARDDRIVE_DP, &dp); -+ if (EFI_ERROR(rc)) { -+ if (rc == EFI_NOT_FOUND) { -+ dp = full_device_path; -+ } else { -+ rc = EFI_OUT_OF_RESOURCES; -+ goto err; -+ } -+ } -+ - #ifdef DEBUG_FALLBACK -+ { - UINTN s = DevicePathSize(dp); - int i; - UINT8 *dpv = (void *)dp; -@@ -287,20 +333,16 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * - - CHAR16 *dps = DevicePathToStr(dp); - Print(L"device path: \"%s\"\n", dps); --#endif -- if (!first_new_option) { -- CHAR16 *dps = DevicePathToStr(dp); -- Print(L"device path: \"%s\"\n", dps); -- first_new_option = DuplicateDevicePath(dp); -- first_new_option_args = arguments; -- first_new_option_size = StrLen(arguments) * sizeof (CHAR16); - } -+#endif - -- add_boot_option(dp, fullpath, label, arguments); -+ add_boot_option(dp, full_device_path, fullpath, label, arguments); - - err: -- if (dpf) -- FreePool(dpf); -+ if (file) -+ FreePool(file); -+ if (full_device_path) -+ FreePool(full_device_path); - if (dp) - FreePool(dp); - if (fullpath) -@@ -629,8 +671,19 @@ try_start_first_option(EFI_HANDLE parent_image_handle) - first_new_option, NULL, 0, - &image_handle); - if (EFI_ERROR(rc)) { -- Print(L"LoadImage failed: %d\n", rc); -- uefi_call_wrapper(BS->Stall, 1, 2000000); -+ CHAR16 *dps = DevicePathToStr(first_new_option); -+ UINTN s = DevicePathSize(first_new_option); -+ int i; -+ UINT8 *dpv = (void *)first_new_option; -+ Print(L"LoadImage failed: %d\nDevice path: \"%s\"\n", rc, dps); -+ for (i = 0; i < s; i++) { -+ if (i > 0 && i % 16 == 0) -+ Print(L"\n"); -+ Print(L"%02x ", dpv[i]); -+ } -+ Print(L"\n"); -+ -+ uefi_call_wrapper(BS->Stall, 1, 500000000); - return rc; - } - -@@ -644,7 +697,7 @@ try_start_first_option(EFI_HANDLE parent_image_handle) - rc = uefi_call_wrapper(BS->StartImage, 3, image_handle, NULL, NULL); - if (EFI_ERROR(rc)) { - Print(L"StartImage failed: %d\n", rc); -- uefi_call_wrapper(BS->Stall, 1, 2000000); -+ uefi_call_wrapper(BS->Stall, 1, 500000000); - } - return rc; - } --- -1.9.3 - diff --git a/SOURCES/0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch b/SOURCES/0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch deleted file mode 100644 index 6828caf..0000000 --- a/SOURCES/0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch +++ /dev/null @@ -1,147 +0,0 @@ -From 894a2738d6c843a7b51245fb92bb2f835901e613 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 31 Jan 2014 10:31:10 -0500 -Subject: [PATCH 19/74] [fallback] Attempt to re-use existing entries when - possible. - -Some firmwares seem to ignore our boot entries and put their fallback -entries back on top. Right now that results in a lot of boot entries -for our stuff, a la https://bugzilla.redhat.com/show_bug.cgi?id=995834 . - -Instead of that happening, if we simply find existing entries that match -the entry we would create and move them to the top of the boot order, -the machine will continue to operate in failure mode (which we can't -avoid), but at least we won't create thousands of extra entries. - -Signed-off-by: Peter Jones ---- - fallback.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 98 insertions(+), 1 deletion(-) - -diff --git a/fallback.c b/fallback.c -index a12bb74..44638ec 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -226,6 +226,85 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, - } - - EFI_STATUS -+find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, -+ CHAR16 *arguments, UINT16 *optnum) -+{ -+ int size = sizeof(UINT32) + sizeof (UINT16) + -+ StrLen(label)*2 + 2 + DevicePathSize(dp) + -+ StrLen(arguments) * 2 + 2; -+ -+ CHAR8 *data = AllocateZeroPool(size); -+ if (!data) -+ return EFI_OUT_OF_RESOURCES; -+ CHAR8 *cursor = data; -+ *(UINT32 *)cursor = LOAD_OPTION_ACTIVE; -+ cursor += sizeof (UINT32); -+ *(UINT16 *)cursor = DevicePathSize(dp); -+ cursor += sizeof (UINT16); -+ StrCpy((CHAR16 *)cursor, label); -+ cursor += StrLen(label)*2 + 2; -+ CopyMem(cursor, dp, DevicePathSize(dp)); -+ cursor += DevicePathSize(dp); -+ StrCpy((CHAR16 *)cursor, arguments); -+ -+ int i = 0; -+ CHAR16 varname[] = L"Boot0000"; -+ CHAR16 hexmap[] = L"0123456789ABCDEF"; -+ EFI_GUID global = EFI_GLOBAL_VARIABLE; -+ EFI_STATUS rc; -+ -+ CHAR8 *candidate = AllocateZeroPool(size); -+ if (!candidate) { -+ FreePool(data); -+ return EFI_OUT_OF_RESOURCES; -+ } -+ -+ for(i = 0; i < nbootorder && i < 0x10000; i++) { -+ varname[4] = hexmap[(bootorder[i] & 0xf000) >> 12]; -+ varname[5] = hexmap[(bootorder[i] & 0x0f00) >> 8]; -+ varname[6] = hexmap[(bootorder[i] & 0x00f0) >> 4]; -+ varname[7] = hexmap[(bootorder[i] & 0x000f) >> 0]; -+ -+ UINTN candidate_size = size; -+ rc = uefi_call_wrapper(RT->GetVariable, 5, varname, &global, -+ NULL, &candidate_size, candidate); -+ if (EFI_ERROR(rc)) -+ continue; -+ -+ if (candidate_size != size) -+ continue; -+ -+ if (CompareMem(candidate, data, size)) -+ continue; -+ -+ /* at this point, we have duplicate data. */ -+ *optnum = i; -+ FreePool(candidate); -+ FreePool(data); -+ return EFI_SUCCESS; -+ } -+ FreePool(candidate); -+ FreePool(data); -+ return EFI_NOT_FOUND; -+} -+ -+EFI_STATUS -+set_boot_order(void) -+{ -+ CHAR16 *oldbootorder; -+ UINTN size; -+ EFI_GUID global = EFI_GLOBAL_VARIABLE; -+ -+ oldbootorder = LibGetVariableAndSize(L"BootOrder", &global, &size); -+ if (oldbootorder) { -+ nbootorder = size / sizeof (CHAR16); -+ bootorder = oldbootorder; -+ } -+ return EFI_SUCCESS; -+ -+} -+ -+EFI_STATUS - update_boot_order(void) - { - CHAR16 *oldbootorder; -@@ -336,7 +415,23 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * - } - #endif - -- add_boot_option(dp, full_device_path, fullpath, label, arguments); -+ UINT16 option; -+ rc = find_boot_option(dp, fullpath, label, arguments, &option); -+ if (EFI_ERROR(rc)) { -+ add_boot_option(dp, full_device_path, fullpath, label, arguments); -+ } else if (option != 0) { -+ CHAR16 *newbootorder; -+ newbootorder = AllocateZeroPool(sizeof (CHAR16) * nbootorder); -+ if (!newbootorder) -+ return EFI_OUT_OF_RESOURCES; -+ -+ newbootorder[0] = bootorder[option]; -+ CopyMem(newbootorder + 1, bootorder, sizeof (CHAR16) * option); -+ CopyMem(newbootorder + option + 1, bootorder + option + 1, -+ sizeof (CHAR16) * (nbootorder - option - 1)); -+ FreePool(bootorder); -+ bootorder = newbootorder; -+ } - - err: - if (file) -@@ -717,6 +812,8 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) - - Print(L"System BootOrder not found. Initializing defaults.\n"); - -+ set_boot_order(); -+ - rc = find_boot_options(this_image->DeviceHandle); - if (EFI_ERROR(rc)) { - Print(L"Error: could not find boot options: %d\n", rc); --- -1.9.3 - diff --git a/SOURCES/0020-Add-a-preliminary-test-plan.patch b/SOURCES/0020-Add-a-preliminary-test-plan.patch deleted file mode 100644 index b1c5da4..0000000 --- a/SOURCES/0020-Add-a-preliminary-test-plan.patch +++ /dev/null @@ -1,104 +0,0 @@ -From ac356a0e7723662d0a83ca3991088ce346495772 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 14 Feb 2014 14:06:45 -0500 -Subject: [PATCH 20/74] Add a preliminary test plan. - -Because you know you wanted a test plan. You feel it deeply inside. - -Note that none of the /negative/ cases are tested yet. - -Signed-off-by: Peter Jones ---- - testplan.txt | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 80 insertions(+) - create mode 100644 testplan.txt - -diff --git a/testplan.txt b/testplan.txt -new file mode 100644 -index 0000000..118dfcd ---- /dev/null -+++ b/testplan.txt -@@ -0,0 +1,80 @@ -+How to test a new shim build for RHEL/fedora: -+ -+1) build pesign-test-app, and sign it with the appropriate key -+2) build shim with the appropriate key built in -+3) install pesign-test-app and shim-unsigned on the test machine -+4) make a lockdown.efi for "Red Hat Test Certificate" and put it in \EFI\test -+ mkdir /boot/efi/EFI/test/ -+ wget http://pjones.fedorapeople.org/shim/LockDown-rhtest.efi -+ mv LockDown-rhtest.efi /boot/efi/EFI/test/lockdown.efi -+5) sign shim with RHTC and put it in \EFI\test: -+ pesign -i /usr/share/shim/shim.efi -o /boot/efi/EFI/test/shim.efi \ -+ -s -c "Red Hat Test Certificate" -+6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi -+ cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \ -+ /boot/efi/EFI/test/test.efi -+7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\: -+ pesign -i /boot/efi/EFI/redhat/grubx64.efi -o grubx64-unsigned.efi \ -+ -r -u 0 -+ pesign -i grubx64-unsigned.efi -o /boot/efi/EFI/test/grub.efi \ -+ -s -c "Red Hat Test Certificate" -+8) sign a copy of mokmanager with RHTC and put it in \EFI\test: -+ pesign -i /usr/share/shim/MokManager.efi \ -+ -o /boot/efi/EFI/test/MokManager.efi -s \ -+ -c "Red Hat Test Certificate" -+9) copy grub.cfg to our test directory: -+ cp /boot/efi/EFI/redhat/grub.cfg /boot/efi/EFI/test/grub.cfg -+10) *move* \EFI\redhat\BOOT.CSV to \EFI\test -+ mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV -+11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi -+ rm -rf /boot/efi/EFI/BOOT/ -+ mkdir /boot/efi/EFI/BOOT/ -+ pesign -i /usr/share/shim/fallback.efi \ -+ -o /boot/efi/EFI/BOOT/fallback.efi \ -+ -s -c "Red Hat Test Certificate" -+12) put shim.efi there as well -+ cp /boot/efi/EFI/test/shim.efi /boot/efi/EFI/BOOT/BOOTX64.EFI -+13) enroll the current kernel's certificate with mokutil: -+ mokutil --import ~/redhatsecurebootca2.cer -+14) put machine in setup mode -+15) boot to the UEFI shell -+16) run lockdown.efi from #4: -+ fs0:\EFI\test\lockdown.efi -+17) enable secure boot verification -+18) verify it can't run other binaries: -+ fs0:\EFI\redhat\grubx64.efi -+ result should be an error, probably similar to: -+ "fs0:\...\grubx64.efi is not recognized as an internal or external command" -+19) copy test.efi to grubx64.efi: -+ cp \EFI\test\test.efi \EFI\test\grubx64.efi -+20) in the EFI shell, run fs0:\EFI\test\shim.efi -+21) you should see MokManager. Enroll the certificate you added in #13, and -+ the system will reboot. -+22) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi -+ result: "This is a test application that should be completely safe." -+ If you get the expected result, shim can run things signed by its internal -+ key ring. Check a box someplace that says it can do that. -+23) from the EFI shell, copy grub to grubx64.efi: -+ cp \EFI\test\grubx.efi \EFI\test\grubx64.efi -+24) in the EFI shell, run fs0:\EFI\test\shim.efi -+ result: this should start grub, which will let you boot a kernel -+ If grub starts, it means shim can run things signed by a key in the system's -+ db. Check a box someplace that says it can do that. -+ If the kernel boots, it means shim can run things from Mok. Check a box -+ someplace that says it can do that. -+25) remove all boot entries and the BootOrder variable: -+ [root@uefi ~]# cd /sys/firmware/efi/efivars/ -+ [root@uefi efivars]# rm -vf Boot[0123456789]* BootOrder-* -+ removed ‘Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c’ -+ removed ‘Boot0001-8be4df61-93ca-11d2-aa0d-00e098032b8c’ -+ removed ‘Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c’ -+ removed ‘Boot2001-8be4df61-93ca-11d2-aa0d-00e098032b8c’ -+ removed ‘BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c’ -+ [root@uefi efivars]# -+27) reboot -+28) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just -+ have an old machine. In that case, go to the EFI shell and run: -+ fs0:\EFI\BOOT\BOOTX64.EFI -+ If this works, you should see a bit of output very quickly and then the same -+ thing as #24. This means shim recognized it was in \EFI\BOOT and ran -+ fallback.efi, which worked. --- -1.9.3 - diff --git a/SOURCES/0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch b/SOURCES/0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch deleted file mode 100644 index a4cdb0d..0000000 --- a/SOURCES/0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch +++ /dev/null @@ -1,71 +0,0 @@ -From a0bb7822bc0745cba1af1c119fb9f7a0e5ec828c Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 14 Feb 2014 14:44:31 -0500 -Subject: [PATCH 21/74] Add a failure case to the test plan and fix an ordering - error. - -Signed-off-by: Peter Jones ---- - testplan.txt | 27 +++++++++++++++++---------- - 1 file changed, 17 insertions(+), 10 deletions(-) - -diff --git a/testplan.txt b/testplan.txt -index 118dfcd..2fbf238 100644 ---- a/testplan.txt -+++ b/testplan.txt -@@ -12,23 +12,26 @@ How to test a new shim build for RHEL/fedora: - -s -c "Red Hat Test Certificate" - 6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi - cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \ -- /boot/efi/EFI/test/test.efi --7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\: -- pesign -i /boot/efi/EFI/redhat/grubx64.efi -o grubx64-unsigned.efi \ -- -r -u 0 -- pesign -i grubx64-unsigned.efi -o /boot/efi/EFI/test/grub.efi \ -- -s -c "Red Hat Test Certificate" -+ /boot/efi/EFI/test/test.efi -+7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\ . Also -+ leave an unsigned copy there: -+ pesign -i /boot/efi/EFI/redhat/grubx64.efi \ -+ -o /boot/efi/EFI/test/grubx64-unsigned.efi \ -+ -r -u 0 -+ pesign -i /boot/efi/EFI/test/grubx64-unsigned.efi \ -+ -o /boot/efi/EFI/test/grub.efi \ -+ -s -c "Red Hat Test Certificate" - 8) sign a copy of mokmanager with RHTC and put it in \EFI\test: - pesign -i /usr/share/shim/MokManager.efi \ -- -o /boot/efi/EFI/test/MokManager.efi -s \ -+ -o /boot/efi/EFI/test/MokManager.efi -s \ - -c "Red Hat Test Certificate" - 9) copy grub.cfg to our test directory: - cp /boot/efi/EFI/redhat/grub.cfg /boot/efi/EFI/test/grub.cfg - 10) *move* \EFI\redhat\BOOT.CSV to \EFI\test -- mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV --11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi - rm -rf /boot/efi/EFI/BOOT/ - mkdir /boot/efi/EFI/BOOT/ -+ mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV -+11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi - pesign -i /usr/share/shim/fallback.efi \ - -o /boot/efi/EFI/BOOT/fallback.efi \ - -s -c "Red Hat Test Certificate" -@@ -55,7 +58,7 @@ How to test a new shim build for RHEL/fedora: - If you get the expected result, shim can run things signed by its internal - key ring. Check a box someplace that says it can do that. - 23) from the EFI shell, copy grub to grubx64.efi: -- cp \EFI\test\grubx.efi \EFI\test\grubx64.efi -+ cp \EFI\test\grub.efi \EFI\test\grubx64.efi - 24) in the EFI shell, run fs0:\EFI\test\shim.efi - result: this should start grub, which will let you boot a kernel - If grub starts, it means shim can run things signed by a key in the system's -@@ -78,3 +81,7 @@ How to test a new shim build for RHEL/fedora: - If this works, you should see a bit of output very quickly and then the same - thing as #24. This means shim recognized it was in \EFI\BOOT and ran - fallback.efi, which worked. -+29) copy the unsigned grub into place and reboot: -+ cp /boot/efi/EFI/test/grubx64-unsigned.efi /boot/efi/EFI/test/grubx64.efi -+30) reboot again. -+ result: shim should refuse to load grub. --- -1.9.3 - diff --git a/SOURCES/0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch b/SOURCES/0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch deleted file mode 100644 index c92e451..0000000 --- a/SOURCES/0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch +++ /dev/null @@ -1,250 +0,0 @@ -From 06495f692fa748a553ffbde8bfae2974d8c791c0 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 14 Feb 2014 15:38:25 -0500 -Subject: [PATCH 22/74] Allow fallback to use the system's LoadImage/StartImage - . - -Track use of the system's LoadImage(), and when the next StartImage() -call is for an image the system verified, allow that to count as -participating, since it has been verified by the system's db. - -Signed-off-by: Peter Jones ---- - replacements.c | 68 +++++++++++++++++++++++++++++++++++++++++++++- - replacements.h | 3 +++ - shim.c | 85 +++++++++++++++++++++++++++++++++++----------------------- - 3 files changed, 121 insertions(+), 35 deletions(-) - -diff --git a/replacements.c b/replacements.c -index 5ea5c32..48dc437 100644 ---- a/replacements.c -+++ b/replacements.c -@@ -60,26 +60,82 @@ - - static EFI_SYSTEM_TABLE *systab; - -+static typeof(systab->BootServices->LoadImage) system_load_image; - static typeof(systab->BootServices->StartImage) system_start_image; - static typeof(systab->BootServices->Exit) system_exit; - static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services; - -+static EFI_HANDLE last_loaded_image; -+ - void - unhook_system_services(void) - { - systab->BootServices->Exit = system_exit; -+ systab->BootServices->LoadImage = system_load_image; - systab->BootServices->StartImage = system_start_image; - systab->BootServices->ExitBootServices = system_exit_boot_services; - } - - static EFI_STATUS EFIAPI -+load_image(BOOLEAN BootPolicy, EFI_HANDLE ParentImageHandle, -+ EFI_DEVICE_PATH *DevicePath, VOID *SourceBuffer, -+ UINTN SourceSize, EFI_HANDLE *ImageHandle) -+{ -+ EFI_STATUS status; -+ unhook_system_services(); -+ -+ status = systab->BootServices->LoadImage(BootPolicy, -+ ParentImageHandle, DevicePath, -+ SourceBuffer, SourceSize, ImageHandle); -+ hook_system_services(systab); -+ if (EFI_ERROR(status)) -+ last_loaded_image = NULL; -+ else -+ last_loaded_image = *ImageHandle; -+ return status; -+} -+ -+static EFI_STATUS EFIAPI - start_image(EFI_HANDLE image_handle, UINTN *exit_data_size, CHAR16 **exit_data) - { - EFI_STATUS status; - unhook_system_services(); -+ -+ /* We have to uninstall shim's protocol here, because if we're -+ * On the fallback.efi path, then our call pathway is: -+ * -+ * shim->fallback->shim->grub -+ * ^ ^ ^ -+ * | | \- gets protocol #0 -+ * | \- installs its protocol (#1) -+ * \- installs its protocol (#0) -+ * and if we haven't removed this, then grub will get the *first* -+ * shim's protocol, but it'll get the second shim's systab -+ * replacements. So even though it will participate and verify -+ * the kernel, the systab never finds out. -+ */ -+ if (image_handle == last_loaded_image) { -+ loader_is_participating = 1; -+ uninstall_shim_protocols(); -+ } - status = systab->BootServices->StartImage(image_handle, exit_data_size, exit_data); -- if (EFI_ERROR(status)) -+ if (EFI_ERROR(status)) { -+ if (image_handle == last_loaded_image) { -+ EFI_STATUS status2 = install_shim_protocols(); -+ -+ if (EFI_ERROR(status2)) { -+ Print(L"Something has gone seriously wrong: %d\n", -+ status2); -+ Print(L"shim cannot continue, sorry.\n"); -+ systab->BootServices->Stall(5000000); -+ systab->RuntimeServices->ResetSystem( -+ EfiResetShutdown, -+ EFI_SECURITY_VIOLATION, 0, NULL); -+ } -+ } - hook_system_services(systab); -+ loader_is_participating = 0; -+ } - return status; - } - -@@ -123,6 +179,16 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab) - - /* We need to hook various calls to make this work... */ - -+ /* We need LoadImage() hooked so that fallback.c can load shim -+ * without having to fake LoadImage as well. This allows it -+ * to call the system LoadImage(), and have us track the output -+ * and mark loader_is_participating in start_image. This means -+ * anything added by fallback has to be verified by the system db, -+ * which we want to preserve anyway, since that's all launching -+ * through BDS gives us. */ -+ system_load_image = systab->BootServices->LoadImage; -+ systab->BootServices->LoadImage = load_image; -+ - /* we need StartImage() so that we can allow chain booting to an - * image trusted by the firmware */ - system_start_image = systab->BootServices->StartImage; -diff --git a/replacements.h b/replacements.h -index 5b57bc2..bd09424 100644 ---- a/replacements.h -+++ b/replacements.h -@@ -41,4 +41,7 @@ extern int loader_is_participating; - extern void hook_system_services(EFI_SYSTEM_TABLE *local_systab); - extern void unhook_system_services(void); - -+extern EFI_STATUS install_shim_protocols(void); -+extern void uninstall_shim_protocols(void); -+ - #endif /* SHIM_REPLACEMENTS_H */ -diff --git a/shim.c b/shim.c -index cf93d65..0e18d38 100644 ---- a/shim.c -+++ b/shim.c -@@ -1707,11 +1707,56 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) - return EFI_SUCCESS; - } - --EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) -+static SHIM_LOCK shim_lock_interface; -+static EFI_HANDLE shim_lock_handle; -+ -+EFI_STATUS -+install_shim_protocols(void) -+{ -+ EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; -+ EFI_STATUS efi_status; -+ /* -+ * Install the protocol -+ */ -+ efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4, -+ &shim_lock_handle, &shim_lock_guid, -+ EFI_NATIVE_INTERFACE, &shim_lock_interface); -+ if (EFI_ERROR(efi_status)) { -+ console_error(L"Could not install security protocol", -+ efi_status); -+ return efi_status; -+ } -+ -+#if defined(OVERRIDE_SECURITY_POLICY) -+ /* -+ * Install the security protocol hook -+ */ -+ security_policy_install(shim_verify); -+#endif -+ -+ return EFI_SUCCESS; -+} -+ -+void -+uninstall_shim_protocols(void) - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; -- static SHIM_LOCK shim_lock_interface; -- EFI_HANDLE handle = NULL; -+#if defined(OVERRIDE_SECURITY_POLICY) -+ /* -+ * Clean up the security protocol hook -+ */ -+ security_policy_uninstall(); -+#endif -+ -+ /* -+ * If we're back here then clean everything up before exiting -+ */ -+ uefi_call_wrapper(BS->UninstallProtocolInterface, 3, shim_lock_handle, -+ &shim_lock_guid, &shim_lock_interface); -+} -+ -+EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) -+{ - EFI_STATUS efi_status; - - verification_method = VERIFIED_BY_NOTHING; -@@ -1768,24 +1813,9 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) - } - } - -- /* -- * Install the protocol -- */ -- efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4, -- &handle, &shim_lock_guid, EFI_NATIVE_INTERFACE, -- &shim_lock_interface); -- if (EFI_ERROR(efi_status)) { -- console_error(L"Could not install security protocol", -- efi_status); -+ efi_status = install_shim_protocols(); -+ if (EFI_ERROR(efi_status)) - return efi_status; -- } -- --#if defined(OVERRIDE_SECURITY_POLICY) -- /* -- * Install the security protocol hook -- */ -- security_policy_install(shim_verify); --#endif - - /* - * Enter MokManager if necessary -@@ -1810,20 +1840,7 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) - - efi_status = init_grub(image_handle); - --#if defined(OVERRIDE_SECURITY_POLICY) -- /* -- * Clean up the security protocol hook -- */ -- security_policy_uninstall(); --#endif -- -- /* -- * If we're back here then clean everything up before exiting -- */ -- uefi_call_wrapper(BS->UninstallProtocolInterface, 3, handle, -- &shim_lock_guid, &shim_lock_interface); -- -- -+ uninstall_shim_protocols(); - /* - * Remove our hooks from system services. - */ --- -1.9.3 - diff --git a/SOURCES/0023-additional-bounds-checking-on-section-sizes.patch b/SOURCES/0023-additional-bounds-checking-on-section-sizes.patch deleted file mode 100644 index da3bb7d..0000000 --- a/SOURCES/0023-additional-bounds-checking-on-section-sizes.patch +++ /dev/null @@ -1,295 +0,0 @@ -From 5495694c043de510aaf8ff5dcbe17b6547794083 Mon Sep 17 00:00:00 2001 -From: Kees Cook -Date: Mon, 3 Dec 2012 15:52:48 -0800 -Subject: [PATCH 23/74] additional bounds-checking on section sizes - -This adds additional bounds-checking on the section sizes. Also adds --Wsign-compare to the Makefile and replaces some signed variables with -unsigned counteparts for robustness. - -Signed-off-by: Kees Cook ---- - Makefile | 3 ++- - MokManager.c | 6 ++--- - PasswordCrypt.c | 4 +-- - fallback.c | 4 +-- - shim.c | 83 +++++++++++++++++++++++++++++++++++++++------------------ - 5 files changed, 66 insertions(+), 34 deletions(-) - -diff --git a/Makefile b/Makefile -index e65d28d..46e5ef9 100644 ---- a/Makefile -+++ b/Makefile -@@ -16,7 +16,8 @@ EFI_LDS = elf_$(ARCH)_efi.lds - - DEFAULT_LOADER := \\\\grub.efi - CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ -- -fshort-wchar -Wall -Werror -mno-red-zone -maccumulate-outgoing-args \ -+ -fshort-wchar -Wall -Wsign-compare -Werror \ -+ -mno-red-zone -maccumulate-outgoing-args \ - -mno-mmx -mno-sse -fno-builtin \ - "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ - "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ -diff --git a/MokManager.c b/MokManager.c -index f5ed379..3da61f4 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -440,7 +440,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) - MokListNode *keys = NULL; - INTN key_num = 0; - CHAR16 **menu_strings; -- int i; -+ unsigned int i; - - if (KeyListSize < (sizeof(EFI_SIGNATURE_LIST) + - sizeof(EFI_SIGNATURE_DATA))) { -@@ -491,7 +491,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) - static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show) - { - EFI_INPUT_KEY key; -- int count = 0; -+ unsigned int count = 0; - - do { - key = console_get_keystroke(); -@@ -640,7 +640,7 @@ static EFI_STATUS match_password (PASSWORD_CRYPT *pw_crypt, - CHAR16 password[PASSWORD_MAX]; - UINT32 pw_length; - UINT8 fail_count = 0; -- int i; -+ unsigned int i; - - if (pw_crypt) { - auth_hash = pw_crypt->hash; -diff --git a/PasswordCrypt.c b/PasswordCrypt.c -index 8d72a82..e0a82cf 100644 ---- a/PasswordCrypt.c -+++ b/PasswordCrypt.c -@@ -154,7 +154,7 @@ static EFI_STATUS sha256_crypt (const char *key, UINT32 key_len, - CopyMem(cp, tmp_result, cnt); - - SHA256_Init(&alt_ctx); -- for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) -+ for (cnt = 0; cnt < 16ul + alt_result[0]; ++cnt) - SHA256_Update(&alt_ctx, salt, salt_size); - SHA256_Final(tmp_result, &alt_ctx); - -@@ -242,7 +242,7 @@ static EFI_STATUS sha512_crypt (const char *key, UINT32 key_len, - CopyMem(cp, tmp_result, cnt); - - SHA512_Init(&alt_ctx); -- for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) -+ for (cnt = 0; cnt < 16ul + alt_result[0]; ++cnt) - SHA512_Update(&alt_ctx, salt, salt_size); - SHA512_Final(tmp_result, &alt_ctx); - -diff --git a/fallback.c b/fallback.c -index 44638ec..bc9a3c9 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -229,7 +229,7 @@ EFI_STATUS - find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, - CHAR16 *arguments, UINT16 *optnum) - { -- int size = sizeof(UINT32) + sizeof (UINT16) + -+ unsigned int size = sizeof(UINT32) + sizeof (UINT16) + - StrLen(label)*2 + 2 + DevicePathSize(dp) + - StrLen(arguments) * 2 + 2; - -@@ -768,7 +768,7 @@ try_start_first_option(EFI_HANDLE parent_image_handle) - if (EFI_ERROR(rc)) { - CHAR16 *dps = DevicePathToStr(first_new_option); - UINTN s = DevicePathSize(first_new_option); -- int i; -+ unsigned int i; - UINT8 *dpv = (void *)first_new_option; - Print(L"LoadImage failed: %d\nDevice path: \"%s\"\n", rc, dps); - for (i = 0; i < s; i++) { -diff --git a/shim.c b/shim.c -index 0e18d38..8c583a4 100644 ---- a/shim.c -+++ b/shim.c -@@ -102,7 +102,7 @@ typedef struct { - /* - * Perform basic bounds checking of the intra-image pointers - */ --static void *ImageAddress (void *image, int size, unsigned int address) -+static void *ImageAddress (void *image, unsigned int size, unsigned int address) - { - if (address > size) - return NULL; -@@ -494,18 +494,19 @@ static BOOLEAN secure_mode (void) - * Calculate the SHA1 and SHA256 hashes of a binary - */ - --static EFI_STATUS generate_hash (char *data, int datasize, -+static EFI_STATUS generate_hash (char *data, int datasize_in, - PE_COFF_LOADER_IMAGE_CONTEXT *context, - UINT8 *sha256hash, UINT8 *sha1hash) - - { - unsigned int sha256ctxsize, sha1ctxsize; -- unsigned int size = datasize; -+ unsigned int size = datasize_in; - void *sha256ctx = NULL, *sha1ctx = NULL; - char *hashbase; - unsigned int hashsize; - unsigned int SumOfBytesHashed, SumOfSectionBytes; - unsigned int index, pos; -+ unsigned int datasize; - EFI_IMAGE_SECTION_HEADER *Section; - EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL; - EFI_IMAGE_SECTION_HEADER *SectionCache; -@@ -517,6 +518,12 @@ static EFI_STATUS generate_hash (char *data, int datasize, - sha1ctxsize = Sha1GetContextSize(); - sha1ctx = AllocatePool(sha1ctxsize); - -+ if (datasize_in < 0) { -+ Print(L"Invalid data size\n"); -+ return EFI_INVALID_PARAMETER; -+ } -+ size = datasize = (unsigned int)datasize_in; -+ - if (!sha256ctx || !sha1ctx) { - Print(L"Unable to allocate memory for hash context\n"); - return EFI_OUT_OF_RESOURCES; -@@ -577,22 +584,29 @@ static EFI_STATUS generate_hash (char *data, int datasize, - SumOfBytesHashed = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders; - #endif - -- Section = (EFI_IMAGE_SECTION_HEADER *) ( -- (char *)context->PEHdr + sizeof (UINT32) + -- sizeof (EFI_IMAGE_FILE_HEADER) + -- context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader -- ); -- -- SectionCache = Section; -- -+ /* Validate section locations and sizes */ - for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++, SectionCache++) { -- SumOfSectionBytes += SectionCache->SizeOfRawData; -- } -- -- if (SumOfSectionBytes >= datasize) { -- Print(L"Malformed binary: %x %x\n", SumOfSectionBytes, size); -- status = EFI_INVALID_PARAMETER; -- goto done; -+ EFI_IMAGE_SECTION_HEADER *SectionPtr; -+ -+ /* Validate SectionPtr is within image */ -+ SectionPtr = ImageAddress(data, datasize, -+ sizeof (UINT32) + -+ sizeof (EFI_IMAGE_FILE_HEADER) + -+ context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + -+ (index * sizeof(*SectionPtr))); -+ if (!SectionPtr) { -+ Print(L"Malformed section %d\n", index); -+ status = EFI_INVALID_PARAMETER; -+ goto done; -+ } -+ /* Validate section size is within image. */ -+ if (SectionPtr->SizeOfRawData > -+ datasize - SumOfBytesHashed - SumOfSectionBytes) { -+ Print(L"Malformed section %d size\n", index); -+ status = EFI_INVALID_PARAMETER; -+ goto done; -+ } -+ SumOfSectionBytes += SectionPtr->SizeOfRawData; - } - - SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * context->PEHdr->Pe32.FileHeader.NumberOfSections); -@@ -602,6 +616,11 @@ static EFI_STATUS generate_hash (char *data, int datasize, - goto done; - } - -+ /* Already validated above */ -+ Section = ImageAddress(data, datasize, sizeof (UINT32) + -+ sizeof (EFI_IMAGE_FILE_HEADER) + -+ context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader); -+ - /* Sort the section headers */ - for (index = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) { - pos = index; -@@ -620,7 +639,6 @@ static EFI_STATUS generate_hash (char *data, int datasize, - continue; - } - hashbase = ImageAddress(data, size, Section->PointerToRawData); -- hashsize = (unsigned int) Section->SizeOfRawData; - - if (!hashbase) { - Print(L"Malformed section header\n"); -@@ -628,6 +646,15 @@ static EFI_STATUS generate_hash (char *data, int datasize, - goto done; - } - -+ /* Verify hashsize within image. */ -+ if (Section->SizeOfRawData > -+ datasize - Section->PointerToRawData) { -+ Print(L"Malformed section raw size %d\n", index); -+ status = EFI_INVALID_PARAMETER; -+ goto done; -+ } -+ hashsize = (unsigned int) Section->SizeOfRawData; -+ - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || - !(Sha1Update(sha1ctx, hashbase, hashsize))) { - Print(L"Unable to generate hash\n"); -@@ -638,10 +665,10 @@ static EFI_STATUS generate_hash (char *data, int datasize, - } - - /* Hash all remaining data */ -- if (size > SumOfBytesHashed) { -+ if (datasize > SumOfBytesHashed) { - hashbase = data + SumOfBytesHashed; - hashsize = (unsigned int)( -- size - -+ datasize - - #if __LP64__ - context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - - #else -@@ -884,7 +911,8 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - return EFI_UNSUPPORTED; - } - -- if (((UINT8 *)context->SecDir - (UINT8 *)data) > (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) { -+ if ((unsigned long)((UINT8 *)context->SecDir - (UINT8 *)data) > -+ (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) { - Print(L"Invalid image\n"); - return EFI_UNSUPPORTED; - } -@@ -904,7 +932,8 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - { - EFI_STATUS efi_status; - char *buffer; -- int i, size; -+ int i; -+ unsigned int size; - EFI_IMAGE_SECTION_HEADER *Section; - char *base, *end; - PE_COFF_LOADER_IMAGE_CONTEXT context; -@@ -1081,7 +1110,8 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, - { - EFI_DEVICE_PATH *devpath; - EFI_HANDLE device; -- int i, j, last = -1; -+ unsigned int i; -+ int j, last = -1; - unsigned int pathlen = 0; - EFI_STATUS efi_status = EFI_SUCCESS; - CHAR16 *bootpath; -@@ -1637,9 +1667,10 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) - EFI_STATUS status; - EFI_LOADED_IMAGE *li; - CHAR16 *start = NULL, *c; -- int i, remaining_size = 0; -+ unsigned int i; -+ int remaining_size = 0; - CHAR16 *loader_str = NULL; -- int loader_len = 0; -+ unsigned int loader_len = 0; - - second_stage = DEFAULT_LOADER; - load_options = NULL; --- -1.9.3 - diff --git a/SOURCES/0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch b/SOURCES/0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch deleted file mode 100644 index 88b6f1c..0000000 --- a/SOURCES/0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch +++ /dev/null @@ -1,75 +0,0 @@ -From a876037a0d4b91638fcb6274bd7a976f8318a7e2 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 11 Apr 2014 15:05:24 -0400 -Subject: [PATCH 24/74] Kees' patch missed the offset adjustment to PEHdr. - -In read_header, we adjust context->PEHdr's address by doshdr->e_lfanew. -If we're going to recompute that address, we have to adjust it here -too. - -Signed-off-by: Peter Jones ---- - shim.c | 26 +++++++++++++++++++------- - 1 file changed, 19 insertions(+), 7 deletions(-) - -diff --git a/shim.c b/shim.c -index 8c583a4..d06bd02 100644 ---- a/shim.c -+++ b/shim.c -@@ -511,12 +511,8 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL; - EFI_IMAGE_SECTION_HEADER *SectionCache; - EFI_STATUS status = EFI_SUCCESS; -- -- sha256ctxsize = Sha256GetContextSize(); -- sha256ctx = AllocatePool(sha256ctxsize); -- -- sha1ctxsize = Sha1GetContextSize(); -- sha1ctx = AllocatePool(sha1ctxsize); -+ EFI_IMAGE_DOS_HEADER *DosHdr = (void *)data; -+ unsigned int PEHdr_offset = 0; - - if (datasize_in < 0) { - Print(L"Invalid data size\n"); -@@ -524,6 +520,19 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - } - size = datasize = (unsigned int)datasize_in; - -+ if (datasize <= sizeof (*DosHdr) || -+ DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) { -+ Print(L"Invalid signature\n"); -+ return EFI_INVALID_PARAMETER; -+ } -+ PEHdr_offset = DosHdr->e_lfanew; -+ -+ sha256ctxsize = Sha256GetContextSize(); -+ sha256ctx = AllocatePool(sha256ctxsize); -+ -+ sha1ctxsize = Sha1GetContextSize(); -+ sha1ctx = AllocatePool(sha1ctxsize); -+ - if (!sha256ctx || !sha1ctx) { - Print(L"Unable to allocate memory for hash context\n"); - return EFI_OUT_OF_RESOURCES; -@@ -590,6 +599,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - - /* Validate SectionPtr is within image */ - SectionPtr = ImageAddress(data, datasize, -+ PEHdr_offset + - sizeof (UINT32) + - sizeof (EFI_IMAGE_FILE_HEADER) + - context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + -@@ -617,7 +627,9 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - } - - /* Already validated above */ -- Section = ImageAddress(data, datasize, sizeof (UINT32) + -+ Section = ImageAddress(data, datasize, -+ PEHdr_offset + -+ sizeof (UINT32) + - sizeof (EFI_IMAGE_FILE_HEADER) + - context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader); - --- -1.9.3 - diff --git a/SOURCES/0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch b/SOURCES/0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch deleted file mode 100644 index eb7e4df..0000000 --- a/SOURCES/0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 5103c3b368e04dd1eab1202b87363c7e6ba8f927 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 11 Apr 2014 15:07:45 -0400 -Subject: [PATCH 25/74] Get rid of SectionCache in generate_hash(), it is - unused. - -Signed-off-by: Peter Jones ---- - shim.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/shim.c b/shim.c -index d06bd02..48a6f2f 100644 ---- a/shim.c -+++ b/shim.c -@@ -509,7 +509,6 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - unsigned int datasize; - EFI_IMAGE_SECTION_HEADER *Section; - EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL; -- EFI_IMAGE_SECTION_HEADER *SectionCache; - EFI_STATUS status = EFI_SUCCESS; - EFI_IMAGE_DOS_HEADER *DosHdr = (void *)data; - unsigned int PEHdr_offset = 0; -@@ -594,7 +593,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - #endif - - /* Validate section locations and sizes */ -- for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++, SectionCache++) { -+ for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) { - EFI_IMAGE_SECTION_HEADER *SectionPtr; - - /* Validate SectionPtr is within image */ --- -1.9.3 - diff --git a/SOURCES/0026-fallback-Avoid-duplicate-old-BootOrder.patch b/SOURCES/0026-fallback-Avoid-duplicate-old-BootOrder.patch deleted file mode 100644 index 3992ae1..0000000 --- a/SOURCES/0026-fallback-Avoid-duplicate-old-BootOrder.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 382a0b66e6c06ccf6775e3c05d5f9ce5f0eab5db Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 6 Mar 2014 11:58:36 +0800 -Subject: [PATCH 26/74] [fallback] Avoid duplicate old BootOrder - -set_boot_order() already copies the old BootOrder to the variable, -bootorder. Besides, we can adjust BootOrder when adding the newly -generated boot option. So, we don't have to copy the old one again -in update_boot_order(). This avoid the duplicate entries in BootOrder. - -Signed-off-by: Gary Ching-Pang Lin ---- - fallback.c | 37 ++++++++++++------------------------- - 1 file changed, 12 insertions(+), 25 deletions(-) - -diff --git a/fallback.c b/fallback.c -index bc9a3c9..4bde9c1 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -204,12 +204,12 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, - return EFI_OUT_OF_RESOURCES; - - int j = 0; -+ newbootorder[0] = i & 0xffff; - if (nbootorder) { - for (j = 0; j < nbootorder; j++) -- newbootorder[j] = bootorder[j]; -+ newbootorder[j+1] = bootorder[j]; - FreePool(bootorder); - } -- newbootorder[j] = i & 0xffff; - bootorder = newbootorder; - nbootorder += 1; - #ifdef DEBUG_FALLBACK -@@ -307,28 +307,17 @@ set_boot_order(void) - EFI_STATUS - update_boot_order(void) - { -- CHAR16 *oldbootorder; - UINTN size; -+ UINTN len = 0; - EFI_GUID global = EFI_GLOBAL_VARIABLE; - CHAR16 *newbootorder = NULL; -+ EFI_STATUS rc; - -- oldbootorder = LibGetVariableAndSize(L"BootOrder", &global, &size); -- if (oldbootorder) { -- int n = size / sizeof (CHAR16) + nbootorder; -- -- newbootorder = AllocateZeroPool(n * sizeof (CHAR16)); -- if (!newbootorder) -- return EFI_OUT_OF_RESOURCES; -- CopyMem(newbootorder, bootorder, nbootorder * sizeof (CHAR16)); -- CopyMem(newbootorder + nbootorder, oldbootorder, size); -- size = n * sizeof (CHAR16); -- } else { -- size = nbootorder * sizeof(CHAR16); -- newbootorder = AllocateZeroPool(size); -- if (!newbootorder) -- return EFI_OUT_OF_RESOURCES; -- CopyMem(newbootorder, bootorder, size); -- } -+ size = nbootorder * sizeof(CHAR16); -+ newbootorder = AllocateZeroPool(size); -+ if (!newbootorder) -+ return EFI_OUT_OF_RESOURCES; -+ CopyMem(newbootorder, bootorder, size); - - #ifdef DEBUG_FALLBACK - Print(L"nbootorder: %d\nBootOrder: ", size / sizeof (CHAR16)); -@@ -337,13 +326,11 @@ update_boot_order(void) - Print(L"%04x ", newbootorder[j]); - Print(L"\n"); - #endif -- -- if (oldbootorder) { -+ rc = uefi_call_wrapper(RT->GetVariable, 5, L"BootOrder", &global, -+ NULL, &len, NULL); -+ if (rc == EFI_BUFFER_TOO_SMALL) - LibDeleteVariable(L"BootOrder", &global); -- FreePool(oldbootorder); -- } - -- EFI_STATUS rc; - rc = uefi_call_wrapper(RT->SetVariable, 5, L"BootOrder", &global, - EFI_VARIABLE_NON_VOLATILE | - EFI_VARIABLE_BOOTSERVICE_ACCESS | --- -1.9.3 - diff --git a/SOURCES/0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch b/SOURCES/0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch deleted file mode 100644 index f644711..0000000 --- a/SOURCES/0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 4aac8a1179e160397d7ef8f1e3232cfb4f3373d6 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 6 Mar 2014 10:57:02 +0800 -Subject: [PATCH 27/74] [fallback] Fix the data size for boot option comparison - -Signed-off-by: Gary Ching-Pang Lin ---- - fallback.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fallback.c b/fallback.c -index 4bde9c1..7f242e1 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -231,7 +231,7 @@ find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, - { - unsigned int size = sizeof(UINT32) + sizeof (UINT16) + - StrLen(label)*2 + 2 + DevicePathSize(dp) + -- StrLen(arguments) * 2 + 2; -+ StrLen(arguments) * 2; - - CHAR8 *data = AllocateZeroPool(size); - if (!data) --- -1.9.3 - diff --git a/SOURCES/0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch b/SOURCES/0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch deleted file mode 100644 index 82d5d29..0000000 --- a/SOURCES/0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 0ba09477afac58ef2eadc7311440e695e6250029 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Wed, 5 Mar 2014 18:14:09 +0800 -Subject: [PATCH 28/74] [fallback] Try to boot the first boot option anyway - -Some UEFI implementations never care the boot options, so the -restored boot options could be just ignored and this results in -endless reboot. To avoid this situation, this commit makes -fallback.efi to load the first matched boot option even if there -is no boot option to be restored. It may not be perfect, but at -least the bootloader is loaded... - -Signed-off-by: Gary Ching-Pang Lin ---- - fallback.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/fallback.c b/fallback.c -index 7f242e1..d10fb62 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -226,8 +226,9 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, - } - - EFI_STATUS --find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, -- CHAR16 *arguments, UINT16 *optnum) -+find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, -+ CHAR16 *filename, CHAR16 *label, CHAR16 *arguments, -+ UINT16 *optnum) - { - unsigned int size = sizeof(UINT32) + sizeof (UINT16) + - StrLen(label)*2 + 2 + DevicePathSize(dp) + -@@ -278,6 +279,12 @@ find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, - continue; - - /* at this point, we have duplicate data. */ -+ if (!first_new_option) { -+ first_new_option = DuplicateDevicePath(fulldp); -+ first_new_option_args = arguments; -+ first_new_option_size = StrLen(arguments) * sizeof (CHAR16); -+ } -+ - *optnum = i; - FreePool(candidate); - FreePool(data); -@@ -403,7 +410,7 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * - #endif - - UINT16 option; -- rc = find_boot_option(dp, fullpath, label, arguments, &option); -+ rc = find_boot_option(dp, full_device_path, fullpath, label, arguments, &option); - if (EFI_ERROR(rc)) { - add_boot_option(dp, full_device_path, fullpath, label, arguments); - } else if (option != 0) { --- -1.9.3 - diff --git a/SOURCES/0029-Fetch-the-netboot-image-from-the-same-device.patch b/SOURCES/0029-Fetch-the-netboot-image-from-the-same-device.patch deleted file mode 100644 index 9b94ed1..0000000 --- a/SOURCES/0029-Fetch-the-netboot-image-from-the-same-device.patch +++ /dev/null @@ -1,144 +0,0 @@ -From f500a8742c19be604d33907b56ab9597fe448b65 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Tue, 27 May 2014 14:12:32 +0800 -Subject: [PATCH 29/74] Fetch the netboot image from the same device - -The previous strategy is to locate the first available PXE_BASE_CODE -protocol and to fetch the second stage image from it, and this may -cause shim to fetch the wrong second stage image, i.e. grub.efi. - -Consider the machine with the following boot order: -1. PXE Boot -2. Hard Drive - -Assume that the EFI image, e.g. bootx64.efi, in the PXE server is -broken, then "PXE Boot" will fail and fallback to "Hard Drive". While -shim.efi in "Hard Drive" is loaded, it will find the PXE protocol is -available and fetch grub.efi from the PXE server, not grub.efi in the -disk. - -This commit checks the DeviceHandle from Loaded Image. If the device -supports PXE, then shim fetches grub.efi with the PXE protocol. Otherwise, -shim loads grub.efi from the disk. - -Signed-off-by: Gary Ching-Pang Lin ---- - netboot.c | 77 +++++++++++++-------------------------------------------------- - shim.c | 2 +- - 2 files changed, 17 insertions(+), 62 deletions(-) - -diff --git a/netboot.c b/netboot.c -index 07e2773..5ef53f7 100644 ---- a/netboot.c -+++ b/netboot.c -@@ -85,78 +85,33 @@ translate_slashes(char *str) - * Returns TRUE if we identify a protocol that is enabled and Providing us with - * the needed information to fetch a grubx64.efi image - */ --BOOLEAN findNetboot(EFI_HANDLE image_handle) -+BOOLEAN findNetboot(EFI_HANDLE device) - { -- UINTN bs = sizeof(EFI_HANDLE); -- EFI_GUID pxe_base_code_protocol = EFI_PXE_BASE_CODE_PROTOCOL; -- EFI_HANDLE *hbuf; -- BOOLEAN rc = FALSE; -- void *buffer = AllocatePool(bs); -- UINTN errcnt = 0; -- UINTN i; - EFI_STATUS status; - -- if (!buffer) -+ status = uefi_call_wrapper(BS->HandleProtocol, 3, device, -+ &PxeBaseCodeProtocol, (VOID **)&pxe); -+ if (status != EFI_SUCCESS) { -+ pxe = NULL; - return FALSE; -- --try_again: -- status = uefi_call_wrapper(BS->LocateHandle,5, ByProtocol, -- &pxe_base_code_protocol, NULL, &bs, -- buffer); -- -- if (status == EFI_BUFFER_TOO_SMALL) { -- errcnt++; -- FreePool(buffer); -- if (errcnt > 1) -- return FALSE; -- buffer = AllocatePool(bs); -- if (!buffer) -- return FALSE; -- goto try_again; - } - -- if (status == EFI_NOT_FOUND) { -- FreePool(buffer); -+ if (!pxe || !pxe->Mode) { -+ pxe = NULL; - return FALSE; - } - -- /* -- * We have a list of pxe supporting protocols, lets see if any are -- * active -- */ -- hbuf = buffer; -- pxe = NULL; -- for (i=0; i < (bs / sizeof(EFI_HANDLE)); i++) { -- status = uefi_call_wrapper(BS->OpenProtocol, 6, hbuf[i], -- &pxe_base_code_protocol, -- (void **)&pxe, image_handle, NULL, -- EFI_OPEN_PROTOCOL_GET_PROTOCOL); -- -- if (status != EFI_SUCCESS) { -- pxe = NULL; -- continue; -- } -- -- if (!pxe || !pxe->Mode) { -- pxe = NULL; -- continue; -- } -- -- if (pxe->Mode->Started && pxe->Mode->DhcpAckReceived) { -- /* -- * We've located a pxe protocol handle thats been -- * started and has received an ACK, meaning its -- * something we'll be able to get tftp server info -- * out of -- */ -- rc = TRUE; -- break; -- } -- -+ if (!pxe->Mode->Started || !pxe->Mode->DhcpAckReceived) { -+ pxe = NULL; -+ return FALSE; - } - -- FreePool(buffer); -- return rc; -+ /* -+ * We've located a pxe protocol handle thats been started and has -+ * received an ACK, meaning its something we'll be able to get -+ * tftp server info out of -+ */ -+ return TRUE; - } - - static CHAR8 *get_v6_bootfile_url(EFI_PXE_BASE_CODE_DHCPV6_PACKET *pkt) -diff --git a/shim.c b/shim.c -index 48a6f2f..d8699f9 100644 ---- a/shim.c -+++ b/shim.c -@@ -1373,7 +1373,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - goto done; - } - -- if (findNetboot(image_handle)) { -+ if (findNetboot(li->DeviceHandle)) { - efi_status = parseNetbootinfo(image_handle); - if (efi_status != EFI_SUCCESS) { - Print(L"Netboot parsing failed: %r\n", efi_status); --- -1.9.3 - diff --git a/SOURCES/0030-Check-the-first-4-bytes-of-the-certificate.patch b/SOURCES/0030-Check-the-first-4-bytes-of-the-certificate.patch deleted file mode 100644 index 8fa702a..0000000 --- a/SOURCES/0030-Check-the-first-4-bytes-of-the-certificate.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 5f18e2e3643524c6b6b38c44c6ce4eabdcfd59d1 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Tue, 27 May 2014 17:42:00 +0800 -Subject: [PATCH 30/74] Check the first 4 bytes of the certificate - -A non-DER encoding x509 certificate may be mistakenly enrolled into -db or MokList. This commit checks the first 4 bytes of the certificate -to ensure that it's DER encoding. - -This commit also removes the iteration of the x509 signature list. -Per UEFI SPEC, each x509 signature list contains only one x509 certificate. -Besides, the size of certificate is incorrect. The size of the header must -be substracted from the signature size. - -Signed-off-by: Gary Ching-Pang Lin ---- - MokManager.c | 23 +++++++++++++++++++++-- - shim.c | 45 +++++++++++++++++++++++++++++++-------------- - 2 files changed, 52 insertions(+), 16 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 3da61f4..c9fbbac 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -1306,11 +1306,30 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) { - return -1; - } - --static BOOLEAN verify_certificate(void *cert, UINTN size) -+static BOOLEAN verify_certificate(UINT8 *cert, UINTN size) - { - X509 *X509Cert; -- if (!cert || size == 0) -+ UINTN length; -+ if (!cert || size < 0) -+ return FALSE; -+ -+ /* -+ * A DER encoding x509 certificate starts with SEQUENCE(0x30), -+ * the number of length bytes, and the number of value bytes. -+ * The size of a x509 certificate is usually between 127 bytes -+ * and 64KB. For convenience, assume the number of value bytes -+ * is 2, i.e. the second byte is 0x82. -+ */ -+ if (cert[0] != 0x30 || cert[1] != 0x82) { -+ console_notify(L"Not a DER encoding X509 certificate"); - return FALSE; -+ } -+ -+ length = (cert[2]<<8 | cert[3]); -+ if (length != (size - 4)) { -+ console_notify(L"Invalid X509 certificate: Inconsistent size"); -+ return FALSE; -+ } - - if (!(X509ConstructCertificate(cert, size, (UINT8 **) &X509Cert)) || - X509Cert == NULL) { -diff --git a/shim.c b/shim.c -index d8699f9..cd26ce6 100644 ---- a/shim.c -+++ b/shim.c -@@ -226,44 +226,61 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - return EFI_SUCCESS; - } - -+static BOOLEAN verify_x509(UINT8 *Cert, UINTN CertSize) -+{ -+ UINTN length; -+ -+ if (!Cert || CertSize < 4) -+ return FALSE; -+ -+ /* -+ * A DER encoding x509 certificate starts with SEQUENCE(0x30), -+ * the number of length bytes, and the number of value bytes. -+ * The size of a x509 certificate is usually between 127 bytes -+ * and 64KB. For convenience, assume the number of value bytes -+ * is 2, i.e. the second byte is 0x82. -+ */ -+ if (Cert[0] != 0x30 || Cert[1] != 0x82) -+ return FALSE; -+ -+ length = Cert[2]<<8 | Cert[3]; -+ if (length != (CertSize - 4)) -+ return FALSE; -+ -+ return TRUE; -+} -+ - static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList, - UINTN dbsize, - WIN_CERTIFICATE_EFI_PKCS *data, - UINT8 *hash) - { - EFI_SIGNATURE_DATA *Cert; -- UINTN CertCount, Index; -+ UINTN CertSize; - BOOLEAN IsFound = FALSE; - EFI_GUID CertType = X509_GUID; - - while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { - if (CompareGuid (&CertList->SignatureType, &CertType) == 0) { -- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); -- for (Index = 0; Index < CertCount; Index++) { -+ CertSize = CertList->SignatureSize - sizeof(EFI_GUID); -+ if (verify_x509(Cert->SignatureData, CertSize)) { - IsFound = AuthenticodeVerify (data->CertData, - data->Hdr.dwLength - sizeof(data->Hdr), - Cert->SignatureData, -- CertList->SignatureSize, -+ CertSize, - hash, SHA256_DIGEST_SIZE); - if (IsFound) -- break; -- -- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); -+ return DATA_FOUND; -+ } else if (verbose) { -+ console_notify(L"Not a DER encoding x.509 Certificate"); - } -- - } - -- if (IsFound) -- break; -- - dbsize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); - } - -- if (IsFound) -- return DATA_FOUND; -- - return DATA_NOT_FOUND; - } - --- -1.9.3 - diff --git a/SOURCES/0031-Remove-grubpath-in-generate_path.patch b/SOURCES/0031-Remove-grubpath-in-generate_path.patch deleted file mode 100644 index bc0dfba..0000000 --- a/SOURCES/0031-Remove-grubpath-in-generate_path.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 78aaad3003d53a14a009176ad5816937e18fa33f Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Mon, 26 May 2014 16:49:10 +0800 -Subject: [PATCH 31/74] Remove grubpath in generate_path() - -The variable is not used anymore. - -Signed-off-by: Gary Ching-Pang Lin ---- - shim.c | 9 ++------- - 1 file changed, 2 insertions(+), 7 deletions(-) - -diff --git a/shim.c b/shim.c -index cd26ce6..eb8542a 100644 ---- a/shim.c -+++ b/shim.c -@@ -1134,17 +1134,15 @@ should_use_fallback(EFI_HANDLE image_handle) - * of the executable - */ - static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, -- EFI_DEVICE_PATH **grubpath, CHAR16 **PathName) -+ CHAR16 **PathName) - { - EFI_DEVICE_PATH *devpath; -- EFI_HANDLE device; - unsigned int i; - int j, last = -1; - unsigned int pathlen = 0; - EFI_STATUS efi_status = EFI_SUCCESS; - CHAR16 *bootpath; - -- device = li->DeviceHandle; - devpath = li->FilePath; - - bootpath = DevicePathToStr(devpath); -@@ -1197,8 +1195,6 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, - StrCat(*PathName, bootpath); - StrCat(*PathName, ImagePath); - -- *grubpath = FileDevicePath(device, *PathName); -- - error: - FreePool(bootpath); - -@@ -1361,7 +1357,6 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - EFI_GUID loaded_image_protocol = LOADED_IMAGE_PROTOCOL; - EFI_STATUS efi_status; - EFI_LOADED_IMAGE *li, li_bak; -- EFI_DEVICE_PATH *path; - CHAR16 *PathName = NULL; - void *sourcebuffer = NULL; - UINT64 sourcesize = 0; -@@ -1383,7 +1378,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - /* - * Build a new path from the existing one plus the executable name - */ -- efi_status = generate_path(li, ImagePath, &path, &PathName); -+ efi_status = generate_path(li, ImagePath, &PathName); - - if (efi_status != EFI_SUCCESS) { - Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status); --- -1.9.3 - diff --git a/SOURCES/0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch b/SOURCES/0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch deleted file mode 100644 index cc781c9..0000000 --- a/SOURCES/0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 53a8f8721c7e26717a47b668309e3ecb1f78a250 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Fri, 7 Mar 2014 16:56:14 +0800 -Subject: [PATCH 32/74] MokManager: delete the BS+NV variables the right way - -LibDeleteVariable assumes that the variable is RT+NV and it -won't work on a BS+NV variable. - -Signed-off-by: Gary Ching-Pang Lin ---- - MokManager.c | 28 +++++++++++++++++++++++++--- - 1 file changed, 25 insertions(+), 3 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index c9fbbac..0ab308f 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -1112,7 +1112,16 @@ static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) { - return -1; - } - } else { -- LibDeleteVariable(L"MokSBState", &shim_lock_guid); -+ efi_status = uefi_call_wrapper(RT->SetVariable, -+ 5, L"MokSBState", -+ &shim_lock_guid, -+ EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS, -+ 0, NULL); -+ if (efi_status != EFI_SUCCESS) { -+ console_notify(L"Failed to delete Secure Boot state"); -+ return -1; -+ } - } - - console_notify(L"The system must now be rebooted"); -@@ -1224,7 +1233,16 @@ static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) { - return -1; - } - } else { -- LibDeleteVariable(L"MokDBState", &shim_lock_guid); -+ efi_status = uefi_call_wrapper(RT->SetVariable, 5, -+ L"MokDBState", -+ &shim_lock_guid, -+ EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS, -+ 0, NULL); -+ if (efi_status != EFI_SUCCESS) { -+ console_notify(L"Failed to delete DB state"); -+ return -1; -+ } - } - - console_notify(L"The system must now be rebooted"); -@@ -1261,7 +1279,11 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) { - if (console_yes_no((CHAR16 *[]){L"Clear MOK password?", NULL}) == 0) - return 0; - -- LibDeleteVariable(L"MokPWStore", &shim_lock_guid); -+ uefi_call_wrapper(RT->SetVariable, 5, L"MokPWStore", -+ &shim_lock_guid, -+ EFI_VARIABLE_NON_VOLATILE -+ | EFI_VARIABLE_BOOTSERVICE_ACCESS, -+ 0, NULL); - LibDeleteVariable(L"MokPW", &shim_lock_guid); - console_notify(L"The system must now be rebooted"); - uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, EFI_SUCCESS, 0, --- -1.9.3 - diff --git a/SOURCES/0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch b/SOURCES/0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch deleted file mode 100644 index cc73929..0000000 --- a/SOURCES/0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch +++ /dev/null @@ -1,160 +0,0 @@ -From 22254e2633d58edd0176ccdfab9dd35171f89963 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Tue, 3 Dec 2013 15:52:02 +0800 -Subject: [PATCH 33/74] MokManager: handle the error status from ReadKeyStroke - -On some machines, even though the key event was signaled, ReadKeyStroke -still got EFI_NOT_READY. This commit handles the error status to avoid -console_get_keystroke from returning unexpected keys. - -Signed-off-by: Gary Ching-Pang Lin - -Conflicts: - MokManager.c ---- - MokManager.c | 17 +++++++++++++---- - include/console.h | 4 ++-- - lib/console.c | 26 ++++++++++++++++++-------- - 3 files changed, 33 insertions(+), 14 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 0ab308f..50cb9d7 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -488,13 +488,19 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) - return EFI_SUCCESS; - } - --static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show) -+static EFI_STATUS get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show) - { - EFI_INPUT_KEY key; -+ EFI_STATUS status; - unsigned int count = 0; - - do { -- key = console_get_keystroke(); -+ status = console_get_keystroke(&key); -+ if (EFI_ERROR (status)) { -+ console_error(L"Failed to read the keystroke", status); -+ *length = 0; -+ return status; -+ } - - if ((count >= line_max && - key.UnicodeChar != CHAR_BACKSPACE) || -@@ -525,7 +531,7 @@ static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show - - *length = count; - -- return 1; -+ return EFI_SUCCESS; - } - - static EFI_STATUS compute_pw_hash (void *Data, UINTN DataSize, UINT8 *password, -@@ -989,6 +995,7 @@ static INTN mok_deletion_prompt (void *MokDel, UINTN MokDelSize) - static CHAR16 get_password_charater (CHAR16 *prompt) - { - SIMPLE_TEXT_OUTPUT_MODE SavedMode; -+ EFI_STATUS status; - CHAR16 *message[2]; - CHAR16 character; - UINTN length; -@@ -1003,7 +1010,9 @@ static CHAR16 get_password_charater (CHAR16 *prompt) - message[1] = NULL; - length = StrLen(message[0]); - console_print_box_at(message, -1, -length-4, -5, length+4, 3, 0, 1); -- get_line(&pw_length, &character, 1, 0); -+ status = get_line(&pw_length, &character, 1, 0); -+ if (EFI_ERROR(status)) -+ character = 0; - - console_restore_mode(&SavedMode); - -diff --git a/include/console.h b/include/console.h -index e6c2818..9c793ea 100644 ---- a/include/console.h -+++ b/include/console.h -@@ -1,8 +1,8 @@ - #ifndef _SHIM_LIB_CONSOLE_H - #define _SHIM_LIB_CONSOLE_H 1 - --EFI_INPUT_KEY --console_get_keystroke(void); -+EFI_STATUS -+console_get_keystroke(EFI_INPUT_KEY *key); - void - console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_row, int size_cols, int size_rows, int offset, int lines); - void -diff --git a/lib/console.c b/lib/console.c -index 2fc8db3..41ed83a 100644 ---- a/lib/console.c -+++ b/lib/console.c -@@ -40,16 +40,18 @@ SetMem16(CHAR16 *dst, UINT32 n, CHAR16 c) - } - } - --EFI_INPUT_KEY --console_get_keystroke(void) -+EFI_STATUS -+console_get_keystroke(EFI_INPUT_KEY *key) - { -- EFI_INPUT_KEY key; - UINTN EventIndex; -+ EFI_STATUS status; - -- uefi_call_wrapper(BS->WaitForEvent, 3, 1, &ST->ConIn->WaitForKey, &EventIndex); -- uefi_call_wrapper(ST->ConIn->ReadKeyStroke, 2, ST->ConIn, &key); -+ do { -+ uefi_call_wrapper(BS->WaitForEvent, 3, 1, &ST->ConIn->WaitForKey, &EventIndex); -+ status = uefi_call_wrapper(ST->ConIn->ReadKeyStroke, 2, ST->ConIn, key); -+ } while (status == EFI_NOT_READY); - -- return key; -+ return status; - } - - void -@@ -162,6 +164,8 @@ console_print_box(CHAR16 *str_arr[], int highlight) - { - SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode; - SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; -+ EFI_INPUT_KEY key; -+ - CopyMem(&SavedConsoleMode, co->Mode, sizeof(SavedConsoleMode)); - uefi_call_wrapper(co->EnableCursor, 2, co, FALSE); - uefi_call_wrapper(co->SetAttribute, 2, co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); -@@ -169,7 +173,7 @@ console_print_box(CHAR16 *str_arr[], int highlight) - console_print_box_at(str_arr, highlight, 0, 0, -1, -1, 0, - count_lines(str_arr)); - -- console_get_keystroke(); -+ console_get_keystroke(&key); - - uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); - -@@ -184,6 +188,7 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start) - SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode; - SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; - EFI_INPUT_KEY k; -+ EFI_STATUS status; - int selector; - int selector_lines = count_lines(selectors); - int selector_max_cols = 0; -@@ -237,7 +242,12 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start) - size_cols, size_rows, 0, lines); - - do { -- k = console_get_keystroke(); -+ status = console_get_keystroke(&k); -+ if (EFI_ERROR (status)) { -+ Print(L"Failed to read the keystroke: %r", status); -+ selector = -1; -+ break; -+ } - - if (k.ScanCode == SCAN_ESC) { - selector = -1; --- -1.9.3 - diff --git a/SOURCES/0034-Exclude-ca.crt-while-signing-EFI-images.patch b/SOURCES/0034-Exclude-ca.crt-while-signing-EFI-images.patch deleted file mode 100644 index a1c9da7..0000000 --- a/SOURCES/0034-Exclude-ca.crt-while-signing-EFI-images.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 09283f08f001305db5a3299b53acba85bf6c9876 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Mon, 4 Nov 2013 17:51:55 +0800 -Subject: [PATCH 34/74] Exclude ca.crt while signing EFI images - -If ca.crt was added into the certificate database, ca.crt would be the first -certificate in the signature. Because shim couldn't verify ca.crt with the -embedded shim.cer, it failed to load MokManager.efi.signed and -fallback.efi.signed. - -Signed-off-by: Gary Ching-Pang Lin ---- - Makefile | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/Makefile b/Makefile -index 46e5ef9..df190a2 100644 ---- a/Makefile -+++ b/Makefile -@@ -73,7 +73,6 @@ version.c : version.c.in - - certdb/secmod.db: shim.crt - -mkdir certdb -- certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt - pk12util -d certdb/ -i shim.p12 -W "" -K "" - certutil -d certdb/ -A -i shim.crt -n shim -t u - --- -1.9.3 - diff --git a/SOURCES/0035-No-newline-for-console_notify.patch b/SOURCES/0035-No-newline-for-console_notify.patch deleted file mode 100644 index a22e4b6..0000000 --- a/SOURCES/0035-No-newline-for-console_notify.patch +++ /dev/null @@ -1,49 +0,0 @@ -From dc8fc734b8d8c7720fd25ff8a35fc3f9ee384f3b Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Mon, 28 Oct 2013 16:36:34 +0800 -Subject: [PATCH 35/74] No newline for console_notify - -The newlines are for Print(), not console_notify(). - -Signed-off-by: Gary Ching-Pang Lin - -Conflicts: - shim.c ---- - shim.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/shim.c b/shim.c -index eb8542a..f9fa606 100644 ---- a/shim.c -+++ b/shim.c -@@ -479,7 +479,7 @@ static BOOLEAN secure_mode (void) - status = get_variable(L"SecureBoot", &Data, &len, global_var); - if (status != EFI_SUCCESS) { - if (verbose) -- console_notify(L"Secure boot not enabled\n"); -+ console_notify(L"Secure boot not enabled"); - return FALSE; - } - sb = *Data; -@@ -487,7 +487,7 @@ static BOOLEAN secure_mode (void) - - if (sb != 1) { - if (verbose) -- console_notify(L"Secure boot not enabled\n"); -+ console_notify(L"Secure boot not enabled"); - return FALSE; - } - -@@ -500,7 +500,7 @@ static BOOLEAN secure_mode (void) - - if (setupmode == 1) { - if (verbose) -- console_notify(L"Platform is in setup mode\n"); -+ console_notify(L"Platform is in setup mode"); - return FALSE; - } - --- -1.9.3 - diff --git a/SOURCES/0036-Remove-the-duplicate-calls-in-lib-console.c.patch b/SOURCES/0036-Remove-the-duplicate-calls-in-lib-console.c.patch deleted file mode 100644 index c6a4ced..0000000 --- a/SOURCES/0036-Remove-the-duplicate-calls-in-lib-console.c.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 8bd7bad4b77bb99c3978d328ee54e64a53b4dcfc Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 31 Oct 2013 17:55:17 +0800 -Subject: [PATCH 36/74] Remove the duplicate calls in lib/console.c - -Signed-off-by: Gary Ching-Pang Lin ---- - lib/console.c | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/lib/console.c b/lib/console.c -index 41ed83a..83ee679 100644 ---- a/lib/console.c -+++ b/lib/console.c -@@ -176,8 +176,6 @@ console_print_box(CHAR16 *str_arr[], int highlight) - console_get_keystroke(&key); - - uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); -- -- uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); - uefi_call_wrapper(co->SetCursorPosition, 3, co, SavedConsoleMode.CursorColumn, SavedConsoleMode.CursorRow); - uefi_call_wrapper(co->SetAttribute, 2, co, SavedConsoleMode.Attribute); - } -@@ -273,8 +271,6 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start) - && k.UnicodeChar == CHAR_CARRIAGE_RETURN)); - - uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); -- -- uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); - uefi_call_wrapper(co->SetCursorPosition, 3, co, SavedConsoleMode.CursorColumn, SavedConsoleMode.CursorRow); - uefi_call_wrapper(co->SetAttribute, 2, co, SavedConsoleMode.Attribute); - --- -1.9.3 - diff --git a/SOURCES/0037-Silence-the-functions-of-shim-protocol.patch b/SOURCES/0037-Silence-the-functions-of-shim-protocol.patch deleted file mode 100644 index 11bdd55..0000000 --- a/SOURCES/0037-Silence-the-functions-of-shim-protocol.patch +++ /dev/null @@ -1,716 +0,0 @@ -From 4bfb13d803f4d8efe544e0f2aa9cd712b8cb84b1 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Tue, 1 Oct 2013 11:58:52 +0800 -Subject: [PATCH 37/74] Silence the functions of shim protocol - -When grub2 invokes the functions of shim protocol in gfx mode, -OutputString in shim could distort the screen. - -Signed-off-by: Gary Ching-Pang Lin - -Conflicts: - shim.c - -(modified by pjones to include some newer Prints that weren't there when -Gary did the initial work here.) ---- - shim.c | 192 ++++++++++++++++++++++++++++++++++++++--------------------------- - 1 file changed, 114 insertions(+), 78 deletions(-) - -diff --git a/shim.c b/shim.c -index f9fa606..69af766 100644 ---- a/shim.c -+++ b/shim.c -@@ -59,6 +59,14 @@ static EFI_STATUS (EFIAPI *entry_point) (EFI_HANDLE image_handle, EFI_SYSTEM_TAB - static CHAR16 *second_stage; - static void *load_options; - static UINT32 load_options_size; -+static UINT8 in_protocol; -+ -+#define perror(fmt, ...) ({ \ -+ UINTN __perror_ret = 0; \ -+ if (in_protocol) \ -+ __perror_ret = Print((fmt), ##__VA_ARGS__); \ -+ __perror_ret; \ -+ }) - - EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }; - -@@ -133,7 +141,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - #endif - - if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { -- Print(L"Image has no relocation entry\n"); -+ perror(L"Image has no relocation entry\n"); - return EFI_UNSUPPORTED; - } - -@@ -141,7 +149,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); - - if (!RelocBase || !RelocBaseEnd) { -- Print(L"Reloc table overflows binary\n"); -+ perror(L"Reloc table overflows binary\n"); - return EFI_UNSUPPORTED; - } - -@@ -154,19 +162,19 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION)); - - if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) { -- Print(L"Reloc block size is invalid\n"); -+ perror(L"Reloc block size is invalid\n"); - return EFI_UNSUPPORTED; - } - - RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock); - if ((void *)RelocEnd < data || (void *)RelocEnd > ImageEnd) { -- Print(L"Reloc entry overflows binary\n"); -+ perror(L"Reloc entry overflows binary\n"); - return EFI_UNSUPPORTED; - } - - FixupBase = ImageAddress(data, size, RelocBase->VirtualAddress); - if (!FixupBase) { -- Print(L"Invalid fixupbase\n"); -+ perror(L"Invalid fixupbase\n"); - return EFI_UNSUPPORTED; - } - -@@ -215,7 +223,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - break; - - default: -- Print(L"Unknown relocation\n"); -+ perror(L"Unknown relocation\n"); - return EFI_UNSUPPORTED; - } - Reloc += 1; -@@ -478,7 +486,7 @@ static BOOLEAN secure_mode (void) - - status = get_variable(L"SecureBoot", &Data, &len, global_var); - if (status != EFI_SUCCESS) { -- if (verbose) -+ if (verbose && !in_protocol) - console_notify(L"Secure boot not enabled"); - return FALSE; - } -@@ -486,7 +494,7 @@ static BOOLEAN secure_mode (void) - FreePool(Data); - - if (sb != 1) { -- if (verbose) -+ if (verbose && !in_protocol) - console_notify(L"Secure boot not enabled"); - return FALSE; - } -@@ -499,7 +507,7 @@ static BOOLEAN secure_mode (void) - FreePool(Data); - - if (setupmode == 1) { -- if (verbose) -+ if (verbose && !in_protocol) - console_notify(L"Platform is in setup mode"); - return FALSE; - } -@@ -531,14 +539,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - unsigned int PEHdr_offset = 0; - - if (datasize_in < 0) { -- Print(L"Invalid data size\n"); -+ perror(L"Invalid data size\n"); - return EFI_INVALID_PARAMETER; - } - size = datasize = (unsigned int)datasize_in; - - if (datasize <= sizeof (*DosHdr) || - DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) { -- Print(L"Invalid signature\n"); -+ perror(L"Invalid signature\n"); - return EFI_INVALID_PARAMETER; - } - PEHdr_offset = DosHdr->e_lfanew; -@@ -550,12 +558,12 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - sha1ctx = AllocatePool(sha1ctxsize); - - if (!sha256ctx || !sha1ctx) { -- Print(L"Unable to allocate memory for hash context\n"); -+ perror(L"Unable to allocate memory for hash context\n"); - return EFI_OUT_OF_RESOURCES; - } - - if (!Sha256Init(sha256ctx) || !Sha1Init(sha1ctx)) { -- Print(L"Unable to initialise hash\n"); -+ perror(L"Unable to initialise hash\n"); - status = EFI_OUT_OF_RESOURCES; - goto done; - } -@@ -567,7 +575,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || - !(Sha1Update(sha1ctx, hashbase, hashsize))) { -- Print(L"Unable to generate hash\n"); -+ perror(L"Unable to generate hash\n"); - status = EFI_OUT_OF_RESOURCES; - goto done; - } -@@ -579,7 +587,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || - !(Sha1Update(sha1ctx, hashbase, hashsize))) { -- Print(L"Unable to generate hash\n"); -+ perror(L"Unable to generate hash\n"); - status = EFI_OUT_OF_RESOURCES; - goto done; - } -@@ -597,7 +605,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || - !(Sha1Update(sha1ctx, hashbase, hashsize))) { -- Print(L"Unable to generate hash\n"); -+ perror(L"Unable to generate hash\n"); - status = EFI_OUT_OF_RESOURCES; - goto done; - } -@@ -621,14 +629,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + - (index * sizeof(*SectionPtr))); - if (!SectionPtr) { -- Print(L"Malformed section %d\n", index); -+ perror(L"Malformed section %d\n", index); - status = EFI_INVALID_PARAMETER; - goto done; - } - /* Validate section size is within image. */ - if (SectionPtr->SizeOfRawData > - datasize - SumOfBytesHashed - SumOfSectionBytes) { -- Print(L"Malformed section %d size\n", index); -+ perror(L"Malformed section %d size\n", index); - status = EFI_INVALID_PARAMETER; - goto done; - } -@@ -637,7 +645,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - - SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * context->PEHdr->Pe32.FileHeader.NumberOfSections); - if (SectionHeader == NULL) { -- Print(L"Unable to allocate section header\n"); -+ perror(L"Unable to allocate section header\n"); - status = EFI_OUT_OF_RESOURCES; - goto done; - } -@@ -669,7 +677,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - hashbase = ImageAddress(data, size, Section->PointerToRawData); - - if (!hashbase) { -- Print(L"Malformed section header\n"); -+ perror(L"Malformed section header\n"); - status = EFI_INVALID_PARAMETER; - goto done; - } -@@ -677,7 +685,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - /* Verify hashsize within image. */ - if (Section->SizeOfRawData > - datasize - Section->PointerToRawData) { -- Print(L"Malformed section raw size %d\n", index); -+ perror(L"Malformed section raw size %d\n", index); - status = EFI_INVALID_PARAMETER; - goto done; - } -@@ -685,7 +693,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || - !(Sha1Update(sha1ctx, hashbase, hashsize))) { -- Print(L"Unable to generate hash\n"); -+ perror(L"Unable to generate hash\n"); - status = EFI_OUT_OF_RESOURCES; - goto done; - } -@@ -706,7 +714,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || - !(Sha1Update(sha1ctx, hashbase, hashsize))) { -- Print(L"Unable to generate hash\n"); -+ perror(L"Unable to generate hash\n"); - status = EFI_OUT_OF_RESOURCES; - goto done; - } -@@ -714,7 +722,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - - if (!(Sha256Final(sha256ctx, sha256hash)) || - !(Sha1Final(sha1ctx, sha1hash))) { -- Print(L"Unable to finalise hash\n"); -+ perror(L"Unable to finalise hash\n"); - status = EFI_OUT_OF_RESOURCES; - goto done; - } -@@ -744,9 +752,9 @@ static EFI_STATUS verify_mok (void) { - shim_lock_guid, &attributes); - - if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) { -- Print(L"MokList is compromised!\nErase all keys in MokList!\n"); -+ perror(L"MokList is compromised!\nErase all keys in MokList!\n"); - if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) { -- Print(L"Failed to erase MokList\n"); -+ perror(L"Failed to erase MokList\n"); - return EFI_ACCESS_DENIED; - } - } -@@ -774,13 +782,13 @@ static EFI_STATUS verify_buffer (char *data, int datasize, - context->SecDir->VirtualAddress); - - if (!cert) { -- Print(L"Certificate located outside the image\n"); -+ perror(L"Certificate located outside the image\n"); - return EFI_INVALID_PARAMETER; - } - - if (cert->Hdr.wCertificateType != - WIN_CERT_TYPE_PKCS_SIGNED_DATA) { -- Print(L"Unsupported certificate type %x\n", -+ perror(L"Unsupported certificate type %x\n", - cert->Hdr.wCertificateType); - return EFI_UNSUPPORTED; - } -@@ -804,7 +812,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, - status = check_blacklist(cert, sha256hash, sha1hash); - - if (status != EFI_SUCCESS) { -- Print(L"Binary is blacklisted\n"); -+ perror(L"Binary is blacklisted\n"); - return status; - } - -@@ -857,7 +865,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize; - - if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) { -- Print(L"Invalid image\n"); -+ perror(L"Invalid image\n"); - return EFI_UNSUPPORTED; - } - -@@ -877,7 +885,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; - - if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) { -- Print(L"Image header too small\n"); -+ perror(L"Image header too small\n"); - return EFI_UNSUPPORTED; - } - -@@ -885,7 +893,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - - sizeof (EFI_IMAGE_DATA_DIRECTORY) * EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES; - if (((UINT32)PEHdr->Pe32.FileHeader.SizeOfOptionalHeader - HeaderWithoutDataDir) != - context->NumberOfRvaAndSizes * sizeof (EFI_IMAGE_DATA_DIRECTORY)) { -- Print(L"Image header overflows data directory\n"); -+ perror(L"Image header overflows data directory\n"); - return EFI_UNSUPPORTED; - } - -@@ -895,28 +903,28 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader; - if (((UINT32)context->ImageSize - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER - <= context->NumberOfSections) { -- Print(L"Image sections overflow image size\n"); -+ perror(L"Image sections overflow image size\n"); - return EFI_UNSUPPORTED; - } - - if ((context->SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER - < (UINT32)context->NumberOfSections) { -- Print(L"Image sections overflow section headers\n"); -+ perror(L"Image sections overflow section headers\n"); - return EFI_UNSUPPORTED; - } - - if ((((UINT8 *)PEHdr - (UINT8 *)data) + sizeof(EFI_IMAGE_OPTIONAL_HEADER_UNION)) > datasize) { -- Print(L"Invalid image\n"); -+ perror(L"Invalid image\n"); - return EFI_UNSUPPORTED; - } - - if (PEHdr->Te.Signature != EFI_IMAGE_NT_SIGNATURE) { -- Print(L"Unsupported image type\n"); -+ perror(L"Unsupported image type\n"); - return EFI_UNSUPPORTED; - } - - if (PEHdr->Pe32.FileHeader.Characteristics & EFI_IMAGE_FILE_RELOCS_STRIPPED) { -- Print(L"Unsupported image - Relocations have been stripped\n"); -+ perror(L"Unsupported image - Relocations have been stripped\n"); - return EFI_UNSUPPORTED; - } - -@@ -935,23 +943,24 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER)); - - if (context->ImageSize < context->SizeOfHeaders) { -- Print(L"Invalid image\n"); -+ perror(L"Invalid image\n"); - return EFI_UNSUPPORTED; - } - - if ((unsigned long)((UINT8 *)context->SecDir - (UINT8 *)data) > - (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) { -- Print(L"Invalid image\n"); -+ perror(L"Invalid image\n"); - return EFI_UNSUPPORTED; - } - - if (context->SecDir->VirtualAddress >= datasize) { -- Print(L"Malformed security header\n"); -+ perror(L"Malformed security header\n"); - return EFI_INVALID_PARAMETER; - } - return EFI_SUCCESS; - } - -+ - /* - * Once the image has been loaded it needs to be validated and relocated - */ -@@ -971,7 +980,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - */ - efi_status = read_header(data, datasize, &context); - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to read header: %r\n", efi_status); -+ perror(L"Failed to read header: %r\n", efi_status); - return efi_status; - } - -@@ -993,7 +1002,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - buffer = AllocatePool(context.ImageSize); - - if (!buffer) { -- Print(L"Failed to allocate image buffer\n"); -+ perror(L"Failed to allocate image buffer\n"); - return EFI_OUT_OF_RESOURCES; - } - -@@ -1013,13 +1022,13 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - end = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress + size - 1); - - if (!base || !end) { -- Print(L"Invalid section size\n"); -+ perror(L"Invalid section size\n"); - return EFI_UNSUPPORTED; - } - - if (Section->VirtualAddress < context.SizeOfHeaders || - Section->PointerToRawData < context.SizeOfHeaders) { -- Print(L"Section is inside image headers\n"); -+ perror(L"Section is inside image headers\n"); - return EFI_UNSUPPORTED; - } - -@@ -1038,7 +1047,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - efi_status = relocate_coff(&context, buffer); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Relocation failed: %r\n", efi_status); -+ perror(L"Relocation failed: %r\n", efi_status); - FreePool(buffer); - return efi_status; - } -@@ -1056,7 +1065,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - li->LoadOptionsSize = load_options_size; - - if (!entry_point) { -- Print(L"Invalid entry point\n"); -+ perror(L"Invalid entry point\n"); - FreePool(buffer); - return EFI_UNSUPPORTED; - } -@@ -1079,7 +1088,7 @@ should_use_fallback(EFI_HANDLE image_handle) - rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, - &loaded_image_protocol, (void **)&li); - if (EFI_ERROR(rc)) { -- Print(L"Could not get image for bootx64.efi: %r\n", rc); -+ perror(L"Could not get image for bootx64.efi: %r\n", rc); - return 0; - } - -@@ -1101,13 +1110,13 @@ should_use_fallback(EFI_HANDLE image_handle) - rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle, - &FileSystemProtocol, (void **)&fio); - if (EFI_ERROR(rc)) { -- Print(L"Could not get fio for li->DeviceHandle: %r\n", rc); -+ perror(L"Could not get fio for li->DeviceHandle: %r\n", rc); - return 0; - } -- -+ - rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh); - if (EFI_ERROR(rc)) { -- Print(L"Could not open fio volume: %r\n", rc); -+ perror(L"Could not open fio volume: %r\n", rc); - return 0; - } - -@@ -1185,7 +1194,7 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, - *PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath)); - - if (!*PathName) { -- Print(L"Failed to allocate path buffer\n"); -+ perror(L"Failed to allocate path buffer\n"); - efi_status = EFI_OUT_OF_RESOURCES; - goto error; - } -@@ -1226,14 +1235,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, - (void **)&drive); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to find fs: %r\n", efi_status); -+ perror(L"Failed to find fs: %r\n", efi_status); - goto error; - } - - efi_status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to open fs: %r\n", efi_status); -+ perror(L"Failed to open fs: %r\n", efi_status); - goto error; - } - -@@ -1244,14 +1253,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, - EFI_FILE_MODE_READ, 0); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to open %s - %r\n", PathName, efi_status); -+ perror(L"Failed to open %s - %r\n", PathName, efi_status); - goto error; - } - - fileinfo = AllocatePool(buffersize); - - if (!fileinfo) { -- Print(L"Unable to allocate file info buffer\n"); -+ perror(L"Unable to allocate file info buffer\n"); - efi_status = EFI_OUT_OF_RESOURCES; - goto error; - } -@@ -1267,7 +1276,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, - FreePool(fileinfo); - fileinfo = AllocatePool(buffersize); - if (!fileinfo) { -- Print(L"Unable to allocate file info buffer\n"); -+ perror(L"Unable to allocate file info buffer\n"); - efi_status = EFI_OUT_OF_RESOURCES; - goto error; - } -@@ -1277,7 +1286,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, - } - - if (efi_status != EFI_SUCCESS) { -- Print(L"Unable to get file info: %r\n", efi_status); -+ perror(L"Unable to get file info: %r\n", efi_status); - goto error; - } - -@@ -1286,7 +1295,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, - *data = AllocatePool(buffersize); - - if (!*data) { -- Print(L"Unable to allocate file buffer\n"); -+ perror(L"Unable to allocate file buffer\n"); - efi_status = EFI_OUT_OF_RESOURCES; - goto error; - } -@@ -1305,7 +1314,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, - } - - if (efi_status != EFI_SUCCESS) { -- Print(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize); -+ perror(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize); - goto error; - } - -@@ -1335,6 +1344,7 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size) - PE_COFF_LOADER_IMAGE_CONTEXT context; - - loader_is_participating = 1; -+ in_protocol = 1; - - if (!secure_mode()) - return EFI_SUCCESS; -@@ -1342,9 +1352,35 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size) - status = read_header(buffer, size, &context); - - if (status != EFI_SUCCESS) -- return status; -+ goto done; - - status = verify_buffer(buffer, size, &context); -+done: -+ in_protocol = 0; -+ return status; -+} -+ -+static EFI_STATUS shim_hash (char *data, int datasize, -+ PE_COFF_LOADER_IMAGE_CONTEXT *context, -+ UINT8 *sha256hash, UINT8 *sha1hash) -+{ -+ EFI_STATUS status; -+ -+ in_protocol = 1; -+ status = generate_hash(data, datasize, context, sha256hash, sha1hash); -+ in_protocol = 0; -+ -+ return status; -+} -+ -+static EFI_STATUS shim_read_header(void *data, unsigned int datasize, -+ PE_COFF_LOADER_IMAGE_CONTEXT *context) -+{ -+ EFI_STATUS status; -+ -+ in_protocol = 1; -+ status = read_header(data, datasize, context); -+ in_protocol = 0; - - return status; - } -@@ -1371,7 +1407,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - &loaded_image_protocol, (void **)&li); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Unable to init protocol\n"); -+ perror(L"Unable to init protocol\n"); - return efi_status; - } - -@@ -1381,20 +1417,20 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - efi_status = generate_path(li, ImagePath, &PathName); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status); -+ perror(L"Unable to generate path %s: %r\n", ImagePath, efi_status); - goto done; - } - - if (findNetboot(li->DeviceHandle)) { - efi_status = parseNetbootinfo(image_handle); - if (efi_status != EFI_SUCCESS) { -- Print(L"Netboot parsing failed: %r\n", efi_status); -+ perror(L"Netboot parsing failed: %r\n", efi_status); - return EFI_PROTOCOL_ERROR; - } - efi_status = FetchNetbootimage(image_handle, &sourcebuffer, - &sourcesize); - if (efi_status != EFI_SUCCESS) { -- Print(L"Unable to fetch TFTP image: %r\n", efi_status); -+ perror(L"Unable to fetch TFTP image: %r\n", efi_status); - return efi_status; - } - data = sourcebuffer; -@@ -1406,7 +1442,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - efi_status = load_image(li, &data, &datasize, PathName); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to load image %s: %r\n", PathName, efi_status); -+ perror(L"Failed to load image %s: %r\n", PathName, efi_status); - goto done; - } - } -@@ -1423,7 +1459,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - efi_status = handle_image(data, datasize, li); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to load image: %r\n", efi_status); -+ perror(L"Failed to load image: %r\n", efi_status); - CopyMem(li, &li_bak, sizeof(li_bak)); - goto done; - } -@@ -1495,7 +1531,7 @@ EFI_STATUS mirror_mok_list() - ; - FullData = AllocatePool(FullDataSize); - if (!FullData) { -- Print(L"Failed to allocate space for MokListRT\n"); -+ perror(L"Failed to allocate space for MokListRT\n"); - return EFI_OUT_OF_RESOURCES; - } - p = FullData; -@@ -1526,7 +1562,7 @@ EFI_STATUS mirror_mok_list() - | EFI_VARIABLE_RUNTIME_ACCESS, - FullDataSize, FullData); - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to set MokListRT: %r\n", efi_status); -+ perror(L"Failed to set MokListRT: %r\n", efi_status); - } - - return efi_status; -@@ -1567,7 +1603,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) - efi_status = start_image(image_handle, MOK_MANAGER); - - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to start MokManager: %r\n", efi_status); -+ perror(L"Failed to start MokManager: %r\n", efi_status); - return efi_status; - } - } -@@ -1601,9 +1637,9 @@ static EFI_STATUS check_mok_sb (void) - * modified by the OS - */ - if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { -- Print(L"MokSBState is compromised! Clearing it\n"); -+ perror(L"MokSBState is compromised! Clearing it\n"); - if (LibDeleteVariable(L"MokSBState", &shim_lock_guid) != EFI_SUCCESS) { -- Print(L"Failed to erase MokSBState\n"); -+ perror(L"Failed to erase MokSBState\n"); - } - status = EFI_ACCESS_DENIED; - } else { -@@ -1642,9 +1678,9 @@ static EFI_STATUS check_mok_db (void) - * modified by the OS - */ - if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { -- Print(L"MokDBState is compromised! Clearing it\n"); -+ perror(L"MokDBState is compromised! Clearing it\n"); - if (LibDeleteVariable(L"MokDBState", &shim_lock_guid) != EFI_SUCCESS) { -- Print(L"Failed to erase MokDBState\n"); -+ perror(L"Failed to erase MokDBState\n"); - } - status = EFI_ACCESS_DENIED; - } else { -@@ -1674,7 +1710,7 @@ static EFI_STATUS mok_ignore_db() - | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, (void *)&Data); - if (efi_status != EFI_SUCCESS) { -- Print(L"Failed to set MokIgnoreDB: %r\n", efi_status); -+ perror(L"Failed to set MokIgnoreDB: %r\n", efi_status); - } - } - -@@ -1702,7 +1738,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) - status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, - &LoadedImageProtocol, (void **) &li); - if (status != EFI_SUCCESS) { -- Print (L"Failed to get load options: %r\n", status); -+ perror (L"Failed to get load options: %r\n", status); - return status; - } - -@@ -1746,7 +1782,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) - if (loader_len > 0) { - loader_str = AllocatePool((loader_len + 1) * sizeof(CHAR16)); - if (!loader_str) { -- Print(L"Failed to allocate loader string\n"); -+ perror(L"Failed to allocate loader string\n"); - return EFI_OUT_OF_RESOURCES; - } - for (i = 0; i < loader_len; i++) -@@ -1825,8 +1861,8 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) - * call back in and use shim functions - */ - shim_lock_interface.Verify = shim_verify; -- shim_lock_interface.Hash = generate_hash; -- shim_lock_interface.Context = read_header; -+ shim_lock_interface.Hash = shim_hash; -+ shim_lock_interface.Context = shim_read_header; - - systab = passed_systab; - --- -1.9.3 - diff --git a/SOURCES/0038-Free-the-string-from-DevicePathToStr.patch b/SOURCES/0038-Free-the-string-from-DevicePathToStr.patch deleted file mode 100644 index 9885446..0000000 --- a/SOURCES/0038-Free-the-string-from-DevicePathToStr.patch +++ /dev/null @@ -1,82 +0,0 @@ -From c36d88cb16d10fdc8da2abcc00d3c51f0d425e34 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 31 Oct 2013 17:54:46 +0800 -Subject: [PATCH 38/74] Free the string from DevicePathToStr - -Signed-off-by: Gary Ching-Pang Lin - -Conflicts: - shim.c ---- - shim.c | 20 +++++++++++++------- - 1 file changed, 13 insertions(+), 7 deletions(-) - -diff --git a/shim.c b/shim.c -index 69af766..72d6072 100644 ---- a/shim.c -+++ b/shim.c -@@ -1079,11 +1079,12 @@ should_use_fallback(EFI_HANDLE image_handle) - EFI_GUID loaded_image_protocol = LOADED_IMAGE_PROTOCOL; - EFI_LOADED_IMAGE *li; - unsigned int pathlen = 0; -- CHAR16 *bootpath; -+ CHAR16 *bootpath = NULL; - EFI_FILE_IO_INTERFACE *fio = NULL; - EFI_FILE *vh; - EFI_FILE *fh; - EFI_STATUS rc; -+ int ret = 0; - - rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, - &loaded_image_protocol, (void **)&li); -@@ -1101,23 +1102,23 @@ should_use_fallback(EFI_HANDLE image_handle) - */ - if (StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\BOOT", 14) && - StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\/BOOT", 15)) -- return 0; -+ goto error; - - pathlen = StrLen(bootpath); - if (pathlen < 5 || StrCaseCmp(bootpath + pathlen - 4, L".EFI")) -- return 0; -+ goto error; - - rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle, - &FileSystemProtocol, (void **)&fio); - if (EFI_ERROR(rc)) { - perror(L"Could not get fio for li->DeviceHandle: %r\n", rc); -- return 0; -+ goto error; - } - - rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh); - if (EFI_ERROR(rc)) { - perror(L"Could not open fio volume: %r\n", rc); -- return 0; -+ goto error; - } - - rc = uefi_call_wrapper(vh->Open, 5, vh, &fh, L"\\EFI\\BOOT" FALLBACK, -@@ -1130,12 +1131,17 @@ should_use_fallback(EFI_HANDLE image_handle) - * rc); - */ - uefi_call_wrapper(vh->Close, 1, vh); -- return 0; -+ goto error; - } - uefi_call_wrapper(fh->Close, 1, fh); - uefi_call_wrapper(vh->Close, 1, vh); - -- return 1; -+ ret = 1; -+error: -+ if (bootpath) -+ FreePool(bootpath); -+ -+ return ret; - } - - /* --- -1.9.3 - diff --git a/SOURCES/0039-Explain-the-logic-in-secure_mode-better.patch b/SOURCES/0039-Explain-the-logic-in-secure_mode-better.patch deleted file mode 100644 index 4c385a1..0000000 --- a/SOURCES/0039-Explain-the-logic-in-secure_mode-better.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 86173dba42ad5ae002ac99cc515e60104da2245c Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 25 Jun 2014 10:46:19 -0400 -Subject: [PATCH 39/74] Explain the logic in secure_mode() better. - -I was getting confused reading it, and I wrote it, so clearly it needs -more commentry. - -Signed-off-by: Peter Jones ---- - shim.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/shim.c b/shim.c -index 72d6072..210e778 100644 ---- a/shim.c -+++ b/shim.c -@@ -499,6 +499,12 @@ static BOOLEAN secure_mode (void) - return FALSE; - } - -+ /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode", -+ * then the implementation is bad, but we assume that secure boot is -+ * enabled according to the status of "SecureBoot". If we have both -+ * of them, then "SetupMode" may tell us additional data, and we need -+ * to consider it. -+ */ - status = get_variable(L"SetupMode", &Data, &len, global_var); - if (status != EFI_SUCCESS) - return TRUE; --- -1.9.3 - diff --git a/SOURCES/0040-Check-the-secure-variables-with-the-lib-functions.patch b/SOURCES/0040-Check-the-secure-variables-with-the-lib-functions.patch deleted file mode 100644 index f8d0206..0000000 --- a/SOURCES/0040-Check-the-secure-variables-with-the-lib-functions.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 868b3721159ee615a1b774645d610a13b5827e5e Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 31 Oct 2013 16:08:32 +0800 -Subject: [PATCH 40/74] Check the secure variables with the lib functions - -There are functions defined in lib to check the secure variables. -Use the functions to shun the duplicate code. - -Signed-off-by: Gary Ching-Pang Lin - -Conflicts: - shim.c ---- - lib/variables.c | 14 ++++++++++---- - shim.c | 32 ++------------------------------ - 2 files changed, 12 insertions(+), 34 deletions(-) - -diff --git a/lib/variables.c b/lib/variables.c -index 3a9735e..4c64d7e 100644 ---- a/lib/variables.c -+++ b/lib/variables.c -@@ -284,9 +284,12 @@ variable_is_setupmode(void) - /* set to 1 because we return true if SetupMode doesn't exist */ - UINT8 SetupMode = 1; - UINTN DataSize = sizeof(SetupMode); -+ EFI_STATUS status; - -- uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL, -- &DataSize, &SetupMode); -+ status = uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL, -+ &DataSize, &SetupMode); -+ if (EFI_ERROR(status)) -+ return 1; - - return SetupMode; - } -@@ -297,10 +300,13 @@ variable_is_secureboot(void) - /* return false if variable doesn't exist */ - UINT8 SecureBoot = 0; - UINTN DataSize; -+ EFI_STATUS status; - - DataSize = sizeof(SecureBoot); -- uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL, -- &DataSize, &SecureBoot); -+ status = uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL, -+ &DataSize, &SecureBoot); -+ if (EFI_ERROR(status)) -+ return 0; - - return SecureBoot; - } -diff --git a/shim.c b/shim.c -index 210e778..14fb601 100644 ---- a/shim.c -+++ b/shim.c -@@ -475,44 +475,16 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert, - - static BOOLEAN secure_mode (void) - { -- EFI_STATUS status; -- EFI_GUID global_var = EFI_GLOBAL_VARIABLE; -- UINTN len; -- UINT8 *Data; -- UINT8 sb, setupmode; -- - if (user_insecure_mode) - return FALSE; - -- status = get_variable(L"SecureBoot", &Data, &len, global_var); -- if (status != EFI_SUCCESS) { -+ if (variable_is_secureboot() != 1) { - if (verbose && !in_protocol) - console_notify(L"Secure boot not enabled"); - return FALSE; - } -- sb = *Data; -- FreePool(Data); -- -- if (sb != 1) { -- if (verbose && !in_protocol) -- console_notify(L"Secure boot not enabled"); -- return FALSE; -- } -- -- /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode", -- * then the implementation is bad, but we assume that secure boot is -- * enabled according to the status of "SecureBoot". If we have both -- * of them, then "SetupMode" may tell us additional data, and we need -- * to consider it. -- */ -- status = get_variable(L"SetupMode", &Data, &len, global_var); -- if (status != EFI_SUCCESS) -- return TRUE; -- -- setupmode = *Data; -- FreePool(Data); - -- if (setupmode == 1) { -+ if (variable_is_setupmode() == 1) { - if (verbose && !in_protocol) - console_notify(L"Platform is in setup mode"); - return FALSE; --- -1.9.3 - diff --git a/SOURCES/0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch b/SOURCES/0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch deleted file mode 100644 index c55346e..0000000 --- a/SOURCES/0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch +++ /dev/null @@ -1,84 +0,0 @@ -From eb4cb6a50981f9ef4698b3847bd32e70081ab71d Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 25 Jun 2014 10:55:56 -0400 -Subject: [PATCH 41/74] Make sure we default to assuming we're locked down. - -If "SecureBoot" exists but "SetupMode" does not, assume "SetupMode" says -we're not in Setup Mode. - -Signed-off-by: Peter Jones ---- - include/variables.h | 2 +- - lib/variables.c | 8 ++++---- - shim.c | 8 +++++++- - 3 files changed, 12 insertions(+), 6 deletions(-) - -diff --git a/include/variables.h b/include/variables.h -index b207dbf..deed269 100644 ---- a/include/variables.h -+++ b/include/variables.h -@@ -50,7 +50,7 @@ SETOSIndicationsAndReboot(UINT64 indications); - int - variable_is_secureboot(void); - int --variable_is_setupmode(void); -+variable_is_setupmode(int default_return); - EFI_STATUS - variable_enroll_hash(CHAR16 *var, EFI_GUID owner, - UINT8 hash[SHA256_DIGEST_SIZE]); -diff --git a/lib/variables.c b/lib/variables.c -index 4c64d7e..59d7d05 100644 ---- a/lib/variables.c -+++ b/lib/variables.c -@@ -139,7 +139,7 @@ SetSecureVariable(CHAR16 *var, UINT8 *Data, UINTN len, EFI_GUID owner, - /* Microsoft request: Bugs in some UEFI platforms mean that PK or any - * other secure variable can be updated or deleted programmatically, - * so prevent */ -- if (!variable_is_setupmode()) -+ if (!variable_is_setupmode(1)) - return EFI_SECURITY_VIOLATION; - - if (createtimebased) { -@@ -279,17 +279,17 @@ find_in_variable_esl(CHAR16* var, EFI_GUID owner, UINT8 *key, UINTN keylen) - } - - int --variable_is_setupmode(void) -+variable_is_setupmode(int default_return) - { - /* set to 1 because we return true if SetupMode doesn't exist */ -- UINT8 SetupMode = 1; -+ UINT8 SetupMode = default_return; - UINTN DataSize = sizeof(SetupMode); - EFI_STATUS status; - - status = uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL, - &DataSize, &SetupMode); - if (EFI_ERROR(status)) -- return 1; -+ return default_return; - - return SetupMode; - } -diff --git a/shim.c b/shim.c -index 14fb601..fe73ec1 100644 ---- a/shim.c -+++ b/shim.c -@@ -484,7 +484,13 @@ static BOOLEAN secure_mode (void) - return FALSE; - } - -- if (variable_is_setupmode() == 1) { -+ /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode", -+ * then the implementation is bad, but we assume that secure boot is -+ * enabled according to the status of "SecureBoot". If we have both -+ * of them, then "SetupMode" may tell us additional data, and we need -+ * to consider it. -+ */ -+ if (variable_is_setupmode(0) == 1) { - if (verbose && !in_protocol) - console_notify(L"Platform is in setup mode"); - return FALSE; --- -1.9.3 - diff --git a/SOURCES/0042-Simplify-the-checking-of-SB-and-DB-states.patch b/SOURCES/0042-Simplify-the-checking-of-SB-and-DB-states.patch deleted file mode 100644 index 6cb4f18..0000000 --- a/SOURCES/0042-Simplify-the-checking-of-SB-and-DB-states.patch +++ /dev/null @@ -1,92 +0,0 @@ -From e5f161147de6bea68e09f33bc294c6ab644d9a78 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 31 Oct 2013 17:32:13 +0800 -Subject: [PATCH 42/74] Simplify the checking of SB and DB states - -MokSBState and MokDBState are just 1 byte variables, so a UINT8 -local variable is sufficient to include the content. - -Signed-off-by: Gary Ching-Pang Lin - -Conflicts: - shim.c ---- - shim.c | 26 ++++++++++---------------- - 1 file changed, 10 insertions(+), 16 deletions(-) - -diff --git a/shim.c b/shim.c -index fe73ec1..ea8eba8 100644 ---- a/shim.c -+++ b/shim.c -@@ -1609,16 +1609,15 @@ static EFI_STATUS check_mok_sb (void) - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; - EFI_STATUS status = EFI_SUCCESS; -- UINT8 *MokSBState = NULL; -- UINTN MokSBStateSize = 0; -+ UINT8 MokSBState; -+ UINTN MokSBStateSize = sizeof(MokSBState); - UINT32 attributes; - - user_insecure_mode = 0; - ignore_db = 0; - -- status = get_variable_attr(L"MokSBState", &MokSBState, &MokSBStateSize, -- shim_lock_guid, &attributes); -- -+ status = uefi_call_wrapper(RT->GetVariable, 5, L"MokSBState", &shim_lock_guid, -+ &attributes, &MokSBStateSize, &MokSBState); - if (status != EFI_SUCCESS) - return EFI_ACCESS_DENIED; - -@@ -1633,13 +1632,11 @@ static EFI_STATUS check_mok_sb (void) - } - status = EFI_ACCESS_DENIED; - } else { -- if (*(UINT8 *)MokSBState == 1) { -+ if (MokSBState == 1) { - user_insecure_mode = 1; - } - } - -- FreePool(MokSBState); -- - return status; - } - -@@ -1651,13 +1648,12 @@ static EFI_STATUS check_mok_db (void) - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; - EFI_STATUS status = EFI_SUCCESS; -- UINT8 *MokDBState = NULL; -- UINTN MokDBStateSize = 0; -+ UINT8 MokDBState; -+ UINTN MokDBStateSize = sizeof(MokDBStateSize); - UINT32 attributes; - -- status = get_variable_attr(L"MokDBState", &MokDBState, &MokDBStateSize, -- shim_lock_guid, &attributes); -- -+ status = uefi_call_wrapper(RT->GetVariable, 5, L"MokDBState", &shim_lock_guid, -+ &attributes, &MokDBStateSize, &MokDBState); - if (status != EFI_SUCCESS) - return EFI_ACCESS_DENIED; - -@@ -1674,13 +1670,11 @@ static EFI_STATUS check_mok_db (void) - } - status = EFI_ACCESS_DENIED; - } else { -- if (*(UINT8 *)MokDBState == 1) { -+ if (MokDBState == 1) { - ignore_db = 1; - } - } - -- FreePool(MokDBState); -- - return status; - } - --- -1.9.3 - diff --git a/SOURCES/0043-Update-openssl-to-0.9.8za.patch b/SOURCES/0043-Update-openssl-to-0.9.8za.patch deleted file mode 100644 index a31ff6e..0000000 --- a/SOURCES/0043-Update-openssl-to-0.9.8za.patch +++ /dev/null @@ -1,3032 +0,0 @@ -From 76f8050ff6003e6048fdc4430d8b503aff934255 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Wed, 9 Jul 2014 15:02:50 +0800 -Subject: [PATCH 43/74] Update openssl to 0.9.8za - -Also update to Tiano Cryptlib r15638 ---- - Cryptlib/Cryptlib.diff | 4 +- - Cryptlib/Include/openssl/bn.h | 11 + - Cryptlib/Include/openssl/crypto.h | 37 +- - Cryptlib/Include/openssl/ec.h | 10 +- - Cryptlib/Include/openssl/engine.h | 8 +- - Cryptlib/Include/openssl/opensslv.h | 6 +- - Cryptlib/Include/openssl/ssl.h | 13 +- - Cryptlib/Include/openssl/ssl3.h | 10 + - Cryptlib/Include/openssl/symhacks.h | 10 +- - Cryptlib/Include/openssl/tls1.h | 14 + - Cryptlib/Makefile | 6 +- - Cryptlib/OpenSSL/crypto/asn1/a_int.c | 2 +- - Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 1 + - Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 2 +- - Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 6 + - Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 5 - - Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 5 +- - Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 52 ++ - Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 46 +- - Cryptlib/OpenSSL/crypto/bn/bn_word.c | 25 +- - Cryptlib/OpenSSL/crypto/cryptlib.c | 16 + - Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 26 +- - Cryptlib/OpenSSL/crypto/ec/ec_key.c | 13 +- - Cryptlib/OpenSSL/crypto/ec/ec_lib.c | 10 +- - Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c | 11 +- - Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c | 11 +- - Cryptlib/OpenSSL/crypto/engine/eng_all.c | 6 +- - Cryptlib/OpenSSL/crypto/err/err_all.c | 2 + - Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 3 +- - Cryptlib/OpenSSL/crypto/evp/encode.c | 1 + - Cryptlib/OpenSSL/crypto/o_init.c | 14 + - Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 10 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 8 + - Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 2 +- - Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 4 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 2 +- - Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 6 +- - Cryptlib/OpenSSL/update.sh | 998 ++++++++++++----------- - Cryptlib/Pk/CryptPkcs7Sign.c | 207 +++++ - Cryptlib/Pk/CryptPkcs7SignNull.c | 59 ++ - Cryptlib/Pk/{CryptPkcs7.c => CryptPkcs7Verify.c} | 306 +++---- - Cryptlib/Pk/CryptPkcs7VerifyNull.c | 100 +++ - Cryptlib/Pk/CryptRsaExtNull.c | 125 +++ - Cryptlib/Rand/CryptRand.c | 11 +- - Cryptlib/update.sh | 9 +- - 45 files changed, 1425 insertions(+), 808 deletions(-) - create mode 100644 Cryptlib/Pk/CryptPkcs7Sign.c - create mode 100644 Cryptlib/Pk/CryptPkcs7SignNull.c - rename Cryptlib/Pk/{CryptPkcs7.c => CryptPkcs7Verify.c} (74%) - create mode 100644 Cryptlib/Pk/CryptPkcs7VerifyNull.c - create mode 100644 Cryptlib/Pk/CryptRsaExtNull.c - -diff --git a/Cryptlib/Cryptlib.diff b/Cryptlib/Cryptlib.diff -index 9663d90..a2f49d6 100644 ---- a/Cryptlib/Cryptlib.diff -+++ b/Cryptlib/Cryptlib.diff -@@ -6,8 +6,8 @@ index 68bc25a..1abe78e 100644 - // BUG: hardcode OldSize == size! We have no any knowledge about - // memory size of original pointer ptr. - // --- return ReallocatePool ((UINTN)size, (UINTN)size, ptr); --+ return ReallocatePool (ptr, (UINTN)size, (UINTN)size); -+- return ReallocatePool ((UINTN) size, (UINTN) size, ptr); -++ return ReallocatePool (ptr, (UINTN) size, (UINTN) size); - } - - /* De-allocates or frees a memory block */ -diff --git a/Cryptlib/Include/openssl/bn.h b/Cryptlib/Include/openssl/bn.h -index f1719a5..688a4e7 100644 ---- a/Cryptlib/Include/openssl/bn.h -+++ b/Cryptlib/Include/openssl/bn.h -@@ -511,6 +511,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, - BIGNUM *BN_mod_sqrt(BIGNUM *ret, - const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); - -+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); -+ - /* Deprecated versions */ - #ifndef OPENSSL_NO_DEPRECATED - BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, -@@ -740,11 +742,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); - - #define bn_fix_top(a) bn_check_top(a) - -+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) -+#define bn_wcheck_size(bn, words) \ -+ do { \ -+ const BIGNUM *_bnum2 = (bn); \ -+ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ -+ } while(0) -+ - #else /* !BN_DEBUG */ - - #define bn_pollute(a) - #define bn_check_top(a) - #define bn_fix_top(a) bn_correct_top(a) -+#define bn_check_size(bn, bits) -+#define bn_wcheck_size(bn, words) - - #endif - -diff --git a/Cryptlib/Include/openssl/crypto.h b/Cryptlib/Include/openssl/crypto.h -index fc1374f..ac0c949 100644 ---- a/Cryptlib/Include/openssl/crypto.h -+++ b/Cryptlib/Include/openssl/crypto.h -@@ -235,15 +235,15 @@ typedef struct openssl_item_st - #ifndef OPENSSL_NO_LOCKING - #ifndef CRYPTO_w_lock - #define CRYPTO_w_lock(type) \ -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) - #define CRYPTO_w_unlock(type) \ -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) - #define CRYPTO_r_lock(type) \ -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) - #define CRYPTO_r_unlock(type) \ -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) - #define CRYPTO_add(addr,amount,type) \ -- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) -+ CRYPTO_add_lock(addr,amount,type,NULL,0) - #endif - #else - #define CRYPTO_w_lock(a) -@@ -361,19 +361,19 @@ int CRYPTO_is_mem_check_on(void); - #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) - #define is_MemCheck_on() CRYPTO_is_mem_check_on() - --#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) --#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) -+#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) -+#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) - #define OPENSSL_realloc(addr,num) \ -- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) -+ CRYPTO_realloc((char *)addr,(int)num,NULL,0) - #define OPENSSL_realloc_clean(addr,old_num,num) \ -- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) -+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0) - #define OPENSSL_remalloc(addr,num) \ -- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) -+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0) - #define OPENSSL_freeFunc CRYPTO_free - #define OPENSSL_free(addr) CRYPTO_free(addr) - - #define OPENSSL_malloc_locked(num) \ -- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) -+ CRYPTO_malloc_locked((int)num,NULL,0) - #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) - - -@@ -487,7 +487,7 @@ void CRYPTO_set_mem_debug_options(long bits); - long CRYPTO_get_mem_debug_options(void); - - #define CRYPTO_push_info(info) \ -- CRYPTO_push_info_(info, __FILE__, __LINE__); -+ CRYPTO_push_info_(info, NULL, 0); - int CRYPTO_push_info_(const char *info, const char *file, int line); - int CRYPTO_pop_info(void); - int CRYPTO_remove_all_info(void); -@@ -528,17 +528,17 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); - - /* die if we have to */ - void OpenSSLDie(const char *file,int line,const char *assertion); --#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) -+#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1)) - - unsigned long *OPENSSL_ia32cap_loc(void); - #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) - int OPENSSL_isservice(void); - - #ifdef OPENSSL_FIPS --#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ -+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \ - alg " previous FIPS forbidden algorithm error ignored"); - --#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ -+#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \ - #alg " Algorithm forbidden in FIPS mode"); - - #ifdef OPENSSL_FIPS_STRICT -@@ -591,6 +591,13 @@ int OPENSSL_isservice(void); - #define OPENSSL_HAVE_INIT 1 - void OPENSSL_init(void); - -+/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It -+ * takes an amount of time dependent on |len|, but independent of the contents -+ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a -+ * defined order as the return value when a != b is undefined, other than to be -+ * non-zero. */ -+int CRYPTO_memcmp(const void *a, const void *b, size_t len); -+ - /* BEGIN ERROR CODES */ - /* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. -diff --git a/Cryptlib/Include/openssl/ec.h b/Cryptlib/Include/openssl/ec.h -index 8bc2a23..367307f 100644 ---- a/Cryptlib/Include/openssl/ec.h -+++ b/Cryptlib/Include/openssl/ec.h -@@ -321,7 +321,15 @@ void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t); - /* functions to set/get method specific data */ - void *EC_KEY_get_key_method_data(EC_KEY *, - void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); --void EC_KEY_insert_key_method_data(EC_KEY *, void *data, -+/** Sets the key method data of an EC_KEY object, if none has yet been set. -+ * \param key EC_KEY object -+ * \param data opaque data to install. -+ * \param dup_func a function that duplicates |data|. -+ * \param free_func a function that frees |data|. -+ * \param clear_free_func a function that wipes and frees |data|. -+ * \return the previously set data pointer, or NULL if |data| was inserted. -+ */ -+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, - void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); - /* wrapper functions for the underlying EC_GROUP object */ - void EC_KEY_set_asn1_flag(EC_KEY *, int); -diff --git a/Cryptlib/Include/openssl/engine.h b/Cryptlib/Include/openssl/engine.h -index d4bc1ef..b4e0444 100644 ---- a/Cryptlib/Include/openssl/engine.h -+++ b/Cryptlib/Include/openssl/engine.h -@@ -335,15 +335,15 @@ void ENGINE_load_gmp(void); - void ENGINE_load_nuron(void); - void ENGINE_load_sureware(void); - void ENGINE_load_ubsec(void); --#endif --void ENGINE_load_cryptodev(void); --void ENGINE_load_padlock(void); --void ENGINE_load_builtin_engines(void); - #ifdef OPENSSL_SYS_WIN32 - #ifndef OPENSSL_NO_CAPIENG - void ENGINE_load_capi(void); - #endif - #endif -+#endif -+void ENGINE_load_cryptodev(void); -+void ENGINE_load_padlock(void); -+void ENGINE_load_builtin_engines(void); - - /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation - * "registry" handling. */ -diff --git a/Cryptlib/Include/openssl/opensslv.h b/Cryptlib/Include/openssl/opensslv.h -index 4a5a5ae..e5ab5c4 100644 ---- a/Cryptlib/Include/openssl/opensslv.h -+++ b/Cryptlib/Include/openssl/opensslv.h -@@ -25,11 +25,11 @@ - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for - * major minor fix final patch/beta) - */ --#define OPENSSL_VERSION_NUMBER 0x0090817fL -+#define OPENSSL_VERSION_NUMBER 0x009081afL - #ifdef OPENSSL_FIPS --#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w-fips 23 Apr 2012" -+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-fips 5 Jun 2014" - #else --#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w 23 Apr 2012" -+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za 5 Jun 2014" - #endif - #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT - -diff --git a/Cryptlib/Include/openssl/ssl.h b/Cryptlib/Include/openssl/ssl.h -index eb50e14..5f2a04e 100644 ---- a/Cryptlib/Include/openssl/ssl.h -+++ b/Cryptlib/Include/openssl/ssl.h -@@ -490,11 +490,14 @@ typedef struct ssl_session_st - #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L - #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L - #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L --#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ -+#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L - #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L - #define SSL_OP_TLS_D5_BUG 0x00000100L - #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L - -+/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ -+#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 -+ - /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added - * in OpenSSL 0.9.6d. Usually (depending on the application protocol) - * the workaround is not needed. Unfortunately some broken SSL/TLS -@@ -1204,6 +1207,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); - #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE - #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME - #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE -+#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE -+#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ - - #define SSL_ERROR_NONE 0 - #define SSL_ERROR_SSL 1 -@@ -1820,6 +1825,7 @@ void ERR_load_SSL_strings(void); - #define SSL_F_SSL_GET_NEW_SESSION 181 - #define SSL_F_SSL_GET_PREV_SESSION 217 - #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 -+#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 - #define SSL_F_SSL_GET_SIGN_PKEY 183 - #define SSL_F_SSL_INIT_WBIO_BUFFER 184 - #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 -@@ -2073,6 +2079,11 @@ void ERR_load_SSL_strings(void); - #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 - #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 - #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 -+#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 -+#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 -+#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 -+#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 -+#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 - #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 - #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 - #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 -diff --git a/Cryptlib/Include/openssl/ssl3.h b/Cryptlib/Include/openssl/ssl3.h -index b9a85ef..de5e559 100644 ---- a/Cryptlib/Include/openssl/ssl3.h -+++ b/Cryptlib/Include/openssl/ssl3.h -@@ -333,6 +333,7 @@ typedef struct ssl3_buffer_st - #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 - #define SSL3_FLAGS_POP_BUFFER 0x0004 - #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 -+#define SSL3_FLAGS_CCS_OK 0x0080 - - /* SSL3_FLAGS_SGC_RESTART_DONE is set when we - * restart a handshake because of MS SGC and so prevents us -@@ -460,6 +461,15 @@ typedef struct ssl3_state_st - unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; - unsigned char previous_server_finished_len; - int send_connection_binding; /* TODOEKR */ -+ -+#ifndef OPENSSL_NO_TLSEXT -+#ifndef OPENSSL_NO_EC -+ /* This is set to true if we believe that this is a version of Safari -+ * running on OS X 10.6 or newer. We wish to know this because Safari -+ * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ -+ char is_probably_safari; -+#endif /* !OPENSSL_NO_EC */ -+#endif /* !OPENSSL_NO_TLSEXT */ - } SSL3_STATE; - - -diff --git a/Cryptlib/Include/openssl/symhacks.h b/Cryptlib/Include/openssl/symhacks.h -index 0114093..c540771 100644 ---- a/Cryptlib/Include/openssl/symhacks.h -+++ b/Cryptlib/Include/openssl/symhacks.h -@@ -252,15 +252,15 @@ - #define EC_POINT_set_compressed_coordinates_GF2m \ - EC_POINT_set_compr_coords_GF2m - #undef ec_GF2m_simple_group_clear_finish --#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish -+#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish - #undef ec_GF2m_simple_group_check_discriminant - #define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim - #undef ec_GF2m_simple_point_clear_finish --#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish -+#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish - #undef ec_GF2m_simple_point_set_to_infinity --#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf -+#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf - #undef ec_GF2m_simple_points_make_affine --#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine -+#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine - #undef ec_GF2m_simple_point_set_affine_coordinates - #define ec_GF2m_simple_point_set_affine_coordinates \ - ec_GF2m_smp_pt_set_af_coords -@@ -288,8 +288,6 @@ - #define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf - #undef ec_GFp_simple_points_make_affine - #define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine --#undef ec_GFp_simple_group_get_curve_GFp --#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp - #undef ec_GFp_simple_set_Jprojective_coordinates_GFp - #define ec_GFp_simple_set_Jprojective_coordinates_GFp \ - ec_GFp_smp_set_Jproj_coords_GFp -diff --git a/Cryptlib/Include/openssl/tls1.h b/Cryptlib/Include/openssl/tls1.h -index afe4807..47f25af 100644 ---- a/Cryptlib/Include/openssl/tls1.h -+++ b/Cryptlib/Include/openssl/tls1.h -@@ -80,10 +80,24 @@ extern "C" { - - #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 - -+#define TLS1_2_VERSION 0x0303 -+#define TLS1_2_VERSION_MAJOR 0x03 -+#define TLS1_2_VERSION_MINOR 0x03 -+ -+#define TLS1_1_VERSION 0x0302 -+#define TLS1_1_VERSION_MAJOR 0x03 -+#define TLS1_1_VERSION_MINOR 0x02 -+ - #define TLS1_VERSION 0x0301 - #define TLS1_VERSION_MAJOR 0x03 - #define TLS1_VERSION_MINOR 0x01 - -+#define TLS1_get_version(s) \ -+ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) -+ -+#define TLS1_get_client_version(s) \ -+ ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) -+ - #define TLS1_AD_DECRYPTION_FAILED 21 - #define TLS1_AD_RECORD_OVERFLOW 22 - #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ -diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile -index d24e59e..678baac 100644 ---- a/Cryptlib/Makefile -+++ b/Cryptlib/Makefile -@@ -30,7 +30,11 @@ OBJS = Hash/CryptMd4.o \ - Rand/CryptRand.o \ - Pk/CryptRsaBasic.o \ - Pk/CryptRsaExt.o \ -- Pk/CryptPkcs7.o \ -+ Pk/CryptRsaExtNull.o \ -+ Pk/CryptPkcs7Sign.o \ -+ Pk/CryptPkcs7SignNull.o \ -+ Pk/CryptPkcs7Verify.o \ -+ Pk/CryptPkcs7VerifyNull.o \ - Pk/CryptDh.o \ - Pk/CryptX509.o \ - Pk/CryptAuthenticode.o \ -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c -index f551bdb..ee26c31 100755 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_int.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_int.c -@@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) - int pad=0,ret,i,neg; - unsigned char *p,*n,pb=0; - -- if ((a == NULL) || (a->data == NULL)) return(0); -+ if (a == NULL) return(0); - neg=a->type & V_ASN1_NEG; - if (a->length == 0) - ret=1; -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c -index 264ebf2..ead37ac 100755 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c -@@ -567,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) - if(mbflag == -1) return -1; - mbflag |= MBSTRING_FLAG; - stmp.data = NULL; -+ stmp.length = 0; - ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); - if(ret < 0) return ret; - *out = stmp.data; -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c -index b68ae43..9b7d688 100755 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c -@@ -75,7 +75,7 @@ static int table_cmp(const void *a, const void *b); - * certain software (e.g. Netscape) has problems with them. - */ - --static unsigned long global_mask = 0xFFFFFFFFL; -+static unsigned long global_mask = B_ASN1_UTF8STRING; - - void ASN1_STRING_set_default_mask(unsigned long mask) - { -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c -index da3efaa..7ded69b 100755 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c -@@ -138,6 +138,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat - unsigned char *buf_in=NULL; - int ret= -1,i,inl; - -+ if (!pkey) -+ { -+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); -+ return -1; -+ } -+ - EVP_MD_CTX_init(&ctx); - i=OBJ_obj2nid(a->algorithm); - type=EVP_get_digestbyname(OBJ_nid2sn(i)); -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c -index afb95d6..bc23f56 100755 ---- a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c -@@ -208,11 +208,6 @@ int DSA_print(BIO *bp, const DSA *x, int off) - - if (x->p) - buf_len = (size_t)BN_num_bytes(x->p); -- else -- { -- DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS); -- goto err; -- } - if (x->q) - if (buf_len < (i = (size_t)BN_num_bytes(x->q))) - buf_len = i; -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c -index 94d9f7e..bc8a7bf 100755 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c -@@ -371,12 +371,15 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) - CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); - if (key->pkey) - { -+ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); - EVP_PKEY_free(ret); - ret = key->pkey; - } - else -+ { - key->pkey = ret; -- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); -+ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); -+ } - CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); - return(ret); - err: -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c -index 32a8fba..b66f507 100755 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c -@@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, - } - return bn_cmp_words(a,b,cl); - } -+ -+/* -+ * Constant-time conditional swap of a and b. -+ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. -+ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, -+ * and that no more than nwords are used by either a or b. -+ * a and b cannot be the same number -+ */ -+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) -+ { -+ BN_ULONG t; -+ int i; -+ -+ bn_wcheck_size(a, nwords); -+ bn_wcheck_size(b, nwords); -+ -+ assert(a != b); -+ assert((condition & (condition - 1)) == 0); -+ assert(sizeof(BN_ULONG) >= sizeof(int)); -+ -+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; -+ -+ t = (a->top^b->top) & condition; -+ a->top ^= t; -+ b->top ^= t; -+ -+#define BN_CONSTTIME_SWAP(ind) \ -+ do { \ -+ t = (a->d[ind] ^ b->d[ind]) & condition; \ -+ a->d[ind] ^= t; \ -+ b->d[ind] ^= t; \ -+ } while (0) -+ -+ -+ switch (nwords) { -+ default: -+ for (i = 10; i < nwords; i++) -+ BN_CONSTTIME_SWAP(i); -+ /* Fallthrough */ -+ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ -+ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ -+ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ -+ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ -+ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ -+ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ -+ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ -+ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ -+ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ -+ case 1: BN_CONSTTIME_SWAP(0); -+ } -+#undef BN_CONSTTIME_SWAP -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c -index 4799b15..27cafb1 100755 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c -@@ -701,32 +701,38 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) - BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, - const BIGNUM *mod, BN_CTX *ctx) - { -- int got_write_lock = 0; - BN_MONT_CTX *ret; - - CRYPTO_r_lock(lock); -- if (!*pmont) -+ ret = *pmont; -+ CRYPTO_r_unlock(lock); -+ if (ret) -+ return ret; -+ -+ /* We don't want to serialise globally while doing our lazy-init math in -+ * BN_MONT_CTX_set. That punishes threads that are doing independent -+ * things. Instead, punish the case where more than one thread tries to -+ * lazy-init the same 'pmont', by having each do the lazy-init math work -+ * independently and only use the one from the thread that wins the race -+ * (the losers throw away the work they've done). */ -+ ret = BN_MONT_CTX_new(); -+ if (!ret) -+ return NULL; -+ if (!BN_MONT_CTX_set(ret, mod, ctx)) - { -- CRYPTO_r_unlock(lock); -- CRYPTO_w_lock(lock); -- got_write_lock = 1; -+ BN_MONT_CTX_free(ret); -+ return NULL; -+ } - -- if (!*pmont) -- { -- ret = BN_MONT_CTX_new(); -- if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) -- BN_MONT_CTX_free(ret); -- else -- *pmont = ret; -- } -+ /* The locked compare-and-set, after the local work is done. */ -+ CRYPTO_w_lock(lock); -+ if (*pmont) -+ { -+ BN_MONT_CTX_free(ret); -+ ret = *pmont; - } -- -- ret = *pmont; -- -- if (got_write_lock) -- CRYPTO_w_unlock(lock); - else -- CRYPTO_r_unlock(lock); -- -+ *pmont = ret; -+ CRYPTO_w_unlock(lock); - return ret; - } -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c -index ee7b87c..de83a15 100755 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_word.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_word.c -@@ -144,26 +144,17 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) - a->neg=!(a->neg); - return(i); - } -- /* Only expand (and risk failing) if it's possibly necessary */ -- if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) && -- (bn_wexpand(a,a->top+1) == NULL)) -- return(0); -- i=0; -- for (;;) -+ for (i=0;w!=0 && itop;i++) - { -- if (i >= a->top) -- l=w; -- else -- l=(a->d[i]+w)&BN_MASK2; -- a->d[i]=l; -- if (w > l) -- w=1; -- else -- break; -- i++; -+ a->d[i] = l = (a->d[i]+w)&BN_MASK2; -+ w = (w>l)?1:0; - } -- if (i >= a->top) -+ if (w && i==a->top) -+ { -+ if (bn_wexpand(a,a->top+1) == NULL) return 0; - a->top++; -+ a->d[i]=w; -+ } - bn_check_top(a); - return(1); - } -diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c -index dd74ea8..dec3286 100755 ---- a/Cryptlib/OpenSSL/crypto/cryptlib.c -+++ b/Cryptlib/OpenSSL/crypto/cryptlib.c -@@ -542,3 +542,19 @@ void OpenSSLDie(const char *file,int line,const char *assertion) - } - - void *OPENSSL_stderr(void) { return stderr; } -+ -+#ifndef OPENSSL_FIPS -+ -+int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) -+ { -+ size_t i; -+ const unsigned char *a = in_a; -+ const unsigned char *b = in_b; -+ unsigned char x = 0; -+ -+ for (i = 0; i < len; i++) -+ x |= a[i] ^ b[i]; -+ -+ return x; -+ } -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c -index 7dca5e4..6b570a3 100755 ---- a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c -@@ -208,9 +208,12 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG - - /* Computes scalar*point and stores the result in r. - * point can not equal r. -- * Uses algorithm 2P of -+ * Uses a modified algorithm 2P of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". -+ * -+ * To protect against side-channel attack the function uses constant time -+ * swap avoiding conditional branches. - */ - static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - const EC_POINT *point, BN_CTX *ctx) -@@ -244,6 +247,11 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, - x2 = &r->X; - z2 = &r->Y; - -+ bn_wexpand(x1, group->field.top); -+ bn_wexpand(z1, group->field.top); -+ bn_wexpand(x2, group->field.top); -+ bn_wexpand(z2, group->field.top); -+ - if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ - if (!BN_one(z1)) goto err; /* z1 = 1 */ - if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ -@@ -266,16 +274,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, - { - for (; j >= 0; j--) - { -- if (scalar->d[i] & mask) -- { -- if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; -- if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; -- } -- else -- { -- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; -- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; -- } -+ BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); -+ BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); -+ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; -+ if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; -+ BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); -+ BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); - mask >>= 1; - } - j = BN_BITS2 - 1; -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c -index 522802c..6c933d2 100755 ---- a/Cryptlib/OpenSSL/crypto/ec/ec_key.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec_key.c -@@ -435,18 +435,27 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) - void *EC_KEY_get_key_method_data(EC_KEY *key, - void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) - { -- return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); -+ void *ret; -+ -+ CRYPTO_r_lock(CRYPTO_LOCK_EC); -+ ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); -+ CRYPTO_r_unlock(CRYPTO_LOCK_EC); -+ -+ return ret; - } - --void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, -+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, - void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) - { - EC_EXTRA_DATA *ex_data; -+ - CRYPTO_w_lock(CRYPTO_LOCK_EC); - ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); - if (ex_data == NULL) - EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); - CRYPTO_w_unlock(CRYPTO_LOCK_EC); -+ -+ return ex_data; - } - - void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c -index 5af8437..bbf2799 100755 ---- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c -@@ -480,10 +480,10 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) - if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != - EC_METHOD_get_field_type(EC_GROUP_method_of(b))) - return 1; -- /* compare the curve name (if present) */ -+ /* compare the curve name (if present in both) */ - if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && -- EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b)) -- return 0; -+ EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) -+ return 1; - - if (!ctx) - ctx_new = ctx = BN_CTX_new(); -@@ -1061,12 +1061,12 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN - if (group->meth->point_cmp == 0) - { - ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -+ return -1; - } - if ((group->meth != a->meth) || (a->meth != b->meth)) - { - ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -+ return -1; - } - return group->meth->point_cmp(group, a, b, ctx); - } -diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c -index bf22234..f9ba5fb 100755 ---- a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c -+++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c -@@ -205,8 +205,15 @@ ECDH_DATA *ecdh_check(EC_KEY *key) - ecdh_data = (ECDH_DATA *)ecdh_data_new(); - if (ecdh_data == NULL) - return NULL; -- EC_KEY_insert_key_method_data(key, (void *)ecdh_data, -- ecdh_data_dup, ecdh_data_free, ecdh_data_free); -+ data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, -+ ecdh_data_dup, ecdh_data_free, ecdh_data_free); -+ if (data != NULL) -+ { -+ /* Another thread raced us to install the key_method -+ * data and won. */ -+ ecdh_data_free(ecdh_data); -+ ecdh_data = (ECDH_DATA *)data; -+ } - } - else - ecdh_data = (ECDH_DATA *)data; -diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c -index 2ebae3a..81082c9 100755 ---- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c -+++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c -@@ -188,8 +188,15 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key) - ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); - if (ecdsa_data == NULL) - return NULL; -- EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, -- ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); -+ data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, -+ ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); -+ if (data != NULL) -+ { -+ /* Another thread raced us to install the key_method -+ * data and won. */ -+ ecdsa_data_free(ecdsa_data); -+ ecdsa_data = (ECDSA_DATA *)data; -+ } - } - else - ecdsa_data = (ECDSA_DATA *)data; -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c -index f29c167..8a1b9c7 100755 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_all.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_all.c -@@ -102,14 +102,14 @@ void ENGINE_load_builtin_engines(void) - #if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) - ENGINE_load_gmp(); - #endif -+#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) -+ ENGINE_load_capi(); -+#endif - #endif - #ifndef OPENSSL_NO_HW - #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) - ENGINE_load_cryptodev(); - #endif --#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) -- ENGINE_load_capi(); --#endif - #endif - } - -diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c -index 39796f7..0429389 100755 ---- a/Cryptlib/OpenSSL/crypto/err/err_all.c -+++ b/Cryptlib/OpenSSL/crypto/err/err_all.c -@@ -104,7 +104,9 @@ - #ifndef OPENSSL_NO_JPAKE - #include - #endif -+#ifndef OPENSSL_NO_COMP - #include -+#endif - - void ERR_load_crypto_strings(void) - { -diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c -index 72a2a67..16863fe 100755 ---- a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c -+++ b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c -@@ -226,6 +226,7 @@ static int b64_read(BIO *b, char *out, int outl) - else if (ctx->start) - { - q=p=(unsigned char *)ctx->tmp; -+ num = 0; - for (j=0; j v) { rv=-1; goto end; } - ret+=(v-eof); - } - else -diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c -index d767a90..c89fda5 100755 ---- a/Cryptlib/OpenSSL/crypto/o_init.c -+++ b/Cryptlib/OpenSSL/crypto/o_init.c -@@ -93,4 +93,18 @@ void OPENSSL_init(void) - #endif - } - -+#ifdef OPENSSL_FIPS -+ -+int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) -+ { -+ size_t i; -+ const unsigned char *a = in_a; -+ const unsigned char *b = in_b; -+ unsigned char x = 0; - -+ for (i = 0; i < len; i++) -+ x |= a[i] ^ b[i]; -+ -+ return x; -+ } -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c -index 4a0c387..f24080f 100755 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c -@@ -91,9 +91,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - { - EVP_PKEY *skey; - skey = X509_get_pubkey(signer); -- ret = OCSP_BASICRESP_verify(bs, skey, 0); -- EVP_PKEY_free(skey); -- if(ret <= 0) -+ if (skey) -+ { -+ ret = OCSP_BASICRESP_verify(bs, skey, 0); -+ EVP_PKEY_free(skey); -+ } -+ if(!skey || ret <= 0) - { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); - goto end; -@@ -108,6 +111,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); - if(!init_res) - { -+ ret = -1; - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); - goto end; - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c -index 9522342..3ef3be1 100755 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c -@@ -100,7 +100,11 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, - nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - else - #endif -+#ifdef OPENSSL_NO_RC2 -+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -+#else - nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; -+#endif - } - if (!nid_key) - nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -@@ -290,7 +294,11 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, - free_safes = 0; - - if (nid_safe == 0) -+#ifdef OPENSSL_NO_RC2 -+ nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -+#else - nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; -+#endif - - if (nid_safe == -1) - p7 = PKCS12_pack_p7data(bags); -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c -index 5c4c6ec..bdbbbec 100755 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c -@@ -261,7 +261,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - int len, r; - unsigned char *data; - len = ASN1_STRING_to_UTF8(&data, fname); -- if(len > 0) { -+ if(len >= 0) { - r = X509_alias_set1(x509, data, len); - OPENSSL_free(data); - if (!r) -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c -index b0ff89a..49b450d 100755 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c -@@ -290,8 +290,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - - bufsiz = 4096; - buf = OPENSSL_malloc (bufsiz); -- if (buf == NULL) { -- goto err; -+ if (buf == NULL) { -+ goto err; - } - - /* We now have to 'read' from p7bio to calculate digests etc. */ -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c -index 546ae5f..b8e3edc 100755 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c -@@ -143,7 +143,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, - - EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); - -- if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) -+ if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) - goto decoding_err; - else - { -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c -index af12520..b87617a 100755 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c -@@ -386,11 +386,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) - - static int check_chain_extensions(X509_STORE_CTX *ctx) - { --#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI) -- /* -- NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting -- in Authenticode Signing Certificates. -- */ -+#ifdef OPENSSL_NO_CHAIN_VERIFY - return 1; - #else - int i, ok=0, must_be_ca, plen = 0; -diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh -index cb25ccd..95875e7 100755 ---- a/Cryptlib/OpenSSL/update.sh -+++ b/Cryptlib/OpenSSL/update.sh -@@ -1,499 +1,501 @@ - #/bin/sh --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/e_os.h e_os.h --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cryptlib.c crypto/cryptlib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dyn_lck.c crypto/dyn_lck.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem.c crypto/mem.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem_clr.c crypto/mem_clr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem_dbg.c crypto/mem_dbg.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cversion.c crypto/cversion.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ex_data.c crypto/ex_data.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cpt_err.c crypto/cpt_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ebcdic.c crypto/ebcdic.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/uid.c crypto/uid.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_time.c crypto/o_time.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_str.c crypto/o_str.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_dir.c crypto/o_dir.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_init.c crypto/o_init.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/fips_err.c crypto/fips_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md2/md2_one.c crypto/md2/md2_one.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md4/md4_one.c crypto/md4/md4_one.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md5/md5_one.c crypto/md5/md5_one.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha_one.c crypto/sha/sha_one.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha1_one.c crypto/sha/sha1_one.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha256.c crypto/sha/sha256.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha512.c crypto/sha/sha512.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/hmac/hmac.c crypto/hmac/hmac.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_lib.c crypto/des/des_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/set_key.c crypto/des/set_key.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ecb_enc.c crypto/des/ecb_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cbc_enc.c crypto/des/cbc_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb64enc.c crypto/des/cfb64enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb64ede.c crypto/des/cfb64ede.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb_enc.c crypto/des/cfb_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb64ede.c crypto/des/ofb64ede.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/enc_read.c crypto/des/enc_read.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/enc_writ.c crypto/des/enc_writ.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb64enc.c crypto/des/ofb64enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb_enc.c crypto/des/ofb_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/str2key.c crypto/des/str2key.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/qud_cksm.c crypto/des/qud_cksm.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/rand_key.c crypto/des/rand_key.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_enc.c crypto/des/des_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/fcrypt.c crypto/des/fcrypt.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/rpc_enc.c crypto/des/rpc_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_old.c crypto/des/des_old.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_old2.c crypto/des/des_old2.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/read2pwd.c crypto/des/read2pwd.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_cbc.c crypto/idea/i_cbc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_ecb.c crypto/idea/i_ecb.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_skey.c crypto/idea/i_skey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_skey.c crypto/bf/bf_skey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_enc.c crypto/bf/bf_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_skey.c crypto/cast/c_skey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_ecb.c crypto/cast/c_ecb.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_enc.c crypto/cast/c_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_misc.c crypto/aes/aes_misc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ige.c crypto/aes/aes_ige.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_core.c crypto/aes/aes_core.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_add.c crypto/bn/bn_add.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_div.c crypto/bn/bn_div.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_exp.c crypto/bn/bn_exp.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_lib.c crypto/bn/bn_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mul.c crypto/bn/bn_mul.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mod.c crypto/bn/bn_mod.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_print.c crypto/bn/bn_print.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_rand.c crypto/bn/bn_rand.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_shift.c crypto/bn/bn_shift.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_word.c crypto/bn/bn_word.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_blind.c crypto/bn/bn_blind.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_kron.c crypto/bn/bn_kron.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_prime.c crypto/bn/bn_prime.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_err.c crypto/bn/bn_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_asm.c crypto/bn/bn_asm.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_recp.c crypto/bn/bn_recp.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mont.c crypto/bn/bn_mont.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_nist.c crypto/bn/bn_nist.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_depr.c crypto/bn/bn_depr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_const.c crypto/bn/bn_const.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_opt.c crypto/bn/bn_opt.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_dl.c crypto/dso/dso_dl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_err.c crypto/dso/dso_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_lib.c crypto/dso/dso_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_null.c crypto/dso/dso_null.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_win32.c crypto/dso/dso_win32.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_vms.c crypto/dso/dso_vms.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_gen.c crypto/dh/dh_gen.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_key.c crypto/dh/dh_key.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_lib.c crypto/dh/dh_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_check.c crypto/dh/dh_check.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_err.c crypto/dh/dh_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_depr.c crypto/dh/dh_depr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_lib.c crypto/ec/ec_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_mult.c crypto/ec/ec_mult.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_err.c crypto/ec/ec_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_curve.c crypto/ec/ec_curve.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_check.c crypto/ec/ec_check.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_print.c crypto/ec/ec_print.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_key.c crypto/ec/ec_key.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buffer.c crypto/buffer/buffer.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buf_str.c crypto/buffer/buf_str.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buf_err.c crypto/buffer/buf_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_lib.c crypto/bio/bio_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_cb.c crypto/bio/bio_cb.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_err.c crypto/bio/bio_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_mem.c crypto/bio/bss_mem.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_null.c crypto/bio/bss_null.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_fd.c crypto/bio/bss_fd.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_file.c crypto/bio/bss_file.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_null.c crypto/bio/bf_null.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_buff.c crypto/bio/bf_buff.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/b_dump.c crypto/bio/b_dump.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_log.c crypto/bio/bss_log.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_bio.c crypto/bio/bss_bio.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/stack/stack.c crypto/stack/stack.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/lhash/lhash.c crypto/lhash/lhash.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/md_rand.c crypto/rand/md_rand.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/randfile.c crypto/rand/randfile.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_lib.c crypto/rand/rand_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_eng.c crypto/rand/rand_eng.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_err.c crypto/rand/rand_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_egd.c crypto/rand/rand_egd.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_win.c crypto/rand/rand_win.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_unix.c crypto/rand/rand_unix.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_os2.c crypto/rand/rand_os2.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_nw.c crypto/rand/rand_nw.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err.c crypto/err/err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_def.c crypto/err/err_def.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_all.c crypto/err/err_all.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_prn.c crypto/err/err_prn.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_str.c crypto/err/err_str.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_bio.c crypto/err/err_bio.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/o_names.c crypto/objects/o_names.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_dat.c crypto/objects/obj_dat.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_lib.c crypto/objects/obj_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_err.c crypto/objects/obj_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/encode.c crypto/evp/encode.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/digest.c crypto/evp/digest.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/dig_eng.c crypto/evp/dig_eng.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_enc.c crypto/evp/evp_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_key.c crypto/evp/evp_key.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_des.c crypto/evp/e_des.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_bf.c crypto/evp/e_bf.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_idea.c crypto/evp/e_idea.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_des3.c crypto/evp/e_des3.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc4.c crypto/evp/e_rc4.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_aes.c crypto/evp/e_aes.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/names.c crypto/evp/names.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc2.c crypto/evp/e_rc2.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_cast.c crypto/evp/e_cast.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc5.c crypto/evp/e_rc5.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/enc_min.c crypto/evp/enc_min.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_null.c crypto/evp/m_null.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md2.c crypto/evp/m_md2.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md4.c crypto/evp/m_md4.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md5.c crypto/evp/m_md5.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_sha.c crypto/evp/m_sha.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_sha1.c crypto/evp/m_sha1.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_dss.c crypto/evp/m_dss.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_dss1.c crypto/evp/m_dss1.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_open.c crypto/evp/p_open.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_seal.c crypto/evp/p_seal.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_sign.c crypto/evp/p_sign.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_verify.c crypto/evp/p_verify.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_lib.c crypto/evp/p_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_enc.c crypto/evp/p_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_dec.c crypto/evp/p_dec.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_md.c crypto/evp/bio_md.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_b64.c crypto/evp/bio_b64.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_enc.c crypto/evp/bio_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_err.c crypto/evp/evp_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_null.c crypto/evp/e_null.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_all.c crypto/evp/c_all.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_allc.c crypto/evp/c_allc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_alld.c crypto/evp/c_alld.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_lib.c crypto/evp/evp_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_ok.c crypto/evp/bio_ok.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_old.c crypto/evp/e_old.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_object.c crypto/asn1/a_object.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_time.c crypto/asn1/a_time.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_int.c crypto/asn1/a_int.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_octet.c crypto/asn1/a_octet.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_print.c crypto/asn1/a_print.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_type.c crypto/asn1/a_type.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_set.c crypto/asn1/a_set.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_dup.c crypto/asn1/a_dup.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_enum.c crypto/asn1/a_enum.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_sign.c crypto/asn1/a_sign.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_digest.c crypto/asn1/a_digest.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_verify.c crypto/asn1/a_verify.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_strex.c crypto/asn1/a_strex.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_algor.c crypto/asn1/x_algor.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_val.c crypto/asn1/x_val.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_sig.c crypto/asn1/x_sig.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_req.c crypto/asn1/x_req.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_long.c crypto/asn1/x_long.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_name.c crypto/asn1/x_name.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_x509.c crypto/asn1/x_x509.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_crl.c crypto/asn1/x_crl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_info.c crypto/asn1/x_info.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_spki.c crypto/asn1/x_spki.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/nsseq.c crypto/asn1/nsseq.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_req.c crypto/asn1/t_req.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_x509.c crypto/asn1/t_x509.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_crl.c crypto/asn1/t_crl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_spki.c crypto/asn1/t_spki.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_int.c crypto/asn1/f_int.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_string.c crypto/asn1/f_string.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_enum.c crypto/asn1/f_enum.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bool.c crypto/asn1/a_bool.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_exten.c crypto/asn1/x_exten.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_meth.c crypto/asn1/a_meth.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_sign.c crypto/pem/pem_sign.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_seal.c crypto/pem/pem_seal.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_info.c crypto/pem/pem_info.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_lib.c crypto/pem/pem_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_all.c crypto/pem/pem_all.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_err.c crypto/pem/pem_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_x509.c crypto/pem/pem_x509.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_oth.c crypto/pem/pem_oth.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_def.c crypto/x509/x509_def.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_d2.c crypto/x509/x509_d2.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_obj.c crypto/x509/x509_obj.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_req.c crypto/x509/x509_req.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509spki.c crypto/x509/x509spki.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_set.c crypto/x509/x509_set.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509cset.c crypto/x509/x509cset.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509rset.c crypto/x509/x509rset.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_err.c crypto/x509/x509_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509name.c crypto/x509/x509name.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_v3.c crypto/x509/x509_v3.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_ext.c crypto/x509/x509_ext.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_att.c crypto/x509/x509_att.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509type.c crypto/x509/x509type.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_lu.c crypto/x509/x509_lu.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x_all.c crypto/x509/x_all.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_txt.c crypto/x509/x509_txt.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_trs.c crypto/x509/x509_trs.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/by_file.c crypto/x509/by_file.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/by_dir.c crypto/x509/by_dir.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3err.c crypto/x509v3/v3err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_err.c crypto/conf/conf_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_lib.c crypto/conf/conf_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_api.c crypto/conf/conf_api.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_def.c crypto/conf/conf_def.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_mod.c crypto/conf/conf_mod.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_mall.c crypto/conf/conf_mall.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_sap.c crypto/conf/conf_sap.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/comp_lib.c crypto/comp/comp_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/comp_err.c crypto/comp/comp_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/c_rle.c crypto/comp/c_rle.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/c_zlib.c crypto/comp/c_zlib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_err.c crypto/engine/eng_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_lib.c crypto/engine/eng_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_list.c crypto/engine/eng_list.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_init.c crypto/engine/eng_init.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_table.c crypto/engine/eng_table.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_fat.c crypto/engine/eng_fat.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_all.c crypto/engine/eng_all.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_dh.c crypto/engine/tb_dh.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_rand.c crypto/engine/tb_rand.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_store.c crypto/engine/tb_store.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_digest.c crypto/engine/tb_digest.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_err.c crypto/ui/ui_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_lib.c crypto/ui/ui_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_util.c crypto/ui/ui_util.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_compat.c crypto/ui/ui_compat.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_err.c crypto/store/str_err.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_lib.c crypto/store/str_lib.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_meth.c crypto/store/str_meth.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_mem.c crypto/store/str_mem.c --install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c -+DIR=$1 -+ -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/e_os.h e_os.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cryptlib.c crypto/cryptlib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dyn_lck.c crypto/dyn_lck.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem.c crypto/mem.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_clr.c crypto/mem_clr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_dbg.c crypto/mem_dbg.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cversion.c crypto/cversion.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ex_data.c crypto/ex_data.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cpt_err.c crypto/cpt_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ebcdic.c crypto/ebcdic.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/uid.c crypto/uid.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_time.c crypto/o_time.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_str.c crypto/o_str.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_dir.c crypto/o_dir.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_init.c crypto/o_init.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/fips_err.c crypto/fips_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_one.c crypto/md2/md2_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_one.c crypto/md4/md4_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_one.c crypto/md5/md5_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_one.c crypto/sha/sha_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1_one.c crypto/sha/sha1_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha256.c crypto/sha/sha256.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha512.c crypto/sha/sha512.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/hmac/hmac.c crypto/hmac/hmac.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_lib.c crypto/des/des_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/set_key.c crypto/des/set_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb_enc.c crypto/des/ecb_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_enc.c crypto/des/cbc_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64enc.c crypto/des/cfb64enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64ede.c crypto/des/cfb64ede.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb_enc.c crypto/des/cfb_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64ede.c crypto/des/ofb64ede.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_read.c crypto/des/enc_read.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_writ.c crypto/des/enc_writ.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64enc.c crypto/des/ofb64enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb_enc.c crypto/des/ofb_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/str2key.c crypto/des/str2key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/qud_cksm.c crypto/des/qud_cksm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rand_key.c crypto/des/rand_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_enc.c crypto/des/des_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt.c crypto/des/fcrypt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rpc_enc.c crypto/des/rpc_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old.c crypto/des/des_old.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old2.c crypto/des/des_old2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/read2pwd.c crypto/des/read2pwd.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cbc.c crypto/idea/i_cbc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ecb.c crypto/idea/i_ecb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_skey.c crypto/idea/i_skey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_skey.c crypto/bf/bf_skey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_enc.c crypto/bf/bf_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_skey.c crypto/cast/c_skey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ecb.c crypto/cast/c_ecb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_enc.c crypto/cast/c_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_misc.c crypto/aes/aes_misc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ige.c crypto/aes/aes_ige.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_core.c crypto/aes/aes_core.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_add.c crypto/bn/bn_add.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_div.c crypto/bn/bn_div.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp.c crypto/bn/bn_exp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_lib.c crypto/bn/bn_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mul.c crypto/bn/bn_mul.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mod.c crypto/bn/bn_mod.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_print.c crypto/bn/bn_print.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_rand.c crypto/bn/bn_rand.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_shift.c crypto/bn/bn_shift.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_word.c crypto/bn/bn_word.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_blind.c crypto/bn/bn_blind.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_kron.c crypto/bn/bn_kron.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_prime.c crypto/bn/bn_prime.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_err.c crypto/bn/bn_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_asm.c crypto/bn/bn_asm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_recp.c crypto/bn/bn_recp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mont.c crypto/bn/bn_mont.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_nist.c crypto/bn/bn_nist.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_depr.c crypto/bn/bn_depr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_const.c crypto/bn/bn_const.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_opt.c crypto/bn/bn_opt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dl.c crypto/dso/dso_dl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_err.c crypto/dso/dso_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_lib.c crypto/dso/dso_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_null.c crypto/dso/dso_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_win32.c crypto/dso/dso_win32.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_vms.c crypto/dso/dso_vms.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_gen.c crypto/dh/dh_gen.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_key.c crypto/dh/dh_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_lib.c crypto/dh/dh_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_check.c crypto/dh/dh_check.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_err.c crypto/dh/dh_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_depr.c crypto/dh/dh_depr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_lib.c crypto/ec/ec_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_mult.c crypto/ec/ec_mult.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_err.c crypto/ec/ec_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_curve.c crypto/ec/ec_curve.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_check.c crypto/ec/ec_check.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_print.c crypto/ec/ec_print.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_key.c crypto/ec/ec_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buffer.c crypto/buffer/buffer.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_str.c crypto/buffer/buf_str.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_err.c crypto/buffer/buf_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_lib.c crypto/bio/bio_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_cb.c crypto/bio/bio_cb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_err.c crypto/bio/bio_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_mem.c crypto/bio/bss_mem.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_null.c crypto/bio/bss_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_fd.c crypto/bio/bss_fd.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_file.c crypto/bio/bss_file.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_null.c crypto/bio/bf_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_buff.c crypto/bio/bf_buff.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/b_dump.c crypto/bio/b_dump.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_log.c crypto/bio/bss_log.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_bio.c crypto/bio/bss_bio.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/stack/stack.c crypto/stack/stack.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lhash.c crypto/lhash/lhash.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/md_rand.c crypto/rand/md_rand.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/randfile.c crypto/rand/randfile.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_lib.c crypto/rand/rand_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_eng.c crypto/rand/rand_eng.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_err.c crypto/rand/rand_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_egd.c crypto/rand/rand_egd.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_win.c crypto/rand/rand_win.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_unix.c crypto/rand/rand_unix.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_os2.c crypto/rand/rand_os2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_nw.c crypto/rand/rand_nw.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err.c crypto/err/err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_def.c crypto/err/err_def.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_all.c crypto/err/err_all.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_prn.c crypto/err/err_prn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_str.c crypto/err/err_str.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_bio.c crypto/err/err_bio.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/o_names.c crypto/objects/o_names.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_dat.c crypto/objects/obj_dat.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_lib.c crypto/objects/obj_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_err.c crypto/objects/obj_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/encode.c crypto/evp/encode.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/digest.c crypto/evp/digest.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/dig_eng.c crypto/evp/dig_eng.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_enc.c crypto/evp/evp_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_key.c crypto/evp/evp_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des.c crypto/evp/e_des.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_bf.c crypto/evp/e_bf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_idea.c crypto/evp/e_idea.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des3.c crypto/evp/e_des3.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc4.c crypto/evp/e_rc4.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_aes.c crypto/evp/e_aes.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/names.c crypto/evp/names.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc2.c crypto/evp/e_rc2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_cast.c crypto/evp/e_cast.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc5.c crypto/evp/e_rc5.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/enc_min.c crypto/evp/enc_min.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_null.c crypto/evp/m_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md2.c crypto/evp/m_md2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md4.c crypto/evp/m_md4.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md5.c crypto/evp/m_md5.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha.c crypto/evp/m_sha.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha1.c crypto/evp/m_sha1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss.c crypto/evp/m_dss.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss1.c crypto/evp/m_dss1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_open.c crypto/evp/p_open.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_seal.c crypto/evp/p_seal.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_sign.c crypto/evp/p_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_verify.c crypto/evp/p_verify.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_lib.c crypto/evp/p_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_enc.c crypto/evp/p_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_dec.c crypto/evp/p_dec.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_md.c crypto/evp/bio_md.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_b64.c crypto/evp/bio_b64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_enc.c crypto/evp/bio_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_err.c crypto/evp/evp_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_null.c crypto/evp/e_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_all.c crypto/evp/c_all.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_allc.c crypto/evp/c_allc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_alld.c crypto/evp/c_alld.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_lib.c crypto/evp/evp_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_ok.c crypto/evp/bio_ok.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_old.c crypto/evp/e_old.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_object.c crypto/asn1/a_object.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_time.c crypto/asn1/a_time.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_int.c crypto/asn1/a_int.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_octet.c crypto/asn1/a_octet.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_print.c crypto/asn1/a_print.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_type.c crypto/asn1/a_type.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_set.c crypto/asn1/a_set.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_dup.c crypto/asn1/a_dup.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_enum.c crypto/asn1/a_enum.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_sign.c crypto/asn1/a_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_digest.c crypto/asn1/a_digest.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_verify.c crypto/asn1/a_verify.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strex.c crypto/asn1/a_strex.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_algor.c crypto/asn1/x_algor.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_val.c crypto/asn1/x_val.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_sig.c crypto/asn1/x_sig.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_req.c crypto/asn1/x_req.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_long.c crypto/asn1/x_long.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_name.c crypto/asn1/x_name.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509.c crypto/asn1/x_x509.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_crl.c crypto/asn1/x_crl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_info.c crypto/asn1/x_info.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_spki.c crypto/asn1/x_spki.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/nsseq.c crypto/asn1/nsseq.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_req.c crypto/asn1/t_req.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509.c crypto/asn1/t_x509.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_crl.c crypto/asn1/t_crl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_spki.c crypto/asn1/t_spki.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_int.c crypto/asn1/f_int.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_string.c crypto/asn1/f_string.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_enum.c crypto/asn1/f_enum.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bool.c crypto/asn1/a_bool.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_exten.c crypto/asn1/x_exten.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_meth.c crypto/asn1/a_meth.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_sign.c crypto/pem/pem_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_seal.c crypto/pem/pem_seal.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_info.c crypto/pem/pem_info.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_lib.c crypto/pem/pem_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_all.c crypto/pem/pem_all.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_err.c crypto/pem/pem_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_x509.c crypto/pem/pem_x509.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_oth.c crypto/pem/pem_oth.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_def.c crypto/x509/x509_def.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_d2.c crypto/x509/x509_d2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_obj.c crypto/x509/x509_obj.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_req.c crypto/x509/x509_req.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509spki.c crypto/x509/x509spki.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_set.c crypto/x509/x509_set.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509cset.c crypto/x509/x509cset.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509rset.c crypto/x509/x509rset.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_err.c crypto/x509/x509_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509name.c crypto/x509/x509name.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_v3.c crypto/x509/x509_v3.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_ext.c crypto/x509/x509_ext.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_att.c crypto/x509/x509_att.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509type.c crypto/x509/x509type.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_lu.c crypto/x509/x509_lu.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x_all.c crypto/x509/x_all.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_txt.c crypto/x509/x509_txt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_trs.c crypto/x509/x509_trs.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_file.c crypto/x509/by_file.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_dir.c crypto/x509/by_dir.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3err.c crypto/x509v3/v3err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_err.c crypto/conf/conf_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_lib.c crypto/conf/conf_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_api.c crypto/conf/conf_api.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_def.c crypto/conf/conf_def.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mod.c crypto/conf/conf_mod.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mall.c crypto/conf/conf_mall.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_sap.c crypto/conf/conf_sap.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_lib.c crypto/comp/comp_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_err.c crypto/comp/comp_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_rle.c crypto/comp/c_rle.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_zlib.c crypto/comp/c_zlib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_err.c crypto/engine/eng_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_lib.c crypto/engine/eng_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_list.c crypto/engine/eng_list.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_init.c crypto/engine/eng_init.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_table.c crypto/engine/eng_table.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_fat.c crypto/engine/eng_fat.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_all.c crypto/engine/eng_all.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dh.c crypto/engine/tb_dh.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rand.c crypto/engine/tb_rand.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_store.c crypto/engine/tb_store.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_digest.c crypto/engine/tb_digest.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_err.c crypto/ui/ui_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_lib.c crypto/ui/ui_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_util.c crypto/ui/ui_util.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_compat.c crypto/ui/ui_compat.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_err.c crypto/store/str_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_lib.c crypto/store/str_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_meth.c crypto/store/str_meth.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_mem.c crypto/store/str_mem.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c -diff --git a/Cryptlib/Pk/CryptPkcs7Sign.c b/Cryptlib/Pk/CryptPkcs7Sign.c -new file mode 100644 -index 0000000..63fe78f ---- /dev/null -+++ b/Cryptlib/Pk/CryptPkcs7Sign.c -@@ -0,0 +1,207 @@ -+/** @file -+ PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL. -+ -+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
-+This program and the accompanying materials -+are licensed and made available under the terms and conditions of the BSD License -+which accompanies this distribution. The full text of the license may be found at -+http://opensource.org/licenses/bsd-license.php -+ -+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+ -+**/ -+ -+#include "InternalCryptLib.h" -+ -+#include -+#include -+#include -+ -+ -+/** -+ Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message -+ Syntax Standard, version 1.5". This interface is only intended to be used for -+ application to perform PKCS#7 functionality validation. -+ -+ @param[in] PrivateKey Pointer to the PEM-formatted private key data for -+ data signing. -+ @param[in] PrivateKeySize Size of the PEM private key data in bytes. -+ @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM -+ key data. -+ @param[in] InData Pointer to the content to be signed. -+ @param[in] InDataSize Size of InData in bytes. -+ @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. -+ @param[in] OtherCerts Pointer to an optional additional set of certificates to -+ include in the PKCS#7 signedData (e.g. any intermediate -+ CAs in the chain). -+ @param[out] SignedData Pointer to output PKCS#7 signedData. -+ @param[out] SignedDataSize Size of SignedData in bytes. -+ -+ @retval TRUE PKCS#7 data signing succeeded. -+ @retval FALSE PKCS#7 data signing failed. -+ -+**/ -+BOOLEAN -+EFIAPI -+Pkcs7Sign ( -+ IN CONST UINT8 *PrivateKey, -+ IN UINTN PrivateKeySize, -+ IN CONST UINT8 *KeyPassword, -+ IN UINT8 *InData, -+ IN UINTN InDataSize, -+ IN UINT8 *SignCert, -+ IN UINT8 *OtherCerts OPTIONAL, -+ OUT UINT8 **SignedData, -+ OUT UINTN *SignedDataSize -+ ) -+{ -+ BOOLEAN Status; -+ EVP_PKEY *Key; -+ BIO *DataBio; -+ PKCS7 *Pkcs7; -+ UINT8 *RsaContext; -+ UINT8 *P7Data; -+ UINTN P7DataSize; -+ UINT8 *Tmp; -+ -+ // -+ // Check input parameters. -+ // -+ if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL || -+ SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) { -+ return FALSE; -+ } -+ -+ RsaContext = NULL; -+ Key = NULL; -+ Pkcs7 = NULL; -+ DataBio = NULL; -+ Status = FALSE; -+ -+ // -+ // Retrieve RSA private key from PEM data. -+ // -+ Status = RsaGetPrivateKeyFromPem ( -+ PrivateKey, -+ PrivateKeySize, -+ (CONST CHAR8 *) KeyPassword, -+ (VOID **) &RsaContext -+ ); -+ if (!Status) { -+ return Status; -+ } -+ -+ Status = FALSE; -+ -+ // -+ // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling -+ // -+ if (EVP_add_digest (EVP_md5 ()) == 0) { -+ goto _Exit; -+ } -+ if (EVP_add_digest (EVP_sha1 ()) == 0) { -+ goto _Exit; -+ } -+ if (EVP_add_digest (EVP_sha256 ()) == 0) { -+ goto _Exit; -+ } -+ -+ RandomSeed (NULL, 0); -+ -+ // -+ // Construct OpenSSL EVP_PKEY for private key. -+ // -+ Key = EVP_PKEY_new (); -+ if (Key == NULL) { -+ goto _Exit; -+ } -+ Key->save_type = EVP_PKEY_RSA; -+ Key->type = EVP_PKEY_type (EVP_PKEY_RSA); -+ Key->pkey.rsa = (RSA *) RsaContext; -+ -+ // -+ // Convert the data to be signed to BIO format. -+ // -+ DataBio = BIO_new (BIO_s_mem ()); -+ if (DataBio == NULL) { -+ goto _Exit; -+ } -+ -+ if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) { -+ goto _Exit; -+ } -+ -+ // -+ // Create the PKCS#7 signedData structure. -+ // -+ Pkcs7 = PKCS7_sign ( -+ (X509 *) SignCert, -+ Key, -+ (STACK_OF(X509) *) OtherCerts, -+ DataBio, -+ PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED -+ ); -+ if (Pkcs7 == NULL) { -+ goto _Exit; -+ } -+ -+ // -+ // Convert PKCS#7 signedData structure into DER-encoded buffer. -+ // -+ P7DataSize = i2d_PKCS7 (Pkcs7, NULL); -+ if (P7DataSize <= 19) { -+ goto _Exit; -+ } -+ -+ P7Data = malloc (P7DataSize); -+ if (P7Data == NULL) { -+ goto _Exit; -+ } -+ -+ Tmp = P7Data; -+ P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp); -+ ASSERT (P7DataSize > 19); -+ -+ // -+ // Strip ContentInfo to content only for signeddata. The data be trimmed off -+ // is totally 19 bytes. -+ // -+ *SignedDataSize = P7DataSize - 19; -+ *SignedData = malloc (*SignedDataSize); -+ if (*SignedData == NULL) { -+ OPENSSL_free (P7Data); -+ goto _Exit; -+ } -+ -+ CopyMem (*SignedData, P7Data + 19, *SignedDataSize); -+ -+ OPENSSL_free (P7Data); -+ -+ Status = TRUE; -+ -+_Exit: -+ // -+ // Release Resources -+ // -+ if (RsaContext != NULL) { -+ RsaFree (RsaContext); -+ if (Key != NULL) { -+ Key->pkey.rsa = NULL; -+ } -+ } -+ -+ if (Key != NULL) { -+ EVP_PKEY_free (Key); -+ } -+ -+ if (DataBio != NULL) { -+ BIO_free (DataBio); -+ } -+ -+ if (Pkcs7 != NULL) { -+ PKCS7_free (Pkcs7); -+ } -+ -+ return Status; -+} -diff --git a/Cryptlib/Pk/CryptPkcs7SignNull.c b/Cryptlib/Pk/CryptPkcs7SignNull.c -new file mode 100644 -index 0000000..539bb6b ---- /dev/null -+++ b/Cryptlib/Pk/CryptPkcs7SignNull.c -@@ -0,0 +1,59 @@ -+/** @file -+ PKCS#7 SignedData Sign Wrapper Implementation which does not provide real -+ capabilities. -+ -+Copyright (c) 2012, Intel Corporation. All rights reserved.
-+This program and the accompanying materials -+are licensed and made available under the terms and conditions of the BSD License -+which accompanies this distribution. The full text of the license may be found at -+http://opensource.org/licenses/bsd-license.php -+ -+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+ -+**/ -+ -+#include "InternalCryptLib.h" -+ -+/** -+ Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message -+ Syntax Standard, version 1.5". This interface is only intended to be used for -+ application to perform PKCS#7 functionality validation. -+ -+ Return FALSE to indicate this interface is not supported. -+ -+ @param[in] PrivateKey Pointer to the PEM-formatted private key data for -+ data signing. -+ @param[in] PrivateKeySize Size of the PEM private key data in bytes. -+ @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM -+ key data. -+ @param[in] InData Pointer to the content to be signed. -+ @param[in] InDataSize Size of InData in bytes. -+ @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. -+ @param[in] OtherCerts Pointer to an optional additional set of certificates to -+ include in the PKCS#7 signedData (e.g. any intermediate -+ CAs in the chain). -+ @param[out] SignedData Pointer to output PKCS#7 signedData. -+ @param[out] SignedDataSize Size of SignedData in bytes. -+ -+ @retval FALSE This interface is not supported. -+ -+**/ -+BOOLEAN -+EFIAPI -+Pkcs7Sign ( -+ IN CONST UINT8 *PrivateKey, -+ IN UINTN PrivateKeySize, -+ IN CONST UINT8 *KeyPassword, -+ IN UINT8 *InData, -+ IN UINTN InDataSize, -+ IN UINT8 *SignCert, -+ IN UINT8 *OtherCerts OPTIONAL, -+ OUT UINT8 **SignedData, -+ OUT UINTN *SignedDataSize -+ ) -+{ -+ ASSERT (FALSE); -+ return FALSE; -+} -+ -diff --git a/Cryptlib/Pk/CryptPkcs7.c b/Cryptlib/Pk/CryptPkcs7Verify.c -similarity index 74% -rename from Cryptlib/Pk/CryptPkcs7.c -rename to Cryptlib/Pk/CryptPkcs7Verify.c -index 218e7ac..05c3f87 100644 ---- a/Cryptlib/Pk/CryptPkcs7.c -+++ b/Cryptlib/Pk/CryptPkcs7Verify.c -@@ -10,7 +10,7 @@ - WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated - Variable and will do basic check for data structure. - --Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
-+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -25,6 +25,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - #include - #include -+#include - #include - - UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 }; -@@ -111,182 +112,6 @@ X509VerifyCb ( - } - - /** -- Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message -- Syntax Standard, version 1.5". This interface is only intended to be used for -- application to perform PKCS#7 functionality validation. -- -- @param[in] PrivateKey Pointer to the PEM-formatted private key data for -- data signing. -- @param[in] PrivateKeySize Size of the PEM private key data in bytes. -- @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM -- key data. -- @param[in] InData Pointer to the content to be signed. -- @param[in] InDataSize Size of InData in bytes. -- @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. -- @param[in] OtherCerts Pointer to an optional additional set of certificates to -- include in the PKCS#7 signedData (e.g. any intermediate -- CAs in the chain). -- @param[out] SignedData Pointer to output PKCS#7 signedData. -- @param[out] SignedDataSize Size of SignedData in bytes. -- -- @retval TRUE PKCS#7 data signing succeeded. -- @retval FALSE PKCS#7 data signing failed. -- --**/ --BOOLEAN --EFIAPI --Pkcs7Sign ( -- IN CONST UINT8 *PrivateKey, -- IN UINTN PrivateKeySize, -- IN CONST UINT8 *KeyPassword, -- IN UINT8 *InData, -- IN UINTN InDataSize, -- IN UINT8 *SignCert, -- IN UINT8 *OtherCerts OPTIONAL, -- OUT UINT8 **SignedData, -- OUT UINTN *SignedDataSize -- ) --{ -- BOOLEAN Status; -- EVP_PKEY *Key; -- BIO *DataBio; -- PKCS7 *Pkcs7; -- UINT8 *RsaContext; -- UINT8 *P7Data; -- UINTN P7DataSize; -- UINT8 *Tmp; -- -- // -- // Check input parameters. -- // -- if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL || -- SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) { -- return FALSE; -- } -- -- RsaContext = NULL; -- Key = NULL; -- Pkcs7 = NULL; -- DataBio = NULL; -- Status = FALSE; -- -- // -- // Retrieve RSA private key from PEM data. -- // -- Status = RsaGetPrivateKeyFromPem ( -- PrivateKey, -- PrivateKeySize, -- (CONST CHAR8 *) KeyPassword, -- (VOID **) &RsaContext -- ); -- if (!Status) { -- return Status; -- } -- -- // -- // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling -- // -- EVP_add_digest (EVP_md5()); -- EVP_add_digest (EVP_sha1()); -- EVP_add_digest (EVP_sha256()); -- RandomSeed (NULL, 0); -- -- // -- // Construct OpenSSL EVP_PKEY for private key. -- // -- Key = EVP_PKEY_new (); -- if (Key == NULL) { -- Status = FALSE; -- goto _Exit; -- } -- Key->save_type = EVP_PKEY_RSA; -- Key->type = EVP_PKEY_type (EVP_PKEY_RSA); -- Key->pkey.rsa = (RSA *) RsaContext; -- -- // -- // Convert the data to be signed to BIO format. -- // -- DataBio = BIO_new (BIO_s_mem ()); -- BIO_write (DataBio, InData, (int) InDataSize); -- -- // -- // Create the PKCS#7 signedData structure. -- // -- Pkcs7 = PKCS7_sign ( -- (X509 *) SignCert, -- Key, -- (STACK_OF(X509) *) OtherCerts, -- DataBio, -- PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED -- ); -- if (Pkcs7 == NULL) { -- Status = FALSE; -- goto _Exit; -- } -- -- // -- // Convert PKCS#7 signedData structure into DER-encoded buffer. -- // -- P7DataSize = i2d_PKCS7 (Pkcs7, NULL); -- if (P7DataSize <= 19) { -- Status = FALSE; -- goto _Exit; -- } -- -- P7Data = malloc (P7DataSize); -- if (P7Data == NULL) { -- Status = FALSE; -- goto _Exit; -- } -- -- Tmp = P7Data; -- P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp); -- -- // -- // Strip ContentInfo to content only for signeddata. The data be trimmed off -- // is totally 19 bytes. -- // -- *SignedDataSize = P7DataSize - 19; -- *SignedData = malloc (*SignedDataSize); -- if (*SignedData == NULL) { -- Status = FALSE; -- OPENSSL_free (P7Data); -- goto _Exit; -- } -- -- CopyMem (*SignedData, P7Data + 19, *SignedDataSize); -- -- OPENSSL_free (P7Data); -- -- Status = TRUE; -- --_Exit: -- // -- // Release Resources -- // -- if (RsaContext != NULL) { -- RsaFree (RsaContext); -- if (Key != NULL) { -- Key->pkey.rsa = NULL; -- } -- } -- -- if (Key != NULL) { -- EVP_PKEY_free (Key); -- } -- -- if (DataBio != NULL) { -- BIO_free (DataBio); -- } -- -- if (Pkcs7 != NULL) { -- PKCS7_free (Pkcs7); -- } -- -- return Status; --} -- --/** - Check input P7Data is a wrapped ContentInfo structure or not. If not construct - a new structure to wrap P7Data. - -@@ -395,6 +220,91 @@ WrapPkcs7Data ( - } - - /** -+ Pop single certificate from STACK_OF(X509). -+ -+ If X509Stack, Cert, or CertSize is NULL, then return FALSE. -+ -+ @param[in] X509Stack Pointer to a X509 stack object. -+ @param[out] Cert Pointer to a X509 certificate. -+ @param[out] CertSize Length of output X509 certificate in bytes. -+ -+ @retval TRUE The X509 stack pop succeeded. -+ @retval FALSE The pop operation failed. -+ -+**/ -+BOOLEAN -+X509PopCertificate ( -+ IN VOID *X509Stack, -+ OUT UINT8 **Cert, -+ OUT UINTN *CertSize -+ ) -+{ -+ BIO *CertBio; -+ X509 *X509Cert; -+ STACK_OF(X509) *CertStack; -+ BOOLEAN Status; -+ INT32 Result; -+ INT32 Length; -+ VOID *Buffer; -+ -+ Status = FALSE; -+ -+ if ((X509Stack == NULL) || (Cert == NULL) || (CertSize == NULL)) { -+ return Status; -+ } -+ -+ CertStack = (STACK_OF(X509) *) X509Stack; -+ -+ X509Cert = sk_X509_pop (CertStack); -+ -+ if (X509Cert == NULL) { -+ return Status; -+ } -+ -+ Buffer = NULL; -+ -+ CertBio = BIO_new (BIO_s_mem ()); -+ if (CertBio == NULL) { -+ return Status; -+ } -+ -+ Result = i2d_X509_bio (CertBio, X509Cert); -+ if (Result == 0) { -+ goto _Exit; -+ } -+ -+ Length = ((BUF_MEM *) CertBio->ptr)->length; -+ if (Length <= 0) { -+ goto _Exit; -+ } -+ -+ Buffer = malloc (Length); -+ if (Buffer == NULL) { -+ goto _Exit; -+ } -+ -+ Result = BIO_read (CertBio, Buffer, Length); -+ if (Result != Length) { -+ goto _Exit; -+ } -+ -+ *Cert = Buffer; -+ *CertSize = Length; -+ -+ Status = TRUE; -+ -+_Exit: -+ -+ BIO_free (CertBio); -+ -+ if (!Status && (Buffer != NULL)) { -+ free (Buffer); -+ } -+ -+ return Status; -+} -+ -+/** - Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: - Cryptographic Message Syntax Standard". The input signed data could be wrapped - in a ContentInfo structure. -@@ -634,7 +544,6 @@ Pkcs7Verify ( - ) - { - PKCS7 *Pkcs7; -- BIO *CertBio; - BIO *DataBio; - BOOLEAN Status; - X509 *Cert; -@@ -653,7 +562,6 @@ Pkcs7Verify ( - } - - Pkcs7 = NULL; -- CertBio = NULL; - DataBio = NULL; - Cert = NULL; - CertStore = NULL; -@@ -661,10 +569,19 @@ Pkcs7Verify ( - // - // Register & Initialize necessary digest algorithms for PKCS#7 Handling - // -- EVP_add_digest (EVP_md5()); -- EVP_add_digest (EVP_sha1()); -- EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA); -- EVP_add_digest (EVP_sha256()); -+ if (EVP_add_digest (EVP_md5 ()) == 0) { -+ return FALSE; -+ } -+ if (EVP_add_digest (EVP_sha1 ()) == 0) { -+ return FALSE; -+ } -+ if (EVP_add_digest (EVP_sha256 ()) == 0) { -+ return FALSE; -+ } -+ if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) { -+ return FALSE; -+ } -+ - - Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize); - if (!Status) { -@@ -696,12 +613,7 @@ Pkcs7Verify ( - // - // Read DER-encoded root certificate and Construct X509 Certificate - // -- CertBio = BIO_new (BIO_s_mem ()); -- BIO_write (CertBio, TrustedCert, (int)CertLength); -- if (CertBio == NULL) { -- goto _Exit; -- } -- Cert = d2i_X509_bio (CertBio, NULL); -+ Cert = d2i_X509 (NULL, &TrustedCert, (long) CertLength); - if (Cert == NULL) { - goto _Exit; - } -@@ -728,7 +640,20 @@ Pkcs7Verify ( - // in PKCS#7 structure. So ignore NULL checking here. - // - DataBio = BIO_new (BIO_s_mem ()); -- BIO_write (DataBio, InData, (int)DataLength); -+ if (DataBio == NULL) { -+ goto _Exit; -+ } -+ -+ if (BIO_write (DataBio, InData, (int) DataLength) <= 0) { -+ goto _Exit; -+ } -+ -+ // -+ // OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and -+ // doesn't support the extended key usage for Authenticode Code Signing. -+ // Bypass the certificate purpose checking by enabling any purposes setting. -+ // -+ X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY); - - // - // Verifies the PKCS#7 signedData structure -@@ -740,7 +665,6 @@ _Exit: - // Release Resources - // - BIO_free (DataBio); -- BIO_free (CertBio); - X509_free (Cert); - X509_STORE_free (CertStore); - PKCS7_free (Pkcs7); -diff --git a/Cryptlib/Pk/CryptPkcs7VerifyNull.c b/Cryptlib/Pk/CryptPkcs7VerifyNull.c -new file mode 100644 -index 0000000..9a4c77a ---- /dev/null -+++ b/Cryptlib/Pk/CryptPkcs7VerifyNull.c -@@ -0,0 +1,100 @@ -+/** @file -+ PKCS#7 SignedData Verification Wrapper Implementation which does not provide -+ real capabilities. -+ -+Copyright (c) 2012, Intel Corporation. All rights reserved.
-+This program and the accompanying materials -+are licensed and made available under the terms and conditions of the BSD License -+which accompanies this distribution. The full text of the license may be found at -+http://opensource.org/licenses/bsd-license.php -+ -+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+ -+**/ -+ -+#include "InternalCryptLib.h" -+ -+/** -+ Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: -+ Cryptographic Message Syntax Standard". The input signed data could be wrapped -+ in a ContentInfo structure. -+ -+ Return FALSE to indicate this interface is not supported. -+ -+ @param[in] P7Data Pointer to the PKCS#7 message to verify. -+ @param[in] P7Length Length of the PKCS#7 message in bytes. -+ @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. -+ It's caller's responsiblity to free the buffer. -+ @param[out] StackLength Length of signer's certificates in bytes. -+ @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. -+ It's caller's responsiblity to free the buffer. -+ @param[out] CertLength Length of the trusted certificate in bytes. -+ -+ @retval FALSE This interface is not supported. -+ -+**/ -+BOOLEAN -+EFIAPI -+Pkcs7GetSigners ( -+ IN CONST UINT8 *P7Data, -+ IN UINTN P7Length, -+ OUT UINT8 **CertStack, -+ OUT UINTN *StackLength, -+ OUT UINT8 **TrustedCert, -+ OUT UINTN *CertLength -+ ) -+{ -+ ASSERT (FALSE); -+ return FALSE; -+} -+ -+/** -+ Wrap function to use free() to free allocated memory for certificates. -+ -+ If the interface is not supported, then ASSERT(). -+ -+ @param[in] Certs Pointer to the certificates to be freed. -+ -+**/ -+VOID -+EFIAPI -+Pkcs7FreeSigners ( -+ IN UINT8 *Certs -+ ) -+{ -+ ASSERT (FALSE); -+} -+ -+/** -+ Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: -+ Cryptographic Message Syntax Standard". The input signed data could be wrapped -+ in a ContentInfo structure. -+ -+ Return FALSE to indicate this interface is not supported. -+ -+ @param[in] P7Data Pointer to the PKCS#7 message to verify. -+ @param[in] P7Length Length of the PKCS#7 message in bytes. -+ @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which -+ is used for certificate chain verification. -+ @param[in] CertLength Length of the trusted certificate in bytes. -+ @param[in] InData Pointer to the content to be verified. -+ @param[in] DataLength Length of InData in bytes. -+ -+ @retval FALSE This interface is not supported. -+ -+**/ -+BOOLEAN -+EFIAPI -+Pkcs7Verify ( -+ IN CONST UINT8 *P7Data, -+ IN UINTN P7Length, -+ IN CONST UINT8 *TrustedCert, -+ IN UINTN CertLength, -+ IN CONST UINT8 *InData, -+ IN UINTN DataLength -+ ) -+{ -+ ASSERT (FALSE); -+ return FALSE; -+} -diff --git a/Cryptlib/Pk/CryptRsaExtNull.c b/Cryptlib/Pk/CryptRsaExtNull.c -new file mode 100644 -index 0000000..e44cdde ---- /dev/null -+++ b/Cryptlib/Pk/CryptRsaExtNull.c -@@ -0,0 +1,125 @@ -+/** @file -+ RSA Asymmetric Cipher Wrapper Implementation over OpenSSL. -+ -+ This file does not provide real capabilities for following APIs in RSA handling: -+ 1) RsaGetKey -+ 2) RsaGenerateKey -+ 3) RsaCheckKey -+ 4) RsaPkcs1Sign -+ -+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
-+This program and the accompanying materials -+are licensed and made available under the terms and conditions of the BSD License -+which accompanies this distribution. The full text of the license may be found at -+http://opensource.org/licenses/bsd-license.php -+ -+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+ -+**/ -+ -+#include "InternalCryptLib.h" -+ -+/** -+ Gets the tag-designated RSA key component from the established RSA context. -+ -+ Return FALSE to indicate this interface is not supported. -+ -+ @param[in, out] RsaContext Pointer to RSA context being set. -+ @param[in] KeyTag Tag of RSA key component being set. -+ @param[out] BigNumber Pointer to octet integer buffer. -+ @param[in, out] BnSize On input, the size of big number buffer in bytes. -+ On output, the size of data returned in big number buffer in bytes. -+ -+ @retval FALSE This interface is not supported. -+ -+**/ -+BOOLEAN -+EFIAPI -+RsaGetKey ( -+ IN OUT VOID *RsaContext, -+ IN RSA_KEY_TAG KeyTag, -+ OUT UINT8 *BigNumber, -+ IN OUT UINTN *BnSize -+ ) -+{ -+ ASSERT (FALSE); -+ return FALSE; -+} -+ -+/** -+ Generates RSA key components. -+ -+ Return FALSE to indicate this interface is not supported. -+ -+ @param[in, out] RsaContext Pointer to RSA context being set. -+ @param[in] ModulusLength Length of RSA modulus N in bits. -+ @param[in] PublicExponent Pointer to RSA public exponent. -+ @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. -+ -+ @retval FALSE This interface is not supported. -+ -+**/ -+BOOLEAN -+EFIAPI -+RsaGenerateKey ( -+ IN OUT VOID *RsaContext, -+ IN UINTN ModulusLength, -+ IN CONST UINT8 *PublicExponent, -+ IN UINTN PublicExponentSize -+ ) -+{ -+ ASSERT (FALSE); -+ return FALSE; -+} -+ -+/** -+ Validates key components of RSA context. -+ -+ Return FALSE to indicate this interface is not supported. -+ -+ @param[in] RsaContext Pointer to RSA context to check. -+ -+ @retval FALSE This interface is not supported. -+ -+**/ -+BOOLEAN -+EFIAPI -+RsaCheckKey ( -+ IN VOID *RsaContext -+ ) -+{ -+ ASSERT (FALSE); -+ return FALSE; -+} -+ -+/** -+ Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme. -+ -+ Return FALSE to indicate this interface is not supported. -+ -+ @param[in] RsaContext Pointer to RSA context for signature generation. -+ @param[in] MessageHash Pointer to octet message hash to be signed. -+ @param[in] HashSize Size of the message hash in bytes. -+ @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature. -+ @param[in, out] SigSize On input, the size of Signature buffer in bytes. -+ On output, the size of data returned in Signature buffer in bytes. -+ -+ @retval FALSE This interface is not supported. -+ -+**/ -+BOOLEAN -+EFIAPI -+RsaPkcs1Sign ( -+ IN VOID *RsaContext, -+ IN CONST UINT8 *MessageHash, -+ IN UINTN HashSize, -+ OUT UINT8 *Signature, -+ IN OUT UINTN *SigSize -+ ) -+{ -+ ASSERT (FALSE); -+ return FALSE; -+} -+ -+ -diff --git a/Cryptlib/Rand/CryptRand.c b/Cryptlib/Rand/CryptRand.c -index dc3ab99..895ce83 100644 ---- a/Cryptlib/Rand/CryptRand.c -+++ b/Cryptlib/Rand/CryptRand.c -@@ -1,7 +1,7 @@ - /** @file - Pseudorandom Number Generator Wrapper Implementation over OpenSSL. - --Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
-+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - #include "InternalCryptLib.h" - #include -+#include - - // - // Default seed for UEFI Crypto Library -@@ -48,6 +49,14 @@ RandomSeed ( - } - - // -+ // The software PRNG implementation built in OpenSSL depends on message digest algorithm. -+ // Make sure SHA-1 digest algorithm is available here. -+ // -+ if (EVP_add_digest (EVP_sha1 ()) == 0) { -+ return FALSE; -+ } -+ -+ // - // Seed the pseudorandom number generator with user-supplied value. - // NOTE: A cryptographic PRNG must be seeded with unpredictable data. - // -diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh -index 96bbece..57b6631 100755 ---- a/Cryptlib/update.sh -+++ b/Cryptlib/update.sh -@@ -13,8 +13,13 @@ cp $DIR/Cipher/CryptAes.c Cipher/CryptAes.c - cp $DIR/Cipher/CryptTdes.c Cipher/CryptTdes.c - cp $DIR/Cipher/CryptArc4.c Cipher/CryptArc4.c - cp $DIR/Rand/CryptRand.c Rand/CryptRand.c --cp $DIR/Pk/CryptRsa.c Pk/CryptRsa.c --cp $DIR/Pk/CryptPkcs7.c Pk/CryptPkcs7.c -+cp $DIR/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c -+cp $DIR/Pk/CryptRsaExt.c Pk/CryptRsaExt.c -+cp $DIR/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c -+cp $DIR/Pk/CryptPkcs7Sign.c Pk/CryptPkcs7Sign.c -+cp $DIR/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c -+cp $DIR/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c -+cp $DIR/Pk/CryptPkcs7VerifyNull.c Pk/CryptPkcs7VerifyNull.c - cp $DIR/Pk/CryptDh.c Pk/CryptDh.c - cp $DIR/Pk/CryptX509.c Pk/CryptX509.c - cp $DIR/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c --- -1.9.3 - diff --git a/SOURCES/0044-Replace-build-instructions-in-README-with-something-.patch b/SOURCES/0044-Replace-build-instructions-in-README-with-something-.patch deleted file mode 100644 index b2a0f0c..0000000 --- a/SOURCES/0044-Replace-build-instructions-in-README-with-something-.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 81ee561dde0213bc487aa1b701799f6d2faeaf31 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 21 Jul 2014 16:15:07 -0400 -Subject: [PATCH 44/74] Replace build instructions in README with something not - completely wrong. - -These were really, really out of date. ---- - README | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/README b/README -index 2977f2a..24a39df 100644 ---- a/README -+++ b/README -@@ -12,5 +12,5 @@ in the shim.h header file and provides a single entry point. On 64-bit systems - this entry point expects to be called with SysV ABI rather than MSABI, and - so calls to it should not be wrapped. - --To use shim, simply place a hex dump of the public certificate in cert.h --and build it with make. -\ No newline at end of file -+To use shim, simply place a DER-encoded public certificate in a file such as -+pub.cer and build with "make VENDOR_CERT_FILE=pub.cer". --- -1.9.3 - diff --git a/SOURCES/0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch b/SOURCES/0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch deleted file mode 100644 index 8372361..0000000 --- a/SOURCES/0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch +++ /dev/null @@ -1,37 +0,0 @@ -From a30276e095c10be69b5282d01c20cf5daf3fa671 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Tue, 12 Aug 2014 15:33:18 +0200 -Subject: [PATCH 45/74] CryptLib: undefine va_arg and friends before redefining - them - -Upstream GNU-EFI contains changes to efistdarg.h resulting in the va_start, -va_arg and va_end macros to be #defined unconditionally. Make sure we #undef -them before overriding the definitions. - -Signed-off-by: Ard Biesheuvel ---- - Cryptlib/Include/OpenSslSupport.h | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h -index 5a2745d..9e56ced 100644 ---- a/Cryptlib/Include/OpenSslSupport.h -+++ b/Cryptlib/Include/OpenSslSupport.h -@@ -35,6 +35,14 @@ typedef VOID *FILE; - // Map all va_xxxx elements to VA_xxx defined in MdePkg/Include/Base.h - // - #if !defined(__CC_ARM) // if va_list is not already defined -+/* -+ * These are now unconditionally #defined by GNU_EFI's efistdarg.h, -+ * so we should #undef them here before providing a new definition. -+ */ -+#undef va_arg -+#undef va_start -+#undef va_end -+ - #define va_list VA_LIST - #define va_arg VA_ARG - #define va_start VA_START --- -1.9.3 - diff --git a/SOURCES/0046-unhook_system_services-bail-on-systab-NULL.patch b/SOURCES/0046-unhook_system_services-bail-on-systab-NULL.patch deleted file mode 100644 index 3f0bb9d..0000000 --- a/SOURCES/0046-unhook_system_services-bail-on-systab-NULL.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 77cdb40423e29a5f9d1318cd0ada874ee1916450 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Tue, 12 Aug 2014 15:33:19 +0200 -Subject: [PATCH 46/74] unhook_system_services: bail on systab == NULL - -Prevent unhook_system_services() from dereferencing a NULL systab, which -may occur if hook_system_services() has never been called. - -Signed-off-by: Ard Biesheuvel ---- - replacements.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/replacements.c b/replacements.c -index 48dc437..5dfa355 100644 ---- a/replacements.c -+++ b/replacements.c -@@ -70,6 +70,9 @@ static EFI_HANDLE last_loaded_image; - void - unhook_system_services(void) - { -+ if (!systab) -+ return; -+ - systab->BootServices->Exit = system_exit; - systab->BootServices->LoadImage = system_load_image; - systab->BootServices->StartImage = system_start_image; --- -1.9.3 - diff --git a/SOURCES/0047-Factor-out-x86-isms-and-add-cross-compile-support.patch b/SOURCES/0047-Factor-out-x86-isms-and-add-cross-compile-support.patch deleted file mode 100644 index 7d178f3..0000000 --- a/SOURCES/0047-Factor-out-x86-isms-and-add-cross-compile-support.patch +++ /dev/null @@ -1,235 +0,0 @@ -From 99d7b5e858945b8bb160fe3fea77596b2daf07ff Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Tue, 12 Aug 2014 15:33:20 +0200 -Subject: [PATCH 47/74] Factor out x86-isms and add cross compile support - -This patch cleans up and refactors the Makefiles to better allow new -architectures to be added: -- remove unused Makefile definitions -- import Makefile definitions from top level rather than redefining -- move x86 specific CFLAGS to inside ifeq() blocks -- remove x86 inline asm -- allow $(FORMAT) to be overridden: this is necessary as there exists no - EFI or PE/COFF aware objcopy for ARM - -Signed-off-by: Ard Biesheuvel ---- - Cryptlib/Makefile | 16 ++++++---------- - Cryptlib/OpenSSL/Makefile | 15 ++++++--------- - Makefile | 45 +++++++++++++++++++++++++++------------------ - lib/Makefile | 14 ++++---------- - netboot.c | 10 +--------- - 5 files changed, 44 insertions(+), 56 deletions(-) - -diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile -index 678baac..73a1e2b 100644 ---- a/Cryptlib/Makefile -+++ b/Cryptlib/Makefile -@@ -1,19 +1,15 @@ --ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) - --EFI_INCLUDE = /usr/include/efi --EFI_INCLUDES = -nostdinc -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol --EFI_PATH = /usr/lib64/gnuefi -- --LIB_GCC = $(shell $(CC) -print-libgcc-file-name) --EFI_LIBS = -lefi -lgnuefi $(LIB_GCC) -+EFI_INCLUDES = -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol - - CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar \ -- -Wall $(EFI_INCLUDES) -mno-red-zone -maccumulate-outgoing-args -mno-sse -mno-mmx -+ -Wall $(EFI_INCLUDES) -+ - ifeq ($(ARCH),x86_64) -- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -+ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \ -+ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI - endif - ifeq ($(ARCH),ia32) -- CFLAGS += -m32 -+ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 - endif - LDFLAGS = -nostdlib -znocombreloc - -diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile -index 8e2f2a6..9097580 100644 ---- a/Cryptlib/OpenSSL/Makefile -+++ b/Cryptlib/OpenSSL/Makefile -@@ -1,19 +1,16 @@ --ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) - --EFI_INCLUDE = /usr/include/efi - EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol --EFI_PATH = /usr/lib64/gnuefi - --LIB_GCC = $(shell $(CC) -print-libgcc-file-name) --EFI_LIBS = -lefi -lgnuefi $(LIB_GCC) -- --CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ -+CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \ - -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC -+ - ifeq ($(ARCH),x86_64) -- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG -+ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ -+ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG - endif - ifeq ($(ARCH),ia32) -- CFLAGS += -m32 -DTHIRTY_TWO_BIT -+ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ -+ -m32 -DTHIRTY_TWO_BIT - endif - LDFLAGS = -nostdlib -znocombreloc - -diff --git a/Makefile b/Makefile -index df190a2..f65bb3b 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,10 +1,14 @@ --ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) -+CC = $(CROSS_COMPILE)gcc -+LD = $(CROSS_COMPILE)ld -+OBJCOPY = $(CROSS_COMPILE)objcopy -+ -+ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) - - SUBDIRS = Cryptlib lib - - LIB_PATH = /usr/lib64 - --EFI_INCLUDE = /usr/include/efi -+EFI_INCLUDE := /usr/include/efi - EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude - EFI_PATH := /usr/lib64/gnuefi - -@@ -16,9 +20,7 @@ EFI_LDS = elf_$(ARCH)_efi.lds - - DEFAULT_LOADER := \\\\grub.efi - CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ -- -fshort-wchar -Wall -Wsign-compare -Werror \ -- -mno-red-zone -maccumulate-outgoing-args \ -- -mno-mmx -mno-sse -fno-builtin \ -+ -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ - "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ - "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ - $(EFI_INCLUDES) -@@ -26,12 +28,15 @@ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ - ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined) - CFLAGS += -DOVERRIDE_SECURITY_POLICY - endif -+ - ifeq ($(ARCH),x86_64) -- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -+ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \ -+ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI - endif - ifeq ($(ARCH),ia32) -- CFLAGS += -m32 -+ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 - endif -+ - ifneq ($(origin VENDOR_CERT_FILE), undefined) - CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" - endif -@@ -95,26 +100,28 @@ MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a - $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a - - Cryptlib/libcryptlib.a: -- $(MAKE) -C Cryptlib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) -+ $(MAKE) -C Cryptlib - - Cryptlib/OpenSSL/libopenssl.a: -- $(MAKE) -C Cryptlib/OpenSSL EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) -+ $(MAKE) -C Cryptlib/OpenSSL - - lib/lib.a: -- $(MAKE) -C lib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) -+ $(MAKE) -C lib -+ -+FORMAT ?= --target efi-app-$(ARCH) - - %.efi: %.so -- objcopy -j .text -j .sdata -j .data \ -- -j .dynamic -j .dynsym -j .rel \ -- -j .rela -j .reloc -j .eh_frame \ -+ $(OBJCOPY) -j .text -j .sdata -j .data \ -+ -j .dynamic -j .dynsym -j .rel* \ -+ -j .rela* -j .reloc -j .eh_frame \ - -j .vendor_cert \ -- --target=efi-app-$(ARCH) $^ $@ -- objcopy -j .text -j .sdata -j .data \ -- -j .dynamic -j .dynsym -j .rel \ -- -j .rela -j .reloc -j .eh_frame \ -+ $(FORMAT) $^ $@ -+ $(OBJCOPY) -j .text -j .sdata -j .data \ -+ -j .dynamic -j .dynsym -j .rel* \ -+ -j .rela* -j .reloc -j .eh_frame \ - -j .debug_info -j .debug_abbrev -j .debug_aranges \ - -j .debug_line -j .debug_str -j .debug_ranges \ -- --target=efi-app-$(ARCH) $^ $@.debug -+ $(FORMAT) $^ $@.debug - - %.efi.signed: %.efi certdb/secmod.db - pesign -n certdb -i $< -c "shim" -s -o $@ -f -@@ -151,3 +158,5 @@ archive: tag - @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) - @rm -rf /tmp/shim-$(VERSION) - @echo "The archive is in shim-$(VERSION).tar.bz2" -+ -+export ARCH CC LD OBJCOPY EFI_INCLUDE -diff --git a/lib/Makefile b/lib/Makefile -index a9c9cf6..ebd21a1 100644 ---- a/lib/Makefile -+++ b/lib/Makefile -@@ -2,23 +2,17 @@ TARGET = lib.a - - LIBFILES = simple_file.o guid.o console.o execute.o configtable.o shell.o variables.o security_policy.o - --ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) -- --EFI_INCLUDE = /usr/include/efi - EFI_INCLUDES = -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I../include - --EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o --EFI_LDS = $(EFI_PATH)/elf_$(ARCH)_efi.lds -- - CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ -- -fshort-wchar -Wall -mno-red-zone -DBUILD_EFI -fno-builtin \ -- -Werror \ -+ -fshort-wchar -Wall -DBUILD_EFI -fno-builtin -Werror \ - $(EFI_INCLUDES) -+ - ifeq ($(ARCH),x86_64) -- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -+ CFLAGS += -mno-red-zone -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI - endif - ifeq ($(ARCH),ia32) -- CFLAGS += -m32 -+ CFLAGS += -mno-red-zone -m32 - endif - - lib.a: $(LIBFILES) -diff --git a/netboot.c b/netboot.c -index 5ef53f7..238937d 100644 ---- a/netboot.c -+++ b/netboot.c -@@ -40,15 +40,7 @@ - #include "netboot.h" - #include "str.h" - --static inline unsigned short int __swap16(unsigned short int x) --{ -- __asm__("xchgb %b0,%h0" -- : "=q" (x) -- : "0" (x)); -- return x; --} -- --#define ntohs(x) __swap16(x) -+#define ntohs(x) __builtin_bswap16(x) /* supported both by GCC and clang */ - #define htons(x) ntohs(x) - - static EFI_PXE_BASE_CODE *pxe; --- -1.9.3 - diff --git a/SOURCES/0048-Add-support-for-64-bit-ARM-AArch64.patch b/SOURCES/0048-Add-support-for-64-bit-ARM-AArch64.patch deleted file mode 100644 index 838e655..0000000 --- a/SOURCES/0048-Add-support-for-64-bit-ARM-AArch64.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 04cba93d64b5ffd3a05be82aacea5c2b2d0ea94c Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Tue, 12 Aug 2014 15:33:21 +0200 -Subject: [PATCH 48/74] Add support for 64-bit ARM (AArch64) - -This adds support for building the shim for a 64-bit ARM UEFI environment. - -Signed-off-by: Ard Biesheuvel ---- - Cryptlib/OpenSSL/Makefile | 3 +++ - Makefile | 10 ++++++++ - elf_aarch64_efi.lds | 65 +++++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 78 insertions(+) - create mode 100644 elf_aarch64_efi.lds - -diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile -index 9097580..17b5695 100644 ---- a/Cryptlib/OpenSSL/Makefile -+++ b/Cryptlib/OpenSSL/Makefile -@@ -12,6 +12,9 @@ ifeq ($(ARCH),ia32) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ - -m32 -DTHIRTY_TWO_BIT - endif -+ifeq ($(ARCH),aarch64) -+ CFLAGS += -O2 -DSIXTY_FOUR_BIT_LONG -ffreestanding -I$(shell $(CC) -print-file-name=include) -+endif - LDFLAGS = -nostdlib -znocombreloc - - TARGET = libopenssl.a -diff --git a/Makefile b/Makefile -index f65bb3b..3529b45 100644 ---- a/Makefile -+++ b/Makefile -@@ -37,6 +37,10 @@ ifeq ($(ARCH),ia32) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 - endif - -+ifeq ($(ARCH),aarch64) -+ CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include) -+endif -+ - ifneq ($(origin VENDOR_CERT_FILE), undefined) - CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" - endif -@@ -108,6 +112,12 @@ Cryptlib/OpenSSL/libopenssl.a: - lib/lib.a: - $(MAKE) -C lib - -+ifeq ($(ARCH),aarch64) -+FORMAT := -O binary -+SUBSYSTEM := 0xa -+LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) -+endif -+ - FORMAT ?= --target efi-app-$(ARCH) - - %.efi: %.so -diff --git a/elf_aarch64_efi.lds b/elf_aarch64_efi.lds -new file mode 100644 -index 0000000..9c9a055 ---- /dev/null -+++ b/elf_aarch64_efi.lds -@@ -0,0 +1,65 @@ -+OUTPUT_FORMAT("elf64-littleaarch64", "elf64-littleaarch64", "elf64-littleaarch64") -+OUTPUT_ARCH(aarch64) -+ENTRY(_start) -+SECTIONS -+{ -+ .text 0x0 : { -+ *(.text.head) -+ *(.text) -+ *(.text.*) -+ *(.gnu.linkonce.t.*) -+ *(.srodata) -+ *(.rodata*) -+ . = ALIGN(16); -+ _etext = .; -+ } -+ .dynamic : { *(.dynamic) } -+ .data : -+ { -+ *(.sdata) -+ *(.data) -+ *(.data1) -+ *(.data.*) -+ *(.got.plt) -+ *(.got) -+ -+ /* the EFI loader doesn't seem to like a .bss section, so we stick -+ it all into .data: */ -+ . = ALIGN(16); -+ _bss = .; -+ *(.sbss) -+ *(.scommon) -+ *(.dynbss) -+ *(.bss) -+ *(COMMON) -+ . = ALIGN(16); -+ _bss_end = .; -+ } -+ -+ . = ALIGN(4096); -+ .vendor_cert : -+ { -+ *(.vendor_cert) -+ } -+ . = ALIGN(4096); -+ -+ .rela.dyn : { *(.rela.dyn) } -+ .rela.plt : { *(.rela.plt) } -+ .rela.got : { *(.rela.got) } -+ .rela.data : { *(.rela.data) *(.rela.data*) } -+ _edata = .; -+ _data_size = . - _etext; -+ -+ . = ALIGN(4096); -+ .dynsym : { *(.dynsym) } -+ . = ALIGN(4096); -+ .dynstr : { *(.dynstr) } -+ . = ALIGN(4096); -+ /DISCARD/ : -+ { -+ *(.rel.reloc) -+ *(.eh_frame) -+ *(.note.GNU-stack) -+ } -+ .comment 0 : { *(.comment) } -+} --- -1.9.3 - diff --git a/SOURCES/0049-Add-support-for-32-bit-ARM.patch b/SOURCES/0049-Add-support-for-32-bit-ARM.patch deleted file mode 100644 index 49d4975..0000000 --- a/SOURCES/0049-Add-support-for-32-bit-ARM.patch +++ /dev/null @@ -1,209 +0,0 @@ -From fa525bc4632e04346fae82a98ce23b31c6cfc86d Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Tue, 12 Aug 2014 15:33:22 +0200 -Subject: [PATCH 49/74] Add support for 32-bit ARM - -This adds support for building the shim for a 32-bit ARM UEFI environment. - -Signed-off-by: Ard Biesheuvel ---- - Cryptlib/OpenSSL/Makefile | 3 +++ - Makefile | 10 ++++++++ - cert.S | 30 ++++++++++------------ - elf_arm_efi.lds | 65 +++++++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 92 insertions(+), 16 deletions(-) - create mode 100644 elf_arm_efi.lds - -diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile -index 17b5695..7990b3c 100644 ---- a/Cryptlib/OpenSSL/Makefile -+++ b/Cryptlib/OpenSSL/Makefile -@@ -15,6 +15,9 @@ endif - ifeq ($(ARCH),aarch64) - CFLAGS += -O2 -DSIXTY_FOUR_BIT_LONG -ffreestanding -I$(shell $(CC) -print-file-name=include) - endif -+ifeq ($(ARCH),arm) -+ CFLAGS += -O2 -DTHIRTY_TWO_BIT -ffreestanding -I$(shell $(CC) -print-file-name=include) -+endif - LDFLAGS = -nostdlib -znocombreloc - - TARGET = libopenssl.a -diff --git a/Makefile b/Makefile -index 3529b45..5bc513c 100644 ---- a/Makefile -+++ b/Makefile -@@ -41,6 +41,10 @@ ifeq ($(ARCH),aarch64) - CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include) - endif - -+ifeq ($(ARCH),arm) -+ CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include) -+endif -+ - ifneq ($(origin VENDOR_CERT_FILE), undefined) - CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" - endif -@@ -118,6 +122,12 @@ SUBSYSTEM := 0xa - LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) - endif - -+ifeq ($(ARCH),arm) -+FORMAT := -O binary -+SUBSYSTEM := 0xa -+LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) -+endif -+ - FORMAT ?= --target efi-app-$(ARCH) - - %.efi: %.so -diff --git a/cert.S b/cert.S -index 3cfd665..cfc4525 100644 ---- a/cert.S -+++ b/cert.S -@@ -1,9 +1,7 @@ - .globl cert_table -- .data -- .align 16 -- .type cert_table, @object -+ .type cert_table, %object - .size cert_table, 4 -- .section .vendor_cert, "a", @progbits -+ .section .vendor_cert, "a", %progbits - cert_table: - #if defined(VENDOR_CERT_FILE) - .long vendor_cert_priv_end - vendor_cert_priv -@@ -20,48 +18,48 @@ cert_table: - #if defined(VENDOR_CERT_FILE) - .data - .align 1 -- .type vendor_cert_priv, @object -+ .type vendor_cert_priv, %object - .size vendor_cert_priv, vendor_cert_priv_end-vendor_cert_priv -- .section .vendor_cert, "a", @progbits -+ .section .vendor_cert, "a", %progbits - vendor_cert_priv: - .incbin VENDOR_CERT_FILE - vendor_cert_priv_end: - #else - .bss -- .type vendor_cert_priv, @object -+ .type vendor_cert_priv, %object - .size vendor_cert_priv, 1 -- .section .vendor_cert, "a", @progbits -+ .section .vendor_cert, "a", %progbits - vendor_cert_priv: - .zero 1 - - .data - .align 4 -- .type vendor_cert_size_priv, @object -+ .type vendor_cert_size_priv, %object - .size vendor_cert_size_priv, 4 -- .section .vendor_cert, "a", @progbits -+ .section .vendor_cert, "a", %progbits - vendor_cert_priv_end: - #endif - #if defined(VENDOR_DBX_FILE) - .data - .align 1 -- .type vendor_dbx_priv, @object -+ .type vendor_dbx_priv, %object - .size vendor_dbx_priv, vendor_dbx_priv_end-vendor_dbx_priv -- .section .vendor_cert, "a", @progbits -+ .section .vendor_cert, "a", %progbits - vendor_dbx_priv: - .incbin VENDOR_DBX_FILE - vendor_dbx_priv_end: - #else - .bss -- .type vendor_dbx_priv, @object -+ .type vendor_dbx_priv, %object - .size vendor_dbx_priv, 1 -- .section .vendor_cert, "a", @progbits -+ .section .vendor_cert, "a", %progbits - vendor_dbx_priv: - .zero 1 - - .data - .align 4 -- .type vendor_dbx_size_priv, @object -+ .type vendor_dbx_size_priv, %object - .size vendor_dbx_size_priv, 4 -- .section .vendor_cert, "a", @progbits -+ .section .vendor_cert, "a", %progbits - vendor_dbx_priv_end: - #endif -diff --git a/elf_arm_efi.lds b/elf_arm_efi.lds -new file mode 100644 -index 0000000..fd1075d ---- /dev/null -+++ b/elf_arm_efi.lds -@@ -0,0 +1,65 @@ -+OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm") -+OUTPUT_ARCH(arm) -+ENTRY(_start) -+SECTIONS -+{ -+ .text 0x0 : { -+ *(.text.head) -+ *(.text) -+ *(.text.*) -+ *(.gnu.linkonce.t.*) -+ *(.srodata) -+ *(.rodata*) -+ . = ALIGN(16); -+ _etext = .; -+ } -+ .dynamic : { *(.dynamic) } -+ .data : -+ { -+ *(.sdata) -+ *(.data) -+ *(.data1) -+ *(.data) -+ *(.got.plt) -+ *(.got) -+ -+ /* the EFI loader doesn't seem to like a .bss section, so we stick -+ it all into .data: */ -+ . = ALIGN(16); -+ _bss = .; -+ *(.sbss) -+ *(.scommon) -+ *(.dynbss) -+ *(.bss) -+ *(COMMON) -+ . = ALIGN(16); -+ _bss_end = .; -+ } -+ -+ . = ALIGN(4096); -+ .vendor_cert : -+ { -+ *(.vendor_cert) -+ } -+ . = ALIGN(4096); -+ -+ .rel.dyn : { *(.rel.dyn) } -+ .rel.plt : { *(.rel.plt) } -+ .rel.got : { *(.rel.got) } -+ .rel.data : { *(.rel.data) *(.rel.data*) } -+ _edata = .; -+ _data_size = . - _etext; -+ -+ . = ALIGN(4096); -+ .dynsym : { *(.dynsym) } -+ . = ALIGN(4096); -+ .dynstr : { *(.dynstr) } -+ . = ALIGN(4096); -+ /DISCARD/ : -+ { -+ *(.rel.reloc) -+ *(.eh_frame) -+ *(.note.GNU-stack) -+ } -+ .comment 0 : { *(.comment) } -+} --- -1.9.3 - diff --git a/SOURCES/0050-Update-openssl-to-0.9.8zb.patch b/SOURCES/0050-Update-openssl-to-0.9.8zb.patch deleted file mode 100644 index 825c0e8..0000000 --- a/SOURCES/0050-Update-openssl-to-0.9.8zb.patch +++ /dev/null @@ -1,4231 +0,0 @@ -From 21f96e586351fc8b535353f2dea7c784e931d14a Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Tue, 19 Aug 2014 12:15:00 +0800 -Subject: [PATCH 50/74] Update openssl to 0.9.8zb - -Also update to Tiano Cryptlib r15802 and remove the execute mode -bits from the C and header files of openssl ---- - Cryptlib/OpenSSL/crypto/aes/aes_cbc.c | 0 - Cryptlib/OpenSSL/crypto/aes/aes_cfb.c | 0 - Cryptlib/OpenSSL/crypto/aes/aes_core.c | 0 - Cryptlib/OpenSSL/crypto/aes/aes_ctr.c | 0 - Cryptlib/OpenSSL/crypto/aes/aes_ecb.c | 0 - Cryptlib/OpenSSL/crypto/aes/aes_ige.c | 0 - Cryptlib/OpenSSL/crypto/aes/aes_misc.c | 0 - Cryptlib/OpenSSL/crypto/aes/aes_ofb.c | 0 - Cryptlib/OpenSSL/crypto/aes/aes_wrap.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_bool.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_bytes.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_digest.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_dup.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_enum.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_gentm.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_hdr.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_int.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_meth.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_object.c | 30 +- - Cryptlib/OpenSSL/crypto/asn1/a_octet.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_print.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_set.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_sign.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_time.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_type.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_utctm.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_utf8.c | 0 - Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 0 - Cryptlib/OpenSSL/crypto/asn1/asn1_err.c | 0 - Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c | 0 - Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c | 3 + - Cryptlib/OpenSSL/crypto/asn1/asn1_par.c | 0 - Cryptlib/OpenSSL/crypto/asn1/asn_mime.c | 2 + - Cryptlib/OpenSSL/crypto/asn1/asn_moid.c | 0 - Cryptlib/OpenSSL/crypto/asn1/asn_pack.c | 12 +- - Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c | 0 - Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c | 0 - Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c | 6 +- - Cryptlib/OpenSSL/crypto/asn1/f_enum.c | 0 - Cryptlib/OpenSSL/crypto/asn1/f_int.c | 0 - Cryptlib/OpenSSL/crypto/asn1/f_string.c | 0 - Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c | 0 - Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c | 0 - Cryptlib/OpenSSL/crypto/asn1/n_pkey.c | 0 - Cryptlib/OpenSSL/crypto/asn1/nsseq.c | 0 - Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c | 0 - Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c | 0 - Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c | 0 - Cryptlib/OpenSSL/crypto/asn1/t_bitst.c | 0 - Cryptlib/OpenSSL/crypto/asn1/t_crl.c | 0 - Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 0 - Cryptlib/OpenSSL/crypto/asn1/t_req.c | 0 - Cryptlib/OpenSSL/crypto/asn1/t_spki.c | 0 - Cryptlib/OpenSSL/crypto/asn1/t_x509.c | 2 + - Cryptlib/OpenSSL/crypto/asn1/t_x509a.c | 0 - Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c | 0 - Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c | 7 +- - Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c | 0 - Cryptlib/OpenSSL/crypto/asn1/tasn_new.c | 0 - Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c | 0 - Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_algor.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_attrib.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_bignum.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_crl.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_exten.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_info.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_long.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_name.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_pkey.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_req.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_sig.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_spki.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_val.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_x509.c | 0 - Cryptlib/OpenSSL/crypto/asn1/x_x509a.c | 0 - Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c | 0 - Cryptlib/OpenSSL/crypto/bf/bf_ecb.c | 0 - Cryptlib/OpenSSL/crypto/bf/bf_enc.c | 0 - Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c | 0 - Cryptlib/OpenSSL/crypto/bf/bf_skey.c | 0 - Cryptlib/OpenSSL/crypto/bio/b_dump.c | 0 - Cryptlib/OpenSSL/crypto/bio/bf_buff.c | 0 - Cryptlib/OpenSSL/crypto/bio/bf_nbio.c | 0 - Cryptlib/OpenSSL/crypto/bio/bf_null.c | 0 - Cryptlib/OpenSSL/crypto/bio/bio_cb.c | 0 - Cryptlib/OpenSSL/crypto/bio/bio_err.c | 0 - Cryptlib/OpenSSL/crypto/bio/bio_lib.c | 4 +- - Cryptlib/OpenSSL/crypto/bio/bss_bio.c | 0 - Cryptlib/OpenSSL/crypto/bio/bss_dgram.c | 0 - Cryptlib/OpenSSL/crypto/bio/bss_fd.c | 0 - Cryptlib/OpenSSL/crypto/bio/bss_file.c | 0 - Cryptlib/OpenSSL/crypto/bio/bss_log.c | 0 - Cryptlib/OpenSSL/crypto/bio/bss_mem.c | 0 - Cryptlib/OpenSSL/crypto/bio/bss_null.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_add.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_asm.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_blind.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_const.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_ctx.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_depr.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_div.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_err.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_exp.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_exp2.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_gcd.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c | 51 ++ - Cryptlib/OpenSSL/crypto/bn/bn_kron.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 61 +- - Cryptlib/OpenSSL/crypto/bn/bn_mod.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_mpi.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_mul.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_nist.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_opt.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_prime.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_print.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_rand.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_recp.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_shift.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_sqr.c | 1 + - Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_word.c | 0 - Cryptlib/OpenSSL/crypto/bn/bn_x931p.c | 0 - Cryptlib/OpenSSL/crypto/buffer/buf_err.c | 0 - Cryptlib/OpenSSL/crypto/buffer/buf_str.c | 0 - Cryptlib/OpenSSL/crypto/buffer/buffer.c | 0 - Cryptlib/OpenSSL/crypto/cast/c_cfb64.c | 0 - Cryptlib/OpenSSL/crypto/cast/c_ecb.c | 0 - Cryptlib/OpenSSL/crypto/cast/c_enc.c | 0 - Cryptlib/OpenSSL/crypto/cast/c_ofb64.c | 0 - Cryptlib/OpenSSL/crypto/cast/c_skey.c | 0 - Cryptlib/OpenSSL/crypto/comp/c_rle.c | 0 - Cryptlib/OpenSSL/crypto/comp/c_zlib.c | 0 - Cryptlib/OpenSSL/crypto/comp/comp_err.c | 0 - Cryptlib/OpenSSL/crypto/comp/comp_lib.c | 0 - Cryptlib/OpenSSL/crypto/conf/conf_api.c | 2 +- - Cryptlib/OpenSSL/crypto/conf/conf_def.c | 2 +- - Cryptlib/OpenSSL/crypto/conf/conf_err.c | 0 - Cryptlib/OpenSSL/crypto/conf/conf_lib.c | 0 - Cryptlib/OpenSSL/crypto/conf/conf_mall.c | 0 - Cryptlib/OpenSSL/crypto/conf/conf_mod.c | 0 - Cryptlib/OpenSSL/crypto/conf/conf_sap.c | 0 - Cryptlib/OpenSSL/crypto/cpt_err.c | 0 - Cryptlib/OpenSSL/crypto/cryptlib.c | 0 - Cryptlib/OpenSSL/crypto/cversion.c | 0 - Cryptlib/OpenSSL/crypto/des/cbc_cksm.c | 0 - Cryptlib/OpenSSL/crypto/des/cbc_enc.c | 0 - Cryptlib/OpenSSL/crypto/des/cfb64ede.c | 0 - Cryptlib/OpenSSL/crypto/des/cfb64enc.c | 0 - Cryptlib/OpenSSL/crypto/des/cfb_enc.c | 0 - Cryptlib/OpenSSL/crypto/des/des_enc.c | 0 - Cryptlib/OpenSSL/crypto/des/des_lib.c | 0 - Cryptlib/OpenSSL/crypto/des/des_old.c | 0 - Cryptlib/OpenSSL/crypto/des/des_old2.c | 0 - Cryptlib/OpenSSL/crypto/des/ecb3_enc.c | 0 - Cryptlib/OpenSSL/crypto/des/ecb_enc.c | 0 - Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c | 0 - Cryptlib/OpenSSL/crypto/des/enc_read.c | 0 - Cryptlib/OpenSSL/crypto/des/enc_writ.c | 0 - Cryptlib/OpenSSL/crypto/des/fcrypt.c | 0 - Cryptlib/OpenSSL/crypto/des/fcrypt_b.c | 0 - Cryptlib/OpenSSL/crypto/des/ofb64ede.c | 0 - Cryptlib/OpenSSL/crypto/des/ofb64enc.c | 0 - Cryptlib/OpenSSL/crypto/des/ofb_enc.c | 0 - Cryptlib/OpenSSL/crypto/des/pcbc_enc.c | 0 - Cryptlib/OpenSSL/crypto/des/qud_cksm.c | 0 - Cryptlib/OpenSSL/crypto/des/rand_key.c | 0 - Cryptlib/OpenSSL/crypto/des/read2pwd.c | 0 - Cryptlib/OpenSSL/crypto/des/rpc_enc.c | 0 - Cryptlib/OpenSSL/crypto/des/set_key.c | 0 - Cryptlib/OpenSSL/crypto/des/str2key.c | 0 - Cryptlib/OpenSSL/crypto/des/xcbc_enc.c | 0 - Cryptlib/OpenSSL/crypto/dh/dh_asn1.c | 0 - Cryptlib/OpenSSL/crypto/dh/dh_check.c | 0 - Cryptlib/OpenSSL/crypto/dh/dh_depr.c | 0 - Cryptlib/OpenSSL/crypto/dh/dh_err.c | 0 - Cryptlib/OpenSSL/crypto/dh/dh_gen.c | 0 - Cryptlib/OpenSSL/crypto/dh/dh_key.c | 0 - Cryptlib/OpenSSL/crypto/dh/dh_lib.c | 0 - Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c | 0 - Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c | 0 - Cryptlib/OpenSSL/crypto/dsa/dsa_err.c | 0 - Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c | 0 - Cryptlib/OpenSSL/crypto/dsa/dsa_key.c | 0 - Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c | 0 - Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c | 0 - Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c | 0 - Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c | 0 - Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c | 0 - Cryptlib/OpenSSL/crypto/dso/dso_dl.c | 0 - Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c | 0 - Cryptlib/OpenSSL/crypto/dso/dso_err.c | 0 - Cryptlib/OpenSSL/crypto/dso/dso_lib.c | 0 - Cryptlib/OpenSSL/crypto/dso/dso_null.c | 0 - Cryptlib/OpenSSL/crypto/dso/dso_openssl.c | 0 - Cryptlib/OpenSSL/crypto/dso/dso_vms.c | 0 - Cryptlib/OpenSSL/crypto/dso/dso_win32.c | 0 - Cryptlib/OpenSSL/crypto/dyn_lck.c | 0 - Cryptlib/OpenSSL/crypto/ebcdic.c | 0 - Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 0 - Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c | 0 - Cryptlib/OpenSSL/crypto/ec/ec_asn1.c | 0 - Cryptlib/OpenSSL/crypto/ec/ec_check.c | 0 - Cryptlib/OpenSSL/crypto/ec/ec_curve.c | 0 - Cryptlib/OpenSSL/crypto/ec/ec_cvt.c | 0 - Cryptlib/OpenSSL/crypto/ec/ec_err.c | 0 - Cryptlib/OpenSSL/crypto/ec/ec_key.c | 0 - Cryptlib/OpenSSL/crypto/ec/ec_lib.c | 2 +- - Cryptlib/OpenSSL/crypto/ec/ec_mult.c | 0 - Cryptlib/OpenSSL/crypto/ec/ec_print.c | 0 - Cryptlib/OpenSSL/crypto/ec/ecp_mont.c | 0 - Cryptlib/OpenSSL/crypto/ec/ecp_nist.c | 0 - Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c | 174 ++--- - Cryptlib/OpenSSL/crypto/ecdh/ech_err.c | 0 - Cryptlib/OpenSSL/crypto/ecdh/ech_key.c | 0 - Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c | 0 - Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c | 0 - Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c | 0 - Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c | 0 - Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c | 0 - Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c | 0 - Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c | 0 - Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c | 0 - Cryptlib/OpenSSL/crypto/engine/eng_all.c | 0 - Cryptlib/OpenSSL/crypto/engine/eng_cnf.c | 0 - Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c | 0 - Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c | 0 - Cryptlib/OpenSSL/crypto/engine/eng_dyn.c | 0 - Cryptlib/OpenSSL/crypto/engine/eng_err.c | 0 - Cryptlib/OpenSSL/crypto/engine/eng_fat.c | 0 - Cryptlib/OpenSSL/crypto/engine/eng_init.c | 0 - Cryptlib/OpenSSL/crypto/engine/eng_lib.c | 0 - Cryptlib/OpenSSL/crypto/engine/eng_list.c | 0 - Cryptlib/OpenSSL/crypto/engine/eng_openssl.c | 0 - Cryptlib/OpenSSL/crypto/engine/eng_padlock.c | 0 - Cryptlib/OpenSSL/crypto/engine/eng_pkey.c | 0 - Cryptlib/OpenSSL/crypto/engine/eng_table.c | 0 - Cryptlib/OpenSSL/crypto/engine/tb_cipher.c | 0 - Cryptlib/OpenSSL/crypto/engine/tb_dh.c | 0 - Cryptlib/OpenSSL/crypto/engine/tb_digest.c | 0 - Cryptlib/OpenSSL/crypto/engine/tb_dsa.c | 0 - Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c | 0 - Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c | 0 - Cryptlib/OpenSSL/crypto/engine/tb_rand.c | 0 - Cryptlib/OpenSSL/crypto/engine/tb_rsa.c | 0 - Cryptlib/OpenSSL/crypto/engine/tb_store.c | 0 - Cryptlib/OpenSSL/crypto/err/err.c | 0 - Cryptlib/OpenSSL/crypto/err/err_all.c | 0 - Cryptlib/OpenSSL/crypto/err/err_bio.c | 0 - Cryptlib/OpenSSL/crypto/err/err_def.c | 0 - Cryptlib/OpenSSL/crypto/err/err_prn.c | 0 - Cryptlib/OpenSSL/crypto/err/err_str.c | 0 - Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 0 - Cryptlib/OpenSSL/crypto/evp/bio_enc.c | 0 - Cryptlib/OpenSSL/crypto/evp/bio_md.c | 0 - Cryptlib/OpenSSL/crypto/evp/bio_ok.c | 0 - Cryptlib/OpenSSL/crypto/evp/c_all.c | 0 - Cryptlib/OpenSSL/crypto/evp/c_allc.c | 0 - Cryptlib/OpenSSL/crypto/evp/c_alld.c | 0 - Cryptlib/OpenSSL/crypto/evp/dig_eng.c | 0 - Cryptlib/OpenSSL/crypto/evp/digest.c | 0 - Cryptlib/OpenSSL/crypto/evp/e_aes.c | 0 - Cryptlib/OpenSSL/crypto/evp/e_bf.c | 0 - Cryptlib/OpenSSL/crypto/evp/e_cast.c | 0 - Cryptlib/OpenSSL/crypto/evp/e_des.c | 0 - Cryptlib/OpenSSL/crypto/evp/e_des3.c | 0 - Cryptlib/OpenSSL/crypto/evp/e_idea.c | 0 - Cryptlib/OpenSSL/crypto/evp/e_null.c | 0 - Cryptlib/OpenSSL/crypto/evp/e_old.c | 0 - Cryptlib/OpenSSL/crypto/evp/e_rc2.c | 0 - Cryptlib/OpenSSL/crypto/evp/e_rc4.c | 0 - Cryptlib/OpenSSL/crypto/evp/e_rc5.c | 0 - Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c | 0 - Cryptlib/OpenSSL/crypto/evp/enc_min.c | 0 - Cryptlib/OpenSSL/crypto/evp/encode.c | 0 - Cryptlib/OpenSSL/crypto/evp/evp_acnf.c | 0 - Cryptlib/OpenSSL/crypto/evp/evp_cnf.c | 0 - Cryptlib/OpenSSL/crypto/evp/evp_enc.c | 0 - Cryptlib/OpenSSL/crypto/evp/evp_err.c | 0 - Cryptlib/OpenSSL/crypto/evp/evp_key.c | 0 - Cryptlib/OpenSSL/crypto/evp/evp_lib.c | 0 - Cryptlib/OpenSSL/crypto/evp/evp_pbe.c | 0 - Cryptlib/OpenSSL/crypto/evp/evp_pkey.c | 0 - Cryptlib/OpenSSL/crypto/evp/m_dss.c | 0 - Cryptlib/OpenSSL/crypto/evp/m_dss1.c | 0 - Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c | 0 - Cryptlib/OpenSSL/crypto/evp/m_md2.c | 0 - Cryptlib/OpenSSL/crypto/evp/m_md4.c | 0 - Cryptlib/OpenSSL/crypto/evp/m_md5.c | 0 - Cryptlib/OpenSSL/crypto/evp/m_null.c | 0 - Cryptlib/OpenSSL/crypto/evp/m_ripemd.c | 0 - Cryptlib/OpenSSL/crypto/evp/m_sha.c | 0 - Cryptlib/OpenSSL/crypto/evp/m_sha1.c | 0 - Cryptlib/OpenSSL/crypto/evp/names.c | 0 - Cryptlib/OpenSSL/crypto/evp/p5_crpt.c | 0 - Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c | 0 - Cryptlib/OpenSSL/crypto/evp/p_dec.c | 0 - Cryptlib/OpenSSL/crypto/evp/p_enc.c | 0 - Cryptlib/OpenSSL/crypto/evp/p_lib.c | 0 - Cryptlib/OpenSSL/crypto/evp/p_open.c | 0 - Cryptlib/OpenSSL/crypto/evp/p_seal.c | 0 - Cryptlib/OpenSSL/crypto/evp/p_sign.c | 0 - Cryptlib/OpenSSL/crypto/evp/p_verify.c | 0 - Cryptlib/OpenSSL/crypto/ex_data.c | 0 - Cryptlib/OpenSSL/crypto/fips_err.c | 0 - Cryptlib/OpenSSL/crypto/hmac/hmac.c | 0 - Cryptlib/OpenSSL/crypto/idea/i_cbc.c | 0 - Cryptlib/OpenSSL/crypto/idea/i_cfb64.c | 0 - Cryptlib/OpenSSL/crypto/idea/i_ecb.c | 0 - Cryptlib/OpenSSL/crypto/idea/i_ofb64.c | 0 - Cryptlib/OpenSSL/crypto/idea/i_skey.c | 0 - Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c | 0 - Cryptlib/OpenSSL/crypto/lhash/lh_stats.c | 0 - Cryptlib/OpenSSL/crypto/lhash/lhash.c | 0 - Cryptlib/OpenSSL/crypto/md2/md2_dgst.c | 0 - Cryptlib/OpenSSL/crypto/md2/md2_one.c | 0 - Cryptlib/OpenSSL/crypto/md4/md4_dgst.c | 0 - Cryptlib/OpenSSL/crypto/md4/md4_one.c | 0 - Cryptlib/OpenSSL/crypto/md5/md5_dgst.c | 0 - Cryptlib/OpenSSL/crypto/md5/md5_one.c | 0 - Cryptlib/OpenSSL/crypto/mem.c | 0 - Cryptlib/OpenSSL/crypto/mem_clr.c | 0 - Cryptlib/OpenSSL/crypto/mem_dbg.c | 0 - Cryptlib/OpenSSL/crypto/o_dir.c | 0 - Cryptlib/OpenSSL/crypto/o_init.c | 0 - Cryptlib/OpenSSL/crypto/o_str.c | 0 - Cryptlib/OpenSSL/crypto/o_time.c | 0 - Cryptlib/OpenSSL/crypto/objects/o_names.c | 0 - Cryptlib/OpenSSL/crypto/objects/obj_dat.c | 16 +- - Cryptlib/OpenSSL/crypto/objects/obj_err.c | 0 - Cryptlib/OpenSSL/crypto/objects/obj_lib.c | 0 - Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c | 0 - Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c | 0 - Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c | 0 - Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c | 0 - Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c | 3 + - Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c | 13 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c | 0 - Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c | 0 - Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 0 - Cryptlib/OpenSSL/crypto/pem/pem_all.c | 0 - Cryptlib/OpenSSL/crypto/pem/pem_err.c | 0 - Cryptlib/OpenSSL/crypto/pem/pem_info.c | 0 - Cryptlib/OpenSSL/crypto/pem/pem_lib.c | 0 - Cryptlib/OpenSSL/crypto/pem/pem_oth.c | 0 - Cryptlib/OpenSSL/crypto/pem/pem_pk8.c | 0 - Cryptlib/OpenSSL/crypto/pem/pem_pkey.c | 0 - Cryptlib/OpenSSL/crypto/pem/pem_seal.c | 0 - Cryptlib/OpenSSL/crypto/pem/pem_sign.c | 0 - Cryptlib/OpenSSL/crypto/pem/pem_x509.c | 0 - Cryptlib/OpenSSL/crypto/pem/pem_xaux.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c | 0 - Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c | 0 - Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c | 0 - Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c | 0 - Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 0 - Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c | 0 - Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c | 0 - Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 0 - Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c | 0 - Cryptlib/OpenSSL/crypto/pqueue/pqueue.c | 0 - Cryptlib/OpenSSL/crypto/rand/md_rand.c | 0 - Cryptlib/OpenSSL/crypto/rand/rand_egd.c | 0 - Cryptlib/OpenSSL/crypto/rand/rand_eng.c | 0 - Cryptlib/OpenSSL/crypto/rand/rand_err.c | 0 - Cryptlib/OpenSSL/crypto/rand/rand_lib.c | 0 - Cryptlib/OpenSSL/crypto/rand/rand_nw.c | 0 - Cryptlib/OpenSSL/crypto/rand/rand_os2.c | 0 - Cryptlib/OpenSSL/crypto/rand/rand_unix.c | 0 - Cryptlib/OpenSSL/crypto/rand/rand_win.c | 0 - Cryptlib/OpenSSL/crypto/rand/randfile.c | 0 - Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c | 0 - Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c | 0 - Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c | 0 - Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c | 0 - Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c | 0 - Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c | 0 - Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c | 0 - Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c | 0 - Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c | 0 - Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c | 2 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_err.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_none.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_null.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c | 0 - Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c | 0 - Cryptlib/OpenSSL/crypto/sha/sha1_one.c | 0 - Cryptlib/OpenSSL/crypto/sha/sha1dgst.c | 0 - Cryptlib/OpenSSL/crypto/sha/sha256.c | 0 - Cryptlib/OpenSSL/crypto/sha/sha512.c | 0 - Cryptlib/OpenSSL/crypto/sha/sha_dgst.c | 0 - Cryptlib/OpenSSL/crypto/sha/sha_one.c | 0 - Cryptlib/OpenSSL/crypto/stack/stack.c | 0 - Cryptlib/OpenSSL/crypto/store/str_err.c | 0 - Cryptlib/OpenSSL/crypto/store/str_lib.c | 0 - Cryptlib/OpenSSL/crypto/store/str_mem.c | 0 - Cryptlib/OpenSSL/crypto/store/str_meth.c | 0 - Cryptlib/OpenSSL/crypto/txt_db/txt_db.c | 0 - Cryptlib/OpenSSL/crypto/ui/ui_compat.c | 0 - Cryptlib/OpenSSL/crypto/ui/ui_err.c | 0 - Cryptlib/OpenSSL/crypto/ui/ui_lib.c | 2 +- - Cryptlib/OpenSSL/crypto/ui/ui_util.c | 0 - Cryptlib/OpenSSL/crypto/uid.c | 0 - Cryptlib/OpenSSL/crypto/x509/by_dir.c | 0 - Cryptlib/OpenSSL/crypto/x509/by_file.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_att.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_cmp.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_d2.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_def.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_err.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_ext.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_lu.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_obj.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_r2x.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_req.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_set.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_trs.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_txt.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_v3.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509_vpm.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509cset.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509name.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509rset.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509spki.c | 0 - Cryptlib/OpenSSL/crypto/x509/x509type.c | 0 - Cryptlib/OpenSSL/crypto/x509/x_all.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_info.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_int.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c | 0 - Cryptlib/OpenSSL/crypto/x509v3/v3err.c | 0 - Cryptlib/OpenSSL/e_os.h | 0 - Cryptlib/OpenSSL/update.sh | 999 +++++++++++++------------ - Cryptlib/Pk/CryptAuthenticode.c | 4 +- - 500 files changed, 720 insertions(+), 678 deletions(-) - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_cbc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_cfb.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_core.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ctr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ecb.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ige.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_misc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ofb.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_wrap.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bool.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bytes.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_digest.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_dup.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_enum.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_gentm.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_hdr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_int.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_meth.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_object.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_octet.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_print.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_set.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_sign.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_strex.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_strnid.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_time.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_type.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_utctm.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_utf8.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_verify.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_par.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_mime.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_moid.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_pack.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_enum.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_int.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_string.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/n_pkey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/nsseq.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_bitst.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_crl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_pkey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_req.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_spki.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_x509.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_x509a.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_new.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_algor.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_attrib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_bignum.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_crl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_exten.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_info.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_long.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_name.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_pkey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_req.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_sig.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_spki.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_val.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_x509.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_x509a.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_ecb.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_skey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/b_dump.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_buff.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_nbio.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_null.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_cb.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_bio.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_dgram.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_fd.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_file.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_log.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_mem.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_null.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_add.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_asm.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_blind.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_const.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_ctx.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_depr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_div.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_exp.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_exp2.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_gcd.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_kron.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mod.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mont.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mpi.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mul.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_nist.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_opt.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_prime.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_print.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_rand.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_recp.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_shift.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_sqr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_word.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_x931p.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buf_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buf_str.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buffer.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_cfb64.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_ecb.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_ofb64.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_skey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/c_rle.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/c_zlib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/comp_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/comp_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_api.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_def.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_mall.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_mod.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_sap.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cpt_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cryptlib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cversion.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cbc_cksm.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cbc_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb64ede.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb64enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_old.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_old2.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ecb3_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ecb_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/enc_read.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/enc_writ.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/fcrypt.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/fcrypt_b.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb64ede.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb64enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/pcbc_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/qud_cksm.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/rand_key.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/read2pwd.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/rpc_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/set_key.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/str2key.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/xcbc_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_asn1.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_check.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_depr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_gen.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_key.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_key.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_dl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_null.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_openssl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_vms.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_win32.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dyn_lck.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ebcdic.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec2_mult.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_asn1.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_check.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_curve.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_cvt.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_key.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_mult.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_print.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_mont.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_nist.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_key.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_all.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_cnf.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_dyn.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_fat.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_init.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_list.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_openssl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_padlock.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_pkey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_table.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_cipher.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_dh.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_digest.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_dsa.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_rand.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_rsa.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_store.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_all.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_bio.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_def.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_prn.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_str.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_b64.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_md.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_ok.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_all.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_allc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_alld.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/dig_eng.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/digest.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_aes.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_bf.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_cast.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_des.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_des3.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_idea.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_null.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_old.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc2.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc4.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc5.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/enc_min.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/encode.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_acnf.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_cnf.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_key.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_pbe.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_pkey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_dss.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_dss1.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md2.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md4.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md5.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_null.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_ripemd.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_sha.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_sha1.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/names.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p5_crpt.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_dec.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_open.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_seal.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_sign.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_verify.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ex_data.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/fips_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/hmac/hmac.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_cbc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_cfb64.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_ecb.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_ofb64.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_skey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/lhash/lh_stats.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/lhash/lhash.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md2/md2_dgst.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md2/md2_one.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md4/md4_dgst.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md4/md4_one.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md5/md5_dgst.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md5/md5_one.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem_clr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem_dbg.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_dir.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_init.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_str.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_time.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/o_names.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_dat.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_all.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_info.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_oth.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_pk8.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_pkey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_seal.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_sign.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_x509.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_xaux.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pqueue/pqueue.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/md_rand.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_egd.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_eng.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_nw.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_os2.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_unix.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_win.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/randfile.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_none.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_null.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha1_one.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha1dgst.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha256.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha512.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha_dgst.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha_one.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/stack/stack.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_mem.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_meth.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/txt_db/txt_db.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_compat.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_util.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/uid.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/by_dir.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/by_file.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_att.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_cmp.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_d2.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_def.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_ext.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_lu.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_obj.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_r2x.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_req.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_set.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_trs.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_txt.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_v3.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_vfy.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_vpm.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509cset.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509name.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509rset.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509spki.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509type.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x_all.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_info.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_int.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c - mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3err.c - mode change 100755 => 100644 Cryptlib/OpenSSL/e_os.h - -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_core.c b/Cryptlib/OpenSSL/crypto/aes/aes_core.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bool.c b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_enum.c b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c b/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_meth.c b/Cryptlib/OpenSSL/crypto/asn1/a_meth.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_object.c b/Cryptlib/OpenSSL/crypto/asn1/a_object.c -old mode 100755 -new mode 100644 -index 3ac2bc2..e50501a ---- a/Cryptlib/OpenSSL/crypto/asn1/a_object.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_object.c -@@ -285,16 +285,28 @@ err: - ASN1_OBJECT_free(ret); - return(NULL); - } -+ - ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long len) - { - ASN1_OBJECT *ret=NULL; - const unsigned char *p; -- int i; -- /* Sanity check OID encoding: can't have leading 0x80 in -- * subidentifiers, see: X.690 8.19.2 -+ int i, length; -+ -+ /* Sanity check OID encoding. -+ * Need at least one content octet. -+ * MSB must be clear in the last octet. -+ * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 - */ -- for (i = 0, p = *pp; i < len; i++, p++) -+ if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || -+ p[len - 1] & 0x80) -+ { -+ ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); -+ return NULL; -+ } -+ /* Now 0 < len <= INT_MAX, so the cast is safe. */ -+ length = (int)len; -+ for (i = 0; i < length; i++, p++) - { - if (*p == 0x80 && (!i || !(p[-1] & 0x80))) - { -@@ -313,20 +325,20 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - else ret=(*a); - - p= *pp; -- if ((ret->data == NULL) || (ret->length < len)) -+ if ((ret->data == NULL) || (ret->length < length)) - { - if (ret->data != NULL) OPENSSL_free(ret->data); -- ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); -+ ret->data=(unsigned char *)OPENSSL_malloc(length); - ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; - if (ret->data == NULL) - { i=ERR_R_MALLOC_FAILURE; goto err; } - } -- memcpy(ret->data,p,(int)len); -- ret->length=(int)len; -+ memcpy(ret->data,p,length); -+ ret->length=length; - ret->sn=NULL; - ret->ln=NULL; - /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ -- p+=len; -+ p+=length; - - if (a != NULL) (*a)=ret; - *pp=p; -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_print.c b/Cryptlib/OpenSSL/crypto/asn1/a_print.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_set.c b/Cryptlib/OpenSSL/crypto/asn1/a_set.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_time.c b/Cryptlib/OpenSSL/crypto/asn1/a_time.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_type.c b/Cryptlib/OpenSSL/crypto/asn1/a_type.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c -old mode 100755 -new mode 100644 -index 5af559e..d345155 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c -@@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, - *pclass=xclass; - if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; - -+ if (inf && !(ret & V_ASN1_CONSTRUCTED)) -+ goto err; -+ - #if 0 - fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", - (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c -old mode 100755 -new mode 100644 -index ad8fbed..095887f ---- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c -@@ -595,6 +595,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) - int len, state, save_state = 0; - - headers = sk_MIME_HEADER_new(mime_hdr_cmp); -+ if (!headers) -+ return NULL; - while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { - /* If whitespace at line start then continuation line */ - if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c -old mode 100755 -new mode 100644 -index f1a5a05..c373714 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c -@@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct) - - if (!(octmp->length = i2d(obj, NULL))) { - ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); -- return NULL; -+ goto err; - } - if (!(p = OPENSSL_malloc (octmp->length))) { - ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); -- return NULL; -+ goto err; - } - octmp->data = p; - i2d (obj, &p); - return octmp; -+ err: -+ if (!oct || !*oct) -+ { -+ ASN1_STRING_free(octmp); -+ if (oct) -+ *oct = NULL; -+ } -+ return NULL; - } - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c -old mode 100755 -new mode 100644 -index f3d9804..1b94459 ---- a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c -@@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) - ASN1_STRING *os; - - if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); -- if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0); -+ if (!M_ASN1_OCTET_STRING_set(os,data,len)) -+ { -+ M_ASN1_OCTET_STRING_free(os); -+ return 0; -+ } - ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); - return(1); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_enum.c b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_int.c b/Cryptlib/OpenSSL/crypto/asn1/f_int.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_string.c b/Cryptlib/OpenSSL/crypto/asn1/f_string.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c -old mode 100755 -new mode 100644 -index 6f295b4..f9dad0e ---- a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c -@@ -465,6 +465,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) - l=80-2-obase; - - b=X509_NAME_oneline(name,NULL,0); -+ if (!b) -+ return 0; - if (!*b) - { - OPENSSL_free(b); -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c -old mode 100755 -new mode 100644 -index 2721f90..b3687f9 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c -@@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, - { - derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) - * sizeof(*derlst)); -+ if (!derlst) -+ return 0; - tmpdat = OPENSSL_malloc(skcontlen); -- if (!derlst || !tmpdat) -+ if (!tmpdat) -+ { -+ OPENSSL_free(derlst); - return 0; -+ } - } - } - /* If not sorting just output each item */ -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_exten.c b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_info.c b/Cryptlib/OpenSSL/crypto/asn1/x_info.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_long.c b/Cryptlib/OpenSSL/crypto/asn1/x_long.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_name.c b/Cryptlib/OpenSSL/crypto/asn1/x_name.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_req.c b/Cryptlib/OpenSSL/crypto/asn1/x_req.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_val.c b/Cryptlib/OpenSSL/crypto/asn1/x_val.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c b/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_enc.c b/Cryptlib/OpenSSL/crypto/bf/bf_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_skey.c b/Cryptlib/OpenSSL/crypto/bf/bf_skey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bio/b_dump.c b/Cryptlib/OpenSSL/crypto/bio/b_dump.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_null.c b/Cryptlib/OpenSSL/crypto/bio/bf_null.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_err.c b/Cryptlib/OpenSSL/crypto/bio/bio_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c -old mode 100755 -new mode 100644 -index 371cdf5..6346c19 ---- a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c -@@ -132,8 +132,8 @@ int BIO_free(BIO *a) - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); - -- if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); -- a->method->destroy(a); -+ if ((a->method != NULL) && (a->method->destroy != NULL)) -+ a->method->destroy(a); - OPENSSL_free(a); - return(1); - } -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_file.c b/Cryptlib/OpenSSL/crypto/bio/bss_file.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_log.c b/Cryptlib/OpenSSL/crypto/bio/bss_log.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_null.c b/Cryptlib/OpenSSL/crypto/bio/bss_null.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_add.c b/Cryptlib/OpenSSL/crypto/bn/bn_add.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_const.c b/Cryptlib/OpenSSL/crypto/bn/bn_const.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_div.c b/Cryptlib/OpenSSL/crypto/bn/bn_div.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_err.c b/Cryptlib/OpenSSL/crypto/bn/bn_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c -old mode 100755 -new mode 100644 -index 5d90f1e..28f1fa8 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c -@@ -1095,3 +1095,54 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) - return 1; - } - -+/* -+ * Constant-time conditional swap of a and b. -+ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. -+ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, -+ * and that no more than nwords are used by either a or b. -+ * a and b cannot be the same number -+ */ -+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) -+ { -+ BN_ULONG t; -+ int i; -+ -+ bn_wcheck_size(a, nwords); -+ bn_wcheck_size(b, nwords); -+ -+ assert(a != b); -+ assert((condition & (condition - 1)) == 0); -+ assert(sizeof(BN_ULONG) >= sizeof(int)); -+ -+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; -+ -+ t = (a->top^b->top) & condition; -+ a->top ^= t; -+ b->top ^= t; -+ -+#define BN_CONSTTIME_SWAP(ind) \ -+ do { \ -+ t = (a->d[ind] ^ b->d[ind]) & condition; \ -+ a->d[ind] ^= t; \ -+ b->d[ind] ^= t; \ -+ } while (0) -+ -+ -+ switch (nwords) { -+ default: -+ for (i = 10; i < nwords; i++) -+ BN_CONSTTIME_SWAP(i); -+ /* Fallthrough */ -+ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ -+ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ -+ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ -+ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ -+ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ -+ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ -+ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ -+ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ -+ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ -+ case 1: BN_CONSTTIME_SWAP(0); -+ } -+#undef BN_CONSTTIME_SWAP -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c -old mode 100755 -new mode 100644 -index b66f507..c288844 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c -@@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) - BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); - return(NULL); - } -+#ifdef PURIFY -+ /* Valgrind complains in BN_consttime_swap because we process the whole -+ * array even if it's not initialised yet. This doesn't matter in that -+ * function - what's important is constant time operation (we're not -+ * actually going to use the data) -+ */ -+ memset(a, 0, sizeof(BN_ULONG)*words); -+#endif -+ - #if 1 - B=b->d; - /* Check if the previous number needs to be copied */ -@@ -824,55 +833,3 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, - } - return bn_cmp_words(a,b,cl); - } -- --/* -- * Constant-time conditional swap of a and b. -- * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. -- * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, -- * and that no more than nwords are used by either a or b. -- * a and b cannot be the same number -- */ --void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) -- { -- BN_ULONG t; -- int i; -- -- bn_wcheck_size(a, nwords); -- bn_wcheck_size(b, nwords); -- -- assert(a != b); -- assert((condition & (condition - 1)) == 0); -- assert(sizeof(BN_ULONG) >= sizeof(int)); -- -- condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; -- -- t = (a->top^b->top) & condition; -- a->top ^= t; -- b->top ^= t; -- --#define BN_CONSTTIME_SWAP(ind) \ -- do { \ -- t = (a->d[ind] ^ b->d[ind]) & condition; \ -- a->d[ind] ^= t; \ -- b->d[ind] ^= t; \ -- } while (0) -- -- -- switch (nwords) { -- default: -- for (i = 10; i < nwords; i++) -- BN_CONSTTIME_SWAP(i); -- /* Fallthrough */ -- case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ -- case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ -- case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ -- case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ -- case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ -- case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ -- case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ -- case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ -- case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ -- case 1: BN_CONSTTIME_SWAP(0); -- } --#undef BN_CONSTTIME_SWAP --} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c b/Cryptlib/OpenSSL/crypto/bn/bn_opt.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_print.c b/Cryptlib/OpenSSL/crypto/bn/bn_print.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c -old mode 100755 -new mode 100644 -index 270d0cd..65bbf16 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c -@@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) - if (al <= 0) - { - r->top=0; -+ r->neg = 0; - return 1; - } - -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/buffer/buffer.c b/Cryptlib/OpenSSL/crypto/buffer/buffer.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c b/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ecb.c b/Cryptlib/OpenSSL/crypto/cast/c_ecb.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/cast/c_enc.c b/Cryptlib/OpenSSL/crypto/cast/c_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c b/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/cast/c_skey.c b/Cryptlib/OpenSSL/crypto/cast/c_skey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/comp/c_rle.c b/Cryptlib/OpenSSL/crypto/comp/c_rle.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_err.c b/Cryptlib/OpenSSL/crypto/comp/comp_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_api.c b/Cryptlib/OpenSSL/crypto/conf/conf_api.c -old mode 100755 -new mode 100644 -index 17bae83..55d1d50 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_api.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_api.c -@@ -294,7 +294,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) - v->value=(char *)sk; - - vv=(CONF_VALUE *)lh_insert(conf->data,v); -- assert(vv == NULL); -+ OPENSSL_assert(vv == NULL); - ok=1; - err: - if (!ok) -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.c b/Cryptlib/OpenSSL/crypto/conf/conf_def.c -old mode 100755 -new mode 100644 -index 3c58936..a168339 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_def.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.c -@@ -324,7 +324,7 @@ again: - p=eat_ws(conf, end); - if (*p != ']') - { -- if (*p != '\0') -+ if (*p != '\0' && ss != p) - { - ss=p; - goto again; -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_err.c b/Cryptlib/OpenSSL/crypto/conf/conf_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/cpt_err.c b/Cryptlib/OpenSSL/crypto/cpt_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/cversion.c b/Cryptlib/OpenSSL/crypto/cversion.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_enc.c b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64ede.c b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64enc.c b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/cfb_enc.c b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/des_enc.c b/Cryptlib/OpenSSL/crypto/des/des_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/des_lib.c b/Cryptlib/OpenSSL/crypto/des/des_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/des_old.c b/Cryptlib/OpenSSL/crypto/des/des_old.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/des_old2.c b/Cryptlib/OpenSSL/crypto/des/des_old2.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/enc_read.c b/Cryptlib/OpenSSL/crypto/des/enc_read.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/enc_writ.c b/Cryptlib/OpenSSL/crypto/des/enc_writ.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt.c b/Cryptlib/OpenSSL/crypto/des/fcrypt.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64ede.c b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64enc.c b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/ofb_enc.c b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/qud_cksm.c b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/rand_key.c b/Cryptlib/OpenSSL/crypto/des/rand_key.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/read2pwd.c b/Cryptlib/OpenSSL/crypto/des/read2pwd.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/rpc_enc.c b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/set_key.c b/Cryptlib/OpenSSL/crypto/des/set_key.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/str2key.c b/Cryptlib/OpenSSL/crypto/des/str2key.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_check.c b/Cryptlib/OpenSSL/crypto/dh/dh_check.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_err.c b/Cryptlib/OpenSSL/crypto/dh/dh_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_key.c b/Cryptlib/OpenSSL/crypto/dh/dh_key.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_err.c b/Cryptlib/OpenSSL/crypto/dso/dso_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_null.c b/Cryptlib/OpenSSL/crypto/dso/dso_null.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/dyn_lck.c b/Cryptlib/OpenSSL/crypto/dyn_lck.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ebcdic.c b/Cryptlib/OpenSSL/crypto/ebcdic.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c b/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_check.c b/Cryptlib/OpenSSL/crypto/ec/ec_check.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_curve.c b/Cryptlib/OpenSSL/crypto/ec/ec_curve.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c b/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_err.c b/Cryptlib/OpenSSL/crypto/ec/ec_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c -old mode 100755 -new mode 100644 -index bbf2799..e7d11ff ---- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c -@@ -1010,7 +1010,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX * - - int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) - { -- if (group->meth->dbl == 0) -+ if (group->meth->invert == 0) - { - ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec_mult.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_print.c b/Cryptlib/OpenSSL/crypto/ec/ec_print.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c b/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c b/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c -old mode 100755 -new mode 100644 -index 66a92e2..b239088 ---- a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c -@@ -1540,9 +1540,8 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ct - int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) - { - BN_CTX *new_ctx = NULL; -- BIGNUM *tmp0, *tmp1; -- size_t pow2 = 0; -- BIGNUM **heap = NULL; -+ BIGNUM *tmp, *tmp_Z; -+ BIGNUM **prod_Z = NULL; - size_t i; - int ret = 0; - -@@ -1557,124 +1556,104 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT - } - - BN_CTX_start(ctx); -- tmp0 = BN_CTX_get(ctx); -- tmp1 = BN_CTX_get(ctx); -- if (tmp0 == NULL || tmp1 == NULL) goto err; -+ tmp = BN_CTX_get(ctx); -+ tmp_Z = BN_CTX_get(ctx); -+ if (tmp == NULL || tmp_Z == NULL) goto err; - -- /* Before converting the individual points, compute inverses of all Z values. -- * Modular inversion is rather slow, but luckily we can do with a single -- * explicit inversion, plus about 3 multiplications per input value. -- */ -+ prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); -+ if (prod_Z == NULL) goto err; -+ for (i = 0; i < num; i++) -+ { -+ prod_Z[i] = BN_new(); -+ if (prod_Z[i] == NULL) goto err; -+ } - -- pow2 = 1; -- while (num > pow2) -- pow2 <<= 1; -- /* Now pow2 is the smallest power of 2 satifsying pow2 >= num. -- * We need twice that. */ -- pow2 <<= 1; -+ /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, -+ * skipping any zero-valued inputs (pretend that they're 1). */ - -- heap = OPENSSL_malloc(pow2 * sizeof heap[0]); -- if (heap == NULL) goto err; -- -- /* The array is used as a binary tree, exactly as in heapsort: -- * -- * heap[1] -- * heap[2] heap[3] -- * heap[4] heap[5] heap[6] heap[7] -- * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15] -- * -- * We put the Z's in the last line; -- * then we set each other node to the product of its two child-nodes (where -- * empty or 0 entries are treated as ones); -- * then we invert heap[1]; -- * then we invert each other node by replacing it by the product of its -- * parent (after inversion) and its sibling (before inversion). -- */ -- heap[0] = NULL; -- for (i = pow2/2 - 1; i > 0; i--) -- heap[i] = NULL; -- for (i = 0; i < num; i++) -- heap[pow2/2 + i] = &points[i]->Z; -- for (i = pow2/2 + num; i < pow2; i++) -- heap[i] = NULL; -- -- /* set each node to the product of its children */ -- for (i = pow2/2 - 1; i > 0; i--) -+ if (!BN_is_zero(&points[0]->Z)) - { -- heap[i] = BN_new(); -- if (heap[i] == NULL) goto err; -- -- if (heap[2*i] != NULL) -+ if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err; -+ } -+ else -+ { -+ if (group->meth->field_set_to_one != 0) - { -- if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1])) -- { -- if (!BN_copy(heap[i], heap[2*i])) goto err; -- } -- else -- { -- if (BN_is_zero(heap[2*i])) -- { -- if (!BN_copy(heap[i], heap[2*i + 1])) goto err; -- } -- else -- { -- if (!group->meth->field_mul(group, heap[i], -- heap[2*i], heap[2*i + 1], ctx)) goto err; -- } -- } -+ if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err; -+ } -+ else -+ { -+ if (!BN_one(prod_Z[0])) goto err; - } - } - -- /* invert heap[1] */ -- if (!BN_is_zero(heap[1])) -+ for (i = 1; i < num; i++) - { -- if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx)) -+ if (!BN_is_zero(&points[i]->Z)) - { -- ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); -- goto err; -+ if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err; -+ } -+ else -+ { -+ if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err; - } - } -+ -+ /* Now use a single explicit inversion to replace every -+ * non-zero points[i]->Z by its inverse. */ -+ -+ if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) -+ { -+ ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); -+ goto err; -+ } - if (group->meth->field_encode != 0) - { -- /* in the Montgomery case, we just turned R*H (representing H) -+ /* In the Montgomery case, we just turned R*H (representing H) - * into 1/(R*H), but we need R*(1/H) (representing 1/H); -- * i.e. we have need to multiply by the Montgomery factor twice */ -- if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; -- if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; -+ * i.e. we need to multiply by the Montgomery factor twice. */ -+ if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; -+ if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; - } - -- /* set other heap[i]'s to their inverses */ -- for (i = 2; i < pow2/2 + num; i += 2) -+ for (i = num - 1; i > 0; --i) - { -- /* i is even */ -- if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1])) -- { -- if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err; -- if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err; -- if (!BN_copy(heap[i], tmp0)) goto err; -- if (!BN_copy(heap[i + 1], tmp1)) goto err; -- } -- else -+ /* Loop invariant: tmp is the product of the inverses of -+ * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */ -+ if (!BN_is_zero(&points[i]->Z)) - { -- if (!BN_copy(heap[i], heap[i/2])) goto err; -+ /* Set tmp_Z to the inverse of points[i]->Z (as product -+ * of Z inverses 0 .. i, Z values 0 .. i - 1). */ -+ if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err; -+ /* Update tmp to satisfy the loop invariant for i - 1. */ -+ if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err; -+ /* Replace points[i]->Z by its inverse. */ -+ if (!BN_copy(&points[i]->Z, tmp_Z)) goto err; - } - } - -- /* we have replaced all non-zero Z's by their inverses, now fix up all the points */ -+ if (!BN_is_zero(&points[0]->Z)) -+ { -+ /* Replace points[0]->Z by its inverse. */ -+ if (!BN_copy(&points[0]->Z, tmp)) goto err; -+ } -+ -+ /* Finally, fix up the X and Y coordinates for all points. */ -+ - for (i = 0; i < num; i++) - { - EC_POINT *p = points[i]; -- -+ - if (!BN_is_zero(&p->Z)) - { - /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ - -- if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err; -- if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err; -+ if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err; -+ if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err; -+ -+ if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err; -+ if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err; - -- if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err; -- if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err; -- - if (group->meth->field_set_to_one != 0) - { - if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err; -@@ -1688,20 +1667,19 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT - } - - ret = 1; -- -+ - err: - BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); -- if (heap != NULL) -+ if (prod_Z != NULL) - { -- /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */ -- for (i = pow2/2 - 1; i > 0; i--) -+ for (i = 0; i < num; i++) - { -- if (heap[i] != NULL) -- BN_clear_free(heap[i]); -+ if (prod_Z[i] != NULL) -+ BN_clear_free(prod_Z[i]); - } -- OPENSSL_free(heap); -+ OPENSSL_free(prod_Z); - } - return ret; - } -diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c b/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c b/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c b/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c b/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_err.c b/Cryptlib/OpenSSL/crypto/engine/eng_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_fat.c b/Cryptlib/OpenSSL/crypto/engine/eng_fat.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_init.c b/Cryptlib/OpenSSL/crypto/engine/eng_init.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_lib.c b/Cryptlib/OpenSSL/crypto/engine/eng_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_list.c b/Cryptlib/OpenSSL/crypto/engine/eng_list.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c b/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c b/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c b/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_table.c b/Cryptlib/OpenSSL/crypto/engine/eng_table.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c b/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dh.c b/Cryptlib/OpenSSL/crypto/engine/tb_dh.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_digest.c b/Cryptlib/OpenSSL/crypto/engine/tb_digest.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rand.c b/Cryptlib/OpenSSL/crypto/engine/tb_rand.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_store.c b/Cryptlib/OpenSSL/crypto/engine/tb_store.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/err/err_bio.c b/Cryptlib/OpenSSL/crypto/err/err_bio.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/err/err_def.c b/Cryptlib/OpenSSL/crypto/err/err_def.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/err/err_prn.c b/Cryptlib/OpenSSL/crypto/err/err_prn.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/err/err_str.c b/Cryptlib/OpenSSL/crypto/err/err_str.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_md.c b/Cryptlib/OpenSSL/crypto/evp/bio_md.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/c_all.c b/Cryptlib/OpenSSL/crypto/evp/c_all.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/c_allc.c b/Cryptlib/OpenSSL/crypto/evp/c_allc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/c_alld.c b/Cryptlib/OpenSSL/crypto/evp/c_alld.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/dig_eng.c b/Cryptlib/OpenSSL/crypto/evp/dig_eng.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/digest.c b/Cryptlib/OpenSSL/crypto/evp/digest.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes.c b/Cryptlib/OpenSSL/crypto/evp/e_aes.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_bf.c b/Cryptlib/OpenSSL/crypto/evp/e_bf.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_cast.c b/Cryptlib/OpenSSL/crypto/evp/e_cast.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des.c b/Cryptlib/OpenSSL/crypto/evp/e_des.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des3.c b/Cryptlib/OpenSSL/crypto/evp/e_des3.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_idea.c b/Cryptlib/OpenSSL/crypto/evp/e_idea.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_null.c b/Cryptlib/OpenSSL/crypto/evp/e_null.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_old.c b/Cryptlib/OpenSSL/crypto/evp/e_old.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/enc_min.c b/Cryptlib/OpenSSL/crypto/evp/enc_min.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_err.c b/Cryptlib/OpenSSL/crypto/evp/evp_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_key.c b/Cryptlib/OpenSSL/crypto/evp/evp_key.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss.c b/Cryptlib/OpenSSL/crypto/evp/m_dss.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md2.c b/Cryptlib/OpenSSL/crypto/evp/m_md2.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md4.c b/Cryptlib/OpenSSL/crypto/evp/m_md4.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5.c b/Cryptlib/OpenSSL/crypto/evp/m_md5.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_null.c b/Cryptlib/OpenSSL/crypto/evp/m_null.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha.c b/Cryptlib/OpenSSL/crypto/evp/m_sha.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/names.c b/Cryptlib/OpenSSL/crypto/evp/names.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_dec.c b/Cryptlib/OpenSSL/crypto/evp/p_dec.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_enc.c b/Cryptlib/OpenSSL/crypto/evp/p_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_lib.c b/Cryptlib/OpenSSL/crypto/evp/p_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_open.c b/Cryptlib/OpenSSL/crypto/evp/p_open.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_seal.c b/Cryptlib/OpenSSL/crypto/evp/p_seal.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_sign.c b/Cryptlib/OpenSSL/crypto/evp/p_sign.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_verify.c b/Cryptlib/OpenSSL/crypto/evp/p_verify.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ex_data.c b/Cryptlib/OpenSSL/crypto/ex_data.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/fips_err.c b/Cryptlib/OpenSSL/crypto/fips_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/hmac/hmac.c b/Cryptlib/OpenSSL/crypto/hmac/hmac.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cbc.c b/Cryptlib/OpenSSL/crypto/idea/i_cbc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c b/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ecb.c b/Cryptlib/OpenSSL/crypto/idea/i_ecb.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c b/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/idea/i_skey.c b/Cryptlib/OpenSSL/crypto/idea/i_skey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash.c b/Cryptlib/OpenSSL/crypto/lhash/lhash.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c b/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_one.c b/Cryptlib/OpenSSL/crypto/md2/md2_one.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_one.c b/Cryptlib/OpenSSL/crypto/md4/md4_one.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_one.c b/Cryptlib/OpenSSL/crypto/md5/md5_one.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/mem.c b/Cryptlib/OpenSSL/crypto/mem.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/mem_clr.c b/Cryptlib/OpenSSL/crypto/mem_clr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/o_dir.c b/Cryptlib/OpenSSL/crypto/o_dir.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/o_str.c b/Cryptlib/OpenSSL/crypto/o_str.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/o_time.c b/Cryptlib/OpenSSL/crypto/o_time.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/objects/o_names.c b/Cryptlib/OpenSSL/crypto/objects/o_names.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c -old mode 100755 -new mode 100644 -index 760af16..cf5ba2a ---- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c -+++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c -@@ -444,11 +444,12 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) - unsigned char *p; - char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; - -- if ((a == NULL) || (a->data == NULL)) { -- buf[0]='\0'; -- return(0); -- } -+ /* Ensure that, at every state, |buf| is NUL-terminated. */ -+ if (buf && buf_len > 0) -+ buf[0] = '\0'; - -+ if ((a == NULL) || (a->data == NULL)) -+ return(0); - - if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef) - { -@@ -527,9 +528,10 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) - i=(int)(l/40); - l-=(long)(i*40); - } -- if (buf && (buf_len > 0)) -+ if (buf && (buf_len > 1)) - { - *buf++ = i + '0'; -+ *buf = '\0'; - buf_len--; - } - n++; -@@ -544,9 +546,10 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) - i = strlen(bndec); - if (buf) - { -- if (buf_len > 0) -+ if (buf_len > 1) - { - *buf++ = '.'; -+ *buf = '\0'; - buf_len--; - } - BUF_strlcpy(buf,bndec,buf_len); -@@ -786,4 +789,3 @@ err: - OPENSSL_free(buf); - return(ok); - } -- -diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_err.c b/Cryptlib/OpenSSL/crypto/objects/obj_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c -old mode 100755 -new mode 100644 -index 92aba08..fb87cd7 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c -@@ -464,6 +464,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) - - ctx = OCSP_sendreq_new(b, path, req, -1); - -+ if (!ctx) -+ return NULL; -+ - do - { - rv = OCSP_sendreq_nbio(&resp, ctx); -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c -old mode 100755 -new mode 100644 -index 441ccb7..5883b4e ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c -@@ -220,8 +220,19 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss - - if (!*ppath) goto mem_err; - -+ p = host; -+ if(host[0] == '[') -+ { -+ /* ipv6 literal */ -+ host++; -+ p = strchr(host, ']'); -+ if(!p) goto parse_err; -+ *p = '\0'; -+ p++; -+ } -+ - /* Look for optional ':' for port number */ -- if ((p = strchr(host, ':'))) -+ if ((p = strchr(p, ':'))) - { - *p = 0; - port = p + 1; -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_all.c b/Cryptlib/OpenSSL/crypto/pem/pem_all.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_err.c b/Cryptlib/OpenSSL/crypto/pem/pem_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_info.c b/Cryptlib/OpenSSL/crypto/pem/pem_info.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rand/md_rand.c b/Cryptlib/OpenSSL/crypto/rand/md_rand.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_eng.c b/Cryptlib/OpenSSL/crypto/rand/rand_eng.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_err.c b/Cryptlib/OpenSSL/crypto/rand/rand_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_nw.c b/Cryptlib/OpenSSL/crypto/rand/rand_nw.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_os2.c b/Cryptlib/OpenSSL/crypto/rand/rand_os2.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_win.c b/Cryptlib/OpenSSL/crypto/rand/rand_win.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rand/randfile.c b/Cryptlib/OpenSSL/crypto/rand/randfile.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c -old mode 100755 -new mode 100644 -index d477f08..203d702 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c -@@ -457,7 +457,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, - if (padding == RSA_X931_PADDING) - { - BN_sub(f, rsa->n, ret); -- if (BN_cmp(ret, f)) -+ if (BN_cmp(ret, f) > 0) - res = f; - else - res = ret; -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha256.c b/Cryptlib/OpenSSL/crypto/sha/sha256.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha512.c b/Cryptlib/OpenSSL/crypto/sha/sha512.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_one.c b/Cryptlib/OpenSSL/crypto/sha/sha_one.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/stack/stack.c b/Cryptlib/OpenSSL/crypto/stack/stack.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/store/str_err.c b/Cryptlib/OpenSSL/crypto/store/str_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/store/str_lib.c b/Cryptlib/OpenSSL/crypto/store/str_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/store/str_mem.c b/Cryptlib/OpenSSL/crypto/store/str_mem.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/store/str_meth.c b/Cryptlib/OpenSSL/crypto/store/str_meth.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_compat.c b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_err.c b/Cryptlib/OpenSSL/crypto/ui/ui_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c -old mode 100755 -new mode 100644 -index ac01008..67013f8 ---- a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c -+++ b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c -@@ -897,9 +897,9 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) - break; - } - } -+ } - default: - break; - } -- } - return 0; - } -diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_util.c b/Cryptlib/OpenSSL/crypto/ui/ui_util.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/uid.c b/Cryptlib/OpenSSL/crypto/uid.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/by_dir.c b/Cryptlib/OpenSSL/crypto/x509/by_dir.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/by_file.c b/Cryptlib/OpenSSL/crypto/x509/by_file.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_att.c b/Cryptlib/OpenSSL/crypto/x509/x509_att.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_def.c b/Cryptlib/OpenSSL/crypto/x509/x509_def.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_err.c b/Cryptlib/OpenSSL/crypto/x509/x509_err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_req.c b/Cryptlib/OpenSSL/crypto/x509/x509_req.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_set.c b/Cryptlib/OpenSSL/crypto/x509/x509_set.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509cset.c b/Cryptlib/OpenSSL/crypto/x509/x509cset.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509name.c b/Cryptlib/OpenSSL/crypto/x509/x509name.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509rset.c b/Cryptlib/OpenSSL/crypto/x509/x509rset.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509spki.c b/Cryptlib/OpenSSL/crypto/x509/x509spki.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509type.c b/Cryptlib/OpenSSL/crypto/x509/x509type.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509/x_all.c b/Cryptlib/OpenSSL/crypto/x509/x_all.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/e_os.h b/Cryptlib/OpenSSL/e_os.h -old mode 100755 -new mode 100644 -diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh -index 95875e7..897ef2d 100755 ---- a/Cryptlib/OpenSSL/update.sh -+++ b/Cryptlib/OpenSSL/update.sh -@@ -1,501 +1,504 @@ - #/bin/sh - DIR=$1 -+version="0.9.8zb" - --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/e_os.h e_os.h --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cryptlib.c crypto/cryptlib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dyn_lck.c crypto/dyn_lck.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem.c crypto/mem.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_clr.c crypto/mem_clr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_dbg.c crypto/mem_dbg.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cversion.c crypto/cversion.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ex_data.c crypto/ex_data.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cpt_err.c crypto/cpt_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ebcdic.c crypto/ebcdic.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/uid.c crypto/uid.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_time.c crypto/o_time.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_str.c crypto/o_str.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_dir.c crypto/o_dir.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_init.c crypto/o_init.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/fips_err.c crypto/fips_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_one.c crypto/md2/md2_one.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_one.c crypto/md4/md4_one.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_one.c crypto/md5/md5_one.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_one.c crypto/sha/sha_one.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1_one.c crypto/sha/sha1_one.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha256.c crypto/sha/sha256.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha512.c crypto/sha/sha512.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/hmac/hmac.c crypto/hmac/hmac.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_lib.c crypto/des/des_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/set_key.c crypto/des/set_key.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb_enc.c crypto/des/ecb_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_enc.c crypto/des/cbc_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64enc.c crypto/des/cfb64enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64ede.c crypto/des/cfb64ede.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb_enc.c crypto/des/cfb_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64ede.c crypto/des/ofb64ede.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_read.c crypto/des/enc_read.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_writ.c crypto/des/enc_writ.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64enc.c crypto/des/ofb64enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb_enc.c crypto/des/ofb_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/str2key.c crypto/des/str2key.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/qud_cksm.c crypto/des/qud_cksm.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rand_key.c crypto/des/rand_key.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_enc.c crypto/des/des_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt.c crypto/des/fcrypt.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rpc_enc.c crypto/des/rpc_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old.c crypto/des/des_old.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old2.c crypto/des/des_old2.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/read2pwd.c crypto/des/read2pwd.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cbc.c crypto/idea/i_cbc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ecb.c crypto/idea/i_ecb.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_skey.c crypto/idea/i_skey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_skey.c crypto/bf/bf_skey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_enc.c crypto/bf/bf_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_skey.c crypto/cast/c_skey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ecb.c crypto/cast/c_ecb.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_enc.c crypto/cast/c_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_misc.c crypto/aes/aes_misc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ige.c crypto/aes/aes_ige.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_core.c crypto/aes/aes_core.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_add.c crypto/bn/bn_add.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_div.c crypto/bn/bn_div.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp.c crypto/bn/bn_exp.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_lib.c crypto/bn/bn_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mul.c crypto/bn/bn_mul.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mod.c crypto/bn/bn_mod.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_print.c crypto/bn/bn_print.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_rand.c crypto/bn/bn_rand.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_shift.c crypto/bn/bn_shift.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_word.c crypto/bn/bn_word.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_blind.c crypto/bn/bn_blind.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_kron.c crypto/bn/bn_kron.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_prime.c crypto/bn/bn_prime.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_err.c crypto/bn/bn_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_asm.c crypto/bn/bn_asm.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_recp.c crypto/bn/bn_recp.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mont.c crypto/bn/bn_mont.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_nist.c crypto/bn/bn_nist.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_depr.c crypto/bn/bn_depr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_const.c crypto/bn/bn_const.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_opt.c crypto/bn/bn_opt.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dl.c crypto/dso/dso_dl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_err.c crypto/dso/dso_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_lib.c crypto/dso/dso_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_null.c crypto/dso/dso_null.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_win32.c crypto/dso/dso_win32.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_vms.c crypto/dso/dso_vms.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_gen.c crypto/dh/dh_gen.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_key.c crypto/dh/dh_key.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_lib.c crypto/dh/dh_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_check.c crypto/dh/dh_check.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_err.c crypto/dh/dh_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_depr.c crypto/dh/dh_depr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_lib.c crypto/ec/ec_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_mult.c crypto/ec/ec_mult.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_err.c crypto/ec/ec_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_curve.c crypto/ec/ec_curve.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_check.c crypto/ec/ec_check.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_print.c crypto/ec/ec_print.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_key.c crypto/ec/ec_key.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buffer.c crypto/buffer/buffer.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_str.c crypto/buffer/buf_str.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_err.c crypto/buffer/buf_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_lib.c crypto/bio/bio_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_cb.c crypto/bio/bio_cb.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_err.c crypto/bio/bio_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_mem.c crypto/bio/bss_mem.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_null.c crypto/bio/bss_null.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_fd.c crypto/bio/bss_fd.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_file.c crypto/bio/bss_file.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_null.c crypto/bio/bf_null.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_buff.c crypto/bio/bf_buff.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/b_dump.c crypto/bio/b_dump.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_log.c crypto/bio/bss_log.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_bio.c crypto/bio/bss_bio.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/stack/stack.c crypto/stack/stack.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lhash.c crypto/lhash/lhash.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/md_rand.c crypto/rand/md_rand.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/randfile.c crypto/rand/randfile.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_lib.c crypto/rand/rand_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_eng.c crypto/rand/rand_eng.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_err.c crypto/rand/rand_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_egd.c crypto/rand/rand_egd.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_win.c crypto/rand/rand_win.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_unix.c crypto/rand/rand_unix.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_os2.c crypto/rand/rand_os2.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_nw.c crypto/rand/rand_nw.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err.c crypto/err/err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_def.c crypto/err/err_def.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_all.c crypto/err/err_all.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_prn.c crypto/err/err_prn.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_str.c crypto/err/err_str.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_bio.c crypto/err/err_bio.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/o_names.c crypto/objects/o_names.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_dat.c crypto/objects/obj_dat.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_lib.c crypto/objects/obj_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_err.c crypto/objects/obj_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/encode.c crypto/evp/encode.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/digest.c crypto/evp/digest.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/dig_eng.c crypto/evp/dig_eng.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_enc.c crypto/evp/evp_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_key.c crypto/evp/evp_key.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des.c crypto/evp/e_des.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_bf.c crypto/evp/e_bf.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_idea.c crypto/evp/e_idea.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des3.c crypto/evp/e_des3.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc4.c crypto/evp/e_rc4.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_aes.c crypto/evp/e_aes.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/names.c crypto/evp/names.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc2.c crypto/evp/e_rc2.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_cast.c crypto/evp/e_cast.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc5.c crypto/evp/e_rc5.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/enc_min.c crypto/evp/enc_min.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_null.c crypto/evp/m_null.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md2.c crypto/evp/m_md2.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md4.c crypto/evp/m_md4.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md5.c crypto/evp/m_md5.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha.c crypto/evp/m_sha.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha1.c crypto/evp/m_sha1.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss.c crypto/evp/m_dss.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss1.c crypto/evp/m_dss1.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_open.c crypto/evp/p_open.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_seal.c crypto/evp/p_seal.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_sign.c crypto/evp/p_sign.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_verify.c crypto/evp/p_verify.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_lib.c crypto/evp/p_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_enc.c crypto/evp/p_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_dec.c crypto/evp/p_dec.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_md.c crypto/evp/bio_md.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_b64.c crypto/evp/bio_b64.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_enc.c crypto/evp/bio_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_err.c crypto/evp/evp_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_null.c crypto/evp/e_null.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_all.c crypto/evp/c_all.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_allc.c crypto/evp/c_allc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_alld.c crypto/evp/c_alld.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_lib.c crypto/evp/evp_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_ok.c crypto/evp/bio_ok.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_old.c crypto/evp/e_old.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_object.c crypto/asn1/a_object.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_time.c crypto/asn1/a_time.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_int.c crypto/asn1/a_int.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_octet.c crypto/asn1/a_octet.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_print.c crypto/asn1/a_print.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_type.c crypto/asn1/a_type.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_set.c crypto/asn1/a_set.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_dup.c crypto/asn1/a_dup.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_enum.c crypto/asn1/a_enum.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_sign.c crypto/asn1/a_sign.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_digest.c crypto/asn1/a_digest.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_verify.c crypto/asn1/a_verify.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strex.c crypto/asn1/a_strex.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_algor.c crypto/asn1/x_algor.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_val.c crypto/asn1/x_val.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_sig.c crypto/asn1/x_sig.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_req.c crypto/asn1/x_req.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_long.c crypto/asn1/x_long.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_name.c crypto/asn1/x_name.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509.c crypto/asn1/x_x509.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_crl.c crypto/asn1/x_crl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_info.c crypto/asn1/x_info.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_spki.c crypto/asn1/x_spki.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/nsseq.c crypto/asn1/nsseq.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_req.c crypto/asn1/t_req.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509.c crypto/asn1/t_x509.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_crl.c crypto/asn1/t_crl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_spki.c crypto/asn1/t_spki.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_int.c crypto/asn1/f_int.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_string.c crypto/asn1/f_string.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_enum.c crypto/asn1/f_enum.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bool.c crypto/asn1/a_bool.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_exten.c crypto/asn1/x_exten.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_meth.c crypto/asn1/a_meth.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_sign.c crypto/pem/pem_sign.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_seal.c crypto/pem/pem_seal.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_info.c crypto/pem/pem_info.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_lib.c crypto/pem/pem_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_all.c crypto/pem/pem_all.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_err.c crypto/pem/pem_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_x509.c crypto/pem/pem_x509.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_oth.c crypto/pem/pem_oth.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_def.c crypto/x509/x509_def.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_d2.c crypto/x509/x509_d2.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_obj.c crypto/x509/x509_obj.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_req.c crypto/x509/x509_req.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509spki.c crypto/x509/x509spki.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_set.c crypto/x509/x509_set.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509cset.c crypto/x509/x509cset.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509rset.c crypto/x509/x509rset.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_err.c crypto/x509/x509_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509name.c crypto/x509/x509name.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_v3.c crypto/x509/x509_v3.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_ext.c crypto/x509/x509_ext.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_att.c crypto/x509/x509_att.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509type.c crypto/x509/x509type.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_lu.c crypto/x509/x509_lu.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x_all.c crypto/x509/x_all.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_txt.c crypto/x509/x509_txt.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_trs.c crypto/x509/x509_trs.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_file.c crypto/x509/by_file.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_dir.c crypto/x509/by_dir.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3err.c crypto/x509v3/v3err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_err.c crypto/conf/conf_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_lib.c crypto/conf/conf_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_api.c crypto/conf/conf_api.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_def.c crypto/conf/conf_def.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mod.c crypto/conf/conf_mod.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mall.c crypto/conf/conf_mall.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_sap.c crypto/conf/conf_sap.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_lib.c crypto/comp/comp_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_err.c crypto/comp/comp_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_rle.c crypto/comp/c_rle.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_zlib.c crypto/comp/c_zlib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_err.c crypto/engine/eng_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_lib.c crypto/engine/eng_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_list.c crypto/engine/eng_list.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_init.c crypto/engine/eng_init.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_table.c crypto/engine/eng_table.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_fat.c crypto/engine/eng_fat.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_all.c crypto/engine/eng_all.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dh.c crypto/engine/tb_dh.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rand.c crypto/engine/tb_rand.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_store.c crypto/engine/tb_store.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_digest.c crypto/engine/tb_digest.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_err.c crypto/ui/ui_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_lib.c crypto/ui/ui_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_util.c crypto/ui/ui_util.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_compat.c crypto/ui/ui_compat.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_err.c crypto/store/str_err.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_lib.c crypto/store/str_lib.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_meth.c crypto/store/str_meth.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_mem.c crypto/store/str_mem.c --install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/e_os.h e_os.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cryptlib.c crypto/cryptlib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dyn_lck.c crypto/dyn_lck.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem.c crypto/mem.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_clr.c crypto/mem_clr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_dbg.c crypto/mem_dbg.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cversion.c crypto/cversion.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ex_data.c crypto/ex_data.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cpt_err.c crypto/cpt_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ebcdic.c crypto/ebcdic.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/uid.c crypto/uid.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_time.c crypto/o_time.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_str.c crypto/o_str.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_dir.c crypto/o_dir.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_init.c crypto/o_init.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/fips_err.c crypto/fips_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md2/md2_one.c crypto/md2/md2_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_one.c crypto/md4/md4_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_one.c crypto/md5/md5_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_one.c crypto/sha/sha_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1_one.c crypto/sha/sha1_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha256.c crypto/sha/sha256.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha512.c crypto/sha/sha512.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/hmac/hmac.c crypto/hmac/hmac.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_lib.c crypto/des/des_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/set_key.c crypto/des/set_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb_enc.c crypto/des/ecb_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_enc.c crypto/des/cbc_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64enc.c crypto/des/cfb64enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64ede.c crypto/des/cfb64ede.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb_enc.c crypto/des/cfb_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb64ede.c crypto/des/ofb64ede.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/enc_read.c crypto/des/enc_read.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/enc_writ.c crypto/des/enc_writ.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb64enc.c crypto/des/ofb64enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb_enc.c crypto/des/ofb_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/str2key.c crypto/des/str2key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/qud_cksm.c crypto/des/qud_cksm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rand_key.c crypto/des/rand_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_enc.c crypto/des/des_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/fcrypt.c crypto/des/fcrypt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rpc_enc.c crypto/des/rpc_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old.c crypto/des/des_old.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old2.c crypto/des/des_old2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/read2pwd.c crypto/des/read2pwd.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_cbc.c crypto/idea/i_cbc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_ecb.c crypto/idea/i_ecb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_skey.c crypto/idea/i_skey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_skey.c crypto/bf/bf_skey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_enc.c crypto/bf/bf_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_skey.c crypto/cast/c_skey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_ecb.c crypto/cast/c_ecb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_enc.c crypto/cast/c_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_misc.c crypto/aes/aes_misc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ige.c crypto/aes/aes_ige.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_core.c crypto/aes/aes_core.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_add.c crypto/bn/bn_add.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_div.c crypto/bn/bn_div.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp.c crypto/bn/bn_exp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_lib.c crypto/bn/bn_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mul.c crypto/bn/bn_mul.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mod.c crypto/bn/bn_mod.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_print.c crypto/bn/bn_print.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_rand.c crypto/bn/bn_rand.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_shift.c crypto/bn/bn_shift.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_word.c crypto/bn/bn_word.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_blind.c crypto/bn/bn_blind.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_kron.c crypto/bn/bn_kron.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_prime.c crypto/bn/bn_prime.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_err.c crypto/bn/bn_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_asm.c crypto/bn/bn_asm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_recp.c crypto/bn/bn_recp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mont.c crypto/bn/bn_mont.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_nist.c crypto/bn/bn_nist.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_depr.c crypto/bn/bn_depr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_const.c crypto/bn/bn_const.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_opt.c crypto/bn/bn_opt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dl.c crypto/dso/dso_dl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_err.c crypto/dso/dso_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_lib.c crypto/dso/dso_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_null.c crypto/dso/dso_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_win32.c crypto/dso/dso_win32.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_vms.c crypto/dso/dso_vms.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_gen.c crypto/dh/dh_gen.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_key.c crypto/dh/dh_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_lib.c crypto/dh/dh_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_check.c crypto/dh/dh_check.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_err.c crypto/dh/dh_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_depr.c crypto/dh/dh_depr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_lib.c crypto/ec/ec_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_mult.c crypto/ec/ec_mult.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_err.c crypto/ec/ec_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_curve.c crypto/ec/ec_curve.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_check.c crypto/ec/ec_check.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_print.c crypto/ec/ec_print.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_key.c crypto/ec/ec_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buffer.c crypto/buffer/buffer.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_str.c crypto/buffer/buf_str.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_err.c crypto/buffer/buf_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_lib.c crypto/bio/bio_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_cb.c crypto/bio/bio_cb.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_err.c crypto/bio/bio_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_mem.c crypto/bio/bss_mem.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_null.c crypto/bio/bss_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_fd.c crypto/bio/bss_fd.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_file.c crypto/bio/bss_file.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_null.c crypto/bio/bf_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_buff.c crypto/bio/bf_buff.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/b_dump.c crypto/bio/b_dump.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_log.c crypto/bio/bss_log.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_bio.c crypto/bio/bss_bio.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/stack/stack.c crypto/stack/stack.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lhash.c crypto/lhash/lhash.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/md_rand.c crypto/rand/md_rand.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/randfile.c crypto/rand/randfile.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_lib.c crypto/rand/rand_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_eng.c crypto/rand/rand_eng.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_err.c crypto/rand/rand_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_egd.c crypto/rand/rand_egd.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_win.c crypto/rand/rand_win.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_unix.c crypto/rand/rand_unix.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_os2.c crypto/rand/rand_os2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_nw.c crypto/rand/rand_nw.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err.c crypto/err/err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_def.c crypto/err/err_def.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_all.c crypto/err/err_all.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_prn.c crypto/err/err_prn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_str.c crypto/err/err_str.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_bio.c crypto/err/err_bio.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/o_names.c crypto/objects/o_names.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_dat.c crypto/objects/obj_dat.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_lib.c crypto/objects/obj_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_err.c crypto/objects/obj_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/encode.c crypto/evp/encode.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/digest.c crypto/evp/digest.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/dig_eng.c crypto/evp/dig_eng.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_enc.c crypto/evp/evp_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_key.c crypto/evp/evp_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des.c crypto/evp/e_des.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_bf.c crypto/evp/e_bf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_idea.c crypto/evp/e_idea.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des3.c crypto/evp/e_des3.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc4.c crypto/evp/e_rc4.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_aes.c crypto/evp/e_aes.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/names.c crypto/evp/names.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc2.c crypto/evp/e_rc2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_cast.c crypto/evp/e_cast.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc5.c crypto/evp/e_rc5.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/enc_min.c crypto/evp/enc_min.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_null.c crypto/evp/m_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md2.c crypto/evp/m_md2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md4.c crypto/evp/m_md4.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md5.c crypto/evp/m_md5.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha.c crypto/evp/m_sha.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha1.c crypto/evp/m_sha1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss.c crypto/evp/m_dss.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss1.c crypto/evp/m_dss1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_open.c crypto/evp/p_open.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_seal.c crypto/evp/p_seal.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_sign.c crypto/evp/p_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_verify.c crypto/evp/p_verify.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_lib.c crypto/evp/p_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_enc.c crypto/evp/p_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_dec.c crypto/evp/p_dec.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_md.c crypto/evp/bio_md.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_b64.c crypto/evp/bio_b64.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_enc.c crypto/evp/bio_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_err.c crypto/evp/evp_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_null.c crypto/evp/e_null.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_all.c crypto/evp/c_all.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_allc.c crypto/evp/c_allc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_alld.c crypto/evp/c_alld.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_lib.c crypto/evp/evp_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_ok.c crypto/evp/bio_ok.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_old.c crypto/evp/e_old.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_object.c crypto/asn1/a_object.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_time.c crypto/asn1/a_time.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_int.c crypto/asn1/a_int.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_octet.c crypto/asn1/a_octet.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_print.c crypto/asn1/a_print.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_type.c crypto/asn1/a_type.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_set.c crypto/asn1/a_set.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_dup.c crypto/asn1/a_dup.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_enum.c crypto/asn1/a_enum.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_sign.c crypto/asn1/a_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_digest.c crypto/asn1/a_digest.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_verify.c crypto/asn1/a_verify.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strex.c crypto/asn1/a_strex.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_algor.c crypto/asn1/x_algor.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_val.c crypto/asn1/x_val.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_sig.c crypto/asn1/x_sig.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_req.c crypto/asn1/x_req.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_long.c crypto/asn1/x_long.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_name.c crypto/asn1/x_name.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_x509.c crypto/asn1/x_x509.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_crl.c crypto/asn1/x_crl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_info.c crypto/asn1/x_info.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_spki.c crypto/asn1/x_spki.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/nsseq.c crypto/asn1/nsseq.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_req.c crypto/asn1/t_req.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_x509.c crypto/asn1/t_x509.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_crl.c crypto/asn1/t_crl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_spki.c crypto/asn1/t_spki.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_int.c crypto/asn1/f_int.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_string.c crypto/asn1/f_string.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_enum.c crypto/asn1/f_enum.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bool.c crypto/asn1/a_bool.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_exten.c crypto/asn1/x_exten.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_meth.c crypto/asn1/a_meth.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_sign.c crypto/pem/pem_sign.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_seal.c crypto/pem/pem_seal.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_info.c crypto/pem/pem_info.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_lib.c crypto/pem/pem_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_all.c crypto/pem/pem_all.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_err.c crypto/pem/pem_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_x509.c crypto/pem/pem_x509.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_oth.c crypto/pem/pem_oth.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_def.c crypto/x509/x509_def.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_d2.c crypto/x509/x509_d2.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_obj.c crypto/x509/x509_obj.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_req.c crypto/x509/x509_req.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509spki.c crypto/x509/x509spki.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_set.c crypto/x509/x509_set.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509cset.c crypto/x509/x509cset.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509rset.c crypto/x509/x509rset.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_err.c crypto/x509/x509_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509name.c crypto/x509/x509name.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_v3.c crypto/x509/x509_v3.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_ext.c crypto/x509/x509_ext.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_att.c crypto/x509/x509_att.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509type.c crypto/x509/x509type.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_lu.c crypto/x509/x509_lu.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x_all.c crypto/x509/x_all.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_txt.c crypto/x509/x509_txt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_trs.c crypto/x509/x509_trs.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/by_file.c crypto/x509/by_file.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/by_dir.c crypto/x509/by_dir.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3err.c crypto/x509v3/v3err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_err.c crypto/conf/conf_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_lib.c crypto/conf/conf_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_api.c crypto/conf/conf_api.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_def.c crypto/conf/conf_def.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mod.c crypto/conf/conf_mod.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mall.c crypto/conf/conf_mall.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_sap.c crypto/conf/conf_sap.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_lib.c crypto/comp/comp_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_err.c crypto/comp/comp_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_rle.c crypto/comp/c_rle.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_zlib.c crypto/comp/c_zlib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_err.c crypto/engine/eng_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_lib.c crypto/engine/eng_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_list.c crypto/engine/eng_list.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_init.c crypto/engine/eng_init.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_table.c crypto/engine/eng_table.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_fat.c crypto/engine/eng_fat.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_all.c crypto/engine/eng_all.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_dh.c crypto/engine/tb_dh.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_rand.c crypto/engine/tb_rand.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_store.c crypto/engine/tb_store.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_digest.c crypto/engine/tb_digest.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_err.c crypto/ui/ui_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_lib.c crypto/ui/ui_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_util.c crypto/ui/ui_util.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_compat.c crypto/ui/ui_compat.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_err.c crypto/store/str_err.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_lib.c crypto/store/str_lib.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_meth.c crypto/store/str_meth.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_mem.c crypto/store/str_mem.c -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c -+ -+find . -name "*.[ch]" -exec chmod -x {} \; -diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c -index bb5f6d4..7b8bca5 100644 ---- a/Cryptlib/Pk/CryptAuthenticode.c -+++ b/Cryptlib/Pk/CryptAuthenticode.c -@@ -146,8 +146,8 @@ AuthenticodeVerify ( - // - // Long Form of Length Encoding, only support two bytes. - // -- ContentSize = (UINTN) (*(SpcIndirectDataContent + 2)); -- ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3)); -+ ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2)); -+ ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 3)); - // - // Skip the SEQUENCE Tag; - // --- -1.9.3 - diff --git a/SOURCES/0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch b/SOURCES/0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch deleted file mode 100644 index 9ebc9e2..0000000 --- a/SOURCES/0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 14acaa4a3361403e06b284bf8e1e32ad9cec5457 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 27 Aug 2014 11:48:39 -0400 -Subject: [PATCH 51/74] Fix typo from Ard's old tree 32-bit ARM patch. - -We don't need to .data entries; the second one should be .data*. He's -since fixed this in his tree, but I'd already pulled it and pushed to -master. - -Signed-off-by: Peter Jones ---- - elf_arm_efi.lds | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/elf_arm_efi.lds b/elf_arm_efi.lds -index fd1075d..c5dc298 100644 ---- a/elf_arm_efi.lds -+++ b/elf_arm_efi.lds -@@ -19,7 +19,7 @@ SECTIONS - *(.sdata) - *(.data) - *(.data1) -- *(.data) -+ *(.data*) - *(.got.plt) - *(.got) - --- -1.9.3 - diff --git a/SOURCES/0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch b/SOURCES/0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch deleted file mode 100644 index d2038fb..0000000 --- a/SOURCES/0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 94c9a77f6504170a6bd38b0aa29039208987650e Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Wed, 13 Aug 2014 13:35:38 +0200 -Subject: [PATCH 52/74] Handle empty .reloc section in PE/COFF loader - -On archs where no EFI aware objcopy is available, the generated PE/COFF -header contains a .reloc section which is completely empty. Handle this by -- returning early from relocate_coff() with EFI_SUCCESS, -- ignoring discardable sections in the section loader. - -Signed-off-by: Ard Biesheuvel ---- - shim.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/shim.c b/shim.c -index ea8eba8..1329212 100644 ---- a/shim.c -+++ b/shim.c -@@ -145,6 +145,9 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - return EFI_UNSUPPORTED; - } - -+ if (!context->RelocDir->Size) -+ return EFI_SUCCESS; -+ - RelocBase = ImageAddress(data, size, context->RelocDir->VirtualAddress); - RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); - -@@ -996,7 +999,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - * Copy the executable's sections to their desired offsets - */ - Section = context.FirstSection; -- for (i = 0; i < context.NumberOfSections; i++) { -+ for (i = 0; i < context.NumberOfSections; i++, Section++) { -+ if (Section->Characteristics & 0x02000000) -+ /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */ -+ continue; -+ - size = Section->Misc.VirtualSize; - - if (size > Section->SizeOfRawData) -@@ -1021,8 +1028,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - - if (size < Section->Misc.VirtualSize) - ZeroMem (base + size, Section->Misc.VirtualSize - size); -- -- Section += 1; - } - - /* --- -1.9.3 - diff --git a/SOURCES/0053-Don-t-name-something-exit.patch b/SOURCES/0053-Don-t-name-something-exit.patch deleted file mode 100644 index d7dd5e5..0000000 --- a/SOURCES/0053-Don-t-name-something-exit.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 32f10548cdf1919103654ab65601c8b15c3976a1 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 27 Aug 2014 13:26:23 -0400 -Subject: [PATCH 53/74] Don't name something exit(). - -On aarch64 due to some terrifying include chain we wind up with -Cryptlib's definition of exit here. I'm not a glutton for punishment, -so I'm just changing the name so it's not coliding. - -Signed-off-by: Peter Jones ---- - replacements.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/replacements.c b/replacements.c -index 5dfa355..f7623d9 100644 ---- a/replacements.c -+++ b/replacements.c -@@ -162,7 +162,7 @@ exit_boot_services(EFI_HANDLE image_key, UINTN map_key) - } - - static EFI_STATUS EFIAPI --exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, -+do_exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, - UINTN ExitDataSize, CHAR16 *ExitData) - { - EFI_STATUS status; -@@ -206,5 +206,5 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab) - * bootloader and still e.g. start a new one or run an internal - * shell. */ - system_exit = systab->BootServices->Exit; -- systab->BootServices->Exit = exit; -+ systab->BootServices->Exit = do_exit; - } --- -1.9.3 - diff --git a/SOURCES/0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch b/SOURCES/0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch deleted file mode 100644 index c807b9c..0000000 --- a/SOURCES/0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch +++ /dev/null @@ -1,68 +0,0 @@ -From fa2a35ce78b3dc4e9b29f47a9ebc675a97a9a7c7 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 27 Aug 2014 16:39:51 -0400 -Subject: [PATCH 54/74] Make sure we don't try to load a binary from a - different arch. - -Since in theory you could, for example, get an x86_64 binary signed that -also behaves as an ARM executable, we should be checking this before -people build on other architectures. - -Signed-off-by: Peter Jones ---- - include/PeImage.h | 1 + - shim.c | 19 +++++++++++++++++++ - 2 files changed, 20 insertions(+) - -diff --git a/include/PeImage.h b/include/PeImage.h -index ec13404..133e11e 100644 ---- a/include/PeImage.h -+++ b/include/PeImage.h -@@ -49,6 +49,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - #define IMAGE_FILE_MACHINE_EBC 0x0EBC - #define IMAGE_FILE_MACHINE_X64 0x8664 - #define IMAGE_FILE_MACHINE_ARMTHUMB_MIXED 0x01c2 -+#define IMAGE_FILE_MACHINE_ARM64 0xaa64 - - // - // EXE file formats -diff --git a/shim.c b/shim.c -index 1329212..1ec1e11 100644 ---- a/shim.c -+++ b/shim.c -@@ -947,6 +947,20 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - return EFI_SUCCESS; - } - -+static const UINT16 machine_type = -+#if defined(__x86_64__) -+ IMAGE_FILE_MACHINE_X64; -+#elif defined(__aarch64__) -+ IMAGE_FILE_MACHINE_ARM64; -+#elif defined(__arm__) -+ IMAGE_FILE_MACHINE_ARMTHUMB_MIXED; -+#elif defined(__i386__) || defined(__i486__) || defined(__i686__) -+ IMAGE_FILE_MACHINE_I386; -+#elif defined(__ia64__) -+ IMAGE_FILE_MACHINE_IA64; -+#else -+#error this architecture is not supported by shim -+#endif - - /* - * Once the image has been loaded it needs to be validated and relocated -@@ -971,6 +985,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - return efi_status; - } - -+ if (context.PEHdr->Pe32.FileHeader.Machine != machine_type) { -+ perror(L"Image is for a different architecture\n"); -+ return EFI_UNSUPPORTED; -+ } -+ - /* - * We only need to verify the binary if we're in secure mode - */ --- -1.9.3 - diff --git a/SOURCES/0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch b/SOURCES/0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch deleted file mode 100644 index 82ec5df..0000000 --- a/SOURCES/0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch +++ /dev/null @@ -1,140 +0,0 @@ -From a7249a65aff174d2a51d6a7bf77dbbf58744a170 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 18 Sep 2014 18:34:38 -0400 -Subject: [PATCH 55/74] Actually refer to the base relocation table of our - loaded image. - -Currently when we process base relocations, we get the correct Data -Directory pointer from the headers (context->RelocDir), and that header -has been copied into our pristine allocated image when we copied up to -SizeOfHeaders. But the data it points to has not been mirrored in to -the new image, so it is whatever data AllocPool() gave us. - -This patch changes relocate_coff() to refer to the base relocation table -from the image we loaded from disk, but apply the fixups to the new -copy. - -I have no idea how x86_64 worked without this, but I can't make aarch64 -work without it. I also don't know how Ard or Leif have seen aarch64 -work. Maybe they haven't? Leif indicated on irc that they may have -only tested shim with simple "hello world" applications from gnu-efi; -they are certainly much less complex than grub.efi, and are generated -through a different linking process. - -My only theory is that we're getting recycled data there pretty reliably -that just makes us /not/ process any relocations, but since our -ImageBase is 0, and I don't think we ever load grub with 0 as its base -virtual address, that doesn't follow. I'm open to any other ideas -anybody has. - -I do know that on x86_64 (and presumably aarch64 as well), we don't -actually start seeing *symptoms* of this bug until the first chunk[0] of -94c9a77f is applied[1]. Once that is applied, relocate_coff() starts -seeing zero[2] for both RelocBase->VirtualAddress and -RelocBase->SizeOfBlock, because RelocBase is a (generated, relative) -pointer that only makes sense in the context of the original binary, not -our partial copy. Since RelocBase->SizeOfBlock is tested first, -relocate_base() gives us "Reloc block size is invalid"[3] and returns -EFI_UNSUPPORTED. At that point shim exits with an error. - -[0] The second chunk of 94c9a77f patch makes no difference on this - issue. -[1] I don't see why at all. -[2] Which could really be any value since it's AllocatePool() and not - AllocateZeroPool() results, but 0 is all I've observed; I think - AllocatePool() has simply never recycled any memory in my test - cases. -[3] which is silent because perror() tries to avoid talking because that - has caused much crashing in the past; work needs to go in to 0.9 for - this. - -Signed-off-by: Peter Jones ---- - shim.c | 42 +++++++++++++++++++++--------------------- - 1 file changed, 21 insertions(+), 21 deletions(-) - -diff --git a/shim.c b/shim.c -index 1ec1e11..4b4d31a 100644 ---- a/shim.c -+++ b/shim.c -@@ -122,7 +122,7 @@ static void *ImageAddress (void *image, unsigned int size, unsigned int address) - * Perform the actual relocation - */ - static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, -- void *data) -+ void *orig, void *data) - { - EFI_IMAGE_BASE_RELOCATION *RelocBase, *RelocBaseEnd; - UINT64 Adjust; -@@ -132,7 +132,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - UINT32 *Fixup32; - UINT64 *Fixup64; - int size = context->ImageSize; -- void *ImageEnd = (char *)data + size; -+ void *ImageEnd = (char *)orig + size; - - #if __LP64__ - context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data; -@@ -140,16 +140,8 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)data; - #endif - -- if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { -- perror(L"Image has no relocation entry\n"); -- return EFI_UNSUPPORTED; -- } -- -- if (!context->RelocDir->Size) -- return EFI_SUCCESS; -- -- RelocBase = ImageAddress(data, size, context->RelocDir->VirtualAddress); -- RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); -+ RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress); -+ RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); - - if (!RelocBase || !RelocBaseEnd) { - perror(L"Reloc table overflows binary\n"); -@@ -170,7 +162,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - } - - RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock); -- if ((void *)RelocEnd < data || (void *)RelocEnd > ImageEnd) { -+ if ((void *)RelocEnd < orig || (void *)RelocEnd > ImageEnd) { - perror(L"Reloc entry overflows binary\n"); - return EFI_UNSUPPORTED; - } -@@ -1049,15 +1041,23 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - ZeroMem (base + size, Section->Misc.VirtualSize - size); - } - -- /* -- * Run the relocation fixups -- */ -- efi_status = relocate_coff(&context, buffer); -- -- if (efi_status != EFI_SUCCESS) { -- perror(L"Relocation failed: %r\n", efi_status); -+ if (context.NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { -+ perror(L"Image has no relocation entry\n"); - FreePool(buffer); -- return efi_status; -+ return EFI_UNSUPPORTED; -+ } -+ -+ if (context.RelocDir->Size) { -+ /* -+ * Run the relocation fixups -+ */ -+ efi_status = relocate_coff(&context, data, buffer); -+ -+ if (efi_status != EFI_SUCCESS) { -+ perror(L"Relocation failed: %r\n", efi_status); -+ FreePool(buffer); -+ return efi_status; -+ } - } - - entry_point = ImageAddress(buffer, context.ImageSize, context.EntryPoint); --- -1.9.3 - diff --git a/SOURCES/0056-Make-64-on-32-maybe-work-on-x86_64.patch b/SOURCES/0056-Make-64-on-32-maybe-work-on-x86_64.patch deleted file mode 100644 index 97ad998..0000000 --- a/SOURCES/0056-Make-64-on-32-maybe-work-on-x86_64.patch +++ /dev/null @@ -1,331 +0,0 @@ -From 750584c207757688cbab47f51a18a33c3e36fb8b Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 19 Sep 2014 11:37:35 -0400 -Subject: [PATCH 56/74] Make 64-on-32 maybe work on x86_64. - -This is mostly based on a patch (https://github.com/mjg59/shim/issues/30) -from https://github.com/TBOpen , which refactors our __LP64__ -tests to be tests of the header magic instead. I've simplified things -by using what we've pre-loaded into "context" and making some helper -functions so the conditionals in most of the code say what they do, -instead of how they work. - -Note that we're only allowing that from in_protocol's loader - that is, -we'll let 64-bit grub load a 32-bit kernel or 32-bit grub load a 64-bit -kernel, but 32-bit shim isn't loading a 64-bit grub. - -Signed-off-by: Peter Jones ---- - shim.c | 220 ++++++++++++++++++++++++++++++++++++++++++++--------------------- - 1 file changed, 148 insertions(+), 72 deletions(-) - -diff --git a/shim.c b/shim.c -index 4b4d31a..c1b5c17 100644 ---- a/shim.c -+++ b/shim.c -@@ -118,6 +118,106 @@ static void *ImageAddress (void *image, unsigned int size, unsigned int address) - return image + address; - } - -+/* here's a chart: -+ * i686 x86_64 aarch64 -+ * 64-on-64: nyet yes yes -+ * 64-on-32: nyet yes nyet -+ * 32-on-32: yes yes no -+ */ -+static int -+allow_64_bit(void) -+{ -+#if defined(__x86_64__) || defined(__aarch64__) -+ return 1; -+#elif defined(__i386__) || defined(__i686__) -+ /* Right now blindly assuming the kernel will correctly detect this -+ * and /halt the system/ if you're not really on a 64-bit cpu */ -+ if (in_protocol) -+ return 1; -+ return 0; -+#else /* assuming everything else is 32-bit... */ -+ return 0; -+#endif -+} -+ -+static int -+allow_32_bit(void) -+{ -+#if defined(__x86_64__) -+#if defined(ALLOW_32BIT_KERNEL_ON_X64) -+ if (in_protocol) -+ return 1; -+ return 0; -+#else -+ return 0; -+#endif -+#elif defined(__i386__) || defined(__i686__) -+ return 1; -+#elif defined(__arch64__) -+ return 0; -+#else /* assuming everything else is 32-bit... */ -+ return 1; -+#endif -+} -+ -+static int -+image_is_64_bit(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr) -+{ -+ /* .Magic is the same offset in all cases */ -+ if (PEHdr->Pe32Plus.OptionalHeader.Magic -+ == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) -+ return 1; -+ return 0; -+} -+ -+static const UINT16 machine_type = -+#if defined(__x86_64__) -+ IMAGE_FILE_MACHINE_X64; -+#elif defined(__aarch64__) -+ IMAGE_FILE_MACHINE_ARM64; -+#elif defined(__arm__) -+ IMAGE_FILE_MACHINE_ARMTHUMB_MIXED; -+#elif defined(__i386__) || defined(__i486__) || defined(__i686__) -+ IMAGE_FILE_MACHINE_I386; -+#elif defined(__ia64__) -+ IMAGE_FILE_MACHINE_IA64; -+#else -+#error this architecture is not supported by shim -+#endif -+ -+static int -+image_is_loadable(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr) -+{ -+ /* If the machine type doesn't match the binary, bail, unless -+ * we're in an allowed 64-on-32 scenario */ -+ if (PEHdr->Pe32.FileHeader.Machine != machine_type) { -+ if (!(machine_type == IMAGE_FILE_MACHINE_I386 && -+ PEHdr->Pe32.FileHeader.Machine == IMAGE_FILE_MACHINE_X64 && -+ allow_64_bit())) { -+ return 0; -+ } -+ } -+ -+ /* If it's not a header type we recognize at all, bail */ -+ switch (PEHdr->Pe32Plus.OptionalHeader.Magic) { -+ case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC: -+ case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC: -+ break; -+ default: -+ return 0; -+ } -+ -+ /* and now just check for general 64-vs-32 compatibility */ -+ if (image_is_64_bit(PEHdr)) { -+ if (allow_64_bit()) -+ return 1; -+ } else { -+ if (allow_32_bit()) -+ return 1; -+ } -+ return 0; -+} -+ - /* - * Perform the actual relocation - */ -@@ -134,11 +234,10 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - int size = context->ImageSize; - void *ImageEnd = (char *)orig + size; - --#if __LP64__ -- context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data; --#else -- context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)data; --#endif -+ if (image_is_64_bit(context->PEHdr)) -+ context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)(unsigned long)data; -+ else -+ context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)(unsigned long)data; - - RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress); - RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); -@@ -157,7 +256,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION)); - - if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) { -- perror(L"Reloc block size is invalid\n"); -+ perror(L"Reloc block size %d is invalid\n", RelocBase->SizeOfBlock); - return EFI_UNSUPPORTED; - } - -@@ -498,7 +597,7 @@ static BOOLEAN secure_mode (void) - * Calculate the SHA1 and SHA256 hashes of a binary - */ - --static EFI_STATUS generate_hash (char *data, int datasize_in, -+static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, - PE_COFF_LOADER_IMAGE_CONTEXT *context, - UINT8 *sha256hash, UINT8 *sha1hash) - -@@ -572,15 +671,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - } - - /* Hash end of certificate table to end of image header */ --#if __LP64__ -- hashbase = (char *) &context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; -- hashsize = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders - -- (int) ((char *) (&context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data); --#else -- hashbase = (char *) &context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; -- hashsize = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders - -- (int) ((char *) (&context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data); --#endif -+ EFI_IMAGE_DATA_DIRECTORY *dd = context->SecDir + 1; -+ hashbase = (char *)dd; -+ hashsize = context->SizeOfHeaders - (unsigned long)((char *)dd - data); -+ if (hashsize > datasize_in) { -+ perror(L"Data Directory size %d is invalid\n", hashsize); -+ status = EFI_INVALID_PARAMETER; -+ goto done; -+ } - - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || - !(Sha1Update(sha1ctx, hashbase, hashsize))) { -@@ -590,11 +688,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - } - - /* Sort sections */ --#if __LP64__ -- SumOfBytesHashed = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; --#else -- SumOfBytesHashed = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders; --#endif -+ SumOfBytesHashed = context->SizeOfHeaders; - - /* Validate section locations and sizes */ - for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) { -@@ -682,14 +776,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, - /* Hash all remaining data */ - if (datasize > SumOfBytesHashed) { - hashbase = data + SumOfBytesHashed; -- hashsize = (unsigned int)( -- datasize - --#if __LP64__ -- context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - --#else -- context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - --#endif -- SumOfBytesHashed); -+ hashsize = datasize - context->SecDir->Size - SumOfBytesHashed; - - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || - !(Sha1Update(sha1ctx, hashbase, hashsize))) { -@@ -843,24 +930,31 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr = data; - unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize; - -- if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) { -+ if (datasize < sizeof (PEHdr->Pe32)) { - perror(L"Invalid image\n"); - return EFI_UNSUPPORTED; - } - - if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) - PEHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)((char *)data + DosHdr->e_lfanew); --#if __LP64__ -- context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; -- context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; -- context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; -- OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64); --#else -- context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes; -- context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders; -- context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage; -- OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32); --#endif -+ -+ if (!image_is_loadable(PEHdr)) { -+ perror(L"Platform does not support this image\n"); -+ return EFI_UNSUPPORTED; -+ } -+ -+ if (image_is_64_bit(PEHdr)) { -+ context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; -+ context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; -+ context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; -+ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64); -+ } else { -+ context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes; -+ context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders; -+ context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage; -+ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32); -+ } -+ - context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; - - if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) { -@@ -908,17 +1002,19 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - } - - context->PEHdr = PEHdr; --#if __LP64__ -- context->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase; -- context->EntryPoint = PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint; -- context->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; -- context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; --#else -- context->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase; -- context->EntryPoint = PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint; -- context->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; -- context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; --#endif -+ -+ if (image_is_64_bit(PEHdr)) { -+ context->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase; -+ context->EntryPoint = PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint; -+ context->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; -+ context->SecDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; -+ } else { -+ context->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase; -+ context->EntryPoint = PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint; -+ context->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; -+ context->SecDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; -+ } -+ - context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER)); - - if (context->ImageSize < context->SizeOfHeaders) { -@@ -939,21 +1035,6 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - return EFI_SUCCESS; - } - --static const UINT16 machine_type = --#if defined(__x86_64__) -- IMAGE_FILE_MACHINE_X64; --#elif defined(__aarch64__) -- IMAGE_FILE_MACHINE_ARM64; --#elif defined(__arm__) -- IMAGE_FILE_MACHINE_ARMTHUMB_MIXED; --#elif defined(__i386__) || defined(__i486__) || defined(__i686__) -- IMAGE_FILE_MACHINE_I386; --#elif defined(__ia64__) -- IMAGE_FILE_MACHINE_IA64; --#else --#error this architecture is not supported by shim --#endif -- - /* - * Once the image has been loaded it needs to be validated and relocated - */ -@@ -977,11 +1058,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - return efi_status; - } - -- if (context.PEHdr->Pe32.FileHeader.Machine != machine_type) { -- perror(L"Image is for a different architecture\n"); -- return EFI_UNSUPPORTED; -- } -- - /* - * We only need to verify the binary if we're in secure mode - */ --- -1.9.3 - diff --git a/SOURCES/0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch b/SOURCES/0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch deleted file mode 100644 index 1ad40eb..0000000 --- a/SOURCES/0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch +++ /dev/null @@ -1,84 +0,0 @@ -From f04d50b74770f5c7f7e0a1c3c24b7713fbec0802 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Sat, 20 Sep 2014 16:47:08 -0400 -Subject: [PATCH 57/74] Validate computed hash bases/hash sizes more - thoroughly. - -I screwed one of these up when working on 750584c, and it's a real pain -to figure out, so that means we should be validating them. - -Signed-off-by: Peter Jones ---- - shim.c | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) - -diff --git a/shim.c b/shim.c -index c1b5c17..cfa90d1 100644 ---- a/shim.c -+++ b/shim.c -@@ -593,6 +593,22 @@ static BOOLEAN secure_mode (void) - return TRUE; - } - -+#define check_size_line(data, datasize_in, hashbase, hashsize, l) ({ \ -+ if ((unsigned long)hashbase > \ -+ (unsigned long)data + datasize_in) { \ -+ perror(L"shim.c:%d Invalid hash base 0x%016x\n", l, \ -+ hashbase); \ -+ goto done; \ -+ } \ -+ if ((unsigned long)hashbase + hashsize > \ -+ (unsigned long)data + datasize_in) { \ -+ perror(L"shim.c:%d Invalid hash size 0x%016x\n", l, \ -+ hashsize); \ -+ goto done; \ -+ } \ -+}) -+#define check_size(d,ds,h,hs) check_size_line(d,ds,h,hs,__LINE__) -+ - /* - * Calculate the SHA1 and SHA256 hashes of a binary - */ -@@ -650,6 +666,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, - hashbase = data; - hashsize = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum - - hashbase; -+ check_size(data, datasize_in, hashbase, hashsize); - - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || - !(Sha1Update(sha1ctx, hashbase, hashsize))) { -@@ -662,6 +679,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, - hashbase = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum + - sizeof (int); - hashsize = (char *)context->SecDir - hashbase; -+ check_size(data, datasize_in, hashbase, hashsize); - - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || - !(Sha1Update(sha1ctx, hashbase, hashsize))) { -@@ -679,6 +697,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, - status = EFI_INVALID_PARAMETER; - goto done; - } -+ check_size(data, datasize_in, hashbase, hashsize); - - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || - !(Sha1Update(sha1ctx, hashbase, hashsize))) { -@@ -763,6 +782,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, - goto done; - } - hashsize = (unsigned int) Section->SizeOfRawData; -+ check_size(data, datasize_in, hashbase, hashsize); - - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || - !(Sha1Update(sha1ctx, hashbase, hashsize))) { -@@ -777,6 +797,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, - if (datasize > SumOfBytesHashed) { - hashbase = data + SumOfBytesHashed; - hashsize = datasize - context->SecDir->Size - SumOfBytesHashed; -+ check_size(data, datasize_in, hashbase, hashsize); - - if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || - !(Sha1Update(sha1ctx, hashbase, hashsize))) { --- -1.9.3 - diff --git a/SOURCES/0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch b/SOURCES/0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch deleted file mode 100644 index 8b1f939..0000000 --- a/SOURCES/0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 3d1cdbc4e3815dd8e489b8a9c95e945b67d3a045 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 19 Sep 2014 11:48:56 -0400 -Subject: [PATCH 58/74] Don't call AuthenticodeVerify if vendor_cert_size is 0. - -Actually check the size of our vendor cert quite early, so that there's -no confusion as to what's going on. - -This isn't strictly necessary, in that in all cases if vendor_cert_size -is 0, then AuthenticodeVerify -> Pkcs7Verify() -> d2i_X509() will result -in a NULL "Cert", and it will return FALSE, and we'll reject the -signature, but better to avoid all that code in the first place. Belt -and suspenders and whatnot. - -Based on a patch from https://github.com/TBOpen . - -Signed-off-by: Peter Jones ---- - shim.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/shim.c b/shim.c -index cfa90d1..caa05d8 100644 ---- a/shim.c -+++ b/shim.c -@@ -923,14 +923,13 @@ static EFI_STATUS verify_buffer (char *data, int datasize, - return status; - } - -- - /* - * And finally, check against shim's built-in key - */ -- if (AuthenticodeVerify(cert->CertData, -- context->SecDir->Size - sizeof(cert->Hdr), -- vendor_cert, vendor_cert_size, sha256hash, -- SHA256_DIGEST_SIZE)) { -+ if (vendor_cert_size && AuthenticodeVerify(cert->CertData, -+ context->SecDir->Size - sizeof(cert->Hdr), -+ vendor_cert, vendor_cert_size, sha256hash, -+ SHA256_DIGEST_SIZE)) { - status = EFI_SUCCESS; - return status; - } --- -1.9.3 - diff --git a/SOURCES/0059-Fix-our-in_protocol-printing.patch b/SOURCES/0059-Fix-our-in_protocol-printing.patch deleted file mode 100644 index 6895765..0000000 --- a/SOURCES/0059-Fix-our-in_protocol-printing.patch +++ /dev/null @@ -1,30 +0,0 @@ -From eb72a4c3a1be9a10512886d2c95f9c015b77e15f Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 19 Sep 2014 16:46:01 -0400 -Subject: [PATCH 59/74] Fix our "in_protocol" printing. - -When I merged 4bfb13d and fixed the conflicts, I managed to make the -in_protocol test exactly backwards, so that's why we don't currently see -error messages. - -Signed-off-by: Peter Jones ---- - shim.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/shim.c b/shim.c -index caa05d8..7cd4182 100644 ---- a/shim.c -+++ b/shim.c -@@ -63,7 +63,7 @@ static UINT8 in_protocol; - - #define perror(fmt, ...) ({ \ - UINTN __perror_ret = 0; \ -- if (in_protocol) \ -+ if (!in_protocol) \ - __perror_ret = Print((fmt), ##__VA_ARGS__); \ - __perror_ret; \ - }) --- -1.9.3 - diff --git a/SOURCES/0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch b/SOURCES/0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch deleted file mode 100644 index cef43e7..0000000 --- a/SOURCES/0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch +++ /dev/null @@ -1,417 +0,0 @@ -From 0e7ba5947eb38b79de2051ecf3b95055e620475c Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Sat, 20 Sep 2014 14:03:03 -0400 -Subject: [PATCH 60/74] Generate a sane PE header on shim, fallback, and - MokManager. - -It turns out a7249a65 was masking a second problem - on some binaries, -when we actually don't have any base relocations at all, binutils' -"objcopy --target efi-app-x86_64" is generating a PE header with a base -relocations pointer that happily points into the middle of our text -section. So with shim processing base relocations correctly, it refuses -to load those binaries. - -For example, on one binary I just built: - -00000130 00 a0 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 |................| - -which says there's a Base Relocation Table at 0xa000 that's 0xa bytes long. -That's here: - -0000a000 58 00 29 00 00 00 00 00 48 00 44 00 28 00 50 00 |X.).....H.D.(.P.| -0000a010 61 00 72 00 74 00 25 00 64 00 2c 00 53 00 69 00 |a.r.t.%.d.,.S.i.| -0000a020 67 00 25 00 67 00 29 00 00 00 00 00 00 00 00 00 |g.%.g.).........| -0000a030 48 00 44 00 28 00 50 00 61 00 72 00 74 00 25 00 |H.D.(.P.a.r.t.%.| - -So the table is: - -0000a000 58 00 29 00 00 00 00 00 48 00 |X.).....H. | - -That wouldn't be so bad, except those binaries are MokManager.efi, -fallback.efi, and shim.efi, and sometimes they're .reloc, which we're -actually trying to handle correctly now because grub builds with a real -and valid .reloc table. So though I didn't think there was any hair -left on this yak, more shaving ensues. - -With this change, instead of letting objcopy do whatever it likes, we -switch to "-O binary" and merely link in a header that's appropriate for -our binaries. This is the same method Ard wrote for aarch64, and it -seems to work fine in either place (modulo some minor changes.) - -At some point this should be merged into gnu-efi instead of carrying our -own crt0-efi-x86_64.S, but that's a less immediate problem. - -I did not need this problem. - -Signed-off-by: Peter Jones ---- - Makefile | 24 ++++++-- - crt0-efi-x86_64.S | 177 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - elf_x86_64_efi.lds | 85 +++++++++++++------------ - 3 files changed, 236 insertions(+), 50 deletions(-) - create mode 100644 crt0-efi-x86_64.S - -diff --git a/Makefile b/Makefile -index 5bc513c..d5fd55b 100644 ---- a/Makefile -+++ b/Makefile -@@ -15,7 +15,10 @@ EFI_PATH := /usr/lib64/gnuefi - LIB_GCC = $(shell $(CC) -print-libgcc-file-name) - EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) - --EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o -+ifeq ($(ARCH),x86_64) -+EFI_CRT_OBJS := crt0-efi-$(ARCH).o -+endif -+EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o - EFI_LDS = elf_$(ARCH)_efi.lds - - DEFAULT_LOADER := \\\\grub.efi -@@ -52,11 +55,11 @@ ifneq ($(origin VENDOR_DBX_FILE), undefined) - CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" - endif - --LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) -+LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL - - VERSION = 0.7 - --TARGET = shim.efi MokManager.efi.signed fallback.efi.signed -+TARGET += shim.efi MokManager.efi.signed fallback.efi.signed - OBJS = shim.o netboot.o cert.o replacements.o version.o - KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer - SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h -@@ -94,17 +97,17 @@ shim.o: $(SOURCES) shim_cert.h - cert.o : cert.S - $(CC) $(CFLAGS) -c -o $@ $< - --shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a -+shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) - $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) - - fallback.o: $(FALLBACK_SRCS) - --fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a -+fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) - $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) - - MokManager.o: $(MOK_SOURCES) - --MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a -+MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) - $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a - - Cryptlib/libcryptlib.a: -@@ -128,8 +131,17 @@ SUBSYSTEM := 0xa - LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) - endif - -+ifeq ($(ARCH),x86_64) -+FORMAT := -O binary -+SUBSYSTEM := 0xa -+LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) -+endif -+ - FORMAT ?= --target efi-app-$(ARCH) - -+crt0-efi-x86_64.o : crt0-efi-x86_64.S -+ $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $< -+ - %.efi: %.so - $(OBJCOPY) -j .text -j .sdata -j .data \ - -j .dynamic -j .dynsym -j .rel* \ -diff --git a/crt0-efi-x86_64.S b/crt0-efi-x86_64.S -new file mode 100644 -index 0000000..f334a63 ---- /dev/null -+++ b/crt0-efi-x86_64.S -@@ -0,0 +1,177 @@ -+/* crt0-efi-x86_64.S - x86_64 EFI startup code. -+ * -+ * Copyright 2014 Red Hat, Inc. -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the -+ * distribution. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, -+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ .section .text.head -+ -+ /* -+ * Magic "MZ" signature for PE/COFF -+ */ -+ .globl ImageBase -+ImageBase: -+ .ascii "MZ" -+ .skip 58 // 'MZ' + pad + offset == 64 -+ .long pe_header - ImageBase // Offset to the PE header. -+ .long 0x0eba1f0e /* terrifying code */ -+ .long 0xcd09b400 /* terrifying code */ -+ .long 0x4c01b821 /* terrifying code */ -+ .short 0x21cd /* terrfiying code */ -+ .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ -+ .skip 9 -+pe_header: -+ .ascii "PE" -+ .short 0 -+coff_header: -+ .short 0x8664 // x86_64 -+ .short 1 // nr_sections -+ .long 0 // TimeDateStamp -+ .long 0 // PointerToSymbolTable -+ .long 0 // NumberOfSymbols -+ .short section_table - optional_header // SizeOfOptionalHeader -+ .short 0x206 // Characteristics. -+ // IMAGE_FILE_DEBUG_STRIPPED | -+ // IMAGE_FILE_EXECUTABLE_IMAGE | -+ // IMAGE_FILE_LINE_NUMS_STRIPPED -+optional_header: -+ .short 0x20b // PE32+ format -+ .byte 0x02 // MajorLinkerVersion -+ .byte 0x18 // MinorLinkerVersion -+ .long _edata - _start // SizeOfCode -+ .long 0 // SizeOfInitializedData -+ .long 0 // SizeOfUninitializedData -+ .long _start - ImageBase // AddressOfEntryPoint -+ .long _start - ImageBase // BaseOfCode -+ -+extra_header_fields: -+ .quad 0 // ImageBase -+ .long 0x20 // SectionAlignment -+ .long 0x8 // FileAlignment -+ .short 0 // MajorOperatingSystemVersion -+ .short 0 // MinorOperatingSystemVersion -+ .short 0 // MajorImageVersion -+ .short 0 // MinorImageVersion -+ .short 0 // MajorSubsystemVersion -+ .short 0 // MinorSubsystemVersion -+ .long 0 // Win32VersionValue -+ -+ .long _edata - ImageBase // SizeOfImage -+ -+ // Everything before the kernel image is considered part of the header -+ .long _start - ImageBase // SizeOfHeaders -+ .long 0 // CheckSum -+ .short EFI_SUBSYSTEM // Subsystem -+ .short 0 // DllCharacteristics -+ .quad 0 // SizeOfStackReserve -+ .quad 0 // SizeOfStackCommit -+ .quad 0 // SizeOfHeapReserve -+ .quad 0 // SizeOfHeapCommit -+ .long 0 // LoaderFlags -+ .long 0x10 // NumberOfRvaAndSizes -+ -+ .quad 0 // ExportTable -+ .quad 0 // ImportTable -+ .quad 0 // ResourceTable -+ .quad 0 // ExceptionTable -+ .quad 0 // CertificationTable -+ .quad 0 // BaseRelocationTable -+ .quad 0 // DebugTable -+ .quad 0 // ArchTable -+ .quad 0 // GlobalPointerTable -+ .quad 0 // .tls -+ .quad 0 // LoadConfigTable -+ .quad 0 // BoundImportsTable -+ .quad 0 // ImportAddressTable -+ .quad 0 // DelayLoadImportTable -+ .quad 0 // ClrRuntimeHeader (.cor) -+ .quad 0 // Reserved -+ -+ // Section table -+section_table: -+ .ascii ".text" -+ .byte 0 -+ .byte 0 -+ .byte 0 // end of 0 padding of section name -+ -+ .long _edata - _start // VirtualSize -+ .long _start - ImageBase // VirtualAddress -+ .long _edata - _start // SizeOfRawData -+ .long _start - ImageBase // PointerToRawData -+ .long 0 // PointerToRelocations (0 for executables) -+ .long 0 // PointerToLineNumbers (0 for executables) -+ .short 0 // NumberOfRelocations (0 for executables) -+ .short 0 // NumberOfLineNumbers (0 for executables) -+ .long 0x60500020 // Characteristics (section flags) -+ -+ /* -+ * The EFI application loader requires a relocation section -+ * because EFI applications must be relocatable. This is a -+ * dummy section as far as we are concerned. -+ */ -+ .ascii ".reloc" -+ .byte 0 -+ .byte 0 // end of 0 padding of section name -+ -+ .long 0 // VirtualSize -+ .long 0 // VirtualAddress -+ .long 0 // SizeOfRawData -+ .long 0 // PointerToRawData -+ .long 0 // PointerToRelocations -+ .long 0 // PointerToLineNumbers -+ .short 0 // NumberOfRelocations -+ .short 0 // NumberOfLineNumbers -+ .long 0x42100040 // Characteristics (section flags) -+ -+ /* x86-64 needs this padding here; without it, some machines simply -+ * refuse to admit this is an EFI binary. I'm not really sure why; -+ * reading the spec, it's unclear, but you'd expect it would need to -+ * be aligned to (1 << FileAlignment), which would mean not having -+ * the spacing. -+ */ -+ .quad 0 -+_start: -+ subq $8, %rsp -+ pushq %rcx -+ pushq %rdx -+ -+0: -+ lea ImageBase(%rip), %rdi -+ lea _DYNAMIC(%rip), %rsi -+ -+ popq %rcx -+ popq %rdx -+ pushq %rcx -+ pushq %rdx -+ call _relocate -+ -+ popq %rdi -+ popq %rsi -+ -+ call efi_main -+ addq $8, %rsp -+ -+.exit: -+ ret -diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds -index f981102..091187b 100644 ---- a/elf_x86_64_efi.lds -+++ b/elf_x86_64_efi.lds -@@ -4,63 +4,60 @@ OUTPUT_ARCH(i386:x86-64) - ENTRY(_start) - SECTIONS - { -- . = 0; -- ImageBase = .; -- .hash : { *(.hash) } /* this MUST come first! */ -- . = ALIGN(4096); -- .eh_frame : -- { -- *(.eh_frame) -- } -- . = ALIGN(4096); -- .text : -- { -- *(.text) -- } -- . = ALIGN(4096); -- .reloc : -- { -- *(.reloc) -+ .text 0x0 : { -+ *(.text.head) -+ *(.text) -+ *(.text.*) -+ *(.gnu.linkonce.t.*) -+ *(.srodata) -+ *(.rodata*) -+ . = ALIGN(16); -+ _etext = .; - } -- . = ALIGN(4096); -+ .dynamic : { *(.dynamic) } - .data : - { -- *(.rodata*) -- *(.got.plt) -- *(.got) -- *(.data*) -- *(.sdata) -- /* the EFI loader doesn't seem to like a .bss section, so we stick -- it all into .data: */ -- *(.sbss) -- *(.scommon) -- *(.dynbss) -- *(.bss) -- *(COMMON) -- *(.rel.local) -+ *(.sdata) -+ *(.data) -+ *(.data1) -+ *(.data.*) -+ *(.got.plt) -+ *(.got) -+ -+ /* the EFI loader doesn't seem to like a .bss section, so we stick -+ * it all into .data: */ -+ . = ALIGN(16); -+ _bss = .; -+ *(.sbss) -+ *(.scommon) -+ *(.dynbss) -+ *(.bss) -+ *(COMMON) -+ . = ALIGN(16); -+ _bss_end = .; - } - . = ALIGN(4096); - .vendor_cert : - { -- *(.vendor_cert) -+ *(.vendor_cert) - } -+ - . = ALIGN(4096); -- .dynamic : { *(.dynamic) } -- . = ALIGN(4096); -- .rela : -- { -- *(.rela.data*) -- *(.rela.got) -- *(.rela.stab) -- } -+ .rela.dyn : { *(.rela.dyn) } -+ .rela.plt : { *(.rela.plt) } -+ .rela.got : { *(.rela.got) } -+ .rela.data : { *(.rela.data) *(.rela.data*) } -+ _edata = .; -+ _data_size = . - _etext; -+ - . = ALIGN(4096); -- .dynsym : { *(.dynsym) } -+ .dynsym : { *(.dynsym) } - . = ALIGN(4096); -- .dynstr : { *(.dynstr) } -+ .dynstr : { *(.dynstr) } - . = ALIGN(4096); -- .ignored.reloc : -+ /DISCARD/ : - { -- *(.rela.reloc) -+ *(.rel.reloc) - *(.eh_frame) - *(.note.GNU-stack) - } --- -1.9.3 - diff --git a/SOURCES/0061-Do-the-same-for-ia32.patch b/SOURCES/0061-Do-the-same-for-ia32.patch deleted file mode 100644 index 575a312..0000000 --- a/SOURCES/0061-Do-the-same-for-ia32.patch +++ /dev/null @@ -1,383 +0,0 @@ -From 6744a7ef8eca44948565c3d1244ec931ed3f6fee Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Sun, 21 Sep 2014 13:11:11 -0400 -Subject: [PATCH 61/74] Do the same for ia32... - -Once again, on ia32 this time, we see: - -00000120 47 84 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 |G...............| - -Which is where the pointer on ia32 for the Base Relocation Table should -be. It points to 0x8447, which isn't a particularly reasonable address as -numbers go, and happens to have this data there: - -00008440 6f 00 6e 00 66 00 69 00 67 00 75 00 72 00 65 00 |o.n.f.i.g.u.r.e.| -00008450 00 00 49 00 50 00 76 00 36 00 28 00 00 00 2c 00 |..I.P.v.6.(...,.| -00008460 25 00 73 00 2c 00 00 00 29 00 00 00 25 00 64 00 |%.s.,...)...%.d.| -00008470 2e 00 25 00 64 00 2e 00 25 00 64 00 2e 00 25 00 |..%.d...%.d...%.| -00008480 64 00 00 00 44 00 48 00 43 00 50 00 00 00 49 00 |d...D.H.C.P...I.| -00008490 50 00 76 00 34 00 28 00 00 00 2c 00 25 00 73 00 |P.v.4.(...,.%.s.| - -And so that table is, in theory, this part: - -00008447 00 67 00 75 00 72 00 65 00 | .g.u.r.e.| -00008450 00 |. | - -Which is pretty clearly not a pointer table of any kind. - -So give ia32 the same treatment as x86_64, and now all arches work basically -the same. - -Signed-off-by: Peter Jones ---- - Makefile | 22 +++++-- - crt0-efi-ia32.S | 180 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - elf_ia32_efi.lds | 83 ++++++++++++------------- - 3 files changed, 236 insertions(+), 49 deletions(-) - create mode 100644 crt0-efi-ia32.S - -diff --git a/Makefile b/Makefile -index d5fd55b..a52984f 100644 ---- a/Makefile -+++ b/Makefile -@@ -6,19 +6,25 @@ ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) - - SUBDIRS = Cryptlib lib - --LIB_PATH = /usr/lib64 -- - EFI_INCLUDE := /usr/include/efi - EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude --EFI_PATH := /usr/lib64/gnuefi -+ifeq ($(ARCH),ia32) -+LIB_PATH := /usr/lib -+EFI_PATH := /usr/lib/gnuefi -+endif -+LIB_PATH ?= /usr/lib64 -+EFI_PATH ?= /usr/lib64/gnuefi - - LIB_GCC = $(shell $(CC) -print-libgcc-file-name) - EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) - - ifeq ($(ARCH),x86_64) - EFI_CRT_OBJS := crt0-efi-$(ARCH).o --endif -+else ifeq ($(ARCH),ia32) -+EFI_CRT_OBJS := crt0-efi-$(ARCH).o -+else - EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o -+endif - EFI_LDS = elf_$(ARCH)_efi.lds - - DEFAULT_LOADER := \\\\grub.efi -@@ -137,9 +143,15 @@ SUBSYSTEM := 0xa - LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) - endif - -+ifeq ($(ARCH),ia32) -+FORMAT := -O binary -+SUBSYSTEM := 0xa -+LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) -+endif -+ - FORMAT ?= --target efi-app-$(ARCH) - --crt0-efi-x86_64.o : crt0-efi-x86_64.S -+crt0-efi-$(ARCH).o : crt0-efi-$(ARCH).S - $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $< - - %.efi: %.so -diff --git a/crt0-efi-ia32.S b/crt0-efi-ia32.S -new file mode 100644 -index 0000000..70b5b44 ---- /dev/null -+++ b/crt0-efi-ia32.S -@@ -0,0 +1,180 @@ -+/* crt0-efi-x86_64.S - x86_64 EFI startup code. -+ * -+ * Copyright 2014 Red Hat, Inc. -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the -+ * distribution. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, -+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ .section .text.head -+ -+ /* -+ * Magic "MZ" signature for PE/COFF -+ */ -+ .globl ImageBase -+ImageBase: -+ .ascii "MZ" -+ .skip 58 // 'MZ' + pad + offset == 64 -+ .long pe_header - ImageBase // Offset to the PE header. -+ .long 0x0eba1f0e /* terrifying code */ -+ .long 0xcd09b400 /* terrifying code */ -+ .long 0x4c01b821 /* terrifying code */ -+ .short 0x21cd /* terrfiying code */ -+ .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ -+ .skip 9 -+pe_header: -+ .ascii "PE" -+ .short 0 -+coff_header: -+ .short 0x014c // i386 -+ .short 1 // nr_sections -+ .long 0 // TimeDateStamp -+ .long 0 // PointerToSymbolTable -+ .long 0 // NumberOfSymbols -+ .short section_table - optional_header // SizeOfOptionalHeader -+ .short 0x306 // Characteristics. -+ // IMAGE_FILE_DEBUG_STRIPPED | -+ // IMAGE_FILE_EXECUTABLE_IMAGE | -+ // IMAGE_FILE_LINE_NUMS_STRIPPED -+ // | IMAGE_FILE_32BIT_MACHINE -+optional_header: -+ .short 0x10b // PE32+ format -+ .byte 0x02 // MajorLinkerVersion -+ .byte 0x18 // MinorLinkerVersion -+ .long _edata - _start // SizeOfCode -+ .long 0 // SizeOfInitializedData -+ .long 0 // SizeOfUninitializedData -+ .long _start - ImageBase // AddressOfEntryPoint -+ .long _start - ImageBase // BaseOfCode -+ .long 0 // BaseOfData -+ -+extra_header_fields: -+ .long 0 // ImageBase -+ .long 0x20 // SectionAlignment -+ .long 0x8 // FileAlignment -+ .short 0 // MajorOperatingSystemVersion -+ .short 0 // MinorOperatingSystemVersion -+ .short 0 // MajorImageVersion -+ .short 0 // MinorImageVersion -+ .short 0 // MajorSubsystemVersion -+ .short 0 // MinorSubsystemVersion -+ .long 0 // Win32VersionValue -+ -+ .long _edata - ImageBase // SizeOfImage -+ -+ // Everything before the kernel image is considered part of the header -+ .long _start - ImageBase // SizeOfHeaders -+ .long 0 // CheckSum -+ .short EFI_SUBSYSTEM // Subsystem -+ .short 0 // DllCharacteristics -+ .long 0 // SizeOfStackReserve -+ .long 0 // SizeOfStackCommit -+ .long 0 // SizeOfHeapReserve -+ .long 0 // SizeOfHeapCommit -+ .long 0 // LoaderFlags -+ .long 0x10 // NumberOfRvaAndSizes -+ -+ .quad 0 // ExportTable -+ .quad 0 // ImportTable -+ .quad 0 // ResourceTable -+ .quad 0 // ExceptionTable -+ .quad 0 // CertificationTable -+ .quad 0 // BaseRelocationTable -+ .quad 0 // DebugTable -+ .quad 0 // ArchTable -+ .quad 0 // GlobalPointerTable -+ .quad 0 // .tls -+ .quad 0 // LoadConfigTable -+ .quad 0 // BoundImportsTable -+ .quad 0 // ImportAddressTable -+ .quad 0 // DelayLoadImportTable -+ .quad 0 // ClrRuntimeHeader (.cor) -+ .quad 0 // Reserved -+ -+ // Section table -+section_table: -+ .ascii ".text" -+ .byte 0 -+ .byte 0 -+ .byte 0 // end of 0 padding of section name -+ -+ .long _edata - _start // VirtualSize -+ .long _start - ImageBase // VirtualAddress -+ .long _edata - _start // SizeOfRawData -+ .long _start - ImageBase // PointerToRawData -+ .long 0 // PointerToRelocations (0 for executables) -+ .long 0 // PointerToLineNumbers (0 for executables) -+ .short 0 // NumberOfRelocations (0 for executables) -+ .short 0 // NumberOfLineNumbers (0 for executables) -+ .long 0x60500020 // Characteristics (section flags) -+ -+ /* -+ * The EFI application loader requires a relocation section -+ * because EFI applications must be relocatable. This is a -+ * dummy section as far as we are concerned. -+ */ -+ .ascii ".reloc" -+ .byte 0 -+ .byte 0 // end of 0 padding of section name -+ -+ .long 0 // VirtualSize -+ .long 0 // VirtualAddress -+ .long 0 // SizeOfRawData -+ .long 0 // PointerToRawData -+ .long 0 // PointerToRelocations -+ .long 0 // PointerToLineNumbers -+ .short 0 // NumberOfRelocations -+ .short 0 // NumberOfLineNumbers -+ .long 0x42100040 // Characteristics (section flags) -+ -+ /* most if not all ia32 binaries binutils makes seem to have .text -+ * starting at 0x400; no reason to assume that's a bad idea. */ -+ .align 1024 -+ -+_start: -+ pushl %ebp -+ movl %esp,%ebp -+ -+ pushl 12(%ebp) # copy "image" argument -+ pushl 8(%ebp) # copy "systab" argument -+ -+ call 0f -+0: popl %eax -+ movl %eax,%ebx -+ -+ addl $ImageBase-0b,%eax # %eax = ldbase -+ addl $_DYNAMIC-0b,%ebx # %ebx = _DYNAMIC -+ -+ pushl %ebx # pass _DYNAMIC as second argument -+ pushl %eax # pass ldbase as first argument -+ call _relocate -+ popl %ebx -+ popl %ebx -+ testl %eax,%eax -+ jne .exit -+ -+ call efi_main # call app with "image" and "systab" argument -+ -+.exit: -+ leave -+ ret -diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds -index 12d4085..b649e15 100644 ---- a/elf_ia32_efi.lds -+++ b/elf_ia32_efi.lds -@@ -3,61 +3,56 @@ OUTPUT_ARCH(i386) - ENTRY(_start) - SECTIONS - { -- . = 0; -- ImageBase = .; -- .hash : { *(.hash) } /* this MUST come first! */ -- . = ALIGN(4096); -- .text : -- { -- *(.text) -- *(.text.*) -- *(.gnu.linkonce.t.*) -- } -- .reloc : -- { -- *(.reloc) -+ .text 0x0 : { -+ *(.text.head) -+ *(.text) -+ *(.text.*) -+ *(.gnu.linkonce.t.*) -+ *(.srodata) -+ *(.rodata*) -+ . = ALIGN(16); -+ _etext = .; - } -- . = ALIGN(4096); -+ .dynamic : { *(.dynamic) } - .data : - { -- *(.rodata*) -- *(.data) -- *(.data1) -- *(.data.*) -- *(.sdata) -- *(.got.plt) -- *(.got) -- /* the EFI loader doesn't seem to like a .bss section, so we stick -- it all into .data: */ -- *(.sbss) -- *(.scommon) -- *(.dynbss) -- *(.bss) -- *(COMMON) -+ *(.sdata) -+ *(.data) -+ *(.data1) -+ *(.data.*) -+ *(.got.plt) -+ *(.got) -+ -+ /* the EFI loader doesn't seem to like a .bss section, so we stick -+ * it all into .data: */ -+ . = ALIGN(16); -+ _bss = .; -+ *(.sbss) -+ *(.scommon) -+ *(.dynbss) -+ *(.bss) -+ *(COMMON) -+ . = ALIGN(16); -+ _bss_end = .; - } - . = ALIGN(4096); - .vendor_cert : - { -- *(.vendor_cert) -+ *(.vendor_cert) - } -+ - . = ALIGN(4096); -- .dynamic : { *(.dynamic) } -- . = ALIGN(4096); -- .rel : -- { -- *(.rel.data) -- *(.rel.data.*) -- *(.rel.got) -- *(.rel.stab) -- *(.data.rel.ro.local) -- *(.data.rel.local) -- *(.data.rel.ro) -- *(.data.rel*) -- } -+ .rel.dyn : { *(.rel.dyn) } -+ .rel.plt : { *(.rel.plt) } -+ .rel.got : { *(.rel.got) } -+ .rel.data : { *(.rel.data) *(.rel.data*) } -+ _edata = .; -+ _data_size = . - _etext; -+ - . = ALIGN(4096); -- .dynsym : { *(.dynsym) } -+ .dynsym : { *(.dynsym) } - . = ALIGN(4096); -- .dynstr : { *(.dynstr) } -+ .dynstr : { *(.dynstr) } - . = ALIGN(4096); - /DISCARD/ : - { --- -1.9.3 - diff --git a/SOURCES/0062-Make-list_keys-index-variables-all-be-signed.patch b/SOURCES/0062-Make-list_keys-index-variables-all-be-signed.patch deleted file mode 100644 index c93d5be..0000000 --- a/SOURCES/0062-Make-list_keys-index-variables-all-be-signed.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 9db91ca0e1f7ac94871f34f654b41cbb7f9e2da1 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Sun, 21 Sep 2014 13:19:30 -0400 -Subject: [PATCH 62/74] Make list_keys() index variables all be signed. - -We build with -Werror=signed-compare in fedora/rhel rpms, and this -showed up. - -Signed-off-by: Peter Jones ---- - MokManager.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 50cb9d7..ecbcdd3 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -436,11 +436,11 @@ static void show_mok_info (void *Mok, UINTN MokSize) - - static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) - { -- UINT32 MokNum = 0; -+ INTN MokNum = 0; - MokListNode *keys = NULL; - INTN key_num = 0; - CHAR16 **menu_strings; -- unsigned int i; -+ int i; - - if (KeyListSize < (sizeof(EFI_SIGNATURE_LIST) + - sizeof(EFI_SIGNATURE_DATA))) { --- -1.9.3 - diff --git a/SOURCES/0063-Revert-header-changes.patch b/SOURCES/0063-Revert-header-changes.patch deleted file mode 100644 index 3a70cf7..0000000 --- a/SOURCES/0063-Revert-header-changes.patch +++ /dev/null @@ -1,702 +0,0 @@ -From c6281c6a195edee611858a8d802ff5f3dee34aa5 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 30 Sep 2014 22:47:39 -0400 -Subject: [PATCH 63/74] Revert header changes - -Revert "Do the same for ia32..." -and "Generate a sane PE header on shim, fallback, and MokManager." -This reverts commit 6744a7ef8eca44948565c3d1244ec931ed3f6fee. -and commit 0e7ba5947eb38b79de2051ecf3b95055e620475c. - -These are premature and I can do this without such drastic measures. - -Signed-off-by: Peter Jones ---- - Makefile | 42 +++---------- - crt0-efi-ia32.S | 180 ----------------------------------------------------- - crt0-efi-x86_64.S | 177 ---------------------------------------------------- - elf_ia32_efi.lds | 83 ++++++++++++------------ - elf_x86_64_efi.lds | 85 +++++++++++++------------ - 5 files changed, 97 insertions(+), 470 deletions(-) - delete mode 100644 crt0-efi-ia32.S - delete mode 100644 crt0-efi-x86_64.S - -diff --git a/Makefile b/Makefile -index a52984f..5bc513c 100644 ---- a/Makefile -+++ b/Makefile -@@ -6,25 +6,16 @@ ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) - - SUBDIRS = Cryptlib lib - -+LIB_PATH = /usr/lib64 -+ - EFI_INCLUDE := /usr/include/efi - EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude --ifeq ($(ARCH),ia32) --LIB_PATH := /usr/lib --EFI_PATH := /usr/lib/gnuefi --endif --LIB_PATH ?= /usr/lib64 --EFI_PATH ?= /usr/lib64/gnuefi -+EFI_PATH := /usr/lib64/gnuefi - - LIB_GCC = $(shell $(CC) -print-libgcc-file-name) - EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) - --ifeq ($(ARCH),x86_64) --EFI_CRT_OBJS := crt0-efi-$(ARCH).o --else ifeq ($(ARCH),ia32) --EFI_CRT_OBJS := crt0-efi-$(ARCH).o --else --EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o --endif -+EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o - EFI_LDS = elf_$(ARCH)_efi.lds - - DEFAULT_LOADER := \\\\grub.efi -@@ -61,11 +52,11 @@ ifneq ($(origin VENDOR_DBX_FILE), undefined) - CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" - endif - --LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL -+LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) - - VERSION = 0.7 - --TARGET += shim.efi MokManager.efi.signed fallback.efi.signed -+TARGET = shim.efi MokManager.efi.signed fallback.efi.signed - OBJS = shim.o netboot.o cert.o replacements.o version.o - KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer - SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h -@@ -103,17 +94,17 @@ shim.o: $(SOURCES) shim_cert.h - cert.o : cert.S - $(CC) $(CFLAGS) -c -o $@ $< - --shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) -+shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a - $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) - - fallback.o: $(FALLBACK_SRCS) - --fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) -+fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a - $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) - - MokManager.o: $(MOK_SOURCES) - --MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) -+MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a - $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a - - Cryptlib/libcryptlib.a: -@@ -137,23 +128,8 @@ SUBSYSTEM := 0xa - LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) - endif - --ifeq ($(ARCH),x86_64) --FORMAT := -O binary --SUBSYSTEM := 0xa --LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) --endif -- --ifeq ($(ARCH),ia32) --FORMAT := -O binary --SUBSYSTEM := 0xa --LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) --endif -- - FORMAT ?= --target efi-app-$(ARCH) - --crt0-efi-$(ARCH).o : crt0-efi-$(ARCH).S -- $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $< -- - %.efi: %.so - $(OBJCOPY) -j .text -j .sdata -j .data \ - -j .dynamic -j .dynsym -j .rel* \ -diff --git a/crt0-efi-ia32.S b/crt0-efi-ia32.S -deleted file mode 100644 -index 70b5b44..0000000 ---- a/crt0-efi-ia32.S -+++ /dev/null -@@ -1,180 +0,0 @@ --/* crt0-efi-x86_64.S - x86_64 EFI startup code. -- * -- * Copyright 2014 Red Hat, Inc. -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * -- * Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -- * -- * Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the -- * distribution. -- * -- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -- * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, -- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -- * OF THE POSSIBILITY OF SUCH DAMAGE. -- */ -- .section .text.head -- -- /* -- * Magic "MZ" signature for PE/COFF -- */ -- .globl ImageBase --ImageBase: -- .ascii "MZ" -- .skip 58 // 'MZ' + pad + offset == 64 -- .long pe_header - ImageBase // Offset to the PE header. -- .long 0x0eba1f0e /* terrifying code */ -- .long 0xcd09b400 /* terrifying code */ -- .long 0x4c01b821 /* terrifying code */ -- .short 0x21cd /* terrfiying code */ -- .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ -- .skip 9 --pe_header: -- .ascii "PE" -- .short 0 --coff_header: -- .short 0x014c // i386 -- .short 1 // nr_sections -- .long 0 // TimeDateStamp -- .long 0 // PointerToSymbolTable -- .long 0 // NumberOfSymbols -- .short section_table - optional_header // SizeOfOptionalHeader -- .short 0x306 // Characteristics. -- // IMAGE_FILE_DEBUG_STRIPPED | -- // IMAGE_FILE_EXECUTABLE_IMAGE | -- // IMAGE_FILE_LINE_NUMS_STRIPPED -- // | IMAGE_FILE_32BIT_MACHINE --optional_header: -- .short 0x10b // PE32+ format -- .byte 0x02 // MajorLinkerVersion -- .byte 0x18 // MinorLinkerVersion -- .long _edata - _start // SizeOfCode -- .long 0 // SizeOfInitializedData -- .long 0 // SizeOfUninitializedData -- .long _start - ImageBase // AddressOfEntryPoint -- .long _start - ImageBase // BaseOfCode -- .long 0 // BaseOfData -- --extra_header_fields: -- .long 0 // ImageBase -- .long 0x20 // SectionAlignment -- .long 0x8 // FileAlignment -- .short 0 // MajorOperatingSystemVersion -- .short 0 // MinorOperatingSystemVersion -- .short 0 // MajorImageVersion -- .short 0 // MinorImageVersion -- .short 0 // MajorSubsystemVersion -- .short 0 // MinorSubsystemVersion -- .long 0 // Win32VersionValue -- -- .long _edata - ImageBase // SizeOfImage -- -- // Everything before the kernel image is considered part of the header -- .long _start - ImageBase // SizeOfHeaders -- .long 0 // CheckSum -- .short EFI_SUBSYSTEM // Subsystem -- .short 0 // DllCharacteristics -- .long 0 // SizeOfStackReserve -- .long 0 // SizeOfStackCommit -- .long 0 // SizeOfHeapReserve -- .long 0 // SizeOfHeapCommit -- .long 0 // LoaderFlags -- .long 0x10 // NumberOfRvaAndSizes -- -- .quad 0 // ExportTable -- .quad 0 // ImportTable -- .quad 0 // ResourceTable -- .quad 0 // ExceptionTable -- .quad 0 // CertificationTable -- .quad 0 // BaseRelocationTable -- .quad 0 // DebugTable -- .quad 0 // ArchTable -- .quad 0 // GlobalPointerTable -- .quad 0 // .tls -- .quad 0 // LoadConfigTable -- .quad 0 // BoundImportsTable -- .quad 0 // ImportAddressTable -- .quad 0 // DelayLoadImportTable -- .quad 0 // ClrRuntimeHeader (.cor) -- .quad 0 // Reserved -- -- // Section table --section_table: -- .ascii ".text" -- .byte 0 -- .byte 0 -- .byte 0 // end of 0 padding of section name -- -- .long _edata - _start // VirtualSize -- .long _start - ImageBase // VirtualAddress -- .long _edata - _start // SizeOfRawData -- .long _start - ImageBase // PointerToRawData -- .long 0 // PointerToRelocations (0 for executables) -- .long 0 // PointerToLineNumbers (0 for executables) -- .short 0 // NumberOfRelocations (0 for executables) -- .short 0 // NumberOfLineNumbers (0 for executables) -- .long 0x60500020 // Characteristics (section flags) -- -- /* -- * The EFI application loader requires a relocation section -- * because EFI applications must be relocatable. This is a -- * dummy section as far as we are concerned. -- */ -- .ascii ".reloc" -- .byte 0 -- .byte 0 // end of 0 padding of section name -- -- .long 0 // VirtualSize -- .long 0 // VirtualAddress -- .long 0 // SizeOfRawData -- .long 0 // PointerToRawData -- .long 0 // PointerToRelocations -- .long 0 // PointerToLineNumbers -- .short 0 // NumberOfRelocations -- .short 0 // NumberOfLineNumbers -- .long 0x42100040 // Characteristics (section flags) -- -- /* most if not all ia32 binaries binutils makes seem to have .text -- * starting at 0x400; no reason to assume that's a bad idea. */ -- .align 1024 -- --_start: -- pushl %ebp -- movl %esp,%ebp -- -- pushl 12(%ebp) # copy "image" argument -- pushl 8(%ebp) # copy "systab" argument -- -- call 0f --0: popl %eax -- movl %eax,%ebx -- -- addl $ImageBase-0b,%eax # %eax = ldbase -- addl $_DYNAMIC-0b,%ebx # %ebx = _DYNAMIC -- -- pushl %ebx # pass _DYNAMIC as second argument -- pushl %eax # pass ldbase as first argument -- call _relocate -- popl %ebx -- popl %ebx -- testl %eax,%eax -- jne .exit -- -- call efi_main # call app with "image" and "systab" argument -- --.exit: -- leave -- ret -diff --git a/crt0-efi-x86_64.S b/crt0-efi-x86_64.S -deleted file mode 100644 -index f334a63..0000000 ---- a/crt0-efi-x86_64.S -+++ /dev/null -@@ -1,177 +0,0 @@ --/* crt0-efi-x86_64.S - x86_64 EFI startup code. -- * -- * Copyright 2014 Red Hat, Inc. -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * -- * Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -- * -- * Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the -- * distribution. -- * -- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -- * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, -- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -- * OF THE POSSIBILITY OF SUCH DAMAGE. -- */ -- .section .text.head -- -- /* -- * Magic "MZ" signature for PE/COFF -- */ -- .globl ImageBase --ImageBase: -- .ascii "MZ" -- .skip 58 // 'MZ' + pad + offset == 64 -- .long pe_header - ImageBase // Offset to the PE header. -- .long 0x0eba1f0e /* terrifying code */ -- .long 0xcd09b400 /* terrifying code */ -- .long 0x4c01b821 /* terrifying code */ -- .short 0x21cd /* terrfiying code */ -- .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ -- .skip 9 --pe_header: -- .ascii "PE" -- .short 0 --coff_header: -- .short 0x8664 // x86_64 -- .short 1 // nr_sections -- .long 0 // TimeDateStamp -- .long 0 // PointerToSymbolTable -- .long 0 // NumberOfSymbols -- .short section_table - optional_header // SizeOfOptionalHeader -- .short 0x206 // Characteristics. -- // IMAGE_FILE_DEBUG_STRIPPED | -- // IMAGE_FILE_EXECUTABLE_IMAGE | -- // IMAGE_FILE_LINE_NUMS_STRIPPED --optional_header: -- .short 0x20b // PE32+ format -- .byte 0x02 // MajorLinkerVersion -- .byte 0x18 // MinorLinkerVersion -- .long _edata - _start // SizeOfCode -- .long 0 // SizeOfInitializedData -- .long 0 // SizeOfUninitializedData -- .long _start - ImageBase // AddressOfEntryPoint -- .long _start - ImageBase // BaseOfCode -- --extra_header_fields: -- .quad 0 // ImageBase -- .long 0x20 // SectionAlignment -- .long 0x8 // FileAlignment -- .short 0 // MajorOperatingSystemVersion -- .short 0 // MinorOperatingSystemVersion -- .short 0 // MajorImageVersion -- .short 0 // MinorImageVersion -- .short 0 // MajorSubsystemVersion -- .short 0 // MinorSubsystemVersion -- .long 0 // Win32VersionValue -- -- .long _edata - ImageBase // SizeOfImage -- -- // Everything before the kernel image is considered part of the header -- .long _start - ImageBase // SizeOfHeaders -- .long 0 // CheckSum -- .short EFI_SUBSYSTEM // Subsystem -- .short 0 // DllCharacteristics -- .quad 0 // SizeOfStackReserve -- .quad 0 // SizeOfStackCommit -- .quad 0 // SizeOfHeapReserve -- .quad 0 // SizeOfHeapCommit -- .long 0 // LoaderFlags -- .long 0x10 // NumberOfRvaAndSizes -- -- .quad 0 // ExportTable -- .quad 0 // ImportTable -- .quad 0 // ResourceTable -- .quad 0 // ExceptionTable -- .quad 0 // CertificationTable -- .quad 0 // BaseRelocationTable -- .quad 0 // DebugTable -- .quad 0 // ArchTable -- .quad 0 // GlobalPointerTable -- .quad 0 // .tls -- .quad 0 // LoadConfigTable -- .quad 0 // BoundImportsTable -- .quad 0 // ImportAddressTable -- .quad 0 // DelayLoadImportTable -- .quad 0 // ClrRuntimeHeader (.cor) -- .quad 0 // Reserved -- -- // Section table --section_table: -- .ascii ".text" -- .byte 0 -- .byte 0 -- .byte 0 // end of 0 padding of section name -- -- .long _edata - _start // VirtualSize -- .long _start - ImageBase // VirtualAddress -- .long _edata - _start // SizeOfRawData -- .long _start - ImageBase // PointerToRawData -- .long 0 // PointerToRelocations (0 for executables) -- .long 0 // PointerToLineNumbers (0 for executables) -- .short 0 // NumberOfRelocations (0 for executables) -- .short 0 // NumberOfLineNumbers (0 for executables) -- .long 0x60500020 // Characteristics (section flags) -- -- /* -- * The EFI application loader requires a relocation section -- * because EFI applications must be relocatable. This is a -- * dummy section as far as we are concerned. -- */ -- .ascii ".reloc" -- .byte 0 -- .byte 0 // end of 0 padding of section name -- -- .long 0 // VirtualSize -- .long 0 // VirtualAddress -- .long 0 // SizeOfRawData -- .long 0 // PointerToRawData -- .long 0 // PointerToRelocations -- .long 0 // PointerToLineNumbers -- .short 0 // NumberOfRelocations -- .short 0 // NumberOfLineNumbers -- .long 0x42100040 // Characteristics (section flags) -- -- /* x86-64 needs this padding here; without it, some machines simply -- * refuse to admit this is an EFI binary. I'm not really sure why; -- * reading the spec, it's unclear, but you'd expect it would need to -- * be aligned to (1 << FileAlignment), which would mean not having -- * the spacing. -- */ -- .quad 0 --_start: -- subq $8, %rsp -- pushq %rcx -- pushq %rdx -- --0: -- lea ImageBase(%rip), %rdi -- lea _DYNAMIC(%rip), %rsi -- -- popq %rcx -- popq %rdx -- pushq %rcx -- pushq %rdx -- call _relocate -- -- popq %rdi -- popq %rsi -- -- call efi_main -- addq $8, %rsp -- --.exit: -- ret -diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds -index b649e15..12d4085 100644 ---- a/elf_ia32_efi.lds -+++ b/elf_ia32_efi.lds -@@ -3,56 +3,61 @@ OUTPUT_ARCH(i386) - ENTRY(_start) - SECTIONS - { -- .text 0x0 : { -- *(.text.head) -- *(.text) -- *(.text.*) -- *(.gnu.linkonce.t.*) -- *(.srodata) -- *(.rodata*) -- . = ALIGN(16); -- _etext = .; -+ . = 0; -+ ImageBase = .; -+ .hash : { *(.hash) } /* this MUST come first! */ -+ . = ALIGN(4096); -+ .text : -+ { -+ *(.text) -+ *(.text.*) -+ *(.gnu.linkonce.t.*) -+ } -+ .reloc : -+ { -+ *(.reloc) - } -- .dynamic : { *(.dynamic) } -+ . = ALIGN(4096); - .data : - { -- *(.sdata) -- *(.data) -- *(.data1) -- *(.data.*) -- *(.got.plt) -- *(.got) -- -- /* the EFI loader doesn't seem to like a .bss section, so we stick -- * it all into .data: */ -- . = ALIGN(16); -- _bss = .; -- *(.sbss) -- *(.scommon) -- *(.dynbss) -- *(.bss) -- *(COMMON) -- . = ALIGN(16); -- _bss_end = .; -+ *(.rodata*) -+ *(.data) -+ *(.data1) -+ *(.data.*) -+ *(.sdata) -+ *(.got.plt) -+ *(.got) -+ /* the EFI loader doesn't seem to like a .bss section, so we stick -+ it all into .data: */ -+ *(.sbss) -+ *(.scommon) -+ *(.dynbss) -+ *(.bss) -+ *(COMMON) - } - . = ALIGN(4096); - .vendor_cert : - { -- *(.vendor_cert) -+ *(.vendor_cert) - } -- - . = ALIGN(4096); -- .rel.dyn : { *(.rel.dyn) } -- .rel.plt : { *(.rel.plt) } -- .rel.got : { *(.rel.got) } -- .rel.data : { *(.rel.data) *(.rel.data*) } -- _edata = .; -- _data_size = . - _etext; -- -+ .dynamic : { *(.dynamic) } -+ . = ALIGN(4096); -+ .rel : -+ { -+ *(.rel.data) -+ *(.rel.data.*) -+ *(.rel.got) -+ *(.rel.stab) -+ *(.data.rel.ro.local) -+ *(.data.rel.local) -+ *(.data.rel.ro) -+ *(.data.rel*) -+ } - . = ALIGN(4096); -- .dynsym : { *(.dynsym) } -+ .dynsym : { *(.dynsym) } - . = ALIGN(4096); -- .dynstr : { *(.dynstr) } -+ .dynstr : { *(.dynstr) } - . = ALIGN(4096); - /DISCARD/ : - { -diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds -index 091187b..f981102 100644 ---- a/elf_x86_64_efi.lds -+++ b/elf_x86_64_efi.lds -@@ -4,60 +4,63 @@ OUTPUT_ARCH(i386:x86-64) - ENTRY(_start) - SECTIONS - { -- .text 0x0 : { -- *(.text.head) -- *(.text) -- *(.text.*) -- *(.gnu.linkonce.t.*) -- *(.srodata) -- *(.rodata*) -- . = ALIGN(16); -- _etext = .; -+ . = 0; -+ ImageBase = .; -+ .hash : { *(.hash) } /* this MUST come first! */ -+ . = ALIGN(4096); -+ .eh_frame : -+ { -+ *(.eh_frame) -+ } -+ . = ALIGN(4096); -+ .text : -+ { -+ *(.text) -+ } -+ . = ALIGN(4096); -+ .reloc : -+ { -+ *(.reloc) - } -- .dynamic : { *(.dynamic) } -+ . = ALIGN(4096); - .data : - { -- *(.sdata) -- *(.data) -- *(.data1) -- *(.data.*) -- *(.got.plt) -- *(.got) -- -- /* the EFI loader doesn't seem to like a .bss section, so we stick -- * it all into .data: */ -- . = ALIGN(16); -- _bss = .; -- *(.sbss) -- *(.scommon) -- *(.dynbss) -- *(.bss) -- *(COMMON) -- . = ALIGN(16); -- _bss_end = .; -+ *(.rodata*) -+ *(.got.plt) -+ *(.got) -+ *(.data*) -+ *(.sdata) -+ /* the EFI loader doesn't seem to like a .bss section, so we stick -+ it all into .data: */ -+ *(.sbss) -+ *(.scommon) -+ *(.dynbss) -+ *(.bss) -+ *(COMMON) -+ *(.rel.local) - } - . = ALIGN(4096); - .vendor_cert : - { -- *(.vendor_cert) -+ *(.vendor_cert) - } -- - . = ALIGN(4096); -- .rela.dyn : { *(.rela.dyn) } -- .rela.plt : { *(.rela.plt) } -- .rela.got : { *(.rela.got) } -- .rela.data : { *(.rela.data) *(.rela.data*) } -- _edata = .; -- _data_size = . - _etext; -- -+ .dynamic : { *(.dynamic) } -+ . = ALIGN(4096); -+ .rela : -+ { -+ *(.rela.data*) -+ *(.rela.got) -+ *(.rela.stab) -+ } - . = ALIGN(4096); -- .dynsym : { *(.dynsym) } -+ .dynsym : { *(.dynsym) } - . = ALIGN(4096); -- .dynstr : { *(.dynstr) } -+ .dynstr : { *(.dynstr) } - . = ALIGN(4096); -- /DISCARD/ : -+ .ignored.reloc : - { -- *(.rel.reloc) -+ *(.rela.reloc) - *(.eh_frame) - *(.note.GNU-stack) - } --- -1.9.3 - diff --git a/SOURCES/0064-Actually-find-the-relocations-correctly-and-process-.patch b/SOURCES/0064-Actually-find-the-relocations-correctly-and-process-.patch deleted file mode 100644 index f9e8c05..0000000 --- a/SOURCES/0064-Actually-find-the-relocations-correctly-and-process-.patch +++ /dev/null @@ -1,200 +0,0 @@ -From a846aedd0e9dfe26ca6afaf6a1db8a54c20363c1 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 30 Sep 2014 18:52:59 -0400 -Subject: [PATCH 64/74] Actually find the relocations correctly and process - them that way. - -Find the relocations based on the *file* address in the old binary, -because it's only the same as the virtual address some of the time. - -Also perform some extra validation before processing it, and don't bail -out in /error/ if both ReloceBase and RelocEnd are null - that condition -is fine. - -Signed-off-by: Peter Jones ---- - shim.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------- - 1 file changed, 77 insertions(+), 13 deletions(-) - -diff --git a/shim.c b/shim.c -index 7cd4182..4baf8b1 100644 ---- a/shim.c -+++ b/shim.c -@@ -222,6 +222,7 @@ image_is_loadable(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr) - * Perform the actual relocation - */ - static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, -+ EFI_IMAGE_SECTION_HEADER *Section, - void *orig, void *data) - { - EFI_IMAGE_BASE_RELOCATION *RelocBase, *RelocBaseEnd; -@@ -233,14 +234,46 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - UINT64 *Fixup64; - int size = context->ImageSize; - void *ImageEnd = (char *)orig + size; -+ int n = 0; - - if (image_is_64_bit(context->PEHdr)) - context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)(unsigned long)data; - else - context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)(unsigned long)data; - -- RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress); -- RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); -+ /* Alright, so here's how this works: -+ * -+ * context->RelocDir gives us two things: -+ * - the VA the table of base relocation blocks are (maybe) to be -+ * mapped at (RelocDir->VirtualAddress) -+ * - the virtual size (RelocDir->Size) -+ * -+ * The .reloc section (Section here) gives us some other things: -+ * - the name! kind of. (Section->Name) -+ * - the virtual size (Section->VirtualSize), which should be the same -+ * as RelocDir->Size -+ * - the virtual address (Section->VirtualAddress) -+ * - the file section size (Section->SizeOfRawData), which is -+ * a multiple of OptHdr->FileAlignment. Only useful for image -+ * validation, not really useful for iteration bounds. -+ * - the file address (Section->PointerToRawData) -+ * - a bunch of stuff we don't use that's 0 in our binaries usually -+ * - Flags (Section->Characteristics) -+ * -+ * and then the thing that's actually at the file address is an array -+ * of EFI_IMAGE_BASE_RELOCATION structs with some values packed behind -+ * them. The SizeOfBlock field of this structure includes the -+ * structure itself, and adding it to that structure's address will -+ * yield the next entry in the array. -+ */ -+ RelocBase = ImageAddress(orig, size, Section->PointerToRawData); -+ /* RelocBaseEnd here is the address of the first entry /past/ the -+ * table. */ -+ RelocBaseEnd = ImageAddress(orig, size, Section->PointerToRawData + -+ Section->Misc.VirtualSize); -+ -+ if (!RelocBase && !RelocBaseEnd) -+ return EFI_SUCCESS; - - if (!RelocBase || !RelocBaseEnd) { - perror(L"Reloc table overflows binary\n"); -@@ -256,19 +289,19 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION)); - - if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) { -- perror(L"Reloc block size %d is invalid\n", RelocBase->SizeOfBlock); -+ perror(L"Reloc %d block size %d is invalid\n", n, RelocBase->SizeOfBlock); - return EFI_UNSUPPORTED; - } - - RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock); - if ((void *)RelocEnd < orig || (void *)RelocEnd > ImageEnd) { -- perror(L"Reloc entry overflows binary\n"); -+ perror(L"Reloc %d entry overflows binary\n", n); - return EFI_UNSUPPORTED; - } - - FixupBase = ImageAddress(data, size, RelocBase->VirtualAddress); - if (!FixupBase) { -- perror(L"Invalid fixupbase\n"); -+ perror(L"Reloc %d Invalid fixupbase\n", n); - return EFI_UNSUPPORTED; - } - -@@ -317,12 +350,13 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - break; - - default: -- perror(L"Unknown relocation\n"); -+ perror(L"Reloc %d Unknown relocation\n", n); - return EFI_UNSUPPORTED; - } - Reloc += 1; - } - RelocBase = (EFI_IMAGE_BASE_RELOCATION *) RelocEnd; -+ n++; - } - - return EFI_SUCCESS; -@@ -1102,15 +1136,21 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - - CopyMem(buffer, data, context.SizeOfHeaders); - -+ char *RelocBase, *RelocBaseEnd; -+ RelocBase = ImageAddress(buffer, datasize, -+ context.RelocDir->VirtualAddress); -+ /* RelocBaseEnd here is the address of the last byte of the table */ -+ RelocBaseEnd = ImageAddress(buffer, datasize, -+ context.RelocDir->VirtualAddress + -+ context.RelocDir->Size - 1); -+ -+ EFI_IMAGE_SECTION_HEADER *RelocSection = NULL; -+ - /* - * Copy the executable's sections to their desired offsets - */ - Section = context.FirstSection; - for (i = 0; i < context.NumberOfSections; i++, Section++) { -- if (Section->Characteristics & 0x02000000) -- /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */ -- continue; -- - size = Section->Misc.VirtualSize; - - if (size > Section->SizeOfRawData) -@@ -1118,7 +1158,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - - base = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress); - end = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress + size - 1); -- - if (!base || !end) { - perror(L"Invalid section size\n"); - return EFI_UNSUPPORTED; -@@ -1130,6 +1169,30 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - return EFI_UNSUPPORTED; - } - -+ /* We do want to process .reloc, but it's often marked -+ * discardable, so we don't want to memcpy it. */ -+ if (CompareMem(Section->Name, ".reloc\0\0", 8) == 0) { -+ if (RelocSection) { -+ perror(L"Image has multiple relocation sections\n"); -+ return EFI_UNSUPPORTED; -+ } -+ /* If it has nonzero sizes, and our bounds check -+ * made sense, and the VA and size match RelocDir's -+ * versions, then we believe in this section table. */ -+ if (Section->SizeOfRawData && -+ Section->Misc.VirtualSize && -+ base && end && -+ RelocBase == base && -+ RelocBaseEnd == end) { -+ RelocSection = Section; -+ } -+ } -+ -+ if (Section->Characteristics & 0x02000000) { -+ /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */ -+ continue; -+ } -+ - if (Section->SizeOfRawData > 0) - CopyMem(base, data + Section->PointerToRawData, size); - -@@ -1143,11 +1206,12 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - return EFI_UNSUPPORTED; - } - -- if (context.RelocDir->Size) { -+ if (context.RelocDir->Size && RelocSection) { - /* - * Run the relocation fixups - */ -- efi_status = relocate_coff(&context, data, buffer); -+ efi_status = relocate_coff(&context, RelocSection, data, -+ buffer); - - if (efi_status != EFI_SUCCESS) { - perror(L"Relocation failed: %r\n", efi_status); --- -1.9.3 - diff --git a/SOURCES/0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch b/SOURCES/0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch deleted file mode 100644 index 7b48e8f..0000000 --- a/SOURCES/0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch +++ /dev/null @@ -1,90 +0,0 @@ -From f14119502ee3301e1ae80b5ab7fbe1ba46580e23 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 1 Oct 2014 22:47:20 -0400 -Subject: [PATCH 65/74] Don't append an empty cert list to MokListRT if - vendor_cert_size is 0. - -Signed-off-by: Peter Jones ---- - shim.c | 63 ++++++++++++++++++++++++++++++++++----------------------------- - 1 file changed, 34 insertions(+), 29 deletions(-) - -diff --git a/shim.c b/shim.c -index 4baf8b1..a282ee3 100644 ---- a/shim.c -+++ b/shim.c -@@ -1698,37 +1698,42 @@ EFI_STATUS mirror_mok_list() - if (efi_status != EFI_SUCCESS) - DataSize = 0; - -- FullDataSize = DataSize -- + sizeof (*CertList) -- + sizeof (EFI_GUID) -- + vendor_cert_size -- ; -- FullData = AllocatePool(FullDataSize); -- if (!FullData) { -- perror(L"Failed to allocate space for MokListRT\n"); -- return EFI_OUT_OF_RESOURCES; -- } -- p = FullData; -+ if (vendor_cert_size) { -+ FullDataSize = DataSize -+ + sizeof (*CertList) -+ + sizeof (EFI_GUID) -+ + vendor_cert_size -+ ; -+ FullData = AllocatePool(FullDataSize); -+ if (!FullData) { -+ perror(L"Failed to allocate space for MokListRT\n"); -+ return EFI_OUT_OF_RESOURCES; -+ } -+ p = FullData; - -- if (efi_status == EFI_SUCCESS && DataSize > 0) { -- CopyMem(p, Data, DataSize); -- p += DataSize; -+ if (efi_status == EFI_SUCCESS && DataSize > 0) { -+ CopyMem(p, Data, DataSize); -+ p += DataSize; -+ } -+ CertList = (EFI_SIGNATURE_LIST *)p; -+ p += sizeof (*CertList); -+ CertData = (EFI_SIGNATURE_DATA *)p; -+ p += sizeof (EFI_GUID); -+ -+ CertList->SignatureType = EFI_CERT_X509_GUID; -+ CertList->SignatureListSize = vendor_cert_size -+ + sizeof (*CertList) -+ + sizeof (*CertData) -+ -1; -+ CertList->SignatureHeaderSize = 0; -+ CertList->SignatureSize = vendor_cert_size + sizeof (EFI_GUID); -+ -+ CertData->SignatureOwner = SHIM_LOCK_GUID; -+ CopyMem(p, vendor_cert, vendor_cert_size); -+ } else { -+ FullDataSize = DataSize; -+ FullData = Data; - } -- CertList = (EFI_SIGNATURE_LIST *)p; -- p += sizeof (*CertList); -- CertData = (EFI_SIGNATURE_DATA *)p; -- p += sizeof (EFI_GUID); -- -- CertList->SignatureType = EFI_CERT_X509_GUID; -- CertList->SignatureListSize = vendor_cert_size -- + sizeof (*CertList) -- + sizeof (*CertData) -- -1; -- CertList->SignatureHeaderSize = 0; -- CertList->SignatureSize = vendor_cert_size + sizeof (EFI_GUID); -- -- CertData->SignatureOwner = SHIM_LOCK_GUID; -- CopyMem(p, vendor_cert, vendor_cert_size); - - efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokListRT", - &shim_lock_guid, --- -1.9.3 - diff --git a/SOURCES/0066-Fix-some-minor-testplan-errors.patch b/SOURCES/0066-Fix-some-minor-testplan-errors.patch deleted file mode 100644 index f304978..0000000 --- a/SOURCES/0066-Fix-some-minor-testplan-errors.patch +++ /dev/null @@ -1,37 +0,0 @@ -From aa818fe639f103d9c40fcbc8342edd82ff5d49d2 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 1 Oct 2014 23:42:11 -0400 -Subject: [PATCH 66/74] Fix some minor testplan errors. - -Signed-off-by: Peter Jones ---- - testplan.txt | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/testplan.txt b/testplan.txt -index 2fbf238..ab88781 100644 ---- a/testplan.txt -+++ b/testplan.txt -@@ -12,7 +12,7 @@ How to test a new shim build for RHEL/fedora: - -s -c "Red Hat Test Certificate" - 6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi - cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \ -- /boot/efi/EFI/test/test.efi -+ /boot/efi/EFI/test/grubx64.efi - 7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\ . Also - leave an unsigned copy there: - pesign -i /boot/efi/EFI/redhat/grubx64.efi \ -@@ -38,7 +38,9 @@ How to test a new shim build for RHEL/fedora: - 12) put shim.efi there as well - cp /boot/efi/EFI/test/shim.efi /boot/efi/EFI/BOOT/BOOTX64.EFI - 13) enroll the current kernel's certificate with mokutil: -- mokutil --import ~/redhatsecurebootca2.cer -+ # this should be a /different/ cert than the one signing pesign-test-app. -+ # for instance use a RHEL cert for p-t-a and a fedora cert+kernel here. -+ mokutil --import ~/fedora-ca.cer - 14) put machine in setup mode - 15) boot to the UEFI shell - 16) run lockdown.efi from #4: --- -1.9.3 - diff --git a/SOURCES/0067-Don-t-verify-images-with-the-empty-build-key.patch b/SOURCES/0067-Don-t-verify-images-with-the-empty-build-key.patch deleted file mode 100644 index 9ac183b..0000000 --- a/SOURCES/0067-Don-t-verify-images-with-the-empty-build-key.patch +++ /dev/null @@ -1,31 +0,0 @@ -From db43ba5a5fcb88e3b0acac0da5737e499be236a2 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Tue, 30 Sep 2014 16:13:27 +0800 -Subject: [PATCH 67/74] Don't verify images with the empty build key - -We replaced the build key with an empty file while compiling shim -for our distro. Skip the verification with the empty build key -since this makes no sense. - -Signed-off-by: Gary Ching-Pang Lin ---- - shim.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/shim.c b/shim.c -index a282ee3..8076caa 100644 ---- a/shim.c -+++ b/shim.c -@@ -949,7 +949,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize, - /* - * Check against the shim build key - */ -- if (AuthenticodeVerify(cert->CertData, -+ if (sizeof(shim_cert) && -+ AuthenticodeVerify(cert->CertData, - context->SecDir->Size - sizeof(cert->Hdr), - shim_cert, sizeof(shim_cert), sha256hash, - SHA256_DIGEST_SIZE)) { --- -1.9.3 - diff --git a/SOURCES/0068-Cryptlib-remove-the-unused-files.patch b/SOURCES/0068-Cryptlib-remove-the-unused-files.patch deleted file mode 100644 index 6a1eea2..0000000 --- a/SOURCES/0068-Cryptlib-remove-the-unused-files.patch +++ /dev/null @@ -1,1265 +0,0 @@ -From 663a5ca59d8b0037b3d1b445ce93ae3181f03685 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Tue, 30 Sep 2014 15:27:19 +0800 -Subject: [PATCH 68/74] Cryptlib: remove the unused files - -I mistakenly added CryptPkcs7VerifyNull.c which may make Pkcs7Verify -always return FALSE. Besides CryptPkcs7VerifyNull.c, there are some -functions we would never use. This commit removes those files to -avoid any potential trouble. - -Signed-off-by: Gary Ching-Pang Lin ---- - Cryptlib/Makefile | 5 +- - Cryptlib/Pk/CryptDh.c | 328 -------------------------------- - Cryptlib/Pk/CryptDhNull.c | 156 +++++++++++++++ - Cryptlib/Pk/CryptPkcs7Sign.c | 207 -------------------- - Cryptlib/Pk/CryptPkcs7VerifyNull.c | 100 ---------- - Cryptlib/Pk/CryptRsaExt.c | 377 ------------------------------------- - Cryptlib/update.sh | 5 +- - 7 files changed, 158 insertions(+), 1020 deletions(-) - delete mode 100644 Cryptlib/Pk/CryptDh.c - create mode 100644 Cryptlib/Pk/CryptDhNull.c - delete mode 100644 Cryptlib/Pk/CryptPkcs7Sign.c - delete mode 100644 Cryptlib/Pk/CryptPkcs7VerifyNull.c - delete mode 100644 Cryptlib/Pk/CryptRsaExt.c - -diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile -index 73a1e2b..9719a27 100644 ---- a/Cryptlib/Makefile -+++ b/Cryptlib/Makefile -@@ -25,13 +25,10 @@ OBJS = Hash/CryptMd4.o \ - Cipher/CryptArc4.o \ - Rand/CryptRand.o \ - Pk/CryptRsaBasic.o \ -- Pk/CryptRsaExt.o \ - Pk/CryptRsaExtNull.o \ -- Pk/CryptPkcs7Sign.o \ - Pk/CryptPkcs7SignNull.o \ - Pk/CryptPkcs7Verify.o \ -- Pk/CryptPkcs7VerifyNull.o \ -- Pk/CryptDh.o \ -+ Pk/CryptDhNull.o \ - Pk/CryptX509.o \ - Pk/CryptAuthenticode.o \ - Pem/CryptPem.o \ -diff --git a/Cryptlib/Pk/CryptDh.c b/Cryptlib/Pk/CryptDh.c -deleted file mode 100644 -index 942b3d1..0000000 ---- a/Cryptlib/Pk/CryptDh.c -+++ /dev/null -@@ -1,328 +0,0 @@ --/** @file -- Diffie-Hellman Wrapper Implementation over OpenSSL. -- --Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
--This program and the accompanying materials --are licensed and made available under the terms and conditions of the BSD License --which accompanies this distribution. The full text of the license may be found at --http://opensource.org/licenses/bsd-license.php -- --THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, --WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -- --**/ -- --#include "InternalCryptLib.h" --#include -- -- --/** -- Allocates and Initializes one Diffie-Hellman Context for subsequent use. -- -- @return Pointer to the Diffie-Hellman Context that has been initialized. -- If the allocations fails, DhNew() returns NULL. -- --**/ --VOID * --EFIAPI --DhNew ( -- VOID -- ) --{ -- // -- // Allocates & Initializes DH Context by OpenSSL DH_new() -- // -- return (VOID *) DH_new (); --} -- --/** -- Release the specified DH context. -- -- If DhContext is NULL, then return FALSE. -- -- @param[in] DhContext Pointer to the DH context to be released. -- --**/ --VOID --EFIAPI --DhFree ( -- IN VOID *DhContext -- ) --{ -- // -- // Free OpenSSL DH Context -- // -- DH_free ((DH *) DhContext); --} -- --/** -- Generates DH parameter. -- -- Given generator g, and length of prime number p in bits, this function generates p, -- and sets DH context according to value of g and p. -- -- Before this function can be invoked, pseudorandom number generator must be correctly -- initialized by RandomSeed(). -- -- If DhContext is NULL, then return FALSE. -- If Prime is NULL, then return FALSE. -- -- @param[in, out] DhContext Pointer to the DH context. -- @param[in] Generator Value of generator. -- @param[in] PrimeLength Length in bits of prime to be generated. -- @param[out] Prime Pointer to the buffer to receive the generated prime number. -- -- @retval TRUE DH pamameter generation succeeded. -- @retval FALSE Value of Generator is not supported. -- @retval FALSE PRNG fails to generate random prime number with PrimeLength. -- --**/ --BOOLEAN --EFIAPI --DhGenerateParameter ( -- IN OUT VOID *DhContext, -- IN UINTN Generator, -- IN UINTN PrimeLength, -- OUT UINT8 *Prime -- ) --{ -- BOOLEAN RetVal; -- -- // -- // Check input parameters. -- // -- if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) { -- return FALSE; -- } -- -- if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) { -- return FALSE; -- } -- -- RetVal = (BOOLEAN) DH_generate_parameters_ex (DhContext, (UINT32) PrimeLength, (UINT32) Generator, NULL); -- if (!RetVal) { -- return FALSE; -- } -- -- BN_bn2bin (((DH *) DhContext)->p, Prime); -- -- return TRUE; --} -- --/** -- Sets generator and prime parameters for DH. -- -- Given generator g, and prime number p, this function and sets DH -- context accordingly. -- -- If DhContext is NULL, then return FALSE. -- If Prime is NULL, then return FALSE. -- -- @param[in, out] DhContext Pointer to the DH context. -- @param[in] Generator Value of generator. -- @param[in] PrimeLength Length in bits of prime to be generated. -- @param[in] Prime Pointer to the prime number. -- -- @retval TRUE DH pamameter setting succeeded. -- @retval FALSE Value of Generator is not supported. -- @retval FALSE Value of Generator is not suitable for the Prime. -- @retval FALSE Value of Prime is not a prime number. -- @retval FALSE Value of Prime is not a safe prime number. -- --**/ --BOOLEAN --EFIAPI --DhSetParameter ( -- IN OUT VOID *DhContext, -- IN UINTN Generator, -- IN UINTN PrimeLength, -- IN CONST UINT8 *Prime -- ) --{ -- DH *Dh; -- BIGNUM *Bn; -- -- // -- // Check input parameters. -- // -- if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) { -- return FALSE; -- } -- -- if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) { -- return FALSE; -- } -- -- Bn = NULL; -- -- Dh = (DH *) DhContext; -- Dh->g = NULL; -- Dh->p = BN_new (); -- if (Dh->p == NULL) { -- goto Error; -- } -- -- Dh->g = BN_new (); -- if (Dh->g == NULL) { -- goto Error; -- } -- -- Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p); -- if (Bn == NULL) { -- goto Error; -- } -- -- if (BN_set_word (Dh->g, (UINT32) Generator) == 0) { -- goto Error; -- } -- -- return TRUE; -- --Error: -- -- if (Dh->p != NULL) { -- BN_free (Dh->p); -- } -- -- if (Dh->g != NULL) { -- BN_free (Dh->g); -- } -- -- if (Bn != NULL) { -- BN_free (Bn); -- } -- -- return FALSE; --} -- --/** -- Generates DH public key. -- -- This function generates random secret exponent, and computes the public key, which is -- returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly. -- If the PublicKey buffer is too small to hold the public key, FALSE is returned and -- PublicKeySize is set to the required buffer size to obtain the public key. -- -- If DhContext is NULL, then return FALSE. -- If PublicKeySize is NULL, then return FALSE. -- If PublicKeySize is large enough but PublicKey is NULL, then return FALSE. -- -- @param[in, out] DhContext Pointer to the DH context. -- @param[out] PublicKey Pointer to the buffer to receive generated public key. -- @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes. -- On output, the size of data returned in PublicKey buffer in bytes. -- -- @retval TRUE DH public key generation succeeded. -- @retval FALSE DH public key generation failed. -- @retval FALSE PublicKeySize is not large enough. -- --**/ --BOOLEAN --EFIAPI --DhGenerateKey ( -- IN OUT VOID *DhContext, -- OUT UINT8 *PublicKey, -- IN OUT UINTN *PublicKeySize -- ) --{ -- BOOLEAN RetVal; -- DH *Dh; -- INTN Size; -- -- // -- // Check input parameters. -- // -- if (DhContext == NULL || PublicKeySize == NULL) { -- return FALSE; -- } -- -- if (PublicKey == NULL && *PublicKeySize != 0) { -- return FALSE; -- } -- -- Dh = (DH *) DhContext; -- -- RetVal = (BOOLEAN) DH_generate_key (DhContext); -- if (RetVal) { -- Size = BN_num_bytes (Dh->pub_key); -- if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) { -- *PublicKeySize = Size; -- return FALSE; -- } -- -- BN_bn2bin (Dh->pub_key, PublicKey); -- *PublicKeySize = Size; -- } -- -- return RetVal; --} -- --/** -- Computes exchanged common key. -- -- Given peer's public key, this function computes the exchanged common key, based on its own -- context including value of prime modulus and random secret exponent. -- -- If DhContext is NULL, then return FALSE. -- If PeerPublicKey is NULL, then return FALSE. -- If KeySize is NULL, then return FALSE. -- If Key is NULL, then return FALSE. -- If KeySize is not large enough, then return FALSE. -- -- @param[in, out] DhContext Pointer to the DH context. -- @param[in] PeerPublicKey Pointer to the peer's public key. -- @param[in] PeerPublicKeySize Size of peer's public key in bytes. -- @param[out] Key Pointer to the buffer to receive generated key. -- @param[in, out] KeySize On input, the size of Key buffer in bytes. -- On output, the size of data returned in Key buffer in bytes. -- -- @retval TRUE DH exchanged key generation succeeded. -- @retval FALSE DH exchanged key generation failed. -- @retval FALSE KeySize is not large enough. -- --**/ --BOOLEAN --EFIAPI --DhComputeKey ( -- IN OUT VOID *DhContext, -- IN CONST UINT8 *PeerPublicKey, -- IN UINTN PeerPublicKeySize, -- OUT UINT8 *Key, -- IN OUT UINTN *KeySize -- ) --{ -- BIGNUM *Bn; -- INTN Size; -- -- // -- // Check input parameters. -- // -- if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) { -- return FALSE; -- } -- -- if (PeerPublicKeySize > INT_MAX) { -- return FALSE; -- } -- -- Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL); -- if (Bn == NULL) { -- return FALSE; -- } -- -- Size = DH_compute_key (Key, Bn, DhContext); -- if (Size < 0) { -- BN_free (Bn); -- return FALSE; -- } -- -- if (*KeySize < (UINTN) Size) { -- *KeySize = Size; -- BN_free (Bn); -- return FALSE; -- } -- -- *KeySize = Size; -- BN_free (Bn); -- return TRUE; --} -diff --git a/Cryptlib/Pk/CryptDhNull.c b/Cryptlib/Pk/CryptDhNull.c -new file mode 100644 -index 0000000..35045db ---- /dev/null -+++ b/Cryptlib/Pk/CryptDhNull.c -@@ -0,0 +1,156 @@ -+/** @file -+ Diffie-Hellman Wrapper Implementation which does not provide -+ real capabilities. -+ -+Copyright (c) 2012, Intel Corporation. All rights reserved.
-+This program and the accompanying materials -+are licensed and made available under the terms and conditions of the BSD License -+which accompanies this distribution. The full text of the license may be found at -+http://opensource.org/licenses/bsd-license.php -+ -+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+ -+**/ -+ -+#include "InternalCryptLib.h" -+ -+/** -+ Allocates and Initializes one Diffie-Hellman Context for subsequent use. -+ -+ @return Pointer to the Diffie-Hellman Context that has been initialized. -+ If the interface is not supported, DhNew() returns NULL. -+ -+**/ -+VOID * -+EFIAPI -+DhNew ( -+ VOID -+ ) -+{ -+ ASSERT (FALSE); -+ return NULL; -+} -+ -+/** -+ Release the specified DH context. -+ -+ If the interface is not supported, then ASSERT(). -+ -+ @param[in] DhContext Pointer to the DH context to be released. -+ -+**/ -+VOID -+EFIAPI -+DhFree ( -+ IN VOID *DhContext -+ ) -+{ -+ ASSERT (FALSE); -+} -+ -+/** -+ Generates DH parameter. -+ -+ Return FALSE to indicate this interface is not supported. -+ -+ @param[in, out] DhContext Pointer to the DH context. -+ @param[in] Generator Value of generator. -+ @param[in] PrimeLength Length in bits of prime to be generated. -+ @param[out] Prime Pointer to the buffer to receive the generated prime number. -+ -+ @retval FALSE This interface is not supported. -+ -+**/ -+BOOLEAN -+EFIAPI -+DhGenerateParameter ( -+ IN OUT VOID *DhContext, -+ IN UINTN Generator, -+ IN UINTN PrimeLength, -+ OUT UINT8 *Prime -+ ) -+{ -+ ASSERT (FALSE); -+ return FALSE; -+} -+ -+/** -+ Sets generator and prime parameters for DH. -+ -+ Return FALSE to indicate this interface is not supported. -+ -+ @param[in, out] DhContext Pointer to the DH context. -+ @param[in] Generator Value of generator. -+ @param[in] PrimeLength Length in bits of prime to be generated. -+ @param[in] Prime Pointer to the prime number. -+ -+ @retval FALSE This interface is not supported. -+ -+**/ -+BOOLEAN -+EFIAPI -+DhSetParameter ( -+ IN OUT VOID *DhContext, -+ IN UINTN Generator, -+ IN UINTN PrimeLength, -+ IN CONST UINT8 *Prime -+ ) -+{ -+ ASSERT (FALSE); -+ return FALSE; -+} -+ -+/** -+ Generates DH public key. -+ -+ Return FALSE to indicate this interface is not supported. -+ -+ @param[in, out] DhContext Pointer to the DH context. -+ @param[out] PublicKey Pointer to the buffer to receive generated public key. -+ @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes. -+ On output, the size of data returned in PublicKey buffer in bytes. -+ -+ @retval FALSE This interface is not supported. -+ -+**/ -+BOOLEAN -+EFIAPI -+DhGenerateKey ( -+ IN OUT VOID *DhContext, -+ OUT UINT8 *PublicKey, -+ IN OUT UINTN *PublicKeySize -+ ) -+{ -+ ASSERT (FALSE); -+ return FALSE; -+} -+ -+/** -+ Computes exchanged common key. -+ -+ Return FALSE to indicate this interface is not supported. -+ -+ @param[in, out] DhContext Pointer to the DH context. -+ @param[in] PeerPublicKey Pointer to the peer's public key. -+ @param[in] PeerPublicKeySize Size of peer's public key in bytes. -+ @param[out] Key Pointer to the buffer to receive generated key. -+ @param[in, out] KeySize On input, the size of Key buffer in bytes. -+ On output, the size of data returned in Key buffer in bytes. -+ -+ @retval FALSE This interface is not supported. -+ -+**/ -+BOOLEAN -+EFIAPI -+DhComputeKey ( -+ IN OUT VOID *DhContext, -+ IN CONST UINT8 *PeerPublicKey, -+ IN UINTN PeerPublicKeySize, -+ OUT UINT8 *Key, -+ IN OUT UINTN *KeySize -+ ) -+{ -+ ASSERT (FALSE); -+ return FALSE; -+} -diff --git a/Cryptlib/Pk/CryptPkcs7Sign.c b/Cryptlib/Pk/CryptPkcs7Sign.c -deleted file mode 100644 -index 63fe78f..0000000 ---- a/Cryptlib/Pk/CryptPkcs7Sign.c -+++ /dev/null -@@ -1,207 +0,0 @@ --/** @file -- PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL. -- --Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
--This program and the accompanying materials --are licensed and made available under the terms and conditions of the BSD License --which accompanies this distribution. The full text of the license may be found at --http://opensource.org/licenses/bsd-license.php -- --THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, --WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -- --**/ -- --#include "InternalCryptLib.h" -- --#include --#include --#include -- -- --/** -- Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message -- Syntax Standard, version 1.5". This interface is only intended to be used for -- application to perform PKCS#7 functionality validation. -- -- @param[in] PrivateKey Pointer to the PEM-formatted private key data for -- data signing. -- @param[in] PrivateKeySize Size of the PEM private key data in bytes. -- @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM -- key data. -- @param[in] InData Pointer to the content to be signed. -- @param[in] InDataSize Size of InData in bytes. -- @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. -- @param[in] OtherCerts Pointer to an optional additional set of certificates to -- include in the PKCS#7 signedData (e.g. any intermediate -- CAs in the chain). -- @param[out] SignedData Pointer to output PKCS#7 signedData. -- @param[out] SignedDataSize Size of SignedData in bytes. -- -- @retval TRUE PKCS#7 data signing succeeded. -- @retval FALSE PKCS#7 data signing failed. -- --**/ --BOOLEAN --EFIAPI --Pkcs7Sign ( -- IN CONST UINT8 *PrivateKey, -- IN UINTN PrivateKeySize, -- IN CONST UINT8 *KeyPassword, -- IN UINT8 *InData, -- IN UINTN InDataSize, -- IN UINT8 *SignCert, -- IN UINT8 *OtherCerts OPTIONAL, -- OUT UINT8 **SignedData, -- OUT UINTN *SignedDataSize -- ) --{ -- BOOLEAN Status; -- EVP_PKEY *Key; -- BIO *DataBio; -- PKCS7 *Pkcs7; -- UINT8 *RsaContext; -- UINT8 *P7Data; -- UINTN P7DataSize; -- UINT8 *Tmp; -- -- // -- // Check input parameters. -- // -- if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL || -- SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) { -- return FALSE; -- } -- -- RsaContext = NULL; -- Key = NULL; -- Pkcs7 = NULL; -- DataBio = NULL; -- Status = FALSE; -- -- // -- // Retrieve RSA private key from PEM data. -- // -- Status = RsaGetPrivateKeyFromPem ( -- PrivateKey, -- PrivateKeySize, -- (CONST CHAR8 *) KeyPassword, -- (VOID **) &RsaContext -- ); -- if (!Status) { -- return Status; -- } -- -- Status = FALSE; -- -- // -- // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling -- // -- if (EVP_add_digest (EVP_md5 ()) == 0) { -- goto _Exit; -- } -- if (EVP_add_digest (EVP_sha1 ()) == 0) { -- goto _Exit; -- } -- if (EVP_add_digest (EVP_sha256 ()) == 0) { -- goto _Exit; -- } -- -- RandomSeed (NULL, 0); -- -- // -- // Construct OpenSSL EVP_PKEY for private key. -- // -- Key = EVP_PKEY_new (); -- if (Key == NULL) { -- goto _Exit; -- } -- Key->save_type = EVP_PKEY_RSA; -- Key->type = EVP_PKEY_type (EVP_PKEY_RSA); -- Key->pkey.rsa = (RSA *) RsaContext; -- -- // -- // Convert the data to be signed to BIO format. -- // -- DataBio = BIO_new (BIO_s_mem ()); -- if (DataBio == NULL) { -- goto _Exit; -- } -- -- if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) { -- goto _Exit; -- } -- -- // -- // Create the PKCS#7 signedData structure. -- // -- Pkcs7 = PKCS7_sign ( -- (X509 *) SignCert, -- Key, -- (STACK_OF(X509) *) OtherCerts, -- DataBio, -- PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED -- ); -- if (Pkcs7 == NULL) { -- goto _Exit; -- } -- -- // -- // Convert PKCS#7 signedData structure into DER-encoded buffer. -- // -- P7DataSize = i2d_PKCS7 (Pkcs7, NULL); -- if (P7DataSize <= 19) { -- goto _Exit; -- } -- -- P7Data = malloc (P7DataSize); -- if (P7Data == NULL) { -- goto _Exit; -- } -- -- Tmp = P7Data; -- P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp); -- ASSERT (P7DataSize > 19); -- -- // -- // Strip ContentInfo to content only for signeddata. The data be trimmed off -- // is totally 19 bytes. -- // -- *SignedDataSize = P7DataSize - 19; -- *SignedData = malloc (*SignedDataSize); -- if (*SignedData == NULL) { -- OPENSSL_free (P7Data); -- goto _Exit; -- } -- -- CopyMem (*SignedData, P7Data + 19, *SignedDataSize); -- -- OPENSSL_free (P7Data); -- -- Status = TRUE; -- --_Exit: -- // -- // Release Resources -- // -- if (RsaContext != NULL) { -- RsaFree (RsaContext); -- if (Key != NULL) { -- Key->pkey.rsa = NULL; -- } -- } -- -- if (Key != NULL) { -- EVP_PKEY_free (Key); -- } -- -- if (DataBio != NULL) { -- BIO_free (DataBio); -- } -- -- if (Pkcs7 != NULL) { -- PKCS7_free (Pkcs7); -- } -- -- return Status; --} -diff --git a/Cryptlib/Pk/CryptPkcs7VerifyNull.c b/Cryptlib/Pk/CryptPkcs7VerifyNull.c -deleted file mode 100644 -index 9a4c77a..0000000 ---- a/Cryptlib/Pk/CryptPkcs7VerifyNull.c -+++ /dev/null -@@ -1,100 +0,0 @@ --/** @file -- PKCS#7 SignedData Verification Wrapper Implementation which does not provide -- real capabilities. -- --Copyright (c) 2012, Intel Corporation. All rights reserved.
--This program and the accompanying materials --are licensed and made available under the terms and conditions of the BSD License --which accompanies this distribution. The full text of the license may be found at --http://opensource.org/licenses/bsd-license.php -- --THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, --WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -- --**/ -- --#include "InternalCryptLib.h" -- --/** -- Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: -- Cryptographic Message Syntax Standard". The input signed data could be wrapped -- in a ContentInfo structure. -- -- Return FALSE to indicate this interface is not supported. -- -- @param[in] P7Data Pointer to the PKCS#7 message to verify. -- @param[in] P7Length Length of the PKCS#7 message in bytes. -- @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. -- It's caller's responsiblity to free the buffer. -- @param[out] StackLength Length of signer's certificates in bytes. -- @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. -- It's caller's responsiblity to free the buffer. -- @param[out] CertLength Length of the trusted certificate in bytes. -- -- @retval FALSE This interface is not supported. -- --**/ --BOOLEAN --EFIAPI --Pkcs7GetSigners ( -- IN CONST UINT8 *P7Data, -- IN UINTN P7Length, -- OUT UINT8 **CertStack, -- OUT UINTN *StackLength, -- OUT UINT8 **TrustedCert, -- OUT UINTN *CertLength -- ) --{ -- ASSERT (FALSE); -- return FALSE; --} -- --/** -- Wrap function to use free() to free allocated memory for certificates. -- -- If the interface is not supported, then ASSERT(). -- -- @param[in] Certs Pointer to the certificates to be freed. -- --**/ --VOID --EFIAPI --Pkcs7FreeSigners ( -- IN UINT8 *Certs -- ) --{ -- ASSERT (FALSE); --} -- --/** -- Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: -- Cryptographic Message Syntax Standard". The input signed data could be wrapped -- in a ContentInfo structure. -- -- Return FALSE to indicate this interface is not supported. -- -- @param[in] P7Data Pointer to the PKCS#7 message to verify. -- @param[in] P7Length Length of the PKCS#7 message in bytes. -- @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which -- is used for certificate chain verification. -- @param[in] CertLength Length of the trusted certificate in bytes. -- @param[in] InData Pointer to the content to be verified. -- @param[in] DataLength Length of InData in bytes. -- -- @retval FALSE This interface is not supported. -- --**/ --BOOLEAN --EFIAPI --Pkcs7Verify ( -- IN CONST UINT8 *P7Data, -- IN UINTN P7Length, -- IN CONST UINT8 *TrustedCert, -- IN UINTN CertLength, -- IN CONST UINT8 *InData, -- IN UINTN DataLength -- ) --{ -- ASSERT (FALSE); -- return FALSE; --} -diff --git a/Cryptlib/Pk/CryptRsaExt.c b/Cryptlib/Pk/CryptRsaExt.c -deleted file mode 100644 -index 5c21d12..0000000 ---- a/Cryptlib/Pk/CryptRsaExt.c -+++ /dev/null -@@ -1,377 +0,0 @@ --/** @file -- RSA Asymmetric Cipher Wrapper Implementation over OpenSSL. -- -- This file implements following APIs which provide more capabilities for RSA: -- 1) RsaGetKey -- 2) RsaGenerateKey -- 3) RsaCheckKey -- 4) RsaPkcs1Sign -- --Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
--This program and the accompanying materials --are licensed and made available under the terms and conditions of the BSD License --which accompanies this distribution. The full text of the license may be found at --http://opensource.org/licenses/bsd-license.php -- --THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, --WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -- --**/ -- --#include "InternalCryptLib.h" -- --#include --#include --#include -- --/** -- Gets the tag-designated RSA key component from the established RSA context. -- -- This function retrieves the tag-designated RSA key component from the -- established RSA context as a non-negative integer (octet string format -- represented in RSA PKCS#1). -- If specified key component has not been set or has been cleared, then returned -- BnSize is set to 0. -- If the BigNumber buffer is too small to hold the contents of the key, FALSE -- is returned and BnSize is set to the required buffer size to obtain the key. -- -- If RsaContext is NULL, then return FALSE. -- If BnSize is NULL, then return FALSE. -- If BnSize is large enough but BigNumber is NULL, then return FALSE. -- -- @param[in, out] RsaContext Pointer to RSA context being set. -- @param[in] KeyTag Tag of RSA key component being set. -- @param[out] BigNumber Pointer to octet integer buffer. -- @param[in, out] BnSize On input, the size of big number buffer in bytes. -- On output, the size of data returned in big number buffer in bytes. -- -- @retval TRUE RSA key component was retrieved successfully. -- @retval FALSE Invalid RSA key component tag. -- @retval FALSE BnSize is too small. -- --**/ --BOOLEAN --EFIAPI --RsaGetKey ( -- IN OUT VOID *RsaContext, -- IN RSA_KEY_TAG KeyTag, -- OUT UINT8 *BigNumber, -- IN OUT UINTN *BnSize -- ) --{ -- RSA *RsaKey; -- BIGNUM *BnKey; -- UINTN Size; -- -- // -- // Check input parameters. -- // -- if (RsaContext == NULL || BnSize == NULL) { -- return FALSE; -- } -- -- RsaKey = (RSA *) RsaContext; -- Size = *BnSize; -- *BnSize = 0; -- -- switch (KeyTag) { -- -- // -- // RSA Public Modulus (N) -- // -- case RsaKeyN: -- if (RsaKey->n == NULL) { -- return TRUE; -- } -- BnKey = RsaKey->n; -- break; -- -- // -- // RSA Public Exponent (e) -- // -- case RsaKeyE: -- if (RsaKey->e == NULL) { -- return TRUE; -- } -- BnKey = RsaKey->e; -- break; -- -- // -- // RSA Private Exponent (d) -- // -- case RsaKeyD: -- if (RsaKey->d == NULL) { -- return TRUE; -- } -- BnKey = RsaKey->d; -- break; -- -- // -- // RSA Secret Prime Factor of Modulus (p) -- // -- case RsaKeyP: -- if (RsaKey->p == NULL) { -- return TRUE; -- } -- BnKey = RsaKey->p; -- break; -- -- // -- // RSA Secret Prime Factor of Modules (q) -- // -- case RsaKeyQ: -- if (RsaKey->q == NULL) { -- return TRUE; -- } -- BnKey = RsaKey->q; -- break; -- -- // -- // p's CRT Exponent (== d mod (p - 1)) -- // -- case RsaKeyDp: -- if (RsaKey->dmp1 == NULL) { -- return TRUE; -- } -- BnKey = RsaKey->dmp1; -- break; -- -- // -- // q's CRT Exponent (== d mod (q - 1)) -- // -- case RsaKeyDq: -- if (RsaKey->dmq1 == NULL) { -- return TRUE; -- } -- BnKey = RsaKey->dmq1; -- break; -- -- // -- // The CRT Coefficient (== 1/q mod p) -- // -- case RsaKeyQInv: -- if (RsaKey->iqmp == NULL) { -- return TRUE; -- } -- BnKey = RsaKey->iqmp; -- break; -- -- default: -- return FALSE; -- } -- -- *BnSize = Size; -- Size = BN_num_bytes (BnKey); -- -- if (*BnSize < Size) { -- *BnSize = Size; -- return FALSE; -- } -- -- if (BigNumber == NULL) { -- return FALSE; -- } -- *BnSize = BN_bn2bin (BnKey, BigNumber) ; -- -- return TRUE; --} -- --/** -- Generates RSA key components. -- -- This function generates RSA key components. It takes RSA public exponent E and -- length in bits of RSA modulus N as input, and generates all key components. -- If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used. -- -- Before this function can be invoked, pseudorandom number generator must be correctly -- initialized by RandomSeed(). -- -- If RsaContext is NULL, then return FALSE. -- -- @param[in, out] RsaContext Pointer to RSA context being set. -- @param[in] ModulusLength Length of RSA modulus N in bits. -- @param[in] PublicExponent Pointer to RSA public exponent. -- @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. -- -- @retval TRUE RSA key component was generated successfully. -- @retval FALSE Invalid RSA key component tag. -- --**/ --BOOLEAN --EFIAPI --RsaGenerateKey ( -- IN OUT VOID *RsaContext, -- IN UINTN ModulusLength, -- IN CONST UINT8 *PublicExponent, -- IN UINTN PublicExponentSize -- ) --{ -- BIGNUM *KeyE; -- BOOLEAN RetVal; -- -- // -- // Check input parameters. -- // -- if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) { -- return FALSE; -- } -- -- KeyE = BN_new (); -- if (KeyE == NULL) { -- return FALSE; -- } -- -- RetVal = FALSE; -- -- if (PublicExponent == NULL) { -- if (BN_set_word (KeyE, 0x10001) == 0) { -- goto _Exit; -- } -- } else { -- if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) { -- goto _Exit; -- } -- } -- -- if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) { -- RetVal = TRUE; -- } -- --_Exit: -- BN_free (KeyE); -- return RetVal; --} -- --/** -- Validates key components of RSA context. -- -- This function validates key compoents of RSA context in following aspects: -- - Whether p is a prime -- - Whether q is a prime -- - Whether n = p * q -- - Whether d*e = 1 mod lcm(p-1,q-1) -- -- If RsaContext is NULL, then return FALSE. -- -- @param[in] RsaContext Pointer to RSA context to check. -- -- @retval TRUE RSA key components are valid. -- @retval FALSE RSA key components are not valid. -- --**/ --BOOLEAN --EFIAPI --RsaCheckKey ( -- IN VOID *RsaContext -- ) --{ -- UINTN Reason; -- -- // -- // Check input parameters. -- // -- if (RsaContext == NULL) { -- return FALSE; -- } -- -- if (RSA_check_key ((RSA *) RsaContext) != 1) { -- Reason = ERR_GET_REASON (ERR_peek_last_error ()); -- if (Reason == RSA_R_P_NOT_PRIME || -- Reason == RSA_R_Q_NOT_PRIME || -- Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q || -- Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) { -- return FALSE; -- } -- } -- -- return TRUE; --} -- --/** -- Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme. -- -- This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in -- RSA PKCS#1. -- If the Signature buffer is too small to hold the contents of signature, FALSE -- is returned and SigSize is set to the required buffer size to obtain the signature. -- -- If RsaContext is NULL, then return FALSE. -- If MessageHash is NULL, then return FALSE. -- If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. -- If SigSize is large enough but Signature is NULL, then return FALSE. -- -- @param[in] RsaContext Pointer to RSA context for signature generation. -- @param[in] MessageHash Pointer to octet message hash to be signed. -- @param[in] HashSize Size of the message hash in bytes. -- @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature. -- @param[in, out] SigSize On input, the size of Signature buffer in bytes. -- On output, the size of data returned in Signature buffer in bytes. -- -- @retval TRUE Signature successfully generated in PKCS1-v1_5. -- @retval FALSE Signature generation failed. -- @retval FALSE SigSize is too small. -- --**/ --BOOLEAN --EFIAPI --RsaPkcs1Sign ( -- IN VOID *RsaContext, -- IN CONST UINT8 *MessageHash, -- IN UINTN HashSize, -- OUT UINT8 *Signature, -- IN OUT UINTN *SigSize -- ) --{ -- RSA *Rsa; -- UINTN Size; -- INT32 DigestType; -- -- // -- // Check input parameters. -- // -- if (RsaContext == NULL || MessageHash == NULL) { -- return FALSE; -- } -- -- Rsa = (RSA *) RsaContext; -- Size = BN_num_bytes (Rsa->n); -- -- if (*SigSize < Size) { -- *SigSize = Size; -- return FALSE; -- } -- -- if (Signature == NULL) { -- return FALSE; -- } -- -- // -- // Determine the message digest algorithm according to digest size. -- // Only MD5, SHA-1 or SHA-256 algorithm is supported. -- // -- switch (HashSize) { -- case MD5_DIGEST_SIZE: -- DigestType = NID_md5; -- break; -- -- case SHA1_DIGEST_SIZE: -- DigestType = NID_sha1; -- break; -- -- case SHA256_DIGEST_SIZE: -- DigestType = NID_sha256; -- break; -- -- default: -- return FALSE; -- } -- -- return (BOOLEAN) RSA_sign ( -- DigestType, -- MessageHash, -- (UINT32) HashSize, -- Signature, -- (UINT32 *) SigSize, -- (RSA *) RsaContext -- ); --} -diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh -index 57b6631..0e34db9 100755 ---- a/Cryptlib/update.sh -+++ b/Cryptlib/update.sh -@@ -14,13 +14,10 @@ cp $DIR/Cipher/CryptTdes.c Cipher/CryptTdes.c - cp $DIR/Cipher/CryptArc4.c Cipher/CryptArc4.c - cp $DIR/Rand/CryptRand.c Rand/CryptRand.c - cp $DIR/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c --cp $DIR/Pk/CryptRsaExt.c Pk/CryptRsaExt.c - cp $DIR/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c --cp $DIR/Pk/CryptPkcs7Sign.c Pk/CryptPkcs7Sign.c - cp $DIR/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c - cp $DIR/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c --cp $DIR/Pk/CryptPkcs7VerifyNull.c Pk/CryptPkcs7VerifyNull.c --cp $DIR/Pk/CryptDh.c Pk/CryptDh.c -+cp $DIR/Pk/CryptDhNull.c Pk/CryptDhNull.c - cp $DIR/Pk/CryptX509.c Pk/CryptX509.c - cp $DIR/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c - cp $DIR/Pem/CryptPem.c Pem/CryptPem.c --- -1.9.3 - diff --git a/SOURCES/0069-Another-testplan-error.patch b/SOURCES/0069-Another-testplan-error.patch deleted file mode 100644 index e3475b6..0000000 --- a/SOURCES/0069-Another-testplan-error.patch +++ /dev/null @@ -1,71 +0,0 @@ -From a2e66ece4d6b46ba2195cef76913c42177e6b4a2 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 2 Oct 2014 01:01:17 -0400 -Subject: [PATCH 69/74] Another testplan error. - -Signed-off-by: Peter Jones ---- - testplan.txt | 24 +++++++++++------------- - 1 file changed, 11 insertions(+), 13 deletions(-) - -diff --git a/testplan.txt b/testplan.txt -index ab88781..0b0569e 100644 ---- a/testplan.txt -+++ b/testplan.txt -@@ -47,27 +47,25 @@ How to test a new shim build for RHEL/fedora: - fs0:\EFI\test\lockdown.efi - 17) enable secure boot verification - 18) verify it can't run other binaries: -- fs0:\EFI\redhat\grubx64.efi -+ fs0:\EFI\test\grubx64.efi - result should be an error, probably similar to: - "fs0:\...\grubx64.efi is not recognized as an internal or external command" --19) copy test.efi to grubx64.efi: -- cp \EFI\test\test.efi \EFI\test\grubx64.efi --20) in the EFI shell, run fs0:\EFI\test\shim.efi --21) you should see MokManager. Enroll the certificate you added in #13, and -+19) in the EFI shell, run fs0:\EFI\test\shim.efi -+20) you should see MokManager. Enroll the certificate you added in #13, and - the system will reboot. --22) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi -+21) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi - result: "This is a test application that should be completely safe." - If you get the expected result, shim can run things signed by its internal - key ring. Check a box someplace that says it can do that. --23) from the EFI shell, copy grub to grubx64.efi: -+22) from the EFI shell, copy grub to grubx64.efi: - cp \EFI\test\grub.efi \EFI\test\grubx64.efi --24) in the EFI shell, run fs0:\EFI\test\shim.efi -+23) in the EFI shell, run fs0:\EFI\test\shim.efi - result: this should start grub, which will let you boot a kernel - If grub starts, it means shim can run things signed by a key in the system's - db. Check a box someplace that says it can do that. - If the kernel boots, it means shim can run things from Mok. Check a box - someplace that says it can do that. --25) remove all boot entries and the BootOrder variable: -+24) remove all boot entries and the BootOrder variable: - [root@uefi ~]# cd /sys/firmware/efi/efivars/ - [root@uefi efivars]# rm -vf Boot[0123456789]* BootOrder-* - removed ‘Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c’ -@@ -76,14 +74,14 @@ How to test a new shim build for RHEL/fedora: - removed ‘Boot2001-8be4df61-93ca-11d2-aa0d-00e098032b8c’ - removed ‘BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c’ - [root@uefi efivars]# --27) reboot --28) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just -+25) reboot -+26) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just - have an old machine. In that case, go to the EFI shell and run: - fs0:\EFI\BOOT\BOOTX64.EFI - If this works, you should see a bit of output very quickly and then the same - thing as #24. This means shim recognized it was in \EFI\BOOT and ran - fallback.efi, which worked. --29) copy the unsigned grub into place and reboot: -+27) copy the unsigned grub into place and reboot: - cp /boot/efi/EFI/test/grubx64-unsigned.efi /boot/efi/EFI/test/grubx64.efi --30) reboot again. -+28) reboot again. - result: shim should refuse to load grub. --- -1.9.3 - diff --git a/SOURCES/0070-shim-buffer-overflow-on-ipv6-option-parsing.patch b/SOURCES/0070-shim-buffer-overflow-on-ipv6-option-parsing.patch deleted file mode 100644 index a61889e..0000000 --- a/SOURCES/0070-shim-buffer-overflow-on-ipv6-option-parsing.patch +++ /dev/null @@ -1,173 +0,0 @@ -From e253c2a2c07bc526de1528ed9839b2b584025fa2 Mon Sep 17 00:00:00 2001 -From: Sebastian Krahmer -Date: Tue, 29 Jul 2014 09:55:00 +0000 -Subject: [PATCH 70/74] shim buffer overflow on ipv6 option parsing - ---- - netboot.c | 102 ++++++++++++++++++++++++++++++++++++++------------------------ - 1 file changed, 62 insertions(+), 40 deletions(-) - -diff --git a/netboot.c b/netboot.c -index 238937d..f884cba 100644 ---- a/netboot.c -+++ b/netboot.c -@@ -108,29 +108,34 @@ BOOLEAN findNetboot(EFI_HANDLE device) - - static CHAR8 *get_v6_bootfile_url(EFI_PXE_BASE_CODE_DHCPV6_PACKET *pkt) - { -- void *optr; -- EFI_DHCP6_PACKET_OPTION *option; -- CHAR8 *url; -- UINT32 urllen; -+ void *optr = NULL, *end = NULL; -+ EFI_DHCP6_PACKET_OPTION *option = NULL; -+ CHAR8 *url = NULL; -+ UINT32 urllen = 0; - - optr = pkt->DhcpOptions; -+ end = optr + sizeof(pkt->DhcpOptions); - -- for(;;) { -+ for (;;) { - option = (EFI_DHCP6_PACKET_OPTION *)optr; - - if (ntohs(option->OpCode) == 0) -- return NULL; -+ break; - - if (ntohs(option->OpCode) == 59) { - /* This is the bootfile url option */ - urllen = ntohs(option->Length); -- url = AllocateZeroPool(urllen+1); -+ if ((void *)(option->Data + urllen) > end) -+ break; -+ url = AllocateZeroPool(urllen + 1); - if (!url) -- return NULL; -+ break; - memcpy(url, option->Data, urllen); - return url; - } - optr += 4 + ntohs(option->Length); -+ if (optr + sizeof(EFI_DHCP6_PACKET_OPTION) > end) -+ break; - } - - return NULL; -@@ -156,45 +161,60 @@ static CHAR16 str2ns(CHAR8 *str) - - static CHAR8 *str2ip6(CHAR8 *str) - { -- UINT8 i, j, p; -- size_t len; -- CHAR8 *a, *b, t; -- static UINT16 ip[8]; -+ UINT8 i = 0, j = 0, p = 0; -+ size_t len = 0, dotcount = 0; -+ enum { MAX_IP6_DOTS = 7 }; -+ CHAR8 *a = NULL, *b = NULL, t = 0; -+ static UINT16 ip[8]; - -- for(i=0; i < 8; i++) { -- ip[i] = 0; -- } -- len = strlen(str); -- a = b = str; -- for(i=p=0; i < len; i++, b++) { -- if (*b != ':') -- continue; -- *b = '\0'; -- ip[p++] = str2ns(a); -- *b = ':'; -- a = b + 1; -- if ( *(b+1) == ':' ) -- break; -- } -- a = b = (str + len); -- for(j=len, p=7; j > i; j--, a--) { -- if (*a != ':') -- continue; -- t = *b; -- *b = '\0'; -- ip[p--] = str2ns(a+1); -- *b = t; -- b = a; -- } -- return (CHAR8 *)ip; -+ memset(ip, 0, sizeof(ip)); -+ -+ /* Count amount of ':' to prevent overflows. -+ * max. count = 7. Returns an invalid ip6 that -+ * can be checked against -+ */ -+ for (a = str; *a != 0; ++a) { -+ if (*a == ':') -+ ++dotcount; -+ } -+ if (dotcount > MAX_IP6_DOTS) -+ return (CHAR8 *)ip; -+ -+ len = strlen(str); -+ a = b = str; -+ for (i = p = 0; i < len; i++, b++) { -+ if (*b != ':') -+ continue; -+ *b = '\0'; -+ ip[p++] = str2ns(a); -+ *b = ':'; -+ a = b + 1; -+ if (b[1] == ':' ) -+ break; -+ } -+ a = b = (str + len); -+ for (j = len, p = 7; j > i; j--, a--) { -+ if (*a != ':') -+ continue; -+ t = *b; -+ *b = '\0'; -+ ip[p--] = str2ns(a+1); -+ *b = t; -+ b = a; -+ } -+ return (CHAR8 *)ip; - } - - static BOOLEAN extract_tftp_info(CHAR8 *url) - { - CHAR8 *start, *end; - CHAR8 ip6str[40]; -+ CHAR8 ip6inv[16]; - CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR); - -+ // to check against str2ip6() errors -+ memset(ip6inv, 0, sizeof(ip6inv)); -+ - if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) { - Print(L"URLS MUST START WITH tftp://\n"); - return FALSE; -@@ -209,7 +229,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url) - end = start; - while ((*end != '\0') && (*end != ']')) { - end++; -- if (end - start > 39) { -+ if (end - start >= (int)sizeof(ip6str)) { - Print(L"TFTP URL includes malformed IPv6 address\n"); - return FALSE; - } -@@ -218,10 +238,12 @@ static BOOLEAN extract_tftp_info(CHAR8 *url) - Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n"); - return FALSE; - } -- memset(ip6str, 0, 40); -+ memset(ip6str, 0, sizeof(ip6str)); - memcpy(ip6str, start, end - start); - end++; - memcpy(&tftp_addr.v6, str2ip6(ip6str), 16); -+ if (memcmp(&tftp_addr.v6, ip6inv, sizeof(ip6inv)) == 0) -+ return FALSE; - full_path = AllocateZeroPool(strlen(end)+strlen(template)+1); - if (!full_path) - return FALSE; --- -1.9.3 - diff --git a/SOURCES/0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch b/SOURCES/0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch deleted file mode 100644 index 448d03a..0000000 --- a/SOURCES/0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 034466b7734a2749346151d903bbd7c8a1288db1 Mon Sep 17 00:00:00 2001 -From: Sebastian Krahmer -Date: Tue, 12 Aug 2014 09:23:28 +0000 -Subject: [PATCH 71/74] OOB access when parsing MOK List/Certificates on MOK - enrollment - ---- - MokManager.c | 30 ++++++++++++++++++++++++++++++ - 1 file changed, 30 insertions(+) - -diff --git a/MokManager.c b/MokManager.c -index ecbcdd3..4a9b102 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -100,8 +100,18 @@ static UINT32 count_keys(void *Data, UINTN DataSize) - EFI_GUID HashType = EFI_CERT_SHA256_GUID; - UINTN dbsize = DataSize; - UINT32 MokNum = 0; -+ void *end = Data + DataSize; - - while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { -+ -+ /* Use ptr arithmetics to ensure bounded access. Do not allow 0 -+ * SignatureListSize that will cause endless loop. -+ */ -+ if ((void *)(CertList + 1) > end || CertList->SignatureListSize == 0) { -+ console_notify(L"Invalid MOK detected! Ignoring MOK List."); -+ return 0; -+ } -+ - if ((CompareGuid (&CertList->SignatureType, &CertType) != 0) && - (CompareGuid (&CertList->SignatureType, &HashType) != 0)) { - console_notify(L"Doesn't look like a key or hash"); -@@ -137,6 +147,7 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { - EFI_GUID HashType = EFI_CERT_SHA256_GUID; - UINTN dbsize = DataSize; - UINTN count = 0; -+ void *end = Data + DataSize; - - list = AllocatePool(sizeof(MokListNode) * num); - -@@ -146,6 +157,11 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { - } - - while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { -+ /* CertList out of bounds? */ -+ if ((void *)(CertList + 1) > end || CertList->SignatureListSize == 0) { -+ FreePool(list); -+ return NULL; -+ } - if ((CompareGuid (&CertList->SignatureType, &CertType) != 0) && - (CompareGuid (&CertList->SignatureType, &HashType) != 0)) { - dbsize -= CertList->SignatureListSize; -@@ -165,10 +181,22 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { - Cert = (EFI_SIGNATURE_DATA *) (((UINT8 *) CertList) + - sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); - -+ /* Cert out of bounds? */ -+ if ((void *)(Cert + 1) > end || CertList->SignatureSize <= sizeof(EFI_GUID)) { -+ FreePool(list); -+ return NULL; -+ } -+ - list[count].MokSize = CertList->SignatureSize - sizeof(EFI_GUID); - list[count].Mok = (void *)Cert->SignatureData; - list[count].Type = CertList->SignatureType; - -+ /* MOK out of bounds? */ -+ if (list[count].MokSize > end - (void *)list[count].Mok) { -+ FreePool(list); -+ return NULL; -+ } -+ - count++; - dbsize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + -@@ -449,6 +477,8 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) - } - - MokNum = count_keys(KeyList, KeyListSize); -+ if (MokNum == 0) -+ return 0; - keys = build_mok_list(MokNum, KeyList, KeyListSize); - - if (!keys) { --- -1.9.3 - diff --git a/SOURCES/0072-Make-another-integer-compare-be-signed-unsigned-safe.patch b/SOURCES/0072-Make-another-integer-compare-be-signed-unsigned-safe.patch deleted file mode 100644 index cb6cb15..0000000 --- a/SOURCES/0072-Make-another-integer-compare-be-signed-unsigned-safe.patch +++ /dev/null @@ -1,28 +0,0 @@ -From c622b677d67ebd88b94f13555b30da80ca74a8c1 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Sun, 21 Sep 2014 13:45:38 -0400 -Subject: [PATCH 72/74] Make another integer compare be signed/unsigned safe as - well. - -Signed-off-by: Peter Jones ---- - MokManager.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/MokManager.c b/MokManager.c -index 4a9b102..ee29051 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -192,7 +192,8 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { - list[count].Type = CertList->SignatureType; - - /* MOK out of bounds? */ -- if (list[count].MokSize > end - (void *)list[count].Mok) { -+ if (list[count].MokSize > (unsigned long)end - -+ (unsigned long)list[count].Mok) { - FreePool(list); - return NULL; - } --- -1.9.3 - diff --git a/SOURCES/0073-Use-Werror-sign-compare.patch b/SOURCES/0073-Use-Werror-sign-compare.patch deleted file mode 100644 index be6ff0c..0000000 --- a/SOURCES/0073-Use-Werror-sign-compare.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 6a115d038af259dd5b42f1651193eb0b8a83a5c8 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Sun, 21 Sep 2014 13:50:13 -0400 -Subject: [PATCH 73/74] Use -Werror=sign-compare . - -I'm going to have to fix any errors that have this anyway, so may as -well do it here properly. - -Signed-off-by: Peter Jones ---- - Makefile | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile b/Makefile -index 5bc513c..694480b 100644 ---- a/Makefile -+++ b/Makefile -@@ -21,6 +21,7 @@ EFI_LDS = elf_$(ARCH)_efi.lds - DEFAULT_LOADER := \\\\grub.efi - CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ - -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ -+ -Werror=sign-compare \ - "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ - "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ - $(EFI_INCLUDES) --- -1.9.3 - diff --git a/SOURCES/0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch b/SOURCES/0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch deleted file mode 100644 index dea5584..0000000 --- a/SOURCES/0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c0949c0a7916e81767ab35f67005b80cfb565e2c Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Sun, 21 Sep 2014 15:19:34 -0400 -Subject: [PATCH 74/74] Correctly reject bad tftp addresses earlier, rather - than later. - -This check is for end == NULL but was meant to be *end == '\0'. Without -this change, we'll pass a plausibly bad address (i.e. one with no ']' at -the end) to Mtftp(... READ_FILE ...), which should fail correctly, but -our error messaging will be inconsistent. - -Signed-off-by: Peter Jones ---- - netboot.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/netboot.c b/netboot.c -index f884cba..ad5d37e 100644 ---- a/netboot.c -+++ b/netboot.c -@@ -234,7 +234,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url) - return FALSE; - } - } -- if (end == '\0') { -+ if (*end == '\0') { - Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n"); - return FALSE; - } --- -1.9.3 - diff --git a/SOURCES/rhtest.cer b/SOURCES/rhtest.cer deleted file mode 100644 index 7c21c7a..0000000 Binary files a/SOURCES/rhtest.cer and /dev/null differ diff --git a/SOURCES/shim-find-debuginfo.sh b/SOURCES/shim-find-debuginfo.sh new file mode 100755 index 0000000..ce3d69e --- /dev/null +++ b/SOURCES/shim-find-debuginfo.sh @@ -0,0 +1,412 @@ +#!/bin/bash +#find-debuginfo.sh - automagically generate debug info and file list +#for inclusion in an rpm spec file. +# +# Usage: find-debuginfo.sh [--strict-build-id] [-g] [-r] +# [-o debugfiles.list] +# [[-l filelist]... [-p 'pattern'] -o debuginfo.list] +# [builddir] +# +# The -g flag says to use strip -g instead of full strip on DSOs or EXEs. +# The --strict-build-id flag says to exit with failure status if +# any ELF binary processed fails to contain a build-id note. +# The -r flag says to use eu-strip --reloc-debug-sections. +# +# A single -o switch before any -l or -p switches simply renames +# the primary output file from debugfiles.list to something else. +# A -o switch that follows a -p switch or some -l switches produces +# an additional output file with the debuginfo for the files in +# the -l filelist file, or whose names match the -p pattern. +# The -p argument is an grep -E -style regexp matching the a file name, +# and must not use anchors (^ or $). +# +# All file names in switches are relative to builddir (. if not given). +# + +# With -g arg, pass it to strip on libraries or executables. +strip_g=false + +# with -r arg, pass --reloc-debug-sections to eu-strip. +strip_r=false + +# Barf on missing build IDs. +strict=false + +BUILDDIR=. +out=debugfiles.list +nout=0 +while [ $# -gt 0 ]; do + case "$1" in + --strict-build-id) + strict=true + ;; + -g) + strip_g=true + ;; + -o) + if [ -z "${lists[$nout]}" -a -z "${ptns[$nout]}" ]; then + out=$2 + else + outs[$nout]=$2 + ((nout++)) + fi + shift + ;; + -l) + lists[$nout]="${lists[$nout]} $2" + shift + ;; + -p) + ptns[$nout]=$2 + shift + ;; + -r) + strip_r=true + ;; + *) + BUILDDIR=$1 + shift + break + ;; + esac + shift +done + +i=0 +while ((i < nout)); do + outs[$i]="$BUILDDIR/${outs[$i]}" + l='' + for f in ${lists[$i]}; do + l="$l $BUILDDIR/$f" + done + lists[$i]=$l + ((++i)) +done + +LISTFILE="$BUILDDIR/$out" +SOURCEFILE="$BUILDDIR/debugsources.list" +LINKSFILE="$BUILDDIR/debuglinks.list" + +> "$SOURCEFILE" +> "$LISTFILE" +> "$LINKSFILE" + +debugdir="${RPM_BUILD_ROOT}/usr/lib/debug" + +strip_to_debug() +{ + local g= + local r= + $strip_r && r=--reloc-debug-sections + $strip_g && case "$(file -bi "$2")" in + application/x-sharedlib*) g=-g ;; + application/x-executable*) g=-g ;; + esac + eu-strip --remove-comment $r $g -f "$1" "$2" || exit + chmod 444 "$1" || exit +} + +# Make a relative symlink to $1 called $3$2 +shopt -s extglob +link_relative() +{ + local t="$1" f="$2" pfx="$3" + local fn="${f#/}" tn="${t#/}" + local fd td d + + while fd="${fn%%/*}"; td="${tn%%/*}"; [ "$fd" = "$td" ]; do + fn="${fn#*/}" + tn="${tn#*/}" + done + + d="${fn%/*}" + if [ "$d" != "$fn" ]; then + d="${d//+([!\/])/..}" + tn="${d}/${tn}" + fi + + mkdir -p "$(dirname "$pfx$f")" && ln -snf "$tn" "$pfx$f" +} + +# Make a symlink in /usr/lib/debug/$2 to $1 +debug_link() +{ + local l="/usr/lib/debug$2" + local t="$1" + echo >> "$LINKSFILE" "$l $t" + link_relative "$t" "$l" "$RPM_BUILD_ROOT" +} + +# Provide .2, .3, ... symlinks to all filename instances of this build-id. +make_id_dup_link() +{ + local id="$1" file="$2" idfile + + local n=1 + while true; do + idfile=".build-id/${id:0:2}/${id:2}.$n" + [ $# -eq 3 ] && idfile="${idfile}$3" + if [ ! -L "$RPM_BUILD_ROOT/usr/lib/debug/$idfile" ]; then + break + fi + n=$[$n+1] + done + debug_link "$file" "/$idfile" +} + +# Make a build-id symlink for id $1 with suffix $3 to file $2. +make_id_link() +{ + local id="$1" file="$2" + local idfile=".build-id/${id:0:2}/${id:2}" + [ $# -eq 3 ] && idfile="${idfile}$3" + local root_idfile="$RPM_BUILD_ROOT/usr/lib/debug/$idfile" + + if [ ! -L "$root_idfile" ]; then + debug_link "$file" "/$idfile" + return + fi + + make_id_dup_link "$@" + + [ $# -eq 3 ] && return 0 + + local other=$(readlink -m "$root_idfile") + other=${other#$RPM_BUILD_ROOT} + if cmp -s "$root_idfile" "$RPM_BUILD_ROOT$file" || + eu-elfcmp -q "$root_idfile" "$RPM_BUILD_ROOT$file" 2> /dev/null; then + # Two copies. Maybe one has to be setuid or something. + echo >&2 "*** WARNING: identical binaries are copied, not linked:" + echo >&2 " $file" + echo >&2 " and $other" + else + # This is pathological, break the build. + echo >&2 "*** ERROR: same build ID in nonidentical files!" + echo >&2 " $file" + echo >&2 " and $other" + exit 2 + fi +} + +get_debugfn() +{ + dn=$(dirname "${1#$RPM_BUILD_ROOT}") + [ "$dn" == "." ] && dn="" + bn=$(basename "$1" .so).debug + bn=$(basename "$bn" .debug).debug + + debugdn=${debugdir}${dn} + debugfn=${debugdn}/${bn} + + [ -n "$2" ] && shadowfn=$(basename "$2") +} + +set -o pipefail + +strict_error=ERROR +$strict || strict_error=WARNING + +handle_single_file() +{ + nlinks=$1 && shift + inum=$1 && shift + f=$1 && shift + shadow=$1 && shift + zf="$f" + [ -n "${shadowfn}" ] && zf="${shadowfn}" + + get_debugfn "$f" "$shadow" + [ -f "${debugfn}" ] && return + + # If this file has multiple links, keep track and make + # the corresponding .debug files all links to one file too. + if [ $nlinks -gt 1 ]; then + eval linked=\$linked_$inum + if [ -n "$linked" ]; then + eval id=\$linkedid_$inum + make_id_dup_link "$id" "$dn/$(basename ${zf})" + make_id_dup_link "$id" "/usr/lib/debug$dn/$bn" .debug + link=$debugfn + get_debugfn "$linked" + echo "hard linked $link to $debugfn" + mkdir -p "$(dirname "$link")" && ln -nf "$debugfn" "$link" + return + else + eval linked_$inum=\$f + echo "file $f has $[$nlinks - 1] other hard links" + fi + fi + + echo "extracting debug info from $f" + echo /usr/lib/rpm/debugedit -b "$RPM_BUILD_DIR" -d /usr/src/debug \ + -i -l "$SOURCEFILE" "$f" + id=$(/usr/lib/rpm/debugedit -b "$RPM_BUILD_DIR" -d /usr/src/debug \ + -i -l "$SOURCEFILE" "$f") || exit + if [ $nlinks -gt 1 ]; then + eval linkedid_$inum=\$id + fi + if [ -z "$id" ]; then + echo >&2 "*** ${strict_error}: No build ID note found in $zf" + $strict && exit 2 + fi + + [ -x /usr/bin/gdb-add-index ] && /usr/bin/gdb-add-index "$zf" > /dev/null 2>&1 + + # A binary already copied into /usr/lib/debug doesn't get stripped, + # just has its file names collected and adjusted. + case "$dn" in + /usr/lib/debug/*) + [ -z "$id" ] || make_id_link "$id" "$dn/$(basename $zf)" + return ;; + esac + + mkdir -p "${debugdn}" + if test -w "$f"; then + strip_to_debug "${debugfn}" "$f" + else + chmod u+w "$f" + strip_to_debug "${debugfn}" "$f" + chmod u-w "$f" + fi + + if [ -n "$id" ]; then + make_id_link "$id" "$dn/$(basename ${zf})" + make_id_link "$id" "/usr/lib/debug$dn/$bn" .debug + fi +} + +# Strip ELF binaries +find "$RPM_BUILD_ROOT" ! -path "${debugdir}/*.debug" -type f \ + \( -perm -0100 -or -perm -0010 -or -perm -0001 \) \ + -print | +file -N -f - | sed -n -e 's/^\(.*\):[ ]*.*ELF.*, not stripped.*/\1/p' | +xargs --no-run-if-empty stat -c '%h %D_%i %n' | +while read nlinks inum f; do + handle_single_file $nlinks $inum $f +done || exit + +find "$RPM_BUILD_ROOT" ! -path "${debugdir}/*.debug" -type f \ + -iname '*.efi' -print | +file -N -f - | sed -n -e 's/^\(.*\):[ ]*.*PE32.*EFI .*/\1/p' | +xargs --no-run-if-empty stat -c '%h %D_%i %n' | +while read nlinks inum f; do + [ -f "$f" ] || continue + [ -f "${f%%.efi}.so" ] || continue + handle_single_file $nlinks $inum ${f%%.efi}.so $f +done || exit + +# On Aarch64 file tells us "MS-DOS" instead of PE32+. Why not. +find "$RPM_BUILD_ROOT" ! -path "${debugdir}/*.debug" -type f \ + -iname '*.efi' -print | +file -N -f - | sed -n -e 's/^\(.*\):[ ]MS-DOS.*/\1/p' | +xargs --no-run-if-empty stat -c '%h %D_%i %n' | +while read nlinks inum f; do + [ -f "$f" ] || continue + [ -f "${f%%.efi}.so" ] || continue + handle_single_file $nlinks $inum ${f%%.efi}.so $f +done || exit +# For each symlink whose target has a .debug file, +# make a .debug symlink to that file. +find "$RPM_BUILD_ROOT" ! -path "${debugdir}/*" -type l -print | +while read f +do + t=$(readlink -m "$f").debug + f=${f#$RPM_BUILD_ROOT} + t=${t#$RPM_BUILD_ROOT} + if [ -f "$debugdir$t" ]; then + echo "symlinked /usr/lib/debug$t to /usr/lib/debug${f}.debug" + debug_link "/usr/lib/debug$t" "${f}.debug" + fi +done + +if [ -s "$SOURCEFILE" ]; then + mkdir -p "${RPM_BUILD_ROOT}/usr/src/debug" + LC_ALL=C sort -z -u "$SOURCEFILE" | grep -E -v -z '(|)$' | + (cd "$RPM_BUILD_DIR"; cpio -pd0mL "${RPM_BUILD_ROOT}/usr/src/debug") + # stupid cpio creates new directories in mode 0700, fixup + find "${RPM_BUILD_ROOT}/usr/src/debug" -type d -print0 | + xargs --no-run-if-empty -0 chmod a+rx +fi + +if [ -d "${RPM_BUILD_ROOT}/usr/lib" -o -d "${RPM_BUILD_ROOT}/usr/src" ]; then + ((nout > 0)) || + test ! -d "${RPM_BUILD_ROOT}/usr/lib" || + (cd "${RPM_BUILD_ROOT}/usr/lib"; find debug -type d) | + sed 's,^,%dir /usr/lib/,' >> "$LISTFILE" + + (cd "${RPM_BUILD_ROOT}/usr" + test ! -d lib/debug || find lib/debug ! -type d + test ! -d src/debug || find src/debug -mindepth 1 -maxdepth 1 + ) | sed 's,^,/usr/,' >> "$LISTFILE" +fi + +# Append to $1 only the lines from stdin not already in the file. +append_uniq() +{ + grep -F -f "$1" -x -v >> "$1" +} + +# Helper to generate list of corresponding .debug files from a file list. +filelist_debugfiles() +{ + local extra="$1" + shift + sed 's/^%[a-z0-9_][a-z0-9_]*([^)]*) *// +s/^%[a-z0-9_][a-z0-9_]* *// +/^$/d +'"$extra" "$@" +} + +# Write an output debuginfo file list based on given input file lists. +filtered_list() +{ + local out="$1" + shift + test $# -gt 0 || return + grep -F -f <(filelist_debugfiles 's,^.*$,/usr/lib/debug&.debug,' "$@") \ + -x $LISTFILE >> $out + sed -n -f <(filelist_debugfiles 's/[\\.*+#]/\\&/g +h +s,^.*$,s# &$##p,p +g +s,^.*$,s# /usr/lib/debug&.debug$##p,p +' "$@") "$LINKSFILE" | append_uniq "$out" +} + +# Write an output debuginfo file list based on an grep -E -style regexp. +pattern_list() +{ + local out="$1" ptn="$2" + test -n "$ptn" || return + grep -E -x -e "$ptn" "$LISTFILE" >> "$out" + sed -n -r "\#^$ptn #s/ .*\$//p" "$LINKSFILE" | append_uniq "$out" +} + +# +# When given multiple -o switches, split up the output as directed. +# +i=0 +while ((i < nout)); do + > ${outs[$i]} + filtered_list ${outs[$i]} ${lists[$i]} + pattern_list ${outs[$i]} "${ptns[$i]}" + grep -Fvx -f ${outs[$i]} "$LISTFILE" > "${LISTFILE}.new" + mv "${LISTFILE}.new" "$LISTFILE" + ((++i)) +done +if ((nout > 0)); then + # Now add the right %dir lines to each output list. + (cd "${RPM_BUILD_ROOT}"; find usr/lib/debug -type d) | + sed 's#^.*$#\\@^/&/@{h;s@^.*$@%dir /&@p;g;}#' | + LC_ALL=C sort -ur > "${LISTFILE}.dirs.sed" + i=0 + while ((i < nout)); do + sed -n -f "${LISTFILE}.dirs.sed" "${outs[$i]}" | sort -u > "${outs[$i]}.new" + cat "${outs[$i]}" >> "${outs[$i]}.new" + mv -f "${outs[$i]}.new" "${outs[$i]}" + ((++i)) + done + sed -n -f "${LISTFILE}.dirs.sed" "${LISTFILE}" | sort -u > "${LISTFILE}.new" + cat "$LISTFILE" >> "${LISTFILE}.new" + mv "${LISTFILE}.new" "$LISTFILE" +fi diff --git a/SPECS/shim.spec b/SPECS/shim.spec index 1871913..8cc3fb8 100644 --- a/SPECS/shim.spec +++ b/SPECS/shim.spec @@ -1,106 +1,25 @@ Name: shim -Version: 0.7 -Release: 8%{?dist} +Version: 0.9 +Release: 1%{?dist} Summary: First-stage UEFI bootloader License: BSD URL: http://www.codon.org.uk/~mjg59/shim/ Source0: https://github.com/mjg59/shim/releases/download/%{version}/shim-%{version}.tar.bz2 Source1: securebootca.cer +# currently here's what's in our dbx: # nothing. +#Source2: dbx.esl +Source3: shim-find-debuginfo.sh -# incorporate mokutil for packaging simplicity -%global mokutilver 0.2.0 -Source2: https://github.com/lcp/mokutil/archive/mokutil-%{mokutilver}.tar.gz -# currently here's what's in our dbx: -# nothing. -#Source3: dbx.esl -Source4: rhtest.cer - -Patch0001: 0001-fix-verify_mok.patch -Patch0002: 0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch -Patch0003: 0003-netboot.h-fix-build-error-on-32-bit-systems.patch -Patch0004: 0004-properly-compile-OpenSSL-in-32-bit-mode.patch -Patch0005: 0005-fallback.c-fix-32-bit-compilation.patch -Patch0006: 0006-fix-fallback.so-build-dependency.patch -Patch0007: 0007-propagate-some-path-variables.patch -Patch0008: 0008-allow-32-bit-compilation-with-64-bit-compiler.patch -Patch0009: 0009-shim-improve-error-messages.patch -Patch0010: 0010-Clarify-meaning-of-insecure_mode.patch -Patch0011: 0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch -Patch0012: 0012-Fix-path-generation-for-Dhcpv4-bootloader.patch -Patch0013: 0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch -Patch0014: 0014-Fix-wrong-sizeof.patch -Patch0015: 0015-Initialize-entries-before-we-pass-it-to-another-func.patch -Patch0016: 0016-Rewrite-directory-traversal-allocation-path-so-cover.patch -Patch0017: 0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch -Patch0018: 0018-fallback-For-HD-device-paths-use-just-the-media-node.patch -Patch0019: 0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch -Patch0020: 0020-Add-a-preliminary-test-plan.patch -Patch0021: 0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch -Patch0022: 0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch -Patch0023: 0023-additional-bounds-checking-on-section-sizes.patch -Patch0024: 0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch -Patch0025: 0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch -Patch0026: 0026-fallback-Avoid-duplicate-old-BootOrder.patch -Patch0027: 0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch -Patch0028: 0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch -Patch0029: 0029-Fetch-the-netboot-image-from-the-same-device.patch -Patch0030: 0030-Check-the-first-4-bytes-of-the-certificate.patch -Patch0031: 0031-Remove-grubpath-in-generate_path.patch -Patch0032: 0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch -Patch0033: 0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch -Patch0034: 0034-Exclude-ca.crt-while-signing-EFI-images.patch -Patch0035: 0035-No-newline-for-console_notify.patch -Patch0036: 0036-Remove-the-duplicate-calls-in-lib-console.c.patch -Patch0037: 0037-Silence-the-functions-of-shim-protocol.patch -Patch0038: 0038-Free-the-string-from-DevicePathToStr.patch -Patch0039: 0039-Explain-the-logic-in-secure_mode-better.patch -Patch0040: 0040-Check-the-secure-variables-with-the-lib-functions.patch -Patch0041: 0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch -Patch0042: 0042-Simplify-the-checking-of-SB-and-DB-states.patch -Patch0043: 0043-Update-openssl-to-0.9.8za.patch -Patch0044: 0044-Replace-build-instructions-in-README-with-something-.patch -Patch0045: 0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch -Patch0046: 0046-unhook_system_services-bail-on-systab-NULL.patch -Patch0047: 0047-Factor-out-x86-isms-and-add-cross-compile-support.patch -Patch0048: 0048-Add-support-for-64-bit-ARM-AArch64.patch -Patch0049: 0049-Add-support-for-32-bit-ARM.patch -Patch0050: 0050-Update-openssl-to-0.9.8zb.patch -Patch0051: 0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch -Patch0052: 0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch -Patch0053: 0053-Don-t-name-something-exit.patch -Patch0054: 0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch -Patch0055: 0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch -Patch0056: 0056-Make-64-on-32-maybe-work-on-x86_64.patch -Patch0057: 0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch -Patch0058: 0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch -Patch0059: 0059-Fix-our-in_protocol-printing.patch -Patch0060: 0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch -Patch0061: 0061-Do-the-same-for-ia32.patch -Patch0062: 0062-Make-list_keys-index-variables-all-be-signed.patch -Patch0063: 0063-Revert-header-changes.patch -Patch0064: 0064-Actually-find-the-relocations-correctly-and-process-.patch -Patch0065: 0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch -Patch0066: 0066-Fix-some-minor-testplan-errors.patch -Patch0067: 0067-Don-t-verify-images-with-the-empty-build-key.patch -Patch0068: 0068-Cryptlib-remove-the-unused-files.patch -Patch0069: 0069-Another-testplan-error.patch -Patch0070: 0070-shim-buffer-overflow-on-ipv6-option-parsing.patch -Patch0071: 0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch -Patch0072: 0072-Make-another-integer-compare-be-signed-unsigned-safe.patch -Patch0073: 0073-Use-Werror-sign-compare.patch -Patch0074: 0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch +Patch0001: 0001-Typo-on-aarch64.patch BuildRequires: git openssl-devel openssl BuildRequires: pesign >= 0.106-1 -BuildRequires: gnu-efi = 3.0u, gnu-efi-devel = 3.0u +BuildRequires: gnu-efi >= 1:3.0.2, gnu-efi-devel >= 1:3.0.2 # for xxd BuildRequires: vim-common -# for mokutil's configure -BuildRequires: autoconf automake - # Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not # compatible with SysV (there's no red zone under UEFI) and there isn't a # POSIX-style C library. @@ -110,7 +29,7 @@ Provides: bundled(openssl) = 0.9.8w # Shim is only required on platforms implementing the UEFI secure boot # protocol. The only one of those we currently wish to support is 64-bit x86. # Adding further platforms will require adding appropriate relocation code. -ExclusiveArch: x86_64 +ExclusiveArch: x86_64 aarch64 %ifarch x86_64 %global efiarch x64 @@ -120,12 +39,10 @@ ExclusiveArch: x86_64 %endif # Figure out the right file path to use -%if 0%{?rhel} -%global efidir redhat -%endif -%if 0%{?fedora} -%global efidir fedora -%endif +%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/')) + +%define debug_package %{nil} +%global __debug_package 1 %description Initial UEFI bootloader that handles chaining to a trusted full bootloader @@ -138,16 +55,24 @@ Summary: First-stage UEFI bootloader (unsigned data) Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. -%package -n mokutil -Summary: Utilities for managing Secure Boot/MoK keys. +%package -n shim-unsigned-%{efiarch}-debuginfo +Obsoletes: shim-debuginfo < 0.9 +Summary: Debug information for package %{name} +Group: Development/Debug +AutoReqProv: 0 +BuildArch: noarch -%description -n mokutil -Utilities for managing the "Machine's Own Keys" list. +%description -n shim-unsigned-%{efiarch}-debuginfo +This package provides debug information for package %{name}. +Debug information is useful when developing applications that use this +package or when debugging this package. %prep -%setup -q -%setup -q -a 2 -D -T - +%setup -n %{name}-%{version}-%{efiarch} -T -c +cd %{_builddir} +%{__tar} -xo -f %{SOURCE0} +mv %{name}-%{version} %{name}-%{version}-%{efiarch} +%setup -q -D -T -n %{name}-%{version}-%{efiarch}/%{name}-%{version} git init git config user.email "example@example.com" git config user.name "rpmbuild -bp" @@ -158,45 +83,67 @@ git config --unset user.email git config --unset user.name %build -MAKEFLAGS="" -%ifarch aarch64 -if [ -f "%{SOURCE4}" ]; then - MAKEFLAGS="VENDOR_CERT_FILE=%{SOURCE4}" -fi -%else -if [ -f "%{SOURCE1}" ]; then - MAKEFLAGS="VENDOR_CERT_FILE=%{SOURCE1}" -fi -%endif -# MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE3}" +MAKEFLAGS="VENDOR_CERT_FILE=%{SOURCE1}" +# MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}" +MAKEFLAGS="$MAKEFLAGS RELEASE=%{release}" make 'DEFAULT_LOADER=\\\\grub%{efiarch}.efi' ${MAKEFLAGS} shim.efi MokManager.efi fallback.efi -cd mokutil-%{mokutilver} -./autogen.sh -%configure -make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT pesign -h -P -i shim.efi -h > shim.hash -install -D -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/shim/ -install -m 0644 shim.efi $RPM_BUILD_ROOT%{_datadir}/shim/shim.efi -install -m 0644 shim.hash $RPM_BUILD_ROOT%{_datadir}/shim/shim.hash -install -m 0644 fallback.efi $RPM_BUILD_ROOT%{_datadir}/shim/fallback.efi -install -m 0644 MokManager.efi $RPM_BUILD_ROOT%{_datadir}/shim/MokManager.efi -cd mokutil-%{mokutilver} -make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install +install -D -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/shim/%{efiarch}-%{version}-%{release}/ +install -m 0644 shim.hash $RPM_BUILD_ROOT%{_datadir}/shim/%{efiarch}-%{version}-%{release}/shim.hash +for x in shim fallback MokManager ; do + install -m 0644 $x.efi $RPM_BUILD_ROOT%{_datadir}/shim/%{efiarch}-%{version}-%{release}/ + install -m 0644 $x.so $RPM_BUILD_ROOT%{_datadir}/shim/%{efiarch}-%{version}-%{release}/ +done + +%global __debug_install_post \ + bash %{SOURCE3} \\\ + %{?_missing_build_ids_terminate_build:--strict-build-id}\\\ + %{?_find_debuginfo_opts} "%{_builddir}/%{?buildsubdir}" \ + rm -f $RPM_BUILD_ROOT%{_datadir}/shim/%{efiarch}-%{version}-%{release}/*.so \ + %{nil} %files -n shim-unsigned -%doc %dir %{_datadir}/shim -%{_datadir}/shim/* +%dir %{_datadir}/shim/%{efiarch}-%{version}-%{release}/ +%{_datadir}/shim/%{efiarch}-%{version}-%{release}/*.efi +%{_datadir}/shim/%{efiarch}-%{version}-%{release}/*.hash -%files -n mokutil -/usr/bin/mokutil -/usr/share/man/man1/mokutil.1.gz +%files -n shim-unsigned-%{efiarch}-debuginfo -f debugfiles.list +%defattr(-,root,root) %changelog +* Mon Jun 22 2015 Peter Jones - 0.9-1 +- Update to 0.9-1 +- Fix early call to BS->Exit() + Resolves: rhbz#1115843 +- Implement shim on aarch64 + Resolves: rhbz#1100048 + Resolves: rhbz#1190191 + +* Mon Jun 22 2015 Peter Jones - 0.7-14 +- Excise mokutil. + Related: rhbz#1100048 + +* Mon Jun 22 2015 Peter Jones - 0.7-13 +- Do a build for Aarch64 to make the tree composable. + Related: rhbz#1100048 + +* Wed Feb 25 2015 Peter Jones - 0.7-10 +- Fix a couple more minor bugs aavmf has found in fallback. + Related: rhbz#1190191 +- Build lib/ with the right CFLAGS + Related: rhbz#1190191 + +* Tue Feb 24 2015 Peter Jones - 0.7-9 +- Fix aarch64 section loading. + Related: rhbz#1190191 + * Tue Sep 30 2014 Peter Jones - 0.7-8 +- Build -8 for arm as well. + Related: rhbz#1100048 - out-of-bounds memory read flaw in DHCPv6 packet processing Resolves: CVE-2014-3675 - heap-based buffer overflow flaw in IPv6 address parsing