From e97c8333a9cd000eb0adfb33dba7ba87d238802b Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 04 2014 17:36:38 +0000 Subject: import shim-0.7-8.el7_0 --- diff --git a/.gitignore b/.gitignore index 396c314..b1df45d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/0.7.tar.gz SOURCES/mokutil-0.2.0.tar.gz +SOURCES/shim-0.7.tar.bz2 diff --git a/.shim.metadata b/.shim.metadata index 468540d..e5cb147 100644 --- a/.shim.metadata +++ b/.shim.metadata @@ -1,2 +1,2 @@ -7686b4eb198c0efb70dae703dc8d71885d462ab0 SOURCES/0.7.tar.gz ef680b489eb689a390ed2e1470eaaf2682ad5072 SOURCES/mokutil-0.2.0.tar.gz +90d69f28accc9319a2e08fc23df76a8f117fb668 SOURCES/shim-0.7.tar.bz2 diff --git a/SOURCES/0001-Actually-reflect-the-upstream-commit-this-patchset-g.patch b/SOURCES/0001-Actually-reflect-the-upstream-commit-this-patchset-g.patch deleted file mode 100644 index 807a104..0000000 --- a/SOURCES/0001-Actually-reflect-the-upstream-commit-this-patchset-g.patch +++ /dev/null @@ -1,37 +0,0 @@ -From af3293e11528d991090b34a564c4d2e5de416e79 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 18 Feb 2014 15:19:07 -0500 -Subject: [PATCH] Actually reflect the upstream commit this patchset gets us - to. - -Signed-off-by: Peter Jones ---- - Makefile | 2 +- - commit | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) - create mode 100644 commit - -diff --git a/Makefile b/Makefile -index e65d28d..c3ce4be 100644 ---- a/Makefile -+++ b/Makefile -@@ -67,7 +67,7 @@ shim_cert.h: shim.cer - version.c : version.c.in - sed -e "s,@@VERSION@@,$(VERSION)," \ - -e "s,@@UNAME@@,$(shell uname -a)," \ -- -e "s,@@COMMIT@@,$(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)," \ -+ -e "s,@@COMMIT@@,$(shell if [ -f commit ]; then cat commit ; else echo commit id not available; fi)," \ - < version.c.in > version.c - - certdb/secmod.db: shim.crt -diff --git a/commit b/commit -new file mode 100644 -index 0000000..c52fa12 ---- /dev/null -+++ b/commit -@@ -0,0 +1 @@ -+06495f692fa748a553ffbde8bfae2974d8c791c0 -\ No newline at end of file --- -1.8.5.3 - diff --git a/SOURCES/0001-Add-a-preliminary-test-plan.patch b/SOURCES/0001-Add-a-preliminary-test-plan.patch deleted file mode 100644 index 89a7995..0000000 --- a/SOURCES/0001-Add-a-preliminary-test-plan.patch +++ /dev/null @@ -1,104 +0,0 @@ -From ac356a0e7723662d0a83ca3991088ce346495772 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 14 Feb 2014 14:06:45 -0500 -Subject: [PATCH 1/3] Add a preliminary test plan. - -Because you know you wanted a test plan. You feel it deeply inside. - -Note that none of the /negative/ cases are tested yet. - -Signed-off-by: Peter Jones ---- - testplan.txt | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 80 insertions(+) - create mode 100644 testplan.txt - -diff --git a/testplan.txt b/testplan.txt -new file mode 100644 -index 0000000..118dfcd ---- /dev/null -+++ b/testplan.txt -@@ -0,0 +1,80 @@ -+How to test a new shim build for RHEL/fedora: -+ -+1) build pesign-test-app, and sign it with the appropriate key -+2) build shim with the appropriate key built in -+3) install pesign-test-app and shim-unsigned on the test machine -+4) make a lockdown.efi for "Red Hat Test Certificate" and put it in \EFI\test -+ mkdir /boot/efi/EFI/test/ -+ wget http://pjones.fedorapeople.org/shim/LockDown-rhtest.efi -+ mv LockDown-rhtest.efi /boot/efi/EFI/test/lockdown.efi -+5) sign shim with RHTC and put it in \EFI\test: -+ pesign -i /usr/share/shim/shim.efi -o /boot/efi/EFI/test/shim.efi \ -+ -s -c "Red Hat Test Certificate" -+6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi -+ cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \ -+ /boot/efi/EFI/test/test.efi -+7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\: -+ pesign -i /boot/efi/EFI/redhat/grubx64.efi -o grubx64-unsigned.efi \ -+ -r -u 0 -+ pesign -i grubx64-unsigned.efi -o /boot/efi/EFI/test/grub.efi \ -+ -s -c "Red Hat Test Certificate" -+8) sign a copy of mokmanager with RHTC and put it in \EFI\test: -+ pesign -i /usr/share/shim/MokManager.efi \ -+ -o /boot/efi/EFI/test/MokManager.efi -s \ -+ -c "Red Hat Test Certificate" -+9) copy grub.cfg to our test directory: -+ cp /boot/efi/EFI/redhat/grub.cfg /boot/efi/EFI/test/grub.cfg -+10) *move* \EFI\redhat\BOOT.CSV to \EFI\test -+ mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV -+11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi -+ rm -rf /boot/efi/EFI/BOOT/ -+ mkdir /boot/efi/EFI/BOOT/ -+ pesign -i /usr/share/shim/fallback.efi \ -+ -o /boot/efi/EFI/BOOT/fallback.efi \ -+ -s -c "Red Hat Test Certificate" -+12) put shim.efi there as well -+ cp /boot/efi/EFI/test/shim.efi /boot/efi/EFI/BOOT/BOOTX64.EFI -+13) enroll the current kernel's certificate with mokutil: -+ mokutil --import ~/redhatsecurebootca2.cer -+14) put machine in setup mode -+15) boot to the UEFI shell -+16) run lockdown.efi from #4: -+ fs0:\EFI\test\lockdown.efi -+17) enable secure boot verification -+18) verify it can't run other binaries: -+ fs0:\EFI\redhat\grubx64.efi -+ result should be an error, probably similar to: -+ "fs0:\...\grubx64.efi is not recognized as an internal or external command" -+19) copy test.efi to grubx64.efi: -+ cp \EFI\test\test.efi \EFI\test\grubx64.efi -+20) in the EFI shell, run fs0:\EFI\test\shim.efi -+21) you should see MokManager. Enroll the certificate you added in #13, and -+ the system will reboot. -+22) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi -+ result: "This is a test application that should be completely safe." -+ If you get the expected result, shim can run things signed by its internal -+ key ring. Check a box someplace that says it can do that. -+23) from the EFI shell, copy grub to grubx64.efi: -+ cp \EFI\test\grubx.efi \EFI\test\grubx64.efi -+24) in the EFI shell, run fs0:\EFI\test\shim.efi -+ result: this should start grub, which will let you boot a kernel -+ If grub starts, it means shim can run things signed by a key in the system's -+ db. Check a box someplace that says it can do that. -+ If the kernel boots, it means shim can run things from Mok. Check a box -+ someplace that says it can do that. -+25) remove all boot entries and the BootOrder variable: -+ [root@uefi ~]# cd /sys/firmware/efi/efivars/ -+ [root@uefi efivars]# rm -vf Boot[0123456789]* BootOrder-* -+ removed ‘Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c’ -+ removed ‘Boot0001-8be4df61-93ca-11d2-aa0d-00e098032b8c’ -+ removed ‘Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c’ -+ removed ‘Boot2001-8be4df61-93ca-11d2-aa0d-00e098032b8c’ -+ removed ‘BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c’ -+ [root@uefi efivars]# -+27) reboot -+28) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just -+ have an old machine. In that case, go to the EFI shell and run: -+ fs0:\EFI\BOOT\BOOTX64.EFI -+ If this works, you should see a bit of output very quickly and then the same -+ thing as #24. This means shim recognized it was in \EFI\BOOT and ran -+ fallback.efi, which worked. --- -1.8.5.3 - diff --git a/SOURCES/0001-fix-verify_mok.patch b/SOURCES/0001-fix-verify_mok.patch index cd4e642..100115b 100644 --- a/SOURCES/0001-fix-verify_mok.patch +++ b/SOURCES/0001-fix-verify_mok.patch @@ -1,7 +1,7 @@ From 11495d4019d44dce1487939f91f7d751ffbb9730 Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Mon, 15 Apr 2013 14:11:17 -0700 -Subject: [PATCH 01/19] fix verify_mok() +Subject: [PATCH 01/74] fix verify_mok() () Fix the return value semantics. If the MokList doesn't exist, we are OK. If the MokList was compromised but we @@ -50,5 +50,5 @@ index 23dd0ee..dcb36d0 100644 /* * Ensure that the binary isn't blacklisted -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0002-Fix-a-part-of-the-test-plan-that-was-out-of-order.patch b/SOURCES/0002-Fix-a-part-of-the-test-plan-that-was-out-of-order.patch deleted file mode 100644 index 8213cb6..0000000 --- a/SOURCES/0002-Fix-a-part-of-the-test-plan-that-was-out-of-order.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 9e8d5151979040c331f45b9d2cd443a59ca297e4 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 14 Feb 2014 14:44:31 -0500 -Subject: [PATCH 2/4] Fix a part of the test plan that was out of order. - -Signed-off-by: Peter Jones ---- - testplan.txt | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/testplan.txt b/testplan.txt -index 118dfcd..96aa364 100644 ---- a/testplan.txt -+++ b/testplan.txt -@@ -25,10 +25,10 @@ How to test a new shim build for RHEL/fedora: - 9) copy grub.cfg to our test directory: - cp /boot/efi/EFI/redhat/grub.cfg /boot/efi/EFI/test/grub.cfg - 10) *move* \EFI\redhat\BOOT.CSV to \EFI\test -- mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV --11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi - rm -rf /boot/efi/EFI/BOOT/ - mkdir /boot/efi/EFI/BOOT/ -+ mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV -+11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi - pesign -i /usr/share/shim/fallback.efi \ - -o /boot/efi/EFI/BOOT/fallback.efi \ - -s -c "Red Hat Test Certificate" -@@ -55,7 +55,7 @@ How to test a new shim build for RHEL/fedora: - If you get the expected result, shim can run things signed by its internal - key ring. Check a box someplace that says it can do that. - 23) from the EFI shell, copy grub to grubx64.efi: -- cp \EFI\test\grubx.efi \EFI\test\grubx64.efi -+ cp \EFI\test\grub.efi \EFI\test\grubx64.efi - 24) in the EFI shell, run fs0:\EFI\test\shim.efi - result: this should start grub, which will let you boot a kernel - If grub starts, it means shim can run things signed by a key in the system's --- -1.8.5.3 - diff --git a/SOURCES/0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch b/SOURCES/0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch index 8f6d38c..e97a0a2 100644 --- a/SOURCES/0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch +++ b/SOURCES/0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch @@ -1,7 +1,7 @@ From 8e9d3af7b108cc76ce18017b3f58ad4b2e60989f Mon Sep 17 00:00:00 2001 From: Mohanraj S Date: Tue, 27 Aug 2013 09:27:00 -0700 -Subject: [PATCH 02/19] shim.c: Add support for hashing/relocation of 32-bit +Subject: [PATCH 02/74] shim.c: Add support for hashing/relocation of 32-bit binaries Change-Id: Ib93305f7f1691d1b142567507df1058de62dde06 @@ -171,5 +171,5 @@ index dcb36d0..a043779 100644 if (context->ImageSize < context->SizeOfHeaders) { Print(L"Invalid image\n"); -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0003-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch b/SOURCES/0003-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch deleted file mode 100644 index 7ac76f0..0000000 --- a/SOURCES/0003-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch +++ /dev/null @@ -1,249 +0,0 @@ -From 06495f692fa748a553ffbde8bfae2974d8c791c0 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 14 Feb 2014 15:38:25 -0500 -Subject: [PATCH 3/3] Allow fallback to use the system's LoadImage/StartImage . - -Track use of the system's LoadImage(), and when the next StartImage() -call is for an image the system verified, allow that to count as -participating, since it has been verified by the system's db. - -Signed-off-by: Peter Jones ---- - replacements.c | 68 +++++++++++++++++++++++++++++++++++++++++++++- - replacements.h | 3 +++ - shim.c | 85 +++++++++++++++++++++++++++++++++++----------------------- - 3 files changed, 121 insertions(+), 35 deletions(-) - -diff --git a/replacements.c b/replacements.c -index 5ea5c32..48dc437 100644 ---- a/replacements.c -+++ b/replacements.c -@@ -60,26 +60,82 @@ - - static EFI_SYSTEM_TABLE *systab; - -+static typeof(systab->BootServices->LoadImage) system_load_image; - static typeof(systab->BootServices->StartImage) system_start_image; - static typeof(systab->BootServices->Exit) system_exit; - static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services; - -+static EFI_HANDLE last_loaded_image; -+ - void - unhook_system_services(void) - { - systab->BootServices->Exit = system_exit; -+ systab->BootServices->LoadImage = system_load_image; - systab->BootServices->StartImage = system_start_image; - systab->BootServices->ExitBootServices = system_exit_boot_services; - } - - static EFI_STATUS EFIAPI -+load_image(BOOLEAN BootPolicy, EFI_HANDLE ParentImageHandle, -+ EFI_DEVICE_PATH *DevicePath, VOID *SourceBuffer, -+ UINTN SourceSize, EFI_HANDLE *ImageHandle) -+{ -+ EFI_STATUS status; -+ unhook_system_services(); -+ -+ status = systab->BootServices->LoadImage(BootPolicy, -+ ParentImageHandle, DevicePath, -+ SourceBuffer, SourceSize, ImageHandle); -+ hook_system_services(systab); -+ if (EFI_ERROR(status)) -+ last_loaded_image = NULL; -+ else -+ last_loaded_image = *ImageHandle; -+ return status; -+} -+ -+static EFI_STATUS EFIAPI - start_image(EFI_HANDLE image_handle, UINTN *exit_data_size, CHAR16 **exit_data) - { - EFI_STATUS status; - unhook_system_services(); -+ -+ /* We have to uninstall shim's protocol here, because if we're -+ * On the fallback.efi path, then our call pathway is: -+ * -+ * shim->fallback->shim->grub -+ * ^ ^ ^ -+ * | | \- gets protocol #0 -+ * | \- installs its protocol (#1) -+ * \- installs its protocol (#0) -+ * and if we haven't removed this, then grub will get the *first* -+ * shim's protocol, but it'll get the second shim's systab -+ * replacements. So even though it will participate and verify -+ * the kernel, the systab never finds out. -+ */ -+ if (image_handle == last_loaded_image) { -+ loader_is_participating = 1; -+ uninstall_shim_protocols(); -+ } - status = systab->BootServices->StartImage(image_handle, exit_data_size, exit_data); -- if (EFI_ERROR(status)) -+ if (EFI_ERROR(status)) { -+ if (image_handle == last_loaded_image) { -+ EFI_STATUS status2 = install_shim_protocols(); -+ -+ if (EFI_ERROR(status2)) { -+ Print(L"Something has gone seriously wrong: %d\n", -+ status2); -+ Print(L"shim cannot continue, sorry.\n"); -+ systab->BootServices->Stall(5000000); -+ systab->RuntimeServices->ResetSystem( -+ EfiResetShutdown, -+ EFI_SECURITY_VIOLATION, 0, NULL); -+ } -+ } - hook_system_services(systab); -+ loader_is_participating = 0; -+ } - return status; - } - -@@ -123,6 +179,16 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab) - - /* We need to hook various calls to make this work... */ - -+ /* We need LoadImage() hooked so that fallback.c can load shim -+ * without having to fake LoadImage as well. This allows it -+ * to call the system LoadImage(), and have us track the output -+ * and mark loader_is_participating in start_image. This means -+ * anything added by fallback has to be verified by the system db, -+ * which we want to preserve anyway, since that's all launching -+ * through BDS gives us. */ -+ system_load_image = systab->BootServices->LoadImage; -+ systab->BootServices->LoadImage = load_image; -+ - /* we need StartImage() so that we can allow chain booting to an - * image trusted by the firmware */ - system_start_image = systab->BootServices->StartImage; -diff --git a/replacements.h b/replacements.h -index 5b57bc2..bd09424 100644 ---- a/replacements.h -+++ b/replacements.h -@@ -41,4 +41,7 @@ extern int loader_is_participating; - extern void hook_system_services(EFI_SYSTEM_TABLE *local_systab); - extern void unhook_system_services(void); - -+extern EFI_STATUS install_shim_protocols(void); -+extern void uninstall_shim_protocols(void); -+ - #endif /* SHIM_REPLACEMENTS_H */ -diff --git a/shim.c b/shim.c -index cf93d65..0e18d38 100644 ---- a/shim.c -+++ b/shim.c -@@ -1707,11 +1707,56 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) - return EFI_SUCCESS; - } - --EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) -+static SHIM_LOCK shim_lock_interface; -+static EFI_HANDLE shim_lock_handle; -+ -+EFI_STATUS -+install_shim_protocols(void) -+{ -+ EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; -+ EFI_STATUS efi_status; -+ /* -+ * Install the protocol -+ */ -+ efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4, -+ &shim_lock_handle, &shim_lock_guid, -+ EFI_NATIVE_INTERFACE, &shim_lock_interface); -+ if (EFI_ERROR(efi_status)) { -+ console_error(L"Could not install security protocol", -+ efi_status); -+ return efi_status; -+ } -+ -+#if defined(OVERRIDE_SECURITY_POLICY) -+ /* -+ * Install the security protocol hook -+ */ -+ security_policy_install(shim_verify); -+#endif -+ -+ return EFI_SUCCESS; -+} -+ -+void -+uninstall_shim_protocols(void) - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; -- static SHIM_LOCK shim_lock_interface; -- EFI_HANDLE handle = NULL; -+#if defined(OVERRIDE_SECURITY_POLICY) -+ /* -+ * Clean up the security protocol hook -+ */ -+ security_policy_uninstall(); -+#endif -+ -+ /* -+ * If we're back here then clean everything up before exiting -+ */ -+ uefi_call_wrapper(BS->UninstallProtocolInterface, 3, shim_lock_handle, -+ &shim_lock_guid, &shim_lock_interface); -+} -+ -+EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) -+{ - EFI_STATUS efi_status; - - verification_method = VERIFIED_BY_NOTHING; -@@ -1768,24 +1813,9 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) - } - } - -- /* -- * Install the protocol -- */ -- efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4, -- &handle, &shim_lock_guid, EFI_NATIVE_INTERFACE, -- &shim_lock_interface); -- if (EFI_ERROR(efi_status)) { -- console_error(L"Could not install security protocol", -- efi_status); -+ efi_status = install_shim_protocols(); -+ if (EFI_ERROR(efi_status)) - return efi_status; -- } -- --#if defined(OVERRIDE_SECURITY_POLICY) -- /* -- * Install the security protocol hook -- */ -- security_policy_install(shim_verify); --#endif - - /* - * Enter MokManager if necessary -@@ -1810,20 +1840,7 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) - - efi_status = init_grub(image_handle); - --#if defined(OVERRIDE_SECURITY_POLICY) -- /* -- * Clean up the security protocol hook -- */ -- security_policy_uninstall(); --#endif -- -- /* -- * If we're back here then clean everything up before exiting -- */ -- uefi_call_wrapper(BS->UninstallProtocolInterface, 3, handle, -- &shim_lock_guid, &shim_lock_interface); -- -- -+ uninstall_shim_protocols(); - /* - * Remove our hooks from system services. - */ --- -1.8.5.3 - diff --git a/SOURCES/0003-netboot.h-fix-build-error-on-32-bit-systems.patch b/SOURCES/0003-netboot.h-fix-build-error-on-32-bit-systems.patch index abd8da7..8d85654 100644 --- a/SOURCES/0003-netboot.h-fix-build-error-on-32-bit-systems.patch +++ b/SOURCES/0003-netboot.h-fix-build-error-on-32-bit-systems.patch @@ -1,7 +1,7 @@ From 434e854202236ec5809dbb96589fc34313dbff9e Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Thu, 31 Oct 2013 13:56:56 -0700 -Subject: [PATCH 03/19] netboot.h: fix build error on 32-bit systems +Subject: [PATCH 03/74] netboot.h: fix build error on 32-bit systems Function prototype/implementation mismatch. @@ -23,5 +23,5 @@ index 2cdb421..6417373 100644 +extern EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINT64 *bufsiz); #endif -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0004-properly-compile-OpenSSL-in-32-bit-mode.patch b/SOURCES/0004-properly-compile-OpenSSL-in-32-bit-mode.patch index d528ecb..f9b2147 100644 --- a/SOURCES/0004-properly-compile-OpenSSL-in-32-bit-mode.patch +++ b/SOURCES/0004-properly-compile-OpenSSL-in-32-bit-mode.patch @@ -1,7 +1,7 @@ From c5ed2dfa5d9c2d5de33db290ae8cc237342dbc4c Mon Sep 17 00:00:00 2001 From: Andrey Petrov Date: Mon, 11 Nov 2013 13:46:42 -0800 -Subject: [PATCH 04/19] properly compile OpenSSL in 32-bit mode +Subject: [PATCH 04/74] properly compile OpenSSL in 32-bit mode Change-Id: Iff3ee5ae0f0b95b282b99a23e465723b4e9f6104 Signed-off-by: Andrey Petrov @@ -30,5 +30,5 @@ index c93d5af..3d5a87c 100644 LDFLAGS = -nostdlib -znocombreloc -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0005-fallback.c-fix-32-bit-compilation.patch b/SOURCES/0005-fallback.c-fix-32-bit-compilation.patch index 1d89b3c..6380173 100644 --- a/SOURCES/0005-fallback.c-fix-32-bit-compilation.patch +++ b/SOURCES/0005-fallback.c-fix-32-bit-compilation.patch @@ -1,7 +1,7 @@ From d74ab697f7f20418eeb09f0291cc480d43241dea Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Mon, 11 Nov 2013 16:12:23 -0800 -Subject: [PATCH 05/19] fallback.c: fix 32-bit compilation +Subject: [PATCH 05/74] fallback.c: fix 32-bit compilation fh->Read expects pointer to 32-bit int, use UINTN @@ -34,5 +34,5 @@ index 82ddbf2..c875144 100644 rc = get_file_size(fh2, &len); if (EFI_ERROR(rc)) { -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0006-fix-fallback.so-build-dependency.patch b/SOURCES/0006-fix-fallback.so-build-dependency.patch index 883bc85..b03f3e8 100644 --- a/SOURCES/0006-fix-fallback.so-build-dependency.patch +++ b/SOURCES/0006-fix-fallback.so-build-dependency.patch @@ -1,7 +1,7 @@ From 06e15d762966d4224f7e54480b9213c4dcf1fe35 Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Mon, 11 Nov 2013 16:14:22 -0800 -Subject: [PATCH 06/19] fix fallback.so build dependency +Subject: [PATCH 06/74] fix fallback.so build dependency Exposed during parallel builds @@ -25,5 +25,5 @@ index a22c6b3..2eab862 100644 MokManager.o: $(MOK_SOURCES) -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0007-propagate-some-path-variables.patch b/SOURCES/0007-propagate-some-path-variables.patch index 83dcdb4..640d021 100644 --- a/SOURCES/0007-propagate-some-path-variables.patch +++ b/SOURCES/0007-propagate-some-path-variables.patch @@ -1,7 +1,7 @@ From 476d376ed08e1431bf7e20bf47ea3fc6c36dd168 Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Mon, 11 Nov 2013 16:15:39 -0800 -Subject: [PATCH 07/19] propagate some path variables +Subject: [PATCH 07/74] propagate some path variables If these are overridden on the command line, pass them along to the sub-makes. @@ -34,5 +34,5 @@ index 2eab862..d619ff4 100644 %.efi: %.so objcopy -j .text -j .sdata -j .data \ -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0008-allow-32-bit-compilation-with-64-bit-compiler.patch b/SOURCES/0008-allow-32-bit-compilation-with-64-bit-compiler.patch index 291c16b..5305778 100644 --- a/SOURCES/0008-allow-32-bit-compilation-with-64-bit-compiler.patch +++ b/SOURCES/0008-allow-32-bit-compilation-with-64-bit-compiler.patch @@ -1,7 +1,7 @@ From 9712a7e77dc12f7569858b81d620d85301f50ede Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Mon, 11 Nov 2013 16:17:20 -0800 -Subject: [PATCH 08/19] allow 32-bit compilation with 64-bit compiler +Subject: [PATCH 08/74] allow 32-bit compilation with 64-bit compiler Also removed unused LIB_PATH from some Makefiles. @@ -86,5 +86,5 @@ index adb0347..a9c9cf6 100644 lib.a: $(LIBFILES) ar rcs lib.a $(LIBFILES) -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0009-shim-improve-error-messages.patch b/SOURCES/0009-shim-improve-error-messages.patch index 81ab3fd..e18d66f 100644 --- a/SOURCES/0009-shim-improve-error-messages.patch +++ b/SOURCES/0009-shim-improve-error-messages.patch @@ -1,7 +1,7 @@ From 2f09d0ab290d9b0d8aa14c3243f1d85a20bc34e6 Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Mon, 11 Nov 2013 17:29:06 -0800 -Subject: [PATCH 09/19] shim: improve error messages +Subject: [PATCH 09/74] shim: improve error messages %r when used in Print() will show a string representation of an EFI_STATUS code. @@ -182,5 +182,5 @@ index a043779..9ae1936 100644 } -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0010-Clarify-meaning-of-insecure_mode.patch b/SOURCES/0010-Clarify-meaning-of-insecure_mode.patch index 71146ef..4807572 100644 --- a/SOURCES/0010-Clarify-meaning-of-insecure_mode.patch +++ b/SOURCES/0010-Clarify-meaning-of-insecure_mode.patch @@ -1,7 +1,7 @@ From d95b24bd02cf41cca9adebd95f10609d6424d2b3 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 19 Nov 2013 10:09:13 -0500 -Subject: [PATCH 10/19] Clarify meaning of insecure_mode +Subject: [PATCH 10/74] Clarify meaning of insecure_mode insecure_mode was intended to indicate that the user had explicity disabled checks with mokutil, which means it wasn't the opposite of secure_mode(). @@ -95,5 +95,5 @@ index 9ae1936..524f5fc 100644 * Install our hooks for ExitBootServices() and StartImage() */ -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch b/SOURCES/0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch index c07d207..11b612d 100644 --- a/SOURCES/0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch +++ b/SOURCES/0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch @@ -1,7 +1,7 @@ From 8b48ec5c70cd97d37f48581a4eab8139c1a95a1f Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 19 Nov 2013 10:15:55 -0500 -Subject: [PATCH 11/19] Don't hook system services if shim has no built-in keys +Subject: [PATCH 11/74] Don't hook system services if shim has no built-in keys Shim should only need to enforce its security policy when its launching binaries signed with its built-in key. Binaries signed by keys in db or @@ -38,5 +38,5 @@ index 524f5fc..cf93d65 100644 /* -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0012-Fix-path-generation-for-Dhcpv4-bootloader.patch b/SOURCES/0012-Fix-path-generation-for-Dhcpv4-bootloader.patch index 9591b28..9a19d58 100644 --- a/SOURCES/0012-Fix-path-generation-for-Dhcpv4-bootloader.patch +++ b/SOURCES/0012-Fix-path-generation-for-Dhcpv4-bootloader.patch @@ -1,7 +1,7 @@ From e62b69a5b0b87c6df7a4fc23906134945309e927 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 20 Nov 2013 12:20:23 -0500 -Subject: [PATCH 12/19] Fix path generation for Dhcpv4 bootloader. +Subject: [PATCH 12/74] Fix path generation for Dhcpv4 bootloader. Right now we always look for e.g. "\grubx64.efi", which is completely wrong. This makes it look for the path shim was loaded from and modify @@ -120,5 +120,5 @@ index a83c82a..1732dc7 100644 } -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch b/SOURCES/0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch index c057508..ba79424 100644 --- a/SOURCES/0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch +++ b/SOURCES/0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch @@ -1,7 +1,7 @@ From 27129a5a05d1947e6f7479766e8281d50d6031f6 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 21 Nov 2013 11:26:08 -0500 -Subject: [PATCH 13/19] Lengths that might be -1 can't be unsigned, Peter. +Subject: [PATCH 13/74] Lengths that might be -1 can't be unsigned, Peter. Signed-off-by: Peter Jones --- @@ -36,5 +36,5 @@ index 1732dc7..07e2773 100644 memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4); -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0014-Fix-wrong-sizeof.patch b/SOURCES/0014-Fix-wrong-sizeof.patch index e548615..cc8bd29 100644 --- a/SOURCES/0014-Fix-wrong-sizeof.patch +++ b/SOURCES/0014-Fix-wrong-sizeof.patch @@ -1,7 +1,7 @@ From af25679e166da9bd32a0ed7fbf67a408dda7f71a Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 15 Nov 2013 09:21:53 -0500 -Subject: [PATCH 14/19] Fix wrong sizeof(). +Subject: [PATCH 14/74] Fix wrong sizeof(). CHAR16* vs CHAR16**, so the result is the same on all platforms. @@ -26,5 +26,5 @@ index 51de4e0..7337834 100644 return EFI_OUT_OF_RESOURCES; } -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0015-Initialize-entries-before-we-pass-it-to-another-func.patch b/SOURCES/0015-Initialize-entries-before-we-pass-it-to-another-func.patch index 855c7a0..0249be8 100644 --- a/SOURCES/0015-Initialize-entries-before-we-pass-it-to-another-func.patch +++ b/SOURCES/0015-Initialize-entries-before-we-pass-it-to-another-func.patch @@ -1,7 +1,7 @@ From 4dbef508ab6359e8ca14df53b83f970bdeec17ba Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 15 Nov 2013 09:24:01 -0500 -Subject: [PATCH 15/19] Initialize entries before we pass it to another +Subject: [PATCH 15/74] Initialize entries before we pass it to another function. Coverity scan noticed that entries is uninitialized when we pass its @@ -26,5 +26,5 @@ index 3af0ec8..d345d87 100644 int count, select, len; CHAR16 *newname, *selected; -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0016-Rewrite-directory-traversal-allocation-path-so-cover.patch b/SOURCES/0016-Rewrite-directory-traversal-allocation-path-so-cover.patch index bce4434..c373474 100644 --- a/SOURCES/0016-Rewrite-directory-traversal-allocation-path-so-cover.patch +++ b/SOURCES/0016-Rewrite-directory-traversal-allocation-path-so-cover.patch @@ -1,7 +1,7 @@ From 3a7feeff6cdb3b96a1ef2ccff8c150e2324d50a9 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 15 Nov 2013 09:38:41 -0500 -Subject: [PATCH 16/19] Rewrite directory traversal allocation path so coverity +Subject: [PATCH 16/74] Rewrite directory traversal allocation path so coverity can grok it. The things we do for our tools. In this case, make the AllocatePool() @@ -59,5 +59,5 @@ index c875144..ba864ee 100644 break; -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch b/SOURCES/0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch index c76d442..4e6ca54 100644 --- a/SOURCES/0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch +++ b/SOURCES/0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch @@ -1,7 +1,7 @@ From 293f28d1fe3921c5348c60948b4dedcef5042d5b Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 15 Nov 2013 10:55:37 -0500 -Subject: [PATCH 17/19] Error check the right thing in get_variable_attr() when +Subject: [PATCH 17/74] Error check the right thing in get_variable_attr() when allocating. Signed-off-by: Peter Jones @@ -23,5 +23,5 @@ index 81bd34d..3a9735e 100644 efi_status = uefi_call_wrapper(RT->GetVariable, 5, var, &owner, -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0018-fallback-For-HD-device-paths-use-just-the-media-node.patch b/SOURCES/0018-fallback-For-HD-device-paths-use-just-the-media-node.patch index 2d3ba26..dd329ba 100644 --- a/SOURCES/0018-fallback-For-HD-device-paths-use-just-the-media-node.patch +++ b/SOURCES/0018-fallback-For-HD-device-paths-use-just-the-media-node.patch @@ -1,7 +1,7 @@ From dfd6c73a212f8cf6b32ce74807de9a08a87f0b79 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 31 Jan 2014 10:30:24 -0500 -Subject: [PATCH 18/19] [fallback] For HD() device paths, use just the media +Subject: [PATCH 18/74] [fallback] For HD() device paths, use just the media node and later. UEFI 2.x section 3.1.2 provides for "short-form device path", where the @@ -215,5 +215,5 @@ index ba864ee..a12bb74 100644 return rc; } -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch b/SOURCES/0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch index 86ab395..6828caf 100644 --- a/SOURCES/0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch +++ b/SOURCES/0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch @@ -1,7 +1,7 @@ From 894a2738d6c843a7b51245fb92bb2f835901e613 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 31 Jan 2014 10:31:10 -0500 -Subject: [PATCH 19/19] [fallback] Attempt to re-use existing entries when +Subject: [PATCH 19/74] [fallback] Attempt to re-use existing entries when possible. Some firmwares seem to ignore our boot entries and put their fallback @@ -143,5 +143,5 @@ index a12bb74..44638ec 100644 if (EFI_ERROR(rc)) { Print(L"Error: could not find boot options: %d\n", rc); -- -1.8.5.3 +1.9.3 diff --git a/SOURCES/0020-Add-a-preliminary-test-plan.patch b/SOURCES/0020-Add-a-preliminary-test-plan.patch new file mode 100644 index 0000000..b1c5da4 --- /dev/null +++ b/SOURCES/0020-Add-a-preliminary-test-plan.patch @@ -0,0 +1,104 @@ +From ac356a0e7723662d0a83ca3991088ce346495772 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 14 Feb 2014 14:06:45 -0500 +Subject: [PATCH 20/74] Add a preliminary test plan. + +Because you know you wanted a test plan. You feel it deeply inside. + +Note that none of the /negative/ cases are tested yet. + +Signed-off-by: Peter Jones +--- + testplan.txt | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 80 insertions(+) + create mode 100644 testplan.txt + +diff --git a/testplan.txt b/testplan.txt +new file mode 100644 +index 0000000..118dfcd +--- /dev/null ++++ b/testplan.txt +@@ -0,0 +1,80 @@ ++How to test a new shim build for RHEL/fedora: ++ ++1) build pesign-test-app, and sign it with the appropriate key ++2) build shim with the appropriate key built in ++3) install pesign-test-app and shim-unsigned on the test machine ++4) make a lockdown.efi for "Red Hat Test Certificate" and put it in \EFI\test ++ mkdir /boot/efi/EFI/test/ ++ wget http://pjones.fedorapeople.org/shim/LockDown-rhtest.efi ++ mv LockDown-rhtest.efi /boot/efi/EFI/test/lockdown.efi ++5) sign shim with RHTC and put it in \EFI\test: ++ pesign -i /usr/share/shim/shim.efi -o /boot/efi/EFI/test/shim.efi \ ++ -s -c "Red Hat Test Certificate" ++6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi ++ cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \ ++ /boot/efi/EFI/test/test.efi ++7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\: ++ pesign -i /boot/efi/EFI/redhat/grubx64.efi -o grubx64-unsigned.efi \ ++ -r -u 0 ++ pesign -i grubx64-unsigned.efi -o /boot/efi/EFI/test/grub.efi \ ++ -s -c "Red Hat Test Certificate" ++8) sign a copy of mokmanager with RHTC and put it in \EFI\test: ++ pesign -i /usr/share/shim/MokManager.efi \ ++ -o /boot/efi/EFI/test/MokManager.efi -s \ ++ -c "Red Hat Test Certificate" ++9) copy grub.cfg to our test directory: ++ cp /boot/efi/EFI/redhat/grub.cfg /boot/efi/EFI/test/grub.cfg ++10) *move* \EFI\redhat\BOOT.CSV to \EFI\test ++ mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV ++11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi ++ rm -rf /boot/efi/EFI/BOOT/ ++ mkdir /boot/efi/EFI/BOOT/ ++ pesign -i /usr/share/shim/fallback.efi \ ++ -o /boot/efi/EFI/BOOT/fallback.efi \ ++ -s -c "Red Hat Test Certificate" ++12) put shim.efi there as well ++ cp /boot/efi/EFI/test/shim.efi /boot/efi/EFI/BOOT/BOOTX64.EFI ++13) enroll the current kernel's certificate with mokutil: ++ mokutil --import ~/redhatsecurebootca2.cer ++14) put machine in setup mode ++15) boot to the UEFI shell ++16) run lockdown.efi from #4: ++ fs0:\EFI\test\lockdown.efi ++17) enable secure boot verification ++18) verify it can't run other binaries: ++ fs0:\EFI\redhat\grubx64.efi ++ result should be an error, probably similar to: ++ "fs0:\...\grubx64.efi is not recognized as an internal or external command" ++19) copy test.efi to grubx64.efi: ++ cp \EFI\test\test.efi \EFI\test\grubx64.efi ++20) in the EFI shell, run fs0:\EFI\test\shim.efi ++21) you should see MokManager. Enroll the certificate you added in #13, and ++ the system will reboot. ++22) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi ++ result: "This is a test application that should be completely safe." ++ If you get the expected result, shim can run things signed by its internal ++ key ring. Check a box someplace that says it can do that. ++23) from the EFI shell, copy grub to grubx64.efi: ++ cp \EFI\test\grubx.efi \EFI\test\grubx64.efi ++24) in the EFI shell, run fs0:\EFI\test\shim.efi ++ result: this should start grub, which will let you boot a kernel ++ If grub starts, it means shim can run things signed by a key in the system's ++ db. Check a box someplace that says it can do that. ++ If the kernel boots, it means shim can run things from Mok. Check a box ++ someplace that says it can do that. ++25) remove all boot entries and the BootOrder variable: ++ [root@uefi ~]# cd /sys/firmware/efi/efivars/ ++ [root@uefi efivars]# rm -vf Boot[0123456789]* BootOrder-* ++ removed ‘Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c’ ++ removed ‘Boot0001-8be4df61-93ca-11d2-aa0d-00e098032b8c’ ++ removed ‘Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c’ ++ removed ‘Boot2001-8be4df61-93ca-11d2-aa0d-00e098032b8c’ ++ removed ‘BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c’ ++ [root@uefi efivars]# ++27) reboot ++28) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just ++ have an old machine. In that case, go to the EFI shell and run: ++ fs0:\EFI\BOOT\BOOTX64.EFI ++ If this works, you should see a bit of output very quickly and then the same ++ thing as #24. This means shim recognized it was in \EFI\BOOT and ran ++ fallback.efi, which worked. +-- +1.9.3 + diff --git a/SOURCES/0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch b/SOURCES/0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch new file mode 100644 index 0000000..a4cdb0d --- /dev/null +++ b/SOURCES/0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch @@ -0,0 +1,71 @@ +From a0bb7822bc0745cba1af1c119fb9f7a0e5ec828c Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 14 Feb 2014 14:44:31 -0500 +Subject: [PATCH 21/74] Add a failure case to the test plan and fix an ordering + error. + +Signed-off-by: Peter Jones +--- + testplan.txt | 27 +++++++++++++++++---------- + 1 file changed, 17 insertions(+), 10 deletions(-) + +diff --git a/testplan.txt b/testplan.txt +index 118dfcd..2fbf238 100644 +--- a/testplan.txt ++++ b/testplan.txt +@@ -12,23 +12,26 @@ How to test a new shim build for RHEL/fedora: + -s -c "Red Hat Test Certificate" + 6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi + cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \ +- /boot/efi/EFI/test/test.efi +-7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\: +- pesign -i /boot/efi/EFI/redhat/grubx64.efi -o grubx64-unsigned.efi \ +- -r -u 0 +- pesign -i grubx64-unsigned.efi -o /boot/efi/EFI/test/grub.efi \ +- -s -c "Red Hat Test Certificate" ++ /boot/efi/EFI/test/test.efi ++7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\ . Also ++ leave an unsigned copy there: ++ pesign -i /boot/efi/EFI/redhat/grubx64.efi \ ++ -o /boot/efi/EFI/test/grubx64-unsigned.efi \ ++ -r -u 0 ++ pesign -i /boot/efi/EFI/test/grubx64-unsigned.efi \ ++ -o /boot/efi/EFI/test/grub.efi \ ++ -s -c "Red Hat Test Certificate" + 8) sign a copy of mokmanager with RHTC and put it in \EFI\test: + pesign -i /usr/share/shim/MokManager.efi \ +- -o /boot/efi/EFI/test/MokManager.efi -s \ ++ -o /boot/efi/EFI/test/MokManager.efi -s \ + -c "Red Hat Test Certificate" + 9) copy grub.cfg to our test directory: + cp /boot/efi/EFI/redhat/grub.cfg /boot/efi/EFI/test/grub.cfg + 10) *move* \EFI\redhat\BOOT.CSV to \EFI\test +- mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV +-11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi + rm -rf /boot/efi/EFI/BOOT/ + mkdir /boot/efi/EFI/BOOT/ ++ mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV ++11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi + pesign -i /usr/share/shim/fallback.efi \ + -o /boot/efi/EFI/BOOT/fallback.efi \ + -s -c "Red Hat Test Certificate" +@@ -55,7 +58,7 @@ How to test a new shim build for RHEL/fedora: + If you get the expected result, shim can run things signed by its internal + key ring. Check a box someplace that says it can do that. + 23) from the EFI shell, copy grub to grubx64.efi: +- cp \EFI\test\grubx.efi \EFI\test\grubx64.efi ++ cp \EFI\test\grub.efi \EFI\test\grubx64.efi + 24) in the EFI shell, run fs0:\EFI\test\shim.efi + result: this should start grub, which will let you boot a kernel + If grub starts, it means shim can run things signed by a key in the system's +@@ -78,3 +81,7 @@ How to test a new shim build for RHEL/fedora: + If this works, you should see a bit of output very quickly and then the same + thing as #24. This means shim recognized it was in \EFI\BOOT and ran + fallback.efi, which worked. ++29) copy the unsigned grub into place and reboot: ++ cp /boot/efi/EFI/test/grubx64-unsigned.efi /boot/efi/EFI/test/grubx64.efi ++30) reboot again. ++ result: shim should refuse to load grub. +-- +1.9.3 + diff --git a/SOURCES/0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch b/SOURCES/0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch new file mode 100644 index 0000000..c92e451 --- /dev/null +++ b/SOURCES/0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch @@ -0,0 +1,250 @@ +From 06495f692fa748a553ffbde8bfae2974d8c791c0 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 14 Feb 2014 15:38:25 -0500 +Subject: [PATCH 22/74] Allow fallback to use the system's LoadImage/StartImage + . + +Track use of the system's LoadImage(), and when the next StartImage() +call is for an image the system verified, allow that to count as +participating, since it has been verified by the system's db. + +Signed-off-by: Peter Jones +--- + replacements.c | 68 +++++++++++++++++++++++++++++++++++++++++++++- + replacements.h | 3 +++ + shim.c | 85 +++++++++++++++++++++++++++++++++++----------------------- + 3 files changed, 121 insertions(+), 35 deletions(-) + +diff --git a/replacements.c b/replacements.c +index 5ea5c32..48dc437 100644 +--- a/replacements.c ++++ b/replacements.c +@@ -60,26 +60,82 @@ + + static EFI_SYSTEM_TABLE *systab; + ++static typeof(systab->BootServices->LoadImage) system_load_image; + static typeof(systab->BootServices->StartImage) system_start_image; + static typeof(systab->BootServices->Exit) system_exit; + static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services; + ++static EFI_HANDLE last_loaded_image; ++ + void + unhook_system_services(void) + { + systab->BootServices->Exit = system_exit; ++ systab->BootServices->LoadImage = system_load_image; + systab->BootServices->StartImage = system_start_image; + systab->BootServices->ExitBootServices = system_exit_boot_services; + } + + static EFI_STATUS EFIAPI ++load_image(BOOLEAN BootPolicy, EFI_HANDLE ParentImageHandle, ++ EFI_DEVICE_PATH *DevicePath, VOID *SourceBuffer, ++ UINTN SourceSize, EFI_HANDLE *ImageHandle) ++{ ++ EFI_STATUS status; ++ unhook_system_services(); ++ ++ status = systab->BootServices->LoadImage(BootPolicy, ++ ParentImageHandle, DevicePath, ++ SourceBuffer, SourceSize, ImageHandle); ++ hook_system_services(systab); ++ if (EFI_ERROR(status)) ++ last_loaded_image = NULL; ++ else ++ last_loaded_image = *ImageHandle; ++ return status; ++} ++ ++static EFI_STATUS EFIAPI + start_image(EFI_HANDLE image_handle, UINTN *exit_data_size, CHAR16 **exit_data) + { + EFI_STATUS status; + unhook_system_services(); ++ ++ /* We have to uninstall shim's protocol here, because if we're ++ * On the fallback.efi path, then our call pathway is: ++ * ++ * shim->fallback->shim->grub ++ * ^ ^ ^ ++ * | | \- gets protocol #0 ++ * | \- installs its protocol (#1) ++ * \- installs its protocol (#0) ++ * and if we haven't removed this, then grub will get the *first* ++ * shim's protocol, but it'll get the second shim's systab ++ * replacements. So even though it will participate and verify ++ * the kernel, the systab never finds out. ++ */ ++ if (image_handle == last_loaded_image) { ++ loader_is_participating = 1; ++ uninstall_shim_protocols(); ++ } + status = systab->BootServices->StartImage(image_handle, exit_data_size, exit_data); +- if (EFI_ERROR(status)) ++ if (EFI_ERROR(status)) { ++ if (image_handle == last_loaded_image) { ++ EFI_STATUS status2 = install_shim_protocols(); ++ ++ if (EFI_ERROR(status2)) { ++ Print(L"Something has gone seriously wrong: %d\n", ++ status2); ++ Print(L"shim cannot continue, sorry.\n"); ++ systab->BootServices->Stall(5000000); ++ systab->RuntimeServices->ResetSystem( ++ EfiResetShutdown, ++ EFI_SECURITY_VIOLATION, 0, NULL); ++ } ++ } + hook_system_services(systab); ++ loader_is_participating = 0; ++ } + return status; + } + +@@ -123,6 +179,16 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab) + + /* We need to hook various calls to make this work... */ + ++ /* We need LoadImage() hooked so that fallback.c can load shim ++ * without having to fake LoadImage as well. This allows it ++ * to call the system LoadImage(), and have us track the output ++ * and mark loader_is_participating in start_image. This means ++ * anything added by fallback has to be verified by the system db, ++ * which we want to preserve anyway, since that's all launching ++ * through BDS gives us. */ ++ system_load_image = systab->BootServices->LoadImage; ++ systab->BootServices->LoadImage = load_image; ++ + /* we need StartImage() so that we can allow chain booting to an + * image trusted by the firmware */ + system_start_image = systab->BootServices->StartImage; +diff --git a/replacements.h b/replacements.h +index 5b57bc2..bd09424 100644 +--- a/replacements.h ++++ b/replacements.h +@@ -41,4 +41,7 @@ extern int loader_is_participating; + extern void hook_system_services(EFI_SYSTEM_TABLE *local_systab); + extern void unhook_system_services(void); + ++extern EFI_STATUS install_shim_protocols(void); ++extern void uninstall_shim_protocols(void); ++ + #endif /* SHIM_REPLACEMENTS_H */ +diff --git a/shim.c b/shim.c +index cf93d65..0e18d38 100644 +--- a/shim.c ++++ b/shim.c +@@ -1707,11 +1707,56 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) + return EFI_SUCCESS; + } + +-EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) ++static SHIM_LOCK shim_lock_interface; ++static EFI_HANDLE shim_lock_handle; ++ ++EFI_STATUS ++install_shim_protocols(void) ++{ ++ EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; ++ EFI_STATUS efi_status; ++ /* ++ * Install the protocol ++ */ ++ efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4, ++ &shim_lock_handle, &shim_lock_guid, ++ EFI_NATIVE_INTERFACE, &shim_lock_interface); ++ if (EFI_ERROR(efi_status)) { ++ console_error(L"Could not install security protocol", ++ efi_status); ++ return efi_status; ++ } ++ ++#if defined(OVERRIDE_SECURITY_POLICY) ++ /* ++ * Install the security protocol hook ++ */ ++ security_policy_install(shim_verify); ++#endif ++ ++ return EFI_SUCCESS; ++} ++ ++void ++uninstall_shim_protocols(void) + { + EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; +- static SHIM_LOCK shim_lock_interface; +- EFI_HANDLE handle = NULL; ++#if defined(OVERRIDE_SECURITY_POLICY) ++ /* ++ * Clean up the security protocol hook ++ */ ++ security_policy_uninstall(); ++#endif ++ ++ /* ++ * If we're back here then clean everything up before exiting ++ */ ++ uefi_call_wrapper(BS->UninstallProtocolInterface, 3, shim_lock_handle, ++ &shim_lock_guid, &shim_lock_interface); ++} ++ ++EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) ++{ + EFI_STATUS efi_status; + + verification_method = VERIFIED_BY_NOTHING; +@@ -1768,24 +1813,9 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) + } + } + +- /* +- * Install the protocol +- */ +- efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4, +- &handle, &shim_lock_guid, EFI_NATIVE_INTERFACE, +- &shim_lock_interface); +- if (EFI_ERROR(efi_status)) { +- console_error(L"Could not install security protocol", +- efi_status); ++ efi_status = install_shim_protocols(); ++ if (EFI_ERROR(efi_status)) + return efi_status; +- } +- +-#if defined(OVERRIDE_SECURITY_POLICY) +- /* +- * Install the security protocol hook +- */ +- security_policy_install(shim_verify); +-#endif + + /* + * Enter MokManager if necessary +@@ -1810,20 +1840,7 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) + + efi_status = init_grub(image_handle); + +-#if defined(OVERRIDE_SECURITY_POLICY) +- /* +- * Clean up the security protocol hook +- */ +- security_policy_uninstall(); +-#endif +- +- /* +- * If we're back here then clean everything up before exiting +- */ +- uefi_call_wrapper(BS->UninstallProtocolInterface, 3, handle, +- &shim_lock_guid, &shim_lock_interface); +- +- ++ uninstall_shim_protocols(); + /* + * Remove our hooks from system services. + */ +-- +1.9.3 + diff --git a/SOURCES/0023-additional-bounds-checking-on-section-sizes.patch b/SOURCES/0023-additional-bounds-checking-on-section-sizes.patch new file mode 100644 index 0000000..da3bb7d --- /dev/null +++ b/SOURCES/0023-additional-bounds-checking-on-section-sizes.patch @@ -0,0 +1,295 @@ +From 5495694c043de510aaf8ff5dcbe17b6547794083 Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Mon, 3 Dec 2012 15:52:48 -0800 +Subject: [PATCH 23/74] additional bounds-checking on section sizes + +This adds additional bounds-checking on the section sizes. Also adds +-Wsign-compare to the Makefile and replaces some signed variables with +unsigned counteparts for robustness. + +Signed-off-by: Kees Cook +--- + Makefile | 3 ++- + MokManager.c | 6 ++--- + PasswordCrypt.c | 4 +-- + fallback.c | 4 +-- + shim.c | 83 +++++++++++++++++++++++++++++++++++++++------------------ + 5 files changed, 66 insertions(+), 34 deletions(-) + +diff --git a/Makefile b/Makefile +index e65d28d..46e5ef9 100644 +--- a/Makefile ++++ b/Makefile +@@ -16,7 +16,8 @@ EFI_LDS = elf_$(ARCH)_efi.lds + + DEFAULT_LOADER := \\\\grub.efi + CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ +- -fshort-wchar -Wall -Werror -mno-red-zone -maccumulate-outgoing-args \ ++ -fshort-wchar -Wall -Wsign-compare -Werror \ ++ -mno-red-zone -maccumulate-outgoing-args \ + -mno-mmx -mno-sse -fno-builtin \ + "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ + "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ +diff --git a/MokManager.c b/MokManager.c +index f5ed379..3da61f4 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -440,7 +440,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) + MokListNode *keys = NULL; + INTN key_num = 0; + CHAR16 **menu_strings; +- int i; ++ unsigned int i; + + if (KeyListSize < (sizeof(EFI_SIGNATURE_LIST) + + sizeof(EFI_SIGNATURE_DATA))) { +@@ -491,7 +491,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) + static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show) + { + EFI_INPUT_KEY key; +- int count = 0; ++ unsigned int count = 0; + + do { + key = console_get_keystroke(); +@@ -640,7 +640,7 @@ static EFI_STATUS match_password (PASSWORD_CRYPT *pw_crypt, + CHAR16 password[PASSWORD_MAX]; + UINT32 pw_length; + UINT8 fail_count = 0; +- int i; ++ unsigned int i; + + if (pw_crypt) { + auth_hash = pw_crypt->hash; +diff --git a/PasswordCrypt.c b/PasswordCrypt.c +index 8d72a82..e0a82cf 100644 +--- a/PasswordCrypt.c ++++ b/PasswordCrypt.c +@@ -154,7 +154,7 @@ static EFI_STATUS sha256_crypt (const char *key, UINT32 key_len, + CopyMem(cp, tmp_result, cnt); + + SHA256_Init(&alt_ctx); +- for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) ++ for (cnt = 0; cnt < 16ul + alt_result[0]; ++cnt) + SHA256_Update(&alt_ctx, salt, salt_size); + SHA256_Final(tmp_result, &alt_ctx); + +@@ -242,7 +242,7 @@ static EFI_STATUS sha512_crypt (const char *key, UINT32 key_len, + CopyMem(cp, tmp_result, cnt); + + SHA512_Init(&alt_ctx); +- for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) ++ for (cnt = 0; cnt < 16ul + alt_result[0]; ++cnt) + SHA512_Update(&alt_ctx, salt, salt_size); + SHA512_Final(tmp_result, &alt_ctx); + +diff --git a/fallback.c b/fallback.c +index 44638ec..bc9a3c9 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -229,7 +229,7 @@ EFI_STATUS + find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, + CHAR16 *arguments, UINT16 *optnum) + { +- int size = sizeof(UINT32) + sizeof (UINT16) + ++ unsigned int size = sizeof(UINT32) + sizeof (UINT16) + + StrLen(label)*2 + 2 + DevicePathSize(dp) + + StrLen(arguments) * 2 + 2; + +@@ -768,7 +768,7 @@ try_start_first_option(EFI_HANDLE parent_image_handle) + if (EFI_ERROR(rc)) { + CHAR16 *dps = DevicePathToStr(first_new_option); + UINTN s = DevicePathSize(first_new_option); +- int i; ++ unsigned int i; + UINT8 *dpv = (void *)first_new_option; + Print(L"LoadImage failed: %d\nDevice path: \"%s\"\n", rc, dps); + for (i = 0; i < s; i++) { +diff --git a/shim.c b/shim.c +index 0e18d38..8c583a4 100644 +--- a/shim.c ++++ b/shim.c +@@ -102,7 +102,7 @@ typedef struct { + /* + * Perform basic bounds checking of the intra-image pointers + */ +-static void *ImageAddress (void *image, int size, unsigned int address) ++static void *ImageAddress (void *image, unsigned int size, unsigned int address) + { + if (address > size) + return NULL; +@@ -494,18 +494,19 @@ static BOOLEAN secure_mode (void) + * Calculate the SHA1 and SHA256 hashes of a binary + */ + +-static EFI_STATUS generate_hash (char *data, int datasize, ++static EFI_STATUS generate_hash (char *data, int datasize_in, + PE_COFF_LOADER_IMAGE_CONTEXT *context, + UINT8 *sha256hash, UINT8 *sha1hash) + + { + unsigned int sha256ctxsize, sha1ctxsize; +- unsigned int size = datasize; ++ unsigned int size = datasize_in; + void *sha256ctx = NULL, *sha1ctx = NULL; + char *hashbase; + unsigned int hashsize; + unsigned int SumOfBytesHashed, SumOfSectionBytes; + unsigned int index, pos; ++ unsigned int datasize; + EFI_IMAGE_SECTION_HEADER *Section; + EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL; + EFI_IMAGE_SECTION_HEADER *SectionCache; +@@ -517,6 +518,12 @@ static EFI_STATUS generate_hash (char *data, int datasize, + sha1ctxsize = Sha1GetContextSize(); + sha1ctx = AllocatePool(sha1ctxsize); + ++ if (datasize_in < 0) { ++ Print(L"Invalid data size\n"); ++ return EFI_INVALID_PARAMETER; ++ } ++ size = datasize = (unsigned int)datasize_in; ++ + if (!sha256ctx || !sha1ctx) { + Print(L"Unable to allocate memory for hash context\n"); + return EFI_OUT_OF_RESOURCES; +@@ -577,22 +584,29 @@ static EFI_STATUS generate_hash (char *data, int datasize, + SumOfBytesHashed = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders; + #endif + +- Section = (EFI_IMAGE_SECTION_HEADER *) ( +- (char *)context->PEHdr + sizeof (UINT32) + +- sizeof (EFI_IMAGE_FILE_HEADER) + +- context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader +- ); +- +- SectionCache = Section; +- ++ /* Validate section locations and sizes */ + for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++, SectionCache++) { +- SumOfSectionBytes += SectionCache->SizeOfRawData; +- } +- +- if (SumOfSectionBytes >= datasize) { +- Print(L"Malformed binary: %x %x\n", SumOfSectionBytes, size); +- status = EFI_INVALID_PARAMETER; +- goto done; ++ EFI_IMAGE_SECTION_HEADER *SectionPtr; ++ ++ /* Validate SectionPtr is within image */ ++ SectionPtr = ImageAddress(data, datasize, ++ sizeof (UINT32) + ++ sizeof (EFI_IMAGE_FILE_HEADER) + ++ context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + ++ (index * sizeof(*SectionPtr))); ++ if (!SectionPtr) { ++ Print(L"Malformed section %d\n", index); ++ status = EFI_INVALID_PARAMETER; ++ goto done; ++ } ++ /* Validate section size is within image. */ ++ if (SectionPtr->SizeOfRawData > ++ datasize - SumOfBytesHashed - SumOfSectionBytes) { ++ Print(L"Malformed section %d size\n", index); ++ status = EFI_INVALID_PARAMETER; ++ goto done; ++ } ++ SumOfSectionBytes += SectionPtr->SizeOfRawData; + } + + SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * context->PEHdr->Pe32.FileHeader.NumberOfSections); +@@ -602,6 +616,11 @@ static EFI_STATUS generate_hash (char *data, int datasize, + goto done; + } + ++ /* Already validated above */ ++ Section = ImageAddress(data, datasize, sizeof (UINT32) + ++ sizeof (EFI_IMAGE_FILE_HEADER) + ++ context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader); ++ + /* Sort the section headers */ + for (index = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) { + pos = index; +@@ -620,7 +639,6 @@ static EFI_STATUS generate_hash (char *data, int datasize, + continue; + } + hashbase = ImageAddress(data, size, Section->PointerToRawData); +- hashsize = (unsigned int) Section->SizeOfRawData; + + if (!hashbase) { + Print(L"Malformed section header\n"); +@@ -628,6 +646,15 @@ static EFI_STATUS generate_hash (char *data, int datasize, + goto done; + } + ++ /* Verify hashsize within image. */ ++ if (Section->SizeOfRawData > ++ datasize - Section->PointerToRawData) { ++ Print(L"Malformed section raw size %d\n", index); ++ status = EFI_INVALID_PARAMETER; ++ goto done; ++ } ++ hashsize = (unsigned int) Section->SizeOfRawData; ++ + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { + Print(L"Unable to generate hash\n"); +@@ -638,10 +665,10 @@ static EFI_STATUS generate_hash (char *data, int datasize, + } + + /* Hash all remaining data */ +- if (size > SumOfBytesHashed) { ++ if (datasize > SumOfBytesHashed) { + hashbase = data + SumOfBytesHashed; + hashsize = (unsigned int)( +- size - ++ datasize - + #if __LP64__ + context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - + #else +@@ -884,7 +911,8 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + return EFI_UNSUPPORTED; + } + +- if (((UINT8 *)context->SecDir - (UINT8 *)data) > (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) { ++ if ((unsigned long)((UINT8 *)context->SecDir - (UINT8 *)data) > ++ (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) { + Print(L"Invalid image\n"); + return EFI_UNSUPPORTED; + } +@@ -904,7 +932,8 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + { + EFI_STATUS efi_status; + char *buffer; +- int i, size; ++ int i; ++ unsigned int size; + EFI_IMAGE_SECTION_HEADER *Section; + char *base, *end; + PE_COFF_LOADER_IMAGE_CONTEXT context; +@@ -1081,7 +1110,8 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, + { + EFI_DEVICE_PATH *devpath; + EFI_HANDLE device; +- int i, j, last = -1; ++ unsigned int i; ++ int j, last = -1; + unsigned int pathlen = 0; + EFI_STATUS efi_status = EFI_SUCCESS; + CHAR16 *bootpath; +@@ -1637,9 +1667,10 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) + EFI_STATUS status; + EFI_LOADED_IMAGE *li; + CHAR16 *start = NULL, *c; +- int i, remaining_size = 0; ++ unsigned int i; ++ int remaining_size = 0; + CHAR16 *loader_str = NULL; +- int loader_len = 0; ++ unsigned int loader_len = 0; + + second_stage = DEFAULT_LOADER; + load_options = NULL; +-- +1.9.3 + diff --git a/SOURCES/0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch b/SOURCES/0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch new file mode 100644 index 0000000..88b6f1c --- /dev/null +++ b/SOURCES/0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch @@ -0,0 +1,75 @@ +From a876037a0d4b91638fcb6274bd7a976f8318a7e2 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 11 Apr 2014 15:05:24 -0400 +Subject: [PATCH 24/74] Kees' patch missed the offset adjustment to PEHdr. + +In read_header, we adjust context->PEHdr's address by doshdr->e_lfanew. +If we're going to recompute that address, we have to adjust it here +too. + +Signed-off-by: Peter Jones +--- + shim.c | 26 +++++++++++++++++++------- + 1 file changed, 19 insertions(+), 7 deletions(-) + +diff --git a/shim.c b/shim.c +index 8c583a4..d06bd02 100644 +--- a/shim.c ++++ b/shim.c +@@ -511,12 +511,8 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL; + EFI_IMAGE_SECTION_HEADER *SectionCache; + EFI_STATUS status = EFI_SUCCESS; +- +- sha256ctxsize = Sha256GetContextSize(); +- sha256ctx = AllocatePool(sha256ctxsize); +- +- sha1ctxsize = Sha1GetContextSize(); +- sha1ctx = AllocatePool(sha1ctxsize); ++ EFI_IMAGE_DOS_HEADER *DosHdr = (void *)data; ++ unsigned int PEHdr_offset = 0; + + if (datasize_in < 0) { + Print(L"Invalid data size\n"); +@@ -524,6 +520,19 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + } + size = datasize = (unsigned int)datasize_in; + ++ if (datasize <= sizeof (*DosHdr) || ++ DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) { ++ Print(L"Invalid signature\n"); ++ return EFI_INVALID_PARAMETER; ++ } ++ PEHdr_offset = DosHdr->e_lfanew; ++ ++ sha256ctxsize = Sha256GetContextSize(); ++ sha256ctx = AllocatePool(sha256ctxsize); ++ ++ sha1ctxsize = Sha1GetContextSize(); ++ sha1ctx = AllocatePool(sha1ctxsize); ++ + if (!sha256ctx || !sha1ctx) { + Print(L"Unable to allocate memory for hash context\n"); + return EFI_OUT_OF_RESOURCES; +@@ -590,6 +599,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + /* Validate SectionPtr is within image */ + SectionPtr = ImageAddress(data, datasize, ++ PEHdr_offset + + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + +@@ -617,7 +627,9 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + } + + /* Already validated above */ +- Section = ImageAddress(data, datasize, sizeof (UINT32) + ++ Section = ImageAddress(data, datasize, ++ PEHdr_offset + ++ sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader); + +-- +1.9.3 + diff --git a/SOURCES/0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch b/SOURCES/0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch new file mode 100644 index 0000000..eb7e4df --- /dev/null +++ b/SOURCES/0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch @@ -0,0 +1,35 @@ +From 5103c3b368e04dd1eab1202b87363c7e6ba8f927 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 11 Apr 2014 15:07:45 -0400 +Subject: [PATCH 25/74] Get rid of SectionCache in generate_hash(), it is + unused. + +Signed-off-by: Peter Jones +--- + shim.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/shim.c b/shim.c +index d06bd02..48a6f2f 100644 +--- a/shim.c ++++ b/shim.c +@@ -509,7 +509,6 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + unsigned int datasize; + EFI_IMAGE_SECTION_HEADER *Section; + EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL; +- EFI_IMAGE_SECTION_HEADER *SectionCache; + EFI_STATUS status = EFI_SUCCESS; + EFI_IMAGE_DOS_HEADER *DosHdr = (void *)data; + unsigned int PEHdr_offset = 0; +@@ -594,7 +593,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + #endif + + /* Validate section locations and sizes */ +- for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++, SectionCache++) { ++ for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) { + EFI_IMAGE_SECTION_HEADER *SectionPtr; + + /* Validate SectionPtr is within image */ +-- +1.9.3 + diff --git a/SOURCES/0026-fallback-Avoid-duplicate-old-BootOrder.patch b/SOURCES/0026-fallback-Avoid-duplicate-old-BootOrder.patch new file mode 100644 index 0000000..3992ae1 --- /dev/null +++ b/SOURCES/0026-fallback-Avoid-duplicate-old-BootOrder.patch @@ -0,0 +1,90 @@ +From 382a0b66e6c06ccf6775e3c05d5f9ce5f0eab5db Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 6 Mar 2014 11:58:36 +0800 +Subject: [PATCH 26/74] [fallback] Avoid duplicate old BootOrder + +set_boot_order() already copies the old BootOrder to the variable, +bootorder. Besides, we can adjust BootOrder when adding the newly +generated boot option. So, we don't have to copy the old one again +in update_boot_order(). This avoid the duplicate entries in BootOrder. + +Signed-off-by: Gary Ching-Pang Lin +--- + fallback.c | 37 ++++++++++++------------------------- + 1 file changed, 12 insertions(+), 25 deletions(-) + +diff --git a/fallback.c b/fallback.c +index bc9a3c9..4bde9c1 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -204,12 +204,12 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, + return EFI_OUT_OF_RESOURCES; + + int j = 0; ++ newbootorder[0] = i & 0xffff; + if (nbootorder) { + for (j = 0; j < nbootorder; j++) +- newbootorder[j] = bootorder[j]; ++ newbootorder[j+1] = bootorder[j]; + FreePool(bootorder); + } +- newbootorder[j] = i & 0xffff; + bootorder = newbootorder; + nbootorder += 1; + #ifdef DEBUG_FALLBACK +@@ -307,28 +307,17 @@ set_boot_order(void) + EFI_STATUS + update_boot_order(void) + { +- CHAR16 *oldbootorder; + UINTN size; ++ UINTN len = 0; + EFI_GUID global = EFI_GLOBAL_VARIABLE; + CHAR16 *newbootorder = NULL; ++ EFI_STATUS rc; + +- oldbootorder = LibGetVariableAndSize(L"BootOrder", &global, &size); +- if (oldbootorder) { +- int n = size / sizeof (CHAR16) + nbootorder; +- +- newbootorder = AllocateZeroPool(n * sizeof (CHAR16)); +- if (!newbootorder) +- return EFI_OUT_OF_RESOURCES; +- CopyMem(newbootorder, bootorder, nbootorder * sizeof (CHAR16)); +- CopyMem(newbootorder + nbootorder, oldbootorder, size); +- size = n * sizeof (CHAR16); +- } else { +- size = nbootorder * sizeof(CHAR16); +- newbootorder = AllocateZeroPool(size); +- if (!newbootorder) +- return EFI_OUT_OF_RESOURCES; +- CopyMem(newbootorder, bootorder, size); +- } ++ size = nbootorder * sizeof(CHAR16); ++ newbootorder = AllocateZeroPool(size); ++ if (!newbootorder) ++ return EFI_OUT_OF_RESOURCES; ++ CopyMem(newbootorder, bootorder, size); + + #ifdef DEBUG_FALLBACK + Print(L"nbootorder: %d\nBootOrder: ", size / sizeof (CHAR16)); +@@ -337,13 +326,11 @@ update_boot_order(void) + Print(L"%04x ", newbootorder[j]); + Print(L"\n"); + #endif +- +- if (oldbootorder) { ++ rc = uefi_call_wrapper(RT->GetVariable, 5, L"BootOrder", &global, ++ NULL, &len, NULL); ++ if (rc == EFI_BUFFER_TOO_SMALL) + LibDeleteVariable(L"BootOrder", &global); +- FreePool(oldbootorder); +- } + +- EFI_STATUS rc; + rc = uefi_call_wrapper(RT->SetVariable, 5, L"BootOrder", &global, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | +-- +1.9.3 + diff --git a/SOURCES/0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch b/SOURCES/0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch new file mode 100644 index 0000000..f644711 --- /dev/null +++ b/SOURCES/0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch @@ -0,0 +1,26 @@ +From 4aac8a1179e160397d7ef8f1e3232cfb4f3373d6 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 6 Mar 2014 10:57:02 +0800 +Subject: [PATCH 27/74] [fallback] Fix the data size for boot option comparison + +Signed-off-by: Gary Ching-Pang Lin +--- + fallback.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fallback.c b/fallback.c +index 4bde9c1..7f242e1 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -231,7 +231,7 @@ find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, + { + unsigned int size = sizeof(UINT32) + sizeof (UINT16) + + StrLen(label)*2 + 2 + DevicePathSize(dp) + +- StrLen(arguments) * 2 + 2; ++ StrLen(arguments) * 2; + + CHAR8 *data = AllocateZeroPool(size); + if (!data) +-- +1.9.3 + diff --git a/SOURCES/0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch b/SOURCES/0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch new file mode 100644 index 0000000..82d5d29 --- /dev/null +++ b/SOURCES/0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch @@ -0,0 +1,58 @@ +From 0ba09477afac58ef2eadc7311440e695e6250029 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Wed, 5 Mar 2014 18:14:09 +0800 +Subject: [PATCH 28/74] [fallback] Try to boot the first boot option anyway + +Some UEFI implementations never care the boot options, so the +restored boot options could be just ignored and this results in +endless reboot. To avoid this situation, this commit makes +fallback.efi to load the first matched boot option even if there +is no boot option to be restored. It may not be perfect, but at +least the bootloader is loaded... + +Signed-off-by: Gary Ching-Pang Lin +--- + fallback.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/fallback.c b/fallback.c +index 7f242e1..d10fb62 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -226,8 +226,9 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, + } + + EFI_STATUS +-find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, +- CHAR16 *arguments, UINT16 *optnum) ++find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, ++ CHAR16 *filename, CHAR16 *label, CHAR16 *arguments, ++ UINT16 *optnum) + { + unsigned int size = sizeof(UINT32) + sizeof (UINT16) + + StrLen(label)*2 + 2 + DevicePathSize(dp) + +@@ -278,6 +279,12 @@ find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, + continue; + + /* at this point, we have duplicate data. */ ++ if (!first_new_option) { ++ first_new_option = DuplicateDevicePath(fulldp); ++ first_new_option_args = arguments; ++ first_new_option_size = StrLen(arguments) * sizeof (CHAR16); ++ } ++ + *optnum = i; + FreePool(candidate); + FreePool(data); +@@ -403,7 +410,7 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * + #endif + + UINT16 option; +- rc = find_boot_option(dp, fullpath, label, arguments, &option); ++ rc = find_boot_option(dp, full_device_path, fullpath, label, arguments, &option); + if (EFI_ERROR(rc)) { + add_boot_option(dp, full_device_path, fullpath, label, arguments); + } else if (option != 0) { +-- +1.9.3 + diff --git a/SOURCES/0029-Fetch-the-netboot-image-from-the-same-device.patch b/SOURCES/0029-Fetch-the-netboot-image-from-the-same-device.patch new file mode 100644 index 0000000..9b94ed1 --- /dev/null +++ b/SOURCES/0029-Fetch-the-netboot-image-from-the-same-device.patch @@ -0,0 +1,144 @@ +From f500a8742c19be604d33907b56ab9597fe448b65 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 27 May 2014 14:12:32 +0800 +Subject: [PATCH 29/74] Fetch the netboot image from the same device + +The previous strategy is to locate the first available PXE_BASE_CODE +protocol and to fetch the second stage image from it, and this may +cause shim to fetch the wrong second stage image, i.e. grub.efi. + +Consider the machine with the following boot order: +1. PXE Boot +2. Hard Drive + +Assume that the EFI image, e.g. bootx64.efi, in the PXE server is +broken, then "PXE Boot" will fail and fallback to "Hard Drive". While +shim.efi in "Hard Drive" is loaded, it will find the PXE protocol is +available and fetch grub.efi from the PXE server, not grub.efi in the +disk. + +This commit checks the DeviceHandle from Loaded Image. If the device +supports PXE, then shim fetches grub.efi with the PXE protocol. Otherwise, +shim loads grub.efi from the disk. + +Signed-off-by: Gary Ching-Pang Lin +--- + netboot.c | 77 +++++++++++++-------------------------------------------------- + shim.c | 2 +- + 2 files changed, 17 insertions(+), 62 deletions(-) + +diff --git a/netboot.c b/netboot.c +index 07e2773..5ef53f7 100644 +--- a/netboot.c ++++ b/netboot.c +@@ -85,78 +85,33 @@ translate_slashes(char *str) + * Returns TRUE if we identify a protocol that is enabled and Providing us with + * the needed information to fetch a grubx64.efi image + */ +-BOOLEAN findNetboot(EFI_HANDLE image_handle) ++BOOLEAN findNetboot(EFI_HANDLE device) + { +- UINTN bs = sizeof(EFI_HANDLE); +- EFI_GUID pxe_base_code_protocol = EFI_PXE_BASE_CODE_PROTOCOL; +- EFI_HANDLE *hbuf; +- BOOLEAN rc = FALSE; +- void *buffer = AllocatePool(bs); +- UINTN errcnt = 0; +- UINTN i; + EFI_STATUS status; + +- if (!buffer) ++ status = uefi_call_wrapper(BS->HandleProtocol, 3, device, ++ &PxeBaseCodeProtocol, (VOID **)&pxe); ++ if (status != EFI_SUCCESS) { ++ pxe = NULL; + return FALSE; +- +-try_again: +- status = uefi_call_wrapper(BS->LocateHandle,5, ByProtocol, +- &pxe_base_code_protocol, NULL, &bs, +- buffer); +- +- if (status == EFI_BUFFER_TOO_SMALL) { +- errcnt++; +- FreePool(buffer); +- if (errcnt > 1) +- return FALSE; +- buffer = AllocatePool(bs); +- if (!buffer) +- return FALSE; +- goto try_again; + } + +- if (status == EFI_NOT_FOUND) { +- FreePool(buffer); ++ if (!pxe || !pxe->Mode) { ++ pxe = NULL; + return FALSE; + } + +- /* +- * We have a list of pxe supporting protocols, lets see if any are +- * active +- */ +- hbuf = buffer; +- pxe = NULL; +- for (i=0; i < (bs / sizeof(EFI_HANDLE)); i++) { +- status = uefi_call_wrapper(BS->OpenProtocol, 6, hbuf[i], +- &pxe_base_code_protocol, +- (void **)&pxe, image_handle, NULL, +- EFI_OPEN_PROTOCOL_GET_PROTOCOL); +- +- if (status != EFI_SUCCESS) { +- pxe = NULL; +- continue; +- } +- +- if (!pxe || !pxe->Mode) { +- pxe = NULL; +- continue; +- } +- +- if (pxe->Mode->Started && pxe->Mode->DhcpAckReceived) { +- /* +- * We've located a pxe protocol handle thats been +- * started and has received an ACK, meaning its +- * something we'll be able to get tftp server info +- * out of +- */ +- rc = TRUE; +- break; +- } +- ++ if (!pxe->Mode->Started || !pxe->Mode->DhcpAckReceived) { ++ pxe = NULL; ++ return FALSE; + } + +- FreePool(buffer); +- return rc; ++ /* ++ * We've located a pxe protocol handle thats been started and has ++ * received an ACK, meaning its something we'll be able to get ++ * tftp server info out of ++ */ ++ return TRUE; + } + + static CHAR8 *get_v6_bootfile_url(EFI_PXE_BASE_CODE_DHCPV6_PACKET *pkt) +diff --git a/shim.c b/shim.c +index 48a6f2f..d8699f9 100644 +--- a/shim.c ++++ b/shim.c +@@ -1373,7 +1373,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + goto done; + } + +- if (findNetboot(image_handle)) { ++ if (findNetboot(li->DeviceHandle)) { + efi_status = parseNetbootinfo(image_handle); + if (efi_status != EFI_SUCCESS) { + Print(L"Netboot parsing failed: %r\n", efi_status); +-- +1.9.3 + diff --git a/SOURCES/0030-Check-the-first-4-bytes-of-the-certificate.patch b/SOURCES/0030-Check-the-first-4-bytes-of-the-certificate.patch new file mode 100644 index 0000000..8fa702a --- /dev/null +++ b/SOURCES/0030-Check-the-first-4-bytes-of-the-certificate.patch @@ -0,0 +1,140 @@ +From 5f18e2e3643524c6b6b38c44c6ce4eabdcfd59d1 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 27 May 2014 17:42:00 +0800 +Subject: [PATCH 30/74] Check the first 4 bytes of the certificate + +A non-DER encoding x509 certificate may be mistakenly enrolled into +db or MokList. This commit checks the first 4 bytes of the certificate +to ensure that it's DER encoding. + +This commit also removes the iteration of the x509 signature list. +Per UEFI SPEC, each x509 signature list contains only one x509 certificate. +Besides, the size of certificate is incorrect. The size of the header must +be substracted from the signature size. + +Signed-off-by: Gary Ching-Pang Lin +--- + MokManager.c | 23 +++++++++++++++++++++-- + shim.c | 45 +++++++++++++++++++++++++++++++-------------- + 2 files changed, 52 insertions(+), 16 deletions(-) + +diff --git a/MokManager.c b/MokManager.c +index 3da61f4..c9fbbac 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -1306,11 +1306,30 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) { + return -1; + } + +-static BOOLEAN verify_certificate(void *cert, UINTN size) ++static BOOLEAN verify_certificate(UINT8 *cert, UINTN size) + { + X509 *X509Cert; +- if (!cert || size == 0) ++ UINTN length; ++ if (!cert || size < 0) ++ return FALSE; ++ ++ /* ++ * A DER encoding x509 certificate starts with SEQUENCE(0x30), ++ * the number of length bytes, and the number of value bytes. ++ * The size of a x509 certificate is usually between 127 bytes ++ * and 64KB. For convenience, assume the number of value bytes ++ * is 2, i.e. the second byte is 0x82. ++ */ ++ if (cert[0] != 0x30 || cert[1] != 0x82) { ++ console_notify(L"Not a DER encoding X509 certificate"); + return FALSE; ++ } ++ ++ length = (cert[2]<<8 | cert[3]); ++ if (length != (size - 4)) { ++ console_notify(L"Invalid X509 certificate: Inconsistent size"); ++ return FALSE; ++ } + + if (!(X509ConstructCertificate(cert, size, (UINT8 **) &X509Cert)) || + X509Cert == NULL) { +diff --git a/shim.c b/shim.c +index d8699f9..cd26ce6 100644 +--- a/shim.c ++++ b/shim.c +@@ -226,44 +226,61 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + return EFI_SUCCESS; + } + ++static BOOLEAN verify_x509(UINT8 *Cert, UINTN CertSize) ++{ ++ UINTN length; ++ ++ if (!Cert || CertSize < 4) ++ return FALSE; ++ ++ /* ++ * A DER encoding x509 certificate starts with SEQUENCE(0x30), ++ * the number of length bytes, and the number of value bytes. ++ * The size of a x509 certificate is usually between 127 bytes ++ * and 64KB. For convenience, assume the number of value bytes ++ * is 2, i.e. the second byte is 0x82. ++ */ ++ if (Cert[0] != 0x30 || Cert[1] != 0x82) ++ return FALSE; ++ ++ length = Cert[2]<<8 | Cert[3]; ++ if (length != (CertSize - 4)) ++ return FALSE; ++ ++ return TRUE; ++} ++ + static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList, + UINTN dbsize, + WIN_CERTIFICATE_EFI_PKCS *data, + UINT8 *hash) + { + EFI_SIGNATURE_DATA *Cert; +- UINTN CertCount, Index; ++ UINTN CertSize; + BOOLEAN IsFound = FALSE; + EFI_GUID CertType = X509_GUID; + + while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { + if (CompareGuid (&CertList->SignatureType, &CertType) == 0) { +- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); +- for (Index = 0; Index < CertCount; Index++) { ++ CertSize = CertList->SignatureSize - sizeof(EFI_GUID); ++ if (verify_x509(Cert->SignatureData, CertSize)) { + IsFound = AuthenticodeVerify (data->CertData, + data->Hdr.dwLength - sizeof(data->Hdr), + Cert->SignatureData, +- CertList->SignatureSize, ++ CertSize, + hash, SHA256_DIGEST_SIZE); + if (IsFound) +- break; +- +- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); ++ return DATA_FOUND; ++ } else if (verbose) { ++ console_notify(L"Not a DER encoding x.509 Certificate"); + } +- + } + +- if (IsFound) +- break; +- + dbsize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + } + +- if (IsFound) +- return DATA_FOUND; +- + return DATA_NOT_FOUND; + } + +-- +1.9.3 + diff --git a/SOURCES/0031-Remove-grubpath-in-generate_path.patch b/SOURCES/0031-Remove-grubpath-in-generate_path.patch new file mode 100644 index 0000000..bc0dfba --- /dev/null +++ b/SOURCES/0031-Remove-grubpath-in-generate_path.patch @@ -0,0 +1,64 @@ +From 78aaad3003d53a14a009176ad5816937e18fa33f Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Mon, 26 May 2014 16:49:10 +0800 +Subject: [PATCH 31/74] Remove grubpath in generate_path() + +The variable is not used anymore. + +Signed-off-by: Gary Ching-Pang Lin +--- + shim.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/shim.c b/shim.c +index cd26ce6..eb8542a 100644 +--- a/shim.c ++++ b/shim.c +@@ -1134,17 +1134,15 @@ should_use_fallback(EFI_HANDLE image_handle) + * of the executable + */ + static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, +- EFI_DEVICE_PATH **grubpath, CHAR16 **PathName) ++ CHAR16 **PathName) + { + EFI_DEVICE_PATH *devpath; +- EFI_HANDLE device; + unsigned int i; + int j, last = -1; + unsigned int pathlen = 0; + EFI_STATUS efi_status = EFI_SUCCESS; + CHAR16 *bootpath; + +- device = li->DeviceHandle; + devpath = li->FilePath; + + bootpath = DevicePathToStr(devpath); +@@ -1197,8 +1195,6 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, + StrCat(*PathName, bootpath); + StrCat(*PathName, ImagePath); + +- *grubpath = FileDevicePath(device, *PathName); +- + error: + FreePool(bootpath); + +@@ -1361,7 +1357,6 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + EFI_GUID loaded_image_protocol = LOADED_IMAGE_PROTOCOL; + EFI_STATUS efi_status; + EFI_LOADED_IMAGE *li, li_bak; +- EFI_DEVICE_PATH *path; + CHAR16 *PathName = NULL; + void *sourcebuffer = NULL; + UINT64 sourcesize = 0; +@@ -1383,7 +1378,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + /* + * Build a new path from the existing one plus the executable name + */ +- efi_status = generate_path(li, ImagePath, &path, &PathName); ++ efi_status = generate_path(li, ImagePath, &PathName); + + if (efi_status != EFI_SUCCESS) { + Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status); +-- +1.9.3 + diff --git a/SOURCES/0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch b/SOURCES/0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch new file mode 100644 index 0000000..cc781c9 --- /dev/null +++ b/SOURCES/0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch @@ -0,0 +1,69 @@ +From 53a8f8721c7e26717a47b668309e3ecb1f78a250 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Fri, 7 Mar 2014 16:56:14 +0800 +Subject: [PATCH 32/74] MokManager: delete the BS+NV variables the right way + +LibDeleteVariable assumes that the variable is RT+NV and it +won't work on a BS+NV variable. + +Signed-off-by: Gary Ching-Pang Lin +--- + MokManager.c | 28 +++++++++++++++++++++++++--- + 1 file changed, 25 insertions(+), 3 deletions(-) + +diff --git a/MokManager.c b/MokManager.c +index c9fbbac..0ab308f 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -1112,7 +1112,16 @@ static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) { + return -1; + } + } else { +- LibDeleteVariable(L"MokSBState", &shim_lock_guid); ++ efi_status = uefi_call_wrapper(RT->SetVariable, ++ 5, L"MokSBState", ++ &shim_lock_guid, ++ EFI_VARIABLE_NON_VOLATILE | ++ EFI_VARIABLE_BOOTSERVICE_ACCESS, ++ 0, NULL); ++ if (efi_status != EFI_SUCCESS) { ++ console_notify(L"Failed to delete Secure Boot state"); ++ return -1; ++ } + } + + console_notify(L"The system must now be rebooted"); +@@ -1224,7 +1233,16 @@ static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) { + return -1; + } + } else { +- LibDeleteVariable(L"MokDBState", &shim_lock_guid); ++ efi_status = uefi_call_wrapper(RT->SetVariable, 5, ++ L"MokDBState", ++ &shim_lock_guid, ++ EFI_VARIABLE_NON_VOLATILE | ++ EFI_VARIABLE_BOOTSERVICE_ACCESS, ++ 0, NULL); ++ if (efi_status != EFI_SUCCESS) { ++ console_notify(L"Failed to delete DB state"); ++ return -1; ++ } + } + + console_notify(L"The system must now be rebooted"); +@@ -1261,7 +1279,11 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) { + if (console_yes_no((CHAR16 *[]){L"Clear MOK password?", NULL}) == 0) + return 0; + +- LibDeleteVariable(L"MokPWStore", &shim_lock_guid); ++ uefi_call_wrapper(RT->SetVariable, 5, L"MokPWStore", ++ &shim_lock_guid, ++ EFI_VARIABLE_NON_VOLATILE ++ | EFI_VARIABLE_BOOTSERVICE_ACCESS, ++ 0, NULL); + LibDeleteVariable(L"MokPW", &shim_lock_guid); + console_notify(L"The system must now be rebooted"); + uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, EFI_SUCCESS, 0, +-- +1.9.3 + diff --git a/SOURCES/0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch b/SOURCES/0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch new file mode 100644 index 0000000..cc73929 --- /dev/null +++ b/SOURCES/0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch @@ -0,0 +1,160 @@ +From 22254e2633d58edd0176ccdfab9dd35171f89963 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 3 Dec 2013 15:52:02 +0800 +Subject: [PATCH 33/74] MokManager: handle the error status from ReadKeyStroke + +On some machines, even though the key event was signaled, ReadKeyStroke +still got EFI_NOT_READY. This commit handles the error status to avoid +console_get_keystroke from returning unexpected keys. + +Signed-off-by: Gary Ching-Pang Lin + +Conflicts: + MokManager.c +--- + MokManager.c | 17 +++++++++++++---- + include/console.h | 4 ++-- + lib/console.c | 26 ++++++++++++++++++-------- + 3 files changed, 33 insertions(+), 14 deletions(-) + +diff --git a/MokManager.c b/MokManager.c +index 0ab308f..50cb9d7 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -488,13 +488,19 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) + return EFI_SUCCESS; + } + +-static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show) ++static EFI_STATUS get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show) + { + EFI_INPUT_KEY key; ++ EFI_STATUS status; + unsigned int count = 0; + + do { +- key = console_get_keystroke(); ++ status = console_get_keystroke(&key); ++ if (EFI_ERROR (status)) { ++ console_error(L"Failed to read the keystroke", status); ++ *length = 0; ++ return status; ++ } + + if ((count >= line_max && + key.UnicodeChar != CHAR_BACKSPACE) || +@@ -525,7 +531,7 @@ static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show + + *length = count; + +- return 1; ++ return EFI_SUCCESS; + } + + static EFI_STATUS compute_pw_hash (void *Data, UINTN DataSize, UINT8 *password, +@@ -989,6 +995,7 @@ static INTN mok_deletion_prompt (void *MokDel, UINTN MokDelSize) + static CHAR16 get_password_charater (CHAR16 *prompt) + { + SIMPLE_TEXT_OUTPUT_MODE SavedMode; ++ EFI_STATUS status; + CHAR16 *message[2]; + CHAR16 character; + UINTN length; +@@ -1003,7 +1010,9 @@ static CHAR16 get_password_charater (CHAR16 *prompt) + message[1] = NULL; + length = StrLen(message[0]); + console_print_box_at(message, -1, -length-4, -5, length+4, 3, 0, 1); +- get_line(&pw_length, &character, 1, 0); ++ status = get_line(&pw_length, &character, 1, 0); ++ if (EFI_ERROR(status)) ++ character = 0; + + console_restore_mode(&SavedMode); + +diff --git a/include/console.h b/include/console.h +index e6c2818..9c793ea 100644 +--- a/include/console.h ++++ b/include/console.h +@@ -1,8 +1,8 @@ + #ifndef _SHIM_LIB_CONSOLE_H + #define _SHIM_LIB_CONSOLE_H 1 + +-EFI_INPUT_KEY +-console_get_keystroke(void); ++EFI_STATUS ++console_get_keystroke(EFI_INPUT_KEY *key); + void + console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_row, int size_cols, int size_rows, int offset, int lines); + void +diff --git a/lib/console.c b/lib/console.c +index 2fc8db3..41ed83a 100644 +--- a/lib/console.c ++++ b/lib/console.c +@@ -40,16 +40,18 @@ SetMem16(CHAR16 *dst, UINT32 n, CHAR16 c) + } + } + +-EFI_INPUT_KEY +-console_get_keystroke(void) ++EFI_STATUS ++console_get_keystroke(EFI_INPUT_KEY *key) + { +- EFI_INPUT_KEY key; + UINTN EventIndex; ++ EFI_STATUS status; + +- uefi_call_wrapper(BS->WaitForEvent, 3, 1, &ST->ConIn->WaitForKey, &EventIndex); +- uefi_call_wrapper(ST->ConIn->ReadKeyStroke, 2, ST->ConIn, &key); ++ do { ++ uefi_call_wrapper(BS->WaitForEvent, 3, 1, &ST->ConIn->WaitForKey, &EventIndex); ++ status = uefi_call_wrapper(ST->ConIn->ReadKeyStroke, 2, ST->ConIn, key); ++ } while (status == EFI_NOT_READY); + +- return key; ++ return status; + } + + void +@@ -162,6 +164,8 @@ console_print_box(CHAR16 *str_arr[], int highlight) + { + SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode; + SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; ++ EFI_INPUT_KEY key; ++ + CopyMem(&SavedConsoleMode, co->Mode, sizeof(SavedConsoleMode)); + uefi_call_wrapper(co->EnableCursor, 2, co, FALSE); + uefi_call_wrapper(co->SetAttribute, 2, co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); +@@ -169,7 +173,7 @@ console_print_box(CHAR16 *str_arr[], int highlight) + console_print_box_at(str_arr, highlight, 0, 0, -1, -1, 0, + count_lines(str_arr)); + +- console_get_keystroke(); ++ console_get_keystroke(&key); + + uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); + +@@ -184,6 +188,7 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start) + SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode; + SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; + EFI_INPUT_KEY k; ++ EFI_STATUS status; + int selector; + int selector_lines = count_lines(selectors); + int selector_max_cols = 0; +@@ -237,7 +242,12 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start) + size_cols, size_rows, 0, lines); + + do { +- k = console_get_keystroke(); ++ status = console_get_keystroke(&k); ++ if (EFI_ERROR (status)) { ++ Print(L"Failed to read the keystroke: %r", status); ++ selector = -1; ++ break; ++ } + + if (k.ScanCode == SCAN_ESC) { + selector = -1; +-- +1.9.3 + diff --git a/SOURCES/0034-Exclude-ca.crt-while-signing-EFI-images.patch b/SOURCES/0034-Exclude-ca.crt-while-signing-EFI-images.patch new file mode 100644 index 0000000..a1c9da7 --- /dev/null +++ b/SOURCES/0034-Exclude-ca.crt-while-signing-EFI-images.patch @@ -0,0 +1,30 @@ +From 09283f08f001305db5a3299b53acba85bf6c9876 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Mon, 4 Nov 2013 17:51:55 +0800 +Subject: [PATCH 34/74] Exclude ca.crt while signing EFI images + +If ca.crt was added into the certificate database, ca.crt would be the first +certificate in the signature. Because shim couldn't verify ca.crt with the +embedded shim.cer, it failed to load MokManager.efi.signed and +fallback.efi.signed. + +Signed-off-by: Gary Ching-Pang Lin +--- + Makefile | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 46e5ef9..df190a2 100644 +--- a/Makefile ++++ b/Makefile +@@ -73,7 +73,6 @@ version.c : version.c.in + + certdb/secmod.db: shim.crt + -mkdir certdb +- certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt + pk12util -d certdb/ -i shim.p12 -W "" -K "" + certutil -d certdb/ -A -i shim.crt -n shim -t u + +-- +1.9.3 + diff --git a/SOURCES/0035-No-newline-for-console_notify.patch b/SOURCES/0035-No-newline-for-console_notify.patch new file mode 100644 index 0000000..a22e4b6 --- /dev/null +++ b/SOURCES/0035-No-newline-for-console_notify.patch @@ -0,0 +1,49 @@ +From dc8fc734b8d8c7720fd25ff8a35fc3f9ee384f3b Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Mon, 28 Oct 2013 16:36:34 +0800 +Subject: [PATCH 35/74] No newline for console_notify + +The newlines are for Print(), not console_notify(). + +Signed-off-by: Gary Ching-Pang Lin + +Conflicts: + shim.c +--- + shim.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/shim.c b/shim.c +index eb8542a..f9fa606 100644 +--- a/shim.c ++++ b/shim.c +@@ -479,7 +479,7 @@ static BOOLEAN secure_mode (void) + status = get_variable(L"SecureBoot", &Data, &len, global_var); + if (status != EFI_SUCCESS) { + if (verbose) +- console_notify(L"Secure boot not enabled\n"); ++ console_notify(L"Secure boot not enabled"); + return FALSE; + } + sb = *Data; +@@ -487,7 +487,7 @@ static BOOLEAN secure_mode (void) + + if (sb != 1) { + if (verbose) +- console_notify(L"Secure boot not enabled\n"); ++ console_notify(L"Secure boot not enabled"); + return FALSE; + } + +@@ -500,7 +500,7 @@ static BOOLEAN secure_mode (void) + + if (setupmode == 1) { + if (verbose) +- console_notify(L"Platform is in setup mode\n"); ++ console_notify(L"Platform is in setup mode"); + return FALSE; + } + +-- +1.9.3 + diff --git a/SOURCES/0036-Remove-the-duplicate-calls-in-lib-console.c.patch b/SOURCES/0036-Remove-the-duplicate-calls-in-lib-console.c.patch new file mode 100644 index 0000000..c6a4ced --- /dev/null +++ b/SOURCES/0036-Remove-the-duplicate-calls-in-lib-console.c.patch @@ -0,0 +1,35 @@ +From 8bd7bad4b77bb99c3978d328ee54e64a53b4dcfc Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 31 Oct 2013 17:55:17 +0800 +Subject: [PATCH 36/74] Remove the duplicate calls in lib/console.c + +Signed-off-by: Gary Ching-Pang Lin +--- + lib/console.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/lib/console.c b/lib/console.c +index 41ed83a..83ee679 100644 +--- a/lib/console.c ++++ b/lib/console.c +@@ -176,8 +176,6 @@ console_print_box(CHAR16 *str_arr[], int highlight) + console_get_keystroke(&key); + + uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); +- +- uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); + uefi_call_wrapper(co->SetCursorPosition, 3, co, SavedConsoleMode.CursorColumn, SavedConsoleMode.CursorRow); + uefi_call_wrapper(co->SetAttribute, 2, co, SavedConsoleMode.Attribute); + } +@@ -273,8 +271,6 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start) + && k.UnicodeChar == CHAR_CARRIAGE_RETURN)); + + uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); +- +- uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); + uefi_call_wrapper(co->SetCursorPosition, 3, co, SavedConsoleMode.CursorColumn, SavedConsoleMode.CursorRow); + uefi_call_wrapper(co->SetAttribute, 2, co, SavedConsoleMode.Attribute); + +-- +1.9.3 + diff --git a/SOURCES/0037-Silence-the-functions-of-shim-protocol.patch b/SOURCES/0037-Silence-the-functions-of-shim-protocol.patch new file mode 100644 index 0000000..11bdd55 --- /dev/null +++ b/SOURCES/0037-Silence-the-functions-of-shim-protocol.patch @@ -0,0 +1,716 @@ +From 4bfb13d803f4d8efe544e0f2aa9cd712b8cb84b1 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 1 Oct 2013 11:58:52 +0800 +Subject: [PATCH 37/74] Silence the functions of shim protocol + +When grub2 invokes the functions of shim protocol in gfx mode, +OutputString in shim could distort the screen. + +Signed-off-by: Gary Ching-Pang Lin + +Conflicts: + shim.c + +(modified by pjones to include some newer Prints that weren't there when +Gary did the initial work here.) +--- + shim.c | 192 ++++++++++++++++++++++++++++++++++++++--------------------------- + 1 file changed, 114 insertions(+), 78 deletions(-) + +diff --git a/shim.c b/shim.c +index f9fa606..69af766 100644 +--- a/shim.c ++++ b/shim.c +@@ -59,6 +59,14 @@ static EFI_STATUS (EFIAPI *entry_point) (EFI_HANDLE image_handle, EFI_SYSTEM_TAB + static CHAR16 *second_stage; + static void *load_options; + static UINT32 load_options_size; ++static UINT8 in_protocol; ++ ++#define perror(fmt, ...) ({ \ ++ UINTN __perror_ret = 0; \ ++ if (in_protocol) \ ++ __perror_ret = Print((fmt), ##__VA_ARGS__); \ ++ __perror_ret; \ ++ }) + + EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }; + +@@ -133,7 +141,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + #endif + + if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { +- Print(L"Image has no relocation entry\n"); ++ perror(L"Image has no relocation entry\n"); + return EFI_UNSUPPORTED; + } + +@@ -141,7 +149,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); + + if (!RelocBase || !RelocBaseEnd) { +- Print(L"Reloc table overflows binary\n"); ++ perror(L"Reloc table overflows binary\n"); + return EFI_UNSUPPORTED; + } + +@@ -154,19 +162,19 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION)); + + if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) { +- Print(L"Reloc block size is invalid\n"); ++ perror(L"Reloc block size is invalid\n"); + return EFI_UNSUPPORTED; + } + + RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock); + if ((void *)RelocEnd < data || (void *)RelocEnd > ImageEnd) { +- Print(L"Reloc entry overflows binary\n"); ++ perror(L"Reloc entry overflows binary\n"); + return EFI_UNSUPPORTED; + } + + FixupBase = ImageAddress(data, size, RelocBase->VirtualAddress); + if (!FixupBase) { +- Print(L"Invalid fixupbase\n"); ++ perror(L"Invalid fixupbase\n"); + return EFI_UNSUPPORTED; + } + +@@ -215,7 +223,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + break; + + default: +- Print(L"Unknown relocation\n"); ++ perror(L"Unknown relocation\n"); + return EFI_UNSUPPORTED; + } + Reloc += 1; +@@ -478,7 +486,7 @@ static BOOLEAN secure_mode (void) + + status = get_variable(L"SecureBoot", &Data, &len, global_var); + if (status != EFI_SUCCESS) { +- if (verbose) ++ if (verbose && !in_protocol) + console_notify(L"Secure boot not enabled"); + return FALSE; + } +@@ -486,7 +494,7 @@ static BOOLEAN secure_mode (void) + FreePool(Data); + + if (sb != 1) { +- if (verbose) ++ if (verbose && !in_protocol) + console_notify(L"Secure boot not enabled"); + return FALSE; + } +@@ -499,7 +507,7 @@ static BOOLEAN secure_mode (void) + FreePool(Data); + + if (setupmode == 1) { +- if (verbose) ++ if (verbose && !in_protocol) + console_notify(L"Platform is in setup mode"); + return FALSE; + } +@@ -531,14 +539,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + unsigned int PEHdr_offset = 0; + + if (datasize_in < 0) { +- Print(L"Invalid data size\n"); ++ perror(L"Invalid data size\n"); + return EFI_INVALID_PARAMETER; + } + size = datasize = (unsigned int)datasize_in; + + if (datasize <= sizeof (*DosHdr) || + DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) { +- Print(L"Invalid signature\n"); ++ perror(L"Invalid signature\n"); + return EFI_INVALID_PARAMETER; + } + PEHdr_offset = DosHdr->e_lfanew; +@@ -550,12 +558,12 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + sha1ctx = AllocatePool(sha1ctxsize); + + if (!sha256ctx || !sha1ctx) { +- Print(L"Unable to allocate memory for hash context\n"); ++ perror(L"Unable to allocate memory for hash context\n"); + return EFI_OUT_OF_RESOURCES; + } + + if (!Sha256Init(sha256ctx) || !Sha1Init(sha1ctx)) { +- Print(L"Unable to initialise hash\n"); ++ perror(L"Unable to initialise hash\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -567,7 +575,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +- Print(L"Unable to generate hash\n"); ++ perror(L"Unable to generate hash\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -579,7 +587,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +- Print(L"Unable to generate hash\n"); ++ perror(L"Unable to generate hash\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -597,7 +605,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +- Print(L"Unable to generate hash\n"); ++ perror(L"Unable to generate hash\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -621,14 +629,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + + (index * sizeof(*SectionPtr))); + if (!SectionPtr) { +- Print(L"Malformed section %d\n", index); ++ perror(L"Malformed section %d\n", index); + status = EFI_INVALID_PARAMETER; + goto done; + } + /* Validate section size is within image. */ + if (SectionPtr->SizeOfRawData > + datasize - SumOfBytesHashed - SumOfSectionBytes) { +- Print(L"Malformed section %d size\n", index); ++ perror(L"Malformed section %d size\n", index); + status = EFI_INVALID_PARAMETER; + goto done; + } +@@ -637,7 +645,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * context->PEHdr->Pe32.FileHeader.NumberOfSections); + if (SectionHeader == NULL) { +- Print(L"Unable to allocate section header\n"); ++ perror(L"Unable to allocate section header\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -669,7 +677,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + hashbase = ImageAddress(data, size, Section->PointerToRawData); + + if (!hashbase) { +- Print(L"Malformed section header\n"); ++ perror(L"Malformed section header\n"); + status = EFI_INVALID_PARAMETER; + goto done; + } +@@ -677,7 +685,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + /* Verify hashsize within image. */ + if (Section->SizeOfRawData > + datasize - Section->PointerToRawData) { +- Print(L"Malformed section raw size %d\n", index); ++ perror(L"Malformed section raw size %d\n", index); + status = EFI_INVALID_PARAMETER; + goto done; + } +@@ -685,7 +693,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +- Print(L"Unable to generate hash\n"); ++ perror(L"Unable to generate hash\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -706,7 +714,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +- Print(L"Unable to generate hash\n"); ++ perror(L"Unable to generate hash\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -714,7 +722,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + + if (!(Sha256Final(sha256ctx, sha256hash)) || + !(Sha1Final(sha1ctx, sha1hash))) { +- Print(L"Unable to finalise hash\n"); ++ perror(L"Unable to finalise hash\n"); + status = EFI_OUT_OF_RESOURCES; + goto done; + } +@@ -744,9 +752,9 @@ static EFI_STATUS verify_mok (void) { + shim_lock_guid, &attributes); + + if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) { +- Print(L"MokList is compromised!\nErase all keys in MokList!\n"); ++ perror(L"MokList is compromised!\nErase all keys in MokList!\n"); + if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) { +- Print(L"Failed to erase MokList\n"); ++ perror(L"Failed to erase MokList\n"); + return EFI_ACCESS_DENIED; + } + } +@@ -774,13 +782,13 @@ static EFI_STATUS verify_buffer (char *data, int datasize, + context->SecDir->VirtualAddress); + + if (!cert) { +- Print(L"Certificate located outside the image\n"); ++ perror(L"Certificate located outside the image\n"); + return EFI_INVALID_PARAMETER; + } + + if (cert->Hdr.wCertificateType != + WIN_CERT_TYPE_PKCS_SIGNED_DATA) { +- Print(L"Unsupported certificate type %x\n", ++ perror(L"Unsupported certificate type %x\n", + cert->Hdr.wCertificateType); + return EFI_UNSUPPORTED; + } +@@ -804,7 +812,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, + status = check_blacklist(cert, sha256hash, sha1hash); + + if (status != EFI_SUCCESS) { +- Print(L"Binary is blacklisted\n"); ++ perror(L"Binary is blacklisted\n"); + return status; + } + +@@ -857,7 +865,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize; + + if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) { +- Print(L"Invalid image\n"); ++ perror(L"Invalid image\n"); + return EFI_UNSUPPORTED; + } + +@@ -877,7 +885,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; + + if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) { +- Print(L"Image header too small\n"); ++ perror(L"Image header too small\n"); + return EFI_UNSUPPORTED; + } + +@@ -885,7 +893,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + - sizeof (EFI_IMAGE_DATA_DIRECTORY) * EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES; + if (((UINT32)PEHdr->Pe32.FileHeader.SizeOfOptionalHeader - HeaderWithoutDataDir) != + context->NumberOfRvaAndSizes * sizeof (EFI_IMAGE_DATA_DIRECTORY)) { +- Print(L"Image header overflows data directory\n"); ++ perror(L"Image header overflows data directory\n"); + return EFI_UNSUPPORTED; + } + +@@ -895,28 +903,28 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader; + if (((UINT32)context->ImageSize - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER + <= context->NumberOfSections) { +- Print(L"Image sections overflow image size\n"); ++ perror(L"Image sections overflow image size\n"); + return EFI_UNSUPPORTED; + } + + if ((context->SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER + < (UINT32)context->NumberOfSections) { +- Print(L"Image sections overflow section headers\n"); ++ perror(L"Image sections overflow section headers\n"); + return EFI_UNSUPPORTED; + } + + if ((((UINT8 *)PEHdr - (UINT8 *)data) + sizeof(EFI_IMAGE_OPTIONAL_HEADER_UNION)) > datasize) { +- Print(L"Invalid image\n"); ++ perror(L"Invalid image\n"); + return EFI_UNSUPPORTED; + } + + if (PEHdr->Te.Signature != EFI_IMAGE_NT_SIGNATURE) { +- Print(L"Unsupported image type\n"); ++ perror(L"Unsupported image type\n"); + return EFI_UNSUPPORTED; + } + + if (PEHdr->Pe32.FileHeader.Characteristics & EFI_IMAGE_FILE_RELOCS_STRIPPED) { +- Print(L"Unsupported image - Relocations have been stripped\n"); ++ perror(L"Unsupported image - Relocations have been stripped\n"); + return EFI_UNSUPPORTED; + } + +@@ -935,23 +943,24 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER)); + + if (context->ImageSize < context->SizeOfHeaders) { +- Print(L"Invalid image\n"); ++ perror(L"Invalid image\n"); + return EFI_UNSUPPORTED; + } + + if ((unsigned long)((UINT8 *)context->SecDir - (UINT8 *)data) > + (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) { +- Print(L"Invalid image\n"); ++ perror(L"Invalid image\n"); + return EFI_UNSUPPORTED; + } + + if (context->SecDir->VirtualAddress >= datasize) { +- Print(L"Malformed security header\n"); ++ perror(L"Malformed security header\n"); + return EFI_INVALID_PARAMETER; + } + return EFI_SUCCESS; + } + ++ + /* + * Once the image has been loaded it needs to be validated and relocated + */ +@@ -971,7 +980,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + */ + efi_status = read_header(data, datasize, &context); + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to read header: %r\n", efi_status); ++ perror(L"Failed to read header: %r\n", efi_status); + return efi_status; + } + +@@ -993,7 +1002,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + buffer = AllocatePool(context.ImageSize); + + if (!buffer) { +- Print(L"Failed to allocate image buffer\n"); ++ perror(L"Failed to allocate image buffer\n"); + return EFI_OUT_OF_RESOURCES; + } + +@@ -1013,13 +1022,13 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + end = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress + size - 1); + + if (!base || !end) { +- Print(L"Invalid section size\n"); ++ perror(L"Invalid section size\n"); + return EFI_UNSUPPORTED; + } + + if (Section->VirtualAddress < context.SizeOfHeaders || + Section->PointerToRawData < context.SizeOfHeaders) { +- Print(L"Section is inside image headers\n"); ++ perror(L"Section is inside image headers\n"); + return EFI_UNSUPPORTED; + } + +@@ -1038,7 +1047,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + efi_status = relocate_coff(&context, buffer); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Relocation failed: %r\n", efi_status); ++ perror(L"Relocation failed: %r\n", efi_status); + FreePool(buffer); + return efi_status; + } +@@ -1056,7 +1065,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + li->LoadOptionsSize = load_options_size; + + if (!entry_point) { +- Print(L"Invalid entry point\n"); ++ perror(L"Invalid entry point\n"); + FreePool(buffer); + return EFI_UNSUPPORTED; + } +@@ -1079,7 +1088,7 @@ should_use_fallback(EFI_HANDLE image_handle) + rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, + &loaded_image_protocol, (void **)&li); + if (EFI_ERROR(rc)) { +- Print(L"Could not get image for bootx64.efi: %r\n", rc); ++ perror(L"Could not get image for bootx64.efi: %r\n", rc); + return 0; + } + +@@ -1101,13 +1110,13 @@ should_use_fallback(EFI_HANDLE image_handle) + rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle, + &FileSystemProtocol, (void **)&fio); + if (EFI_ERROR(rc)) { +- Print(L"Could not get fio for li->DeviceHandle: %r\n", rc); ++ perror(L"Could not get fio for li->DeviceHandle: %r\n", rc); + return 0; + } +- ++ + rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh); + if (EFI_ERROR(rc)) { +- Print(L"Could not open fio volume: %r\n", rc); ++ perror(L"Could not open fio volume: %r\n", rc); + return 0; + } + +@@ -1185,7 +1194,7 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, + *PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath)); + + if (!*PathName) { +- Print(L"Failed to allocate path buffer\n"); ++ perror(L"Failed to allocate path buffer\n"); + efi_status = EFI_OUT_OF_RESOURCES; + goto error; + } +@@ -1226,14 +1235,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + (void **)&drive); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to find fs: %r\n", efi_status); ++ perror(L"Failed to find fs: %r\n", efi_status); + goto error; + } + + efi_status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to open fs: %r\n", efi_status); ++ perror(L"Failed to open fs: %r\n", efi_status); + goto error; + } + +@@ -1244,14 +1253,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + EFI_FILE_MODE_READ, 0); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to open %s - %r\n", PathName, efi_status); ++ perror(L"Failed to open %s - %r\n", PathName, efi_status); + goto error; + } + + fileinfo = AllocatePool(buffersize); + + if (!fileinfo) { +- Print(L"Unable to allocate file info buffer\n"); ++ perror(L"Unable to allocate file info buffer\n"); + efi_status = EFI_OUT_OF_RESOURCES; + goto error; + } +@@ -1267,7 +1276,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + FreePool(fileinfo); + fileinfo = AllocatePool(buffersize); + if (!fileinfo) { +- Print(L"Unable to allocate file info buffer\n"); ++ perror(L"Unable to allocate file info buffer\n"); + efi_status = EFI_OUT_OF_RESOURCES; + goto error; + } +@@ -1277,7 +1286,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + } + + if (efi_status != EFI_SUCCESS) { +- Print(L"Unable to get file info: %r\n", efi_status); ++ perror(L"Unable to get file info: %r\n", efi_status); + goto error; + } + +@@ -1286,7 +1295,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + *data = AllocatePool(buffersize); + + if (!*data) { +- Print(L"Unable to allocate file buffer\n"); ++ perror(L"Unable to allocate file buffer\n"); + efi_status = EFI_OUT_OF_RESOURCES; + goto error; + } +@@ -1305,7 +1314,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, + } + + if (efi_status != EFI_SUCCESS) { +- Print(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize); ++ perror(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize); + goto error; + } + +@@ -1335,6 +1344,7 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size) + PE_COFF_LOADER_IMAGE_CONTEXT context; + + loader_is_participating = 1; ++ in_protocol = 1; + + if (!secure_mode()) + return EFI_SUCCESS; +@@ -1342,9 +1352,35 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size) + status = read_header(buffer, size, &context); + + if (status != EFI_SUCCESS) +- return status; ++ goto done; + + status = verify_buffer(buffer, size, &context); ++done: ++ in_protocol = 0; ++ return status; ++} ++ ++static EFI_STATUS shim_hash (char *data, int datasize, ++ PE_COFF_LOADER_IMAGE_CONTEXT *context, ++ UINT8 *sha256hash, UINT8 *sha1hash) ++{ ++ EFI_STATUS status; ++ ++ in_protocol = 1; ++ status = generate_hash(data, datasize, context, sha256hash, sha1hash); ++ in_protocol = 0; ++ ++ return status; ++} ++ ++static EFI_STATUS shim_read_header(void *data, unsigned int datasize, ++ PE_COFF_LOADER_IMAGE_CONTEXT *context) ++{ ++ EFI_STATUS status; ++ ++ in_protocol = 1; ++ status = read_header(data, datasize, context); ++ in_protocol = 0; + + return status; + } +@@ -1371,7 +1407,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + &loaded_image_protocol, (void **)&li); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Unable to init protocol\n"); ++ perror(L"Unable to init protocol\n"); + return efi_status; + } + +@@ -1381,20 +1417,20 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + efi_status = generate_path(li, ImagePath, &PathName); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status); ++ perror(L"Unable to generate path %s: %r\n", ImagePath, efi_status); + goto done; + } + + if (findNetboot(li->DeviceHandle)) { + efi_status = parseNetbootinfo(image_handle); + if (efi_status != EFI_SUCCESS) { +- Print(L"Netboot parsing failed: %r\n", efi_status); ++ perror(L"Netboot parsing failed: %r\n", efi_status); + return EFI_PROTOCOL_ERROR; + } + efi_status = FetchNetbootimage(image_handle, &sourcebuffer, + &sourcesize); + if (efi_status != EFI_SUCCESS) { +- Print(L"Unable to fetch TFTP image: %r\n", efi_status); ++ perror(L"Unable to fetch TFTP image: %r\n", efi_status); + return efi_status; + } + data = sourcebuffer; +@@ -1406,7 +1442,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + efi_status = load_image(li, &data, &datasize, PathName); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to load image %s: %r\n", PathName, efi_status); ++ perror(L"Failed to load image %s: %r\n", PathName, efi_status); + goto done; + } + } +@@ -1423,7 +1459,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) + efi_status = handle_image(data, datasize, li); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to load image: %r\n", efi_status); ++ perror(L"Failed to load image: %r\n", efi_status); + CopyMem(li, &li_bak, sizeof(li_bak)); + goto done; + } +@@ -1495,7 +1531,7 @@ EFI_STATUS mirror_mok_list() + ; + FullData = AllocatePool(FullDataSize); + if (!FullData) { +- Print(L"Failed to allocate space for MokListRT\n"); ++ perror(L"Failed to allocate space for MokListRT\n"); + return EFI_OUT_OF_RESOURCES; + } + p = FullData; +@@ -1526,7 +1562,7 @@ EFI_STATUS mirror_mok_list() + | EFI_VARIABLE_RUNTIME_ACCESS, + FullDataSize, FullData); + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to set MokListRT: %r\n", efi_status); ++ perror(L"Failed to set MokListRT: %r\n", efi_status); + } + + return efi_status; +@@ -1567,7 +1603,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) + efi_status = start_image(image_handle, MOK_MANAGER); + + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to start MokManager: %r\n", efi_status); ++ perror(L"Failed to start MokManager: %r\n", efi_status); + return efi_status; + } + } +@@ -1601,9 +1637,9 @@ static EFI_STATUS check_mok_sb (void) + * modified by the OS + */ + if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { +- Print(L"MokSBState is compromised! Clearing it\n"); ++ perror(L"MokSBState is compromised! Clearing it\n"); + if (LibDeleteVariable(L"MokSBState", &shim_lock_guid) != EFI_SUCCESS) { +- Print(L"Failed to erase MokSBState\n"); ++ perror(L"Failed to erase MokSBState\n"); + } + status = EFI_ACCESS_DENIED; + } else { +@@ -1642,9 +1678,9 @@ static EFI_STATUS check_mok_db (void) + * modified by the OS + */ + if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { +- Print(L"MokDBState is compromised! Clearing it\n"); ++ perror(L"MokDBState is compromised! Clearing it\n"); + if (LibDeleteVariable(L"MokDBState", &shim_lock_guid) != EFI_SUCCESS) { +- Print(L"Failed to erase MokDBState\n"); ++ perror(L"Failed to erase MokDBState\n"); + } + status = EFI_ACCESS_DENIED; + } else { +@@ -1674,7 +1710,7 @@ static EFI_STATUS mok_ignore_db() + | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, (void *)&Data); + if (efi_status != EFI_SUCCESS) { +- Print(L"Failed to set MokIgnoreDB: %r\n", efi_status); ++ perror(L"Failed to set MokIgnoreDB: %r\n", efi_status); + } + } + +@@ -1702,7 +1738,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) + status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, + &LoadedImageProtocol, (void **) &li); + if (status != EFI_SUCCESS) { +- Print (L"Failed to get load options: %r\n", status); ++ perror (L"Failed to get load options: %r\n", status); + return status; + } + +@@ -1746,7 +1782,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) + if (loader_len > 0) { + loader_str = AllocatePool((loader_len + 1) * sizeof(CHAR16)); + if (!loader_str) { +- Print(L"Failed to allocate loader string\n"); ++ perror(L"Failed to allocate loader string\n"); + return EFI_OUT_OF_RESOURCES; + } + for (i = 0; i < loader_len; i++) +@@ -1825,8 +1861,8 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) + * call back in and use shim functions + */ + shim_lock_interface.Verify = shim_verify; +- shim_lock_interface.Hash = generate_hash; +- shim_lock_interface.Context = read_header; ++ shim_lock_interface.Hash = shim_hash; ++ shim_lock_interface.Context = shim_read_header; + + systab = passed_systab; + +-- +1.9.3 + diff --git a/SOURCES/0038-Free-the-string-from-DevicePathToStr.patch b/SOURCES/0038-Free-the-string-from-DevicePathToStr.patch new file mode 100644 index 0000000..9885446 --- /dev/null +++ b/SOURCES/0038-Free-the-string-from-DevicePathToStr.patch @@ -0,0 +1,82 @@ +From c36d88cb16d10fdc8da2abcc00d3c51f0d425e34 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 31 Oct 2013 17:54:46 +0800 +Subject: [PATCH 38/74] Free the string from DevicePathToStr + +Signed-off-by: Gary Ching-Pang Lin + +Conflicts: + shim.c +--- + shim.c | 20 +++++++++++++------- + 1 file changed, 13 insertions(+), 7 deletions(-) + +diff --git a/shim.c b/shim.c +index 69af766..72d6072 100644 +--- a/shim.c ++++ b/shim.c +@@ -1079,11 +1079,12 @@ should_use_fallback(EFI_HANDLE image_handle) + EFI_GUID loaded_image_protocol = LOADED_IMAGE_PROTOCOL; + EFI_LOADED_IMAGE *li; + unsigned int pathlen = 0; +- CHAR16 *bootpath; ++ CHAR16 *bootpath = NULL; + EFI_FILE_IO_INTERFACE *fio = NULL; + EFI_FILE *vh; + EFI_FILE *fh; + EFI_STATUS rc; ++ int ret = 0; + + rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, + &loaded_image_protocol, (void **)&li); +@@ -1101,23 +1102,23 @@ should_use_fallback(EFI_HANDLE image_handle) + */ + if (StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\BOOT", 14) && + StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\/BOOT", 15)) +- return 0; ++ goto error; + + pathlen = StrLen(bootpath); + if (pathlen < 5 || StrCaseCmp(bootpath + pathlen - 4, L".EFI")) +- return 0; ++ goto error; + + rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle, + &FileSystemProtocol, (void **)&fio); + if (EFI_ERROR(rc)) { + perror(L"Could not get fio for li->DeviceHandle: %r\n", rc); +- return 0; ++ goto error; + } + + rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh); + if (EFI_ERROR(rc)) { + perror(L"Could not open fio volume: %r\n", rc); +- return 0; ++ goto error; + } + + rc = uefi_call_wrapper(vh->Open, 5, vh, &fh, L"\\EFI\\BOOT" FALLBACK, +@@ -1130,12 +1131,17 @@ should_use_fallback(EFI_HANDLE image_handle) + * rc); + */ + uefi_call_wrapper(vh->Close, 1, vh); +- return 0; ++ goto error; + } + uefi_call_wrapper(fh->Close, 1, fh); + uefi_call_wrapper(vh->Close, 1, vh); + +- return 1; ++ ret = 1; ++error: ++ if (bootpath) ++ FreePool(bootpath); ++ ++ return ret; + } + + /* +-- +1.9.3 + diff --git a/SOURCES/0039-Explain-the-logic-in-secure_mode-better.patch b/SOURCES/0039-Explain-the-logic-in-secure_mode-better.patch new file mode 100644 index 0000000..4c385a1 --- /dev/null +++ b/SOURCES/0039-Explain-the-logic-in-secure_mode-better.patch @@ -0,0 +1,33 @@ +From 86173dba42ad5ae002ac99cc515e60104da2245c Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 25 Jun 2014 10:46:19 -0400 +Subject: [PATCH 39/74] Explain the logic in secure_mode() better. + +I was getting confused reading it, and I wrote it, so clearly it needs +more commentry. + +Signed-off-by: Peter Jones +--- + shim.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/shim.c b/shim.c +index 72d6072..210e778 100644 +--- a/shim.c ++++ b/shim.c +@@ -499,6 +499,12 @@ static BOOLEAN secure_mode (void) + return FALSE; + } + ++ /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode", ++ * then the implementation is bad, but we assume that secure boot is ++ * enabled according to the status of "SecureBoot". If we have both ++ * of them, then "SetupMode" may tell us additional data, and we need ++ * to consider it. ++ */ + status = get_variable(L"SetupMode", &Data, &len, global_var); + if (status != EFI_SUCCESS) + return TRUE; +-- +1.9.3 + diff --git a/SOURCES/0040-Check-the-secure-variables-with-the-lib-functions.patch b/SOURCES/0040-Check-the-secure-variables-with-the-lib-functions.patch new file mode 100644 index 0000000..f8d0206 --- /dev/null +++ b/SOURCES/0040-Check-the-secure-variables-with-the-lib-functions.patch @@ -0,0 +1,106 @@ +From 868b3721159ee615a1b774645d610a13b5827e5e Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 31 Oct 2013 16:08:32 +0800 +Subject: [PATCH 40/74] Check the secure variables with the lib functions + +There are functions defined in lib to check the secure variables. +Use the functions to shun the duplicate code. + +Signed-off-by: Gary Ching-Pang Lin + +Conflicts: + shim.c +--- + lib/variables.c | 14 ++++++++++---- + shim.c | 32 ++------------------------------ + 2 files changed, 12 insertions(+), 34 deletions(-) + +diff --git a/lib/variables.c b/lib/variables.c +index 3a9735e..4c64d7e 100644 +--- a/lib/variables.c ++++ b/lib/variables.c +@@ -284,9 +284,12 @@ variable_is_setupmode(void) + /* set to 1 because we return true if SetupMode doesn't exist */ + UINT8 SetupMode = 1; + UINTN DataSize = sizeof(SetupMode); ++ EFI_STATUS status; + +- uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL, +- &DataSize, &SetupMode); ++ status = uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL, ++ &DataSize, &SetupMode); ++ if (EFI_ERROR(status)) ++ return 1; + + return SetupMode; + } +@@ -297,10 +300,13 @@ variable_is_secureboot(void) + /* return false if variable doesn't exist */ + UINT8 SecureBoot = 0; + UINTN DataSize; ++ EFI_STATUS status; + + DataSize = sizeof(SecureBoot); +- uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL, +- &DataSize, &SecureBoot); ++ status = uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL, ++ &DataSize, &SecureBoot); ++ if (EFI_ERROR(status)) ++ return 0; + + return SecureBoot; + } +diff --git a/shim.c b/shim.c +index 210e778..14fb601 100644 +--- a/shim.c ++++ b/shim.c +@@ -475,44 +475,16 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert, + + static BOOLEAN secure_mode (void) + { +- EFI_STATUS status; +- EFI_GUID global_var = EFI_GLOBAL_VARIABLE; +- UINTN len; +- UINT8 *Data; +- UINT8 sb, setupmode; +- + if (user_insecure_mode) + return FALSE; + +- status = get_variable(L"SecureBoot", &Data, &len, global_var); +- if (status != EFI_SUCCESS) { ++ if (variable_is_secureboot() != 1) { + if (verbose && !in_protocol) + console_notify(L"Secure boot not enabled"); + return FALSE; + } +- sb = *Data; +- FreePool(Data); +- +- if (sb != 1) { +- if (verbose && !in_protocol) +- console_notify(L"Secure boot not enabled"); +- return FALSE; +- } +- +- /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode", +- * then the implementation is bad, but we assume that secure boot is +- * enabled according to the status of "SecureBoot". If we have both +- * of them, then "SetupMode" may tell us additional data, and we need +- * to consider it. +- */ +- status = get_variable(L"SetupMode", &Data, &len, global_var); +- if (status != EFI_SUCCESS) +- return TRUE; +- +- setupmode = *Data; +- FreePool(Data); + +- if (setupmode == 1) { ++ if (variable_is_setupmode() == 1) { + if (verbose && !in_protocol) + console_notify(L"Platform is in setup mode"); + return FALSE; +-- +1.9.3 + diff --git a/SOURCES/0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch b/SOURCES/0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch new file mode 100644 index 0000000..c55346e --- /dev/null +++ b/SOURCES/0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch @@ -0,0 +1,84 @@ +From eb4cb6a50981f9ef4698b3847bd32e70081ab71d Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 25 Jun 2014 10:55:56 -0400 +Subject: [PATCH 41/74] Make sure we default to assuming we're locked down. + +If "SecureBoot" exists but "SetupMode" does not, assume "SetupMode" says +we're not in Setup Mode. + +Signed-off-by: Peter Jones +--- + include/variables.h | 2 +- + lib/variables.c | 8 ++++---- + shim.c | 8 +++++++- + 3 files changed, 12 insertions(+), 6 deletions(-) + +diff --git a/include/variables.h b/include/variables.h +index b207dbf..deed269 100644 +--- a/include/variables.h ++++ b/include/variables.h +@@ -50,7 +50,7 @@ SETOSIndicationsAndReboot(UINT64 indications); + int + variable_is_secureboot(void); + int +-variable_is_setupmode(void); ++variable_is_setupmode(int default_return); + EFI_STATUS + variable_enroll_hash(CHAR16 *var, EFI_GUID owner, + UINT8 hash[SHA256_DIGEST_SIZE]); +diff --git a/lib/variables.c b/lib/variables.c +index 4c64d7e..59d7d05 100644 +--- a/lib/variables.c ++++ b/lib/variables.c +@@ -139,7 +139,7 @@ SetSecureVariable(CHAR16 *var, UINT8 *Data, UINTN len, EFI_GUID owner, + /* Microsoft request: Bugs in some UEFI platforms mean that PK or any + * other secure variable can be updated or deleted programmatically, + * so prevent */ +- if (!variable_is_setupmode()) ++ if (!variable_is_setupmode(1)) + return EFI_SECURITY_VIOLATION; + + if (createtimebased) { +@@ -279,17 +279,17 @@ find_in_variable_esl(CHAR16* var, EFI_GUID owner, UINT8 *key, UINTN keylen) + } + + int +-variable_is_setupmode(void) ++variable_is_setupmode(int default_return) + { + /* set to 1 because we return true if SetupMode doesn't exist */ +- UINT8 SetupMode = 1; ++ UINT8 SetupMode = default_return; + UINTN DataSize = sizeof(SetupMode); + EFI_STATUS status; + + status = uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL, + &DataSize, &SetupMode); + if (EFI_ERROR(status)) +- return 1; ++ return default_return; + + return SetupMode; + } +diff --git a/shim.c b/shim.c +index 14fb601..fe73ec1 100644 +--- a/shim.c ++++ b/shim.c +@@ -484,7 +484,13 @@ static BOOLEAN secure_mode (void) + return FALSE; + } + +- if (variable_is_setupmode() == 1) { ++ /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode", ++ * then the implementation is bad, but we assume that secure boot is ++ * enabled according to the status of "SecureBoot". If we have both ++ * of them, then "SetupMode" may tell us additional data, and we need ++ * to consider it. ++ */ ++ if (variable_is_setupmode(0) == 1) { + if (verbose && !in_protocol) + console_notify(L"Platform is in setup mode"); + return FALSE; +-- +1.9.3 + diff --git a/SOURCES/0042-Simplify-the-checking-of-SB-and-DB-states.patch b/SOURCES/0042-Simplify-the-checking-of-SB-and-DB-states.patch new file mode 100644 index 0000000..6cb4f18 --- /dev/null +++ b/SOURCES/0042-Simplify-the-checking-of-SB-and-DB-states.patch @@ -0,0 +1,92 @@ +From e5f161147de6bea68e09f33bc294c6ab644d9a78 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 31 Oct 2013 17:32:13 +0800 +Subject: [PATCH 42/74] Simplify the checking of SB and DB states + +MokSBState and MokDBState are just 1 byte variables, so a UINT8 +local variable is sufficient to include the content. + +Signed-off-by: Gary Ching-Pang Lin + +Conflicts: + shim.c +--- + shim.c | 26 ++++++++++---------------- + 1 file changed, 10 insertions(+), 16 deletions(-) + +diff --git a/shim.c b/shim.c +index fe73ec1..ea8eba8 100644 +--- a/shim.c ++++ b/shim.c +@@ -1609,16 +1609,15 @@ static EFI_STATUS check_mok_sb (void) + { + EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; + EFI_STATUS status = EFI_SUCCESS; +- UINT8 *MokSBState = NULL; +- UINTN MokSBStateSize = 0; ++ UINT8 MokSBState; ++ UINTN MokSBStateSize = sizeof(MokSBState); + UINT32 attributes; + + user_insecure_mode = 0; + ignore_db = 0; + +- status = get_variable_attr(L"MokSBState", &MokSBState, &MokSBStateSize, +- shim_lock_guid, &attributes); +- ++ status = uefi_call_wrapper(RT->GetVariable, 5, L"MokSBState", &shim_lock_guid, ++ &attributes, &MokSBStateSize, &MokSBState); + if (status != EFI_SUCCESS) + return EFI_ACCESS_DENIED; + +@@ -1633,13 +1632,11 @@ static EFI_STATUS check_mok_sb (void) + } + status = EFI_ACCESS_DENIED; + } else { +- if (*(UINT8 *)MokSBState == 1) { ++ if (MokSBState == 1) { + user_insecure_mode = 1; + } + } + +- FreePool(MokSBState); +- + return status; + } + +@@ -1651,13 +1648,12 @@ static EFI_STATUS check_mok_db (void) + { + EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; + EFI_STATUS status = EFI_SUCCESS; +- UINT8 *MokDBState = NULL; +- UINTN MokDBStateSize = 0; ++ UINT8 MokDBState; ++ UINTN MokDBStateSize = sizeof(MokDBStateSize); + UINT32 attributes; + +- status = get_variable_attr(L"MokDBState", &MokDBState, &MokDBStateSize, +- shim_lock_guid, &attributes); +- ++ status = uefi_call_wrapper(RT->GetVariable, 5, L"MokDBState", &shim_lock_guid, ++ &attributes, &MokDBStateSize, &MokDBState); + if (status != EFI_SUCCESS) + return EFI_ACCESS_DENIED; + +@@ -1674,13 +1670,11 @@ static EFI_STATUS check_mok_db (void) + } + status = EFI_ACCESS_DENIED; + } else { +- if (*(UINT8 *)MokDBState == 1) { ++ if (MokDBState == 1) { + ignore_db = 1; + } + } + +- FreePool(MokDBState); +- + return status; + } + +-- +1.9.3 + diff --git a/SOURCES/0043-Update-openssl-to-0.9.8za.patch b/SOURCES/0043-Update-openssl-to-0.9.8za.patch new file mode 100644 index 0000000..a31ff6e --- /dev/null +++ b/SOURCES/0043-Update-openssl-to-0.9.8za.patch @@ -0,0 +1,3032 @@ +From 76f8050ff6003e6048fdc4430d8b503aff934255 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Wed, 9 Jul 2014 15:02:50 +0800 +Subject: [PATCH 43/74] Update openssl to 0.9.8za + +Also update to Tiano Cryptlib r15638 +--- + Cryptlib/Cryptlib.diff | 4 +- + Cryptlib/Include/openssl/bn.h | 11 + + Cryptlib/Include/openssl/crypto.h | 37 +- + Cryptlib/Include/openssl/ec.h | 10 +- + Cryptlib/Include/openssl/engine.h | 8 +- + Cryptlib/Include/openssl/opensslv.h | 6 +- + Cryptlib/Include/openssl/ssl.h | 13 +- + Cryptlib/Include/openssl/ssl3.h | 10 + + Cryptlib/Include/openssl/symhacks.h | 10 +- + Cryptlib/Include/openssl/tls1.h | 14 + + Cryptlib/Makefile | 6 +- + Cryptlib/OpenSSL/crypto/asn1/a_int.c | 2 +- + Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 1 + + Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 2 +- + Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 6 + + Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 5 - + Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 5 +- + Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 52 ++ + Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 46 +- + Cryptlib/OpenSSL/crypto/bn/bn_word.c | 25 +- + Cryptlib/OpenSSL/crypto/cryptlib.c | 16 + + Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 26 +- + Cryptlib/OpenSSL/crypto/ec/ec_key.c | 13 +- + Cryptlib/OpenSSL/crypto/ec/ec_lib.c | 10 +- + Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c | 11 +- + Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c | 11 +- + Cryptlib/OpenSSL/crypto/engine/eng_all.c | 6 +- + Cryptlib/OpenSSL/crypto/err/err_all.c | 2 + + Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 3 +- + Cryptlib/OpenSSL/crypto/evp/encode.c | 1 + + Cryptlib/OpenSSL/crypto/o_init.c | 14 + + Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 10 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 8 + + Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 2 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 4 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 2 +- + Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 6 +- + Cryptlib/OpenSSL/update.sh | 998 ++++++++++++----------- + Cryptlib/Pk/CryptPkcs7Sign.c | 207 +++++ + Cryptlib/Pk/CryptPkcs7SignNull.c | 59 ++ + Cryptlib/Pk/{CryptPkcs7.c => CryptPkcs7Verify.c} | 306 +++---- + Cryptlib/Pk/CryptPkcs7VerifyNull.c | 100 +++ + Cryptlib/Pk/CryptRsaExtNull.c | 125 +++ + Cryptlib/Rand/CryptRand.c | 11 +- + Cryptlib/update.sh | 9 +- + 45 files changed, 1425 insertions(+), 808 deletions(-) + create mode 100644 Cryptlib/Pk/CryptPkcs7Sign.c + create mode 100644 Cryptlib/Pk/CryptPkcs7SignNull.c + rename Cryptlib/Pk/{CryptPkcs7.c => CryptPkcs7Verify.c} (74%) + create mode 100644 Cryptlib/Pk/CryptPkcs7VerifyNull.c + create mode 100644 Cryptlib/Pk/CryptRsaExtNull.c + +diff --git a/Cryptlib/Cryptlib.diff b/Cryptlib/Cryptlib.diff +index 9663d90..a2f49d6 100644 +--- a/Cryptlib/Cryptlib.diff ++++ b/Cryptlib/Cryptlib.diff +@@ -6,8 +6,8 @@ index 68bc25a..1abe78e 100644 + // BUG: hardcode OldSize == size! We have no any knowledge about + // memory size of original pointer ptr. + // +-- return ReallocatePool ((UINTN)size, (UINTN)size, ptr); +-+ return ReallocatePool (ptr, (UINTN)size, (UINTN)size); ++- return ReallocatePool ((UINTN) size, (UINTN) size, ptr); +++ return ReallocatePool (ptr, (UINTN) size, (UINTN) size); + } + + /* De-allocates or frees a memory block */ +diff --git a/Cryptlib/Include/openssl/bn.h b/Cryptlib/Include/openssl/bn.h +index f1719a5..688a4e7 100644 +--- a/Cryptlib/Include/openssl/bn.h ++++ b/Cryptlib/Include/openssl/bn.h +@@ -511,6 +511,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, + BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); + ++void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); ++ + /* Deprecated versions */ + #ifndef OPENSSL_NO_DEPRECATED + BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, +@@ -740,11 +742,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); + + #define bn_fix_top(a) bn_check_top(a) + ++#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) ++#define bn_wcheck_size(bn, words) \ ++ do { \ ++ const BIGNUM *_bnum2 = (bn); \ ++ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ ++ } while(0) ++ + #else /* !BN_DEBUG */ + + #define bn_pollute(a) + #define bn_check_top(a) + #define bn_fix_top(a) bn_correct_top(a) ++#define bn_check_size(bn, bits) ++#define bn_wcheck_size(bn, words) + + #endif + +diff --git a/Cryptlib/Include/openssl/crypto.h b/Cryptlib/Include/openssl/crypto.h +index fc1374f..ac0c949 100644 +--- a/Cryptlib/Include/openssl/crypto.h ++++ b/Cryptlib/Include/openssl/crypto.h +@@ -235,15 +235,15 @@ typedef struct openssl_item_st + #ifndef OPENSSL_NO_LOCKING + #ifndef CRYPTO_w_lock + #define CRYPTO_w_lock(type) \ +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) + #define CRYPTO_w_unlock(type) \ +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) + #define CRYPTO_r_lock(type) \ +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) + #define CRYPTO_r_unlock(type) \ +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) + #define CRYPTO_add(addr,amount,type) \ +- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) ++ CRYPTO_add_lock(addr,amount,type,NULL,0) + #endif + #else + #define CRYPTO_w_lock(a) +@@ -361,19 +361,19 @@ int CRYPTO_is_mem_check_on(void); + #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) + #define is_MemCheck_on() CRYPTO_is_mem_check_on() + +-#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) +-#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) ++#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) ++#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) + #define OPENSSL_realloc(addr,num) \ +- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) ++ CRYPTO_realloc((char *)addr,(int)num,NULL,0) + #define OPENSSL_realloc_clean(addr,old_num,num) \ +- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) ++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0) + #define OPENSSL_remalloc(addr,num) \ +- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) ++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0) + #define OPENSSL_freeFunc CRYPTO_free + #define OPENSSL_free(addr) CRYPTO_free(addr) + + #define OPENSSL_malloc_locked(num) \ +- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) ++ CRYPTO_malloc_locked((int)num,NULL,0) + #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) + + +@@ -487,7 +487,7 @@ void CRYPTO_set_mem_debug_options(long bits); + long CRYPTO_get_mem_debug_options(void); + + #define CRYPTO_push_info(info) \ +- CRYPTO_push_info_(info, __FILE__, __LINE__); ++ CRYPTO_push_info_(info, NULL, 0); + int CRYPTO_push_info_(const char *info, const char *file, int line); + int CRYPTO_pop_info(void); + int CRYPTO_remove_all_info(void); +@@ -528,17 +528,17 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); + + /* die if we have to */ + void OpenSSLDie(const char *file,int line,const char *assertion); +-#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) ++#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1)) + + unsigned long *OPENSSL_ia32cap_loc(void); + #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) + int OPENSSL_isservice(void); + + #ifdef OPENSSL_FIPS +-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ ++#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \ + alg " previous FIPS forbidden algorithm error ignored"); + +-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ ++#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \ + #alg " Algorithm forbidden in FIPS mode"); + + #ifdef OPENSSL_FIPS_STRICT +@@ -591,6 +591,13 @@ int OPENSSL_isservice(void); + #define OPENSSL_HAVE_INIT 1 + void OPENSSL_init(void); + ++/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It ++ * takes an amount of time dependent on |len|, but independent of the contents ++ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a ++ * defined order as the return value when a != b is undefined, other than to be ++ * non-zero. */ ++int CRYPTO_memcmp(const void *a, const void *b, size_t len); ++ + /* BEGIN ERROR CODES */ + /* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. +diff --git a/Cryptlib/Include/openssl/ec.h b/Cryptlib/Include/openssl/ec.h +index 8bc2a23..367307f 100644 +--- a/Cryptlib/Include/openssl/ec.h ++++ b/Cryptlib/Include/openssl/ec.h +@@ -321,7 +321,15 @@ void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t); + /* functions to set/get method specific data */ + void *EC_KEY_get_key_method_data(EC_KEY *, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +-void EC_KEY_insert_key_method_data(EC_KEY *, void *data, ++/** Sets the key method data of an EC_KEY object, if none has yet been set. ++ * \param key EC_KEY object ++ * \param data opaque data to install. ++ * \param dup_func a function that duplicates |data|. ++ * \param free_func a function that frees |data|. ++ * \param clear_free_func a function that wipes and frees |data|. ++ * \return the previously set data pointer, or NULL if |data| was inserted. ++ */ ++void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); + /* wrapper functions for the underlying EC_GROUP object */ + void EC_KEY_set_asn1_flag(EC_KEY *, int); +diff --git a/Cryptlib/Include/openssl/engine.h b/Cryptlib/Include/openssl/engine.h +index d4bc1ef..b4e0444 100644 +--- a/Cryptlib/Include/openssl/engine.h ++++ b/Cryptlib/Include/openssl/engine.h +@@ -335,15 +335,15 @@ void ENGINE_load_gmp(void); + void ENGINE_load_nuron(void); + void ENGINE_load_sureware(void); + void ENGINE_load_ubsec(void); +-#endif +-void ENGINE_load_cryptodev(void); +-void ENGINE_load_padlock(void); +-void ENGINE_load_builtin_engines(void); + #ifdef OPENSSL_SYS_WIN32 + #ifndef OPENSSL_NO_CAPIENG + void ENGINE_load_capi(void); + #endif + #endif ++#endif ++void ENGINE_load_cryptodev(void); ++void ENGINE_load_padlock(void); ++void ENGINE_load_builtin_engines(void); + + /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation + * "registry" handling. */ +diff --git a/Cryptlib/Include/openssl/opensslv.h b/Cryptlib/Include/openssl/opensslv.h +index 4a5a5ae..e5ab5c4 100644 +--- a/Cryptlib/Include/openssl/opensslv.h ++++ b/Cryptlib/Include/openssl/opensslv.h +@@ -25,11 +25,11 @@ + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-#define OPENSSL_VERSION_NUMBER 0x0090817fL ++#define OPENSSL_VERSION_NUMBER 0x009081afL + #ifdef OPENSSL_FIPS +-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w-fips 23 Apr 2012" ++#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-fips 5 Jun 2014" + #else +-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w 23 Apr 2012" ++#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za 5 Jun 2014" + #endif + #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT + +diff --git a/Cryptlib/Include/openssl/ssl.h b/Cryptlib/Include/openssl/ssl.h +index eb50e14..5f2a04e 100644 +--- a/Cryptlib/Include/openssl/ssl.h ++++ b/Cryptlib/Include/openssl/ssl.h +@@ -490,11 +490,14 @@ typedef struct ssl_session_st + #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L + #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L + #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L +-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ ++#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L + #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L + #define SSL_OP_TLS_D5_BUG 0x00000100L + #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L + ++/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ ++#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 ++ + /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added + * in OpenSSL 0.9.6d. Usually (depending on the application protocol) + * the workaround is not needed. Unfortunately some broken SSL/TLS +@@ -1204,6 +1207,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE + #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME + #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE ++#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE ++#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ + + #define SSL_ERROR_NONE 0 + #define SSL_ERROR_SSL 1 +@@ -1820,6 +1825,7 @@ void ERR_load_SSL_strings(void); + #define SSL_F_SSL_GET_NEW_SESSION 181 + #define SSL_F_SSL_GET_PREV_SESSION 217 + #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 ++#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 + #define SSL_F_SSL_GET_SIGN_PKEY 183 + #define SSL_F_SSL_INIT_WBIO_BUFFER 184 + #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +@@ -2073,6 +2079,11 @@ void ERR_load_SSL_strings(void); + #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 + #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 + #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 ++#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 ++#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 ++#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 ++#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 ++#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 + #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 + #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 + #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 +diff --git a/Cryptlib/Include/openssl/ssl3.h b/Cryptlib/Include/openssl/ssl3.h +index b9a85ef..de5e559 100644 +--- a/Cryptlib/Include/openssl/ssl3.h ++++ b/Cryptlib/Include/openssl/ssl3.h +@@ -333,6 +333,7 @@ typedef struct ssl3_buffer_st + #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 + #define SSL3_FLAGS_POP_BUFFER 0x0004 + #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 ++#define SSL3_FLAGS_CCS_OK 0x0080 + + /* SSL3_FLAGS_SGC_RESTART_DONE is set when we + * restart a handshake because of MS SGC and so prevents us +@@ -460,6 +461,15 @@ typedef struct ssl3_state_st + unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_server_finished_len; + int send_connection_binding; /* TODOEKR */ ++ ++#ifndef OPENSSL_NO_TLSEXT ++#ifndef OPENSSL_NO_EC ++ /* This is set to true if we believe that this is a version of Safari ++ * running on OS X 10.6 or newer. We wish to know this because Safari ++ * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ ++ char is_probably_safari; ++#endif /* !OPENSSL_NO_EC */ ++#endif /* !OPENSSL_NO_TLSEXT */ + } SSL3_STATE; + + +diff --git a/Cryptlib/Include/openssl/symhacks.h b/Cryptlib/Include/openssl/symhacks.h +index 0114093..c540771 100644 +--- a/Cryptlib/Include/openssl/symhacks.h ++++ b/Cryptlib/Include/openssl/symhacks.h +@@ -252,15 +252,15 @@ + #define EC_POINT_set_compressed_coordinates_GF2m \ + EC_POINT_set_compr_coords_GF2m + #undef ec_GF2m_simple_group_clear_finish +-#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish ++#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish + #undef ec_GF2m_simple_group_check_discriminant + #define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim + #undef ec_GF2m_simple_point_clear_finish +-#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish ++#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish + #undef ec_GF2m_simple_point_set_to_infinity +-#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf ++#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf + #undef ec_GF2m_simple_points_make_affine +-#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine ++#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine + #undef ec_GF2m_simple_point_set_affine_coordinates + #define ec_GF2m_simple_point_set_affine_coordinates \ + ec_GF2m_smp_pt_set_af_coords +@@ -288,8 +288,6 @@ + #define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf + #undef ec_GFp_simple_points_make_affine + #define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine +-#undef ec_GFp_simple_group_get_curve_GFp +-#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp + #undef ec_GFp_simple_set_Jprojective_coordinates_GFp + #define ec_GFp_simple_set_Jprojective_coordinates_GFp \ + ec_GFp_smp_set_Jproj_coords_GFp +diff --git a/Cryptlib/Include/openssl/tls1.h b/Cryptlib/Include/openssl/tls1.h +index afe4807..47f25af 100644 +--- a/Cryptlib/Include/openssl/tls1.h ++++ b/Cryptlib/Include/openssl/tls1.h +@@ -80,10 +80,24 @@ extern "C" { + + #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 + ++#define TLS1_2_VERSION 0x0303 ++#define TLS1_2_VERSION_MAJOR 0x03 ++#define TLS1_2_VERSION_MINOR 0x03 ++ ++#define TLS1_1_VERSION 0x0302 ++#define TLS1_1_VERSION_MAJOR 0x03 ++#define TLS1_1_VERSION_MINOR 0x02 ++ + #define TLS1_VERSION 0x0301 + #define TLS1_VERSION_MAJOR 0x03 + #define TLS1_VERSION_MINOR 0x01 + ++#define TLS1_get_version(s) \ ++ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) ++ ++#define TLS1_get_client_version(s) \ ++ ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) ++ + #define TLS1_AD_DECRYPTION_FAILED 21 + #define TLS1_AD_RECORD_OVERFLOW 22 + #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ +diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile +index d24e59e..678baac 100644 +--- a/Cryptlib/Makefile ++++ b/Cryptlib/Makefile +@@ -30,7 +30,11 @@ OBJS = Hash/CryptMd4.o \ + Rand/CryptRand.o \ + Pk/CryptRsaBasic.o \ + Pk/CryptRsaExt.o \ +- Pk/CryptPkcs7.o \ ++ Pk/CryptRsaExtNull.o \ ++ Pk/CryptPkcs7Sign.o \ ++ Pk/CryptPkcs7SignNull.o \ ++ Pk/CryptPkcs7Verify.o \ ++ Pk/CryptPkcs7VerifyNull.o \ + Pk/CryptDh.o \ + Pk/CryptX509.o \ + Pk/CryptAuthenticode.o \ +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c +index f551bdb..ee26c31 100755 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_int.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_int.c +@@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) + int pad=0,ret,i,neg; + unsigned char *p,*n,pb=0; + +- if ((a == NULL) || (a->data == NULL)) return(0); ++ if (a == NULL) return(0); + neg=a->type & V_ASN1_NEG; + if (a->length == 0) + ret=1; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +index 264ebf2..ead37ac 100755 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +@@ -567,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) + if(mbflag == -1) return -1; + mbflag |= MBSTRING_FLAG; + stmp.data = NULL; ++ stmp.length = 0; + ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); + if(ret < 0) return ret; + *out = stmp.data; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +index b68ae43..9b7d688 100755 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +@@ -75,7 +75,7 @@ static int table_cmp(const void *a, const void *b); + * certain software (e.g. Netscape) has problems with them. + */ + +-static unsigned long global_mask = 0xFFFFFFFFL; ++static unsigned long global_mask = B_ASN1_UTF8STRING; + + void ASN1_STRING_set_default_mask(unsigned long mask) + { +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +index da3efaa..7ded69b 100755 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +@@ -138,6 +138,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat + unsigned char *buf_in=NULL; + int ret= -1,i,inl; + ++ if (!pkey) ++ { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); ++ return -1; ++ } ++ + EVP_MD_CTX_init(&ctx); + i=OBJ_obj2nid(a->algorithm); + type=EVP_get_digestbyname(OBJ_nid2sn(i)); +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +index afb95d6..bc23f56 100755 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +@@ -208,11 +208,6 @@ int DSA_print(BIO *bp, const DSA *x, int off) + + if (x->p) + buf_len = (size_t)BN_num_bytes(x->p); +- else +- { +- DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS); +- goto err; +- } + if (x->q) + if (buf_len < (i = (size_t)BN_num_bytes(x->q))) + buf_len = i; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +index 94d9f7e..bc8a7bf 100755 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +@@ -371,12 +371,15 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) + CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); + if (key->pkey) + { ++ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + EVP_PKEY_free(ret); + ret = key->pkey; + } + else ++ { + key->pkey = ret; +- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); ++ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); ++ } + CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); + return(ret); + err: +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +index 32a8fba..b66f507 100755 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +@@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, + } + return bn_cmp_words(a,b,cl); + } ++ ++/* ++ * Constant-time conditional swap of a and b. ++ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. ++ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, ++ * and that no more than nwords are used by either a or b. ++ * a and b cannot be the same number ++ */ ++void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) ++ { ++ BN_ULONG t; ++ int i; ++ ++ bn_wcheck_size(a, nwords); ++ bn_wcheck_size(b, nwords); ++ ++ assert(a != b); ++ assert((condition & (condition - 1)) == 0); ++ assert(sizeof(BN_ULONG) >= sizeof(int)); ++ ++ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; ++ ++ t = (a->top^b->top) & condition; ++ a->top ^= t; ++ b->top ^= t; ++ ++#define BN_CONSTTIME_SWAP(ind) \ ++ do { \ ++ t = (a->d[ind] ^ b->d[ind]) & condition; \ ++ a->d[ind] ^= t; \ ++ b->d[ind] ^= t; \ ++ } while (0) ++ ++ ++ switch (nwords) { ++ default: ++ for (i = 10; i < nwords; i++) ++ BN_CONSTTIME_SWAP(i); ++ /* Fallthrough */ ++ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ ++ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ ++ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ ++ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ ++ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ ++ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ ++ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ ++ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ ++ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ ++ case 1: BN_CONSTTIME_SWAP(0); ++ } ++#undef BN_CONSTTIME_SWAP ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +index 4799b15..27cafb1 100755 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +@@ -701,32 +701,38 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) + BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx) + { +- int got_write_lock = 0; + BN_MONT_CTX *ret; + + CRYPTO_r_lock(lock); +- if (!*pmont) ++ ret = *pmont; ++ CRYPTO_r_unlock(lock); ++ if (ret) ++ return ret; ++ ++ /* We don't want to serialise globally while doing our lazy-init math in ++ * BN_MONT_CTX_set. That punishes threads that are doing independent ++ * things. Instead, punish the case where more than one thread tries to ++ * lazy-init the same 'pmont', by having each do the lazy-init math work ++ * independently and only use the one from the thread that wins the race ++ * (the losers throw away the work they've done). */ ++ ret = BN_MONT_CTX_new(); ++ if (!ret) ++ return NULL; ++ if (!BN_MONT_CTX_set(ret, mod, ctx)) + { +- CRYPTO_r_unlock(lock); +- CRYPTO_w_lock(lock); +- got_write_lock = 1; ++ BN_MONT_CTX_free(ret); ++ return NULL; ++ } + +- if (!*pmont) +- { +- ret = BN_MONT_CTX_new(); +- if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) +- BN_MONT_CTX_free(ret); +- else +- *pmont = ret; +- } ++ /* The locked compare-and-set, after the local work is done. */ ++ CRYPTO_w_lock(lock); ++ if (*pmont) ++ { ++ BN_MONT_CTX_free(ret); ++ ret = *pmont; + } +- +- ret = *pmont; +- +- if (got_write_lock) +- CRYPTO_w_unlock(lock); + else +- CRYPTO_r_unlock(lock); +- ++ *pmont = ret; ++ CRYPTO_w_unlock(lock); + return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c +index ee7b87c..de83a15 100755 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_word.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_word.c +@@ -144,26 +144,17 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) + a->neg=!(a->neg); + return(i); + } +- /* Only expand (and risk failing) if it's possibly necessary */ +- if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) && +- (bn_wexpand(a,a->top+1) == NULL)) +- return(0); +- i=0; +- for (;;) ++ for (i=0;w!=0 && itop;i++) + { +- if (i >= a->top) +- l=w; +- else +- l=(a->d[i]+w)&BN_MASK2; +- a->d[i]=l; +- if (w > l) +- w=1; +- else +- break; +- i++; ++ a->d[i] = l = (a->d[i]+w)&BN_MASK2; ++ w = (w>l)?1:0; + } +- if (i >= a->top) ++ if (w && i==a->top) ++ { ++ if (bn_wexpand(a,a->top+1) == NULL) return 0; + a->top++; ++ a->d[i]=w; ++ } + bn_check_top(a); + return(1); + } +diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c +index dd74ea8..dec3286 100755 +--- a/Cryptlib/OpenSSL/crypto/cryptlib.c ++++ b/Cryptlib/OpenSSL/crypto/cryptlib.c +@@ -542,3 +542,19 @@ void OpenSSLDie(const char *file,int line,const char *assertion) + } + + void *OPENSSL_stderr(void) { return stderr; } ++ ++#ifndef OPENSSL_FIPS ++ ++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) ++ { ++ size_t i; ++ const unsigned char *a = in_a; ++ const unsigned char *b = in_b; ++ unsigned char x = 0; ++ ++ for (i = 0; i < len; i++) ++ x |= a[i] ^ b[i]; ++ ++ return x; ++ } ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c +index 7dca5e4..6b570a3 100755 +--- a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c +@@ -208,9 +208,12 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG + + /* Computes scalar*point and stores the result in r. + * point can not equal r. +- * Uses algorithm 2P of ++ * Uses a modified algorithm 2P of + * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation". ++ * ++ * To protect against side-channel attack the function uses constant time ++ * swap avoiding conditional branches. + */ + static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + const EC_POINT *point, BN_CTX *ctx) +@@ -244,6 +247,11 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, + x2 = &r->X; + z2 = &r->Y; + ++ bn_wexpand(x1, group->field.top); ++ bn_wexpand(z1, group->field.top); ++ bn_wexpand(x2, group->field.top); ++ bn_wexpand(z2, group->field.top); ++ + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ + if (!BN_one(z1)) goto err; /* z1 = 1 */ + if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ +@@ -266,16 +274,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, + { + for (; j >= 0; j--) + { +- if (scalar->d[i] & mask) +- { +- if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; +- if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; +- } +- else +- { +- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; +- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; +- } ++ BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); ++ BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); ++ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; ++ if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; ++ BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); ++ BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); + mask >>= 1; + } + j = BN_BITS2 - 1; +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c +index 522802c..6c933d2 100755 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_key.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_key.c +@@ -435,18 +435,27 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) + void *EC_KEY_get_key_method_data(EC_KEY *key, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { +- return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); ++ void *ret; ++ ++ CRYPTO_r_lock(CRYPTO_LOCK_EC); ++ ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); ++ CRYPTO_r_unlock(CRYPTO_LOCK_EC); ++ ++ return ret; + } + +-void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, ++void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + EC_EXTRA_DATA *ex_data; ++ + CRYPTO_w_lock(CRYPTO_LOCK_EC); + ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); + if (ex_data == NULL) + EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); + CRYPTO_w_unlock(CRYPTO_LOCK_EC); ++ ++ return ex_data; + } + + void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +index 5af8437..bbf2799 100755 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +@@ -480,10 +480,10 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) + if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != + EC_METHOD_get_field_type(EC_GROUP_method_of(b))) + return 1; +- /* compare the curve name (if present) */ ++ /* compare the curve name (if present in both) */ + if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && +- EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b)) +- return 0; ++ EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) ++ return 1; + + if (!ctx) + ctx_new = ctx = BN_CTX_new(); +@@ -1061,12 +1061,12 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN + if (group->meth->point_cmp == 0) + { + ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; ++ return -1; + } + if ((group->meth != a->meth) || (a->meth != b->meth)) + { + ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; ++ return -1; + } + return group->meth->point_cmp(group, a, b, ctx); + } +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c +index bf22234..f9ba5fb 100755 +--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c +@@ -205,8 +205,15 @@ ECDH_DATA *ecdh_check(EC_KEY *key) + ecdh_data = (ECDH_DATA *)ecdh_data_new(); + if (ecdh_data == NULL) + return NULL; +- EC_KEY_insert_key_method_data(key, (void *)ecdh_data, +- ecdh_data_dup, ecdh_data_free, ecdh_data_free); ++ data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, ++ ecdh_data_dup, ecdh_data_free, ecdh_data_free); ++ if (data != NULL) ++ { ++ /* Another thread raced us to install the key_method ++ * data and won. */ ++ ecdh_data_free(ecdh_data); ++ ecdh_data = (ECDH_DATA *)data; ++ } + } + else + ecdh_data = (ECDH_DATA *)data; +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c +index 2ebae3a..81082c9 100755 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c +@@ -188,8 +188,15 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key) + ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); + if (ecdsa_data == NULL) + return NULL; +- EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, +- ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); ++ data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, ++ ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); ++ if (data != NULL) ++ { ++ /* Another thread raced us to install the key_method ++ * data and won. */ ++ ecdsa_data_free(ecdsa_data); ++ ecdsa_data = (ECDSA_DATA *)data; ++ } + } + else + ecdsa_data = (ECDSA_DATA *)data; +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c +index f29c167..8a1b9c7 100755 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_all.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_all.c +@@ -102,14 +102,14 @@ void ENGINE_load_builtin_engines(void) + #if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) + ENGINE_load_gmp(); + #endif ++#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) ++ ENGINE_load_capi(); ++#endif + #endif + #ifndef OPENSSL_NO_HW + #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) + ENGINE_load_cryptodev(); + #endif +-#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) +- ENGINE_load_capi(); +-#endif + #endif + } + +diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c +index 39796f7..0429389 100755 +--- a/Cryptlib/OpenSSL/crypto/err/err_all.c ++++ b/Cryptlib/OpenSSL/crypto/err/err_all.c +@@ -104,7 +104,9 @@ + #ifndef OPENSSL_NO_JPAKE + #include + #endif ++#ifndef OPENSSL_NO_COMP + #include ++#endif + + void ERR_load_crypto_strings(void) + { +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +index 72a2a67..16863fe 100755 +--- a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c ++++ b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +@@ -226,6 +226,7 @@ static int b64_read(BIO *b, char *out, int outl) + else if (ctx->start) + { + q=p=(unsigned char *)ctx->tmp; ++ num = 0; + for (j=0; j v) { rv=-1; goto end; } + ret+=(v-eof); + } + else +diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c +index d767a90..c89fda5 100755 +--- a/Cryptlib/OpenSSL/crypto/o_init.c ++++ b/Cryptlib/OpenSSL/crypto/o_init.c +@@ -93,4 +93,18 @@ void OPENSSL_init(void) + #endif + } + ++#ifdef OPENSSL_FIPS ++ ++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) ++ { ++ size_t i; ++ const unsigned char *a = in_a; ++ const unsigned char *b = in_b; ++ unsigned char x = 0; + ++ for (i = 0; i < len; i++) ++ x |= a[i] ^ b[i]; ++ ++ return x; ++ } ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +index 4a0c387..f24080f 100755 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +@@ -91,9 +91,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + { + EVP_PKEY *skey; + skey = X509_get_pubkey(signer); +- ret = OCSP_BASICRESP_verify(bs, skey, 0); +- EVP_PKEY_free(skey); +- if(ret <= 0) ++ if (skey) ++ { ++ ret = OCSP_BASICRESP_verify(bs, skey, 0); ++ EVP_PKEY_free(skey); ++ } ++ if(!skey || ret <= 0) + { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); + goto end; +@@ -108,6 +111,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); + if(!init_res) + { ++ ret = -1; + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); + goto end; + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +index 9522342..3ef3be1 100755 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +@@ -100,7 +100,11 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else + #endif ++#ifdef OPENSSL_NO_RC2 ++ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; ++#else + nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; ++#endif + } + if (!nid_key) + nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; +@@ -290,7 +294,11 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + free_safes = 0; + + if (nid_safe == 0) ++#ifdef OPENSSL_NO_RC2 ++ nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; ++#else + nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; ++#endif + + if (nid_safe == -1) + p7 = PKCS12_pack_p7data(bags); +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +index 5c4c6ec..bdbbbec 100755 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +@@ -261,7 +261,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, + int len, r; + unsigned char *data; + len = ASN1_STRING_to_UTF8(&data, fname); +- if(len > 0) { ++ if(len >= 0) { + r = X509_alias_set1(x509, data, len); + OPENSSL_free(data); + if (!r) +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +index b0ff89a..49b450d 100755 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +@@ -290,8 +290,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + + bufsiz = 4096; + buf = OPENSSL_malloc (bufsiz); +- if (buf == NULL) { +- goto err; ++ if (buf == NULL) { ++ goto err; + } + + /* We now have to 'read' from p7bio to calculate digests etc. */ +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +index 546ae5f..b8e3edc 100755 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +@@ -143,7 +143,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + + EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); + +- if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) ++ if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) + goto decoding_err; + else + { +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +index af12520..b87617a 100755 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +@@ -386,11 +386,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) + + static int check_chain_extensions(X509_STORE_CTX *ctx) + { +-#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI) +- /* +- NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting +- in Authenticode Signing Certificates. +- */ ++#ifdef OPENSSL_NO_CHAIN_VERIFY + return 1; + #else + int i, ok=0, must_be_ca, plen = 0; +diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh +index cb25ccd..95875e7 100755 +--- a/Cryptlib/OpenSSL/update.sh ++++ b/Cryptlib/OpenSSL/update.sh +@@ -1,499 +1,501 @@ + #/bin/sh +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/e_os.h e_os.h +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cryptlib.c crypto/cryptlib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dyn_lck.c crypto/dyn_lck.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem.c crypto/mem.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem_clr.c crypto/mem_clr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem_dbg.c crypto/mem_dbg.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cversion.c crypto/cversion.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ex_data.c crypto/ex_data.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cpt_err.c crypto/cpt_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ebcdic.c crypto/ebcdic.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/uid.c crypto/uid.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_time.c crypto/o_time.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_str.c crypto/o_str.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_dir.c crypto/o_dir.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_init.c crypto/o_init.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/fips_err.c crypto/fips_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md2/md2_one.c crypto/md2/md2_one.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md4/md4_one.c crypto/md4/md4_one.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md5/md5_one.c crypto/md5/md5_one.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha_one.c crypto/sha/sha_one.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha1_one.c crypto/sha/sha1_one.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha256.c crypto/sha/sha256.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha512.c crypto/sha/sha512.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/hmac/hmac.c crypto/hmac/hmac.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_lib.c crypto/des/des_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/set_key.c crypto/des/set_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ecb_enc.c crypto/des/ecb_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cbc_enc.c crypto/des/cbc_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb64enc.c crypto/des/cfb64enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb64ede.c crypto/des/cfb64ede.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb_enc.c crypto/des/cfb_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb64ede.c crypto/des/ofb64ede.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/enc_read.c crypto/des/enc_read.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/enc_writ.c crypto/des/enc_writ.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb64enc.c crypto/des/ofb64enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb_enc.c crypto/des/ofb_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/str2key.c crypto/des/str2key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/qud_cksm.c crypto/des/qud_cksm.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/rand_key.c crypto/des/rand_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_enc.c crypto/des/des_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/fcrypt.c crypto/des/fcrypt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/rpc_enc.c crypto/des/rpc_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_old.c crypto/des/des_old.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_old2.c crypto/des/des_old2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/read2pwd.c crypto/des/read2pwd.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_cbc.c crypto/idea/i_cbc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_ecb.c crypto/idea/i_ecb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_skey.c crypto/idea/i_skey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_skey.c crypto/bf/bf_skey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_enc.c crypto/bf/bf_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_skey.c crypto/cast/c_skey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_ecb.c crypto/cast/c_ecb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_enc.c crypto/cast/c_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_misc.c crypto/aes/aes_misc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ige.c crypto/aes/aes_ige.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_core.c crypto/aes/aes_core.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_add.c crypto/bn/bn_add.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_div.c crypto/bn/bn_div.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_exp.c crypto/bn/bn_exp.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_lib.c crypto/bn/bn_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mul.c crypto/bn/bn_mul.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mod.c crypto/bn/bn_mod.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_print.c crypto/bn/bn_print.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_rand.c crypto/bn/bn_rand.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_shift.c crypto/bn/bn_shift.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_word.c crypto/bn/bn_word.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_blind.c crypto/bn/bn_blind.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_kron.c crypto/bn/bn_kron.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_prime.c crypto/bn/bn_prime.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_err.c crypto/bn/bn_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_asm.c crypto/bn/bn_asm.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_recp.c crypto/bn/bn_recp.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mont.c crypto/bn/bn_mont.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_nist.c crypto/bn/bn_nist.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_depr.c crypto/bn/bn_depr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_const.c crypto/bn/bn_const.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_opt.c crypto/bn/bn_opt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_dl.c crypto/dso/dso_dl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_err.c crypto/dso/dso_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_lib.c crypto/dso/dso_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_null.c crypto/dso/dso_null.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_win32.c crypto/dso/dso_win32.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_vms.c crypto/dso/dso_vms.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_gen.c crypto/dh/dh_gen.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_key.c crypto/dh/dh_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_lib.c crypto/dh/dh_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_check.c crypto/dh/dh_check.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_err.c crypto/dh/dh_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_depr.c crypto/dh/dh_depr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_lib.c crypto/ec/ec_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_mult.c crypto/ec/ec_mult.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_err.c crypto/ec/ec_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_curve.c crypto/ec/ec_curve.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_check.c crypto/ec/ec_check.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_print.c crypto/ec/ec_print.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_key.c crypto/ec/ec_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buffer.c crypto/buffer/buffer.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buf_str.c crypto/buffer/buf_str.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buf_err.c crypto/buffer/buf_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_lib.c crypto/bio/bio_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_cb.c crypto/bio/bio_cb.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_err.c crypto/bio/bio_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_mem.c crypto/bio/bss_mem.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_null.c crypto/bio/bss_null.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_fd.c crypto/bio/bss_fd.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_file.c crypto/bio/bss_file.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_null.c crypto/bio/bf_null.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_buff.c crypto/bio/bf_buff.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/b_dump.c crypto/bio/b_dump.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_log.c crypto/bio/bss_log.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_bio.c crypto/bio/bss_bio.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/stack/stack.c crypto/stack/stack.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/lhash/lhash.c crypto/lhash/lhash.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/md_rand.c crypto/rand/md_rand.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/randfile.c crypto/rand/randfile.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_lib.c crypto/rand/rand_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_eng.c crypto/rand/rand_eng.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_err.c crypto/rand/rand_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_egd.c crypto/rand/rand_egd.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_win.c crypto/rand/rand_win.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_unix.c crypto/rand/rand_unix.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_os2.c crypto/rand/rand_os2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_nw.c crypto/rand/rand_nw.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err.c crypto/err/err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_def.c crypto/err/err_def.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_all.c crypto/err/err_all.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_prn.c crypto/err/err_prn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_str.c crypto/err/err_str.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_bio.c crypto/err/err_bio.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/o_names.c crypto/objects/o_names.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_dat.c crypto/objects/obj_dat.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_lib.c crypto/objects/obj_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_err.c crypto/objects/obj_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/encode.c crypto/evp/encode.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/digest.c crypto/evp/digest.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/dig_eng.c crypto/evp/dig_eng.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_enc.c crypto/evp/evp_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_key.c crypto/evp/evp_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_des.c crypto/evp/e_des.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_bf.c crypto/evp/e_bf.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_idea.c crypto/evp/e_idea.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_des3.c crypto/evp/e_des3.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc4.c crypto/evp/e_rc4.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_aes.c crypto/evp/e_aes.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/names.c crypto/evp/names.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc2.c crypto/evp/e_rc2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_cast.c crypto/evp/e_cast.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc5.c crypto/evp/e_rc5.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/enc_min.c crypto/evp/enc_min.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_null.c crypto/evp/m_null.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md2.c crypto/evp/m_md2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md4.c crypto/evp/m_md4.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md5.c crypto/evp/m_md5.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_sha.c crypto/evp/m_sha.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_sha1.c crypto/evp/m_sha1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_dss.c crypto/evp/m_dss.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_dss1.c crypto/evp/m_dss1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_open.c crypto/evp/p_open.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_seal.c crypto/evp/p_seal.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_sign.c crypto/evp/p_sign.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_verify.c crypto/evp/p_verify.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_lib.c crypto/evp/p_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_enc.c crypto/evp/p_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_dec.c crypto/evp/p_dec.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_md.c crypto/evp/bio_md.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_b64.c crypto/evp/bio_b64.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_enc.c crypto/evp/bio_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_err.c crypto/evp/evp_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_null.c crypto/evp/e_null.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_all.c crypto/evp/c_all.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_allc.c crypto/evp/c_allc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_alld.c crypto/evp/c_alld.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_lib.c crypto/evp/evp_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_ok.c crypto/evp/bio_ok.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_old.c crypto/evp/e_old.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_object.c crypto/asn1/a_object.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_time.c crypto/asn1/a_time.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_int.c crypto/asn1/a_int.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_octet.c crypto/asn1/a_octet.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_print.c crypto/asn1/a_print.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_type.c crypto/asn1/a_type.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_set.c crypto/asn1/a_set.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_dup.c crypto/asn1/a_dup.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_enum.c crypto/asn1/a_enum.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_sign.c crypto/asn1/a_sign.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_digest.c crypto/asn1/a_digest.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_verify.c crypto/asn1/a_verify.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_strex.c crypto/asn1/a_strex.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_algor.c crypto/asn1/x_algor.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_val.c crypto/asn1/x_val.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_sig.c crypto/asn1/x_sig.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_req.c crypto/asn1/x_req.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_long.c crypto/asn1/x_long.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_name.c crypto/asn1/x_name.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_x509.c crypto/asn1/x_x509.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_crl.c crypto/asn1/x_crl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_info.c crypto/asn1/x_info.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_spki.c crypto/asn1/x_spki.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/nsseq.c crypto/asn1/nsseq.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_req.c crypto/asn1/t_req.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_x509.c crypto/asn1/t_x509.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_crl.c crypto/asn1/t_crl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_spki.c crypto/asn1/t_spki.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_int.c crypto/asn1/f_int.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_string.c crypto/asn1/f_string.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_enum.c crypto/asn1/f_enum.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bool.c crypto/asn1/a_bool.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_exten.c crypto/asn1/x_exten.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_meth.c crypto/asn1/a_meth.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_sign.c crypto/pem/pem_sign.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_seal.c crypto/pem/pem_seal.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_info.c crypto/pem/pem_info.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_lib.c crypto/pem/pem_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_all.c crypto/pem/pem_all.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_err.c crypto/pem/pem_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_x509.c crypto/pem/pem_x509.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_oth.c crypto/pem/pem_oth.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_def.c crypto/x509/x509_def.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_d2.c crypto/x509/x509_d2.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_obj.c crypto/x509/x509_obj.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_req.c crypto/x509/x509_req.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509spki.c crypto/x509/x509spki.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_set.c crypto/x509/x509_set.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509cset.c crypto/x509/x509cset.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509rset.c crypto/x509/x509rset.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_err.c crypto/x509/x509_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509name.c crypto/x509/x509name.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_v3.c crypto/x509/x509_v3.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_ext.c crypto/x509/x509_ext.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_att.c crypto/x509/x509_att.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509type.c crypto/x509/x509type.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_lu.c crypto/x509/x509_lu.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x_all.c crypto/x509/x_all.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_txt.c crypto/x509/x509_txt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_trs.c crypto/x509/x509_trs.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/by_file.c crypto/x509/by_file.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/by_dir.c crypto/x509/by_dir.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3err.c crypto/x509v3/v3err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_err.c crypto/conf/conf_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_lib.c crypto/conf/conf_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_api.c crypto/conf/conf_api.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_def.c crypto/conf/conf_def.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_mod.c crypto/conf/conf_mod.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_mall.c crypto/conf/conf_mall.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_sap.c crypto/conf/conf_sap.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/comp_lib.c crypto/comp/comp_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/comp_err.c crypto/comp/comp_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/c_rle.c crypto/comp/c_rle.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/c_zlib.c crypto/comp/c_zlib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_err.c crypto/engine/eng_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_lib.c crypto/engine/eng_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_list.c crypto/engine/eng_list.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_init.c crypto/engine/eng_init.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_table.c crypto/engine/eng_table.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_fat.c crypto/engine/eng_fat.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_all.c crypto/engine/eng_all.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_dh.c crypto/engine/tb_dh.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_rand.c crypto/engine/tb_rand.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_store.c crypto/engine/tb_store.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_digest.c crypto/engine/tb_digest.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_err.c crypto/ui/ui_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_lib.c crypto/ui/ui_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_util.c crypto/ui/ui_util.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_compat.c crypto/ui/ui_compat.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_err.c crypto/store/str_err.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_lib.c crypto/store/str_lib.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_meth.c crypto/store/str_meth.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_mem.c crypto/store/str_mem.c +-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c ++DIR=$1 ++ ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/e_os.h e_os.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cryptlib.c crypto/cryptlib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dyn_lck.c crypto/dyn_lck.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem.c crypto/mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_clr.c crypto/mem_clr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_dbg.c crypto/mem_dbg.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cversion.c crypto/cversion.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ex_data.c crypto/ex_data.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cpt_err.c crypto/cpt_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ebcdic.c crypto/ebcdic.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/uid.c crypto/uid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_time.c crypto/o_time.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_str.c crypto/o_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_dir.c crypto/o_dir.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_init.c crypto/o_init.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/fips_err.c crypto/fips_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_one.c crypto/md2/md2_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_one.c crypto/md4/md4_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_one.c crypto/md5/md5_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_one.c crypto/sha/sha_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1_one.c crypto/sha/sha1_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha256.c crypto/sha/sha256.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha512.c crypto/sha/sha512.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/hmac/hmac.c crypto/hmac/hmac.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_lib.c crypto/des/des_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/set_key.c crypto/des/set_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb_enc.c crypto/des/ecb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_enc.c crypto/des/cbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64enc.c crypto/des/cfb64enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64ede.c crypto/des/cfb64ede.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb_enc.c crypto/des/cfb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64ede.c crypto/des/ofb64ede.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_read.c crypto/des/enc_read.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_writ.c crypto/des/enc_writ.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64enc.c crypto/des/ofb64enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb_enc.c crypto/des/ofb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/str2key.c crypto/des/str2key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/qud_cksm.c crypto/des/qud_cksm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rand_key.c crypto/des/rand_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_enc.c crypto/des/des_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt.c crypto/des/fcrypt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rpc_enc.c crypto/des/rpc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old.c crypto/des/des_old.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old2.c crypto/des/des_old2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/read2pwd.c crypto/des/read2pwd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cbc.c crypto/idea/i_cbc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ecb.c crypto/idea/i_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_skey.c crypto/idea/i_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_skey.c crypto/bf/bf_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_enc.c crypto/bf/bf_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_skey.c crypto/cast/c_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ecb.c crypto/cast/c_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_enc.c crypto/cast/c_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_misc.c crypto/aes/aes_misc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ige.c crypto/aes/aes_ige.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_core.c crypto/aes/aes_core.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_add.c crypto/bn/bn_add.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_div.c crypto/bn/bn_div.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp.c crypto/bn/bn_exp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_lib.c crypto/bn/bn_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mul.c crypto/bn/bn_mul.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mod.c crypto/bn/bn_mod.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_print.c crypto/bn/bn_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_rand.c crypto/bn/bn_rand.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_shift.c crypto/bn/bn_shift.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_word.c crypto/bn/bn_word.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_blind.c crypto/bn/bn_blind.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_kron.c crypto/bn/bn_kron.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_prime.c crypto/bn/bn_prime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_err.c crypto/bn/bn_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_asm.c crypto/bn/bn_asm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_recp.c crypto/bn/bn_recp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mont.c crypto/bn/bn_mont.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_nist.c crypto/bn/bn_nist.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_depr.c crypto/bn/bn_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_const.c crypto/bn/bn_const.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_opt.c crypto/bn/bn_opt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dl.c crypto/dso/dso_dl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_err.c crypto/dso/dso_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_lib.c crypto/dso/dso_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_null.c crypto/dso/dso_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_win32.c crypto/dso/dso_win32.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_vms.c crypto/dso/dso_vms.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_gen.c crypto/dh/dh_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_key.c crypto/dh/dh_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_lib.c crypto/dh/dh_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_check.c crypto/dh/dh_check.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_err.c crypto/dh/dh_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_depr.c crypto/dh/dh_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_lib.c crypto/ec/ec_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_mult.c crypto/ec/ec_mult.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_err.c crypto/ec/ec_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_curve.c crypto/ec/ec_curve.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_check.c crypto/ec/ec_check.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_print.c crypto/ec/ec_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_key.c crypto/ec/ec_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buffer.c crypto/buffer/buffer.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_str.c crypto/buffer/buf_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_err.c crypto/buffer/buf_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_lib.c crypto/bio/bio_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_cb.c crypto/bio/bio_cb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_err.c crypto/bio/bio_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_mem.c crypto/bio/bss_mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_null.c crypto/bio/bss_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_fd.c crypto/bio/bss_fd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_file.c crypto/bio/bss_file.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_null.c crypto/bio/bf_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_buff.c crypto/bio/bf_buff.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/b_dump.c crypto/bio/b_dump.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_log.c crypto/bio/bss_log.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_bio.c crypto/bio/bss_bio.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/stack/stack.c crypto/stack/stack.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lhash.c crypto/lhash/lhash.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/md_rand.c crypto/rand/md_rand.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/randfile.c crypto/rand/randfile.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_lib.c crypto/rand/rand_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_eng.c crypto/rand/rand_eng.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_err.c crypto/rand/rand_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_egd.c crypto/rand/rand_egd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_win.c crypto/rand/rand_win.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_unix.c crypto/rand/rand_unix.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_os2.c crypto/rand/rand_os2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_nw.c crypto/rand/rand_nw.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err.c crypto/err/err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_def.c crypto/err/err_def.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_all.c crypto/err/err_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_prn.c crypto/err/err_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_str.c crypto/err/err_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_bio.c crypto/err/err_bio.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/o_names.c crypto/objects/o_names.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_dat.c crypto/objects/obj_dat.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_lib.c crypto/objects/obj_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_err.c crypto/objects/obj_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/encode.c crypto/evp/encode.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/digest.c crypto/evp/digest.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/dig_eng.c crypto/evp/dig_eng.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_enc.c crypto/evp/evp_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_key.c crypto/evp/evp_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des.c crypto/evp/e_des.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_bf.c crypto/evp/e_bf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_idea.c crypto/evp/e_idea.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des3.c crypto/evp/e_des3.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc4.c crypto/evp/e_rc4.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_aes.c crypto/evp/e_aes.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/names.c crypto/evp/names.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc2.c crypto/evp/e_rc2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_cast.c crypto/evp/e_cast.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc5.c crypto/evp/e_rc5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/enc_min.c crypto/evp/enc_min.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_null.c crypto/evp/m_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md2.c crypto/evp/m_md2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md4.c crypto/evp/m_md4.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md5.c crypto/evp/m_md5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha.c crypto/evp/m_sha.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha1.c crypto/evp/m_sha1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss.c crypto/evp/m_dss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss1.c crypto/evp/m_dss1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_open.c crypto/evp/p_open.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_seal.c crypto/evp/p_seal.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_sign.c crypto/evp/p_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_verify.c crypto/evp/p_verify.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_lib.c crypto/evp/p_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_enc.c crypto/evp/p_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_dec.c crypto/evp/p_dec.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_md.c crypto/evp/bio_md.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_b64.c crypto/evp/bio_b64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_enc.c crypto/evp/bio_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_err.c crypto/evp/evp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_null.c crypto/evp/e_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_all.c crypto/evp/c_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_allc.c crypto/evp/c_allc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_alld.c crypto/evp/c_alld.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_lib.c crypto/evp/evp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_ok.c crypto/evp/bio_ok.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_old.c crypto/evp/e_old.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_object.c crypto/asn1/a_object.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_time.c crypto/asn1/a_time.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_int.c crypto/asn1/a_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_octet.c crypto/asn1/a_octet.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_print.c crypto/asn1/a_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_type.c crypto/asn1/a_type.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_set.c crypto/asn1/a_set.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_dup.c crypto/asn1/a_dup.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_enum.c crypto/asn1/a_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_sign.c crypto/asn1/a_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_digest.c crypto/asn1/a_digest.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_verify.c crypto/asn1/a_verify.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strex.c crypto/asn1/a_strex.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_algor.c crypto/asn1/x_algor.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_val.c crypto/asn1/x_val.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_sig.c crypto/asn1/x_sig.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_req.c crypto/asn1/x_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_long.c crypto/asn1/x_long.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_name.c crypto/asn1/x_name.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509.c crypto/asn1/x_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_crl.c crypto/asn1/x_crl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_info.c crypto/asn1/x_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_spki.c crypto/asn1/x_spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/nsseq.c crypto/asn1/nsseq.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_req.c crypto/asn1/t_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509.c crypto/asn1/t_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_crl.c crypto/asn1/t_crl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_spki.c crypto/asn1/t_spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_int.c crypto/asn1/f_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_string.c crypto/asn1/f_string.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_enum.c crypto/asn1/f_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bool.c crypto/asn1/a_bool.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_exten.c crypto/asn1/x_exten.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_meth.c crypto/asn1/a_meth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_sign.c crypto/pem/pem_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_seal.c crypto/pem/pem_seal.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_info.c crypto/pem/pem_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_lib.c crypto/pem/pem_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_all.c crypto/pem/pem_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_err.c crypto/pem/pem_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_x509.c crypto/pem/pem_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_oth.c crypto/pem/pem_oth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_def.c crypto/x509/x509_def.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_d2.c crypto/x509/x509_d2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_obj.c crypto/x509/x509_obj.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_req.c crypto/x509/x509_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509spki.c crypto/x509/x509spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_set.c crypto/x509/x509_set.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509cset.c crypto/x509/x509cset.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509rset.c crypto/x509/x509rset.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_err.c crypto/x509/x509_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509name.c crypto/x509/x509name.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_v3.c crypto/x509/x509_v3.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_ext.c crypto/x509/x509_ext.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_att.c crypto/x509/x509_att.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509type.c crypto/x509/x509type.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_lu.c crypto/x509/x509_lu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x_all.c crypto/x509/x_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_txt.c crypto/x509/x509_txt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_trs.c crypto/x509/x509_trs.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_file.c crypto/x509/by_file.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_dir.c crypto/x509/by_dir.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3err.c crypto/x509v3/v3err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_err.c crypto/conf/conf_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_lib.c crypto/conf/conf_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_api.c crypto/conf/conf_api.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_def.c crypto/conf/conf_def.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mod.c crypto/conf/conf_mod.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mall.c crypto/conf/conf_mall.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_sap.c crypto/conf/conf_sap.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_lib.c crypto/comp/comp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_err.c crypto/comp/comp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_rle.c crypto/comp/c_rle.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_zlib.c crypto/comp/c_zlib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_err.c crypto/engine/eng_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_lib.c crypto/engine/eng_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_list.c crypto/engine/eng_list.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_init.c crypto/engine/eng_init.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_table.c crypto/engine/eng_table.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_fat.c crypto/engine/eng_fat.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_all.c crypto/engine/eng_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dh.c crypto/engine/tb_dh.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rand.c crypto/engine/tb_rand.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_store.c crypto/engine/tb_store.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_digest.c crypto/engine/tb_digest.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_err.c crypto/ui/ui_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_lib.c crypto/ui/ui_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_util.c crypto/ui/ui_util.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_compat.c crypto/ui/ui_compat.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_err.c crypto/store/str_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_lib.c crypto/store/str_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_meth.c crypto/store/str_meth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_mem.c crypto/store/str_mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c +diff --git a/Cryptlib/Pk/CryptPkcs7Sign.c b/Cryptlib/Pk/CryptPkcs7Sign.c +new file mode 100644 +index 0000000..63fe78f +--- /dev/null ++++ b/Cryptlib/Pk/CryptPkcs7Sign.c +@@ -0,0 +1,207 @@ ++/** @file ++ PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL. ++ ++Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include "InternalCryptLib.h" ++ ++#include ++#include ++#include ++ ++ ++/** ++ Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message ++ Syntax Standard, version 1.5". This interface is only intended to be used for ++ application to perform PKCS#7 functionality validation. ++ ++ @param[in] PrivateKey Pointer to the PEM-formatted private key data for ++ data signing. ++ @param[in] PrivateKeySize Size of the PEM private key data in bytes. ++ @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM ++ key data. ++ @param[in] InData Pointer to the content to be signed. ++ @param[in] InDataSize Size of InData in bytes. ++ @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. ++ @param[in] OtherCerts Pointer to an optional additional set of certificates to ++ include in the PKCS#7 signedData (e.g. any intermediate ++ CAs in the chain). ++ @param[out] SignedData Pointer to output PKCS#7 signedData. ++ @param[out] SignedDataSize Size of SignedData in bytes. ++ ++ @retval TRUE PKCS#7 data signing succeeded. ++ @retval FALSE PKCS#7 data signing failed. ++ ++**/ ++BOOLEAN ++EFIAPI ++Pkcs7Sign ( ++ IN CONST UINT8 *PrivateKey, ++ IN UINTN PrivateKeySize, ++ IN CONST UINT8 *KeyPassword, ++ IN UINT8 *InData, ++ IN UINTN InDataSize, ++ IN UINT8 *SignCert, ++ IN UINT8 *OtherCerts OPTIONAL, ++ OUT UINT8 **SignedData, ++ OUT UINTN *SignedDataSize ++ ) ++{ ++ BOOLEAN Status; ++ EVP_PKEY *Key; ++ BIO *DataBio; ++ PKCS7 *Pkcs7; ++ UINT8 *RsaContext; ++ UINT8 *P7Data; ++ UINTN P7DataSize; ++ UINT8 *Tmp; ++ ++ // ++ // Check input parameters. ++ // ++ if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL || ++ SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) { ++ return FALSE; ++ } ++ ++ RsaContext = NULL; ++ Key = NULL; ++ Pkcs7 = NULL; ++ DataBio = NULL; ++ Status = FALSE; ++ ++ // ++ // Retrieve RSA private key from PEM data. ++ // ++ Status = RsaGetPrivateKeyFromPem ( ++ PrivateKey, ++ PrivateKeySize, ++ (CONST CHAR8 *) KeyPassword, ++ (VOID **) &RsaContext ++ ); ++ if (!Status) { ++ return Status; ++ } ++ ++ Status = FALSE; ++ ++ // ++ // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling ++ // ++ if (EVP_add_digest (EVP_md5 ()) == 0) { ++ goto _Exit; ++ } ++ if (EVP_add_digest (EVP_sha1 ()) == 0) { ++ goto _Exit; ++ } ++ if (EVP_add_digest (EVP_sha256 ()) == 0) { ++ goto _Exit; ++ } ++ ++ RandomSeed (NULL, 0); ++ ++ // ++ // Construct OpenSSL EVP_PKEY for private key. ++ // ++ Key = EVP_PKEY_new (); ++ if (Key == NULL) { ++ goto _Exit; ++ } ++ Key->save_type = EVP_PKEY_RSA; ++ Key->type = EVP_PKEY_type (EVP_PKEY_RSA); ++ Key->pkey.rsa = (RSA *) RsaContext; ++ ++ // ++ // Convert the data to be signed to BIO format. ++ // ++ DataBio = BIO_new (BIO_s_mem ()); ++ if (DataBio == NULL) { ++ goto _Exit; ++ } ++ ++ if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) { ++ goto _Exit; ++ } ++ ++ // ++ // Create the PKCS#7 signedData structure. ++ // ++ Pkcs7 = PKCS7_sign ( ++ (X509 *) SignCert, ++ Key, ++ (STACK_OF(X509) *) OtherCerts, ++ DataBio, ++ PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED ++ ); ++ if (Pkcs7 == NULL) { ++ goto _Exit; ++ } ++ ++ // ++ // Convert PKCS#7 signedData structure into DER-encoded buffer. ++ // ++ P7DataSize = i2d_PKCS7 (Pkcs7, NULL); ++ if (P7DataSize <= 19) { ++ goto _Exit; ++ } ++ ++ P7Data = malloc (P7DataSize); ++ if (P7Data == NULL) { ++ goto _Exit; ++ } ++ ++ Tmp = P7Data; ++ P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp); ++ ASSERT (P7DataSize > 19); ++ ++ // ++ // Strip ContentInfo to content only for signeddata. The data be trimmed off ++ // is totally 19 bytes. ++ // ++ *SignedDataSize = P7DataSize - 19; ++ *SignedData = malloc (*SignedDataSize); ++ if (*SignedData == NULL) { ++ OPENSSL_free (P7Data); ++ goto _Exit; ++ } ++ ++ CopyMem (*SignedData, P7Data + 19, *SignedDataSize); ++ ++ OPENSSL_free (P7Data); ++ ++ Status = TRUE; ++ ++_Exit: ++ // ++ // Release Resources ++ // ++ if (RsaContext != NULL) { ++ RsaFree (RsaContext); ++ if (Key != NULL) { ++ Key->pkey.rsa = NULL; ++ } ++ } ++ ++ if (Key != NULL) { ++ EVP_PKEY_free (Key); ++ } ++ ++ if (DataBio != NULL) { ++ BIO_free (DataBio); ++ } ++ ++ if (Pkcs7 != NULL) { ++ PKCS7_free (Pkcs7); ++ } ++ ++ return Status; ++} +diff --git a/Cryptlib/Pk/CryptPkcs7SignNull.c b/Cryptlib/Pk/CryptPkcs7SignNull.c +new file mode 100644 +index 0000000..539bb6b +--- /dev/null ++++ b/Cryptlib/Pk/CryptPkcs7SignNull.c +@@ -0,0 +1,59 @@ ++/** @file ++ PKCS#7 SignedData Sign Wrapper Implementation which does not provide real ++ capabilities. ++ ++Copyright (c) 2012, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include "InternalCryptLib.h" ++ ++/** ++ Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message ++ Syntax Standard, version 1.5". This interface is only intended to be used for ++ application to perform PKCS#7 functionality validation. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in] PrivateKey Pointer to the PEM-formatted private key data for ++ data signing. ++ @param[in] PrivateKeySize Size of the PEM private key data in bytes. ++ @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM ++ key data. ++ @param[in] InData Pointer to the content to be signed. ++ @param[in] InDataSize Size of InData in bytes. ++ @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. ++ @param[in] OtherCerts Pointer to an optional additional set of certificates to ++ include in the PKCS#7 signedData (e.g. any intermediate ++ CAs in the chain). ++ @param[out] SignedData Pointer to output PKCS#7 signedData. ++ @param[out] SignedDataSize Size of SignedData in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++Pkcs7Sign ( ++ IN CONST UINT8 *PrivateKey, ++ IN UINTN PrivateKeySize, ++ IN CONST UINT8 *KeyPassword, ++ IN UINT8 *InData, ++ IN UINTN InDataSize, ++ IN UINT8 *SignCert, ++ IN UINT8 *OtherCerts OPTIONAL, ++ OUT UINT8 **SignedData, ++ OUT UINTN *SignedDataSize ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ +diff --git a/Cryptlib/Pk/CryptPkcs7.c b/Cryptlib/Pk/CryptPkcs7Verify.c +similarity index 74% +rename from Cryptlib/Pk/CryptPkcs7.c +rename to Cryptlib/Pk/CryptPkcs7Verify.c +index 218e7ac..05c3f87 100644 +--- a/Cryptlib/Pk/CryptPkcs7.c ++++ b/Cryptlib/Pk/CryptPkcs7Verify.c +@@ -10,7 +10,7 @@ + WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated + Variable and will do basic check for data structure. + +-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
++Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -25,6 +25,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + #include + #include ++#include + #include + + UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 }; +@@ -111,182 +112,6 @@ X509VerifyCb ( + } + + /** +- Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message +- Syntax Standard, version 1.5". This interface is only intended to be used for +- application to perform PKCS#7 functionality validation. +- +- @param[in] PrivateKey Pointer to the PEM-formatted private key data for +- data signing. +- @param[in] PrivateKeySize Size of the PEM private key data in bytes. +- @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM +- key data. +- @param[in] InData Pointer to the content to be signed. +- @param[in] InDataSize Size of InData in bytes. +- @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. +- @param[in] OtherCerts Pointer to an optional additional set of certificates to +- include in the PKCS#7 signedData (e.g. any intermediate +- CAs in the chain). +- @param[out] SignedData Pointer to output PKCS#7 signedData. +- @param[out] SignedDataSize Size of SignedData in bytes. +- +- @retval TRUE PKCS#7 data signing succeeded. +- @retval FALSE PKCS#7 data signing failed. +- +-**/ +-BOOLEAN +-EFIAPI +-Pkcs7Sign ( +- IN CONST UINT8 *PrivateKey, +- IN UINTN PrivateKeySize, +- IN CONST UINT8 *KeyPassword, +- IN UINT8 *InData, +- IN UINTN InDataSize, +- IN UINT8 *SignCert, +- IN UINT8 *OtherCerts OPTIONAL, +- OUT UINT8 **SignedData, +- OUT UINTN *SignedDataSize +- ) +-{ +- BOOLEAN Status; +- EVP_PKEY *Key; +- BIO *DataBio; +- PKCS7 *Pkcs7; +- UINT8 *RsaContext; +- UINT8 *P7Data; +- UINTN P7DataSize; +- UINT8 *Tmp; +- +- // +- // Check input parameters. +- // +- if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL || +- SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) { +- return FALSE; +- } +- +- RsaContext = NULL; +- Key = NULL; +- Pkcs7 = NULL; +- DataBio = NULL; +- Status = FALSE; +- +- // +- // Retrieve RSA private key from PEM data. +- // +- Status = RsaGetPrivateKeyFromPem ( +- PrivateKey, +- PrivateKeySize, +- (CONST CHAR8 *) KeyPassword, +- (VOID **) &RsaContext +- ); +- if (!Status) { +- return Status; +- } +- +- // +- // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling +- // +- EVP_add_digest (EVP_md5()); +- EVP_add_digest (EVP_sha1()); +- EVP_add_digest (EVP_sha256()); +- RandomSeed (NULL, 0); +- +- // +- // Construct OpenSSL EVP_PKEY for private key. +- // +- Key = EVP_PKEY_new (); +- if (Key == NULL) { +- Status = FALSE; +- goto _Exit; +- } +- Key->save_type = EVP_PKEY_RSA; +- Key->type = EVP_PKEY_type (EVP_PKEY_RSA); +- Key->pkey.rsa = (RSA *) RsaContext; +- +- // +- // Convert the data to be signed to BIO format. +- // +- DataBio = BIO_new (BIO_s_mem ()); +- BIO_write (DataBio, InData, (int) InDataSize); +- +- // +- // Create the PKCS#7 signedData structure. +- // +- Pkcs7 = PKCS7_sign ( +- (X509 *) SignCert, +- Key, +- (STACK_OF(X509) *) OtherCerts, +- DataBio, +- PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED +- ); +- if (Pkcs7 == NULL) { +- Status = FALSE; +- goto _Exit; +- } +- +- // +- // Convert PKCS#7 signedData structure into DER-encoded buffer. +- // +- P7DataSize = i2d_PKCS7 (Pkcs7, NULL); +- if (P7DataSize <= 19) { +- Status = FALSE; +- goto _Exit; +- } +- +- P7Data = malloc (P7DataSize); +- if (P7Data == NULL) { +- Status = FALSE; +- goto _Exit; +- } +- +- Tmp = P7Data; +- P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp); +- +- // +- // Strip ContentInfo to content only for signeddata. The data be trimmed off +- // is totally 19 bytes. +- // +- *SignedDataSize = P7DataSize - 19; +- *SignedData = malloc (*SignedDataSize); +- if (*SignedData == NULL) { +- Status = FALSE; +- OPENSSL_free (P7Data); +- goto _Exit; +- } +- +- CopyMem (*SignedData, P7Data + 19, *SignedDataSize); +- +- OPENSSL_free (P7Data); +- +- Status = TRUE; +- +-_Exit: +- // +- // Release Resources +- // +- if (RsaContext != NULL) { +- RsaFree (RsaContext); +- if (Key != NULL) { +- Key->pkey.rsa = NULL; +- } +- } +- +- if (Key != NULL) { +- EVP_PKEY_free (Key); +- } +- +- if (DataBio != NULL) { +- BIO_free (DataBio); +- } +- +- if (Pkcs7 != NULL) { +- PKCS7_free (Pkcs7); +- } +- +- return Status; +-} +- +-/** + Check input P7Data is a wrapped ContentInfo structure or not. If not construct + a new structure to wrap P7Data. + +@@ -395,6 +220,91 @@ WrapPkcs7Data ( + } + + /** ++ Pop single certificate from STACK_OF(X509). ++ ++ If X509Stack, Cert, or CertSize is NULL, then return FALSE. ++ ++ @param[in] X509Stack Pointer to a X509 stack object. ++ @param[out] Cert Pointer to a X509 certificate. ++ @param[out] CertSize Length of output X509 certificate in bytes. ++ ++ @retval TRUE The X509 stack pop succeeded. ++ @retval FALSE The pop operation failed. ++ ++**/ ++BOOLEAN ++X509PopCertificate ( ++ IN VOID *X509Stack, ++ OUT UINT8 **Cert, ++ OUT UINTN *CertSize ++ ) ++{ ++ BIO *CertBio; ++ X509 *X509Cert; ++ STACK_OF(X509) *CertStack; ++ BOOLEAN Status; ++ INT32 Result; ++ INT32 Length; ++ VOID *Buffer; ++ ++ Status = FALSE; ++ ++ if ((X509Stack == NULL) || (Cert == NULL) || (CertSize == NULL)) { ++ return Status; ++ } ++ ++ CertStack = (STACK_OF(X509) *) X509Stack; ++ ++ X509Cert = sk_X509_pop (CertStack); ++ ++ if (X509Cert == NULL) { ++ return Status; ++ } ++ ++ Buffer = NULL; ++ ++ CertBio = BIO_new (BIO_s_mem ()); ++ if (CertBio == NULL) { ++ return Status; ++ } ++ ++ Result = i2d_X509_bio (CertBio, X509Cert); ++ if (Result == 0) { ++ goto _Exit; ++ } ++ ++ Length = ((BUF_MEM *) CertBio->ptr)->length; ++ if (Length <= 0) { ++ goto _Exit; ++ } ++ ++ Buffer = malloc (Length); ++ if (Buffer == NULL) { ++ goto _Exit; ++ } ++ ++ Result = BIO_read (CertBio, Buffer, Length); ++ if (Result != Length) { ++ goto _Exit; ++ } ++ ++ *Cert = Buffer; ++ *CertSize = Length; ++ ++ Status = TRUE; ++ ++_Exit: ++ ++ BIO_free (CertBio); ++ ++ if (!Status && (Buffer != NULL)) { ++ free (Buffer); ++ } ++ ++ return Status; ++} ++ ++/** + Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: + Cryptographic Message Syntax Standard". The input signed data could be wrapped + in a ContentInfo structure. +@@ -634,7 +544,6 @@ Pkcs7Verify ( + ) + { + PKCS7 *Pkcs7; +- BIO *CertBio; + BIO *DataBio; + BOOLEAN Status; + X509 *Cert; +@@ -653,7 +562,6 @@ Pkcs7Verify ( + } + + Pkcs7 = NULL; +- CertBio = NULL; + DataBio = NULL; + Cert = NULL; + CertStore = NULL; +@@ -661,10 +569,19 @@ Pkcs7Verify ( + // + // Register & Initialize necessary digest algorithms for PKCS#7 Handling + // +- EVP_add_digest (EVP_md5()); +- EVP_add_digest (EVP_sha1()); +- EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA); +- EVP_add_digest (EVP_sha256()); ++ if (EVP_add_digest (EVP_md5 ()) == 0) { ++ return FALSE; ++ } ++ if (EVP_add_digest (EVP_sha1 ()) == 0) { ++ return FALSE; ++ } ++ if (EVP_add_digest (EVP_sha256 ()) == 0) { ++ return FALSE; ++ } ++ if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) { ++ return FALSE; ++ } ++ + + Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize); + if (!Status) { +@@ -696,12 +613,7 @@ Pkcs7Verify ( + // + // Read DER-encoded root certificate and Construct X509 Certificate + // +- CertBio = BIO_new (BIO_s_mem ()); +- BIO_write (CertBio, TrustedCert, (int)CertLength); +- if (CertBio == NULL) { +- goto _Exit; +- } +- Cert = d2i_X509_bio (CertBio, NULL); ++ Cert = d2i_X509 (NULL, &TrustedCert, (long) CertLength); + if (Cert == NULL) { + goto _Exit; + } +@@ -728,7 +640,20 @@ Pkcs7Verify ( + // in PKCS#7 structure. So ignore NULL checking here. + // + DataBio = BIO_new (BIO_s_mem ()); +- BIO_write (DataBio, InData, (int)DataLength); ++ if (DataBio == NULL) { ++ goto _Exit; ++ } ++ ++ if (BIO_write (DataBio, InData, (int) DataLength) <= 0) { ++ goto _Exit; ++ } ++ ++ // ++ // OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and ++ // doesn't support the extended key usage for Authenticode Code Signing. ++ // Bypass the certificate purpose checking by enabling any purposes setting. ++ // ++ X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY); + + // + // Verifies the PKCS#7 signedData structure +@@ -740,7 +665,6 @@ _Exit: + // Release Resources + // + BIO_free (DataBio); +- BIO_free (CertBio); + X509_free (Cert); + X509_STORE_free (CertStore); + PKCS7_free (Pkcs7); +diff --git a/Cryptlib/Pk/CryptPkcs7VerifyNull.c b/Cryptlib/Pk/CryptPkcs7VerifyNull.c +new file mode 100644 +index 0000000..9a4c77a +--- /dev/null ++++ b/Cryptlib/Pk/CryptPkcs7VerifyNull.c +@@ -0,0 +1,100 @@ ++/** @file ++ PKCS#7 SignedData Verification Wrapper Implementation which does not provide ++ real capabilities. ++ ++Copyright (c) 2012, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include "InternalCryptLib.h" ++ ++/** ++ Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: ++ Cryptographic Message Syntax Standard". The input signed data could be wrapped ++ in a ContentInfo structure. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in] P7Data Pointer to the PKCS#7 message to verify. ++ @param[in] P7Length Length of the PKCS#7 message in bytes. ++ @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. ++ It's caller's responsiblity to free the buffer. ++ @param[out] StackLength Length of signer's certificates in bytes. ++ @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. ++ It's caller's responsiblity to free the buffer. ++ @param[out] CertLength Length of the trusted certificate in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++Pkcs7GetSigners ( ++ IN CONST UINT8 *P7Data, ++ IN UINTN P7Length, ++ OUT UINT8 **CertStack, ++ OUT UINTN *StackLength, ++ OUT UINT8 **TrustedCert, ++ OUT UINTN *CertLength ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++/** ++ Wrap function to use free() to free allocated memory for certificates. ++ ++ If the interface is not supported, then ASSERT(). ++ ++ @param[in] Certs Pointer to the certificates to be freed. ++ ++**/ ++VOID ++EFIAPI ++Pkcs7FreeSigners ( ++ IN UINT8 *Certs ++ ) ++{ ++ ASSERT (FALSE); ++} ++ ++/** ++ Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: ++ Cryptographic Message Syntax Standard". The input signed data could be wrapped ++ in a ContentInfo structure. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in] P7Data Pointer to the PKCS#7 message to verify. ++ @param[in] P7Length Length of the PKCS#7 message in bytes. ++ @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which ++ is used for certificate chain verification. ++ @param[in] CertLength Length of the trusted certificate in bytes. ++ @param[in] InData Pointer to the content to be verified. ++ @param[in] DataLength Length of InData in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++Pkcs7Verify ( ++ IN CONST UINT8 *P7Data, ++ IN UINTN P7Length, ++ IN CONST UINT8 *TrustedCert, ++ IN UINTN CertLength, ++ IN CONST UINT8 *InData, ++ IN UINTN DataLength ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} +diff --git a/Cryptlib/Pk/CryptRsaExtNull.c b/Cryptlib/Pk/CryptRsaExtNull.c +new file mode 100644 +index 0000000..e44cdde +--- /dev/null ++++ b/Cryptlib/Pk/CryptRsaExtNull.c +@@ -0,0 +1,125 @@ ++/** @file ++ RSA Asymmetric Cipher Wrapper Implementation over OpenSSL. ++ ++ This file does not provide real capabilities for following APIs in RSA handling: ++ 1) RsaGetKey ++ 2) RsaGenerateKey ++ 3) RsaCheckKey ++ 4) RsaPkcs1Sign ++ ++Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include "InternalCryptLib.h" ++ ++/** ++ Gets the tag-designated RSA key component from the established RSA context. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in, out] RsaContext Pointer to RSA context being set. ++ @param[in] KeyTag Tag of RSA key component being set. ++ @param[out] BigNumber Pointer to octet integer buffer. ++ @param[in, out] BnSize On input, the size of big number buffer in bytes. ++ On output, the size of data returned in big number buffer in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++RsaGetKey ( ++ IN OUT VOID *RsaContext, ++ IN RSA_KEY_TAG KeyTag, ++ OUT UINT8 *BigNumber, ++ IN OUT UINTN *BnSize ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++/** ++ Generates RSA key components. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in, out] RsaContext Pointer to RSA context being set. ++ @param[in] ModulusLength Length of RSA modulus N in bits. ++ @param[in] PublicExponent Pointer to RSA public exponent. ++ @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++RsaGenerateKey ( ++ IN OUT VOID *RsaContext, ++ IN UINTN ModulusLength, ++ IN CONST UINT8 *PublicExponent, ++ IN UINTN PublicExponentSize ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++/** ++ Validates key components of RSA context. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in] RsaContext Pointer to RSA context to check. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++RsaCheckKey ( ++ IN VOID *RsaContext ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++/** ++ Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in] RsaContext Pointer to RSA context for signature generation. ++ @param[in] MessageHash Pointer to octet message hash to be signed. ++ @param[in] HashSize Size of the message hash in bytes. ++ @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature. ++ @param[in, out] SigSize On input, the size of Signature buffer in bytes. ++ On output, the size of data returned in Signature buffer in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++RsaPkcs1Sign ( ++ IN VOID *RsaContext, ++ IN CONST UINT8 *MessageHash, ++ IN UINTN HashSize, ++ OUT UINT8 *Signature, ++ IN OUT UINTN *SigSize ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++ +diff --git a/Cryptlib/Rand/CryptRand.c b/Cryptlib/Rand/CryptRand.c +index dc3ab99..895ce83 100644 +--- a/Cryptlib/Rand/CryptRand.c ++++ b/Cryptlib/Rand/CryptRand.c +@@ -1,7 +1,7 @@ + /** @file + Pseudorandom Number Generator Wrapper Implementation over OpenSSL. + +-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
++Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + #include "InternalCryptLib.h" + #include ++#include + + // + // Default seed for UEFI Crypto Library +@@ -48,6 +49,14 @@ RandomSeed ( + } + + // ++ // The software PRNG implementation built in OpenSSL depends on message digest algorithm. ++ // Make sure SHA-1 digest algorithm is available here. ++ // ++ if (EVP_add_digest (EVP_sha1 ()) == 0) { ++ return FALSE; ++ } ++ ++ // + // Seed the pseudorandom number generator with user-supplied value. + // NOTE: A cryptographic PRNG must be seeded with unpredictable data. + // +diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh +index 96bbece..57b6631 100755 +--- a/Cryptlib/update.sh ++++ b/Cryptlib/update.sh +@@ -13,8 +13,13 @@ cp $DIR/Cipher/CryptAes.c Cipher/CryptAes.c + cp $DIR/Cipher/CryptTdes.c Cipher/CryptTdes.c + cp $DIR/Cipher/CryptArc4.c Cipher/CryptArc4.c + cp $DIR/Rand/CryptRand.c Rand/CryptRand.c +-cp $DIR/Pk/CryptRsa.c Pk/CryptRsa.c +-cp $DIR/Pk/CryptPkcs7.c Pk/CryptPkcs7.c ++cp $DIR/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c ++cp $DIR/Pk/CryptRsaExt.c Pk/CryptRsaExt.c ++cp $DIR/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c ++cp $DIR/Pk/CryptPkcs7Sign.c Pk/CryptPkcs7Sign.c ++cp $DIR/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c ++cp $DIR/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c ++cp $DIR/Pk/CryptPkcs7VerifyNull.c Pk/CryptPkcs7VerifyNull.c + cp $DIR/Pk/CryptDh.c Pk/CryptDh.c + cp $DIR/Pk/CryptX509.c Pk/CryptX509.c + cp $DIR/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c +-- +1.9.3 + diff --git a/SOURCES/0044-Replace-build-instructions-in-README-with-something-.patch b/SOURCES/0044-Replace-build-instructions-in-README-with-something-.patch new file mode 100644 index 0000000..b2a0f0c --- /dev/null +++ b/SOURCES/0044-Replace-build-instructions-in-README-with-something-.patch @@ -0,0 +1,27 @@ +From 81ee561dde0213bc487aa1b701799f6d2faeaf31 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 21 Jul 2014 16:15:07 -0400 +Subject: [PATCH 44/74] Replace build instructions in README with something not + completely wrong. + +These were really, really out of date. +--- + README | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/README b/README +index 2977f2a..24a39df 100644 +--- a/README ++++ b/README +@@ -12,5 +12,5 @@ in the shim.h header file and provides a single entry point. On 64-bit systems + this entry point expects to be called with SysV ABI rather than MSABI, and + so calls to it should not be wrapped. + +-To use shim, simply place a hex dump of the public certificate in cert.h +-and build it with make. +\ No newline at end of file ++To use shim, simply place a DER-encoded public certificate in a file such as ++pub.cer and build with "make VENDOR_CERT_FILE=pub.cer". +-- +1.9.3 + diff --git a/SOURCES/0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch b/SOURCES/0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch new file mode 100644 index 0000000..8372361 --- /dev/null +++ b/SOURCES/0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch @@ -0,0 +1,37 @@ +From a30276e095c10be69b5282d01c20cf5daf3fa671 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 12 Aug 2014 15:33:18 +0200 +Subject: [PATCH 45/74] CryptLib: undefine va_arg and friends before redefining + them + +Upstream GNU-EFI contains changes to efistdarg.h resulting in the va_start, +va_arg and va_end macros to be #defined unconditionally. Make sure we #undef +them before overriding the definitions. + +Signed-off-by: Ard Biesheuvel +--- + Cryptlib/Include/OpenSslSupport.h | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h +index 5a2745d..9e56ced 100644 +--- a/Cryptlib/Include/OpenSslSupport.h ++++ b/Cryptlib/Include/OpenSslSupport.h +@@ -35,6 +35,14 @@ typedef VOID *FILE; + // Map all va_xxxx elements to VA_xxx defined in MdePkg/Include/Base.h + // + #if !defined(__CC_ARM) // if va_list is not already defined ++/* ++ * These are now unconditionally #defined by GNU_EFI's efistdarg.h, ++ * so we should #undef them here before providing a new definition. ++ */ ++#undef va_arg ++#undef va_start ++#undef va_end ++ + #define va_list VA_LIST + #define va_arg VA_ARG + #define va_start VA_START +-- +1.9.3 + diff --git a/SOURCES/0046-unhook_system_services-bail-on-systab-NULL.patch b/SOURCES/0046-unhook_system_services-bail-on-systab-NULL.patch new file mode 100644 index 0000000..3f0bb9d --- /dev/null +++ b/SOURCES/0046-unhook_system_services-bail-on-systab-NULL.patch @@ -0,0 +1,30 @@ +From 77cdb40423e29a5f9d1318cd0ada874ee1916450 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 12 Aug 2014 15:33:19 +0200 +Subject: [PATCH 46/74] unhook_system_services: bail on systab == NULL + +Prevent unhook_system_services() from dereferencing a NULL systab, which +may occur if hook_system_services() has never been called. + +Signed-off-by: Ard Biesheuvel +--- + replacements.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/replacements.c b/replacements.c +index 48dc437..5dfa355 100644 +--- a/replacements.c ++++ b/replacements.c +@@ -70,6 +70,9 @@ static EFI_HANDLE last_loaded_image; + void + unhook_system_services(void) + { ++ if (!systab) ++ return; ++ + systab->BootServices->Exit = system_exit; + systab->BootServices->LoadImage = system_load_image; + systab->BootServices->StartImage = system_start_image; +-- +1.9.3 + diff --git a/SOURCES/0047-Factor-out-x86-isms-and-add-cross-compile-support.patch b/SOURCES/0047-Factor-out-x86-isms-and-add-cross-compile-support.patch new file mode 100644 index 0000000..7d178f3 --- /dev/null +++ b/SOURCES/0047-Factor-out-x86-isms-and-add-cross-compile-support.patch @@ -0,0 +1,235 @@ +From 99d7b5e858945b8bb160fe3fea77596b2daf07ff Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 12 Aug 2014 15:33:20 +0200 +Subject: [PATCH 47/74] Factor out x86-isms and add cross compile support + +This patch cleans up and refactors the Makefiles to better allow new +architectures to be added: +- remove unused Makefile definitions +- import Makefile definitions from top level rather than redefining +- move x86 specific CFLAGS to inside ifeq() blocks +- remove x86 inline asm +- allow $(FORMAT) to be overridden: this is necessary as there exists no + EFI or PE/COFF aware objcopy for ARM + +Signed-off-by: Ard Biesheuvel +--- + Cryptlib/Makefile | 16 ++++++---------- + Cryptlib/OpenSSL/Makefile | 15 ++++++--------- + Makefile | 45 +++++++++++++++++++++++++++------------------ + lib/Makefile | 14 ++++---------- + netboot.c | 10 +--------- + 5 files changed, 44 insertions(+), 56 deletions(-) + +diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile +index 678baac..73a1e2b 100644 +--- a/Cryptlib/Makefile ++++ b/Cryptlib/Makefile +@@ -1,19 +1,15 @@ +-ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) + +-EFI_INCLUDE = /usr/include/efi +-EFI_INCLUDES = -nostdinc -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol +-EFI_PATH = /usr/lib64/gnuefi +- +-LIB_GCC = $(shell $(CC) -print-libgcc-file-name) +-EFI_LIBS = -lefi -lgnuefi $(LIB_GCC) ++EFI_INCLUDES = -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol + + CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar \ +- -Wall $(EFI_INCLUDES) -mno-red-zone -maccumulate-outgoing-args -mno-sse -mno-mmx ++ -Wall $(EFI_INCLUDES) ++ + ifeq ($(ARCH),x86_64) +- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI ++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \ ++ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI + endif + ifeq ($(ARCH),ia32) +- CFLAGS += -m32 ++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 + endif + LDFLAGS = -nostdlib -znocombreloc + +diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile +index 8e2f2a6..9097580 100644 +--- a/Cryptlib/OpenSSL/Makefile ++++ b/Cryptlib/OpenSSL/Makefile +@@ -1,19 +1,16 @@ +-ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) + +-EFI_INCLUDE = /usr/include/efi + EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol +-EFI_PATH = /usr/lib64/gnuefi + +-LIB_GCC = $(shell $(CC) -print-libgcc-file-name) +-EFI_LIBS = -lefi -lgnuefi $(LIB_GCC) +- +-CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ ++CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \ + -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC ++ + ifeq ($(ARCH),x86_64) +- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG ++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ ++ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG + endif + ifeq ($(ARCH),ia32) +- CFLAGS += -m32 -DTHIRTY_TWO_BIT ++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ ++ -m32 -DTHIRTY_TWO_BIT + endif + LDFLAGS = -nostdlib -znocombreloc + +diff --git a/Makefile b/Makefile +index df190a2..f65bb3b 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,10 +1,14 @@ +-ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) ++CC = $(CROSS_COMPILE)gcc ++LD = $(CROSS_COMPILE)ld ++OBJCOPY = $(CROSS_COMPILE)objcopy ++ ++ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) + + SUBDIRS = Cryptlib lib + + LIB_PATH = /usr/lib64 + +-EFI_INCLUDE = /usr/include/efi ++EFI_INCLUDE := /usr/include/efi + EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude + EFI_PATH := /usr/lib64/gnuefi + +@@ -16,9 +20,7 @@ EFI_LDS = elf_$(ARCH)_efi.lds + + DEFAULT_LOADER := \\\\grub.efi + CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ +- -fshort-wchar -Wall -Wsign-compare -Werror \ +- -mno-red-zone -maccumulate-outgoing-args \ +- -mno-mmx -mno-sse -fno-builtin \ ++ -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ + "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ + "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ + $(EFI_INCLUDES) +@@ -26,12 +28,15 @@ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ + ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined) + CFLAGS += -DOVERRIDE_SECURITY_POLICY + endif ++ + ifeq ($(ARCH),x86_64) +- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI ++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \ ++ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI + endif + ifeq ($(ARCH),ia32) +- CFLAGS += -m32 ++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 + endif ++ + ifneq ($(origin VENDOR_CERT_FILE), undefined) + CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" + endif +@@ -95,26 +100,28 @@ MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a + + Cryptlib/libcryptlib.a: +- $(MAKE) -C Cryptlib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) ++ $(MAKE) -C Cryptlib + + Cryptlib/OpenSSL/libopenssl.a: +- $(MAKE) -C Cryptlib/OpenSSL EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) ++ $(MAKE) -C Cryptlib/OpenSSL + + lib/lib.a: +- $(MAKE) -C lib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) ++ $(MAKE) -C lib ++ ++FORMAT ?= --target efi-app-$(ARCH) + + %.efi: %.so +- objcopy -j .text -j .sdata -j .data \ +- -j .dynamic -j .dynsym -j .rel \ +- -j .rela -j .reloc -j .eh_frame \ ++ $(OBJCOPY) -j .text -j .sdata -j .data \ ++ -j .dynamic -j .dynsym -j .rel* \ ++ -j .rela* -j .reloc -j .eh_frame \ + -j .vendor_cert \ +- --target=efi-app-$(ARCH) $^ $@ +- objcopy -j .text -j .sdata -j .data \ +- -j .dynamic -j .dynsym -j .rel \ +- -j .rela -j .reloc -j .eh_frame \ ++ $(FORMAT) $^ $@ ++ $(OBJCOPY) -j .text -j .sdata -j .data \ ++ -j .dynamic -j .dynsym -j .rel* \ ++ -j .rela* -j .reloc -j .eh_frame \ + -j .debug_info -j .debug_abbrev -j .debug_aranges \ + -j .debug_line -j .debug_str -j .debug_ranges \ +- --target=efi-app-$(ARCH) $^ $@.debug ++ $(FORMAT) $^ $@.debug + + %.efi.signed: %.efi certdb/secmod.db + pesign -n certdb -i $< -c "shim" -s -o $@ -f +@@ -151,3 +158,5 @@ archive: tag + @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) + @rm -rf /tmp/shim-$(VERSION) + @echo "The archive is in shim-$(VERSION).tar.bz2" ++ ++export ARCH CC LD OBJCOPY EFI_INCLUDE +diff --git a/lib/Makefile b/lib/Makefile +index a9c9cf6..ebd21a1 100644 +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -2,23 +2,17 @@ TARGET = lib.a + + LIBFILES = simple_file.o guid.o console.o execute.o configtable.o shell.o variables.o security_policy.o + +-ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) +- +-EFI_INCLUDE = /usr/include/efi + EFI_INCLUDES = -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I../include + +-EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o +-EFI_LDS = $(EFI_PATH)/elf_$(ARCH)_efi.lds +- + CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ +- -fshort-wchar -Wall -mno-red-zone -DBUILD_EFI -fno-builtin \ +- -Werror \ ++ -fshort-wchar -Wall -DBUILD_EFI -fno-builtin -Werror \ + $(EFI_INCLUDES) ++ + ifeq ($(ARCH),x86_64) +- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI ++ CFLAGS += -mno-red-zone -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI + endif + ifeq ($(ARCH),ia32) +- CFLAGS += -m32 ++ CFLAGS += -mno-red-zone -m32 + endif + + lib.a: $(LIBFILES) +diff --git a/netboot.c b/netboot.c +index 5ef53f7..238937d 100644 +--- a/netboot.c ++++ b/netboot.c +@@ -40,15 +40,7 @@ + #include "netboot.h" + #include "str.h" + +-static inline unsigned short int __swap16(unsigned short int x) +-{ +- __asm__("xchgb %b0,%h0" +- : "=q" (x) +- : "0" (x)); +- return x; +-} +- +-#define ntohs(x) __swap16(x) ++#define ntohs(x) __builtin_bswap16(x) /* supported both by GCC and clang */ + #define htons(x) ntohs(x) + + static EFI_PXE_BASE_CODE *pxe; +-- +1.9.3 + diff --git a/SOURCES/0048-Add-support-for-64-bit-ARM-AArch64.patch b/SOURCES/0048-Add-support-for-64-bit-ARM-AArch64.patch new file mode 100644 index 0000000..838e655 --- /dev/null +++ b/SOURCES/0048-Add-support-for-64-bit-ARM-AArch64.patch @@ -0,0 +1,131 @@ +From 04cba93d64b5ffd3a05be82aacea5c2b2d0ea94c Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 12 Aug 2014 15:33:21 +0200 +Subject: [PATCH 48/74] Add support for 64-bit ARM (AArch64) + +This adds support for building the shim for a 64-bit ARM UEFI environment. + +Signed-off-by: Ard Biesheuvel +--- + Cryptlib/OpenSSL/Makefile | 3 +++ + Makefile | 10 ++++++++ + elf_aarch64_efi.lds | 65 +++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 78 insertions(+) + create mode 100644 elf_aarch64_efi.lds + +diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile +index 9097580..17b5695 100644 +--- a/Cryptlib/OpenSSL/Makefile ++++ b/Cryptlib/OpenSSL/Makefile +@@ -12,6 +12,9 @@ ifeq ($(ARCH),ia32) + CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ + -m32 -DTHIRTY_TWO_BIT + endif ++ifeq ($(ARCH),aarch64) ++ CFLAGS += -O2 -DSIXTY_FOUR_BIT_LONG -ffreestanding -I$(shell $(CC) -print-file-name=include) ++endif + LDFLAGS = -nostdlib -znocombreloc + + TARGET = libopenssl.a +diff --git a/Makefile b/Makefile +index f65bb3b..3529b45 100644 +--- a/Makefile ++++ b/Makefile +@@ -37,6 +37,10 @@ ifeq ($(ARCH),ia32) + CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 + endif + ++ifeq ($(ARCH),aarch64) ++ CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include) ++endif ++ + ifneq ($(origin VENDOR_CERT_FILE), undefined) + CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" + endif +@@ -108,6 +112,12 @@ Cryptlib/OpenSSL/libopenssl.a: + lib/lib.a: + $(MAKE) -C lib + ++ifeq ($(ARCH),aarch64) ++FORMAT := -O binary ++SUBSYSTEM := 0xa ++LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) ++endif ++ + FORMAT ?= --target efi-app-$(ARCH) + + %.efi: %.so +diff --git a/elf_aarch64_efi.lds b/elf_aarch64_efi.lds +new file mode 100644 +index 0000000..9c9a055 +--- /dev/null ++++ b/elf_aarch64_efi.lds +@@ -0,0 +1,65 @@ ++OUTPUT_FORMAT("elf64-littleaarch64", "elf64-littleaarch64", "elf64-littleaarch64") ++OUTPUT_ARCH(aarch64) ++ENTRY(_start) ++SECTIONS ++{ ++ .text 0x0 : { ++ *(.text.head) ++ *(.text) ++ *(.text.*) ++ *(.gnu.linkonce.t.*) ++ *(.srodata) ++ *(.rodata*) ++ . = ALIGN(16); ++ _etext = .; ++ } ++ .dynamic : { *(.dynamic) } ++ .data : ++ { ++ *(.sdata) ++ *(.data) ++ *(.data1) ++ *(.data.*) ++ *(.got.plt) ++ *(.got) ++ ++ /* the EFI loader doesn't seem to like a .bss section, so we stick ++ it all into .data: */ ++ . = ALIGN(16); ++ _bss = .; ++ *(.sbss) ++ *(.scommon) ++ *(.dynbss) ++ *(.bss) ++ *(COMMON) ++ . = ALIGN(16); ++ _bss_end = .; ++ } ++ ++ . = ALIGN(4096); ++ .vendor_cert : ++ { ++ *(.vendor_cert) ++ } ++ . = ALIGN(4096); ++ ++ .rela.dyn : { *(.rela.dyn) } ++ .rela.plt : { *(.rela.plt) } ++ .rela.got : { *(.rela.got) } ++ .rela.data : { *(.rela.data) *(.rela.data*) } ++ _edata = .; ++ _data_size = . - _etext; ++ ++ . = ALIGN(4096); ++ .dynsym : { *(.dynsym) } ++ . = ALIGN(4096); ++ .dynstr : { *(.dynstr) } ++ . = ALIGN(4096); ++ /DISCARD/ : ++ { ++ *(.rel.reloc) ++ *(.eh_frame) ++ *(.note.GNU-stack) ++ } ++ .comment 0 : { *(.comment) } ++} +-- +1.9.3 + diff --git a/SOURCES/0049-Add-support-for-32-bit-ARM.patch b/SOURCES/0049-Add-support-for-32-bit-ARM.patch new file mode 100644 index 0000000..49d4975 --- /dev/null +++ b/SOURCES/0049-Add-support-for-32-bit-ARM.patch @@ -0,0 +1,209 @@ +From fa525bc4632e04346fae82a98ce23b31c6cfc86d Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 12 Aug 2014 15:33:22 +0200 +Subject: [PATCH 49/74] Add support for 32-bit ARM + +This adds support for building the shim for a 32-bit ARM UEFI environment. + +Signed-off-by: Ard Biesheuvel +--- + Cryptlib/OpenSSL/Makefile | 3 +++ + Makefile | 10 ++++++++ + cert.S | 30 ++++++++++------------ + elf_arm_efi.lds | 65 +++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 92 insertions(+), 16 deletions(-) + create mode 100644 elf_arm_efi.lds + +diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile +index 17b5695..7990b3c 100644 +--- a/Cryptlib/OpenSSL/Makefile ++++ b/Cryptlib/OpenSSL/Makefile +@@ -15,6 +15,9 @@ endif + ifeq ($(ARCH),aarch64) + CFLAGS += -O2 -DSIXTY_FOUR_BIT_LONG -ffreestanding -I$(shell $(CC) -print-file-name=include) + endif ++ifeq ($(ARCH),arm) ++ CFLAGS += -O2 -DTHIRTY_TWO_BIT -ffreestanding -I$(shell $(CC) -print-file-name=include) ++endif + LDFLAGS = -nostdlib -znocombreloc + + TARGET = libopenssl.a +diff --git a/Makefile b/Makefile +index 3529b45..5bc513c 100644 +--- a/Makefile ++++ b/Makefile +@@ -41,6 +41,10 @@ ifeq ($(ARCH),aarch64) + CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include) + endif + ++ifeq ($(ARCH),arm) ++ CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include) ++endif ++ + ifneq ($(origin VENDOR_CERT_FILE), undefined) + CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" + endif +@@ -118,6 +122,12 @@ SUBSYSTEM := 0xa + LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) + endif + ++ifeq ($(ARCH),arm) ++FORMAT := -O binary ++SUBSYSTEM := 0xa ++LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) ++endif ++ + FORMAT ?= --target efi-app-$(ARCH) + + %.efi: %.so +diff --git a/cert.S b/cert.S +index 3cfd665..cfc4525 100644 +--- a/cert.S ++++ b/cert.S +@@ -1,9 +1,7 @@ + .globl cert_table +- .data +- .align 16 +- .type cert_table, @object ++ .type cert_table, %object + .size cert_table, 4 +- .section .vendor_cert, "a", @progbits ++ .section .vendor_cert, "a", %progbits + cert_table: + #if defined(VENDOR_CERT_FILE) + .long vendor_cert_priv_end - vendor_cert_priv +@@ -20,48 +18,48 @@ cert_table: + #if defined(VENDOR_CERT_FILE) + .data + .align 1 +- .type vendor_cert_priv, @object ++ .type vendor_cert_priv, %object + .size vendor_cert_priv, vendor_cert_priv_end-vendor_cert_priv +- .section .vendor_cert, "a", @progbits ++ .section .vendor_cert, "a", %progbits + vendor_cert_priv: + .incbin VENDOR_CERT_FILE + vendor_cert_priv_end: + #else + .bss +- .type vendor_cert_priv, @object ++ .type vendor_cert_priv, %object + .size vendor_cert_priv, 1 +- .section .vendor_cert, "a", @progbits ++ .section .vendor_cert, "a", %progbits + vendor_cert_priv: + .zero 1 + + .data + .align 4 +- .type vendor_cert_size_priv, @object ++ .type vendor_cert_size_priv, %object + .size vendor_cert_size_priv, 4 +- .section .vendor_cert, "a", @progbits ++ .section .vendor_cert, "a", %progbits + vendor_cert_priv_end: + #endif + #if defined(VENDOR_DBX_FILE) + .data + .align 1 +- .type vendor_dbx_priv, @object ++ .type vendor_dbx_priv, %object + .size vendor_dbx_priv, vendor_dbx_priv_end-vendor_dbx_priv +- .section .vendor_cert, "a", @progbits ++ .section .vendor_cert, "a", %progbits + vendor_dbx_priv: + .incbin VENDOR_DBX_FILE + vendor_dbx_priv_end: + #else + .bss +- .type vendor_dbx_priv, @object ++ .type vendor_dbx_priv, %object + .size vendor_dbx_priv, 1 +- .section .vendor_cert, "a", @progbits ++ .section .vendor_cert, "a", %progbits + vendor_dbx_priv: + .zero 1 + + .data + .align 4 +- .type vendor_dbx_size_priv, @object ++ .type vendor_dbx_size_priv, %object + .size vendor_dbx_size_priv, 4 +- .section .vendor_cert, "a", @progbits ++ .section .vendor_cert, "a", %progbits + vendor_dbx_priv_end: + #endif +diff --git a/elf_arm_efi.lds b/elf_arm_efi.lds +new file mode 100644 +index 0000000..fd1075d +--- /dev/null ++++ b/elf_arm_efi.lds +@@ -0,0 +1,65 @@ ++OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm") ++OUTPUT_ARCH(arm) ++ENTRY(_start) ++SECTIONS ++{ ++ .text 0x0 : { ++ *(.text.head) ++ *(.text) ++ *(.text.*) ++ *(.gnu.linkonce.t.*) ++ *(.srodata) ++ *(.rodata*) ++ . = ALIGN(16); ++ _etext = .; ++ } ++ .dynamic : { *(.dynamic) } ++ .data : ++ { ++ *(.sdata) ++ *(.data) ++ *(.data1) ++ *(.data) ++ *(.got.plt) ++ *(.got) ++ ++ /* the EFI loader doesn't seem to like a .bss section, so we stick ++ it all into .data: */ ++ . = ALIGN(16); ++ _bss = .; ++ *(.sbss) ++ *(.scommon) ++ *(.dynbss) ++ *(.bss) ++ *(COMMON) ++ . = ALIGN(16); ++ _bss_end = .; ++ } ++ ++ . = ALIGN(4096); ++ .vendor_cert : ++ { ++ *(.vendor_cert) ++ } ++ . = ALIGN(4096); ++ ++ .rel.dyn : { *(.rel.dyn) } ++ .rel.plt : { *(.rel.plt) } ++ .rel.got : { *(.rel.got) } ++ .rel.data : { *(.rel.data) *(.rel.data*) } ++ _edata = .; ++ _data_size = . - _etext; ++ ++ . = ALIGN(4096); ++ .dynsym : { *(.dynsym) } ++ . = ALIGN(4096); ++ .dynstr : { *(.dynstr) } ++ . = ALIGN(4096); ++ /DISCARD/ : ++ { ++ *(.rel.reloc) ++ *(.eh_frame) ++ *(.note.GNU-stack) ++ } ++ .comment 0 : { *(.comment) } ++} +-- +1.9.3 + diff --git a/SOURCES/0050-Update-openssl-to-0.9.8zb.patch b/SOURCES/0050-Update-openssl-to-0.9.8zb.patch new file mode 100644 index 0000000..825c0e8 --- /dev/null +++ b/SOURCES/0050-Update-openssl-to-0.9.8zb.patch @@ -0,0 +1,4231 @@ +From 21f96e586351fc8b535353f2dea7c784e931d14a Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 19 Aug 2014 12:15:00 +0800 +Subject: [PATCH 50/74] Update openssl to 0.9.8zb + +Also update to Tiano Cryptlib r15802 and remove the execute mode +bits from the C and header files of openssl +--- + Cryptlib/OpenSSL/crypto/aes/aes_cbc.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_cfb.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_core.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_ctr.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_ecb.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_ige.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_misc.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_ofb.c | 0 + Cryptlib/OpenSSL/crypto/aes/aes_wrap.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_bool.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_bytes.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_digest.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_dup.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_enum.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_gentm.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_hdr.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_int.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_meth.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_object.c | 30 +- + Cryptlib/OpenSSL/crypto/asn1/a_octet.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_print.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_set.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_sign.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_time.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_type.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_utctm.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_utf8.c | 0 + Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 0 + Cryptlib/OpenSSL/crypto/asn1/asn1_err.c | 0 + Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c | 0 + Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c | 3 + + Cryptlib/OpenSSL/crypto/asn1/asn1_par.c | 0 + Cryptlib/OpenSSL/crypto/asn1/asn_mime.c | 2 + + Cryptlib/OpenSSL/crypto/asn1/asn_moid.c | 0 + Cryptlib/OpenSSL/crypto/asn1/asn_pack.c | 12 +- + Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c | 0 + Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c | 0 + Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c | 6 +- + Cryptlib/OpenSSL/crypto/asn1/f_enum.c | 0 + Cryptlib/OpenSSL/crypto/asn1/f_int.c | 0 + Cryptlib/OpenSSL/crypto/asn1/f_string.c | 0 + Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c | 0 + Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c | 0 + Cryptlib/OpenSSL/crypto/asn1/n_pkey.c | 0 + Cryptlib/OpenSSL/crypto/asn1/nsseq.c | 0 + Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c | 0 + Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c | 0 + Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c | 0 + Cryptlib/OpenSSL/crypto/asn1/t_bitst.c | 0 + Cryptlib/OpenSSL/crypto/asn1/t_crl.c | 0 + Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 0 + Cryptlib/OpenSSL/crypto/asn1/t_req.c | 0 + Cryptlib/OpenSSL/crypto/asn1/t_spki.c | 0 + Cryptlib/OpenSSL/crypto/asn1/t_x509.c | 2 + + Cryptlib/OpenSSL/crypto/asn1/t_x509a.c | 0 + Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c | 0 + Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c | 7 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c | 0 + Cryptlib/OpenSSL/crypto/asn1/tasn_new.c | 0 + Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c | 0 + Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_algor.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_attrib.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_bignum.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_crl.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_exten.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_info.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_long.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_name.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_pkey.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_req.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_sig.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_spki.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_val.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_x509.c | 0 + Cryptlib/OpenSSL/crypto/asn1/x_x509a.c | 0 + Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c | 0 + Cryptlib/OpenSSL/crypto/bf/bf_ecb.c | 0 + Cryptlib/OpenSSL/crypto/bf/bf_enc.c | 0 + Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c | 0 + Cryptlib/OpenSSL/crypto/bf/bf_skey.c | 0 + Cryptlib/OpenSSL/crypto/bio/b_dump.c | 0 + Cryptlib/OpenSSL/crypto/bio/bf_buff.c | 0 + Cryptlib/OpenSSL/crypto/bio/bf_nbio.c | 0 + Cryptlib/OpenSSL/crypto/bio/bf_null.c | 0 + Cryptlib/OpenSSL/crypto/bio/bio_cb.c | 0 + Cryptlib/OpenSSL/crypto/bio/bio_err.c | 0 + Cryptlib/OpenSSL/crypto/bio/bio_lib.c | 4 +- + Cryptlib/OpenSSL/crypto/bio/bss_bio.c | 0 + Cryptlib/OpenSSL/crypto/bio/bss_dgram.c | 0 + Cryptlib/OpenSSL/crypto/bio/bss_fd.c | 0 + Cryptlib/OpenSSL/crypto/bio/bss_file.c | 0 + Cryptlib/OpenSSL/crypto/bio/bss_log.c | 0 + Cryptlib/OpenSSL/crypto/bio/bss_mem.c | 0 + Cryptlib/OpenSSL/crypto/bio/bss_null.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_add.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_asm.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_blind.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_const.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_ctx.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_depr.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_div.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_err.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_exp.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_exp2.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_gcd.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c | 51 ++ + Cryptlib/OpenSSL/crypto/bn/bn_kron.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 61 +- + Cryptlib/OpenSSL/crypto/bn/bn_mod.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_mpi.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_mul.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_nist.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_opt.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_prime.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_print.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_rand.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_recp.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_shift.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_sqr.c | 1 + + Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_word.c | 0 + Cryptlib/OpenSSL/crypto/bn/bn_x931p.c | 0 + Cryptlib/OpenSSL/crypto/buffer/buf_err.c | 0 + Cryptlib/OpenSSL/crypto/buffer/buf_str.c | 0 + Cryptlib/OpenSSL/crypto/buffer/buffer.c | 0 + Cryptlib/OpenSSL/crypto/cast/c_cfb64.c | 0 + Cryptlib/OpenSSL/crypto/cast/c_ecb.c | 0 + Cryptlib/OpenSSL/crypto/cast/c_enc.c | 0 + Cryptlib/OpenSSL/crypto/cast/c_ofb64.c | 0 + Cryptlib/OpenSSL/crypto/cast/c_skey.c | 0 + Cryptlib/OpenSSL/crypto/comp/c_rle.c | 0 + Cryptlib/OpenSSL/crypto/comp/c_zlib.c | 0 + Cryptlib/OpenSSL/crypto/comp/comp_err.c | 0 + Cryptlib/OpenSSL/crypto/comp/comp_lib.c | 0 + Cryptlib/OpenSSL/crypto/conf/conf_api.c | 2 +- + Cryptlib/OpenSSL/crypto/conf/conf_def.c | 2 +- + Cryptlib/OpenSSL/crypto/conf/conf_err.c | 0 + Cryptlib/OpenSSL/crypto/conf/conf_lib.c | 0 + Cryptlib/OpenSSL/crypto/conf/conf_mall.c | 0 + Cryptlib/OpenSSL/crypto/conf/conf_mod.c | 0 + Cryptlib/OpenSSL/crypto/conf/conf_sap.c | 0 + Cryptlib/OpenSSL/crypto/cpt_err.c | 0 + Cryptlib/OpenSSL/crypto/cryptlib.c | 0 + Cryptlib/OpenSSL/crypto/cversion.c | 0 + Cryptlib/OpenSSL/crypto/des/cbc_cksm.c | 0 + Cryptlib/OpenSSL/crypto/des/cbc_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/cfb64ede.c | 0 + Cryptlib/OpenSSL/crypto/des/cfb64enc.c | 0 + Cryptlib/OpenSSL/crypto/des/cfb_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/des_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/des_lib.c | 0 + Cryptlib/OpenSSL/crypto/des/des_old.c | 0 + Cryptlib/OpenSSL/crypto/des/des_old2.c | 0 + Cryptlib/OpenSSL/crypto/des/ecb3_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/ecb_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/enc_read.c | 0 + Cryptlib/OpenSSL/crypto/des/enc_writ.c | 0 + Cryptlib/OpenSSL/crypto/des/fcrypt.c | 0 + Cryptlib/OpenSSL/crypto/des/fcrypt_b.c | 0 + Cryptlib/OpenSSL/crypto/des/ofb64ede.c | 0 + Cryptlib/OpenSSL/crypto/des/ofb64enc.c | 0 + Cryptlib/OpenSSL/crypto/des/ofb_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/pcbc_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/qud_cksm.c | 0 + Cryptlib/OpenSSL/crypto/des/rand_key.c | 0 + Cryptlib/OpenSSL/crypto/des/read2pwd.c | 0 + Cryptlib/OpenSSL/crypto/des/rpc_enc.c | 0 + Cryptlib/OpenSSL/crypto/des/set_key.c | 0 + Cryptlib/OpenSSL/crypto/des/str2key.c | 0 + Cryptlib/OpenSSL/crypto/des/xcbc_enc.c | 0 + Cryptlib/OpenSSL/crypto/dh/dh_asn1.c | 0 + Cryptlib/OpenSSL/crypto/dh/dh_check.c | 0 + Cryptlib/OpenSSL/crypto/dh/dh_depr.c | 0 + Cryptlib/OpenSSL/crypto/dh/dh_err.c | 0 + Cryptlib/OpenSSL/crypto/dh/dh_gen.c | 0 + Cryptlib/OpenSSL/crypto/dh/dh_key.c | 0 + Cryptlib/OpenSSL/crypto/dh/dh_lib.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_err.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_key.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c | 0 + Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_dl.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_err.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_lib.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_null.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_openssl.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_vms.c | 0 + Cryptlib/OpenSSL/crypto/dso/dso_win32.c | 0 + Cryptlib/OpenSSL/crypto/dyn_lck.c | 0 + Cryptlib/OpenSSL/crypto/ebcdic.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_asn1.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_check.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_curve.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_cvt.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_err.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_key.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_lib.c | 2 +- + Cryptlib/OpenSSL/crypto/ec/ec_mult.c | 0 + Cryptlib/OpenSSL/crypto/ec/ec_print.c | 0 + Cryptlib/OpenSSL/crypto/ec/ecp_mont.c | 0 + Cryptlib/OpenSSL/crypto/ec/ecp_nist.c | 0 + Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c | 174 ++--- + Cryptlib/OpenSSL/crypto/ecdh/ech_err.c | 0 + Cryptlib/OpenSSL/crypto/ecdh/ech_key.c | 0 + Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c | 0 + Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c | 0 + Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c | 0 + Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c | 0 + Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c | 0 + Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c | 0 + Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c | 0 + Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_all.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_cnf.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_dyn.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_err.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_fat.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_init.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_lib.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_list.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_openssl.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_padlock.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_pkey.c | 0 + Cryptlib/OpenSSL/crypto/engine/eng_table.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_cipher.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_dh.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_digest.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_dsa.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_rand.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_rsa.c | 0 + Cryptlib/OpenSSL/crypto/engine/tb_store.c | 0 + Cryptlib/OpenSSL/crypto/err/err.c | 0 + Cryptlib/OpenSSL/crypto/err/err_all.c | 0 + Cryptlib/OpenSSL/crypto/err/err_bio.c | 0 + Cryptlib/OpenSSL/crypto/err/err_def.c | 0 + Cryptlib/OpenSSL/crypto/err/err_prn.c | 0 + Cryptlib/OpenSSL/crypto/err/err_str.c | 0 + Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 0 + Cryptlib/OpenSSL/crypto/evp/bio_enc.c | 0 + Cryptlib/OpenSSL/crypto/evp/bio_md.c | 0 + Cryptlib/OpenSSL/crypto/evp/bio_ok.c | 0 + Cryptlib/OpenSSL/crypto/evp/c_all.c | 0 + Cryptlib/OpenSSL/crypto/evp/c_allc.c | 0 + Cryptlib/OpenSSL/crypto/evp/c_alld.c | 0 + Cryptlib/OpenSSL/crypto/evp/dig_eng.c | 0 + Cryptlib/OpenSSL/crypto/evp/digest.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_aes.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_bf.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_cast.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_des.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_des3.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_idea.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_null.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_old.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_rc2.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_rc4.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_rc5.c | 0 + Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c | 0 + Cryptlib/OpenSSL/crypto/evp/enc_min.c | 0 + Cryptlib/OpenSSL/crypto/evp/encode.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_acnf.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_cnf.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_enc.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_err.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_key.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_lib.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_pbe.c | 0 + Cryptlib/OpenSSL/crypto/evp/evp_pkey.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_dss.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_dss1.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_md2.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_md4.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_md5.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_null.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_ripemd.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_sha.c | 0 + Cryptlib/OpenSSL/crypto/evp/m_sha1.c | 0 + Cryptlib/OpenSSL/crypto/evp/names.c | 0 + Cryptlib/OpenSSL/crypto/evp/p5_crpt.c | 0 + Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c | 0 + Cryptlib/OpenSSL/crypto/evp/p_dec.c | 0 + Cryptlib/OpenSSL/crypto/evp/p_enc.c | 0 + Cryptlib/OpenSSL/crypto/evp/p_lib.c | 0 + Cryptlib/OpenSSL/crypto/evp/p_open.c | 0 + Cryptlib/OpenSSL/crypto/evp/p_seal.c | 0 + Cryptlib/OpenSSL/crypto/evp/p_sign.c | 0 + Cryptlib/OpenSSL/crypto/evp/p_verify.c | 0 + Cryptlib/OpenSSL/crypto/ex_data.c | 0 + Cryptlib/OpenSSL/crypto/fips_err.c | 0 + Cryptlib/OpenSSL/crypto/hmac/hmac.c | 0 + Cryptlib/OpenSSL/crypto/idea/i_cbc.c | 0 + Cryptlib/OpenSSL/crypto/idea/i_cfb64.c | 0 + Cryptlib/OpenSSL/crypto/idea/i_ecb.c | 0 + Cryptlib/OpenSSL/crypto/idea/i_ofb64.c | 0 + Cryptlib/OpenSSL/crypto/idea/i_skey.c | 0 + Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c | 0 + Cryptlib/OpenSSL/crypto/lhash/lh_stats.c | 0 + Cryptlib/OpenSSL/crypto/lhash/lhash.c | 0 + Cryptlib/OpenSSL/crypto/md2/md2_dgst.c | 0 + Cryptlib/OpenSSL/crypto/md2/md2_one.c | 0 + Cryptlib/OpenSSL/crypto/md4/md4_dgst.c | 0 + Cryptlib/OpenSSL/crypto/md4/md4_one.c | 0 + Cryptlib/OpenSSL/crypto/md5/md5_dgst.c | 0 + Cryptlib/OpenSSL/crypto/md5/md5_one.c | 0 + Cryptlib/OpenSSL/crypto/mem.c | 0 + Cryptlib/OpenSSL/crypto/mem_clr.c | 0 + Cryptlib/OpenSSL/crypto/mem_dbg.c | 0 + Cryptlib/OpenSSL/crypto/o_dir.c | 0 + Cryptlib/OpenSSL/crypto/o_init.c | 0 + Cryptlib/OpenSSL/crypto/o_str.c | 0 + Cryptlib/OpenSSL/crypto/o_time.c | 0 + Cryptlib/OpenSSL/crypto/objects/o_names.c | 0 + Cryptlib/OpenSSL/crypto/objects/obj_dat.c | 16 +- + Cryptlib/OpenSSL/crypto/objects/obj_err.c | 0 + Cryptlib/OpenSSL/crypto/objects/obj_lib.c | 0 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c | 0 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c | 0 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c | 0 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c | 0 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c | 3 + + Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c | 13 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c | 0 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c | 0 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_all.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_err.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_info.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_lib.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_oth.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_pk8.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_pkey.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_seal.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_sign.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_x509.c | 0 + Cryptlib/OpenSSL/crypto/pem/pem_xaux.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c | 0 + Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c | 0 + Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c | 0 + Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c | 0 + Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 0 + Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c | 0 + Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c | 0 + Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 0 + Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c | 0 + Cryptlib/OpenSSL/crypto/pqueue/pqueue.c | 0 + Cryptlib/OpenSSL/crypto/rand/md_rand.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_egd.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_eng.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_err.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_lib.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_nw.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_os2.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_unix.c | 0 + Cryptlib/OpenSSL/crypto/rand/rand_win.c | 0 + Cryptlib/OpenSSL/crypto/rand/randfile.c | 0 + Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c | 0 + Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c | 0 + Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c | 0 + Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c | 0 + Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c | 0 + Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c | 0 + Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c | 0 + Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c | 0 + Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c | 0 + Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c | 2 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_err.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_none.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_null.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c | 0 + Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c | 0 + Cryptlib/OpenSSL/crypto/sha/sha1_one.c | 0 + Cryptlib/OpenSSL/crypto/sha/sha1dgst.c | 0 + Cryptlib/OpenSSL/crypto/sha/sha256.c | 0 + Cryptlib/OpenSSL/crypto/sha/sha512.c | 0 + Cryptlib/OpenSSL/crypto/sha/sha_dgst.c | 0 + Cryptlib/OpenSSL/crypto/sha/sha_one.c | 0 + Cryptlib/OpenSSL/crypto/stack/stack.c | 0 + Cryptlib/OpenSSL/crypto/store/str_err.c | 0 + Cryptlib/OpenSSL/crypto/store/str_lib.c | 0 + Cryptlib/OpenSSL/crypto/store/str_mem.c | 0 + Cryptlib/OpenSSL/crypto/store/str_meth.c | 0 + Cryptlib/OpenSSL/crypto/txt_db/txt_db.c | 0 + Cryptlib/OpenSSL/crypto/ui/ui_compat.c | 0 + Cryptlib/OpenSSL/crypto/ui/ui_err.c | 0 + Cryptlib/OpenSSL/crypto/ui/ui_lib.c | 2 +- + Cryptlib/OpenSSL/crypto/ui/ui_util.c | 0 + Cryptlib/OpenSSL/crypto/uid.c | 0 + Cryptlib/OpenSSL/crypto/x509/by_dir.c | 0 + Cryptlib/OpenSSL/crypto/x509/by_file.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_att.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_cmp.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_d2.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_def.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_err.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_ext.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_lu.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_obj.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_r2x.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_req.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_set.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_trs.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_txt.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_v3.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509_vpm.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509cset.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509name.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509rset.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509spki.c | 0 + Cryptlib/OpenSSL/crypto/x509/x509type.c | 0 + Cryptlib/OpenSSL/crypto/x509/x_all.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_info.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_int.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c | 0 + Cryptlib/OpenSSL/crypto/x509v3/v3err.c | 0 + Cryptlib/OpenSSL/e_os.h | 0 + Cryptlib/OpenSSL/update.sh | 999 +++++++++++++------------ + Cryptlib/Pk/CryptAuthenticode.c | 4 +- + 500 files changed, 720 insertions(+), 678 deletions(-) + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_cbc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_cfb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_core.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ctr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ecb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ige.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_misc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ofb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_wrap.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bool.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bytes.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_digest.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_dup.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_enum.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_gentm.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_hdr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_int.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_meth.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_object.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_octet.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_print.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_set.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_sign.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_strex.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_strnid.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_time.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_type.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_utctm.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_utf8.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_verify.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_par.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_mime.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_moid.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_pack.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_enum.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_int.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_string.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/n_pkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/nsseq.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_bitst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_crl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_pkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_req.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_spki.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_x509.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_x509a.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_new.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_algor.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_attrib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_bignum.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_crl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_exten.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_info.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_long.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_name.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_pkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_req.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_sig.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_spki.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_val.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_x509.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_x509a.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_ecb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_skey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/b_dump.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_buff.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_nbio.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_null.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_cb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_bio.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_dgram.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_fd.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_file.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_log.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_mem.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_null.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_add.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_asm.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_blind.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_const.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_ctx.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_depr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_div.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_exp.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_exp2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_gcd.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_kron.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mod.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mont.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mpi.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mul.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_nist.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_opt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_prime.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_print.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_rand.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_recp.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_shift.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_sqr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_word.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_x931p.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buf_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buf_str.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buffer.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_cfb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_ecb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_ofb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_skey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/c_rle.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/c_zlib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/comp_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/comp_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_api.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_def.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_mall.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_mod.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_sap.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cpt_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cryptlib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cversion.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cbc_cksm.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cbc_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb64ede.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb64enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_old.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_old2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ecb3_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ecb_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/enc_read.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/enc_writ.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/fcrypt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/fcrypt_b.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb64ede.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb64enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/pcbc_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/qud_cksm.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/rand_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/read2pwd.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/rpc_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/set_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/str2key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/xcbc_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_asn1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_check.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_depr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_gen.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_dl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_null.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_openssl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_vms.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_win32.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dyn_lck.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ebcdic.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec2_mult.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_asn1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_check.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_curve.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_cvt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_mult.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_print.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_mont.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_nist.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_all.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_cnf.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_dyn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_fat.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_init.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_list.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_openssl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_padlock.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_pkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_table.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_cipher.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_dh.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_digest.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_dsa.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_rand.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_rsa.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_store.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_all.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_bio.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_def.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_prn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_str.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_b64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_md.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_ok.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_all.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_allc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_alld.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/dig_eng.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/digest.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_aes.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_bf.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_cast.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_des.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_des3.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_idea.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_null.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_old.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc4.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc5.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/enc_min.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/encode.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_acnf.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_cnf.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_pbe.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_pkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_dss.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_dss1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md4.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md5.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_null.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_ripemd.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_sha.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_sha1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/names.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p5_crpt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_dec.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_open.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_seal.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_sign.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_verify.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ex_data.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/fips_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/hmac/hmac.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_cbc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_cfb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_ecb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_ofb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_skey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/lhash/lh_stats.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/lhash/lhash.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md2/md2_dgst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md2/md2_one.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md4/md4_dgst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md4/md4_one.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md5/md5_dgst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md5/md5_one.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem_clr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem_dbg.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_dir.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_init.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_str.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_time.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/o_names.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_dat.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_all.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_info.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_oth.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_pk8.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_pkey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_seal.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_sign.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_x509.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_xaux.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pqueue/pqueue.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/md_rand.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_egd.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_eng.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_nw.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_os2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_unix.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_win.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/randfile.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_none.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_null.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha1_one.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha1dgst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha256.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha512.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha_dgst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha_one.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/stack/stack.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_mem.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_meth.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/txt_db/txt_db.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_compat.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_util.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/uid.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/by_dir.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/by_file.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_att.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_cmp.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_d2.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_def.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_ext.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_lu.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_obj.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_r2x.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_req.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_set.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_trs.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_txt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_v3.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_vfy.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_vpm.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509cset.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509name.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509rset.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509spki.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509type.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x_all.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_info.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_int.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c + mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3err.c + mode change 100755 => 100644 Cryptlib/OpenSSL/e_os.h + +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_core.c b/Cryptlib/OpenSSL/crypto/aes/aes_core.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bool.c b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_enum.c b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c b/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_meth.c b/Cryptlib/OpenSSL/crypto/asn1/a_meth.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_object.c b/Cryptlib/OpenSSL/crypto/asn1/a_object.c +old mode 100755 +new mode 100644 +index 3ac2bc2..e50501a +--- a/Cryptlib/OpenSSL/crypto/asn1/a_object.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_object.c +@@ -285,16 +285,28 @@ err: + ASN1_OBJECT_free(ret); + return(NULL); + } ++ + ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long len) + { + ASN1_OBJECT *ret=NULL; + const unsigned char *p; +- int i; +- /* Sanity check OID encoding: can't have leading 0x80 in +- * subidentifiers, see: X.690 8.19.2 ++ int i, length; ++ ++ /* Sanity check OID encoding. ++ * Need at least one content octet. ++ * MSB must be clear in the last octet. ++ * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 + */ +- for (i = 0, p = *pp; i < len; i++, p++) ++ if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || ++ p[len - 1] & 0x80) ++ { ++ ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); ++ return NULL; ++ } ++ /* Now 0 < len <= INT_MAX, so the cast is safe. */ ++ length = (int)len; ++ for (i = 0; i < length; i++, p++) + { + if (*p == 0x80 && (!i || !(p[-1] & 0x80))) + { +@@ -313,20 +325,20 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + else ret=(*a); + + p= *pp; +- if ((ret->data == NULL) || (ret->length < len)) ++ if ((ret->data == NULL) || (ret->length < length)) + { + if (ret->data != NULL) OPENSSL_free(ret->data); +- ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); ++ ret->data=(unsigned char *)OPENSSL_malloc(length); + ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; + if (ret->data == NULL) + { i=ERR_R_MALLOC_FAILURE; goto err; } + } +- memcpy(ret->data,p,(int)len); +- ret->length=(int)len; ++ memcpy(ret->data,p,length); ++ ret->length=length; + ret->sn=NULL; + ret->ln=NULL; + /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ +- p+=len; ++ p+=length; + + if (a != NULL) (*a)=ret; + *pp=p; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_print.c b/Cryptlib/OpenSSL/crypto/asn1/a_print.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_set.c b/Cryptlib/OpenSSL/crypto/asn1/a_set.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_time.c b/Cryptlib/OpenSSL/crypto/asn1/a_time.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_type.c b/Cryptlib/OpenSSL/crypto/asn1/a_type.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c +old mode 100755 +new mode 100644 +index 5af559e..d345155 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c +@@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + *pclass=xclass; + if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; + ++ if (inf && !(ret & V_ASN1_CONSTRUCTED)) ++ goto err; ++ + #if 0 + fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", + (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c +old mode 100755 +new mode 100644 +index ad8fbed..095887f +--- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c +@@ -595,6 +595,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) + int len, state, save_state = 0; + + headers = sk_MIME_HEADER_new(mime_hdr_cmp); ++ if (!headers) ++ return NULL; + while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + /* If whitespace at line start then continuation line */ + if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c +old mode 100755 +new mode 100644 +index f1a5a05..c373714 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c +@@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct) + + if (!(octmp->length = i2d(obj, NULL))) { + ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); +- return NULL; ++ goto err; + } + if (!(p = OPENSSL_malloc (octmp->length))) { + ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); +- return NULL; ++ goto err; + } + octmp->data = p; + i2d (obj, &p); + return octmp; ++ err: ++ if (!oct || !*oct) ++ { ++ ASN1_STRING_free(octmp); ++ if (oct) ++ *oct = NULL; ++ } ++ return NULL; + } + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c +old mode 100755 +new mode 100644 +index f3d9804..1b94459 +--- a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c +@@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) + ASN1_STRING *os; + + if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); +- if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0); ++ if (!M_ASN1_OCTET_STRING_set(os,data,len)) ++ { ++ M_ASN1_OCTET_STRING_free(os); ++ return 0; ++ } + ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); + return(1); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_enum.c b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_int.c b/Cryptlib/OpenSSL/crypto/asn1/f_int.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_string.c b/Cryptlib/OpenSSL/crypto/asn1/f_string.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c +old mode 100755 +new mode 100644 +index 6f295b4..f9dad0e +--- a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c +@@ -465,6 +465,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) + l=80-2-obase; + + b=X509_NAME_oneline(name,NULL,0); ++ if (!b) ++ return 0; + if (!*b) + { + OPENSSL_free(b); +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c +old mode 100755 +new mode 100644 +index 2721f90..b3687f9 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c +@@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, + { + derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) + * sizeof(*derlst)); ++ if (!derlst) ++ return 0; + tmpdat = OPENSSL_malloc(skcontlen); +- if (!derlst || !tmpdat) ++ if (!tmpdat) ++ { ++ OPENSSL_free(derlst); + return 0; ++ } + } + } + /* If not sorting just output each item */ +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_exten.c b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_info.c b/Cryptlib/OpenSSL/crypto/asn1/x_info.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_long.c b/Cryptlib/OpenSSL/crypto/asn1/x_long.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_name.c b/Cryptlib/OpenSSL/crypto/asn1/x_name.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_req.c b/Cryptlib/OpenSSL/crypto/asn1/x_req.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_val.c b/Cryptlib/OpenSSL/crypto/asn1/x_val.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c b/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_enc.c b/Cryptlib/OpenSSL/crypto/bf/bf_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_skey.c b/Cryptlib/OpenSSL/crypto/bf/bf_skey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/b_dump.c b/Cryptlib/OpenSSL/crypto/bio/b_dump.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_null.c b/Cryptlib/OpenSSL/crypto/bio/bf_null.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_err.c b/Cryptlib/OpenSSL/crypto/bio/bio_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c +old mode 100755 +new mode 100644 +index 371cdf5..6346c19 +--- a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c +@@ -132,8 +132,8 @@ int BIO_free(BIO *a) + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); + +- if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); +- a->method->destroy(a); ++ if ((a->method != NULL) && (a->method->destroy != NULL)) ++ a->method->destroy(a); + OPENSSL_free(a); + return(1); + } +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_file.c b/Cryptlib/OpenSSL/crypto/bio/bss_file.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_log.c b/Cryptlib/OpenSSL/crypto/bio/bss_log.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_null.c b/Cryptlib/OpenSSL/crypto/bio/bss_null.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_add.c b/Cryptlib/OpenSSL/crypto/bn/bn_add.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_const.c b/Cryptlib/OpenSSL/crypto/bn/bn_const.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_div.c b/Cryptlib/OpenSSL/crypto/bn/bn_div.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_err.c b/Cryptlib/OpenSSL/crypto/bn/bn_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c +old mode 100755 +new mode 100644 +index 5d90f1e..28f1fa8 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c +@@ -1095,3 +1095,54 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) + return 1; + } + ++/* ++ * Constant-time conditional swap of a and b. ++ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. ++ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, ++ * and that no more than nwords are used by either a or b. ++ * a and b cannot be the same number ++ */ ++void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) ++ { ++ BN_ULONG t; ++ int i; ++ ++ bn_wcheck_size(a, nwords); ++ bn_wcheck_size(b, nwords); ++ ++ assert(a != b); ++ assert((condition & (condition - 1)) == 0); ++ assert(sizeof(BN_ULONG) >= sizeof(int)); ++ ++ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; ++ ++ t = (a->top^b->top) & condition; ++ a->top ^= t; ++ b->top ^= t; ++ ++#define BN_CONSTTIME_SWAP(ind) \ ++ do { \ ++ t = (a->d[ind] ^ b->d[ind]) & condition; \ ++ a->d[ind] ^= t; \ ++ b->d[ind] ^= t; \ ++ } while (0) ++ ++ ++ switch (nwords) { ++ default: ++ for (i = 10; i < nwords; i++) ++ BN_CONSTTIME_SWAP(i); ++ /* Fallthrough */ ++ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ ++ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ ++ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ ++ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ ++ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ ++ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ ++ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ ++ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ ++ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ ++ case 1: BN_CONSTTIME_SWAP(0); ++ } ++#undef BN_CONSTTIME_SWAP ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +old mode 100755 +new mode 100644 +index b66f507..c288844 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +@@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) + BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); + return(NULL); + } ++#ifdef PURIFY ++ /* Valgrind complains in BN_consttime_swap because we process the whole ++ * array even if it's not initialised yet. This doesn't matter in that ++ * function - what's important is constant time operation (we're not ++ * actually going to use the data) ++ */ ++ memset(a, 0, sizeof(BN_ULONG)*words); ++#endif ++ + #if 1 + B=b->d; + /* Check if the previous number needs to be copied */ +@@ -824,55 +833,3 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, + } + return bn_cmp_words(a,b,cl); + } +- +-/* +- * Constant-time conditional swap of a and b. +- * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. +- * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, +- * and that no more than nwords are used by either a or b. +- * a and b cannot be the same number +- */ +-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) +- { +- BN_ULONG t; +- int i; +- +- bn_wcheck_size(a, nwords); +- bn_wcheck_size(b, nwords); +- +- assert(a != b); +- assert((condition & (condition - 1)) == 0); +- assert(sizeof(BN_ULONG) >= sizeof(int)); +- +- condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; +- +- t = (a->top^b->top) & condition; +- a->top ^= t; +- b->top ^= t; +- +-#define BN_CONSTTIME_SWAP(ind) \ +- do { \ +- t = (a->d[ind] ^ b->d[ind]) & condition; \ +- a->d[ind] ^= t; \ +- b->d[ind] ^= t; \ +- } while (0) +- +- +- switch (nwords) { +- default: +- for (i = 10; i < nwords; i++) +- BN_CONSTTIME_SWAP(i); +- /* Fallthrough */ +- case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ +- case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ +- case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ +- case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ +- case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ +- case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ +- case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ +- case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ +- case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ +- case 1: BN_CONSTTIME_SWAP(0); +- } +-#undef BN_CONSTTIME_SWAP +-} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c b/Cryptlib/OpenSSL/crypto/bn/bn_opt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_print.c b/Cryptlib/OpenSSL/crypto/bn/bn_print.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c +old mode 100755 +new mode 100644 +index 270d0cd..65bbf16 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c +@@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) + if (al <= 0) + { + r->top=0; ++ r->neg = 0; + return 1; + } + +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buffer.c b/Cryptlib/OpenSSL/crypto/buffer/buffer.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c b/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ecb.c b/Cryptlib/OpenSSL/crypto/cast/c_ecb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_enc.c b/Cryptlib/OpenSSL/crypto/cast/c_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c b/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_skey.c b/Cryptlib/OpenSSL/crypto/cast/c_skey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/comp/c_rle.c b/Cryptlib/OpenSSL/crypto/comp/c_rle.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_err.c b/Cryptlib/OpenSSL/crypto/comp/comp_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_api.c b/Cryptlib/OpenSSL/crypto/conf/conf_api.c +old mode 100755 +new mode 100644 +index 17bae83..55d1d50 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_api.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_api.c +@@ -294,7 +294,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) + v->value=(char *)sk; + + vv=(CONF_VALUE *)lh_insert(conf->data,v); +- assert(vv == NULL); ++ OPENSSL_assert(vv == NULL); + ok=1; + err: + if (!ok) +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.c b/Cryptlib/OpenSSL/crypto/conf/conf_def.c +old mode 100755 +new mode 100644 +index 3c58936..a168339 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_def.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.c +@@ -324,7 +324,7 @@ again: + p=eat_ws(conf, end); + if (*p != ']') + { +- if (*p != '\0') ++ if (*p != '\0' && ss != p) + { + ss=p; + goto again; +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_err.c b/Cryptlib/OpenSSL/crypto/conf/conf_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cpt_err.c b/Cryptlib/OpenSSL/crypto/cpt_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/cversion.c b/Cryptlib/OpenSSL/crypto/cversion.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_enc.c b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64ede.c b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64enc.c b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/cfb_enc.c b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/des_enc.c b/Cryptlib/OpenSSL/crypto/des/des_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/des_lib.c b/Cryptlib/OpenSSL/crypto/des/des_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/des_old.c b/Cryptlib/OpenSSL/crypto/des/des_old.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/des_old2.c b/Cryptlib/OpenSSL/crypto/des/des_old2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/enc_read.c b/Cryptlib/OpenSSL/crypto/des/enc_read.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/enc_writ.c b/Cryptlib/OpenSSL/crypto/des/enc_writ.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt.c b/Cryptlib/OpenSSL/crypto/des/fcrypt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64ede.c b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64enc.c b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/ofb_enc.c b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/qud_cksm.c b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/rand_key.c b/Cryptlib/OpenSSL/crypto/des/rand_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/read2pwd.c b/Cryptlib/OpenSSL/crypto/des/read2pwd.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/rpc_enc.c b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/set_key.c b/Cryptlib/OpenSSL/crypto/des/set_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/str2key.c b/Cryptlib/OpenSSL/crypto/des/str2key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_check.c b/Cryptlib/OpenSSL/crypto/dh/dh_check.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_err.c b/Cryptlib/OpenSSL/crypto/dh/dh_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_key.c b/Cryptlib/OpenSSL/crypto/dh/dh_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_err.c b/Cryptlib/OpenSSL/crypto/dso/dso_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_null.c b/Cryptlib/OpenSSL/crypto/dso/dso_null.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/dyn_lck.c b/Cryptlib/OpenSSL/crypto/dyn_lck.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ebcdic.c b/Cryptlib/OpenSSL/crypto/ebcdic.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c b/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_check.c b/Cryptlib/OpenSSL/crypto/ec/ec_check.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_curve.c b/Cryptlib/OpenSSL/crypto/ec/ec_curve.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c b/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_err.c b/Cryptlib/OpenSSL/crypto/ec/ec_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +old mode 100755 +new mode 100644 +index bbf2799..e7d11ff +--- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +@@ -1010,7 +1010,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX * + + int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) + { +- if (group->meth->dbl == 0) ++ if (group->meth->invert == 0) + { + ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec_mult.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_print.c b/Cryptlib/OpenSSL/crypto/ec/ec_print.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c b/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c b/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c +old mode 100755 +new mode 100644 +index 66a92e2..b239088 +--- a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c +@@ -1540,9 +1540,8 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ct + int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) + { + BN_CTX *new_ctx = NULL; +- BIGNUM *tmp0, *tmp1; +- size_t pow2 = 0; +- BIGNUM **heap = NULL; ++ BIGNUM *tmp, *tmp_Z; ++ BIGNUM **prod_Z = NULL; + size_t i; + int ret = 0; + +@@ -1557,124 +1556,104 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT + } + + BN_CTX_start(ctx); +- tmp0 = BN_CTX_get(ctx); +- tmp1 = BN_CTX_get(ctx); +- if (tmp0 == NULL || tmp1 == NULL) goto err; ++ tmp = BN_CTX_get(ctx); ++ tmp_Z = BN_CTX_get(ctx); ++ if (tmp == NULL || tmp_Z == NULL) goto err; + +- /* Before converting the individual points, compute inverses of all Z values. +- * Modular inversion is rather slow, but luckily we can do with a single +- * explicit inversion, plus about 3 multiplications per input value. +- */ ++ prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); ++ if (prod_Z == NULL) goto err; ++ for (i = 0; i < num; i++) ++ { ++ prod_Z[i] = BN_new(); ++ if (prod_Z[i] == NULL) goto err; ++ } + +- pow2 = 1; +- while (num > pow2) +- pow2 <<= 1; +- /* Now pow2 is the smallest power of 2 satifsying pow2 >= num. +- * We need twice that. */ +- pow2 <<= 1; ++ /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, ++ * skipping any zero-valued inputs (pretend that they're 1). */ + +- heap = OPENSSL_malloc(pow2 * sizeof heap[0]); +- if (heap == NULL) goto err; +- +- /* The array is used as a binary tree, exactly as in heapsort: +- * +- * heap[1] +- * heap[2] heap[3] +- * heap[4] heap[5] heap[6] heap[7] +- * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15] +- * +- * We put the Z's in the last line; +- * then we set each other node to the product of its two child-nodes (where +- * empty or 0 entries are treated as ones); +- * then we invert heap[1]; +- * then we invert each other node by replacing it by the product of its +- * parent (after inversion) and its sibling (before inversion). +- */ +- heap[0] = NULL; +- for (i = pow2/2 - 1; i > 0; i--) +- heap[i] = NULL; +- for (i = 0; i < num; i++) +- heap[pow2/2 + i] = &points[i]->Z; +- for (i = pow2/2 + num; i < pow2; i++) +- heap[i] = NULL; +- +- /* set each node to the product of its children */ +- for (i = pow2/2 - 1; i > 0; i--) ++ if (!BN_is_zero(&points[0]->Z)) + { +- heap[i] = BN_new(); +- if (heap[i] == NULL) goto err; +- +- if (heap[2*i] != NULL) ++ if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err; ++ } ++ else ++ { ++ if (group->meth->field_set_to_one != 0) + { +- if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1])) +- { +- if (!BN_copy(heap[i], heap[2*i])) goto err; +- } +- else +- { +- if (BN_is_zero(heap[2*i])) +- { +- if (!BN_copy(heap[i], heap[2*i + 1])) goto err; +- } +- else +- { +- if (!group->meth->field_mul(group, heap[i], +- heap[2*i], heap[2*i + 1], ctx)) goto err; +- } +- } ++ if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err; ++ } ++ else ++ { ++ if (!BN_one(prod_Z[0])) goto err; + } + } + +- /* invert heap[1] */ +- if (!BN_is_zero(heap[1])) ++ for (i = 1; i < num; i++) + { +- if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx)) ++ if (!BN_is_zero(&points[i]->Z)) + { +- ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); +- goto err; ++ if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err; ++ } ++ else ++ { ++ if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err; + } + } ++ ++ /* Now use a single explicit inversion to replace every ++ * non-zero points[i]->Z by its inverse. */ ++ ++ if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) ++ { ++ ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); ++ goto err; ++ } + if (group->meth->field_encode != 0) + { +- /* in the Montgomery case, we just turned R*H (representing H) ++ /* In the Montgomery case, we just turned R*H (representing H) + * into 1/(R*H), but we need R*(1/H) (representing 1/H); +- * i.e. we have need to multiply by the Montgomery factor twice */ +- if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; +- if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; ++ * i.e. we need to multiply by the Montgomery factor twice. */ ++ if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; ++ if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; + } + +- /* set other heap[i]'s to their inverses */ +- for (i = 2; i < pow2/2 + num; i += 2) ++ for (i = num - 1; i > 0; --i) + { +- /* i is even */ +- if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1])) +- { +- if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err; +- if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err; +- if (!BN_copy(heap[i], tmp0)) goto err; +- if (!BN_copy(heap[i + 1], tmp1)) goto err; +- } +- else ++ /* Loop invariant: tmp is the product of the inverses of ++ * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */ ++ if (!BN_is_zero(&points[i]->Z)) + { +- if (!BN_copy(heap[i], heap[i/2])) goto err; ++ /* Set tmp_Z to the inverse of points[i]->Z (as product ++ * of Z inverses 0 .. i, Z values 0 .. i - 1). */ ++ if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err; ++ /* Update tmp to satisfy the loop invariant for i - 1. */ ++ if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err; ++ /* Replace points[i]->Z by its inverse. */ ++ if (!BN_copy(&points[i]->Z, tmp_Z)) goto err; + } + } + +- /* we have replaced all non-zero Z's by their inverses, now fix up all the points */ ++ if (!BN_is_zero(&points[0]->Z)) ++ { ++ /* Replace points[0]->Z by its inverse. */ ++ if (!BN_copy(&points[0]->Z, tmp)) goto err; ++ } ++ ++ /* Finally, fix up the X and Y coordinates for all points. */ ++ + for (i = 0; i < num; i++) + { + EC_POINT *p = points[i]; +- ++ + if (!BN_is_zero(&p->Z)) + { + /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ + +- if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err; +- if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err; ++ if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err; ++ if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err; ++ ++ if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err; ++ if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err; + +- if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err; +- if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err; +- + if (group->meth->field_set_to_one != 0) + { + if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err; +@@ -1688,20 +1667,19 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT + } + + ret = 1; +- ++ + err: + BN_CTX_end(ctx); + if (new_ctx != NULL) + BN_CTX_free(new_ctx); +- if (heap != NULL) ++ if (prod_Z != NULL) + { +- /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */ +- for (i = pow2/2 - 1; i > 0; i--) ++ for (i = 0; i < num; i++) + { +- if (heap[i] != NULL) +- BN_clear_free(heap[i]); ++ if (prod_Z[i] != NULL) ++ BN_clear_free(prod_Z[i]); + } +- OPENSSL_free(heap); ++ OPENSSL_free(prod_Z); + } + return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c b/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c b/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c b/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c b/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_err.c b/Cryptlib/OpenSSL/crypto/engine/eng_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_fat.c b/Cryptlib/OpenSSL/crypto/engine/eng_fat.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_init.c b/Cryptlib/OpenSSL/crypto/engine/eng_init.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_lib.c b/Cryptlib/OpenSSL/crypto/engine/eng_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_list.c b/Cryptlib/OpenSSL/crypto/engine/eng_list.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c b/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c b/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c b/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_table.c b/Cryptlib/OpenSSL/crypto/engine/eng_table.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c b/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dh.c b/Cryptlib/OpenSSL/crypto/engine/tb_dh.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_digest.c b/Cryptlib/OpenSSL/crypto/engine/tb_digest.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rand.c b/Cryptlib/OpenSSL/crypto/engine/tb_rand.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_store.c b/Cryptlib/OpenSSL/crypto/engine/tb_store.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/err/err_bio.c b/Cryptlib/OpenSSL/crypto/err/err_bio.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/err/err_def.c b/Cryptlib/OpenSSL/crypto/err/err_def.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/err/err_prn.c b/Cryptlib/OpenSSL/crypto/err/err_prn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/err/err_str.c b/Cryptlib/OpenSSL/crypto/err/err_str.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_md.c b/Cryptlib/OpenSSL/crypto/evp/bio_md.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_all.c b/Cryptlib/OpenSSL/crypto/evp/c_all.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_allc.c b/Cryptlib/OpenSSL/crypto/evp/c_allc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_alld.c b/Cryptlib/OpenSSL/crypto/evp/c_alld.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/dig_eng.c b/Cryptlib/OpenSSL/crypto/evp/dig_eng.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/digest.c b/Cryptlib/OpenSSL/crypto/evp/digest.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes.c b/Cryptlib/OpenSSL/crypto/evp/e_aes.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_bf.c b/Cryptlib/OpenSSL/crypto/evp/e_bf.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_cast.c b/Cryptlib/OpenSSL/crypto/evp/e_cast.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des.c b/Cryptlib/OpenSSL/crypto/evp/e_des.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des3.c b/Cryptlib/OpenSSL/crypto/evp/e_des3.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_idea.c b/Cryptlib/OpenSSL/crypto/evp/e_idea.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_null.c b/Cryptlib/OpenSSL/crypto/evp/e_null.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_old.c b/Cryptlib/OpenSSL/crypto/evp/e_old.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/enc_min.c b/Cryptlib/OpenSSL/crypto/evp/enc_min.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_err.c b/Cryptlib/OpenSSL/crypto/evp/evp_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_key.c b/Cryptlib/OpenSSL/crypto/evp/evp_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss.c b/Cryptlib/OpenSSL/crypto/evp/m_dss.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md2.c b/Cryptlib/OpenSSL/crypto/evp/m_md2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md4.c b/Cryptlib/OpenSSL/crypto/evp/m_md4.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5.c b/Cryptlib/OpenSSL/crypto/evp/m_md5.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_null.c b/Cryptlib/OpenSSL/crypto/evp/m_null.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha.c b/Cryptlib/OpenSSL/crypto/evp/m_sha.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/names.c b/Cryptlib/OpenSSL/crypto/evp/names.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_dec.c b/Cryptlib/OpenSSL/crypto/evp/p_dec.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_enc.c b/Cryptlib/OpenSSL/crypto/evp/p_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_lib.c b/Cryptlib/OpenSSL/crypto/evp/p_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_open.c b/Cryptlib/OpenSSL/crypto/evp/p_open.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_seal.c b/Cryptlib/OpenSSL/crypto/evp/p_seal.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_sign.c b/Cryptlib/OpenSSL/crypto/evp/p_sign.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_verify.c b/Cryptlib/OpenSSL/crypto/evp/p_verify.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ex_data.c b/Cryptlib/OpenSSL/crypto/ex_data.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/fips_err.c b/Cryptlib/OpenSSL/crypto/fips_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/hmac/hmac.c b/Cryptlib/OpenSSL/crypto/hmac/hmac.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cbc.c b/Cryptlib/OpenSSL/crypto/idea/i_cbc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c b/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ecb.c b/Cryptlib/OpenSSL/crypto/idea/i_ecb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c b/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_skey.c b/Cryptlib/OpenSSL/crypto/idea/i_skey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash.c b/Cryptlib/OpenSSL/crypto/lhash/lhash.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c b/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_one.c b/Cryptlib/OpenSSL/crypto/md2/md2_one.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_one.c b/Cryptlib/OpenSSL/crypto/md4/md4_one.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_one.c b/Cryptlib/OpenSSL/crypto/md5/md5_one.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/mem.c b/Cryptlib/OpenSSL/crypto/mem.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/mem_clr.c b/Cryptlib/OpenSSL/crypto/mem_clr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/o_dir.c b/Cryptlib/OpenSSL/crypto/o_dir.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/o_str.c b/Cryptlib/OpenSSL/crypto/o_str.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/o_time.c b/Cryptlib/OpenSSL/crypto/o_time.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/objects/o_names.c b/Cryptlib/OpenSSL/crypto/objects/o_names.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c +old mode 100755 +new mode 100644 +index 760af16..cf5ba2a +--- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c +@@ -444,11 +444,12 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) + unsigned char *p; + char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; + +- if ((a == NULL) || (a->data == NULL)) { +- buf[0]='\0'; +- return(0); +- } ++ /* Ensure that, at every state, |buf| is NUL-terminated. */ ++ if (buf && buf_len > 0) ++ buf[0] = '\0'; + ++ if ((a == NULL) || (a->data == NULL)) ++ return(0); + + if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef) + { +@@ -527,9 +528,10 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) + i=(int)(l/40); + l-=(long)(i*40); + } +- if (buf && (buf_len > 0)) ++ if (buf && (buf_len > 1)) + { + *buf++ = i + '0'; ++ *buf = '\0'; + buf_len--; + } + n++; +@@ -544,9 +546,10 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) + i = strlen(bndec); + if (buf) + { +- if (buf_len > 0) ++ if (buf_len > 1) + { + *buf++ = '.'; ++ *buf = '\0'; + buf_len--; + } + BUF_strlcpy(buf,bndec,buf_len); +@@ -786,4 +789,3 @@ err: + OPENSSL_free(buf); + return(ok); + } +- +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_err.c b/Cryptlib/OpenSSL/crypto/objects/obj_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c +old mode 100755 +new mode 100644 +index 92aba08..fb87cd7 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c +@@ -464,6 +464,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) + + ctx = OCSP_sendreq_new(b, path, req, -1); + ++ if (!ctx) ++ return NULL; ++ + do + { + rv = OCSP_sendreq_nbio(&resp, ctx); +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c +old mode 100755 +new mode 100644 +index 441ccb7..5883b4e +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c +@@ -220,8 +220,19 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss + + if (!*ppath) goto mem_err; + ++ p = host; ++ if(host[0] == '[') ++ { ++ /* ipv6 literal */ ++ host++; ++ p = strchr(host, ']'); ++ if(!p) goto parse_err; ++ *p = '\0'; ++ p++; ++ } ++ + /* Look for optional ':' for port number */ +- if ((p = strchr(host, ':'))) ++ if ((p = strchr(p, ':'))) + { + *p = 0; + port = p + 1; +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_all.c b/Cryptlib/OpenSSL/crypto/pem/pem_all.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_err.c b/Cryptlib/OpenSSL/crypto/pem/pem_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_info.c b/Cryptlib/OpenSSL/crypto/pem/pem_info.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/md_rand.c b/Cryptlib/OpenSSL/crypto/rand/md_rand.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_eng.c b/Cryptlib/OpenSSL/crypto/rand/rand_eng.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_err.c b/Cryptlib/OpenSSL/crypto/rand/rand_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_nw.c b/Cryptlib/OpenSSL/crypto/rand/rand_nw.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_os2.c b/Cryptlib/OpenSSL/crypto/rand/rand_os2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_win.c b/Cryptlib/OpenSSL/crypto/rand/rand_win.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rand/randfile.c b/Cryptlib/OpenSSL/crypto/rand/randfile.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c +old mode 100755 +new mode 100644 +index d477f08..203d702 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c +@@ -457,7 +457,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, + if (padding == RSA_X931_PADDING) + { + BN_sub(f, rsa->n, ret); +- if (BN_cmp(ret, f)) ++ if (BN_cmp(ret, f) > 0) + res = f; + else + res = ret; +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha256.c b/Cryptlib/OpenSSL/crypto/sha/sha256.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha512.c b/Cryptlib/OpenSSL/crypto/sha/sha512.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_one.c b/Cryptlib/OpenSSL/crypto/sha/sha_one.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/stack/stack.c b/Cryptlib/OpenSSL/crypto/stack/stack.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/store/str_err.c b/Cryptlib/OpenSSL/crypto/store/str_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/store/str_lib.c b/Cryptlib/OpenSSL/crypto/store/str_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/store/str_mem.c b/Cryptlib/OpenSSL/crypto/store/str_mem.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/store/str_meth.c b/Cryptlib/OpenSSL/crypto/store/str_meth.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_compat.c b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_err.c b/Cryptlib/OpenSSL/crypto/ui/ui_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c +old mode 100755 +new mode 100644 +index ac01008..67013f8 +--- a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c +@@ -897,9 +897,9 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) + break; + } + } ++ } + default: + break; + } +- } + return 0; + } +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_util.c b/Cryptlib/OpenSSL/crypto/ui/ui_util.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/uid.c b/Cryptlib/OpenSSL/crypto/uid.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/by_dir.c b/Cryptlib/OpenSSL/crypto/x509/by_dir.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/by_file.c b/Cryptlib/OpenSSL/crypto/x509/by_file.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_att.c b/Cryptlib/OpenSSL/crypto/x509/x509_att.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_def.c b/Cryptlib/OpenSSL/crypto/x509/x509_def.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_err.c b/Cryptlib/OpenSSL/crypto/x509/x509_err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_req.c b/Cryptlib/OpenSSL/crypto/x509/x509_req.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_set.c b/Cryptlib/OpenSSL/crypto/x509/x509_set.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509cset.c b/Cryptlib/OpenSSL/crypto/x509/x509cset.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509name.c b/Cryptlib/OpenSSL/crypto/x509/x509name.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509rset.c b/Cryptlib/OpenSSL/crypto/x509/x509rset.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509spki.c b/Cryptlib/OpenSSL/crypto/x509/x509spki.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509type.c b/Cryptlib/OpenSSL/crypto/x509/x509type.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509/x_all.c b/Cryptlib/OpenSSL/crypto/x509/x_all.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/e_os.h b/Cryptlib/OpenSSL/e_os.h +old mode 100755 +new mode 100644 +diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh +index 95875e7..897ef2d 100755 +--- a/Cryptlib/OpenSSL/update.sh ++++ b/Cryptlib/OpenSSL/update.sh +@@ -1,501 +1,504 @@ + #/bin/sh + DIR=$1 ++version="0.9.8zb" + +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/e_os.h e_os.h +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cryptlib.c crypto/cryptlib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dyn_lck.c crypto/dyn_lck.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem.c crypto/mem.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_clr.c crypto/mem_clr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_dbg.c crypto/mem_dbg.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cversion.c crypto/cversion.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ex_data.c crypto/ex_data.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cpt_err.c crypto/cpt_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ebcdic.c crypto/ebcdic.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/uid.c crypto/uid.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_time.c crypto/o_time.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_str.c crypto/o_str.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_dir.c crypto/o_dir.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_init.c crypto/o_init.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/fips_err.c crypto/fips_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_one.c crypto/md2/md2_one.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_one.c crypto/md4/md4_one.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_one.c crypto/md5/md5_one.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_one.c crypto/sha/sha_one.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1_one.c crypto/sha/sha1_one.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha256.c crypto/sha/sha256.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha512.c crypto/sha/sha512.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/hmac/hmac.c crypto/hmac/hmac.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_lib.c crypto/des/des_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/set_key.c crypto/des/set_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb_enc.c crypto/des/ecb_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_enc.c crypto/des/cbc_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64enc.c crypto/des/cfb64enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64ede.c crypto/des/cfb64ede.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb_enc.c crypto/des/cfb_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64ede.c crypto/des/ofb64ede.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_read.c crypto/des/enc_read.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_writ.c crypto/des/enc_writ.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64enc.c crypto/des/ofb64enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb_enc.c crypto/des/ofb_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/str2key.c crypto/des/str2key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/qud_cksm.c crypto/des/qud_cksm.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rand_key.c crypto/des/rand_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_enc.c crypto/des/des_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt.c crypto/des/fcrypt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rpc_enc.c crypto/des/rpc_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old.c crypto/des/des_old.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old2.c crypto/des/des_old2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/read2pwd.c crypto/des/read2pwd.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cbc.c crypto/idea/i_cbc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ecb.c crypto/idea/i_ecb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_skey.c crypto/idea/i_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_skey.c crypto/bf/bf_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_enc.c crypto/bf/bf_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_skey.c crypto/cast/c_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ecb.c crypto/cast/c_ecb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_enc.c crypto/cast/c_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_misc.c crypto/aes/aes_misc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ige.c crypto/aes/aes_ige.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_core.c crypto/aes/aes_core.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_add.c crypto/bn/bn_add.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_div.c crypto/bn/bn_div.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp.c crypto/bn/bn_exp.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_lib.c crypto/bn/bn_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mul.c crypto/bn/bn_mul.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mod.c crypto/bn/bn_mod.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_print.c crypto/bn/bn_print.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_rand.c crypto/bn/bn_rand.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_shift.c crypto/bn/bn_shift.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_word.c crypto/bn/bn_word.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_blind.c crypto/bn/bn_blind.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_kron.c crypto/bn/bn_kron.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_prime.c crypto/bn/bn_prime.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_err.c crypto/bn/bn_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_asm.c crypto/bn/bn_asm.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_recp.c crypto/bn/bn_recp.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mont.c crypto/bn/bn_mont.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_nist.c crypto/bn/bn_nist.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_depr.c crypto/bn/bn_depr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_const.c crypto/bn/bn_const.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_opt.c crypto/bn/bn_opt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dl.c crypto/dso/dso_dl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_err.c crypto/dso/dso_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_lib.c crypto/dso/dso_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_null.c crypto/dso/dso_null.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_win32.c crypto/dso/dso_win32.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_vms.c crypto/dso/dso_vms.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_gen.c crypto/dh/dh_gen.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_key.c crypto/dh/dh_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_lib.c crypto/dh/dh_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_check.c crypto/dh/dh_check.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_err.c crypto/dh/dh_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_depr.c crypto/dh/dh_depr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_lib.c crypto/ec/ec_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_mult.c crypto/ec/ec_mult.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_err.c crypto/ec/ec_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_curve.c crypto/ec/ec_curve.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_check.c crypto/ec/ec_check.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_print.c crypto/ec/ec_print.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_key.c crypto/ec/ec_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buffer.c crypto/buffer/buffer.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_str.c crypto/buffer/buf_str.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_err.c crypto/buffer/buf_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_lib.c crypto/bio/bio_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_cb.c crypto/bio/bio_cb.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_err.c crypto/bio/bio_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_mem.c crypto/bio/bss_mem.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_null.c crypto/bio/bss_null.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_fd.c crypto/bio/bss_fd.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_file.c crypto/bio/bss_file.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_null.c crypto/bio/bf_null.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_buff.c crypto/bio/bf_buff.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/b_dump.c crypto/bio/b_dump.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_log.c crypto/bio/bss_log.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_bio.c crypto/bio/bss_bio.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/stack/stack.c crypto/stack/stack.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lhash.c crypto/lhash/lhash.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/md_rand.c crypto/rand/md_rand.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/randfile.c crypto/rand/randfile.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_lib.c crypto/rand/rand_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_eng.c crypto/rand/rand_eng.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_err.c crypto/rand/rand_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_egd.c crypto/rand/rand_egd.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_win.c crypto/rand/rand_win.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_unix.c crypto/rand/rand_unix.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_os2.c crypto/rand/rand_os2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_nw.c crypto/rand/rand_nw.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err.c crypto/err/err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_def.c crypto/err/err_def.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_all.c crypto/err/err_all.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_prn.c crypto/err/err_prn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_str.c crypto/err/err_str.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_bio.c crypto/err/err_bio.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/o_names.c crypto/objects/o_names.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_dat.c crypto/objects/obj_dat.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_lib.c crypto/objects/obj_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_err.c crypto/objects/obj_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/encode.c crypto/evp/encode.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/digest.c crypto/evp/digest.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/dig_eng.c crypto/evp/dig_eng.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_enc.c crypto/evp/evp_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_key.c crypto/evp/evp_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des.c crypto/evp/e_des.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_bf.c crypto/evp/e_bf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_idea.c crypto/evp/e_idea.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des3.c crypto/evp/e_des3.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc4.c crypto/evp/e_rc4.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_aes.c crypto/evp/e_aes.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/names.c crypto/evp/names.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc2.c crypto/evp/e_rc2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_cast.c crypto/evp/e_cast.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc5.c crypto/evp/e_rc5.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/enc_min.c crypto/evp/enc_min.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_null.c crypto/evp/m_null.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md2.c crypto/evp/m_md2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md4.c crypto/evp/m_md4.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md5.c crypto/evp/m_md5.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha.c crypto/evp/m_sha.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha1.c crypto/evp/m_sha1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss.c crypto/evp/m_dss.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss1.c crypto/evp/m_dss1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_open.c crypto/evp/p_open.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_seal.c crypto/evp/p_seal.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_sign.c crypto/evp/p_sign.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_verify.c crypto/evp/p_verify.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_lib.c crypto/evp/p_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_enc.c crypto/evp/p_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_dec.c crypto/evp/p_dec.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_md.c crypto/evp/bio_md.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_b64.c crypto/evp/bio_b64.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_enc.c crypto/evp/bio_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_err.c crypto/evp/evp_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_null.c crypto/evp/e_null.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_all.c crypto/evp/c_all.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_allc.c crypto/evp/c_allc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_alld.c crypto/evp/c_alld.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_lib.c crypto/evp/evp_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_ok.c crypto/evp/bio_ok.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_old.c crypto/evp/e_old.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_object.c crypto/asn1/a_object.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_time.c crypto/asn1/a_time.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_int.c crypto/asn1/a_int.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_octet.c crypto/asn1/a_octet.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_print.c crypto/asn1/a_print.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_type.c crypto/asn1/a_type.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_set.c crypto/asn1/a_set.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_dup.c crypto/asn1/a_dup.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_enum.c crypto/asn1/a_enum.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_sign.c crypto/asn1/a_sign.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_digest.c crypto/asn1/a_digest.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_verify.c crypto/asn1/a_verify.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strex.c crypto/asn1/a_strex.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_algor.c crypto/asn1/x_algor.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_val.c crypto/asn1/x_val.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_sig.c crypto/asn1/x_sig.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_req.c crypto/asn1/x_req.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_long.c crypto/asn1/x_long.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_name.c crypto/asn1/x_name.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509.c crypto/asn1/x_x509.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_crl.c crypto/asn1/x_crl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_info.c crypto/asn1/x_info.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_spki.c crypto/asn1/x_spki.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/nsseq.c crypto/asn1/nsseq.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_req.c crypto/asn1/t_req.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509.c crypto/asn1/t_x509.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_crl.c crypto/asn1/t_crl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_spki.c crypto/asn1/t_spki.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_int.c crypto/asn1/f_int.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_string.c crypto/asn1/f_string.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_enum.c crypto/asn1/f_enum.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bool.c crypto/asn1/a_bool.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_exten.c crypto/asn1/x_exten.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_meth.c crypto/asn1/a_meth.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_sign.c crypto/pem/pem_sign.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_seal.c crypto/pem/pem_seal.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_info.c crypto/pem/pem_info.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_lib.c crypto/pem/pem_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_all.c crypto/pem/pem_all.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_err.c crypto/pem/pem_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_x509.c crypto/pem/pem_x509.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_oth.c crypto/pem/pem_oth.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_def.c crypto/x509/x509_def.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_d2.c crypto/x509/x509_d2.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_obj.c crypto/x509/x509_obj.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_req.c crypto/x509/x509_req.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509spki.c crypto/x509/x509spki.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_set.c crypto/x509/x509_set.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509cset.c crypto/x509/x509cset.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509rset.c crypto/x509/x509rset.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_err.c crypto/x509/x509_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509name.c crypto/x509/x509name.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_v3.c crypto/x509/x509_v3.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_ext.c crypto/x509/x509_ext.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_att.c crypto/x509/x509_att.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509type.c crypto/x509/x509type.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_lu.c crypto/x509/x509_lu.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x_all.c crypto/x509/x_all.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_txt.c crypto/x509/x509_txt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_trs.c crypto/x509/x509_trs.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_file.c crypto/x509/by_file.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_dir.c crypto/x509/by_dir.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3err.c crypto/x509v3/v3err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_err.c crypto/conf/conf_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_lib.c crypto/conf/conf_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_api.c crypto/conf/conf_api.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_def.c crypto/conf/conf_def.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mod.c crypto/conf/conf_mod.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mall.c crypto/conf/conf_mall.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_sap.c crypto/conf/conf_sap.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_lib.c crypto/comp/comp_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_err.c crypto/comp/comp_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_rle.c crypto/comp/c_rle.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_zlib.c crypto/comp/c_zlib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_err.c crypto/engine/eng_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_lib.c crypto/engine/eng_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_list.c crypto/engine/eng_list.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_init.c crypto/engine/eng_init.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_table.c crypto/engine/eng_table.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_fat.c crypto/engine/eng_fat.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_all.c crypto/engine/eng_all.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dh.c crypto/engine/tb_dh.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rand.c crypto/engine/tb_rand.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_store.c crypto/engine/tb_store.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_digest.c crypto/engine/tb_digest.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_err.c crypto/ui/ui_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_lib.c crypto/ui/ui_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_util.c crypto/ui/ui_util.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_compat.c crypto/ui/ui_compat.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_err.c crypto/store/str_err.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_lib.c crypto/store/str_lib.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_meth.c crypto/store/str_meth.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_mem.c crypto/store/str_mem.c +-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/e_os.h e_os.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cryptlib.c crypto/cryptlib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dyn_lck.c crypto/dyn_lck.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem.c crypto/mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_clr.c crypto/mem_clr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_dbg.c crypto/mem_dbg.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cversion.c crypto/cversion.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ex_data.c crypto/ex_data.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cpt_err.c crypto/cpt_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ebcdic.c crypto/ebcdic.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/uid.c crypto/uid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_time.c crypto/o_time.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_str.c crypto/o_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_dir.c crypto/o_dir.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_init.c crypto/o_init.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/fips_err.c crypto/fips_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md2/md2_one.c crypto/md2/md2_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_one.c crypto/md4/md4_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_one.c crypto/md5/md5_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_one.c crypto/sha/sha_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1_one.c crypto/sha/sha1_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha256.c crypto/sha/sha256.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha512.c crypto/sha/sha512.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/hmac/hmac.c crypto/hmac/hmac.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_lib.c crypto/des/des_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/set_key.c crypto/des/set_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb_enc.c crypto/des/ecb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_enc.c crypto/des/cbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64enc.c crypto/des/cfb64enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64ede.c crypto/des/cfb64ede.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb_enc.c crypto/des/cfb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb64ede.c crypto/des/ofb64ede.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/enc_read.c crypto/des/enc_read.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/enc_writ.c crypto/des/enc_writ.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb64enc.c crypto/des/ofb64enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb_enc.c crypto/des/ofb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/str2key.c crypto/des/str2key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/qud_cksm.c crypto/des/qud_cksm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rand_key.c crypto/des/rand_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_enc.c crypto/des/des_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/fcrypt.c crypto/des/fcrypt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rpc_enc.c crypto/des/rpc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old.c crypto/des/des_old.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old2.c crypto/des/des_old2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/read2pwd.c crypto/des/read2pwd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_cbc.c crypto/idea/i_cbc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_ecb.c crypto/idea/i_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_skey.c crypto/idea/i_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_skey.c crypto/bf/bf_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_enc.c crypto/bf/bf_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_skey.c crypto/cast/c_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_ecb.c crypto/cast/c_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_enc.c crypto/cast/c_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_misc.c crypto/aes/aes_misc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ige.c crypto/aes/aes_ige.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_core.c crypto/aes/aes_core.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_add.c crypto/bn/bn_add.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_div.c crypto/bn/bn_div.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp.c crypto/bn/bn_exp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_lib.c crypto/bn/bn_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mul.c crypto/bn/bn_mul.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mod.c crypto/bn/bn_mod.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_print.c crypto/bn/bn_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_rand.c crypto/bn/bn_rand.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_shift.c crypto/bn/bn_shift.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_word.c crypto/bn/bn_word.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_blind.c crypto/bn/bn_blind.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_kron.c crypto/bn/bn_kron.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_prime.c crypto/bn/bn_prime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_err.c crypto/bn/bn_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_asm.c crypto/bn/bn_asm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_recp.c crypto/bn/bn_recp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mont.c crypto/bn/bn_mont.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_nist.c crypto/bn/bn_nist.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_depr.c crypto/bn/bn_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_const.c crypto/bn/bn_const.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_opt.c crypto/bn/bn_opt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dl.c crypto/dso/dso_dl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_err.c crypto/dso/dso_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_lib.c crypto/dso/dso_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_null.c crypto/dso/dso_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_win32.c crypto/dso/dso_win32.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_vms.c crypto/dso/dso_vms.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_gen.c crypto/dh/dh_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_key.c crypto/dh/dh_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_lib.c crypto/dh/dh_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_check.c crypto/dh/dh_check.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_err.c crypto/dh/dh_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_depr.c crypto/dh/dh_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_lib.c crypto/ec/ec_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_mult.c crypto/ec/ec_mult.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_err.c crypto/ec/ec_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_curve.c crypto/ec/ec_curve.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_check.c crypto/ec/ec_check.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_print.c crypto/ec/ec_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_key.c crypto/ec/ec_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buffer.c crypto/buffer/buffer.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_str.c crypto/buffer/buf_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_err.c crypto/buffer/buf_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_lib.c crypto/bio/bio_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_cb.c crypto/bio/bio_cb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_err.c crypto/bio/bio_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_mem.c crypto/bio/bss_mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_null.c crypto/bio/bss_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_fd.c crypto/bio/bss_fd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_file.c crypto/bio/bss_file.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_null.c crypto/bio/bf_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_buff.c crypto/bio/bf_buff.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/b_dump.c crypto/bio/b_dump.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_log.c crypto/bio/bss_log.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_bio.c crypto/bio/bss_bio.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/stack/stack.c crypto/stack/stack.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lhash.c crypto/lhash/lhash.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/md_rand.c crypto/rand/md_rand.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/randfile.c crypto/rand/randfile.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_lib.c crypto/rand/rand_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_eng.c crypto/rand/rand_eng.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_err.c crypto/rand/rand_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_egd.c crypto/rand/rand_egd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_win.c crypto/rand/rand_win.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_unix.c crypto/rand/rand_unix.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_os2.c crypto/rand/rand_os2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_nw.c crypto/rand/rand_nw.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err.c crypto/err/err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_def.c crypto/err/err_def.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_all.c crypto/err/err_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_prn.c crypto/err/err_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_str.c crypto/err/err_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_bio.c crypto/err/err_bio.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/o_names.c crypto/objects/o_names.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_dat.c crypto/objects/obj_dat.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_lib.c crypto/objects/obj_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_err.c crypto/objects/obj_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/encode.c crypto/evp/encode.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/digest.c crypto/evp/digest.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/dig_eng.c crypto/evp/dig_eng.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_enc.c crypto/evp/evp_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_key.c crypto/evp/evp_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des.c crypto/evp/e_des.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_bf.c crypto/evp/e_bf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_idea.c crypto/evp/e_idea.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des3.c crypto/evp/e_des3.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc4.c crypto/evp/e_rc4.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_aes.c crypto/evp/e_aes.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/names.c crypto/evp/names.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc2.c crypto/evp/e_rc2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_cast.c crypto/evp/e_cast.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc5.c crypto/evp/e_rc5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/enc_min.c crypto/evp/enc_min.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_null.c crypto/evp/m_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md2.c crypto/evp/m_md2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md4.c crypto/evp/m_md4.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md5.c crypto/evp/m_md5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha.c crypto/evp/m_sha.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha1.c crypto/evp/m_sha1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss.c crypto/evp/m_dss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss1.c crypto/evp/m_dss1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_open.c crypto/evp/p_open.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_seal.c crypto/evp/p_seal.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_sign.c crypto/evp/p_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_verify.c crypto/evp/p_verify.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_lib.c crypto/evp/p_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_enc.c crypto/evp/p_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_dec.c crypto/evp/p_dec.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_md.c crypto/evp/bio_md.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_b64.c crypto/evp/bio_b64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_enc.c crypto/evp/bio_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_err.c crypto/evp/evp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_null.c crypto/evp/e_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_all.c crypto/evp/c_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_allc.c crypto/evp/c_allc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_alld.c crypto/evp/c_alld.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_lib.c crypto/evp/evp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_ok.c crypto/evp/bio_ok.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_old.c crypto/evp/e_old.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_object.c crypto/asn1/a_object.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_time.c crypto/asn1/a_time.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_int.c crypto/asn1/a_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_octet.c crypto/asn1/a_octet.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_print.c crypto/asn1/a_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_type.c crypto/asn1/a_type.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_set.c crypto/asn1/a_set.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_dup.c crypto/asn1/a_dup.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_enum.c crypto/asn1/a_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_sign.c crypto/asn1/a_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_digest.c crypto/asn1/a_digest.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_verify.c crypto/asn1/a_verify.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strex.c crypto/asn1/a_strex.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_algor.c crypto/asn1/x_algor.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_val.c crypto/asn1/x_val.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_sig.c crypto/asn1/x_sig.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_req.c crypto/asn1/x_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_long.c crypto/asn1/x_long.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_name.c crypto/asn1/x_name.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_x509.c crypto/asn1/x_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_crl.c crypto/asn1/x_crl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_info.c crypto/asn1/x_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_spki.c crypto/asn1/x_spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/nsseq.c crypto/asn1/nsseq.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_req.c crypto/asn1/t_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_x509.c crypto/asn1/t_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_crl.c crypto/asn1/t_crl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_spki.c crypto/asn1/t_spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_int.c crypto/asn1/f_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_string.c crypto/asn1/f_string.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_enum.c crypto/asn1/f_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bool.c crypto/asn1/a_bool.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_exten.c crypto/asn1/x_exten.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_meth.c crypto/asn1/a_meth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_sign.c crypto/pem/pem_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_seal.c crypto/pem/pem_seal.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_info.c crypto/pem/pem_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_lib.c crypto/pem/pem_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_all.c crypto/pem/pem_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_err.c crypto/pem/pem_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_x509.c crypto/pem/pem_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_oth.c crypto/pem/pem_oth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_def.c crypto/x509/x509_def.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_d2.c crypto/x509/x509_d2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_obj.c crypto/x509/x509_obj.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_req.c crypto/x509/x509_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509spki.c crypto/x509/x509spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_set.c crypto/x509/x509_set.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509cset.c crypto/x509/x509cset.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509rset.c crypto/x509/x509rset.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_err.c crypto/x509/x509_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509name.c crypto/x509/x509name.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_v3.c crypto/x509/x509_v3.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_ext.c crypto/x509/x509_ext.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_att.c crypto/x509/x509_att.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509type.c crypto/x509/x509type.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_lu.c crypto/x509/x509_lu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x_all.c crypto/x509/x_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_txt.c crypto/x509/x509_txt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_trs.c crypto/x509/x509_trs.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/by_file.c crypto/x509/by_file.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/by_dir.c crypto/x509/by_dir.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3err.c crypto/x509v3/v3err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_err.c crypto/conf/conf_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_lib.c crypto/conf/conf_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_api.c crypto/conf/conf_api.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_def.c crypto/conf/conf_def.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mod.c crypto/conf/conf_mod.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mall.c crypto/conf/conf_mall.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_sap.c crypto/conf/conf_sap.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_lib.c crypto/comp/comp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_err.c crypto/comp/comp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_rle.c crypto/comp/c_rle.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_zlib.c crypto/comp/c_zlib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_err.c crypto/engine/eng_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_lib.c crypto/engine/eng_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_list.c crypto/engine/eng_list.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_init.c crypto/engine/eng_init.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_table.c crypto/engine/eng_table.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_fat.c crypto/engine/eng_fat.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_all.c crypto/engine/eng_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_dh.c crypto/engine/tb_dh.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_rand.c crypto/engine/tb_rand.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_store.c crypto/engine/tb_store.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_digest.c crypto/engine/tb_digest.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_err.c crypto/ui/ui_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_lib.c crypto/ui/ui_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_util.c crypto/ui/ui_util.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_compat.c crypto/ui/ui_compat.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_err.c crypto/store/str_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_lib.c crypto/store/str_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_meth.c crypto/store/str_meth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_mem.c crypto/store/str_mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c ++ ++find . -name "*.[ch]" -exec chmod -x {} \; +diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c +index bb5f6d4..7b8bca5 100644 +--- a/Cryptlib/Pk/CryptAuthenticode.c ++++ b/Cryptlib/Pk/CryptAuthenticode.c +@@ -146,8 +146,8 @@ AuthenticodeVerify ( + // + // Long Form of Length Encoding, only support two bytes. + // +- ContentSize = (UINTN) (*(SpcIndirectDataContent + 2)); +- ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3)); ++ ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2)); ++ ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 3)); + // + // Skip the SEQUENCE Tag; + // +-- +1.9.3 + diff --git a/SOURCES/0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch b/SOURCES/0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch new file mode 100644 index 0000000..9ebc9e2 --- /dev/null +++ b/SOURCES/0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch @@ -0,0 +1,30 @@ +From 14acaa4a3361403e06b284bf8e1e32ad9cec5457 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 27 Aug 2014 11:48:39 -0400 +Subject: [PATCH 51/74] Fix typo from Ard's old tree 32-bit ARM patch. + +We don't need to .data entries; the second one should be .data*. He's +since fixed this in his tree, but I'd already pulled it and pushed to +master. + +Signed-off-by: Peter Jones +--- + elf_arm_efi.lds | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/elf_arm_efi.lds b/elf_arm_efi.lds +index fd1075d..c5dc298 100644 +--- a/elf_arm_efi.lds ++++ b/elf_arm_efi.lds +@@ -19,7 +19,7 @@ SECTIONS + *(.sdata) + *(.data) + *(.data1) +- *(.data) ++ *(.data*) + *(.got.plt) + *(.got) + +-- +1.9.3 + diff --git a/SOURCES/0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch b/SOURCES/0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch new file mode 100644 index 0000000..d2038fb --- /dev/null +++ b/SOURCES/0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch @@ -0,0 +1,54 @@ +From 94c9a77f6504170a6bd38b0aa29039208987650e Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Wed, 13 Aug 2014 13:35:38 +0200 +Subject: [PATCH 52/74] Handle empty .reloc section in PE/COFF loader + +On archs where no EFI aware objcopy is available, the generated PE/COFF +header contains a .reloc section which is completely empty. Handle this by +- returning early from relocate_coff() with EFI_SUCCESS, +- ignoring discardable sections in the section loader. + +Signed-off-by: Ard Biesheuvel +--- + shim.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/shim.c b/shim.c +index ea8eba8..1329212 100644 +--- a/shim.c ++++ b/shim.c +@@ -145,6 +145,9 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + return EFI_UNSUPPORTED; + } + ++ if (!context->RelocDir->Size) ++ return EFI_SUCCESS; ++ + RelocBase = ImageAddress(data, size, context->RelocDir->VirtualAddress); + RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); + +@@ -996,7 +999,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + * Copy the executable's sections to their desired offsets + */ + Section = context.FirstSection; +- for (i = 0; i < context.NumberOfSections; i++) { ++ for (i = 0; i < context.NumberOfSections; i++, Section++) { ++ if (Section->Characteristics & 0x02000000) ++ /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */ ++ continue; ++ + size = Section->Misc.VirtualSize; + + if (size > Section->SizeOfRawData) +@@ -1021,8 +1028,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + + if (size < Section->Misc.VirtualSize) + ZeroMem (base + size, Section->Misc.VirtualSize - size); +- +- Section += 1; + } + + /* +-- +1.9.3 + diff --git a/SOURCES/0053-Don-t-name-something-exit.patch b/SOURCES/0053-Don-t-name-something-exit.patch new file mode 100644 index 0000000..d7dd5e5 --- /dev/null +++ b/SOURCES/0053-Don-t-name-something-exit.patch @@ -0,0 +1,37 @@ +From 32f10548cdf1919103654ab65601c8b15c3976a1 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 27 Aug 2014 13:26:23 -0400 +Subject: [PATCH 53/74] Don't name something exit(). + +On aarch64 due to some terrifying include chain we wind up with +Cryptlib's definition of exit here. I'm not a glutton for punishment, +so I'm just changing the name so it's not coliding. + +Signed-off-by: Peter Jones +--- + replacements.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/replacements.c b/replacements.c +index 5dfa355..f7623d9 100644 +--- a/replacements.c ++++ b/replacements.c +@@ -162,7 +162,7 @@ exit_boot_services(EFI_HANDLE image_key, UINTN map_key) + } + + static EFI_STATUS EFIAPI +-exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, ++do_exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, + UINTN ExitDataSize, CHAR16 *ExitData) + { + EFI_STATUS status; +@@ -206,5 +206,5 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab) + * bootloader and still e.g. start a new one or run an internal + * shell. */ + system_exit = systab->BootServices->Exit; +- systab->BootServices->Exit = exit; ++ systab->BootServices->Exit = do_exit; + } +-- +1.9.3 + diff --git a/SOURCES/0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch b/SOURCES/0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch new file mode 100644 index 0000000..c807b9c --- /dev/null +++ b/SOURCES/0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch @@ -0,0 +1,68 @@ +From fa2a35ce78b3dc4e9b29f47a9ebc675a97a9a7c7 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 27 Aug 2014 16:39:51 -0400 +Subject: [PATCH 54/74] Make sure we don't try to load a binary from a + different arch. + +Since in theory you could, for example, get an x86_64 binary signed that +also behaves as an ARM executable, we should be checking this before +people build on other architectures. + +Signed-off-by: Peter Jones +--- + include/PeImage.h | 1 + + shim.c | 19 +++++++++++++++++++ + 2 files changed, 20 insertions(+) + +diff --git a/include/PeImage.h b/include/PeImage.h +index ec13404..133e11e 100644 +--- a/include/PeImage.h ++++ b/include/PeImage.h +@@ -49,6 +49,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + #define IMAGE_FILE_MACHINE_EBC 0x0EBC + #define IMAGE_FILE_MACHINE_X64 0x8664 + #define IMAGE_FILE_MACHINE_ARMTHUMB_MIXED 0x01c2 ++#define IMAGE_FILE_MACHINE_ARM64 0xaa64 + + // + // EXE file formats +diff --git a/shim.c b/shim.c +index 1329212..1ec1e11 100644 +--- a/shim.c ++++ b/shim.c +@@ -947,6 +947,20 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + return EFI_SUCCESS; + } + ++static const UINT16 machine_type = ++#if defined(__x86_64__) ++ IMAGE_FILE_MACHINE_X64; ++#elif defined(__aarch64__) ++ IMAGE_FILE_MACHINE_ARM64; ++#elif defined(__arm__) ++ IMAGE_FILE_MACHINE_ARMTHUMB_MIXED; ++#elif defined(__i386__) || defined(__i486__) || defined(__i686__) ++ IMAGE_FILE_MACHINE_I386; ++#elif defined(__ia64__) ++ IMAGE_FILE_MACHINE_IA64; ++#else ++#error this architecture is not supported by shim ++#endif + + /* + * Once the image has been loaded it needs to be validated and relocated +@@ -971,6 +985,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + return efi_status; + } + ++ if (context.PEHdr->Pe32.FileHeader.Machine != machine_type) { ++ perror(L"Image is for a different architecture\n"); ++ return EFI_UNSUPPORTED; ++ } ++ + /* + * We only need to verify the binary if we're in secure mode + */ +-- +1.9.3 + diff --git a/SOURCES/0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch b/SOURCES/0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch new file mode 100644 index 0000000..82ec5df --- /dev/null +++ b/SOURCES/0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch @@ -0,0 +1,140 @@ +From a7249a65aff174d2a51d6a7bf77dbbf58744a170 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 18 Sep 2014 18:34:38 -0400 +Subject: [PATCH 55/74] Actually refer to the base relocation table of our + loaded image. + +Currently when we process base relocations, we get the correct Data +Directory pointer from the headers (context->RelocDir), and that header +has been copied into our pristine allocated image when we copied up to +SizeOfHeaders. But the data it points to has not been mirrored in to +the new image, so it is whatever data AllocPool() gave us. + +This patch changes relocate_coff() to refer to the base relocation table +from the image we loaded from disk, but apply the fixups to the new +copy. + +I have no idea how x86_64 worked without this, but I can't make aarch64 +work without it. I also don't know how Ard or Leif have seen aarch64 +work. Maybe they haven't? Leif indicated on irc that they may have +only tested shim with simple "hello world" applications from gnu-efi; +they are certainly much less complex than grub.efi, and are generated +through a different linking process. + +My only theory is that we're getting recycled data there pretty reliably +that just makes us /not/ process any relocations, but since our +ImageBase is 0, and I don't think we ever load grub with 0 as its base +virtual address, that doesn't follow. I'm open to any other ideas +anybody has. + +I do know that on x86_64 (and presumably aarch64 as well), we don't +actually start seeing *symptoms* of this bug until the first chunk[0] of +94c9a77f is applied[1]. Once that is applied, relocate_coff() starts +seeing zero[2] for both RelocBase->VirtualAddress and +RelocBase->SizeOfBlock, because RelocBase is a (generated, relative) +pointer that only makes sense in the context of the original binary, not +our partial copy. Since RelocBase->SizeOfBlock is tested first, +relocate_base() gives us "Reloc block size is invalid"[3] and returns +EFI_UNSUPPORTED. At that point shim exits with an error. + +[0] The second chunk of 94c9a77f patch makes no difference on this + issue. +[1] I don't see why at all. +[2] Which could really be any value since it's AllocatePool() and not + AllocateZeroPool() results, but 0 is all I've observed; I think + AllocatePool() has simply never recycled any memory in my test + cases. +[3] which is silent because perror() tries to avoid talking because that + has caused much crashing in the past; work needs to go in to 0.9 for + this. + +Signed-off-by: Peter Jones +--- + shim.c | 42 +++++++++++++++++++++--------------------- + 1 file changed, 21 insertions(+), 21 deletions(-) + +diff --git a/shim.c b/shim.c +index 1ec1e11..4b4d31a 100644 +--- a/shim.c ++++ b/shim.c +@@ -122,7 +122,7 @@ static void *ImageAddress (void *image, unsigned int size, unsigned int address) + * Perform the actual relocation + */ + static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, +- void *data) ++ void *orig, void *data) + { + EFI_IMAGE_BASE_RELOCATION *RelocBase, *RelocBaseEnd; + UINT64 Adjust; +@@ -132,7 +132,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + UINT32 *Fixup32; + UINT64 *Fixup64; + int size = context->ImageSize; +- void *ImageEnd = (char *)data + size; ++ void *ImageEnd = (char *)orig + size; + + #if __LP64__ + context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data; +@@ -140,16 +140,8 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)data; + #endif + +- if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { +- perror(L"Image has no relocation entry\n"); +- return EFI_UNSUPPORTED; +- } +- +- if (!context->RelocDir->Size) +- return EFI_SUCCESS; +- +- RelocBase = ImageAddress(data, size, context->RelocDir->VirtualAddress); +- RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); ++ RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress); ++ RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); + + if (!RelocBase || !RelocBaseEnd) { + perror(L"Reloc table overflows binary\n"); +@@ -170,7 +162,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + } + + RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock); +- if ((void *)RelocEnd < data || (void *)RelocEnd > ImageEnd) { ++ if ((void *)RelocEnd < orig || (void *)RelocEnd > ImageEnd) { + perror(L"Reloc entry overflows binary\n"); + return EFI_UNSUPPORTED; + } +@@ -1049,15 +1041,23 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + ZeroMem (base + size, Section->Misc.VirtualSize - size); + } + +- /* +- * Run the relocation fixups +- */ +- efi_status = relocate_coff(&context, buffer); +- +- if (efi_status != EFI_SUCCESS) { +- perror(L"Relocation failed: %r\n", efi_status); ++ if (context.NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { ++ perror(L"Image has no relocation entry\n"); + FreePool(buffer); +- return efi_status; ++ return EFI_UNSUPPORTED; ++ } ++ ++ if (context.RelocDir->Size) { ++ /* ++ * Run the relocation fixups ++ */ ++ efi_status = relocate_coff(&context, data, buffer); ++ ++ if (efi_status != EFI_SUCCESS) { ++ perror(L"Relocation failed: %r\n", efi_status); ++ FreePool(buffer); ++ return efi_status; ++ } + } + + entry_point = ImageAddress(buffer, context.ImageSize, context.EntryPoint); +-- +1.9.3 + diff --git a/SOURCES/0056-Make-64-on-32-maybe-work-on-x86_64.patch b/SOURCES/0056-Make-64-on-32-maybe-work-on-x86_64.patch new file mode 100644 index 0000000..97ad998 --- /dev/null +++ b/SOURCES/0056-Make-64-on-32-maybe-work-on-x86_64.patch @@ -0,0 +1,331 @@ +From 750584c207757688cbab47f51a18a33c3e36fb8b Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Sep 2014 11:37:35 -0400 +Subject: [PATCH 56/74] Make 64-on-32 maybe work on x86_64. + +This is mostly based on a patch (https://github.com/mjg59/shim/issues/30) +from https://github.com/TBOpen , which refactors our __LP64__ +tests to be tests of the header magic instead. I've simplified things +by using what we've pre-loaded into "context" and making some helper +functions so the conditionals in most of the code say what they do, +instead of how they work. + +Note that we're only allowing that from in_protocol's loader - that is, +we'll let 64-bit grub load a 32-bit kernel or 32-bit grub load a 64-bit +kernel, but 32-bit shim isn't loading a 64-bit grub. + +Signed-off-by: Peter Jones +--- + shim.c | 220 ++++++++++++++++++++++++++++++++++++++++++++--------------------- + 1 file changed, 148 insertions(+), 72 deletions(-) + +diff --git a/shim.c b/shim.c +index 4b4d31a..c1b5c17 100644 +--- a/shim.c ++++ b/shim.c +@@ -118,6 +118,106 @@ static void *ImageAddress (void *image, unsigned int size, unsigned int address) + return image + address; + } + ++/* here's a chart: ++ * i686 x86_64 aarch64 ++ * 64-on-64: nyet yes yes ++ * 64-on-32: nyet yes nyet ++ * 32-on-32: yes yes no ++ */ ++static int ++allow_64_bit(void) ++{ ++#if defined(__x86_64__) || defined(__aarch64__) ++ return 1; ++#elif defined(__i386__) || defined(__i686__) ++ /* Right now blindly assuming the kernel will correctly detect this ++ * and /halt the system/ if you're not really on a 64-bit cpu */ ++ if (in_protocol) ++ return 1; ++ return 0; ++#else /* assuming everything else is 32-bit... */ ++ return 0; ++#endif ++} ++ ++static int ++allow_32_bit(void) ++{ ++#if defined(__x86_64__) ++#if defined(ALLOW_32BIT_KERNEL_ON_X64) ++ if (in_protocol) ++ return 1; ++ return 0; ++#else ++ return 0; ++#endif ++#elif defined(__i386__) || defined(__i686__) ++ return 1; ++#elif defined(__arch64__) ++ return 0; ++#else /* assuming everything else is 32-bit... */ ++ return 1; ++#endif ++} ++ ++static int ++image_is_64_bit(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr) ++{ ++ /* .Magic is the same offset in all cases */ ++ if (PEHdr->Pe32Plus.OptionalHeader.Magic ++ == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) ++ return 1; ++ return 0; ++} ++ ++static const UINT16 machine_type = ++#if defined(__x86_64__) ++ IMAGE_FILE_MACHINE_X64; ++#elif defined(__aarch64__) ++ IMAGE_FILE_MACHINE_ARM64; ++#elif defined(__arm__) ++ IMAGE_FILE_MACHINE_ARMTHUMB_MIXED; ++#elif defined(__i386__) || defined(__i486__) || defined(__i686__) ++ IMAGE_FILE_MACHINE_I386; ++#elif defined(__ia64__) ++ IMAGE_FILE_MACHINE_IA64; ++#else ++#error this architecture is not supported by shim ++#endif ++ ++static int ++image_is_loadable(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr) ++{ ++ /* If the machine type doesn't match the binary, bail, unless ++ * we're in an allowed 64-on-32 scenario */ ++ if (PEHdr->Pe32.FileHeader.Machine != machine_type) { ++ if (!(machine_type == IMAGE_FILE_MACHINE_I386 && ++ PEHdr->Pe32.FileHeader.Machine == IMAGE_FILE_MACHINE_X64 && ++ allow_64_bit())) { ++ return 0; ++ } ++ } ++ ++ /* If it's not a header type we recognize at all, bail */ ++ switch (PEHdr->Pe32Plus.OptionalHeader.Magic) { ++ case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC: ++ case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC: ++ break; ++ default: ++ return 0; ++ } ++ ++ /* and now just check for general 64-vs-32 compatibility */ ++ if (image_is_64_bit(PEHdr)) { ++ if (allow_64_bit()) ++ return 1; ++ } else { ++ if (allow_32_bit()) ++ return 1; ++ } ++ return 0; ++} ++ + /* + * Perform the actual relocation + */ +@@ -134,11 +234,10 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + int size = context->ImageSize; + void *ImageEnd = (char *)orig + size; + +-#if __LP64__ +- context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data; +-#else +- context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)data; +-#endif ++ if (image_is_64_bit(context->PEHdr)) ++ context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)(unsigned long)data; ++ else ++ context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)(unsigned long)data; + + RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress); + RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); +@@ -157,7 +256,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION)); + + if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) { +- perror(L"Reloc block size is invalid\n"); ++ perror(L"Reloc block size %d is invalid\n", RelocBase->SizeOfBlock); + return EFI_UNSUPPORTED; + } + +@@ -498,7 +597,7 @@ static BOOLEAN secure_mode (void) + * Calculate the SHA1 and SHA256 hashes of a binary + */ + +-static EFI_STATUS generate_hash (char *data, int datasize_in, ++static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, + PE_COFF_LOADER_IMAGE_CONTEXT *context, + UINT8 *sha256hash, UINT8 *sha1hash) + +@@ -572,15 +671,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + } + + /* Hash end of certificate table to end of image header */ +-#if __LP64__ +- hashbase = (char *) &context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; +- hashsize = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders - +- (int) ((char *) (&context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data); +-#else +- hashbase = (char *) &context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; +- hashsize = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders - +- (int) ((char *) (&context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data); +-#endif ++ EFI_IMAGE_DATA_DIRECTORY *dd = context->SecDir + 1; ++ hashbase = (char *)dd; ++ hashsize = context->SizeOfHeaders - (unsigned long)((char *)dd - data); ++ if (hashsize > datasize_in) { ++ perror(L"Data Directory size %d is invalid\n", hashsize); ++ status = EFI_INVALID_PARAMETER; ++ goto done; ++ } + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +@@ -590,11 +688,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + } + + /* Sort sections */ +-#if __LP64__ +- SumOfBytesHashed = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; +-#else +- SumOfBytesHashed = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders; +-#endif ++ SumOfBytesHashed = context->SizeOfHeaders; + + /* Validate section locations and sizes */ + for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) { +@@ -682,14 +776,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, + /* Hash all remaining data */ + if (datasize > SumOfBytesHashed) { + hashbase = data + SumOfBytesHashed; +- hashsize = (unsigned int)( +- datasize - +-#if __LP64__ +- context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - +-#else +- context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - +-#endif +- SumOfBytesHashed); ++ hashsize = datasize - context->SecDir->Size - SumOfBytesHashed; + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +@@ -843,24 +930,31 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr = data; + unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize; + +- if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) { ++ if (datasize < sizeof (PEHdr->Pe32)) { + perror(L"Invalid image\n"); + return EFI_UNSUPPORTED; + } + + if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) + PEHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)((char *)data + DosHdr->e_lfanew); +-#if __LP64__ +- context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; +- context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; +- context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; +- OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64); +-#else +- context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes; +- context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders; +- context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage; +- OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32); +-#endif ++ ++ if (!image_is_loadable(PEHdr)) { ++ perror(L"Platform does not support this image\n"); ++ return EFI_UNSUPPORTED; ++ } ++ ++ if (image_is_64_bit(PEHdr)) { ++ context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; ++ context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; ++ context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; ++ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64); ++ } else { ++ context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes; ++ context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders; ++ context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage; ++ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32); ++ } ++ + context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; + + if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) { +@@ -908,17 +1002,19 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + } + + context->PEHdr = PEHdr; +-#if __LP64__ +- context->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase; +- context->EntryPoint = PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint; +- context->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; +- context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; +-#else +- context->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase; +- context->EntryPoint = PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint; +- context->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; +- context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; +-#endif ++ ++ if (image_is_64_bit(PEHdr)) { ++ context->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase; ++ context->EntryPoint = PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint; ++ context->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; ++ context->SecDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; ++ } else { ++ context->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase; ++ context->EntryPoint = PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint; ++ context->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; ++ context->SecDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; ++ } ++ + context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER)); + + if (context->ImageSize < context->SizeOfHeaders) { +@@ -939,21 +1035,6 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + return EFI_SUCCESS; + } + +-static const UINT16 machine_type = +-#if defined(__x86_64__) +- IMAGE_FILE_MACHINE_X64; +-#elif defined(__aarch64__) +- IMAGE_FILE_MACHINE_ARM64; +-#elif defined(__arm__) +- IMAGE_FILE_MACHINE_ARMTHUMB_MIXED; +-#elif defined(__i386__) || defined(__i486__) || defined(__i686__) +- IMAGE_FILE_MACHINE_I386; +-#elif defined(__ia64__) +- IMAGE_FILE_MACHINE_IA64; +-#else +-#error this architecture is not supported by shim +-#endif +- + /* + * Once the image has been loaded it needs to be validated and relocated + */ +@@ -977,11 +1058,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + return efi_status; + } + +- if (context.PEHdr->Pe32.FileHeader.Machine != machine_type) { +- perror(L"Image is for a different architecture\n"); +- return EFI_UNSUPPORTED; +- } +- + /* + * We only need to verify the binary if we're in secure mode + */ +-- +1.9.3 + diff --git a/SOURCES/0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch b/SOURCES/0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch new file mode 100644 index 0000000..1ad40eb --- /dev/null +++ b/SOURCES/0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch @@ -0,0 +1,84 @@ +From f04d50b74770f5c7f7e0a1c3c24b7713fbec0802 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sat, 20 Sep 2014 16:47:08 -0400 +Subject: [PATCH 57/74] Validate computed hash bases/hash sizes more + thoroughly. + +I screwed one of these up when working on 750584c, and it's a real pain +to figure out, so that means we should be validating them. + +Signed-off-by: Peter Jones +--- + shim.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/shim.c b/shim.c +index c1b5c17..cfa90d1 100644 +--- a/shim.c ++++ b/shim.c +@@ -593,6 +593,22 @@ static BOOLEAN secure_mode (void) + return TRUE; + } + ++#define check_size_line(data, datasize_in, hashbase, hashsize, l) ({ \ ++ if ((unsigned long)hashbase > \ ++ (unsigned long)data + datasize_in) { \ ++ perror(L"shim.c:%d Invalid hash base 0x%016x\n", l, \ ++ hashbase); \ ++ goto done; \ ++ } \ ++ if ((unsigned long)hashbase + hashsize > \ ++ (unsigned long)data + datasize_in) { \ ++ perror(L"shim.c:%d Invalid hash size 0x%016x\n", l, \ ++ hashsize); \ ++ goto done; \ ++ } \ ++}) ++#define check_size(d,ds,h,hs) check_size_line(d,ds,h,hs,__LINE__) ++ + /* + * Calculate the SHA1 and SHA256 hashes of a binary + */ +@@ -650,6 +666,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, + hashbase = data; + hashsize = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum - + hashbase; ++ check_size(data, datasize_in, hashbase, hashsize); + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +@@ -662,6 +679,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, + hashbase = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum + + sizeof (int); + hashsize = (char *)context->SecDir - hashbase; ++ check_size(data, datasize_in, hashbase, hashsize); + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +@@ -679,6 +697,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, + status = EFI_INVALID_PARAMETER; + goto done; + } ++ check_size(data, datasize_in, hashbase, hashsize); + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +@@ -763,6 +782,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, + goto done; + } + hashsize = (unsigned int) Section->SizeOfRawData; ++ check_size(data, datasize_in, hashbase, hashsize); + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +@@ -777,6 +797,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, + if (datasize > SumOfBytesHashed) { + hashbase = data + SumOfBytesHashed; + hashsize = datasize - context->SecDir->Size - SumOfBytesHashed; ++ check_size(data, datasize_in, hashbase, hashsize); + + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || + !(Sha1Update(sha1ctx, hashbase, hashsize))) { +-- +1.9.3 + diff --git a/SOURCES/0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch b/SOURCES/0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch new file mode 100644 index 0000000..8b1f939 --- /dev/null +++ b/SOURCES/0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch @@ -0,0 +1,47 @@ +From 3d1cdbc4e3815dd8e489b8a9c95e945b67d3a045 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Sep 2014 11:48:56 -0400 +Subject: [PATCH 58/74] Don't call AuthenticodeVerify if vendor_cert_size is 0. + +Actually check the size of our vendor cert quite early, so that there's +no confusion as to what's going on. + +This isn't strictly necessary, in that in all cases if vendor_cert_size +is 0, then AuthenticodeVerify -> Pkcs7Verify() -> d2i_X509() will result +in a NULL "Cert", and it will return FALSE, and we'll reject the +signature, but better to avoid all that code in the first place. Belt +and suspenders and whatnot. + +Based on a patch from https://github.com/TBOpen . + +Signed-off-by: Peter Jones +--- + shim.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/shim.c b/shim.c +index cfa90d1..caa05d8 100644 +--- a/shim.c ++++ b/shim.c +@@ -923,14 +923,13 @@ static EFI_STATUS verify_buffer (char *data, int datasize, + return status; + } + +- + /* + * And finally, check against shim's built-in key + */ +- if (AuthenticodeVerify(cert->CertData, +- context->SecDir->Size - sizeof(cert->Hdr), +- vendor_cert, vendor_cert_size, sha256hash, +- SHA256_DIGEST_SIZE)) { ++ if (vendor_cert_size && AuthenticodeVerify(cert->CertData, ++ context->SecDir->Size - sizeof(cert->Hdr), ++ vendor_cert, vendor_cert_size, sha256hash, ++ SHA256_DIGEST_SIZE)) { + status = EFI_SUCCESS; + return status; + } +-- +1.9.3 + diff --git a/SOURCES/0059-Fix-our-in_protocol-printing.patch b/SOURCES/0059-Fix-our-in_protocol-printing.patch new file mode 100644 index 0000000..6895765 --- /dev/null +++ b/SOURCES/0059-Fix-our-in_protocol-printing.patch @@ -0,0 +1,30 @@ +From eb72a4c3a1be9a10512886d2c95f9c015b77e15f Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Sep 2014 16:46:01 -0400 +Subject: [PATCH 59/74] Fix our "in_protocol" printing. + +When I merged 4bfb13d and fixed the conflicts, I managed to make the +in_protocol test exactly backwards, so that's why we don't currently see +error messages. + +Signed-off-by: Peter Jones +--- + shim.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/shim.c b/shim.c +index caa05d8..7cd4182 100644 +--- a/shim.c ++++ b/shim.c +@@ -63,7 +63,7 @@ static UINT8 in_protocol; + + #define perror(fmt, ...) ({ \ + UINTN __perror_ret = 0; \ +- if (in_protocol) \ ++ if (!in_protocol) \ + __perror_ret = Print((fmt), ##__VA_ARGS__); \ + __perror_ret; \ + }) +-- +1.9.3 + diff --git a/SOURCES/0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch b/SOURCES/0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch new file mode 100644 index 0000000..cef43e7 --- /dev/null +++ b/SOURCES/0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch @@ -0,0 +1,417 @@ +From 0e7ba5947eb38b79de2051ecf3b95055e620475c Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sat, 20 Sep 2014 14:03:03 -0400 +Subject: [PATCH 60/74] Generate a sane PE header on shim, fallback, and + MokManager. + +It turns out a7249a65 was masking a second problem - on some binaries, +when we actually don't have any base relocations at all, binutils' +"objcopy --target efi-app-x86_64" is generating a PE header with a base +relocations pointer that happily points into the middle of our text +section. So with shim processing base relocations correctly, it refuses +to load those binaries. + +For example, on one binary I just built: + +00000130 00 a0 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 |................| + +which says there's a Base Relocation Table at 0xa000 that's 0xa bytes long. +That's here: + +0000a000 58 00 29 00 00 00 00 00 48 00 44 00 28 00 50 00 |X.).....H.D.(.P.| +0000a010 61 00 72 00 74 00 25 00 64 00 2c 00 53 00 69 00 |a.r.t.%.d.,.S.i.| +0000a020 67 00 25 00 67 00 29 00 00 00 00 00 00 00 00 00 |g.%.g.).........| +0000a030 48 00 44 00 28 00 50 00 61 00 72 00 74 00 25 00 |H.D.(.P.a.r.t.%.| + +So the table is: + +0000a000 58 00 29 00 00 00 00 00 48 00 |X.).....H. | + +That wouldn't be so bad, except those binaries are MokManager.efi, +fallback.efi, and shim.efi, and sometimes they're .reloc, which we're +actually trying to handle correctly now because grub builds with a real +and valid .reloc table. So though I didn't think there was any hair +left on this yak, more shaving ensues. + +With this change, instead of letting objcopy do whatever it likes, we +switch to "-O binary" and merely link in a header that's appropriate for +our binaries. This is the same method Ard wrote for aarch64, and it +seems to work fine in either place (modulo some minor changes.) + +At some point this should be merged into gnu-efi instead of carrying our +own crt0-efi-x86_64.S, but that's a less immediate problem. + +I did not need this problem. + +Signed-off-by: Peter Jones +--- + Makefile | 24 ++++++-- + crt0-efi-x86_64.S | 177 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + elf_x86_64_efi.lds | 85 +++++++++++++------------ + 3 files changed, 236 insertions(+), 50 deletions(-) + create mode 100644 crt0-efi-x86_64.S + +diff --git a/Makefile b/Makefile +index 5bc513c..d5fd55b 100644 +--- a/Makefile ++++ b/Makefile +@@ -15,7 +15,10 @@ EFI_PATH := /usr/lib64/gnuefi + LIB_GCC = $(shell $(CC) -print-libgcc-file-name) + EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) + +-EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o ++ifeq ($(ARCH),x86_64) ++EFI_CRT_OBJS := crt0-efi-$(ARCH).o ++endif ++EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o + EFI_LDS = elf_$(ARCH)_efi.lds + + DEFAULT_LOADER := \\\\grub.efi +@@ -52,11 +55,11 @@ ifneq ($(origin VENDOR_DBX_FILE), undefined) + CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" + endif + +-LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) ++LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL + + VERSION = 0.7 + +-TARGET = shim.efi MokManager.efi.signed fallback.efi.signed ++TARGET += shim.efi MokManager.efi.signed fallback.efi.signed + OBJS = shim.o netboot.o cert.o replacements.o version.o + KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer + SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h +@@ -94,17 +97,17 @@ shim.o: $(SOURCES) shim_cert.h + cert.o : cert.S + $(CC) $(CFLAGS) -c -o $@ $< + +-shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a ++shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) + + fallback.o: $(FALLBACK_SRCS) + +-fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a ++fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) + + MokManager.o: $(MOK_SOURCES) + +-MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a ++MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a + + Cryptlib/libcryptlib.a: +@@ -128,8 +131,17 @@ SUBSYSTEM := 0xa + LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) + endif + ++ifeq ($(ARCH),x86_64) ++FORMAT := -O binary ++SUBSYSTEM := 0xa ++LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) ++endif ++ + FORMAT ?= --target efi-app-$(ARCH) + ++crt0-efi-x86_64.o : crt0-efi-x86_64.S ++ $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $< ++ + %.efi: %.so + $(OBJCOPY) -j .text -j .sdata -j .data \ + -j .dynamic -j .dynsym -j .rel* \ +diff --git a/crt0-efi-x86_64.S b/crt0-efi-x86_64.S +new file mode 100644 +index 0000000..f334a63 +--- /dev/null ++++ b/crt0-efi-x86_64.S +@@ -0,0 +1,177 @@ ++/* crt0-efi-x86_64.S - x86_64 EFI startup code. ++ * ++ * Copyright 2014 Red Hat, Inc. ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the ++ * distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS ++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE ++ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ .section .text.head ++ ++ /* ++ * Magic "MZ" signature for PE/COFF ++ */ ++ .globl ImageBase ++ImageBase: ++ .ascii "MZ" ++ .skip 58 // 'MZ' + pad + offset == 64 ++ .long pe_header - ImageBase // Offset to the PE header. ++ .long 0x0eba1f0e /* terrifying code */ ++ .long 0xcd09b400 /* terrifying code */ ++ .long 0x4c01b821 /* terrifying code */ ++ .short 0x21cd /* terrfiying code */ ++ .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ ++ .skip 9 ++pe_header: ++ .ascii "PE" ++ .short 0 ++coff_header: ++ .short 0x8664 // x86_64 ++ .short 1 // nr_sections ++ .long 0 // TimeDateStamp ++ .long 0 // PointerToSymbolTable ++ .long 0 // NumberOfSymbols ++ .short section_table - optional_header // SizeOfOptionalHeader ++ .short 0x206 // Characteristics. ++ // IMAGE_FILE_DEBUG_STRIPPED | ++ // IMAGE_FILE_EXECUTABLE_IMAGE | ++ // IMAGE_FILE_LINE_NUMS_STRIPPED ++optional_header: ++ .short 0x20b // PE32+ format ++ .byte 0x02 // MajorLinkerVersion ++ .byte 0x18 // MinorLinkerVersion ++ .long _edata - _start // SizeOfCode ++ .long 0 // SizeOfInitializedData ++ .long 0 // SizeOfUninitializedData ++ .long _start - ImageBase // AddressOfEntryPoint ++ .long _start - ImageBase // BaseOfCode ++ ++extra_header_fields: ++ .quad 0 // ImageBase ++ .long 0x20 // SectionAlignment ++ .long 0x8 // FileAlignment ++ .short 0 // MajorOperatingSystemVersion ++ .short 0 // MinorOperatingSystemVersion ++ .short 0 // MajorImageVersion ++ .short 0 // MinorImageVersion ++ .short 0 // MajorSubsystemVersion ++ .short 0 // MinorSubsystemVersion ++ .long 0 // Win32VersionValue ++ ++ .long _edata - ImageBase // SizeOfImage ++ ++ // Everything before the kernel image is considered part of the header ++ .long _start - ImageBase // SizeOfHeaders ++ .long 0 // CheckSum ++ .short EFI_SUBSYSTEM // Subsystem ++ .short 0 // DllCharacteristics ++ .quad 0 // SizeOfStackReserve ++ .quad 0 // SizeOfStackCommit ++ .quad 0 // SizeOfHeapReserve ++ .quad 0 // SizeOfHeapCommit ++ .long 0 // LoaderFlags ++ .long 0x10 // NumberOfRvaAndSizes ++ ++ .quad 0 // ExportTable ++ .quad 0 // ImportTable ++ .quad 0 // ResourceTable ++ .quad 0 // ExceptionTable ++ .quad 0 // CertificationTable ++ .quad 0 // BaseRelocationTable ++ .quad 0 // DebugTable ++ .quad 0 // ArchTable ++ .quad 0 // GlobalPointerTable ++ .quad 0 // .tls ++ .quad 0 // LoadConfigTable ++ .quad 0 // BoundImportsTable ++ .quad 0 // ImportAddressTable ++ .quad 0 // DelayLoadImportTable ++ .quad 0 // ClrRuntimeHeader (.cor) ++ .quad 0 // Reserved ++ ++ // Section table ++section_table: ++ .ascii ".text" ++ .byte 0 ++ .byte 0 ++ .byte 0 // end of 0 padding of section name ++ ++ .long _edata - _start // VirtualSize ++ .long _start - ImageBase // VirtualAddress ++ .long _edata - _start // SizeOfRawData ++ .long _start - ImageBase // PointerToRawData ++ .long 0 // PointerToRelocations (0 for executables) ++ .long 0 // PointerToLineNumbers (0 for executables) ++ .short 0 // NumberOfRelocations (0 for executables) ++ .short 0 // NumberOfLineNumbers (0 for executables) ++ .long 0x60500020 // Characteristics (section flags) ++ ++ /* ++ * The EFI application loader requires a relocation section ++ * because EFI applications must be relocatable. This is a ++ * dummy section as far as we are concerned. ++ */ ++ .ascii ".reloc" ++ .byte 0 ++ .byte 0 // end of 0 padding of section name ++ ++ .long 0 // VirtualSize ++ .long 0 // VirtualAddress ++ .long 0 // SizeOfRawData ++ .long 0 // PointerToRawData ++ .long 0 // PointerToRelocations ++ .long 0 // PointerToLineNumbers ++ .short 0 // NumberOfRelocations ++ .short 0 // NumberOfLineNumbers ++ .long 0x42100040 // Characteristics (section flags) ++ ++ /* x86-64 needs this padding here; without it, some machines simply ++ * refuse to admit this is an EFI binary. I'm not really sure why; ++ * reading the spec, it's unclear, but you'd expect it would need to ++ * be aligned to (1 << FileAlignment), which would mean not having ++ * the spacing. ++ */ ++ .quad 0 ++_start: ++ subq $8, %rsp ++ pushq %rcx ++ pushq %rdx ++ ++0: ++ lea ImageBase(%rip), %rdi ++ lea _DYNAMIC(%rip), %rsi ++ ++ popq %rcx ++ popq %rdx ++ pushq %rcx ++ pushq %rdx ++ call _relocate ++ ++ popq %rdi ++ popq %rsi ++ ++ call efi_main ++ addq $8, %rsp ++ ++.exit: ++ ret +diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds +index f981102..091187b 100644 +--- a/elf_x86_64_efi.lds ++++ b/elf_x86_64_efi.lds +@@ -4,63 +4,60 @@ OUTPUT_ARCH(i386:x86-64) + ENTRY(_start) + SECTIONS + { +- . = 0; +- ImageBase = .; +- .hash : { *(.hash) } /* this MUST come first! */ +- . = ALIGN(4096); +- .eh_frame : +- { +- *(.eh_frame) +- } +- . = ALIGN(4096); +- .text : +- { +- *(.text) +- } +- . = ALIGN(4096); +- .reloc : +- { +- *(.reloc) ++ .text 0x0 : { ++ *(.text.head) ++ *(.text) ++ *(.text.*) ++ *(.gnu.linkonce.t.*) ++ *(.srodata) ++ *(.rodata*) ++ . = ALIGN(16); ++ _etext = .; + } +- . = ALIGN(4096); ++ .dynamic : { *(.dynamic) } + .data : + { +- *(.rodata*) +- *(.got.plt) +- *(.got) +- *(.data*) +- *(.sdata) +- /* the EFI loader doesn't seem to like a .bss section, so we stick +- it all into .data: */ +- *(.sbss) +- *(.scommon) +- *(.dynbss) +- *(.bss) +- *(COMMON) +- *(.rel.local) ++ *(.sdata) ++ *(.data) ++ *(.data1) ++ *(.data.*) ++ *(.got.plt) ++ *(.got) ++ ++ /* the EFI loader doesn't seem to like a .bss section, so we stick ++ * it all into .data: */ ++ . = ALIGN(16); ++ _bss = .; ++ *(.sbss) ++ *(.scommon) ++ *(.dynbss) ++ *(.bss) ++ *(COMMON) ++ . = ALIGN(16); ++ _bss_end = .; + } + . = ALIGN(4096); + .vendor_cert : + { +- *(.vendor_cert) ++ *(.vendor_cert) + } ++ + . = ALIGN(4096); +- .dynamic : { *(.dynamic) } +- . = ALIGN(4096); +- .rela : +- { +- *(.rela.data*) +- *(.rela.got) +- *(.rela.stab) +- } ++ .rela.dyn : { *(.rela.dyn) } ++ .rela.plt : { *(.rela.plt) } ++ .rela.got : { *(.rela.got) } ++ .rela.data : { *(.rela.data) *(.rela.data*) } ++ _edata = .; ++ _data_size = . - _etext; ++ + . = ALIGN(4096); +- .dynsym : { *(.dynsym) } ++ .dynsym : { *(.dynsym) } + . = ALIGN(4096); +- .dynstr : { *(.dynstr) } ++ .dynstr : { *(.dynstr) } + . = ALIGN(4096); +- .ignored.reloc : ++ /DISCARD/ : + { +- *(.rela.reloc) ++ *(.rel.reloc) + *(.eh_frame) + *(.note.GNU-stack) + } +-- +1.9.3 + diff --git a/SOURCES/0061-Do-the-same-for-ia32.patch b/SOURCES/0061-Do-the-same-for-ia32.patch new file mode 100644 index 0000000..575a312 --- /dev/null +++ b/SOURCES/0061-Do-the-same-for-ia32.patch @@ -0,0 +1,383 @@ +From 6744a7ef8eca44948565c3d1244ec931ed3f6fee Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 21 Sep 2014 13:11:11 -0400 +Subject: [PATCH 61/74] Do the same for ia32... + +Once again, on ia32 this time, we see: + +00000120 47 84 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 |G...............| + +Which is where the pointer on ia32 for the Base Relocation Table should +be. It points to 0x8447, which isn't a particularly reasonable address as +numbers go, and happens to have this data there: + +00008440 6f 00 6e 00 66 00 69 00 67 00 75 00 72 00 65 00 |o.n.f.i.g.u.r.e.| +00008450 00 00 49 00 50 00 76 00 36 00 28 00 00 00 2c 00 |..I.P.v.6.(...,.| +00008460 25 00 73 00 2c 00 00 00 29 00 00 00 25 00 64 00 |%.s.,...)...%.d.| +00008470 2e 00 25 00 64 00 2e 00 25 00 64 00 2e 00 25 00 |..%.d...%.d...%.| +00008480 64 00 00 00 44 00 48 00 43 00 50 00 00 00 49 00 |d...D.H.C.P...I.| +00008490 50 00 76 00 34 00 28 00 00 00 2c 00 25 00 73 00 |P.v.4.(...,.%.s.| + +And so that table is, in theory, this part: + +00008447 00 67 00 75 00 72 00 65 00 | .g.u.r.e.| +00008450 00 |. | + +Which is pretty clearly not a pointer table of any kind. + +So give ia32 the same treatment as x86_64, and now all arches work basically +the same. + +Signed-off-by: Peter Jones +--- + Makefile | 22 +++++-- + crt0-efi-ia32.S | 180 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + elf_ia32_efi.lds | 83 ++++++++++++------------- + 3 files changed, 236 insertions(+), 49 deletions(-) + create mode 100644 crt0-efi-ia32.S + +diff --git a/Makefile b/Makefile +index d5fd55b..a52984f 100644 +--- a/Makefile ++++ b/Makefile +@@ -6,19 +6,25 @@ ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) + + SUBDIRS = Cryptlib lib + +-LIB_PATH = /usr/lib64 +- + EFI_INCLUDE := /usr/include/efi + EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude +-EFI_PATH := /usr/lib64/gnuefi ++ifeq ($(ARCH),ia32) ++LIB_PATH := /usr/lib ++EFI_PATH := /usr/lib/gnuefi ++endif ++LIB_PATH ?= /usr/lib64 ++EFI_PATH ?= /usr/lib64/gnuefi + + LIB_GCC = $(shell $(CC) -print-libgcc-file-name) + EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) + + ifeq ($(ARCH),x86_64) + EFI_CRT_OBJS := crt0-efi-$(ARCH).o +-endif ++else ifeq ($(ARCH),ia32) ++EFI_CRT_OBJS := crt0-efi-$(ARCH).o ++else + EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o ++endif + EFI_LDS = elf_$(ARCH)_efi.lds + + DEFAULT_LOADER := \\\\grub.efi +@@ -137,9 +143,15 @@ SUBSYSTEM := 0xa + LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) + endif + ++ifeq ($(ARCH),ia32) ++FORMAT := -O binary ++SUBSYSTEM := 0xa ++LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) ++endif ++ + FORMAT ?= --target efi-app-$(ARCH) + +-crt0-efi-x86_64.o : crt0-efi-x86_64.S ++crt0-efi-$(ARCH).o : crt0-efi-$(ARCH).S + $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $< + + %.efi: %.so +diff --git a/crt0-efi-ia32.S b/crt0-efi-ia32.S +new file mode 100644 +index 0000000..70b5b44 +--- /dev/null ++++ b/crt0-efi-ia32.S +@@ -0,0 +1,180 @@ ++/* crt0-efi-x86_64.S - x86_64 EFI startup code. ++ * ++ * Copyright 2014 Red Hat, Inc. ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the ++ * distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS ++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE ++ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ .section .text.head ++ ++ /* ++ * Magic "MZ" signature for PE/COFF ++ */ ++ .globl ImageBase ++ImageBase: ++ .ascii "MZ" ++ .skip 58 // 'MZ' + pad + offset == 64 ++ .long pe_header - ImageBase // Offset to the PE header. ++ .long 0x0eba1f0e /* terrifying code */ ++ .long 0xcd09b400 /* terrifying code */ ++ .long 0x4c01b821 /* terrifying code */ ++ .short 0x21cd /* terrfiying code */ ++ .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ ++ .skip 9 ++pe_header: ++ .ascii "PE" ++ .short 0 ++coff_header: ++ .short 0x014c // i386 ++ .short 1 // nr_sections ++ .long 0 // TimeDateStamp ++ .long 0 // PointerToSymbolTable ++ .long 0 // NumberOfSymbols ++ .short section_table - optional_header // SizeOfOptionalHeader ++ .short 0x306 // Characteristics. ++ // IMAGE_FILE_DEBUG_STRIPPED | ++ // IMAGE_FILE_EXECUTABLE_IMAGE | ++ // IMAGE_FILE_LINE_NUMS_STRIPPED ++ // | IMAGE_FILE_32BIT_MACHINE ++optional_header: ++ .short 0x10b // PE32+ format ++ .byte 0x02 // MajorLinkerVersion ++ .byte 0x18 // MinorLinkerVersion ++ .long _edata - _start // SizeOfCode ++ .long 0 // SizeOfInitializedData ++ .long 0 // SizeOfUninitializedData ++ .long _start - ImageBase // AddressOfEntryPoint ++ .long _start - ImageBase // BaseOfCode ++ .long 0 // BaseOfData ++ ++extra_header_fields: ++ .long 0 // ImageBase ++ .long 0x20 // SectionAlignment ++ .long 0x8 // FileAlignment ++ .short 0 // MajorOperatingSystemVersion ++ .short 0 // MinorOperatingSystemVersion ++ .short 0 // MajorImageVersion ++ .short 0 // MinorImageVersion ++ .short 0 // MajorSubsystemVersion ++ .short 0 // MinorSubsystemVersion ++ .long 0 // Win32VersionValue ++ ++ .long _edata - ImageBase // SizeOfImage ++ ++ // Everything before the kernel image is considered part of the header ++ .long _start - ImageBase // SizeOfHeaders ++ .long 0 // CheckSum ++ .short EFI_SUBSYSTEM // Subsystem ++ .short 0 // DllCharacteristics ++ .long 0 // SizeOfStackReserve ++ .long 0 // SizeOfStackCommit ++ .long 0 // SizeOfHeapReserve ++ .long 0 // SizeOfHeapCommit ++ .long 0 // LoaderFlags ++ .long 0x10 // NumberOfRvaAndSizes ++ ++ .quad 0 // ExportTable ++ .quad 0 // ImportTable ++ .quad 0 // ResourceTable ++ .quad 0 // ExceptionTable ++ .quad 0 // CertificationTable ++ .quad 0 // BaseRelocationTable ++ .quad 0 // DebugTable ++ .quad 0 // ArchTable ++ .quad 0 // GlobalPointerTable ++ .quad 0 // .tls ++ .quad 0 // LoadConfigTable ++ .quad 0 // BoundImportsTable ++ .quad 0 // ImportAddressTable ++ .quad 0 // DelayLoadImportTable ++ .quad 0 // ClrRuntimeHeader (.cor) ++ .quad 0 // Reserved ++ ++ // Section table ++section_table: ++ .ascii ".text" ++ .byte 0 ++ .byte 0 ++ .byte 0 // end of 0 padding of section name ++ ++ .long _edata - _start // VirtualSize ++ .long _start - ImageBase // VirtualAddress ++ .long _edata - _start // SizeOfRawData ++ .long _start - ImageBase // PointerToRawData ++ .long 0 // PointerToRelocations (0 for executables) ++ .long 0 // PointerToLineNumbers (0 for executables) ++ .short 0 // NumberOfRelocations (0 for executables) ++ .short 0 // NumberOfLineNumbers (0 for executables) ++ .long 0x60500020 // Characteristics (section flags) ++ ++ /* ++ * The EFI application loader requires a relocation section ++ * because EFI applications must be relocatable. This is a ++ * dummy section as far as we are concerned. ++ */ ++ .ascii ".reloc" ++ .byte 0 ++ .byte 0 // end of 0 padding of section name ++ ++ .long 0 // VirtualSize ++ .long 0 // VirtualAddress ++ .long 0 // SizeOfRawData ++ .long 0 // PointerToRawData ++ .long 0 // PointerToRelocations ++ .long 0 // PointerToLineNumbers ++ .short 0 // NumberOfRelocations ++ .short 0 // NumberOfLineNumbers ++ .long 0x42100040 // Characteristics (section flags) ++ ++ /* most if not all ia32 binaries binutils makes seem to have .text ++ * starting at 0x400; no reason to assume that's a bad idea. */ ++ .align 1024 ++ ++_start: ++ pushl %ebp ++ movl %esp,%ebp ++ ++ pushl 12(%ebp) # copy "image" argument ++ pushl 8(%ebp) # copy "systab" argument ++ ++ call 0f ++0: popl %eax ++ movl %eax,%ebx ++ ++ addl $ImageBase-0b,%eax # %eax = ldbase ++ addl $_DYNAMIC-0b,%ebx # %ebx = _DYNAMIC ++ ++ pushl %ebx # pass _DYNAMIC as second argument ++ pushl %eax # pass ldbase as first argument ++ call _relocate ++ popl %ebx ++ popl %ebx ++ testl %eax,%eax ++ jne .exit ++ ++ call efi_main # call app with "image" and "systab" argument ++ ++.exit: ++ leave ++ ret +diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds +index 12d4085..b649e15 100644 +--- a/elf_ia32_efi.lds ++++ b/elf_ia32_efi.lds +@@ -3,61 +3,56 @@ OUTPUT_ARCH(i386) + ENTRY(_start) + SECTIONS + { +- . = 0; +- ImageBase = .; +- .hash : { *(.hash) } /* this MUST come first! */ +- . = ALIGN(4096); +- .text : +- { +- *(.text) +- *(.text.*) +- *(.gnu.linkonce.t.*) +- } +- .reloc : +- { +- *(.reloc) ++ .text 0x0 : { ++ *(.text.head) ++ *(.text) ++ *(.text.*) ++ *(.gnu.linkonce.t.*) ++ *(.srodata) ++ *(.rodata*) ++ . = ALIGN(16); ++ _etext = .; + } +- . = ALIGN(4096); ++ .dynamic : { *(.dynamic) } + .data : + { +- *(.rodata*) +- *(.data) +- *(.data1) +- *(.data.*) +- *(.sdata) +- *(.got.plt) +- *(.got) +- /* the EFI loader doesn't seem to like a .bss section, so we stick +- it all into .data: */ +- *(.sbss) +- *(.scommon) +- *(.dynbss) +- *(.bss) +- *(COMMON) ++ *(.sdata) ++ *(.data) ++ *(.data1) ++ *(.data.*) ++ *(.got.plt) ++ *(.got) ++ ++ /* the EFI loader doesn't seem to like a .bss section, so we stick ++ * it all into .data: */ ++ . = ALIGN(16); ++ _bss = .; ++ *(.sbss) ++ *(.scommon) ++ *(.dynbss) ++ *(.bss) ++ *(COMMON) ++ . = ALIGN(16); ++ _bss_end = .; + } + . = ALIGN(4096); + .vendor_cert : + { +- *(.vendor_cert) ++ *(.vendor_cert) + } ++ + . = ALIGN(4096); +- .dynamic : { *(.dynamic) } +- . = ALIGN(4096); +- .rel : +- { +- *(.rel.data) +- *(.rel.data.*) +- *(.rel.got) +- *(.rel.stab) +- *(.data.rel.ro.local) +- *(.data.rel.local) +- *(.data.rel.ro) +- *(.data.rel*) +- } ++ .rel.dyn : { *(.rel.dyn) } ++ .rel.plt : { *(.rel.plt) } ++ .rel.got : { *(.rel.got) } ++ .rel.data : { *(.rel.data) *(.rel.data*) } ++ _edata = .; ++ _data_size = . - _etext; ++ + . = ALIGN(4096); +- .dynsym : { *(.dynsym) } ++ .dynsym : { *(.dynsym) } + . = ALIGN(4096); +- .dynstr : { *(.dynstr) } ++ .dynstr : { *(.dynstr) } + . = ALIGN(4096); + /DISCARD/ : + { +-- +1.9.3 + diff --git a/SOURCES/0062-Make-list_keys-index-variables-all-be-signed.patch b/SOURCES/0062-Make-list_keys-index-variables-all-be-signed.patch new file mode 100644 index 0000000..c93d5be --- /dev/null +++ b/SOURCES/0062-Make-list_keys-index-variables-all-be-signed.patch @@ -0,0 +1,34 @@ +From 9db91ca0e1f7ac94871f34f654b41cbb7f9e2da1 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 21 Sep 2014 13:19:30 -0400 +Subject: [PATCH 62/74] Make list_keys() index variables all be signed. + +We build with -Werror=signed-compare in fedora/rhel rpms, and this +showed up. + +Signed-off-by: Peter Jones +--- + MokManager.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/MokManager.c b/MokManager.c +index 50cb9d7..ecbcdd3 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -436,11 +436,11 @@ static void show_mok_info (void *Mok, UINTN MokSize) + + static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) + { +- UINT32 MokNum = 0; ++ INTN MokNum = 0; + MokListNode *keys = NULL; + INTN key_num = 0; + CHAR16 **menu_strings; +- unsigned int i; ++ int i; + + if (KeyListSize < (sizeof(EFI_SIGNATURE_LIST) + + sizeof(EFI_SIGNATURE_DATA))) { +-- +1.9.3 + diff --git a/SOURCES/0063-Revert-header-changes.patch b/SOURCES/0063-Revert-header-changes.patch new file mode 100644 index 0000000..3a70cf7 --- /dev/null +++ b/SOURCES/0063-Revert-header-changes.patch @@ -0,0 +1,702 @@ +From c6281c6a195edee611858a8d802ff5f3dee34aa5 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 30 Sep 2014 22:47:39 -0400 +Subject: [PATCH 63/74] Revert header changes + +Revert "Do the same for ia32..." +and "Generate a sane PE header on shim, fallback, and MokManager." +This reverts commit 6744a7ef8eca44948565c3d1244ec931ed3f6fee. +and commit 0e7ba5947eb38b79de2051ecf3b95055e620475c. + +These are premature and I can do this without such drastic measures. + +Signed-off-by: Peter Jones +--- + Makefile | 42 +++---------- + crt0-efi-ia32.S | 180 ----------------------------------------------------- + crt0-efi-x86_64.S | 177 ---------------------------------------------------- + elf_ia32_efi.lds | 83 ++++++++++++------------ + elf_x86_64_efi.lds | 85 +++++++++++++------------ + 5 files changed, 97 insertions(+), 470 deletions(-) + delete mode 100644 crt0-efi-ia32.S + delete mode 100644 crt0-efi-x86_64.S + +diff --git a/Makefile b/Makefile +index a52984f..5bc513c 100644 +--- a/Makefile ++++ b/Makefile +@@ -6,25 +6,16 @@ ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) + + SUBDIRS = Cryptlib lib + ++LIB_PATH = /usr/lib64 ++ + EFI_INCLUDE := /usr/include/efi + EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude +-ifeq ($(ARCH),ia32) +-LIB_PATH := /usr/lib +-EFI_PATH := /usr/lib/gnuefi +-endif +-LIB_PATH ?= /usr/lib64 +-EFI_PATH ?= /usr/lib64/gnuefi ++EFI_PATH := /usr/lib64/gnuefi + + LIB_GCC = $(shell $(CC) -print-libgcc-file-name) + EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) + +-ifeq ($(ARCH),x86_64) +-EFI_CRT_OBJS := crt0-efi-$(ARCH).o +-else ifeq ($(ARCH),ia32) +-EFI_CRT_OBJS := crt0-efi-$(ARCH).o +-else +-EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o +-endif ++EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o + EFI_LDS = elf_$(ARCH)_efi.lds + + DEFAULT_LOADER := \\\\grub.efi +@@ -61,11 +52,11 @@ ifneq ($(origin VENDOR_DBX_FILE), undefined) + CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" + endif + +-LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL ++LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) + + VERSION = 0.7 + +-TARGET += shim.efi MokManager.efi.signed fallback.efi.signed ++TARGET = shim.efi MokManager.efi.signed fallback.efi.signed + OBJS = shim.o netboot.o cert.o replacements.o version.o + KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer + SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h +@@ -103,17 +94,17 @@ shim.o: $(SOURCES) shim_cert.h + cert.o : cert.S + $(CC) $(CFLAGS) -c -o $@ $< + +-shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) ++shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) + + fallback.o: $(FALLBACK_SRCS) + +-fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) ++fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) + + MokManager.o: $(MOK_SOURCES) + +-MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) ++MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a + + Cryptlib/libcryptlib.a: +@@ -137,23 +128,8 @@ SUBSYSTEM := 0xa + LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) + endif + +-ifeq ($(ARCH),x86_64) +-FORMAT := -O binary +-SUBSYSTEM := 0xa +-LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) +-endif +- +-ifeq ($(ARCH),ia32) +-FORMAT := -O binary +-SUBSYSTEM := 0xa +-LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) +-endif +- + FORMAT ?= --target efi-app-$(ARCH) + +-crt0-efi-$(ARCH).o : crt0-efi-$(ARCH).S +- $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $< +- + %.efi: %.so + $(OBJCOPY) -j .text -j .sdata -j .data \ + -j .dynamic -j .dynsym -j .rel* \ +diff --git a/crt0-efi-ia32.S b/crt0-efi-ia32.S +deleted file mode 100644 +index 70b5b44..0000000 +--- a/crt0-efi-ia32.S ++++ /dev/null +@@ -1,180 +0,0 @@ +-/* crt0-efi-x86_64.S - x86_64 EFI startup code. +- * +- * Copyright 2014 Red Hat, Inc. +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the +- * distribution. +- * +- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +- * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- */ +- .section .text.head +- +- /* +- * Magic "MZ" signature for PE/COFF +- */ +- .globl ImageBase +-ImageBase: +- .ascii "MZ" +- .skip 58 // 'MZ' + pad + offset == 64 +- .long pe_header - ImageBase // Offset to the PE header. +- .long 0x0eba1f0e /* terrifying code */ +- .long 0xcd09b400 /* terrifying code */ +- .long 0x4c01b821 /* terrifying code */ +- .short 0x21cd /* terrfiying code */ +- .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ +- .skip 9 +-pe_header: +- .ascii "PE" +- .short 0 +-coff_header: +- .short 0x014c // i386 +- .short 1 // nr_sections +- .long 0 // TimeDateStamp +- .long 0 // PointerToSymbolTable +- .long 0 // NumberOfSymbols +- .short section_table - optional_header // SizeOfOptionalHeader +- .short 0x306 // Characteristics. +- // IMAGE_FILE_DEBUG_STRIPPED | +- // IMAGE_FILE_EXECUTABLE_IMAGE | +- // IMAGE_FILE_LINE_NUMS_STRIPPED +- // | IMAGE_FILE_32BIT_MACHINE +-optional_header: +- .short 0x10b // PE32+ format +- .byte 0x02 // MajorLinkerVersion +- .byte 0x18 // MinorLinkerVersion +- .long _edata - _start // SizeOfCode +- .long 0 // SizeOfInitializedData +- .long 0 // SizeOfUninitializedData +- .long _start - ImageBase // AddressOfEntryPoint +- .long _start - ImageBase // BaseOfCode +- .long 0 // BaseOfData +- +-extra_header_fields: +- .long 0 // ImageBase +- .long 0x20 // SectionAlignment +- .long 0x8 // FileAlignment +- .short 0 // MajorOperatingSystemVersion +- .short 0 // MinorOperatingSystemVersion +- .short 0 // MajorImageVersion +- .short 0 // MinorImageVersion +- .short 0 // MajorSubsystemVersion +- .short 0 // MinorSubsystemVersion +- .long 0 // Win32VersionValue +- +- .long _edata - ImageBase // SizeOfImage +- +- // Everything before the kernel image is considered part of the header +- .long _start - ImageBase // SizeOfHeaders +- .long 0 // CheckSum +- .short EFI_SUBSYSTEM // Subsystem +- .short 0 // DllCharacteristics +- .long 0 // SizeOfStackReserve +- .long 0 // SizeOfStackCommit +- .long 0 // SizeOfHeapReserve +- .long 0 // SizeOfHeapCommit +- .long 0 // LoaderFlags +- .long 0x10 // NumberOfRvaAndSizes +- +- .quad 0 // ExportTable +- .quad 0 // ImportTable +- .quad 0 // ResourceTable +- .quad 0 // ExceptionTable +- .quad 0 // CertificationTable +- .quad 0 // BaseRelocationTable +- .quad 0 // DebugTable +- .quad 0 // ArchTable +- .quad 0 // GlobalPointerTable +- .quad 0 // .tls +- .quad 0 // LoadConfigTable +- .quad 0 // BoundImportsTable +- .quad 0 // ImportAddressTable +- .quad 0 // DelayLoadImportTable +- .quad 0 // ClrRuntimeHeader (.cor) +- .quad 0 // Reserved +- +- // Section table +-section_table: +- .ascii ".text" +- .byte 0 +- .byte 0 +- .byte 0 // end of 0 padding of section name +- +- .long _edata - _start // VirtualSize +- .long _start - ImageBase // VirtualAddress +- .long _edata - _start // SizeOfRawData +- .long _start - ImageBase // PointerToRawData +- .long 0 // PointerToRelocations (0 for executables) +- .long 0 // PointerToLineNumbers (0 for executables) +- .short 0 // NumberOfRelocations (0 for executables) +- .short 0 // NumberOfLineNumbers (0 for executables) +- .long 0x60500020 // Characteristics (section flags) +- +- /* +- * The EFI application loader requires a relocation section +- * because EFI applications must be relocatable. This is a +- * dummy section as far as we are concerned. +- */ +- .ascii ".reloc" +- .byte 0 +- .byte 0 // end of 0 padding of section name +- +- .long 0 // VirtualSize +- .long 0 // VirtualAddress +- .long 0 // SizeOfRawData +- .long 0 // PointerToRawData +- .long 0 // PointerToRelocations +- .long 0 // PointerToLineNumbers +- .short 0 // NumberOfRelocations +- .short 0 // NumberOfLineNumbers +- .long 0x42100040 // Characteristics (section flags) +- +- /* most if not all ia32 binaries binutils makes seem to have .text +- * starting at 0x400; no reason to assume that's a bad idea. */ +- .align 1024 +- +-_start: +- pushl %ebp +- movl %esp,%ebp +- +- pushl 12(%ebp) # copy "image" argument +- pushl 8(%ebp) # copy "systab" argument +- +- call 0f +-0: popl %eax +- movl %eax,%ebx +- +- addl $ImageBase-0b,%eax # %eax = ldbase +- addl $_DYNAMIC-0b,%ebx # %ebx = _DYNAMIC +- +- pushl %ebx # pass _DYNAMIC as second argument +- pushl %eax # pass ldbase as first argument +- call _relocate +- popl %ebx +- popl %ebx +- testl %eax,%eax +- jne .exit +- +- call efi_main # call app with "image" and "systab" argument +- +-.exit: +- leave +- ret +diff --git a/crt0-efi-x86_64.S b/crt0-efi-x86_64.S +deleted file mode 100644 +index f334a63..0000000 +--- a/crt0-efi-x86_64.S ++++ /dev/null +@@ -1,177 +0,0 @@ +-/* crt0-efi-x86_64.S - x86_64 EFI startup code. +- * +- * Copyright 2014 Red Hat, Inc. +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the +- * distribution. +- * +- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +- * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- */ +- .section .text.head +- +- /* +- * Magic "MZ" signature for PE/COFF +- */ +- .globl ImageBase +-ImageBase: +- .ascii "MZ" +- .skip 58 // 'MZ' + pad + offset == 64 +- .long pe_header - ImageBase // Offset to the PE header. +- .long 0x0eba1f0e /* terrifying code */ +- .long 0xcd09b400 /* terrifying code */ +- .long 0x4c01b821 /* terrifying code */ +- .short 0x21cd /* terrfiying code */ +- .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ +- .skip 9 +-pe_header: +- .ascii "PE" +- .short 0 +-coff_header: +- .short 0x8664 // x86_64 +- .short 1 // nr_sections +- .long 0 // TimeDateStamp +- .long 0 // PointerToSymbolTable +- .long 0 // NumberOfSymbols +- .short section_table - optional_header // SizeOfOptionalHeader +- .short 0x206 // Characteristics. +- // IMAGE_FILE_DEBUG_STRIPPED | +- // IMAGE_FILE_EXECUTABLE_IMAGE | +- // IMAGE_FILE_LINE_NUMS_STRIPPED +-optional_header: +- .short 0x20b // PE32+ format +- .byte 0x02 // MajorLinkerVersion +- .byte 0x18 // MinorLinkerVersion +- .long _edata - _start // SizeOfCode +- .long 0 // SizeOfInitializedData +- .long 0 // SizeOfUninitializedData +- .long _start - ImageBase // AddressOfEntryPoint +- .long _start - ImageBase // BaseOfCode +- +-extra_header_fields: +- .quad 0 // ImageBase +- .long 0x20 // SectionAlignment +- .long 0x8 // FileAlignment +- .short 0 // MajorOperatingSystemVersion +- .short 0 // MinorOperatingSystemVersion +- .short 0 // MajorImageVersion +- .short 0 // MinorImageVersion +- .short 0 // MajorSubsystemVersion +- .short 0 // MinorSubsystemVersion +- .long 0 // Win32VersionValue +- +- .long _edata - ImageBase // SizeOfImage +- +- // Everything before the kernel image is considered part of the header +- .long _start - ImageBase // SizeOfHeaders +- .long 0 // CheckSum +- .short EFI_SUBSYSTEM // Subsystem +- .short 0 // DllCharacteristics +- .quad 0 // SizeOfStackReserve +- .quad 0 // SizeOfStackCommit +- .quad 0 // SizeOfHeapReserve +- .quad 0 // SizeOfHeapCommit +- .long 0 // LoaderFlags +- .long 0x10 // NumberOfRvaAndSizes +- +- .quad 0 // ExportTable +- .quad 0 // ImportTable +- .quad 0 // ResourceTable +- .quad 0 // ExceptionTable +- .quad 0 // CertificationTable +- .quad 0 // BaseRelocationTable +- .quad 0 // DebugTable +- .quad 0 // ArchTable +- .quad 0 // GlobalPointerTable +- .quad 0 // .tls +- .quad 0 // LoadConfigTable +- .quad 0 // BoundImportsTable +- .quad 0 // ImportAddressTable +- .quad 0 // DelayLoadImportTable +- .quad 0 // ClrRuntimeHeader (.cor) +- .quad 0 // Reserved +- +- // Section table +-section_table: +- .ascii ".text" +- .byte 0 +- .byte 0 +- .byte 0 // end of 0 padding of section name +- +- .long _edata - _start // VirtualSize +- .long _start - ImageBase // VirtualAddress +- .long _edata - _start // SizeOfRawData +- .long _start - ImageBase // PointerToRawData +- .long 0 // PointerToRelocations (0 for executables) +- .long 0 // PointerToLineNumbers (0 for executables) +- .short 0 // NumberOfRelocations (0 for executables) +- .short 0 // NumberOfLineNumbers (0 for executables) +- .long 0x60500020 // Characteristics (section flags) +- +- /* +- * The EFI application loader requires a relocation section +- * because EFI applications must be relocatable. This is a +- * dummy section as far as we are concerned. +- */ +- .ascii ".reloc" +- .byte 0 +- .byte 0 // end of 0 padding of section name +- +- .long 0 // VirtualSize +- .long 0 // VirtualAddress +- .long 0 // SizeOfRawData +- .long 0 // PointerToRawData +- .long 0 // PointerToRelocations +- .long 0 // PointerToLineNumbers +- .short 0 // NumberOfRelocations +- .short 0 // NumberOfLineNumbers +- .long 0x42100040 // Characteristics (section flags) +- +- /* x86-64 needs this padding here; without it, some machines simply +- * refuse to admit this is an EFI binary. I'm not really sure why; +- * reading the spec, it's unclear, but you'd expect it would need to +- * be aligned to (1 << FileAlignment), which would mean not having +- * the spacing. +- */ +- .quad 0 +-_start: +- subq $8, %rsp +- pushq %rcx +- pushq %rdx +- +-0: +- lea ImageBase(%rip), %rdi +- lea _DYNAMIC(%rip), %rsi +- +- popq %rcx +- popq %rdx +- pushq %rcx +- pushq %rdx +- call _relocate +- +- popq %rdi +- popq %rsi +- +- call efi_main +- addq $8, %rsp +- +-.exit: +- ret +diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds +index b649e15..12d4085 100644 +--- a/elf_ia32_efi.lds ++++ b/elf_ia32_efi.lds +@@ -3,56 +3,61 @@ OUTPUT_ARCH(i386) + ENTRY(_start) + SECTIONS + { +- .text 0x0 : { +- *(.text.head) +- *(.text) +- *(.text.*) +- *(.gnu.linkonce.t.*) +- *(.srodata) +- *(.rodata*) +- . = ALIGN(16); +- _etext = .; ++ . = 0; ++ ImageBase = .; ++ .hash : { *(.hash) } /* this MUST come first! */ ++ . = ALIGN(4096); ++ .text : ++ { ++ *(.text) ++ *(.text.*) ++ *(.gnu.linkonce.t.*) ++ } ++ .reloc : ++ { ++ *(.reloc) + } +- .dynamic : { *(.dynamic) } ++ . = ALIGN(4096); + .data : + { +- *(.sdata) +- *(.data) +- *(.data1) +- *(.data.*) +- *(.got.plt) +- *(.got) +- +- /* the EFI loader doesn't seem to like a .bss section, so we stick +- * it all into .data: */ +- . = ALIGN(16); +- _bss = .; +- *(.sbss) +- *(.scommon) +- *(.dynbss) +- *(.bss) +- *(COMMON) +- . = ALIGN(16); +- _bss_end = .; ++ *(.rodata*) ++ *(.data) ++ *(.data1) ++ *(.data.*) ++ *(.sdata) ++ *(.got.plt) ++ *(.got) ++ /* the EFI loader doesn't seem to like a .bss section, so we stick ++ it all into .data: */ ++ *(.sbss) ++ *(.scommon) ++ *(.dynbss) ++ *(.bss) ++ *(COMMON) + } + . = ALIGN(4096); + .vendor_cert : + { +- *(.vendor_cert) ++ *(.vendor_cert) + } +- + . = ALIGN(4096); +- .rel.dyn : { *(.rel.dyn) } +- .rel.plt : { *(.rel.plt) } +- .rel.got : { *(.rel.got) } +- .rel.data : { *(.rel.data) *(.rel.data*) } +- _edata = .; +- _data_size = . - _etext; +- ++ .dynamic : { *(.dynamic) } ++ . = ALIGN(4096); ++ .rel : ++ { ++ *(.rel.data) ++ *(.rel.data.*) ++ *(.rel.got) ++ *(.rel.stab) ++ *(.data.rel.ro.local) ++ *(.data.rel.local) ++ *(.data.rel.ro) ++ *(.data.rel*) ++ } + . = ALIGN(4096); +- .dynsym : { *(.dynsym) } ++ .dynsym : { *(.dynsym) } + . = ALIGN(4096); +- .dynstr : { *(.dynstr) } ++ .dynstr : { *(.dynstr) } + . = ALIGN(4096); + /DISCARD/ : + { +diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds +index 091187b..f981102 100644 +--- a/elf_x86_64_efi.lds ++++ b/elf_x86_64_efi.lds +@@ -4,60 +4,63 @@ OUTPUT_ARCH(i386:x86-64) + ENTRY(_start) + SECTIONS + { +- .text 0x0 : { +- *(.text.head) +- *(.text) +- *(.text.*) +- *(.gnu.linkonce.t.*) +- *(.srodata) +- *(.rodata*) +- . = ALIGN(16); +- _etext = .; ++ . = 0; ++ ImageBase = .; ++ .hash : { *(.hash) } /* this MUST come first! */ ++ . = ALIGN(4096); ++ .eh_frame : ++ { ++ *(.eh_frame) ++ } ++ . = ALIGN(4096); ++ .text : ++ { ++ *(.text) ++ } ++ . = ALIGN(4096); ++ .reloc : ++ { ++ *(.reloc) + } +- .dynamic : { *(.dynamic) } ++ . = ALIGN(4096); + .data : + { +- *(.sdata) +- *(.data) +- *(.data1) +- *(.data.*) +- *(.got.plt) +- *(.got) +- +- /* the EFI loader doesn't seem to like a .bss section, so we stick +- * it all into .data: */ +- . = ALIGN(16); +- _bss = .; +- *(.sbss) +- *(.scommon) +- *(.dynbss) +- *(.bss) +- *(COMMON) +- . = ALIGN(16); +- _bss_end = .; ++ *(.rodata*) ++ *(.got.plt) ++ *(.got) ++ *(.data*) ++ *(.sdata) ++ /* the EFI loader doesn't seem to like a .bss section, so we stick ++ it all into .data: */ ++ *(.sbss) ++ *(.scommon) ++ *(.dynbss) ++ *(.bss) ++ *(COMMON) ++ *(.rel.local) + } + . = ALIGN(4096); + .vendor_cert : + { +- *(.vendor_cert) ++ *(.vendor_cert) + } +- + . = ALIGN(4096); +- .rela.dyn : { *(.rela.dyn) } +- .rela.plt : { *(.rela.plt) } +- .rela.got : { *(.rela.got) } +- .rela.data : { *(.rela.data) *(.rela.data*) } +- _edata = .; +- _data_size = . - _etext; +- ++ .dynamic : { *(.dynamic) } ++ . = ALIGN(4096); ++ .rela : ++ { ++ *(.rela.data*) ++ *(.rela.got) ++ *(.rela.stab) ++ } + . = ALIGN(4096); +- .dynsym : { *(.dynsym) } ++ .dynsym : { *(.dynsym) } + . = ALIGN(4096); +- .dynstr : { *(.dynstr) } ++ .dynstr : { *(.dynstr) } + . = ALIGN(4096); +- /DISCARD/ : ++ .ignored.reloc : + { +- *(.rel.reloc) ++ *(.rela.reloc) + *(.eh_frame) + *(.note.GNU-stack) + } +-- +1.9.3 + diff --git a/SOURCES/0064-Actually-find-the-relocations-correctly-and-process-.patch b/SOURCES/0064-Actually-find-the-relocations-correctly-and-process-.patch new file mode 100644 index 0000000..f9e8c05 --- /dev/null +++ b/SOURCES/0064-Actually-find-the-relocations-correctly-and-process-.patch @@ -0,0 +1,200 @@ +From a846aedd0e9dfe26ca6afaf6a1db8a54c20363c1 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 30 Sep 2014 18:52:59 -0400 +Subject: [PATCH 64/74] Actually find the relocations correctly and process + them that way. + +Find the relocations based on the *file* address in the old binary, +because it's only the same as the virtual address some of the time. + +Also perform some extra validation before processing it, and don't bail +out in /error/ if both ReloceBase and RelocEnd are null - that condition +is fine. + +Signed-off-by: Peter Jones +--- + shim.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 77 insertions(+), 13 deletions(-) + +diff --git a/shim.c b/shim.c +index 7cd4182..4baf8b1 100644 +--- a/shim.c ++++ b/shim.c +@@ -222,6 +222,7 @@ image_is_loadable(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr) + * Perform the actual relocation + */ + static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, ++ EFI_IMAGE_SECTION_HEADER *Section, + void *orig, void *data) + { + EFI_IMAGE_BASE_RELOCATION *RelocBase, *RelocBaseEnd; +@@ -233,14 +234,46 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + UINT64 *Fixup64; + int size = context->ImageSize; + void *ImageEnd = (char *)orig + size; ++ int n = 0; + + if (image_is_64_bit(context->PEHdr)) + context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)(unsigned long)data; + else + context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)(unsigned long)data; + +- RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress); +- RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); ++ /* Alright, so here's how this works: ++ * ++ * context->RelocDir gives us two things: ++ * - the VA the table of base relocation blocks are (maybe) to be ++ * mapped at (RelocDir->VirtualAddress) ++ * - the virtual size (RelocDir->Size) ++ * ++ * The .reloc section (Section here) gives us some other things: ++ * - the name! kind of. (Section->Name) ++ * - the virtual size (Section->VirtualSize), which should be the same ++ * as RelocDir->Size ++ * - the virtual address (Section->VirtualAddress) ++ * - the file section size (Section->SizeOfRawData), which is ++ * a multiple of OptHdr->FileAlignment. Only useful for image ++ * validation, not really useful for iteration bounds. ++ * - the file address (Section->PointerToRawData) ++ * - a bunch of stuff we don't use that's 0 in our binaries usually ++ * - Flags (Section->Characteristics) ++ * ++ * and then the thing that's actually at the file address is an array ++ * of EFI_IMAGE_BASE_RELOCATION structs with some values packed behind ++ * them. The SizeOfBlock field of this structure includes the ++ * structure itself, and adding it to that structure's address will ++ * yield the next entry in the array. ++ */ ++ RelocBase = ImageAddress(orig, size, Section->PointerToRawData); ++ /* RelocBaseEnd here is the address of the first entry /past/ the ++ * table. */ ++ RelocBaseEnd = ImageAddress(orig, size, Section->PointerToRawData + ++ Section->Misc.VirtualSize); ++ ++ if (!RelocBase && !RelocBaseEnd) ++ return EFI_SUCCESS; + + if (!RelocBase || !RelocBaseEnd) { + perror(L"Reloc table overflows binary\n"); +@@ -256,19 +289,19 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION)); + + if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) { +- perror(L"Reloc block size %d is invalid\n", RelocBase->SizeOfBlock); ++ perror(L"Reloc %d block size %d is invalid\n", n, RelocBase->SizeOfBlock); + return EFI_UNSUPPORTED; + } + + RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock); + if ((void *)RelocEnd < orig || (void *)RelocEnd > ImageEnd) { +- perror(L"Reloc entry overflows binary\n"); ++ perror(L"Reloc %d entry overflows binary\n", n); + return EFI_UNSUPPORTED; + } + + FixupBase = ImageAddress(data, size, RelocBase->VirtualAddress); + if (!FixupBase) { +- perror(L"Invalid fixupbase\n"); ++ perror(L"Reloc %d Invalid fixupbase\n", n); + return EFI_UNSUPPORTED; + } + +@@ -317,12 +350,13 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + break; + + default: +- perror(L"Unknown relocation\n"); ++ perror(L"Reloc %d Unknown relocation\n", n); + return EFI_UNSUPPORTED; + } + Reloc += 1; + } + RelocBase = (EFI_IMAGE_BASE_RELOCATION *) RelocEnd; ++ n++; + } + + return EFI_SUCCESS; +@@ -1102,15 +1136,21 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + + CopyMem(buffer, data, context.SizeOfHeaders); + ++ char *RelocBase, *RelocBaseEnd; ++ RelocBase = ImageAddress(buffer, datasize, ++ context.RelocDir->VirtualAddress); ++ /* RelocBaseEnd here is the address of the last byte of the table */ ++ RelocBaseEnd = ImageAddress(buffer, datasize, ++ context.RelocDir->VirtualAddress + ++ context.RelocDir->Size - 1); ++ ++ EFI_IMAGE_SECTION_HEADER *RelocSection = NULL; ++ + /* + * Copy the executable's sections to their desired offsets + */ + Section = context.FirstSection; + for (i = 0; i < context.NumberOfSections; i++, Section++) { +- if (Section->Characteristics & 0x02000000) +- /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */ +- continue; +- + size = Section->Misc.VirtualSize; + + if (size > Section->SizeOfRawData) +@@ -1118,7 +1158,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + + base = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress); + end = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress + size - 1); +- + if (!base || !end) { + perror(L"Invalid section size\n"); + return EFI_UNSUPPORTED; +@@ -1130,6 +1169,30 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + return EFI_UNSUPPORTED; + } + ++ /* We do want to process .reloc, but it's often marked ++ * discardable, so we don't want to memcpy it. */ ++ if (CompareMem(Section->Name, ".reloc\0\0", 8) == 0) { ++ if (RelocSection) { ++ perror(L"Image has multiple relocation sections\n"); ++ return EFI_UNSUPPORTED; ++ } ++ /* If it has nonzero sizes, and our bounds check ++ * made sense, and the VA and size match RelocDir's ++ * versions, then we believe in this section table. */ ++ if (Section->SizeOfRawData && ++ Section->Misc.VirtualSize && ++ base && end && ++ RelocBase == base && ++ RelocBaseEnd == end) { ++ RelocSection = Section; ++ } ++ } ++ ++ if (Section->Characteristics & 0x02000000) { ++ /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */ ++ continue; ++ } ++ + if (Section->SizeOfRawData > 0) + CopyMem(base, data + Section->PointerToRawData, size); + +@@ -1143,11 +1206,12 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, + return EFI_UNSUPPORTED; + } + +- if (context.RelocDir->Size) { ++ if (context.RelocDir->Size && RelocSection) { + /* + * Run the relocation fixups + */ +- efi_status = relocate_coff(&context, data, buffer); ++ efi_status = relocate_coff(&context, RelocSection, data, ++ buffer); + + if (efi_status != EFI_SUCCESS) { + perror(L"Relocation failed: %r\n", efi_status); +-- +1.9.3 + diff --git a/SOURCES/0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch b/SOURCES/0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch new file mode 100644 index 0000000..7b48e8f --- /dev/null +++ b/SOURCES/0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch @@ -0,0 +1,90 @@ +From f14119502ee3301e1ae80b5ab7fbe1ba46580e23 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 1 Oct 2014 22:47:20 -0400 +Subject: [PATCH 65/74] Don't append an empty cert list to MokListRT if + vendor_cert_size is 0. + +Signed-off-by: Peter Jones +--- + shim.c | 63 ++++++++++++++++++++++++++++++++++----------------------------- + 1 file changed, 34 insertions(+), 29 deletions(-) + +diff --git a/shim.c b/shim.c +index 4baf8b1..a282ee3 100644 +--- a/shim.c ++++ b/shim.c +@@ -1698,37 +1698,42 @@ EFI_STATUS mirror_mok_list() + if (efi_status != EFI_SUCCESS) + DataSize = 0; + +- FullDataSize = DataSize +- + sizeof (*CertList) +- + sizeof (EFI_GUID) +- + vendor_cert_size +- ; +- FullData = AllocatePool(FullDataSize); +- if (!FullData) { +- perror(L"Failed to allocate space for MokListRT\n"); +- return EFI_OUT_OF_RESOURCES; +- } +- p = FullData; ++ if (vendor_cert_size) { ++ FullDataSize = DataSize ++ + sizeof (*CertList) ++ + sizeof (EFI_GUID) ++ + vendor_cert_size ++ ; ++ FullData = AllocatePool(FullDataSize); ++ if (!FullData) { ++ perror(L"Failed to allocate space for MokListRT\n"); ++ return EFI_OUT_OF_RESOURCES; ++ } ++ p = FullData; + +- if (efi_status == EFI_SUCCESS && DataSize > 0) { +- CopyMem(p, Data, DataSize); +- p += DataSize; ++ if (efi_status == EFI_SUCCESS && DataSize > 0) { ++ CopyMem(p, Data, DataSize); ++ p += DataSize; ++ } ++ CertList = (EFI_SIGNATURE_LIST *)p; ++ p += sizeof (*CertList); ++ CertData = (EFI_SIGNATURE_DATA *)p; ++ p += sizeof (EFI_GUID); ++ ++ CertList->SignatureType = EFI_CERT_X509_GUID; ++ CertList->SignatureListSize = vendor_cert_size ++ + sizeof (*CertList) ++ + sizeof (*CertData) ++ -1; ++ CertList->SignatureHeaderSize = 0; ++ CertList->SignatureSize = vendor_cert_size + sizeof (EFI_GUID); ++ ++ CertData->SignatureOwner = SHIM_LOCK_GUID; ++ CopyMem(p, vendor_cert, vendor_cert_size); ++ } else { ++ FullDataSize = DataSize; ++ FullData = Data; + } +- CertList = (EFI_SIGNATURE_LIST *)p; +- p += sizeof (*CertList); +- CertData = (EFI_SIGNATURE_DATA *)p; +- p += sizeof (EFI_GUID); +- +- CertList->SignatureType = EFI_CERT_X509_GUID; +- CertList->SignatureListSize = vendor_cert_size +- + sizeof (*CertList) +- + sizeof (*CertData) +- -1; +- CertList->SignatureHeaderSize = 0; +- CertList->SignatureSize = vendor_cert_size + sizeof (EFI_GUID); +- +- CertData->SignatureOwner = SHIM_LOCK_GUID; +- CopyMem(p, vendor_cert, vendor_cert_size); + + efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokListRT", + &shim_lock_guid, +-- +1.9.3 + diff --git a/SOURCES/0066-Fix-some-minor-testplan-errors.patch b/SOURCES/0066-Fix-some-minor-testplan-errors.patch new file mode 100644 index 0000000..f304978 --- /dev/null +++ b/SOURCES/0066-Fix-some-minor-testplan-errors.patch @@ -0,0 +1,37 @@ +From aa818fe639f103d9c40fcbc8342edd82ff5d49d2 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 1 Oct 2014 23:42:11 -0400 +Subject: [PATCH 66/74] Fix some minor testplan errors. + +Signed-off-by: Peter Jones +--- + testplan.txt | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/testplan.txt b/testplan.txt +index 2fbf238..ab88781 100644 +--- a/testplan.txt ++++ b/testplan.txt +@@ -12,7 +12,7 @@ How to test a new shim build for RHEL/fedora: + -s -c "Red Hat Test Certificate" + 6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi + cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \ +- /boot/efi/EFI/test/test.efi ++ /boot/efi/EFI/test/grubx64.efi + 7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\ . Also + leave an unsigned copy there: + pesign -i /boot/efi/EFI/redhat/grubx64.efi \ +@@ -38,7 +38,9 @@ How to test a new shim build for RHEL/fedora: + 12) put shim.efi there as well + cp /boot/efi/EFI/test/shim.efi /boot/efi/EFI/BOOT/BOOTX64.EFI + 13) enroll the current kernel's certificate with mokutil: +- mokutil --import ~/redhatsecurebootca2.cer ++ # this should be a /different/ cert than the one signing pesign-test-app. ++ # for instance use a RHEL cert for p-t-a and a fedora cert+kernel here. ++ mokutil --import ~/fedora-ca.cer + 14) put machine in setup mode + 15) boot to the UEFI shell + 16) run lockdown.efi from #4: +-- +1.9.3 + diff --git a/SOURCES/0067-Don-t-verify-images-with-the-empty-build-key.patch b/SOURCES/0067-Don-t-verify-images-with-the-empty-build-key.patch new file mode 100644 index 0000000..9ac183b --- /dev/null +++ b/SOURCES/0067-Don-t-verify-images-with-the-empty-build-key.patch @@ -0,0 +1,31 @@ +From db43ba5a5fcb88e3b0acac0da5737e499be236a2 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 30 Sep 2014 16:13:27 +0800 +Subject: [PATCH 67/74] Don't verify images with the empty build key + +We replaced the build key with an empty file while compiling shim +for our distro. Skip the verification with the empty build key +since this makes no sense. + +Signed-off-by: Gary Ching-Pang Lin +--- + shim.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/shim.c b/shim.c +index a282ee3..8076caa 100644 +--- a/shim.c ++++ b/shim.c +@@ -949,7 +949,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize, + /* + * Check against the shim build key + */ +- if (AuthenticodeVerify(cert->CertData, ++ if (sizeof(shim_cert) && ++ AuthenticodeVerify(cert->CertData, + context->SecDir->Size - sizeof(cert->Hdr), + shim_cert, sizeof(shim_cert), sha256hash, + SHA256_DIGEST_SIZE)) { +-- +1.9.3 + diff --git a/SOURCES/0068-Cryptlib-remove-the-unused-files.patch b/SOURCES/0068-Cryptlib-remove-the-unused-files.patch new file mode 100644 index 0000000..6a1eea2 --- /dev/null +++ b/SOURCES/0068-Cryptlib-remove-the-unused-files.patch @@ -0,0 +1,1265 @@ +From 663a5ca59d8b0037b3d1b445ce93ae3181f03685 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 30 Sep 2014 15:27:19 +0800 +Subject: [PATCH 68/74] Cryptlib: remove the unused files + +I mistakenly added CryptPkcs7VerifyNull.c which may make Pkcs7Verify +always return FALSE. Besides CryptPkcs7VerifyNull.c, there are some +functions we would never use. This commit removes those files to +avoid any potential trouble. + +Signed-off-by: Gary Ching-Pang Lin +--- + Cryptlib/Makefile | 5 +- + Cryptlib/Pk/CryptDh.c | 328 -------------------------------- + Cryptlib/Pk/CryptDhNull.c | 156 +++++++++++++++ + Cryptlib/Pk/CryptPkcs7Sign.c | 207 -------------------- + Cryptlib/Pk/CryptPkcs7VerifyNull.c | 100 ---------- + Cryptlib/Pk/CryptRsaExt.c | 377 ------------------------------------- + Cryptlib/update.sh | 5 +- + 7 files changed, 158 insertions(+), 1020 deletions(-) + delete mode 100644 Cryptlib/Pk/CryptDh.c + create mode 100644 Cryptlib/Pk/CryptDhNull.c + delete mode 100644 Cryptlib/Pk/CryptPkcs7Sign.c + delete mode 100644 Cryptlib/Pk/CryptPkcs7VerifyNull.c + delete mode 100644 Cryptlib/Pk/CryptRsaExt.c + +diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile +index 73a1e2b..9719a27 100644 +--- a/Cryptlib/Makefile ++++ b/Cryptlib/Makefile +@@ -25,13 +25,10 @@ OBJS = Hash/CryptMd4.o \ + Cipher/CryptArc4.o \ + Rand/CryptRand.o \ + Pk/CryptRsaBasic.o \ +- Pk/CryptRsaExt.o \ + Pk/CryptRsaExtNull.o \ +- Pk/CryptPkcs7Sign.o \ + Pk/CryptPkcs7SignNull.o \ + Pk/CryptPkcs7Verify.o \ +- Pk/CryptPkcs7VerifyNull.o \ +- Pk/CryptDh.o \ ++ Pk/CryptDhNull.o \ + Pk/CryptX509.o \ + Pk/CryptAuthenticode.o \ + Pem/CryptPem.o \ +diff --git a/Cryptlib/Pk/CryptDh.c b/Cryptlib/Pk/CryptDh.c +deleted file mode 100644 +index 942b3d1..0000000 +--- a/Cryptlib/Pk/CryptDh.c ++++ /dev/null +@@ -1,328 +0,0 @@ +-/** @file +- Diffie-Hellman Wrapper Implementation over OpenSSL. +- +-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
+-This program and the accompanying materials +-are licensed and made available under the terms and conditions of the BSD License +-which accompanies this distribution. The full text of the license may be found at +-http://opensource.org/licenses/bsd-license.php +- +-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +- +-**/ +- +-#include "InternalCryptLib.h" +-#include +- +- +-/** +- Allocates and Initializes one Diffie-Hellman Context for subsequent use. +- +- @return Pointer to the Diffie-Hellman Context that has been initialized. +- If the allocations fails, DhNew() returns NULL. +- +-**/ +-VOID * +-EFIAPI +-DhNew ( +- VOID +- ) +-{ +- // +- // Allocates & Initializes DH Context by OpenSSL DH_new() +- // +- return (VOID *) DH_new (); +-} +- +-/** +- Release the specified DH context. +- +- If DhContext is NULL, then return FALSE. +- +- @param[in] DhContext Pointer to the DH context to be released. +- +-**/ +-VOID +-EFIAPI +-DhFree ( +- IN VOID *DhContext +- ) +-{ +- // +- // Free OpenSSL DH Context +- // +- DH_free ((DH *) DhContext); +-} +- +-/** +- Generates DH parameter. +- +- Given generator g, and length of prime number p in bits, this function generates p, +- and sets DH context according to value of g and p. +- +- Before this function can be invoked, pseudorandom number generator must be correctly +- initialized by RandomSeed(). +- +- If DhContext is NULL, then return FALSE. +- If Prime is NULL, then return FALSE. +- +- @param[in, out] DhContext Pointer to the DH context. +- @param[in] Generator Value of generator. +- @param[in] PrimeLength Length in bits of prime to be generated. +- @param[out] Prime Pointer to the buffer to receive the generated prime number. +- +- @retval TRUE DH pamameter generation succeeded. +- @retval FALSE Value of Generator is not supported. +- @retval FALSE PRNG fails to generate random prime number with PrimeLength. +- +-**/ +-BOOLEAN +-EFIAPI +-DhGenerateParameter ( +- IN OUT VOID *DhContext, +- IN UINTN Generator, +- IN UINTN PrimeLength, +- OUT UINT8 *Prime +- ) +-{ +- BOOLEAN RetVal; +- +- // +- // Check input parameters. +- // +- if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) { +- return FALSE; +- } +- +- if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) { +- return FALSE; +- } +- +- RetVal = (BOOLEAN) DH_generate_parameters_ex (DhContext, (UINT32) PrimeLength, (UINT32) Generator, NULL); +- if (!RetVal) { +- return FALSE; +- } +- +- BN_bn2bin (((DH *) DhContext)->p, Prime); +- +- return TRUE; +-} +- +-/** +- Sets generator and prime parameters for DH. +- +- Given generator g, and prime number p, this function and sets DH +- context accordingly. +- +- If DhContext is NULL, then return FALSE. +- If Prime is NULL, then return FALSE. +- +- @param[in, out] DhContext Pointer to the DH context. +- @param[in] Generator Value of generator. +- @param[in] PrimeLength Length in bits of prime to be generated. +- @param[in] Prime Pointer to the prime number. +- +- @retval TRUE DH pamameter setting succeeded. +- @retval FALSE Value of Generator is not supported. +- @retval FALSE Value of Generator is not suitable for the Prime. +- @retval FALSE Value of Prime is not a prime number. +- @retval FALSE Value of Prime is not a safe prime number. +- +-**/ +-BOOLEAN +-EFIAPI +-DhSetParameter ( +- IN OUT VOID *DhContext, +- IN UINTN Generator, +- IN UINTN PrimeLength, +- IN CONST UINT8 *Prime +- ) +-{ +- DH *Dh; +- BIGNUM *Bn; +- +- // +- // Check input parameters. +- // +- if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) { +- return FALSE; +- } +- +- if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) { +- return FALSE; +- } +- +- Bn = NULL; +- +- Dh = (DH *) DhContext; +- Dh->g = NULL; +- Dh->p = BN_new (); +- if (Dh->p == NULL) { +- goto Error; +- } +- +- Dh->g = BN_new (); +- if (Dh->g == NULL) { +- goto Error; +- } +- +- Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p); +- if (Bn == NULL) { +- goto Error; +- } +- +- if (BN_set_word (Dh->g, (UINT32) Generator) == 0) { +- goto Error; +- } +- +- return TRUE; +- +-Error: +- +- if (Dh->p != NULL) { +- BN_free (Dh->p); +- } +- +- if (Dh->g != NULL) { +- BN_free (Dh->g); +- } +- +- if (Bn != NULL) { +- BN_free (Bn); +- } +- +- return FALSE; +-} +- +-/** +- Generates DH public key. +- +- This function generates random secret exponent, and computes the public key, which is +- returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly. +- If the PublicKey buffer is too small to hold the public key, FALSE is returned and +- PublicKeySize is set to the required buffer size to obtain the public key. +- +- If DhContext is NULL, then return FALSE. +- If PublicKeySize is NULL, then return FALSE. +- If PublicKeySize is large enough but PublicKey is NULL, then return FALSE. +- +- @param[in, out] DhContext Pointer to the DH context. +- @param[out] PublicKey Pointer to the buffer to receive generated public key. +- @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes. +- On output, the size of data returned in PublicKey buffer in bytes. +- +- @retval TRUE DH public key generation succeeded. +- @retval FALSE DH public key generation failed. +- @retval FALSE PublicKeySize is not large enough. +- +-**/ +-BOOLEAN +-EFIAPI +-DhGenerateKey ( +- IN OUT VOID *DhContext, +- OUT UINT8 *PublicKey, +- IN OUT UINTN *PublicKeySize +- ) +-{ +- BOOLEAN RetVal; +- DH *Dh; +- INTN Size; +- +- // +- // Check input parameters. +- // +- if (DhContext == NULL || PublicKeySize == NULL) { +- return FALSE; +- } +- +- if (PublicKey == NULL && *PublicKeySize != 0) { +- return FALSE; +- } +- +- Dh = (DH *) DhContext; +- +- RetVal = (BOOLEAN) DH_generate_key (DhContext); +- if (RetVal) { +- Size = BN_num_bytes (Dh->pub_key); +- if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) { +- *PublicKeySize = Size; +- return FALSE; +- } +- +- BN_bn2bin (Dh->pub_key, PublicKey); +- *PublicKeySize = Size; +- } +- +- return RetVal; +-} +- +-/** +- Computes exchanged common key. +- +- Given peer's public key, this function computes the exchanged common key, based on its own +- context including value of prime modulus and random secret exponent. +- +- If DhContext is NULL, then return FALSE. +- If PeerPublicKey is NULL, then return FALSE. +- If KeySize is NULL, then return FALSE. +- If Key is NULL, then return FALSE. +- If KeySize is not large enough, then return FALSE. +- +- @param[in, out] DhContext Pointer to the DH context. +- @param[in] PeerPublicKey Pointer to the peer's public key. +- @param[in] PeerPublicKeySize Size of peer's public key in bytes. +- @param[out] Key Pointer to the buffer to receive generated key. +- @param[in, out] KeySize On input, the size of Key buffer in bytes. +- On output, the size of data returned in Key buffer in bytes. +- +- @retval TRUE DH exchanged key generation succeeded. +- @retval FALSE DH exchanged key generation failed. +- @retval FALSE KeySize is not large enough. +- +-**/ +-BOOLEAN +-EFIAPI +-DhComputeKey ( +- IN OUT VOID *DhContext, +- IN CONST UINT8 *PeerPublicKey, +- IN UINTN PeerPublicKeySize, +- OUT UINT8 *Key, +- IN OUT UINTN *KeySize +- ) +-{ +- BIGNUM *Bn; +- INTN Size; +- +- // +- // Check input parameters. +- // +- if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) { +- return FALSE; +- } +- +- if (PeerPublicKeySize > INT_MAX) { +- return FALSE; +- } +- +- Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL); +- if (Bn == NULL) { +- return FALSE; +- } +- +- Size = DH_compute_key (Key, Bn, DhContext); +- if (Size < 0) { +- BN_free (Bn); +- return FALSE; +- } +- +- if (*KeySize < (UINTN) Size) { +- *KeySize = Size; +- BN_free (Bn); +- return FALSE; +- } +- +- *KeySize = Size; +- BN_free (Bn); +- return TRUE; +-} +diff --git a/Cryptlib/Pk/CryptDhNull.c b/Cryptlib/Pk/CryptDhNull.c +new file mode 100644 +index 0000000..35045db +--- /dev/null ++++ b/Cryptlib/Pk/CryptDhNull.c +@@ -0,0 +1,156 @@ ++/** @file ++ Diffie-Hellman Wrapper Implementation which does not provide ++ real capabilities. ++ ++Copyright (c) 2012, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include "InternalCryptLib.h" ++ ++/** ++ Allocates and Initializes one Diffie-Hellman Context for subsequent use. ++ ++ @return Pointer to the Diffie-Hellman Context that has been initialized. ++ If the interface is not supported, DhNew() returns NULL. ++ ++**/ ++VOID * ++EFIAPI ++DhNew ( ++ VOID ++ ) ++{ ++ ASSERT (FALSE); ++ return NULL; ++} ++ ++/** ++ Release the specified DH context. ++ ++ If the interface is not supported, then ASSERT(). ++ ++ @param[in] DhContext Pointer to the DH context to be released. ++ ++**/ ++VOID ++EFIAPI ++DhFree ( ++ IN VOID *DhContext ++ ) ++{ ++ ASSERT (FALSE); ++} ++ ++/** ++ Generates DH parameter. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in, out] DhContext Pointer to the DH context. ++ @param[in] Generator Value of generator. ++ @param[in] PrimeLength Length in bits of prime to be generated. ++ @param[out] Prime Pointer to the buffer to receive the generated prime number. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++DhGenerateParameter ( ++ IN OUT VOID *DhContext, ++ IN UINTN Generator, ++ IN UINTN PrimeLength, ++ OUT UINT8 *Prime ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++/** ++ Sets generator and prime parameters for DH. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in, out] DhContext Pointer to the DH context. ++ @param[in] Generator Value of generator. ++ @param[in] PrimeLength Length in bits of prime to be generated. ++ @param[in] Prime Pointer to the prime number. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++DhSetParameter ( ++ IN OUT VOID *DhContext, ++ IN UINTN Generator, ++ IN UINTN PrimeLength, ++ IN CONST UINT8 *Prime ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++/** ++ Generates DH public key. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in, out] DhContext Pointer to the DH context. ++ @param[out] PublicKey Pointer to the buffer to receive generated public key. ++ @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes. ++ On output, the size of data returned in PublicKey buffer in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++DhGenerateKey ( ++ IN OUT VOID *DhContext, ++ OUT UINT8 *PublicKey, ++ IN OUT UINTN *PublicKeySize ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} ++ ++/** ++ Computes exchanged common key. ++ ++ Return FALSE to indicate this interface is not supported. ++ ++ @param[in, out] DhContext Pointer to the DH context. ++ @param[in] PeerPublicKey Pointer to the peer's public key. ++ @param[in] PeerPublicKeySize Size of peer's public key in bytes. ++ @param[out] Key Pointer to the buffer to receive generated key. ++ @param[in, out] KeySize On input, the size of Key buffer in bytes. ++ On output, the size of data returned in Key buffer in bytes. ++ ++ @retval FALSE This interface is not supported. ++ ++**/ ++BOOLEAN ++EFIAPI ++DhComputeKey ( ++ IN OUT VOID *DhContext, ++ IN CONST UINT8 *PeerPublicKey, ++ IN UINTN PeerPublicKeySize, ++ OUT UINT8 *Key, ++ IN OUT UINTN *KeySize ++ ) ++{ ++ ASSERT (FALSE); ++ return FALSE; ++} +diff --git a/Cryptlib/Pk/CryptPkcs7Sign.c b/Cryptlib/Pk/CryptPkcs7Sign.c +deleted file mode 100644 +index 63fe78f..0000000 +--- a/Cryptlib/Pk/CryptPkcs7Sign.c ++++ /dev/null +@@ -1,207 +0,0 @@ +-/** @file +- PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL. +- +-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
+-This program and the accompanying materials +-are licensed and made available under the terms and conditions of the BSD License +-which accompanies this distribution. The full text of the license may be found at +-http://opensource.org/licenses/bsd-license.php +- +-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +- +-**/ +- +-#include "InternalCryptLib.h" +- +-#include +-#include +-#include +- +- +-/** +- Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message +- Syntax Standard, version 1.5". This interface is only intended to be used for +- application to perform PKCS#7 functionality validation. +- +- @param[in] PrivateKey Pointer to the PEM-formatted private key data for +- data signing. +- @param[in] PrivateKeySize Size of the PEM private key data in bytes. +- @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM +- key data. +- @param[in] InData Pointer to the content to be signed. +- @param[in] InDataSize Size of InData in bytes. +- @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. +- @param[in] OtherCerts Pointer to an optional additional set of certificates to +- include in the PKCS#7 signedData (e.g. any intermediate +- CAs in the chain). +- @param[out] SignedData Pointer to output PKCS#7 signedData. +- @param[out] SignedDataSize Size of SignedData in bytes. +- +- @retval TRUE PKCS#7 data signing succeeded. +- @retval FALSE PKCS#7 data signing failed. +- +-**/ +-BOOLEAN +-EFIAPI +-Pkcs7Sign ( +- IN CONST UINT8 *PrivateKey, +- IN UINTN PrivateKeySize, +- IN CONST UINT8 *KeyPassword, +- IN UINT8 *InData, +- IN UINTN InDataSize, +- IN UINT8 *SignCert, +- IN UINT8 *OtherCerts OPTIONAL, +- OUT UINT8 **SignedData, +- OUT UINTN *SignedDataSize +- ) +-{ +- BOOLEAN Status; +- EVP_PKEY *Key; +- BIO *DataBio; +- PKCS7 *Pkcs7; +- UINT8 *RsaContext; +- UINT8 *P7Data; +- UINTN P7DataSize; +- UINT8 *Tmp; +- +- // +- // Check input parameters. +- // +- if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL || +- SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) { +- return FALSE; +- } +- +- RsaContext = NULL; +- Key = NULL; +- Pkcs7 = NULL; +- DataBio = NULL; +- Status = FALSE; +- +- // +- // Retrieve RSA private key from PEM data. +- // +- Status = RsaGetPrivateKeyFromPem ( +- PrivateKey, +- PrivateKeySize, +- (CONST CHAR8 *) KeyPassword, +- (VOID **) &RsaContext +- ); +- if (!Status) { +- return Status; +- } +- +- Status = FALSE; +- +- // +- // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling +- // +- if (EVP_add_digest (EVP_md5 ()) == 0) { +- goto _Exit; +- } +- if (EVP_add_digest (EVP_sha1 ()) == 0) { +- goto _Exit; +- } +- if (EVP_add_digest (EVP_sha256 ()) == 0) { +- goto _Exit; +- } +- +- RandomSeed (NULL, 0); +- +- // +- // Construct OpenSSL EVP_PKEY for private key. +- // +- Key = EVP_PKEY_new (); +- if (Key == NULL) { +- goto _Exit; +- } +- Key->save_type = EVP_PKEY_RSA; +- Key->type = EVP_PKEY_type (EVP_PKEY_RSA); +- Key->pkey.rsa = (RSA *) RsaContext; +- +- // +- // Convert the data to be signed to BIO format. +- // +- DataBio = BIO_new (BIO_s_mem ()); +- if (DataBio == NULL) { +- goto _Exit; +- } +- +- if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) { +- goto _Exit; +- } +- +- // +- // Create the PKCS#7 signedData structure. +- // +- Pkcs7 = PKCS7_sign ( +- (X509 *) SignCert, +- Key, +- (STACK_OF(X509) *) OtherCerts, +- DataBio, +- PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED +- ); +- if (Pkcs7 == NULL) { +- goto _Exit; +- } +- +- // +- // Convert PKCS#7 signedData structure into DER-encoded buffer. +- // +- P7DataSize = i2d_PKCS7 (Pkcs7, NULL); +- if (P7DataSize <= 19) { +- goto _Exit; +- } +- +- P7Data = malloc (P7DataSize); +- if (P7Data == NULL) { +- goto _Exit; +- } +- +- Tmp = P7Data; +- P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp); +- ASSERT (P7DataSize > 19); +- +- // +- // Strip ContentInfo to content only for signeddata. The data be trimmed off +- // is totally 19 bytes. +- // +- *SignedDataSize = P7DataSize - 19; +- *SignedData = malloc (*SignedDataSize); +- if (*SignedData == NULL) { +- OPENSSL_free (P7Data); +- goto _Exit; +- } +- +- CopyMem (*SignedData, P7Data + 19, *SignedDataSize); +- +- OPENSSL_free (P7Data); +- +- Status = TRUE; +- +-_Exit: +- // +- // Release Resources +- // +- if (RsaContext != NULL) { +- RsaFree (RsaContext); +- if (Key != NULL) { +- Key->pkey.rsa = NULL; +- } +- } +- +- if (Key != NULL) { +- EVP_PKEY_free (Key); +- } +- +- if (DataBio != NULL) { +- BIO_free (DataBio); +- } +- +- if (Pkcs7 != NULL) { +- PKCS7_free (Pkcs7); +- } +- +- return Status; +-} +diff --git a/Cryptlib/Pk/CryptPkcs7VerifyNull.c b/Cryptlib/Pk/CryptPkcs7VerifyNull.c +deleted file mode 100644 +index 9a4c77a..0000000 +--- a/Cryptlib/Pk/CryptPkcs7VerifyNull.c ++++ /dev/null +@@ -1,100 +0,0 @@ +-/** @file +- PKCS#7 SignedData Verification Wrapper Implementation which does not provide +- real capabilities. +- +-Copyright (c) 2012, Intel Corporation. All rights reserved.
+-This program and the accompanying materials +-are licensed and made available under the terms and conditions of the BSD License +-which accompanies this distribution. The full text of the license may be found at +-http://opensource.org/licenses/bsd-license.php +- +-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +- +-**/ +- +-#include "InternalCryptLib.h" +- +-/** +- Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: +- Cryptographic Message Syntax Standard". The input signed data could be wrapped +- in a ContentInfo structure. +- +- Return FALSE to indicate this interface is not supported. +- +- @param[in] P7Data Pointer to the PKCS#7 message to verify. +- @param[in] P7Length Length of the PKCS#7 message in bytes. +- @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. +- It's caller's responsiblity to free the buffer. +- @param[out] StackLength Length of signer's certificates in bytes. +- @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. +- It's caller's responsiblity to free the buffer. +- @param[out] CertLength Length of the trusted certificate in bytes. +- +- @retval FALSE This interface is not supported. +- +-**/ +-BOOLEAN +-EFIAPI +-Pkcs7GetSigners ( +- IN CONST UINT8 *P7Data, +- IN UINTN P7Length, +- OUT UINT8 **CertStack, +- OUT UINTN *StackLength, +- OUT UINT8 **TrustedCert, +- OUT UINTN *CertLength +- ) +-{ +- ASSERT (FALSE); +- return FALSE; +-} +- +-/** +- Wrap function to use free() to free allocated memory for certificates. +- +- If the interface is not supported, then ASSERT(). +- +- @param[in] Certs Pointer to the certificates to be freed. +- +-**/ +-VOID +-EFIAPI +-Pkcs7FreeSigners ( +- IN UINT8 *Certs +- ) +-{ +- ASSERT (FALSE); +-} +- +-/** +- Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: +- Cryptographic Message Syntax Standard". The input signed data could be wrapped +- in a ContentInfo structure. +- +- Return FALSE to indicate this interface is not supported. +- +- @param[in] P7Data Pointer to the PKCS#7 message to verify. +- @param[in] P7Length Length of the PKCS#7 message in bytes. +- @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which +- is used for certificate chain verification. +- @param[in] CertLength Length of the trusted certificate in bytes. +- @param[in] InData Pointer to the content to be verified. +- @param[in] DataLength Length of InData in bytes. +- +- @retval FALSE This interface is not supported. +- +-**/ +-BOOLEAN +-EFIAPI +-Pkcs7Verify ( +- IN CONST UINT8 *P7Data, +- IN UINTN P7Length, +- IN CONST UINT8 *TrustedCert, +- IN UINTN CertLength, +- IN CONST UINT8 *InData, +- IN UINTN DataLength +- ) +-{ +- ASSERT (FALSE); +- return FALSE; +-} +diff --git a/Cryptlib/Pk/CryptRsaExt.c b/Cryptlib/Pk/CryptRsaExt.c +deleted file mode 100644 +index 5c21d12..0000000 +--- a/Cryptlib/Pk/CryptRsaExt.c ++++ /dev/null +@@ -1,377 +0,0 @@ +-/** @file +- RSA Asymmetric Cipher Wrapper Implementation over OpenSSL. +- +- This file implements following APIs which provide more capabilities for RSA: +- 1) RsaGetKey +- 2) RsaGenerateKey +- 3) RsaCheckKey +- 4) RsaPkcs1Sign +- +-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
+-This program and the accompanying materials +-are licensed and made available under the terms and conditions of the BSD License +-which accompanies this distribution. The full text of the license may be found at +-http://opensource.org/licenses/bsd-license.php +- +-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +- +-**/ +- +-#include "InternalCryptLib.h" +- +-#include +-#include +-#include +- +-/** +- Gets the tag-designated RSA key component from the established RSA context. +- +- This function retrieves the tag-designated RSA key component from the +- established RSA context as a non-negative integer (octet string format +- represented in RSA PKCS#1). +- If specified key component has not been set or has been cleared, then returned +- BnSize is set to 0. +- If the BigNumber buffer is too small to hold the contents of the key, FALSE +- is returned and BnSize is set to the required buffer size to obtain the key. +- +- If RsaContext is NULL, then return FALSE. +- If BnSize is NULL, then return FALSE. +- If BnSize is large enough but BigNumber is NULL, then return FALSE. +- +- @param[in, out] RsaContext Pointer to RSA context being set. +- @param[in] KeyTag Tag of RSA key component being set. +- @param[out] BigNumber Pointer to octet integer buffer. +- @param[in, out] BnSize On input, the size of big number buffer in bytes. +- On output, the size of data returned in big number buffer in bytes. +- +- @retval TRUE RSA key component was retrieved successfully. +- @retval FALSE Invalid RSA key component tag. +- @retval FALSE BnSize is too small. +- +-**/ +-BOOLEAN +-EFIAPI +-RsaGetKey ( +- IN OUT VOID *RsaContext, +- IN RSA_KEY_TAG KeyTag, +- OUT UINT8 *BigNumber, +- IN OUT UINTN *BnSize +- ) +-{ +- RSA *RsaKey; +- BIGNUM *BnKey; +- UINTN Size; +- +- // +- // Check input parameters. +- // +- if (RsaContext == NULL || BnSize == NULL) { +- return FALSE; +- } +- +- RsaKey = (RSA *) RsaContext; +- Size = *BnSize; +- *BnSize = 0; +- +- switch (KeyTag) { +- +- // +- // RSA Public Modulus (N) +- // +- case RsaKeyN: +- if (RsaKey->n == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->n; +- break; +- +- // +- // RSA Public Exponent (e) +- // +- case RsaKeyE: +- if (RsaKey->e == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->e; +- break; +- +- // +- // RSA Private Exponent (d) +- // +- case RsaKeyD: +- if (RsaKey->d == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->d; +- break; +- +- // +- // RSA Secret Prime Factor of Modulus (p) +- // +- case RsaKeyP: +- if (RsaKey->p == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->p; +- break; +- +- // +- // RSA Secret Prime Factor of Modules (q) +- // +- case RsaKeyQ: +- if (RsaKey->q == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->q; +- break; +- +- // +- // p's CRT Exponent (== d mod (p - 1)) +- // +- case RsaKeyDp: +- if (RsaKey->dmp1 == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->dmp1; +- break; +- +- // +- // q's CRT Exponent (== d mod (q - 1)) +- // +- case RsaKeyDq: +- if (RsaKey->dmq1 == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->dmq1; +- break; +- +- // +- // The CRT Coefficient (== 1/q mod p) +- // +- case RsaKeyQInv: +- if (RsaKey->iqmp == NULL) { +- return TRUE; +- } +- BnKey = RsaKey->iqmp; +- break; +- +- default: +- return FALSE; +- } +- +- *BnSize = Size; +- Size = BN_num_bytes (BnKey); +- +- if (*BnSize < Size) { +- *BnSize = Size; +- return FALSE; +- } +- +- if (BigNumber == NULL) { +- return FALSE; +- } +- *BnSize = BN_bn2bin (BnKey, BigNumber) ; +- +- return TRUE; +-} +- +-/** +- Generates RSA key components. +- +- This function generates RSA key components. It takes RSA public exponent E and +- length in bits of RSA modulus N as input, and generates all key components. +- If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used. +- +- Before this function can be invoked, pseudorandom number generator must be correctly +- initialized by RandomSeed(). +- +- If RsaContext is NULL, then return FALSE. +- +- @param[in, out] RsaContext Pointer to RSA context being set. +- @param[in] ModulusLength Length of RSA modulus N in bits. +- @param[in] PublicExponent Pointer to RSA public exponent. +- @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. +- +- @retval TRUE RSA key component was generated successfully. +- @retval FALSE Invalid RSA key component tag. +- +-**/ +-BOOLEAN +-EFIAPI +-RsaGenerateKey ( +- IN OUT VOID *RsaContext, +- IN UINTN ModulusLength, +- IN CONST UINT8 *PublicExponent, +- IN UINTN PublicExponentSize +- ) +-{ +- BIGNUM *KeyE; +- BOOLEAN RetVal; +- +- // +- // Check input parameters. +- // +- if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) { +- return FALSE; +- } +- +- KeyE = BN_new (); +- if (KeyE == NULL) { +- return FALSE; +- } +- +- RetVal = FALSE; +- +- if (PublicExponent == NULL) { +- if (BN_set_word (KeyE, 0x10001) == 0) { +- goto _Exit; +- } +- } else { +- if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) { +- goto _Exit; +- } +- } +- +- if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) { +- RetVal = TRUE; +- } +- +-_Exit: +- BN_free (KeyE); +- return RetVal; +-} +- +-/** +- Validates key components of RSA context. +- +- This function validates key compoents of RSA context in following aspects: +- - Whether p is a prime +- - Whether q is a prime +- - Whether n = p * q +- - Whether d*e = 1 mod lcm(p-1,q-1) +- +- If RsaContext is NULL, then return FALSE. +- +- @param[in] RsaContext Pointer to RSA context to check. +- +- @retval TRUE RSA key components are valid. +- @retval FALSE RSA key components are not valid. +- +-**/ +-BOOLEAN +-EFIAPI +-RsaCheckKey ( +- IN VOID *RsaContext +- ) +-{ +- UINTN Reason; +- +- // +- // Check input parameters. +- // +- if (RsaContext == NULL) { +- return FALSE; +- } +- +- if (RSA_check_key ((RSA *) RsaContext) != 1) { +- Reason = ERR_GET_REASON (ERR_peek_last_error ()); +- if (Reason == RSA_R_P_NOT_PRIME || +- Reason == RSA_R_Q_NOT_PRIME || +- Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q || +- Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) { +- return FALSE; +- } +- } +- +- return TRUE; +-} +- +-/** +- Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme. +- +- This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in +- RSA PKCS#1. +- If the Signature buffer is too small to hold the contents of signature, FALSE +- is returned and SigSize is set to the required buffer size to obtain the signature. +- +- If RsaContext is NULL, then return FALSE. +- If MessageHash is NULL, then return FALSE. +- If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. +- If SigSize is large enough but Signature is NULL, then return FALSE. +- +- @param[in] RsaContext Pointer to RSA context for signature generation. +- @param[in] MessageHash Pointer to octet message hash to be signed. +- @param[in] HashSize Size of the message hash in bytes. +- @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature. +- @param[in, out] SigSize On input, the size of Signature buffer in bytes. +- On output, the size of data returned in Signature buffer in bytes. +- +- @retval TRUE Signature successfully generated in PKCS1-v1_5. +- @retval FALSE Signature generation failed. +- @retval FALSE SigSize is too small. +- +-**/ +-BOOLEAN +-EFIAPI +-RsaPkcs1Sign ( +- IN VOID *RsaContext, +- IN CONST UINT8 *MessageHash, +- IN UINTN HashSize, +- OUT UINT8 *Signature, +- IN OUT UINTN *SigSize +- ) +-{ +- RSA *Rsa; +- UINTN Size; +- INT32 DigestType; +- +- // +- // Check input parameters. +- // +- if (RsaContext == NULL || MessageHash == NULL) { +- return FALSE; +- } +- +- Rsa = (RSA *) RsaContext; +- Size = BN_num_bytes (Rsa->n); +- +- if (*SigSize < Size) { +- *SigSize = Size; +- return FALSE; +- } +- +- if (Signature == NULL) { +- return FALSE; +- } +- +- // +- // Determine the message digest algorithm according to digest size. +- // Only MD5, SHA-1 or SHA-256 algorithm is supported. +- // +- switch (HashSize) { +- case MD5_DIGEST_SIZE: +- DigestType = NID_md5; +- break; +- +- case SHA1_DIGEST_SIZE: +- DigestType = NID_sha1; +- break; +- +- case SHA256_DIGEST_SIZE: +- DigestType = NID_sha256; +- break; +- +- default: +- return FALSE; +- } +- +- return (BOOLEAN) RSA_sign ( +- DigestType, +- MessageHash, +- (UINT32) HashSize, +- Signature, +- (UINT32 *) SigSize, +- (RSA *) RsaContext +- ); +-} +diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh +index 57b6631..0e34db9 100755 +--- a/Cryptlib/update.sh ++++ b/Cryptlib/update.sh +@@ -14,13 +14,10 @@ cp $DIR/Cipher/CryptTdes.c Cipher/CryptTdes.c + cp $DIR/Cipher/CryptArc4.c Cipher/CryptArc4.c + cp $DIR/Rand/CryptRand.c Rand/CryptRand.c + cp $DIR/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c +-cp $DIR/Pk/CryptRsaExt.c Pk/CryptRsaExt.c + cp $DIR/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c +-cp $DIR/Pk/CryptPkcs7Sign.c Pk/CryptPkcs7Sign.c + cp $DIR/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c + cp $DIR/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c +-cp $DIR/Pk/CryptPkcs7VerifyNull.c Pk/CryptPkcs7VerifyNull.c +-cp $DIR/Pk/CryptDh.c Pk/CryptDh.c ++cp $DIR/Pk/CryptDhNull.c Pk/CryptDhNull.c + cp $DIR/Pk/CryptX509.c Pk/CryptX509.c + cp $DIR/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c + cp $DIR/Pem/CryptPem.c Pem/CryptPem.c +-- +1.9.3 + diff --git a/SOURCES/0069-Another-testplan-error.patch b/SOURCES/0069-Another-testplan-error.patch new file mode 100644 index 0000000..e3475b6 --- /dev/null +++ b/SOURCES/0069-Another-testplan-error.patch @@ -0,0 +1,71 @@ +From a2e66ece4d6b46ba2195cef76913c42177e6b4a2 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 2 Oct 2014 01:01:17 -0400 +Subject: [PATCH 69/74] Another testplan error. + +Signed-off-by: Peter Jones +--- + testplan.txt | 24 +++++++++++------------- + 1 file changed, 11 insertions(+), 13 deletions(-) + +diff --git a/testplan.txt b/testplan.txt +index ab88781..0b0569e 100644 +--- a/testplan.txt ++++ b/testplan.txt +@@ -47,27 +47,25 @@ How to test a new shim build for RHEL/fedora: + fs0:\EFI\test\lockdown.efi + 17) enable secure boot verification + 18) verify it can't run other binaries: +- fs0:\EFI\redhat\grubx64.efi ++ fs0:\EFI\test\grubx64.efi + result should be an error, probably similar to: + "fs0:\...\grubx64.efi is not recognized as an internal or external command" +-19) copy test.efi to grubx64.efi: +- cp \EFI\test\test.efi \EFI\test\grubx64.efi +-20) in the EFI shell, run fs0:\EFI\test\shim.efi +-21) you should see MokManager. Enroll the certificate you added in #13, and ++19) in the EFI shell, run fs0:\EFI\test\shim.efi ++20) you should see MokManager. Enroll the certificate you added in #13, and + the system will reboot. +-22) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi ++21) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi + result: "This is a test application that should be completely safe." + If you get the expected result, shim can run things signed by its internal + key ring. Check a box someplace that says it can do that. +-23) from the EFI shell, copy grub to grubx64.efi: ++22) from the EFI shell, copy grub to grubx64.efi: + cp \EFI\test\grub.efi \EFI\test\grubx64.efi +-24) in the EFI shell, run fs0:\EFI\test\shim.efi ++23) in the EFI shell, run fs0:\EFI\test\shim.efi + result: this should start grub, which will let you boot a kernel + If grub starts, it means shim can run things signed by a key in the system's + db. Check a box someplace that says it can do that. + If the kernel boots, it means shim can run things from Mok. Check a box + someplace that says it can do that. +-25) remove all boot entries and the BootOrder variable: ++24) remove all boot entries and the BootOrder variable: + [root@uefi ~]# cd /sys/firmware/efi/efivars/ + [root@uefi efivars]# rm -vf Boot[0123456789]* BootOrder-* + removed ‘Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c’ +@@ -76,14 +74,14 @@ How to test a new shim build for RHEL/fedora: + removed ‘Boot2001-8be4df61-93ca-11d2-aa0d-00e098032b8c’ + removed ‘BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c’ + [root@uefi efivars]# +-27) reboot +-28) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just ++25) reboot ++26) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just + have an old machine. In that case, go to the EFI shell and run: + fs0:\EFI\BOOT\BOOTX64.EFI + If this works, you should see a bit of output very quickly and then the same + thing as #24. This means shim recognized it was in \EFI\BOOT and ran + fallback.efi, which worked. +-29) copy the unsigned grub into place and reboot: ++27) copy the unsigned grub into place and reboot: + cp /boot/efi/EFI/test/grubx64-unsigned.efi /boot/efi/EFI/test/grubx64.efi +-30) reboot again. ++28) reboot again. + result: shim should refuse to load grub. +-- +1.9.3 + diff --git a/SOURCES/0070-shim-buffer-overflow-on-ipv6-option-parsing.patch b/SOURCES/0070-shim-buffer-overflow-on-ipv6-option-parsing.patch new file mode 100644 index 0000000..a61889e --- /dev/null +++ b/SOURCES/0070-shim-buffer-overflow-on-ipv6-option-parsing.patch @@ -0,0 +1,173 @@ +From e253c2a2c07bc526de1528ed9839b2b584025fa2 Mon Sep 17 00:00:00 2001 +From: Sebastian Krahmer +Date: Tue, 29 Jul 2014 09:55:00 +0000 +Subject: [PATCH 70/74] shim buffer overflow on ipv6 option parsing + +--- + netboot.c | 102 ++++++++++++++++++++++++++++++++++++++------------------------ + 1 file changed, 62 insertions(+), 40 deletions(-) + +diff --git a/netboot.c b/netboot.c +index 238937d..f884cba 100644 +--- a/netboot.c ++++ b/netboot.c +@@ -108,29 +108,34 @@ BOOLEAN findNetboot(EFI_HANDLE device) + + static CHAR8 *get_v6_bootfile_url(EFI_PXE_BASE_CODE_DHCPV6_PACKET *pkt) + { +- void *optr; +- EFI_DHCP6_PACKET_OPTION *option; +- CHAR8 *url; +- UINT32 urllen; ++ void *optr = NULL, *end = NULL; ++ EFI_DHCP6_PACKET_OPTION *option = NULL; ++ CHAR8 *url = NULL; ++ UINT32 urllen = 0; + + optr = pkt->DhcpOptions; ++ end = optr + sizeof(pkt->DhcpOptions); + +- for(;;) { ++ for (;;) { + option = (EFI_DHCP6_PACKET_OPTION *)optr; + + if (ntohs(option->OpCode) == 0) +- return NULL; ++ break; + + if (ntohs(option->OpCode) == 59) { + /* This is the bootfile url option */ + urllen = ntohs(option->Length); +- url = AllocateZeroPool(urllen+1); ++ if ((void *)(option->Data + urllen) > end) ++ break; ++ url = AllocateZeroPool(urllen + 1); + if (!url) +- return NULL; ++ break; + memcpy(url, option->Data, urllen); + return url; + } + optr += 4 + ntohs(option->Length); ++ if (optr + sizeof(EFI_DHCP6_PACKET_OPTION) > end) ++ break; + } + + return NULL; +@@ -156,45 +161,60 @@ static CHAR16 str2ns(CHAR8 *str) + + static CHAR8 *str2ip6(CHAR8 *str) + { +- UINT8 i, j, p; +- size_t len; +- CHAR8 *a, *b, t; +- static UINT16 ip[8]; ++ UINT8 i = 0, j = 0, p = 0; ++ size_t len = 0, dotcount = 0; ++ enum { MAX_IP6_DOTS = 7 }; ++ CHAR8 *a = NULL, *b = NULL, t = 0; ++ static UINT16 ip[8]; + +- for(i=0; i < 8; i++) { +- ip[i] = 0; +- } +- len = strlen(str); +- a = b = str; +- for(i=p=0; i < len; i++, b++) { +- if (*b != ':') +- continue; +- *b = '\0'; +- ip[p++] = str2ns(a); +- *b = ':'; +- a = b + 1; +- if ( *(b+1) == ':' ) +- break; +- } +- a = b = (str + len); +- for(j=len, p=7; j > i; j--, a--) { +- if (*a != ':') +- continue; +- t = *b; +- *b = '\0'; +- ip[p--] = str2ns(a+1); +- *b = t; +- b = a; +- } +- return (CHAR8 *)ip; ++ memset(ip, 0, sizeof(ip)); ++ ++ /* Count amount of ':' to prevent overflows. ++ * max. count = 7. Returns an invalid ip6 that ++ * can be checked against ++ */ ++ for (a = str; *a != 0; ++a) { ++ if (*a == ':') ++ ++dotcount; ++ } ++ if (dotcount > MAX_IP6_DOTS) ++ return (CHAR8 *)ip; ++ ++ len = strlen(str); ++ a = b = str; ++ for (i = p = 0; i < len; i++, b++) { ++ if (*b != ':') ++ continue; ++ *b = '\0'; ++ ip[p++] = str2ns(a); ++ *b = ':'; ++ a = b + 1; ++ if (b[1] == ':' ) ++ break; ++ } ++ a = b = (str + len); ++ for (j = len, p = 7; j > i; j--, a--) { ++ if (*a != ':') ++ continue; ++ t = *b; ++ *b = '\0'; ++ ip[p--] = str2ns(a+1); ++ *b = t; ++ b = a; ++ } ++ return (CHAR8 *)ip; + } + + static BOOLEAN extract_tftp_info(CHAR8 *url) + { + CHAR8 *start, *end; + CHAR8 ip6str[40]; ++ CHAR8 ip6inv[16]; + CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR); + ++ // to check against str2ip6() errors ++ memset(ip6inv, 0, sizeof(ip6inv)); ++ + if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) { + Print(L"URLS MUST START WITH tftp://\n"); + return FALSE; +@@ -209,7 +229,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url) + end = start; + while ((*end != '\0') && (*end != ']')) { + end++; +- if (end - start > 39) { ++ if (end - start >= (int)sizeof(ip6str)) { + Print(L"TFTP URL includes malformed IPv6 address\n"); + return FALSE; + } +@@ -218,10 +238,12 @@ static BOOLEAN extract_tftp_info(CHAR8 *url) + Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n"); + return FALSE; + } +- memset(ip6str, 0, 40); ++ memset(ip6str, 0, sizeof(ip6str)); + memcpy(ip6str, start, end - start); + end++; + memcpy(&tftp_addr.v6, str2ip6(ip6str), 16); ++ if (memcmp(&tftp_addr.v6, ip6inv, sizeof(ip6inv)) == 0) ++ return FALSE; + full_path = AllocateZeroPool(strlen(end)+strlen(template)+1); + if (!full_path) + return FALSE; +-- +1.9.3 + diff --git a/SOURCES/0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch b/SOURCES/0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch new file mode 100644 index 0000000..448d03a --- /dev/null +++ b/SOURCES/0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch @@ -0,0 +1,88 @@ +From 034466b7734a2749346151d903bbd7c8a1288db1 Mon Sep 17 00:00:00 2001 +From: Sebastian Krahmer +Date: Tue, 12 Aug 2014 09:23:28 +0000 +Subject: [PATCH 71/74] OOB access when parsing MOK List/Certificates on MOK + enrollment + +--- + MokManager.c | 30 ++++++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +diff --git a/MokManager.c b/MokManager.c +index ecbcdd3..4a9b102 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -100,8 +100,18 @@ static UINT32 count_keys(void *Data, UINTN DataSize) + EFI_GUID HashType = EFI_CERT_SHA256_GUID; + UINTN dbsize = DataSize; + UINT32 MokNum = 0; ++ void *end = Data + DataSize; + + while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { ++ ++ /* Use ptr arithmetics to ensure bounded access. Do not allow 0 ++ * SignatureListSize that will cause endless loop. ++ */ ++ if ((void *)(CertList + 1) > end || CertList->SignatureListSize == 0) { ++ console_notify(L"Invalid MOK detected! Ignoring MOK List."); ++ return 0; ++ } ++ + if ((CompareGuid (&CertList->SignatureType, &CertType) != 0) && + (CompareGuid (&CertList->SignatureType, &HashType) != 0)) { + console_notify(L"Doesn't look like a key or hash"); +@@ -137,6 +147,7 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { + EFI_GUID HashType = EFI_CERT_SHA256_GUID; + UINTN dbsize = DataSize; + UINTN count = 0; ++ void *end = Data + DataSize; + + list = AllocatePool(sizeof(MokListNode) * num); + +@@ -146,6 +157,11 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { + } + + while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { ++ /* CertList out of bounds? */ ++ if ((void *)(CertList + 1) > end || CertList->SignatureListSize == 0) { ++ FreePool(list); ++ return NULL; ++ } + if ((CompareGuid (&CertList->SignatureType, &CertType) != 0) && + (CompareGuid (&CertList->SignatureType, &HashType) != 0)) { + dbsize -= CertList->SignatureListSize; +@@ -165,10 +181,22 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { + Cert = (EFI_SIGNATURE_DATA *) (((UINT8 *) CertList) + + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + ++ /* Cert out of bounds? */ ++ if ((void *)(Cert + 1) > end || CertList->SignatureSize <= sizeof(EFI_GUID)) { ++ FreePool(list); ++ return NULL; ++ } ++ + list[count].MokSize = CertList->SignatureSize - sizeof(EFI_GUID); + list[count].Mok = (void *)Cert->SignatureData; + list[count].Type = CertList->SignatureType; + ++ /* MOK out of bounds? */ ++ if (list[count].MokSize > end - (void *)list[count].Mok) { ++ FreePool(list); ++ return NULL; ++ } ++ + count++; + dbsize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + +@@ -449,6 +477,8 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) + } + + MokNum = count_keys(KeyList, KeyListSize); ++ if (MokNum == 0) ++ return 0; + keys = build_mok_list(MokNum, KeyList, KeyListSize); + + if (!keys) { +-- +1.9.3 + diff --git a/SOURCES/0072-Make-another-integer-compare-be-signed-unsigned-safe.patch b/SOURCES/0072-Make-another-integer-compare-be-signed-unsigned-safe.patch new file mode 100644 index 0000000..cb6cb15 --- /dev/null +++ b/SOURCES/0072-Make-another-integer-compare-be-signed-unsigned-safe.patch @@ -0,0 +1,28 @@ +From c622b677d67ebd88b94f13555b30da80ca74a8c1 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 21 Sep 2014 13:45:38 -0400 +Subject: [PATCH 72/74] Make another integer compare be signed/unsigned safe as + well. + +Signed-off-by: Peter Jones +--- + MokManager.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/MokManager.c b/MokManager.c +index 4a9b102..ee29051 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -192,7 +192,8 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { + list[count].Type = CertList->SignatureType; + + /* MOK out of bounds? */ +- if (list[count].MokSize > end - (void *)list[count].Mok) { ++ if (list[count].MokSize > (unsigned long)end - ++ (unsigned long)list[count].Mok) { + FreePool(list); + return NULL; + } +-- +1.9.3 + diff --git a/SOURCES/0073-Use-Werror-sign-compare.patch b/SOURCES/0073-Use-Werror-sign-compare.patch new file mode 100644 index 0000000..be6ff0c --- /dev/null +++ b/SOURCES/0073-Use-Werror-sign-compare.patch @@ -0,0 +1,28 @@ +From 6a115d038af259dd5b42f1651193eb0b8a83a5c8 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 21 Sep 2014 13:50:13 -0400 +Subject: [PATCH 73/74] Use -Werror=sign-compare . + +I'm going to have to fix any errors that have this anyway, so may as +well do it here properly. + +Signed-off-by: Peter Jones +--- + Makefile | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Makefile b/Makefile +index 5bc513c..694480b 100644 +--- a/Makefile ++++ b/Makefile +@@ -21,6 +21,7 @@ EFI_LDS = elf_$(ARCH)_efi.lds + DEFAULT_LOADER := \\\\grub.efi + CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ + -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ ++ -Werror=sign-compare \ + "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ + "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ + $(EFI_INCLUDES) +-- +1.9.3 + diff --git a/SOURCES/0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch b/SOURCES/0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch new file mode 100644 index 0000000..dea5584 --- /dev/null +++ b/SOURCES/0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch @@ -0,0 +1,32 @@ +From c0949c0a7916e81767ab35f67005b80cfb565e2c Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 21 Sep 2014 15:19:34 -0400 +Subject: [PATCH 74/74] Correctly reject bad tftp addresses earlier, rather + than later. + +This check is for end == NULL but was meant to be *end == '\0'. Without +this change, we'll pass a plausibly bad address (i.e. one with no ']' at +the end) to Mtftp(... READ_FILE ...), which should fail correctly, but +our error messaging will be inconsistent. + +Signed-off-by: Peter Jones +--- + netboot.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/netboot.c b/netboot.c +index f884cba..ad5d37e 100644 +--- a/netboot.c ++++ b/netboot.c +@@ -234,7 +234,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url) + return FALSE; + } + } +- if (end == '\0') { ++ if (*end == '\0') { + Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n"); + return FALSE; + } +-- +1.9.3 + diff --git a/SOURCES/rhtest.cer b/SOURCES/rhtest.cer new file mode 100644 index 0000000..7c21c7a Binary files /dev/null and b/SOURCES/rhtest.cer differ diff --git a/SPECS/shim.spec b/SPECS/shim.spec index 4ba9aa6..1871913 100644 --- a/SPECS/shim.spec +++ b/SPECS/shim.spec @@ -1,20 +1,21 @@ Name: shim Version: 0.7 -Release: 5%{?dist} +Release: 8%{?dist} Summary: First-stage UEFI bootloader License: BSD URL: http://www.codon.org.uk/~mjg59/shim/ -Source0: https://github.com/mjg59/shim/archive/%{version}.tar.gz +Source0: https://github.com/mjg59/shim/releases/download/%{version}/shim-%{version}.tar.bz2 Source1: securebootca.cer # incorporate mokutil for packaging simplicity %global mokutilver 0.2.0 Source2: https://github.com/lcp/mokutil/archive/mokutil-%{mokutilver}.tar.gz - # currently here's what's in our dbx: # nothing. #Source3: dbx.esl +Source4: rhtest.cer + Patch0001: 0001-fix-verify_mok.patch Patch0002: 0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch Patch0003: 0003-netboot.h-fix-build-error-on-32-bit-systems.patch @@ -34,10 +35,61 @@ Patch0016: 0016-Rewrite-directory-traversal-allocation-path-so-cover.patch Patch0017: 0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch Patch0018: 0018-fallback-For-HD-device-paths-use-just-the-media-node.patch Patch0019: 0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch -Patch0020: 0001-Add-a-preliminary-test-plan.patch -Patch0021: 0002-Fix-a-part-of-the-test-plan-that-was-out-of-order.patch -Patch0022: 0003-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch -Patch0023: 0001-Actually-reflect-the-upstream-commit-this-patchset-g.patch +Patch0020: 0020-Add-a-preliminary-test-plan.patch +Patch0021: 0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch +Patch0022: 0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch +Patch0023: 0023-additional-bounds-checking-on-section-sizes.patch +Patch0024: 0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch +Patch0025: 0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch +Patch0026: 0026-fallback-Avoid-duplicate-old-BootOrder.patch +Patch0027: 0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch +Patch0028: 0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch +Patch0029: 0029-Fetch-the-netboot-image-from-the-same-device.patch +Patch0030: 0030-Check-the-first-4-bytes-of-the-certificate.patch +Patch0031: 0031-Remove-grubpath-in-generate_path.patch +Patch0032: 0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch +Patch0033: 0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch +Patch0034: 0034-Exclude-ca.crt-while-signing-EFI-images.patch +Patch0035: 0035-No-newline-for-console_notify.patch +Patch0036: 0036-Remove-the-duplicate-calls-in-lib-console.c.patch +Patch0037: 0037-Silence-the-functions-of-shim-protocol.patch +Patch0038: 0038-Free-the-string-from-DevicePathToStr.patch +Patch0039: 0039-Explain-the-logic-in-secure_mode-better.patch +Patch0040: 0040-Check-the-secure-variables-with-the-lib-functions.patch +Patch0041: 0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch +Patch0042: 0042-Simplify-the-checking-of-SB-and-DB-states.patch +Patch0043: 0043-Update-openssl-to-0.9.8za.patch +Patch0044: 0044-Replace-build-instructions-in-README-with-something-.patch +Patch0045: 0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch +Patch0046: 0046-unhook_system_services-bail-on-systab-NULL.patch +Patch0047: 0047-Factor-out-x86-isms-and-add-cross-compile-support.patch +Patch0048: 0048-Add-support-for-64-bit-ARM-AArch64.patch +Patch0049: 0049-Add-support-for-32-bit-ARM.patch +Patch0050: 0050-Update-openssl-to-0.9.8zb.patch +Patch0051: 0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch +Patch0052: 0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch +Patch0053: 0053-Don-t-name-something-exit.patch +Patch0054: 0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch +Patch0055: 0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch +Patch0056: 0056-Make-64-on-32-maybe-work-on-x86_64.patch +Patch0057: 0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch +Patch0058: 0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch +Patch0059: 0059-Fix-our-in_protocol-printing.patch +Patch0060: 0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch +Patch0061: 0061-Do-the-same-for-ia32.patch +Patch0062: 0062-Make-list_keys-index-variables-all-be-signed.patch +Patch0063: 0063-Revert-header-changes.patch +Patch0064: 0064-Actually-find-the-relocations-correctly-and-process-.patch +Patch0065: 0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch +Patch0066: 0066-Fix-some-minor-testplan-errors.patch +Patch0067: 0067-Don-t-verify-images-with-the-empty-build-key.patch +Patch0068: 0068-Cryptlib-remove-the-unused-files.patch +Patch0069: 0069-Another-testplan-error.patch +Patch0070: 0070-shim-buffer-overflow-on-ipv6-option-parsing.patch +Patch0071: 0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch +Patch0072: 0072-Make-another-integer-compare-be-signed-unsigned-safe.patch +Patch0073: 0073-Use-Werror-sign-compare.patch +Patch0074: 0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch BuildRequires: git openssl-devel openssl BuildRequires: pesign >= 0.106-1 @@ -60,6 +112,13 @@ Provides: bundled(openssl) = 0.9.8w # Adding further platforms will require adding appropriate relocation code. ExclusiveArch: x86_64 +%ifarch x86_64 +%global efiarch x64 +%endif +%ifarch aarch64 +%global efiarch aa64 +%endif + # Figure out the right file path to use %if 0%{?rhel} %global efidir redhat @@ -90,19 +149,27 @@ Utilities for managing the "Machine's Own Keys" list. %setup -q -a 2 -D -T git init -git config user.email "shim-owner@fedoraproject.org" -git config user.name "Fedora Ninjas" +git config user.email "example@example.com" +git config user.name "rpmbuild -bp" git add . git commit -a -q -m "%{version} baseline." -git am %{patches} - 0.7-8 +- out-of-bounds memory read flaw in DHCPv6 packet processing + Resolves: CVE-2014-3675 +- heap-based buffer overflow flaw in IPv6 address parsing + Resolves: CVE-2014-3676 +- memory corruption flaw when processing Machine Owner Keys (MOKs) + Resolves: CVE-2014-3677 + +* Tue Sep 23 2014 Peter Jones - 0.7-7 +- Use the right key for ARM Aarch64. + +* Sun Sep 21 2014 Peter Jones - 0.7-6 +- Preliminary build for ARM Aarch64. + * Tue Feb 18 2014 Peter Jones - 0.7-5 - Update for production signing Resolves: rhbz#1064424