diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b1df45d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+SOURCES/mokutil-0.2.0.tar.gz
+SOURCES/shim-0.7.tar.bz2
diff --git a/.shim.metadata b/.shim.metadata
new file mode 100644
index 0000000..e5cb147
--- /dev/null
+++ b/.shim.metadata
@@ -0,0 +1,2 @@
+ef680b489eb689a390ed2e1470eaaf2682ad5072 SOURCES/mokutil-0.2.0.tar.gz
+90d69f28accc9319a2e08fc23df76a8f117fb668 SOURCES/shim-0.7.tar.bz2
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
-
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
-
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/0001-Align-the-sections-we-re-loading-and-check-for-valid.patch b/SOURCES/0001-Align-the-sections-we-re-loading-and-check-for-valid.patch
new file mode 100644
index 0000000..c2dbcba
--- /dev/null
+++ b/SOURCES/0001-Align-the-sections-we-re-loading-and-check-for-valid.patch
@@ -0,0 +1,102 @@
+From ebd5dd071bb3194f335044a2c4928d527ff073ad Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 6 Feb 2015 17:48:07 -0500
+Subject: [PATCH] Align the sections we're loading, and check for validity
+ /after/ discarding.
+
+Turns out a) the codegen on aarch64 generates code that has real
+alignment needs, and b) if we check the length of discardable sections
+before discarding them, we error for no reason.
+
+So do the error checking in the right order, and always enforce some
+alignment because we know we have to.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ include/PeImage.h | 1 +
+ shim.c | 28 +++++++++++++++++-----------
+ 2 files changed, 18 insertions(+), 11 deletions(-)
+
+diff --git a/include/PeImage.h b/include/PeImage.h
+index 133e11e..05f32ea 100644
+--- a/include/PeImage.h
++++ b/include/PeImage.h
+@@ -778,6 +778,7 @@ typedef struct {
+ UINTN SizeOfHeaders;
+ UINT16 ImageType;
+ UINT16 NumberOfSections;
++ UINT32 SectionAlignment;
+ EFI_IMAGE_SECTION_HEADER *FirstSection;
+ EFI_IMAGE_DATA_DIRECTORY *RelocDir;
+ EFI_IMAGE_DATA_DIRECTORY *SecDir;
+diff --git a/shim.c b/shim.c
+index 8076caa..6d577af 100644
+--- a/shim.c
++++ b/shim.c
+@@ -1002,14 +1002,18 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+ context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes;
+ context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders;
+ context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage;
++ context->SectionAlignment = PEHdr->Pe32Plus.OptionalHeader.SectionAlignment;
+ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64);
+ } else {
+ context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes;
+ context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders;
+ context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage;
++ context->SectionAlignment = PEHdr->Pe32.OptionalHeader.SectionAlignment;
+ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32);
+ }
+
++ if (context->SectionAlignment < 0x1000)
++ context->SectionAlignment = 0x1000;
+ context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections;
+
+ if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) {
+@@ -1128,7 +1132,8 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ }
+ }
+
+- buffer = AllocatePool(context.ImageSize);
++ buffer = AllocatePool(context.ImageSize + context.SectionAlignment);
++ buffer = ALIGN_POINTER(buffer, context.SectionAlignment);
+
+ if (!buffer) {
+ perror(L"Failed to allocate image buffer\n");
+@@ -1159,16 +1164,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+
+ base = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress);
+ end = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress + size - 1);
+- if (!base || !end) {
+- perror(L"Invalid section size\n");
+- return EFI_UNSUPPORTED;
+- }
+-
+- if (Section->VirtualAddress < context.SizeOfHeaders ||
+- Section->PointerToRawData < context.SizeOfHeaders) {
+- perror(L"Section is inside image headers\n");
+- return EFI_UNSUPPORTED;
+- }
+
+ /* We do want to process .reloc, but it's often marked
+ * discardable, so we don't want to memcpy it. */
+@@ -1194,6 +1189,17 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ continue;
+ }
+
++ if (!base || !end) {
++ perror(L"Section %d has invalid size\n", i);
++ return EFI_UNSUPPORTED;
++ }
++
++ if (Section->VirtualAddress < context.SizeOfHeaders ||
++ Section->PointerToRawData < context.SizeOfHeaders) {
++ perror(L"Section %d is inside image headers\n", i);
++ return EFI_UNSUPPORTED;
++ }
++
+ if (Section->SizeOfRawData > 0)
+ CopyMem(base, data + Section->PointerToRawData, size);
+
+--
+2.1.0
+
diff --git a/SOURCES/0001-Make-lib-build-right-with-the-cflags-it-should-be-us.patch b/SOURCES/0001-Make-lib-build-right-with-the-cflags-it-should-be-us.patch
new file mode 100644
index 0000000..95037c9
--- /dev/null
+++ b/SOURCES/0001-Make-lib-build-right-with-the-cflags-it-should-be-us.patch
@@ -0,0 +1,215 @@
+From 5904ae56d328786f7e81fdd3cf129426cb34c415 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 25 Feb 2015 16:33:59 -0500
+Subject: [PATCH 1/2] Make lib/ build right with the cflags it should be
+ using...
+
+... but isn't.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ include/console.h | 9 ++++++---
+ include/guid.h | 5 -----
+ lib/configtable.c | 4 ++--
+ lib/console.c | 23 +++++++++++++----------
+ lib/execute.c | 2 +-
+ lib/guid.c | 26 --------------------------
+ lib/shell.c | 2 +-
+ 7 files changed, 23 insertions(+), 48 deletions(-)
+
+diff --git a/include/console.h b/include/console.h
+index 9c793ea..ecaa73f 100644
+--- a/include/console.h
++++ b/include/console.h
+@@ -4,13 +4,16 @@
+ EFI_STATUS
+ console_get_keystroke(EFI_INPUT_KEY *key);
+ void
+-console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_row, int size_cols, int size_rows, int offset, int lines);
++console_print_box_at(CHAR16 *str_arr[], unsigned int highlight,
++ unsigned int start_col, unsigned int start_row,
++ unsigned int size_cols, unsigned int size_rows,
++ int offset, unsigned int lines);
+ void
+-console_print_box(CHAR16 *str_arr[], int highlight);
++console_print_box(CHAR16 *str_arr[], unsigned int highlight);
+ int
+ console_yes_no(CHAR16 *str_arr[]);
+ int
+-console_select(CHAR16 *title[], CHAR16* selectors[], int start);
++console_select(CHAR16 *title[], CHAR16* selectors[], unsigned int start);
+ void
+ console_errorbox(CHAR16 *err);
+ void
+diff --git a/include/guid.h b/include/guid.h
+index 3c58be0..86b709b 100644
+--- a/include/guid.h
++++ b/include/guid.h
+@@ -1,10 +1,5 @@
+ #include <efi.h>
+
+-#ifndef BUILD_EFI
+-const char *guid_to_str(EFI_GUID *guid);
+-void str_to_guid(const char *str, EFI_GUID *guid);
+-#endif
+-
+ extern EFI_GUID GV_GUID;
+ extern EFI_GUID SIG_DB;
+ extern EFI_GUID X509_GUID;
+diff --git a/lib/configtable.c b/lib/configtable.c
+index e2d92bf..edf2ed7 100644
+--- a/lib/configtable.c
++++ b/lib/configtable.c
+@@ -14,7 +14,7 @@
+ void *
+ configtable_get_table(EFI_GUID *guid)
+ {
+- int i;
++ unsigned int i;
+
+ for (i = 0; i < ST->NumberOfTableEntries; i++) {
+ EFI_CONFIGURATION_TABLE *CT = &ST->ConfigurationTable[i];
+@@ -82,7 +82,7 @@ configtable_find_image(const EFI_DEVICE_PATH *DevicePath)
+ }
+ EFI_DEVICE_PATH *dp = (EFI_DEVICE_PATH *)(e->Data + skip), *dpn = dp;
+ if (dp->Type == 0 || dp->Type > 6 || dp->SubType == 0
+- || (((dp->Length[1] << 8) + dp->Length[0]) > e->InfoSize)) {
++ || ((unsigned)((dp->Length[1] << 8) + dp->Length[0]) > e->InfoSize)) {
+ /* Parse error, table corrupt, bail */
+ Print(L"Image Execution Information table corrupt\n");
+ break;
+diff --git a/lib/console.c b/lib/console.c
+index 83ee679..10bc154 100644
+--- a/lib/console.c
++++ b/lib/console.c
+@@ -33,7 +33,7 @@ count_lines(CHAR16 *str_arr[])
+ static void
+ SetMem16(CHAR16 *dst, UINT32 n, CHAR16 c)
+ {
+- int i;
++ unsigned int i;
+
+ for (i = 0; i < n/2; i++) {
+ dst[i] = c;
+@@ -55,9 +55,12 @@ console_get_keystroke(EFI_INPUT_KEY *key)
+ }
+
+ void
+-console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_row, int size_cols, int size_rows, int offset, int lines)
++console_print_box_at(CHAR16 *str_arr[], unsigned int highlight,
++ unsigned int start_col, unsigned int start_row,
++ unsigned int size_cols, unsigned int size_rows,
++ int offset, unsigned int lines)
+ {
+- int i;
++ unsigned int i;
+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
+ UINTN rows, cols;
+ CHAR16 *Line;
+@@ -124,7 +127,7 @@ console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_
+
+
+ for (i = start_row + 1; i < size_rows + start_row - 1; i++) {
+- int line = i - start;
++ unsigned int line = i - start;
+
+ SetMem16 (Line, size_cols*2, L' ');
+ Line[0] = BOXDRAW_VERTICAL;
+@@ -160,7 +163,7 @@ console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_
+ }
+
+ void
+-console_print_box(CHAR16 *str_arr[], int highlight)
++console_print_box(CHAR16 *str_arr[], unsigned int highlight)
+ {
+ SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode;
+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
+@@ -181,17 +184,17 @@ console_print_box(CHAR16 *str_arr[], int highlight)
+ }
+
+ int
+-console_select(CHAR16 *title[], CHAR16* selectors[], int start)
++console_select(CHAR16 *title[], CHAR16* selectors[], unsigned int start)
+ {
+ SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode;
+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
+ EFI_INPUT_KEY k;
+ EFI_STATUS status;
+- int selector;
+- int selector_lines = count_lines(selectors);
++ unsigned int selector;
++ unsigned int selector_lines = count_lines(selectors);
+ int selector_max_cols = 0;
+- int i, offs_col, offs_row, size_cols, size_rows, lines;
+- int selector_offset;
++ unsigned int i, offs_col, offs_row, size_cols, size_rows, lines;
++ unsigned int selector_offset;
+ UINTN cols, rows;
+
+ uefi_call_wrapper(co->QueryMode, 4, co, co->Mode->Mode, &cols, &rows);
+diff --git a/lib/execute.c b/lib/execute.c
+index 42d71c8..89328c6 100644
+--- a/lib/execute.c
++++ b/lib/execute.c
+@@ -51,7 +51,7 @@ generate_path(CHAR16* name, EFI_LOADED_IMAGE *li, EFI_DEVICE_PATH **path, CHAR16
+ EFI_STATUS efi_status = EFI_SUCCESS;
+ CHAR16 *devpathstr = DevicePathToStr(li->FilePath),
+ *found = NULL;
+- int i;
++ unsigned int i;
+
+ for (i = 0; i < StrLen(devpathstr); i++) {
+ if (devpathstr[i] == '/')
+diff --git a/lib/guid.c b/lib/guid.c
+index 56ec952..5f5a03f 100644
+--- a/lib/guid.c
++++ b/lib/guid.c
+@@ -5,32 +5,6 @@
+ */
+
+ #include <guid.h>
+-#include <stdio.h>
+-
+-#ifndef BUILD_EFI
+-/* EFI has %g for this, so it's only needed in platform c */
+-const char *guid_to_str(EFI_GUID *guid)
+-{
+- static char str[256];
+-
+- sprintf(str, "%08x-%04hx-%04hx-%02hhx%02hhx-%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx",
+- guid->Data1, guid->Data2, guid->Data3,
+- guid->Data4[0], guid->Data4[1], guid->Data4[2],
+- guid->Data4[3], guid->Data4[4], guid->Data4[5],
+- guid->Data4[6], guid->Data4[7]);
+-
+- return str;
+-}
+-
+-void str_to_guid(const char *str, EFI_GUID *guid)
+-{
+- sscanf(str, "%8x-%4hx-%4hx-%2hhx%2hhx-%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx",
+- &guid->Data1, &guid->Data2, &guid->Data3,
+- guid->Data4, guid->Data4 + 1, guid->Data4 + 2,
+- guid->Data4 + 3, guid->Data4 + 4, guid->Data4 + 5,
+- guid->Data4 + 6, guid->Data4 + 7);
+-}
+-#endif
+
+ /* all the necessary guids */
+ EFI_GUID GV_GUID = EFI_GLOBAL_VARIABLE;
+diff --git a/lib/shell.c b/lib/shell.c
+index 7337834..afd3952 100644
+--- a/lib/shell.c
++++ b/lib/shell.c
+@@ -13,7 +13,7 @@
+ EFI_STATUS
+ argsplit(EFI_HANDLE image, int *argc, CHAR16*** ARGV)
+ {
+- int i, count = 1;
++ unsigned int i, count = 1;
+ EFI_STATUS status;
+ EFI_LOADED_IMAGE *info;
+ CHAR16 *start;
+--
+2.1.0
+
diff --git a/SOURCES/0001-fallback-Fix-comparison-between-signed-and-unsigned-.patch b/SOURCES/0001-fallback-Fix-comparison-between-signed-and-unsigned-.patch
new file mode 100644
index 0000000..45b2bc5
--- /dev/null
+++ b/SOURCES/0001-fallback-Fix-comparison-between-signed-and-unsigned-.patch
@@ -0,0 +1,48 @@
+From 8bd4477e3a28a6c7a32f2c1e338ed3ec8394f2e4 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Wed, 25 Feb 2015 18:03:37 +0000
+Subject: [PATCH 1/2] fallback: Fix comparison between signed and unsigned in
+ debugging code.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+fallback.c: In function ‘update_boot_order’:
+fallback.c:334:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
+ for (j = 0 ; j < size / sizeof (CHAR16); j++)
+ ^
+fallback.c: In function ‘add_to_boot_list’:
+fallback.c:402:16: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
+ for (i = 0; i < s; i++) {
+ ^
+
+Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
+---
+ fallback.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fallback.c b/fallback.c
+index d10fb62..e739b78 100644
+--- a/fallback.c
++++ b/fallback.c
+@@ -328,7 +328,7 @@ update_boot_order(void)
+
+ #ifdef DEBUG_FALLBACK
+ Print(L"nbootorder: %d\nBootOrder: ", size / sizeof (CHAR16));
+- int j;
++ UINTN j;
+ for (j = 0 ; j < size / sizeof (CHAR16); j++)
+ Print(L"%04x ", newbootorder[j]);
+ Print(L"\n");
+@@ -395,7 +395,7 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 *
+ #ifdef DEBUG_FALLBACK
+ {
+ UINTN s = DevicePathSize(dp);
+- int i;
++ UINTN i;
+ UINT8 *dpv = (void *)dp;
+ for (i = 0; i < s; i++) {
+ if (i > 0 && i % 16 == 0)
+--
+2.1.0
+
diff --git a/SOURCES/0001-fix-verify_mok.patch b/SOURCES/0001-fix-verify_mok.patch
new file mode 100644
index 0000000..100115b
--- /dev/null
+++ b/SOURCES/0001-fix-verify_mok.patch
@@ -0,0 +1,54 @@
+From 11495d4019d44dce1487939f91f7d751ffbb9730 Mon Sep 17 00:00:00 2001
+From: Andrew Boie <andrew.p.boie@intel.com>
+Date: Mon, 15 Apr 2013 14:11:17 -0700
+Subject: [PATCH 01/74] fix verify_mok()
+
+() Fix the return value semantics. If the MokList doesn't
+exist, we are OK. If the MokList was compromised but we
+were able to erase it, that is OK too. Only if the list
+can't be nuked do we return an error.
+
+() Fix use of potentially uninitialized attribute variable
+
+() Actually use the return value when called from verify_buffer.
+
+Change-Id: If16df21d79c52a1726928df96d133390cde4cb7e
+Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
+---
+ shim.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index 23dd0ee..dcb36d0 100644
+--- a/shim.c
++++ b/shim.c
+@@ -670,13 +670,12 @@ static EFI_STATUS verify_mok (void) {
+ status = get_variable_attr(L"MokList", &MokListData, &MokListDataSize,
+ shim_lock_guid, &attributes);
+
+- if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
++ if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
+ Print(L"MokList is compromised!\nErase all keys in MokList!\n");
+ if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) {
+ Print(L"Failed to erase MokList\n");
++ return EFI_ACCESS_DENIED;
+ }
+- status = EFI_ACCESS_DENIED;
+- return status;
+ }
+
+ if (MokListData)
+@@ -722,7 +721,9 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
+ /*
+ * Check that the MOK database hasn't been modified
+ */
+- verify_mok();
++ status = verify_mok();
++ if (status != EFI_SUCCESS)
++ return status;
+
+ /*
+ * Ensure that the binary isn't blacklisted
+--
+1.9.3
+
diff --git a/SOURCES/0002-Fix-length-of-allocated-buffer-for-boot-option-compa.patch b/SOURCES/0002-Fix-length-of-allocated-buffer-for-boot-option-compa.patch
new file mode 100644
index 0000000..953951f
--- /dev/null
+++ b/SOURCES/0002-Fix-length-of-allocated-buffer-for-boot-option-compa.patch
@@ -0,0 +1,55 @@
+From 8a72ee927a71806e00d1c7a45d77167f397102ae Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Wed, 25 Feb 2015 18:45:41 +0000
+Subject: [PATCH 2/2] Fix length of allocated buffer for boot option
+ comparison.
+
+The following commit:
+
+ commit 4aac8a1179e160397d7ef8f1e3232cfb4f3373d6
+ Author: Gary Ching-Pang Lin <glin@suse.com>
+ Date: Thu Mar 6 10:57:02 2014 +0800
+
+ [fallback] Fix the data size for boot option comparison
+
+corrected the data size used for comparison, but also reduced the
+allocation so it doesn't include the trailing UTF16LE '\0\0' at the
+end of the string, with the result that the trailer of the buffer
+containing the string is overwritten, which OVMF detects as memory
+corruption.
+
+Increase the size of the storage buffer in a few places to correct
+this problem.
+
+Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Gary Ching-Pang Lin <glin@suse.com>
+---
+ fallback.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fallback.c b/fallback.c
+index e739b78..8489b2e 100644
+--- a/fallback.c
++++ b/fallback.c
+@@ -163,7 +163,7 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp,
+ StrLen(label)*2 + 2 + DevicePathSize(hddp) +
+ StrLen(arguments) * 2;
+
+- CHAR8 *data = AllocateZeroPool(size);
++ CHAR8 *data = AllocateZeroPool(size + 2);
+ CHAR8 *cursor = data;
+ *(UINT32 *)cursor = LOAD_OPTION_ACTIVE;
+ cursor += sizeof (UINT32);
+@@ -234,7 +234,7 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
+ StrLen(label)*2 + 2 + DevicePathSize(dp) +
+ StrLen(arguments) * 2;
+
+- CHAR8 *data = AllocateZeroPool(size);
++ CHAR8 *data = AllocateZeroPool(size + 2);
+ if (!data)
+ return EFI_OUT_OF_RESOURCES;
+ CHAR8 *cursor = data;
+--
+2.1.0
+
diff --git a/SOURCES/0002-Make-lib-use-the-right-CFLAGS.patch b/SOURCES/0002-Make-lib-use-the-right-CFLAGS.patch
new file mode 100644
index 0000000..15ab83a
--- /dev/null
+++ b/SOURCES/0002-Make-lib-use-the-right-CFLAGS.patch
@@ -0,0 +1,74 @@
+From d3a8eedee05c8991117a8efb8bfa3fe606d6c2e9 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 25 Feb 2015 16:34:28 -0500
+Subject: [PATCH 2/2] Make lib/ use the right CFLAGS.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ Makefile | 4 ++--
+ lib/Makefile | 11 -----------
+ lib/console.c | 4 ++--
+ 3 files changed, 4 insertions(+), 15 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 332a29b..532bcf3 100644
+--- a/Makefile
++++ b/Makefile
+@@ -9,7 +9,7 @@ SUBDIRS = Cryptlib lib
+ LIB_PATH = /usr/lib64
+
+ EFI_INCLUDE := /usr/include/efi
+-EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude
++EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I$(shell pwd)/include
+ EFI_PATH := /usr/lib64/gnuefi
+
+ LIB_GCC = $(shell $(CC) -print-libgcc-file-name)
+@@ -115,7 +115,7 @@ Cryptlib/OpenSSL/libopenssl.a:
+ $(MAKE) -C Cryptlib/OpenSSL
+
+ lib/lib.a:
+- $(MAKE) -C lib
++ $(MAKE) CFLAGS="$(CFLAGS)" -C lib
+
+ ifeq ($(ARCH),aarch64)
+ FORMAT := -O binary
+diff --git a/lib/Makefile b/lib/Makefile
+index ebd21a1..d93a26d 100644
+--- a/lib/Makefile
++++ b/lib/Makefile
+@@ -4,17 +4,6 @@ LIBFILES = simple_file.o guid.o console.o execute.o configtable.o shell.o variab
+
+ EFI_INCLUDES = -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I../include
+
+-CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
+- -fshort-wchar -Wall -DBUILD_EFI -fno-builtin -Werror \
+- $(EFI_INCLUDES)
+-
+-ifeq ($(ARCH),x86_64)
+- CFLAGS += -mno-red-zone -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
+-endif
+-ifeq ($(ARCH),ia32)
+- CFLAGS += -mno-red-zone -m32
+-endif
+-
+ lib.a: $(LIBFILES)
+ ar rcs lib.a $(LIBFILES)
+
+diff --git a/lib/console.c b/lib/console.c
+index 10bc154..e70ab48 100644
+--- a/lib/console.c
++++ b/lib/console.c
+@@ -4,8 +4,8 @@
+ *
+ * see COPYING file
+ */
+-#include <efi/efi.h>
+-#include <efi/efilib.h>
++#include <efi.h>
++#include <efilib.h>
+
+ #include <console.h>
+ #include <variables.h>
+--
+2.1.0
+
diff --git a/SOURCES/0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch b/SOURCES/0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch
new file mode 100644
index 0000000..e97a0a2
--- /dev/null
+++ b/SOURCES/0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch
@@ -0,0 +1,175 @@
+From 8e9d3af7b108cc76ce18017b3f58ad4b2e60989f Mon Sep 17 00:00:00 2001
+From: Mohanraj S <mohanrajx.sakkaraiappan@intel.com>
+Date: Tue, 27 Aug 2013 09:27:00 -0700
+Subject: [PATCH 02/74] shim.c: Add support for hashing/relocation of 32-bit
+ binaries
+
+Change-Id: Ib93305f7f1691d1b142567507df1058de62dde06
+Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
+---
+ shim.c | 72 +++++++++++++++++++++++++++++++++++++++++++++---------------------
+ 1 file changed, 49 insertions(+), 23 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index dcb36d0..a043779 100644
+--- a/shim.c
++++ b/shim.c
+@@ -126,7 +126,11 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ int size = context->ImageSize;
+ void *ImageEnd = (char *)data + size;
+
++#if __LP64__
+ context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data;
++#else
++ context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)data;
++#endif
+
+ if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) {
+ Print(L"Image has no relocation entry\n");
+@@ -141,7 +145,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ return EFI_UNSUPPORTED;
+ }
+
+- Adjust = (UINT64)data - context->ImageAddress;
++ Adjust = (UINTN)data - context->ImageAddress;
+
+ if (Adjust == 0)
+ return EFI_SUCCESS;
+@@ -549,9 +553,15 @@ static EFI_STATUS generate_hash (char *data, int datasize,
+ }
+
+ /* Hash end of certificate table to end of image header */
++#if __LP64__
+ hashbase = (char *) &context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
+ hashsize = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders -
+ (int) ((char *) (&context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data);
++#else
++ hashbase = (char *) &context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
++ hashsize = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders -
++ (int) ((char *) (&context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data);
++#endif
+
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+ !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+@@ -561,7 +571,11 @@ static EFI_STATUS generate_hash (char *data, int datasize,
+ }
+
+ /* Sort sections */
++#if __LP64__
+ SumOfBytesHashed = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders;
++#else
++ SumOfBytesHashed = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders;
++#endif
+
+ Section = (EFI_IMAGE_SECTION_HEADER *) (
+ (char *)context->PEHdr + sizeof (UINT32) +
+@@ -628,7 +642,11 @@ static EFI_STATUS generate_hash (char *data, int datasize,
+ hashbase = data + SumOfBytesHashed;
+ hashsize = (unsigned int)(
+ size -
++#if __LP64__
+ context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
++#else
++ context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
++#endif
+ SumOfBytesHashed);
+
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+@@ -781,7 +799,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+ {
+ EFI_IMAGE_DOS_HEADER *DosHdr = data;
+ EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr = data;
+- unsigned long HeaderWithoutDataDir, SectionHeaderOffset;
++ unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize;
+
+ if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) {
+ Print(L"Invalid image\n");
+@@ -790,18 +808,28 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+
+ if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE)
+ PEHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)((char *)data + DosHdr->e_lfanew);
++#if __LP64__
++ context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes;
++ context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders;
++ context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage;
++ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64);
++#else
++ context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes;
++ context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders;
++ context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage;
++ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32);
++#endif
++ context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections;
+
+- if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES
+- < PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes) {
++ if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) {
+ Print(L"Image header too small\n");
+ return EFI_UNSUPPORTED;
+ }
+
+- HeaderWithoutDataDir = sizeof (EFI_IMAGE_OPTIONAL_HEADER64)
++ HeaderWithoutDataDir = OptHeaderSize
+ - sizeof (EFI_IMAGE_DATA_DIRECTORY) * EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES;
+- if (((UINT32)PEHdr->Pe32Plus.FileHeader.SizeOfOptionalHeader - HeaderWithoutDataDir) !=
+- PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes
+- * sizeof (EFI_IMAGE_DATA_DIRECTORY)) {
++ if (((UINT32)PEHdr->Pe32.FileHeader.SizeOfOptionalHeader - HeaderWithoutDataDir) !=
++ context->NumberOfRvaAndSizes * sizeof (EFI_IMAGE_DATA_DIRECTORY)) {
+ Print(L"Image header overflows data directory\n");
+ return EFI_UNSUPPORTED;
+ }
+@@ -809,15 +837,15 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+ SectionHeaderOffset = DosHdr->e_lfanew
+ + sizeof (UINT32)
+ + sizeof (EFI_IMAGE_FILE_HEADER)
+- + PEHdr->Pe32Plus.FileHeader.SizeOfOptionalHeader;
+- if ((PEHdr->Pe32Plus.OptionalHeader.SizeOfImage - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER
+- <= PEHdr->Pe32Plus.FileHeader.NumberOfSections) {
++ + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader;
++ if (((UINT32)context->ImageSize - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER
++ <= context->NumberOfSections) {
+ Print(L"Image sections overflow image size\n");
+ return EFI_UNSUPPORTED;
+ }
+
+- if ((PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER
+- < (UINT32)PEHdr->Pe32Plus.FileHeader.NumberOfSections) {
++ if ((context->SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER
++ < (UINT32)context->NumberOfSections) {
+ Print(L"Image sections overflow section headers\n");
+ return EFI_UNSUPPORTED;
+ }
+@@ -837,21 +865,19 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+ return EFI_UNSUPPORTED;
+ }
+
+- if (PEHdr->Pe32.OptionalHeader.Magic != EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
+- Print(L"Only 64-bit images supported\n");
+- return EFI_UNSUPPORTED;
+- }
+-
+ context->PEHdr = PEHdr;
++#if __LP64__
+ context->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase;
+- context->ImageSize = (UINT64)PEHdr->Pe32Plus.OptionalHeader.SizeOfImage;
+- context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders;
+ context->EntryPoint = PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint;
+ context->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC];
+- context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes;
+- context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections;
+- context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER));
+ context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
++#else
++ context->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase;
++ context->EntryPoint = PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint;
++ context->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC];
++ context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
++#endif
++ context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER));
+
+ if (context->ImageSize < context->SizeOfHeaders) {
+ Print(L"Invalid image\n");
+--
+1.9.3
+
diff --git a/SOURCES/0003-netboot.h-fix-build-error-on-32-bit-systems.patch b/SOURCES/0003-netboot.h-fix-build-error-on-32-bit-systems.patch
new file mode 100644
index 0000000..8d85654
--- /dev/null
+++ b/SOURCES/0003-netboot.h-fix-build-error-on-32-bit-systems.patch
@@ -0,0 +1,27 @@
+From 434e854202236ec5809dbb96589fc34313dbff9e Mon Sep 17 00:00:00 2001
+From: Andrew Boie <andrew.p.boie@intel.com>
+Date: Thu, 31 Oct 2013 13:56:56 -0700
+Subject: [PATCH 03/74] netboot.h: fix build error on 32-bit systems
+
+Function prototype/implementation mismatch.
+
+Change-Id: I89aaae1b49d0372d3aed76fc21c194e0ae55f72e
+Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
+---
+ netboot.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/netboot.h b/netboot.h
+index 2cdb421..6417373 100644
+--- a/netboot.h
++++ b/netboot.h
+@@ -5,5 +5,5 @@ extern BOOLEAN findNetboot(EFI_HANDLE image_handle);
+
+ extern EFI_STATUS parseNetbootinfo(EFI_HANDLE image_handle);
+
+-extern EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINTN *bufsiz);
++extern EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINT64 *bufsiz);
+ #endif
+--
+1.9.3
+
diff --git a/SOURCES/0004-properly-compile-OpenSSL-in-32-bit-mode.patch b/SOURCES/0004-properly-compile-OpenSSL-in-32-bit-mode.patch
new file mode 100644
index 0000000..f9b2147
--- /dev/null
+++ b/SOURCES/0004-properly-compile-OpenSSL-in-32-bit-mode.patch
@@ -0,0 +1,34 @@
+From c5ed2dfa5d9c2d5de33db290ae8cc237342dbc4c Mon Sep 17 00:00:00 2001
+From: Andrey Petrov <andrey.petrov@intel.com>
+Date: Mon, 11 Nov 2013 13:46:42 -0800
+Subject: [PATCH 04/74] properly compile OpenSSL in 32-bit mode
+
+Change-Id: Iff3ee5ae0f0b95b282b99a23e465723b4e9f6104
+Signed-off-by: Andrey Petrov <andrey.petrov@intel.com>
+Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
+---
+ Cryptlib/OpenSSL/Makefile | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile
+index c93d5af..3d5a87c 100644
+--- a/Cryptlib/OpenSSL/Makefile
++++ b/Cryptlib/OpenSSL/Makefile
+@@ -10,9 +10,12 @@ LIB_GCC = $(shell $(CC) -print-libgcc-file-name)
+ EFI_LIBS = -lefi -lgnuefi $(LIB_GCC)
+
+ CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \
+- -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -DSIXTY_FOUR_BIT_LONG -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC
++ -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC
+ ifeq ($(ARCH),x86_64)
+- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
++ CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG
++endif
++ifeq ($(ARCH),ia32)
++ CFLAGS += -DTHIRTY_TWO_BIT
+ endif
+ LDFLAGS = -nostdlib -znocombreloc
+
+--
+1.9.3
+
diff --git a/SOURCES/0005-fallback.c-fix-32-bit-compilation.patch b/SOURCES/0005-fallback.c-fix-32-bit-compilation.patch
new file mode 100644
index 0000000..6380173
--- /dev/null
+++ b/SOURCES/0005-fallback.c-fix-32-bit-compilation.patch
@@ -0,0 +1,38 @@
+From d74ab697f7f20418eeb09f0291cc480d43241dea Mon Sep 17 00:00:00 2001
+From: Andrew Boie <andrew.p.boie@intel.com>
+Date: Mon, 11 Nov 2013 16:12:23 -0800
+Subject: [PATCH 05/74] fallback.c: fix 32-bit compilation
+
+fh->Read expects pointer to 32-bit int, use UINTN
+
+Change-Id: If1a728efd51a9a24dfcd8123e84bf4c0713491fe
+Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
+---
+ fallback.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fallback.c b/fallback.c
+index 82ddbf2..c875144 100644
+--- a/fallback.c
++++ b/fallback.c
+@@ -15,7 +15,7 @@
+ EFI_LOADED_IMAGE *this_image = NULL;
+
+ static EFI_STATUS
+-get_file_size(EFI_FILE_HANDLE fh, UINT64 *retsize)
++get_file_size(EFI_FILE_HANDLE fh, UINTN *retsize)
+ {
+ EFI_STATUS rc;
+ void *buffer = NULL;
+@@ -60,7 +60,7 @@ read_file(EFI_FILE_HANDLE fh, CHAR16 *fullpath, CHAR16 **buffer, UINT64 *bs)
+ return rc;
+ }
+
+- UINT64 len = 0;
++ UINTN len = 0;
+ CHAR16 *b = NULL;
+ rc = get_file_size(fh2, &len);
+ if (EFI_ERROR(rc)) {
+--
+1.9.3
+
diff --git a/SOURCES/0006-fix-fallback.so-build-dependency.patch b/SOURCES/0006-fix-fallback.so-build-dependency.patch
new file mode 100644
index 0000000..b03f3e8
--- /dev/null
+++ b/SOURCES/0006-fix-fallback.so-build-dependency.patch
@@ -0,0 +1,29 @@
+From 06e15d762966d4224f7e54480b9213c4dcf1fe35 Mon Sep 17 00:00:00 2001
+From: Andrew Boie <andrew.p.boie@intel.com>
+Date: Mon, 11 Nov 2013 16:14:22 -0800
+Subject: [PATCH 06/74] fix fallback.so build dependency
+
+Exposed during parallel builds
+
+Change-Id: I9867858166dcafd69438f37ee5da14a267ace8f4
+Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index a22c6b3..2eab862 100644
+--- a/Makefile
++++ b/Makefile
+@@ -83,7 +83,7 @@ shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
+
+ fallback.o: $(FALLBACK_SRCS)
+
+-fallback.so: $(FALLBACK_OBJS)
++fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
+ $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
+
+ MokManager.o: $(MOK_SOURCES)
+--
+1.9.3
+
diff --git a/SOURCES/0007-propagate-some-path-variables.patch b/SOURCES/0007-propagate-some-path-variables.patch
new file mode 100644
index 0000000..640d021
--- /dev/null
+++ b/SOURCES/0007-propagate-some-path-variables.patch
@@ -0,0 +1,38 @@
+From 476d376ed08e1431bf7e20bf47ea3fc6c36dd168 Mon Sep 17 00:00:00 2001
+From: Andrew Boie <andrew.p.boie@intel.com>
+Date: Mon, 11 Nov 2013 16:15:39 -0800
+Subject: [PATCH 07/74] propagate some path variables
+
+If these are overridden on the command line, pass them along to
+the sub-makes.
+
+Change-Id: I531ccb5d2f5e4be8e99d4892cdcfffffc1ad9877
+Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
+---
+ Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 2eab862..d619ff4 100644
+--- a/Makefile
++++ b/Makefile
+@@ -92,13 +92,13 @@ MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a
+ $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
+
+ Cryptlib/libcryptlib.a:
+- $(MAKE) -C Cryptlib
++ $(MAKE) -C Cryptlib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH)
+
+ Cryptlib/OpenSSL/libopenssl.a:
+- $(MAKE) -C Cryptlib/OpenSSL
++ $(MAKE) -C Cryptlib/OpenSSL EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH)
+
+ lib/lib.a:
+- $(MAKE) -C lib EFI_PATH=$(EFI_PATH)
++ $(MAKE) -C lib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH)
+
+ %.efi: %.so
+ objcopy -j .text -j .sdata -j .data \
+--
+1.9.3
+
diff --git a/SOURCES/0008-allow-32-bit-compilation-with-64-bit-compiler.patch b/SOURCES/0008-allow-32-bit-compilation-with-64-bit-compiler.patch
new file mode 100644
index 0000000..5305778
--- /dev/null
+++ b/SOURCES/0008-allow-32-bit-compilation-with-64-bit-compiler.patch
@@ -0,0 +1,90 @@
+From 9712a7e77dc12f7569858b81d620d85301f50ede Mon Sep 17 00:00:00 2001
+From: Andrew Boie <andrew.p.boie@intel.com>
+Date: Mon, 11 Nov 2013 16:17:20 -0800
+Subject: [PATCH 08/74] allow 32-bit compilation with 64-bit compiler
+
+Also removed unused LIB_PATH from some Makefiles.
+
+Change-Id: I7d28d18f7531b51b6121a2ffb88bcaedec57c467
+Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
+---
+ Cryptlib/Makefile | 5 +++--
+ Cryptlib/OpenSSL/Makefile | 4 +---
+ Makefile | 3 +++
+ lib/Makefile | 3 +++
+ 4 files changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
+index a05a4db..d24e59e 100644
+--- a/Cryptlib/Makefile
++++ b/Cryptlib/Makefile
+@@ -1,7 +1,5 @@
+ ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,)
+
+-LIB_PATH = /usr/lib64
+-
+ EFI_INCLUDE = /usr/include/efi
+ EFI_INCLUDES = -nostdinc -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol
+ EFI_PATH = /usr/lib64/gnuefi
+@@ -14,6 +12,9 @@ CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort-
+ ifeq ($(ARCH),x86_64)
+ CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
+ endif
++ifeq ($(ARCH),ia32)
++ CFLAGS += -m32
++endif
+ LDFLAGS = -nostdlib -znocombreloc
+
+ TARGET = libcryptlib.a
+diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile
+index 3d5a87c..8e2f2a6 100644
+--- a/Cryptlib/OpenSSL/Makefile
++++ b/Cryptlib/OpenSSL/Makefile
+@@ -1,7 +1,5 @@
+ ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,)
+
+-LIB_PATH = /usr/lib64
+-
+ EFI_INCLUDE = /usr/include/efi
+ EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol
+ EFI_PATH = /usr/lib64/gnuefi
+@@ -15,7 +13,7 @@ ifeq ($(ARCH),x86_64)
+ CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG
+ endif
+ ifeq ($(ARCH),ia32)
+- CFLAGS += -DTHIRTY_TWO_BIT
++ CFLAGS += -m32 -DTHIRTY_TWO_BIT
+ endif
+ LDFLAGS = -nostdlib -znocombreloc
+
+diff --git a/Makefile b/Makefile
+index d619ff4..e65d28d 100644
+--- a/Makefile
++++ b/Makefile
+@@ -28,6 +28,9 @@ endif
+ ifeq ($(ARCH),x86_64)
+ CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
+ endif
++ifeq ($(ARCH),ia32)
++ CFLAGS += -m32
++endif
+ ifneq ($(origin VENDOR_CERT_FILE), undefined)
+ CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
+ endif
+diff --git a/lib/Makefile b/lib/Makefile
+index adb0347..a9c9cf6 100644
+--- a/lib/Makefile
++++ b/lib/Makefile
+@@ -17,6 +17,9 @@ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
+ ifeq ($(ARCH),x86_64)
+ CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
+ endif
++ifeq ($(ARCH),ia32)
++ CFLAGS += -m32
++endif
+
+ lib.a: $(LIBFILES)
+ ar rcs lib.a $(LIBFILES)
+--
+1.9.3
+
diff --git a/SOURCES/0009-shim-improve-error-messages.patch b/SOURCES/0009-shim-improve-error-messages.patch
new file mode 100644
index 0000000..e18d66f
--- /dev/null
+++ b/SOURCES/0009-shim-improve-error-messages.patch
@@ -0,0 +1,186 @@
+From 2f09d0ab290d9b0d8aa14c3243f1d85a20bc34e6 Mon Sep 17 00:00:00 2001
+From: Andrew Boie <andrew.p.boie@intel.com>
+Date: Mon, 11 Nov 2013 17:29:06 -0800
+Subject: [PATCH 09/74] shim: improve error messages
+
+%r when used in Print() will show a string representation of
+an EFI_STATUS code.
+
+Change-Id: I6db47f5213454603bd66177aca378ad01e9f0bd4
+Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
+---
+ shim.c | 38 +++++++++++++++++++-------------------
+ 1 file changed, 19 insertions(+), 19 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index a043779..9ae1936 100644
+--- a/shim.c
++++ b/shim.c
+@@ -914,7 +914,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ */
+ efi_status = read_header(data, datasize, &context);
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to read header\n");
++ Print(L"Failed to read header: %r\n", efi_status);
+ return efi_status;
+ }
+
+@@ -981,7 +981,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ efi_status = relocate_coff(&context, buffer);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Relocation failed\n");
++ Print(L"Relocation failed: %r\n", efi_status);
+ FreePool(buffer);
+ return efi_status;
+ }
+@@ -1022,7 +1022,7 @@ should_use_fallback(EFI_HANDLE image_handle)
+ rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle,
+ &loaded_image_protocol, (void **)&li);
+ if (EFI_ERROR(rc)) {
+- Print(L"Could not get image for bootx64.efi: %d\n", rc);
++ Print(L"Could not get image for bootx64.efi: %r\n", rc);
+ return 0;
+ }
+
+@@ -1044,13 +1044,13 @@ should_use_fallback(EFI_HANDLE image_handle)
+ rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle,
+ &FileSystemProtocol, (void **)&fio);
+ if (EFI_ERROR(rc)) {
+- Print(L"Could not get fio for li->DeviceHandle: %d\n", rc);
++ Print(L"Could not get fio for li->DeviceHandle: %r\n", rc);
+ return 0;
+ }
+
+ rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh);
+ if (EFI_ERROR(rc)) {
+- Print(L"Could not open fio volume: %d\n", rc);
++ Print(L"Could not open fio volume: %r\n", rc);
+ return 0;
+ }
+
+@@ -1172,14 +1172,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
+ (void **)&drive);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to find fs\n");
++ Print(L"Failed to find fs: %r\n", efi_status);
+ goto error;
+ }
+
+ efi_status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to open fs\n");
++ Print(L"Failed to open fs: %r\n", efi_status);
+ goto error;
+ }
+
+@@ -1190,7 +1190,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
+ EFI_FILE_MODE_READ, 0);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to open %s - %lx\n", PathName, efi_status);
++ Print(L"Failed to open %s - %r\n", PathName, efi_status);
+ goto error;
+ }
+
+@@ -1223,7 +1223,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
+ }
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Unable to get file info\n");
++ Print(L"Unable to get file info: %r\n", efi_status);
+ goto error;
+ }
+
+@@ -1251,7 +1251,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
+ }
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Unexpected return from initial read: %x, buffersize %x\n", efi_status, buffersize);
++ Print(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize);
+ goto error;
+ }
+
+@@ -1328,20 +1328,20 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
+ efi_status = generate_path(li, ImagePath, &path, &PathName);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Unable to generate path: %s\n", ImagePath);
++ Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status);
+ goto done;
+ }
+
+ if (findNetboot(image_handle)) {
+ efi_status = parseNetbootinfo(image_handle);
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Netboot parsing failed: %d\n", efi_status);
++ Print(L"Netboot parsing failed: %r\n", efi_status);
+ return EFI_PROTOCOL_ERROR;
+ }
+ efi_status = FetchNetbootimage(image_handle, &sourcebuffer,
+ &sourcesize);
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Unable to fetch TFTP image\n");
++ Print(L"Unable to fetch TFTP image: %r\n", efi_status);
+ return efi_status;
+ }
+ data = sourcebuffer;
+@@ -1353,7 +1353,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
+ efi_status = load_image(li, &data, &datasize, PathName);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to load image\n");
++ Print(L"Failed to load image %s: %r\n", PathName, efi_status);
+ goto done;
+ }
+ }
+@@ -1370,7 +1370,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
+ efi_status = handle_image(data, datasize, li);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to load image\n");
++ Print(L"Failed to load image: %r\n", efi_status);
+ CopyMem(li, &li_bak, sizeof(li_bak));
+ goto done;
+ }
+@@ -1473,7 +1473,7 @@ EFI_STATUS mirror_mok_list()
+ | EFI_VARIABLE_RUNTIME_ACCESS,
+ FullDataSize, FullData);
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to set MokListRT %d\n", efi_status);
++ Print(L"Failed to set MokListRT: %r\n", efi_status);
+ }
+
+ return efi_status;
+@@ -1514,7 +1514,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
+ efi_status = start_image(image_handle, MOK_MANAGER);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to start MokManager\n");
++ Print(L"Failed to start MokManager: %r\n", efi_status);
+ return efi_status;
+ }
+ }
+@@ -1621,7 +1621,7 @@ static EFI_STATUS mok_ignore_db()
+ | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize, (void *)&Data);
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to set MokIgnoreDB %d\n", efi_status);
++ Print(L"Failed to set MokIgnoreDB: %r\n", efi_status);
+ }
+ }
+
+@@ -1648,7 +1648,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
+ status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle,
+ &LoadedImageProtocol, (void **) &li);
+ if (status != EFI_SUCCESS) {
+- Print (L"Failed to get load options\n");
++ Print (L"Failed to get load options: %r\n", status);
+ return status;
+ }
+
+--
+1.9.3
+
diff --git a/SOURCES/0010-Clarify-meaning-of-insecure_mode.patch b/SOURCES/0010-Clarify-meaning-of-insecure_mode.patch
new file mode 100644
index 0000000..4807572
--- /dev/null
+++ b/SOURCES/0010-Clarify-meaning-of-insecure_mode.patch
@@ -0,0 +1,99 @@
+From d95b24bd02cf41cca9adebd95f10609d6424d2b3 Mon Sep 17 00:00:00 2001
+From: Matthew Garrett <matthew.garrett@nebula.com>
+Date: Tue, 19 Nov 2013 10:09:13 -0500
+Subject: [PATCH 10/74] Clarify meaning of insecure_mode
+
+insecure_mode was intended to indicate that the user had explicity disabled
+checks with mokutil, which means it wasn't the opposite of secure_mode().
+Change the names to clarify this and don't show the insecure mode message
+unless the user has explicitly enabled that mode.
+
+Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
+---
+ replacements.c | 6 ------
+ shim.c | 12 ++++++------
+ 2 files changed, 6 insertions(+), 12 deletions(-)
+
+diff --git a/replacements.c b/replacements.c
+index bac5e5d..5ea5c32 100644
+--- a/replacements.c
++++ b/replacements.c
+@@ -64,13 +64,9 @@ static typeof(systab->BootServices->StartImage) system_start_image;
+ static typeof(systab->BootServices->Exit) system_exit;
+ static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services;
+
+-extern UINT8 insecure_mode;
+-
+ void
+ unhook_system_services(void)
+ {
+- if (insecure_mode)
+- return;
+ systab->BootServices->Exit = system_exit;
+ systab->BootServices->StartImage = system_start_image;
+ systab->BootServices->ExitBootServices = system_exit_boot_services;
+@@ -123,8 +119,6 @@ exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus,
+ void
+ hook_system_services(EFI_SYSTEM_TABLE *local_systab)
+ {
+- if (insecure_mode)
+- return;
+ systab = local_systab;
+
+ /* We need to hook various calls to make this work... */
+diff --git a/shim.c b/shim.c
+index 9ae1936..524f5fc 100644
+--- a/shim.c
++++ b/shim.c
+@@ -85,7 +85,7 @@ int loader_is_participating;
+
+ #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }}
+
+-UINT8 insecure_mode;
++UINT8 user_insecure_mode;
+ UINT8 ignore_db;
+
+ typedef enum {
+@@ -456,7 +456,7 @@ static BOOLEAN secure_mode (void)
+ UINT8 *Data;
+ UINT8 sb, setupmode;
+
+- if (insecure_mode)
++ if (user_insecure_mode)
+ return FALSE;
+
+ status = get_variable(L"SecureBoot", &Data, &len, global_var);
+@@ -1534,7 +1534,7 @@ static EFI_STATUS check_mok_sb (void)
+ UINTN MokSBStateSize = 0;
+ UINT32 attributes;
+
+- insecure_mode = 0;
++ user_insecure_mode = 0;
+ ignore_db = 0;
+
+ status = get_variable_attr(L"MokSBState", &MokSBState, &MokSBStateSize,
+@@ -1555,7 +1555,7 @@ static EFI_STATUS check_mok_sb (void)
+ status = EFI_ACCESS_DENIED;
+ } else {
+ if (*(UINT8 *)MokSBState == 1) {
+- insecure_mode = 1;
++ user_insecure_mode = 1;
+ }
+ }
+
+@@ -1753,10 +1753,10 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
+ /*
+ * Tell the user that we're in insecure mode if necessary
+ */
+- if (!secure_mode()) {
++ if (user_insecure_mode) {
+ Print(L"Booting in insecure mode\n");
+ uefi_call_wrapper(BS->Stall, 1, 2000000);
+- } else {
++ } else if (secure_mode()) {
+ /*
+ * Install our hooks for ExitBootServices() and StartImage()
+ */
+--
+1.9.3
+
diff --git a/SOURCES/0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch b/SOURCES/0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch
new file mode 100644
index 0000000..11b612d
--- /dev/null
+++ b/SOURCES/0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch
@@ -0,0 +1,42 @@
+From 8b48ec5c70cd97d37f48581a4eab8139c1a95a1f Mon Sep 17 00:00:00 2001
+From: Matthew Garrett <matthew.garrett@nebula.com>
+Date: Tue, 19 Nov 2013 10:15:55 -0500
+Subject: [PATCH 11/74] Don't hook system services if shim has no built-in keys
+
+Shim should only need to enforce its security policy when its launching
+binaries signed with its built-in key. Binaries signed by keys in db or
+Mokdb should be able to rely on their own security policy.
+
+Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
+---
+ shim.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index 524f5fc..cf93d65 100644
+--- a/shim.c
++++ b/shim.c
+@@ -1757,11 +1757,15 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
+ Print(L"Booting in insecure mode\n");
+ uefi_call_wrapper(BS->Stall, 1, 2000000);
+ } else if (secure_mode()) {
+- /*
+- * Install our hooks for ExitBootServices() and StartImage()
+- */
+- hook_system_services(systab);
+- loader_is_participating = 0;
++ if (vendor_cert_size || vendor_dbx_size) {
++ /*
++ * If shim includes its own certificates then ensure
++ * that anything it boots has performed some
++ * validation of the next image.
++ */
++ hook_system_services(systab);
++ loader_is_participating = 0;
++ }
+ }
+
+ /*
+--
+1.9.3
+
diff --git a/SOURCES/0012-Fix-path-generation-for-Dhcpv4-bootloader.patch b/SOURCES/0012-Fix-path-generation-for-Dhcpv4-bootloader.patch
new file mode 100644
index 0000000..9a19d58
--- /dev/null
+++ b/SOURCES/0012-Fix-path-generation-for-Dhcpv4-bootloader.patch
@@ -0,0 +1,124 @@
+From e62b69a5b0b87c6df7a4fc23906134945309e927 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 20 Nov 2013 12:20:23 -0500
+Subject: [PATCH 12/74] Fix path generation for Dhcpv4 bootloader.
+
+Right now we always look for e.g. "\grubx64.efi", which is completely
+wrong. This makes it look for the path shim was loaded from and modify
+that to end in a sanitized version of our default loader name.
+
+Resolves: rhbz#1032583
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ include/str.h | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ netboot.c | 28 +++++++++++++++++++++-------
+ 2 files changed, 66 insertions(+), 7 deletions(-)
+ create mode 100644 include/str.h
+
+diff --git a/include/str.h b/include/str.h
+new file mode 100644
+index 0000000..0f3e003
+--- /dev/null
++++ b/include/str.h
+@@ -0,0 +1,45 @@
++#ifndef SHIM_STR_H
++#define SHIM_STR_H
++
++static inline
++__attribute__((unused))
++unsigned long strnlena(const CHAR8 *s, unsigned long n)
++{
++ unsigned long i;
++ for (i = 0; i <= n; i++)
++ if (s[i] == '\0')
++ break;
++ return i;
++}
++
++static inline
++__attribute__((unused))
++CHAR8 *
++strncpya(CHAR8 *dest, const CHAR8 *src, unsigned long n)
++{
++ unsigned long i;
++
++ for (i = 0; i < n && src[i] != '\0'; i++)
++ dest[i] = src[i];
++ for (; i < n; i++)
++ dest[i] = '\0';
++
++ return dest;
++}
++
++static inline
++__attribute__((unused))
++CHAR8 *
++strcata(CHAR8 *dest, const CHAR8 *src)
++{
++ unsigned long dest_len = strlena(dest);
++ unsigned long i;
++
++ for (i = 0; src[i] != '\0'; i++)
++ dest[dest_len + i] = src[i];
++ dest[dest_len + i] = '\0';
++
++ return dest;
++}
++
++#endif /* SHIM_STR_H */
+diff --git a/netboot.c b/netboot.c
+index a83c82a..1732dc7 100644
+--- a/netboot.c
++++ b/netboot.c
+@@ -38,6 +38,7 @@
+ #include <string.h>
+ #include "shim.h"
+ #include "netboot.h"
++#include "str.h"
+
+ static inline unsigned short int __swap16(unsigned short int x)
+ {
+@@ -305,19 +306,32 @@ static EFI_STATUS parseDhcp6()
+
+ static EFI_STATUS parseDhcp4()
+ {
+- CHAR8 *template = (CHAR8 *)DEFAULT_LOADER_CHAR;
+- full_path = AllocateZeroPool(strlen(template)+1);
++ CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
++ UINTN template_len = strlen(template) + 1;
++
++ UINTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127);
++ UINTN i;
++ UINT8 *dir = pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile;
++
++ for (i = dir_len; i >= 0; i--) {
++ if (dir[i] == '/')
++ break;
++ }
++ dir_len = (i >= 0) ? i + 1 : 0;
++
++ full_path = AllocateZeroPool(dir_len + template_len);
+
+ if (!full_path)
+ return EFI_OUT_OF_RESOURCES;
+
++ if (dir_len > 0) {
++ strncpya(full_path, dir, dir_len);
++ if (full_path[dir_len-1] == '/' && template[0] == '/')
++ full_path[dir_len-1] = '\0';
++ }
++ strcata(full_path, template);
+ memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4);
+
+- memcpy(full_path, template, strlen(template));
+-
+- /* Note we don't capture the filename option here because we know its shim.efi
+- * We instead assume the filename at the end of the path is going to be grubx64.efi
+- */
+ return EFI_SUCCESS;
+ }
+
+--
+1.9.3
+
diff --git a/SOURCES/0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch b/SOURCES/0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch
new file mode 100644
index 0000000..ba79424
--- /dev/null
+++ b/SOURCES/0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch
@@ -0,0 +1,40 @@
+From 27129a5a05d1947e6f7479766e8281d50d6031f6 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 21 Nov 2013 11:26:08 -0500
+Subject: [PATCH 13/74] Lengths that might be -1 can't be unsigned, Peter.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ netboot.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/netboot.c b/netboot.c
+index 1732dc7..07e2773 100644
+--- a/netboot.c
++++ b/netboot.c
+@@ -307,10 +307,10 @@ static EFI_STATUS parseDhcp6()
+ static EFI_STATUS parseDhcp4()
+ {
+ CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
+- UINTN template_len = strlen(template) + 1;
++ INTN template_len = strlen(template) + 1;
+
+- UINTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127);
+- UINTN i;
++ INTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127);
++ INTN i;
+ UINT8 *dir = pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile;
+
+ for (i = dir_len; i >= 0; i--) {
+@@ -329,6 +329,8 @@ static EFI_STATUS parseDhcp4()
+ if (full_path[dir_len-1] == '/' && template[0] == '/')
+ full_path[dir_len-1] = '\0';
+ }
++ if (dir_len == 0 && dir[0] != '/' && template[0] == '/')
++ template++;
+ strcata(full_path, template);
+ memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4);
+
+--
+1.9.3
+
diff --git a/SOURCES/0014-Fix-wrong-sizeof.patch b/SOURCES/0014-Fix-wrong-sizeof.patch
new file mode 100644
index 0000000..cc8bd29
--- /dev/null
+++ b/SOURCES/0014-Fix-wrong-sizeof.patch
@@ -0,0 +1,30 @@
+From af25679e166da9bd32a0ed7fbf67a408dda7f71a Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 15 Nov 2013 09:21:53 -0500
+Subject: [PATCH 14/74] Fix wrong sizeof().
+
+CHAR16* vs CHAR16**, so the result is the same on all platforms.
+
+Detected by coverity.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ lib/shell.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/shell.c b/lib/shell.c
+index 51de4e0..7337834 100644
+--- a/lib/shell.c
++++ b/lib/shell.c
+@@ -35,7 +35,7 @@ argsplit(EFI_HANDLE image, int *argc, CHAR16*** ARGV)
+
+ (*argc)++; /* we counted spaces, so add one for initial */
+
+- *ARGV = AllocatePool(*argc * sizeof(*ARGV));
++ *ARGV = AllocatePool(*argc * sizeof(**ARGV));
+ if (!*ARGV) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0015-Initialize-entries-before-we-pass-it-to-another-func.patch b/SOURCES/0015-Initialize-entries-before-we-pass-it-to-another-func.patch
new file mode 100644
index 0000000..0249be8
--- /dev/null
+++ b/SOURCES/0015-Initialize-entries-before-we-pass-it-to-another-func.patch
@@ -0,0 +1,30 @@
+From 4dbef508ab6359e8ca14df53b83f970bdeec17ba Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 15 Nov 2013 09:24:01 -0500
+Subject: [PATCH 15/74] Initialize entries before we pass it to another
+ function.
+
+Coverity scan noticed that entries is uninitialized when we pass its
+location to another function.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ lib/simple_file.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/simple_file.c b/lib/simple_file.c
+index 3af0ec8..d345d87 100644
+--- a/lib/simple_file.c
++++ b/lib/simple_file.c
+@@ -415,7 +415,7 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
+ CHAR16 *filter, CHAR16 **result)
+ {
+ EFI_STATUS status;
+- CHAR16 **entries;
++ CHAR16 **entries = NULL;
+ EFI_FILE_INFO *dmp;
+ int count, select, len;
+ CHAR16 *newname, *selected;
+--
+1.9.3
+
diff --git a/SOURCES/0016-Rewrite-directory-traversal-allocation-path-so-cover.patch b/SOURCES/0016-Rewrite-directory-traversal-allocation-path-so-cover.patch
new file mode 100644
index 0000000..c373474
--- /dev/null
+++ b/SOURCES/0016-Rewrite-directory-traversal-allocation-path-so-cover.patch
@@ -0,0 +1,63 @@
+From 3a7feeff6cdb3b96a1ef2ccff8c150e2324d50a9 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 15 Nov 2013 09:38:41 -0500
+Subject: [PATCH 16/74] Rewrite directory traversal allocation path so coverity
+ can grok it.
+
+The things we do for our tools. In this case, make the AllocatePool()
+happen outside of a conditional, even though that conditional will
+always bee satisfied. This way coverity won't think we're setting fi
+to NULL and passing it to StrCaseCmp.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ fallback.c | 21 ++++++++++++++-------
+ 1 file changed, 14 insertions(+), 7 deletions(-)
+
+diff --git a/fallback.c b/fallback.c
+index c875144..ba864ee 100644
+--- a/fallback.c
++++ b/fallback.c
+@@ -445,25 +445,32 @@ find_boot_csv(EFI_FILE_HANDLE fh, CHAR16 *dirname)
+ return EFI_SUCCESS;
+ }
+ FreePool(buffer);
++ buffer = NULL;
+
+ bs = 0;
+ do {
+ bs = 0;
+ rc = uefi_call_wrapper(fh->Read, 3, fh, &bs, NULL);
+- if (rc == EFI_BUFFER_TOO_SMALL) {
+- buffer = AllocateZeroPool(bs);
+- if (!buffer) {
+- Print(L"Could not allocate memory\n");
+- return EFI_OUT_OF_RESOURCES;
+- }
++ if (EFI_ERROR(rc) && rc != EFI_BUFFER_TOO_SMALL) {
++ Print(L"Could not read \\EFI\\%s\\: %d\n", dirname, rc);
++ if (buffer)
++ FreePool(buffer);
++ return rc;
++ }
+
+- rc = uefi_call_wrapper(fh->Read, 3, fh, &bs, buffer);
++ buffer = AllocateZeroPool(bs);
++ if (!buffer) {
++ Print(L"Could not allocate memory\n");
++ return EFI_OUT_OF_RESOURCES;
+ }
++
++ rc = uefi_call_wrapper(fh->Read, 3, fh, &bs, buffer);
+ if (EFI_ERROR(rc)) {
+ Print(L"Could not read \\EFI\\%s\\: %d\n", dirname, rc);
+ FreePool(buffer);
+ return rc;
+ }
++
+ if (bs == 0)
+ break;
+
+--
+1.9.3
+
diff --git a/SOURCES/0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch b/SOURCES/0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch
new file mode 100644
index 0000000..4e6ca54
--- /dev/null
+++ b/SOURCES/0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch
@@ -0,0 +1,27 @@
+From 293f28d1fe3921c5348c60948b4dedcef5042d5b Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 15 Nov 2013 10:55:37 -0500
+Subject: [PATCH 17/74] Error check the right thing in get_variable_attr() when
+ allocating.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ lib/variables.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/variables.c b/lib/variables.c
+index 81bd34d..3a9735e 100644
+--- a/lib/variables.c
++++ b/lib/variables.c
+@@ -224,7 +224,7 @@ get_variable_attr(CHAR16 *var, UINT8 **data, UINTN *len, EFI_GUID owner,
+ return efi_status;
+
+ *data = AllocateZeroPool(*len);
+- if (!data)
++ if (!*data)
+ return EFI_OUT_OF_RESOURCES;
+
+ efi_status = uefi_call_wrapper(RT->GetVariable, 5, var, &owner,
+--
+1.9.3
+
diff --git a/SOURCES/0018-fallback-For-HD-device-paths-use-just-the-media-node.patch b/SOURCES/0018-fallback-For-HD-device-paths-use-just-the-media-node.patch
new file mode 100644
index 0000000..dd329ba
--- /dev/null
+++ b/SOURCES/0018-fallback-For-HD-device-paths-use-just-the-media-node.patch
@@ -0,0 +1,219 @@
+From dfd6c73a212f8cf6b32ce74807de9a08a87f0b79 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 31 Jan 2014 10:30:24 -0500
+Subject: [PATCH 18/74] [fallback] For HD() device paths, use just the media
+ node and later.
+
+UEFI 2.x section 3.1.2 provides for "short-form device path", where the
+first element specified is a "hard drive media device path", so that you
+can move a disk around on different buses without invalidating your
+device path. Fallback has not been using this option, though in most
+cases efibootmgr has.
+
+Note that we still keep the full device path, because LoadImage()
+isn't necessarily the layer where HD() works - one some systems BDS is
+responsible for resolving the full path and passes that to LoadImage()
+instead. So we have to do LoadImage() with the full path.
+---
+ fallback.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++---------------
+ 1 file changed, 78 insertions(+), 25 deletions(-)
+
+diff --git a/fallback.c b/fallback.c
+index ba864ee..a12bb74 100644
+--- a/fallback.c
++++ b/fallback.c
+@@ -15,6 +15,27 @@
+ EFI_LOADED_IMAGE *this_image = NULL;
+
+ static EFI_STATUS
++FindSubDevicePath(EFI_DEVICE_PATH *In, UINT8 Type, UINT8 SubType,
++ EFI_DEVICE_PATH **Out)
++{
++ EFI_DEVICE_PATH *dp = In;
++ if (!In || !Out)
++ return EFI_INVALID_PARAMETER;
++
++ for (dp = In; !IsDevicePathEnd(dp); dp = NextDevicePathNode(dp)) {
++ if (DevicePathType(dp) == Type &&
++ DevicePathSubType(dp) == SubType) {
++ *Out = DuplicateDevicePath(dp);
++ if (!*Out)
++ return EFI_OUT_OF_RESOURCES;
++ return EFI_SUCCESS;
++ }
++ }
++ *Out = NULL;
++ return EFI_NOT_FOUND;
++}
++
++static EFI_STATUS
+ get_file_size(EFI_FILE_HANDLE fh, UINTN *retsize)
+ {
+ EFI_STATUS rc;
+@@ -93,7 +114,9 @@ make_full_path(CHAR16 *dirname, CHAR16 *filename, CHAR16 **out, UINT64 *outlen)
+ {
+ UINT64 len;
+
+- len = StrLen(dirname) + StrLen(filename) + StrLen(L"\\EFI\\\\") + 2;
++ len = StrLen(L"\\EFI\\") + StrLen(dirname)
++ + StrLen(L"\\") + StrLen(filename)
++ + 2;
+
+ CHAR16 *fullpath = AllocateZeroPool(len*sizeof(CHAR16));
+ if (!fullpath) {
+@@ -119,7 +142,8 @@ VOID *first_new_option_args = NULL;
+ UINTN first_new_option_size = 0;
+
+ EFI_STATUS
+-add_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, CHAR16 *arguments)
++add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp,
++ CHAR16 *filename, CHAR16 *label, CHAR16 *arguments)
+ {
+ static int i = 0;
+ CHAR16 varname[] = L"Boot0000";
+@@ -136,24 +160,31 @@ add_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, CHAR16 *ar
+ void *var = LibGetVariable(varname, &global);
+ if (!var) {
+ int size = sizeof(UINT32) + sizeof (UINT16) +
+- StrLen(label)*2 + 2 + DevicePathSize(dp) +
+- StrLen(arguments) * 2 + 2;
++ StrLen(label)*2 + 2 + DevicePathSize(hddp) +
++ StrLen(arguments) * 2;
+
+ CHAR8 *data = AllocateZeroPool(size);
+ CHAR8 *cursor = data;
+ *(UINT32 *)cursor = LOAD_OPTION_ACTIVE;
+ cursor += sizeof (UINT32);
+- *(UINT16 *)cursor = DevicePathSize(dp);
++ *(UINT16 *)cursor = DevicePathSize(hddp);
+ cursor += sizeof (UINT16);
+ StrCpy((CHAR16 *)cursor, label);
+ cursor += StrLen(label)*2 + 2;
+- CopyMem(cursor, dp, DevicePathSize(dp));
+- cursor += DevicePathSize(dp);
++ CopyMem(cursor, hddp, DevicePathSize(hddp));
++ cursor += DevicePathSize(hddp);
+ StrCpy((CHAR16 *)cursor, arguments);
+
+ Print(L"Creating boot entry \"%s\" with label \"%s\" "
+ L"for file \"%s\"\n",
+ varname, label, filename);
++
++ if (!first_new_option) {
++ first_new_option = DuplicateDevicePath(fulldp);
++ first_new_option_args = arguments;
++ first_new_option_size = StrLen(arguments) * sizeof (CHAR16);
++ }
++
+ rc = uefi_call_wrapper(RT->SetVariable, 5, varname,
+ &global, EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+@@ -254,7 +285,10 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 *
+ if (EFI_ERROR(rc))
+ return rc;
+
+- EFI_DEVICE_PATH *dph = NULL, *dpf = NULL, *dp = NULL;
++ EFI_DEVICE_PATH *dph = NULL;
++ EFI_DEVICE_PATH *file = NULL;
++ EFI_DEVICE_PATH *full_device_path = NULL;
++ EFI_DEVICE_PATH *dp = NULL;
+
+ dph = DevicePathFromHandle(this_image->DeviceHandle);
+ if (!dph) {
+@@ -262,19 +296,31 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 *
+ goto err;
+ }
+
+- dpf = FileDevicePath(fh, fullpath);
+- if (!dpf) {
++ file = FileDevicePath(fh, fullpath);
++ if (!file) {
+ rc = EFI_OUT_OF_RESOURCES;
+ goto err;
+ }
+
+- dp = AppendDevicePath(dph, dpf);
+- if (!dp) {
++ full_device_path = AppendDevicePath(dph, file);
++ if (!full_device_path) {
+ rc = EFI_OUT_OF_RESOURCES;
+ goto err;
+ }
+
++ rc = FindSubDevicePath(full_device_path,
++ MEDIA_DEVICE_PATH, MEDIA_HARDDRIVE_DP, &dp);
++ if (EFI_ERROR(rc)) {
++ if (rc == EFI_NOT_FOUND) {
++ dp = full_device_path;
++ } else {
++ rc = EFI_OUT_OF_RESOURCES;
++ goto err;
++ }
++ }
++
+ #ifdef DEBUG_FALLBACK
++ {
+ UINTN s = DevicePathSize(dp);
+ int i;
+ UINT8 *dpv = (void *)dp;
+@@ -287,20 +333,16 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 *
+
+ CHAR16 *dps = DevicePathToStr(dp);
+ Print(L"device path: \"%s\"\n", dps);
+-#endif
+- if (!first_new_option) {
+- CHAR16 *dps = DevicePathToStr(dp);
+- Print(L"device path: \"%s\"\n", dps);
+- first_new_option = DuplicateDevicePath(dp);
+- first_new_option_args = arguments;
+- first_new_option_size = StrLen(arguments) * sizeof (CHAR16);
+ }
++#endif
+
+- add_boot_option(dp, fullpath, label, arguments);
++ add_boot_option(dp, full_device_path, fullpath, label, arguments);
+
+ err:
+- if (dpf)
+- FreePool(dpf);
++ if (file)
++ FreePool(file);
++ if (full_device_path)
++ FreePool(full_device_path);
+ if (dp)
+ FreePool(dp);
+ if (fullpath)
+@@ -629,8 +671,19 @@ try_start_first_option(EFI_HANDLE parent_image_handle)
+ first_new_option, NULL, 0,
+ &image_handle);
+ if (EFI_ERROR(rc)) {
+- Print(L"LoadImage failed: %d\n", rc);
+- uefi_call_wrapper(BS->Stall, 1, 2000000);
++ CHAR16 *dps = DevicePathToStr(first_new_option);
++ UINTN s = DevicePathSize(first_new_option);
++ int i;
++ UINT8 *dpv = (void *)first_new_option;
++ Print(L"LoadImage failed: %d\nDevice path: \"%s\"\n", rc, dps);
++ for (i = 0; i < s; i++) {
++ if (i > 0 && i % 16 == 0)
++ Print(L"\n");
++ Print(L"%02x ", dpv[i]);
++ }
++ Print(L"\n");
++
++ uefi_call_wrapper(BS->Stall, 1, 500000000);
+ return rc;
+ }
+
+@@ -644,7 +697,7 @@ try_start_first_option(EFI_HANDLE parent_image_handle)
+ rc = uefi_call_wrapper(BS->StartImage, 3, image_handle, NULL, NULL);
+ if (EFI_ERROR(rc)) {
+ Print(L"StartImage failed: %d\n", rc);
+- uefi_call_wrapper(BS->Stall, 1, 2000000);
++ uefi_call_wrapper(BS->Stall, 1, 500000000);
+ }
+ return rc;
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch b/SOURCES/0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch
new file mode 100644
index 0000000..6828caf
--- /dev/null
+++ b/SOURCES/0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch
@@ -0,0 +1,147 @@
+From 894a2738d6c843a7b51245fb92bb2f835901e613 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 31 Jan 2014 10:31:10 -0500
+Subject: [PATCH 19/74] [fallback] Attempt to re-use existing entries when
+ possible.
+
+Some firmwares seem to ignore our boot entries and put their fallback
+entries back on top. Right now that results in a lot of boot entries
+for our stuff, a la https://bugzilla.redhat.com/show_bug.cgi?id=995834 .
+
+Instead of that happening, if we simply find existing entries that match
+the entry we would create and move them to the top of the boot order,
+the machine will continue to operate in failure mode (which we can't
+avoid), but at least we won't create thousands of extra entries.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ fallback.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 98 insertions(+), 1 deletion(-)
+
+diff --git a/fallback.c b/fallback.c
+index a12bb74..44638ec 100644
+--- a/fallback.c
++++ b/fallback.c
+@@ -226,6 +226,85 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp,
+ }
+
+ EFI_STATUS
++find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label,
++ CHAR16 *arguments, UINT16 *optnum)
++{
++ int size = sizeof(UINT32) + sizeof (UINT16) +
++ StrLen(label)*2 + 2 + DevicePathSize(dp) +
++ StrLen(arguments) * 2 + 2;
++
++ CHAR8 *data = AllocateZeroPool(size);
++ if (!data)
++ return EFI_OUT_OF_RESOURCES;
++ CHAR8 *cursor = data;
++ *(UINT32 *)cursor = LOAD_OPTION_ACTIVE;
++ cursor += sizeof (UINT32);
++ *(UINT16 *)cursor = DevicePathSize(dp);
++ cursor += sizeof (UINT16);
++ StrCpy((CHAR16 *)cursor, label);
++ cursor += StrLen(label)*2 + 2;
++ CopyMem(cursor, dp, DevicePathSize(dp));
++ cursor += DevicePathSize(dp);
++ StrCpy((CHAR16 *)cursor, arguments);
++
++ int i = 0;
++ CHAR16 varname[] = L"Boot0000";
++ CHAR16 hexmap[] = L"0123456789ABCDEF";
++ EFI_GUID global = EFI_GLOBAL_VARIABLE;
++ EFI_STATUS rc;
++
++ CHAR8 *candidate = AllocateZeroPool(size);
++ if (!candidate) {
++ FreePool(data);
++ return EFI_OUT_OF_RESOURCES;
++ }
++
++ for(i = 0; i < nbootorder && i < 0x10000; i++) {
++ varname[4] = hexmap[(bootorder[i] & 0xf000) >> 12];
++ varname[5] = hexmap[(bootorder[i] & 0x0f00) >> 8];
++ varname[6] = hexmap[(bootorder[i] & 0x00f0) >> 4];
++ varname[7] = hexmap[(bootorder[i] & 0x000f) >> 0];
++
++ UINTN candidate_size = size;
++ rc = uefi_call_wrapper(RT->GetVariable, 5, varname, &global,
++ NULL, &candidate_size, candidate);
++ if (EFI_ERROR(rc))
++ continue;
++
++ if (candidate_size != size)
++ continue;
++
++ if (CompareMem(candidate, data, size))
++ continue;
++
++ /* at this point, we have duplicate data. */
++ *optnum = i;
++ FreePool(candidate);
++ FreePool(data);
++ return EFI_SUCCESS;
++ }
++ FreePool(candidate);
++ FreePool(data);
++ return EFI_NOT_FOUND;
++}
++
++EFI_STATUS
++set_boot_order(void)
++{
++ CHAR16 *oldbootorder;
++ UINTN size;
++ EFI_GUID global = EFI_GLOBAL_VARIABLE;
++
++ oldbootorder = LibGetVariableAndSize(L"BootOrder", &global, &size);
++ if (oldbootorder) {
++ nbootorder = size / sizeof (CHAR16);
++ bootorder = oldbootorder;
++ }
++ return EFI_SUCCESS;
++
++}
++
++EFI_STATUS
+ update_boot_order(void)
+ {
+ CHAR16 *oldbootorder;
+@@ -336,7 +415,23 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 *
+ }
+ #endif
+
+- add_boot_option(dp, full_device_path, fullpath, label, arguments);
++ UINT16 option;
++ rc = find_boot_option(dp, fullpath, label, arguments, &option);
++ if (EFI_ERROR(rc)) {
++ add_boot_option(dp, full_device_path, fullpath, label, arguments);
++ } else if (option != 0) {
++ CHAR16 *newbootorder;
++ newbootorder = AllocateZeroPool(sizeof (CHAR16) * nbootorder);
++ if (!newbootorder)
++ return EFI_OUT_OF_RESOURCES;
++
++ newbootorder[0] = bootorder[option];
++ CopyMem(newbootorder + 1, bootorder, sizeof (CHAR16) * option);
++ CopyMem(newbootorder + option + 1, bootorder + option + 1,
++ sizeof (CHAR16) * (nbootorder - option - 1));
++ FreePool(bootorder);
++ bootorder = newbootorder;
++ }
+
+ err:
+ if (file)
+@@ -717,6 +812,8 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
+
+ Print(L"System BootOrder not found. Initializing defaults.\n");
+
++ set_boot_order();
++
+ rc = find_boot_options(this_image->DeviceHandle);
+ if (EFI_ERROR(rc)) {
+ Print(L"Error: could not find boot options: %d\n", rc);
+--
+1.9.3
+
diff --git a/SOURCES/0020-Add-a-preliminary-test-plan.patch b/SOURCES/0020-Add-a-preliminary-test-plan.patch
new file mode 100644
index 0000000..b1c5da4
--- /dev/null
+++ b/SOURCES/0020-Add-a-preliminary-test-plan.patch
@@ -0,0 +1,104 @@
+From ac356a0e7723662d0a83ca3991088ce346495772 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 14 Feb 2014 14:06:45 -0500
+Subject: [PATCH 20/74] Add a preliminary test plan.
+
+Because you know you wanted a test plan. You feel it deeply inside.
+
+Note that none of the /negative/ cases are tested yet.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ testplan.txt | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 80 insertions(+)
+ create mode 100644 testplan.txt
+
+diff --git a/testplan.txt b/testplan.txt
+new file mode 100644
+index 0000000..118dfcd
+--- /dev/null
++++ b/testplan.txt
+@@ -0,0 +1,80 @@
++How to test a new shim build for RHEL/fedora:
++
++1) build pesign-test-app, and sign it with the appropriate key
++2) build shim with the appropriate key built in
++3) install pesign-test-app and shim-unsigned on the test machine
++4) make a lockdown.efi for "Red Hat Test Certificate" and put it in \EFI\test
++ mkdir /boot/efi/EFI/test/
++ wget http://pjones.fedorapeople.org/shim/LockDown-rhtest.efi
++ mv LockDown-rhtest.efi /boot/efi/EFI/test/lockdown.efi
++5) sign shim with RHTC and put it in \EFI\test:
++ pesign -i /usr/share/shim/shim.efi -o /boot/efi/EFI/test/shim.efi \
++ -s -c "Red Hat Test Certificate"
++6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi
++ cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \
++ /boot/efi/EFI/test/test.efi
++7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\:
++ pesign -i /boot/efi/EFI/redhat/grubx64.efi -o grubx64-unsigned.efi \
++ -r -u 0
++ pesign -i grubx64-unsigned.efi -o /boot/efi/EFI/test/grub.efi \
++ -s -c "Red Hat Test Certificate"
++8) sign a copy of mokmanager with RHTC and put it in \EFI\test:
++ pesign -i /usr/share/shim/MokManager.efi \
++ -o /boot/efi/EFI/test/MokManager.efi -s \
++ -c "Red Hat Test Certificate"
++9) copy grub.cfg to our test directory:
++ cp /boot/efi/EFI/redhat/grub.cfg /boot/efi/EFI/test/grub.cfg
++10) *move* \EFI\redhat\BOOT.CSV to \EFI\test
++ mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV
++11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi
++ rm -rf /boot/efi/EFI/BOOT/
++ mkdir /boot/efi/EFI/BOOT/
++ pesign -i /usr/share/shim/fallback.efi \
++ -o /boot/efi/EFI/BOOT/fallback.efi \
++ -s -c "Red Hat Test Certificate"
++12) put shim.efi there as well
++ cp /boot/efi/EFI/test/shim.efi /boot/efi/EFI/BOOT/BOOTX64.EFI
++13) enroll the current kernel's certificate with mokutil:
++ mokutil --import ~/redhatsecurebootca2.cer
++14) put machine in setup mode
++15) boot to the UEFI shell
++16) run lockdown.efi from #4:
++ fs0:\EFI\test\lockdown.efi
++17) enable secure boot verification
++18) verify it can't run other binaries:
++ fs0:\EFI\redhat\grubx64.efi
++ result should be an error, probably similar to:
++ "fs0:\...\grubx64.efi is not recognized as an internal or external command"
++19) copy test.efi to grubx64.efi:
++ cp \EFI\test\test.efi \EFI\test\grubx64.efi
++20) in the EFI shell, run fs0:\EFI\test\shim.efi
++21) you should see MokManager. Enroll the certificate you added in #13, and
++ the system will reboot.
++22) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi
++ result: "This is a test application that should be completely safe."
++ If you get the expected result, shim can run things signed by its internal
++ key ring. Check a box someplace that says it can do that.
++23) from the EFI shell, copy grub to grubx64.efi:
++ cp \EFI\test\grubx.efi \EFI\test\grubx64.efi
++24) in the EFI shell, run fs0:\EFI\test\shim.efi
++ result: this should start grub, which will let you boot a kernel
++ If grub starts, it means shim can run things signed by a key in the system's
++ db. Check a box someplace that says it can do that.
++ If the kernel boots, it means shim can run things from Mok. Check a box
++ someplace that says it can do that.
++25) remove all boot entries and the BootOrder variable:
++ [root@uefi ~]# cd /sys/firmware/efi/efivars/
++ [root@uefi efivars]# rm -vf Boot[0123456789]* BootOrder-*
++ removed ‘Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c’
++ removed ‘Boot0001-8be4df61-93ca-11d2-aa0d-00e098032b8c’
++ removed ‘Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c’
++ removed ‘Boot2001-8be4df61-93ca-11d2-aa0d-00e098032b8c’
++ removed ‘BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c’
++ [root@uefi efivars]#
++27) reboot
++28) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just
++ have an old machine. In that case, go to the EFI shell and run:
++ fs0:\EFI\BOOT\BOOTX64.EFI
++ If this works, you should see a bit of output very quickly and then the same
++ thing as #24. This means shim recognized it was in \EFI\BOOT and ran
++ fallback.efi, which worked.
+--
+1.9.3
+
diff --git a/SOURCES/0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch b/SOURCES/0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch
new file mode 100644
index 0000000..a4cdb0d
--- /dev/null
+++ b/SOURCES/0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch
@@ -0,0 +1,71 @@
+From a0bb7822bc0745cba1af1c119fb9f7a0e5ec828c Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 14 Feb 2014 14:44:31 -0500
+Subject: [PATCH 21/74] Add a failure case to the test plan and fix an ordering
+ error.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ testplan.txt | 27 +++++++++++++++++----------
+ 1 file changed, 17 insertions(+), 10 deletions(-)
+
+diff --git a/testplan.txt b/testplan.txt
+index 118dfcd..2fbf238 100644
+--- a/testplan.txt
++++ b/testplan.txt
+@@ -12,23 +12,26 @@ How to test a new shim build for RHEL/fedora:
+ -s -c "Red Hat Test Certificate"
+ 6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi
+ cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \
+- /boot/efi/EFI/test/test.efi
+-7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\:
+- pesign -i /boot/efi/EFI/redhat/grubx64.efi -o grubx64-unsigned.efi \
+- -r -u 0
+- pesign -i grubx64-unsigned.efi -o /boot/efi/EFI/test/grub.efi \
+- -s -c "Red Hat Test Certificate"
++ /boot/efi/EFI/test/test.efi
++7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\ . Also
++ leave an unsigned copy there:
++ pesign -i /boot/efi/EFI/redhat/grubx64.efi \
++ -o /boot/efi/EFI/test/grubx64-unsigned.efi \
++ -r -u 0
++ pesign -i /boot/efi/EFI/test/grubx64-unsigned.efi \
++ -o /boot/efi/EFI/test/grub.efi \
++ -s -c "Red Hat Test Certificate"
+ 8) sign a copy of mokmanager with RHTC and put it in \EFI\test:
+ pesign -i /usr/share/shim/MokManager.efi \
+- -o /boot/efi/EFI/test/MokManager.efi -s \
++ -o /boot/efi/EFI/test/MokManager.efi -s \
+ -c "Red Hat Test Certificate"
+ 9) copy grub.cfg to our test directory:
+ cp /boot/efi/EFI/redhat/grub.cfg /boot/efi/EFI/test/grub.cfg
+ 10) *move* \EFI\redhat\BOOT.CSV to \EFI\test
+- mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV
+-11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi
+ rm -rf /boot/efi/EFI/BOOT/
+ mkdir /boot/efi/EFI/BOOT/
++ mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV
++11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi
+ pesign -i /usr/share/shim/fallback.efi \
+ -o /boot/efi/EFI/BOOT/fallback.efi \
+ -s -c "Red Hat Test Certificate"
+@@ -55,7 +58,7 @@ How to test a new shim build for RHEL/fedora:
+ If you get the expected result, shim can run things signed by its internal
+ key ring. Check a box someplace that says it can do that.
+ 23) from the EFI shell, copy grub to grubx64.efi:
+- cp \EFI\test\grubx.efi \EFI\test\grubx64.efi
++ cp \EFI\test\grub.efi \EFI\test\grubx64.efi
+ 24) in the EFI shell, run fs0:\EFI\test\shim.efi
+ result: this should start grub, which will let you boot a kernel
+ If grub starts, it means shim can run things signed by a key in the system's
+@@ -78,3 +81,7 @@ How to test a new shim build for RHEL/fedora:
+ If this works, you should see a bit of output very quickly and then the same
+ thing as #24. This means shim recognized it was in \EFI\BOOT and ran
+ fallback.efi, which worked.
++29) copy the unsigned grub into place and reboot:
++ cp /boot/efi/EFI/test/grubx64-unsigned.efi /boot/efi/EFI/test/grubx64.efi
++30) reboot again.
++ result: shim should refuse to load grub.
+--
+1.9.3
+
diff --git a/SOURCES/0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch b/SOURCES/0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch
new file mode 100644
index 0000000..c92e451
--- /dev/null
+++ b/SOURCES/0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch
@@ -0,0 +1,250 @@
+From 06495f692fa748a553ffbde8bfae2974d8c791c0 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 14 Feb 2014 15:38:25 -0500
+Subject: [PATCH 22/74] Allow fallback to use the system's LoadImage/StartImage
+ .
+
+Track use of the system's LoadImage(), and when the next StartImage()
+call is for an image the system verified, allow that to count as
+participating, since it has been verified by the system's db.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ replacements.c | 68 +++++++++++++++++++++++++++++++++++++++++++++-
+ replacements.h | 3 +++
+ shim.c | 85 +++++++++++++++++++++++++++++++++++-----------------------
+ 3 files changed, 121 insertions(+), 35 deletions(-)
+
+diff --git a/replacements.c b/replacements.c
+index 5ea5c32..48dc437 100644
+--- a/replacements.c
++++ b/replacements.c
+@@ -60,26 +60,82 @@
+
+ static EFI_SYSTEM_TABLE *systab;
+
++static typeof(systab->BootServices->LoadImage) system_load_image;
+ static typeof(systab->BootServices->StartImage) system_start_image;
+ static typeof(systab->BootServices->Exit) system_exit;
+ static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services;
+
++static EFI_HANDLE last_loaded_image;
++
+ void
+ unhook_system_services(void)
+ {
+ systab->BootServices->Exit = system_exit;
++ systab->BootServices->LoadImage = system_load_image;
+ systab->BootServices->StartImage = system_start_image;
+ systab->BootServices->ExitBootServices = system_exit_boot_services;
+ }
+
+ static EFI_STATUS EFIAPI
++load_image(BOOLEAN BootPolicy, EFI_HANDLE ParentImageHandle,
++ EFI_DEVICE_PATH *DevicePath, VOID *SourceBuffer,
++ UINTN SourceSize, EFI_HANDLE *ImageHandle)
++{
++ EFI_STATUS status;
++ unhook_system_services();
++
++ status = systab->BootServices->LoadImage(BootPolicy,
++ ParentImageHandle, DevicePath,
++ SourceBuffer, SourceSize, ImageHandle);
++ hook_system_services(systab);
++ if (EFI_ERROR(status))
++ last_loaded_image = NULL;
++ else
++ last_loaded_image = *ImageHandle;
++ return status;
++}
++
++static EFI_STATUS EFIAPI
+ start_image(EFI_HANDLE image_handle, UINTN *exit_data_size, CHAR16 **exit_data)
+ {
+ EFI_STATUS status;
+ unhook_system_services();
++
++ /* We have to uninstall shim's protocol here, because if we're
++ * On the fallback.efi path, then our call pathway is:
++ *
++ * shim->fallback->shim->grub
++ * ^ ^ ^
++ * | | \- gets protocol #0
++ * | \- installs its protocol (#1)
++ * \- installs its protocol (#0)
++ * and if we haven't removed this, then grub will get the *first*
++ * shim's protocol, but it'll get the second shim's systab
++ * replacements. So even though it will participate and verify
++ * the kernel, the systab never finds out.
++ */
++ if (image_handle == last_loaded_image) {
++ loader_is_participating = 1;
++ uninstall_shim_protocols();
++ }
+ status = systab->BootServices->StartImage(image_handle, exit_data_size, exit_data);
+- if (EFI_ERROR(status))
++ if (EFI_ERROR(status)) {
++ if (image_handle == last_loaded_image) {
++ EFI_STATUS status2 = install_shim_protocols();
++
++ if (EFI_ERROR(status2)) {
++ Print(L"Something has gone seriously wrong: %d\n",
++ status2);
++ Print(L"shim cannot continue, sorry.\n");
++ systab->BootServices->Stall(5000000);
++ systab->RuntimeServices->ResetSystem(
++ EfiResetShutdown,
++ EFI_SECURITY_VIOLATION, 0, NULL);
++ }
++ }
+ hook_system_services(systab);
++ loader_is_participating = 0;
++ }
+ return status;
+ }
+
+@@ -123,6 +179,16 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab)
+
+ /* We need to hook various calls to make this work... */
+
++ /* We need LoadImage() hooked so that fallback.c can load shim
++ * without having to fake LoadImage as well. This allows it
++ * to call the system LoadImage(), and have us track the output
++ * and mark loader_is_participating in start_image. This means
++ * anything added by fallback has to be verified by the system db,
++ * which we want to preserve anyway, since that's all launching
++ * through BDS gives us. */
++ system_load_image = systab->BootServices->LoadImage;
++ systab->BootServices->LoadImage = load_image;
++
+ /* we need StartImage() so that we can allow chain booting to an
+ * image trusted by the firmware */
+ system_start_image = systab->BootServices->StartImage;
+diff --git a/replacements.h b/replacements.h
+index 5b57bc2..bd09424 100644
+--- a/replacements.h
++++ b/replacements.h
+@@ -41,4 +41,7 @@ extern int loader_is_participating;
+ extern void hook_system_services(EFI_SYSTEM_TABLE *local_systab);
+ extern void unhook_system_services(void);
+
++extern EFI_STATUS install_shim_protocols(void);
++extern void uninstall_shim_protocols(void);
++
+ #endif /* SHIM_REPLACEMENTS_H */
+diff --git a/shim.c b/shim.c
+index cf93d65..0e18d38 100644
+--- a/shim.c
++++ b/shim.c
+@@ -1707,11 +1707,56 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
+ return EFI_SUCCESS;
+ }
+
+-EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
++static SHIM_LOCK shim_lock_interface;
++static EFI_HANDLE shim_lock_handle;
++
++EFI_STATUS
++install_shim_protocols(void)
++{
++ EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
++ EFI_STATUS efi_status;
++ /*
++ * Install the protocol
++ */
++ efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4,
++ &shim_lock_handle, &shim_lock_guid,
++ EFI_NATIVE_INTERFACE, &shim_lock_interface);
++ if (EFI_ERROR(efi_status)) {
++ console_error(L"Could not install security protocol",
++ efi_status);
++ return efi_status;
++ }
++
++#if defined(OVERRIDE_SECURITY_POLICY)
++ /*
++ * Install the security protocol hook
++ */
++ security_policy_install(shim_verify);
++#endif
++
++ return EFI_SUCCESS;
++}
++
++void
++uninstall_shim_protocols(void)
+ {
+ EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
+- static SHIM_LOCK shim_lock_interface;
+- EFI_HANDLE handle = NULL;
++#if defined(OVERRIDE_SECURITY_POLICY)
++ /*
++ * Clean up the security protocol hook
++ */
++ security_policy_uninstall();
++#endif
++
++ /*
++ * If we're back here then clean everything up before exiting
++ */
++ uefi_call_wrapper(BS->UninstallProtocolInterface, 3, shim_lock_handle,
++ &shim_lock_guid, &shim_lock_interface);
++}
++
++EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
++{
+ EFI_STATUS efi_status;
+
+ verification_method = VERIFIED_BY_NOTHING;
+@@ -1768,24 +1813,9 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
+ }
+ }
+
+- /*
+- * Install the protocol
+- */
+- efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4,
+- &handle, &shim_lock_guid, EFI_NATIVE_INTERFACE,
+- &shim_lock_interface);
+- if (EFI_ERROR(efi_status)) {
+- console_error(L"Could not install security protocol",
+- efi_status);
++ efi_status = install_shim_protocols();
++ if (EFI_ERROR(efi_status))
+ return efi_status;
+- }
+-
+-#if defined(OVERRIDE_SECURITY_POLICY)
+- /*
+- * Install the security protocol hook
+- */
+- security_policy_install(shim_verify);
+-#endif
+
+ /*
+ * Enter MokManager if necessary
+@@ -1810,20 +1840,7 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
+
+ efi_status = init_grub(image_handle);
+
+-#if defined(OVERRIDE_SECURITY_POLICY)
+- /*
+- * Clean up the security protocol hook
+- */
+- security_policy_uninstall();
+-#endif
+-
+- /*
+- * If we're back here then clean everything up before exiting
+- */
+- uefi_call_wrapper(BS->UninstallProtocolInterface, 3, handle,
+- &shim_lock_guid, &shim_lock_interface);
+-
+-
++ uninstall_shim_protocols();
+ /*
+ * Remove our hooks from system services.
+ */
+--
+1.9.3
+
diff --git a/SOURCES/0023-additional-bounds-checking-on-section-sizes.patch b/SOURCES/0023-additional-bounds-checking-on-section-sizes.patch
new file mode 100644
index 0000000..da3bb7d
--- /dev/null
+++ b/SOURCES/0023-additional-bounds-checking-on-section-sizes.patch
@@ -0,0 +1,295 @@
+From 5495694c043de510aaf8ff5dcbe17b6547794083 Mon Sep 17 00:00:00 2001
+From: Kees Cook <kees@outflux.net>
+Date: Mon, 3 Dec 2012 15:52:48 -0800
+Subject: [PATCH 23/74] additional bounds-checking on section sizes
+
+This adds additional bounds-checking on the section sizes. Also adds
+-Wsign-compare to the Makefile and replaces some signed variables with
+unsigned counteparts for robustness.
+
+Signed-off-by: Kees Cook <kees@ubuntu.com>
+---
+ Makefile | 3 ++-
+ MokManager.c | 6 ++---
+ PasswordCrypt.c | 4 +--
+ fallback.c | 4 +--
+ shim.c | 83 +++++++++++++++++++++++++++++++++++++++------------------
+ 5 files changed, 66 insertions(+), 34 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index e65d28d..46e5ef9 100644
+--- a/Makefile
++++ b/Makefile
+@@ -16,7 +16,8 @@ EFI_LDS = elf_$(ARCH)_efi.lds
+
+ DEFAULT_LOADER := \\\\grub.efi
+ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
+- -fshort-wchar -Wall -Werror -mno-red-zone -maccumulate-outgoing-args \
++ -fshort-wchar -Wall -Wsign-compare -Werror \
++ -mno-red-zone -maccumulate-outgoing-args \
+ -mno-mmx -mno-sse -fno-builtin \
+ "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
+ "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
+diff --git a/MokManager.c b/MokManager.c
+index f5ed379..3da61f4 100644
+--- a/MokManager.c
++++ b/MokManager.c
+@@ -440,7 +440,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title)
+ MokListNode *keys = NULL;
+ INTN key_num = 0;
+ CHAR16 **menu_strings;
+- int i;
++ unsigned int i;
+
+ if (KeyListSize < (sizeof(EFI_SIGNATURE_LIST) +
+ sizeof(EFI_SIGNATURE_DATA))) {
+@@ -491,7 +491,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title)
+ static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show)
+ {
+ EFI_INPUT_KEY key;
+- int count = 0;
++ unsigned int count = 0;
+
+ do {
+ key = console_get_keystroke();
+@@ -640,7 +640,7 @@ static EFI_STATUS match_password (PASSWORD_CRYPT *pw_crypt,
+ CHAR16 password[PASSWORD_MAX];
+ UINT32 pw_length;
+ UINT8 fail_count = 0;
+- int i;
++ unsigned int i;
+
+ if (pw_crypt) {
+ auth_hash = pw_crypt->hash;
+diff --git a/PasswordCrypt.c b/PasswordCrypt.c
+index 8d72a82..e0a82cf 100644
+--- a/PasswordCrypt.c
++++ b/PasswordCrypt.c
+@@ -154,7 +154,7 @@ static EFI_STATUS sha256_crypt (const char *key, UINT32 key_len,
+ CopyMem(cp, tmp_result, cnt);
+
+ SHA256_Init(&alt_ctx);
+- for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt)
++ for (cnt = 0; cnt < 16ul + alt_result[0]; ++cnt)
+ SHA256_Update(&alt_ctx, salt, salt_size);
+ SHA256_Final(tmp_result, &alt_ctx);
+
+@@ -242,7 +242,7 @@ static EFI_STATUS sha512_crypt (const char *key, UINT32 key_len,
+ CopyMem(cp, tmp_result, cnt);
+
+ SHA512_Init(&alt_ctx);
+- for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt)
++ for (cnt = 0; cnt < 16ul + alt_result[0]; ++cnt)
+ SHA512_Update(&alt_ctx, salt, salt_size);
+ SHA512_Final(tmp_result, &alt_ctx);
+
+diff --git a/fallback.c b/fallback.c
+index 44638ec..bc9a3c9 100644
+--- a/fallback.c
++++ b/fallback.c
+@@ -229,7 +229,7 @@ EFI_STATUS
+ find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label,
+ CHAR16 *arguments, UINT16 *optnum)
+ {
+- int size = sizeof(UINT32) + sizeof (UINT16) +
++ unsigned int size = sizeof(UINT32) + sizeof (UINT16) +
+ StrLen(label)*2 + 2 + DevicePathSize(dp) +
+ StrLen(arguments) * 2 + 2;
+
+@@ -768,7 +768,7 @@ try_start_first_option(EFI_HANDLE parent_image_handle)
+ if (EFI_ERROR(rc)) {
+ CHAR16 *dps = DevicePathToStr(first_new_option);
+ UINTN s = DevicePathSize(first_new_option);
+- int i;
++ unsigned int i;
+ UINT8 *dpv = (void *)first_new_option;
+ Print(L"LoadImage failed: %d\nDevice path: \"%s\"\n", rc, dps);
+ for (i = 0; i < s; i++) {
+diff --git a/shim.c b/shim.c
+index 0e18d38..8c583a4 100644
+--- a/shim.c
++++ b/shim.c
+@@ -102,7 +102,7 @@ typedef struct {
+ /*
+ * Perform basic bounds checking of the intra-image pointers
+ */
+-static void *ImageAddress (void *image, int size, unsigned int address)
++static void *ImageAddress (void *image, unsigned int size, unsigned int address)
+ {
+ if (address > size)
+ return NULL;
+@@ -494,18 +494,19 @@ static BOOLEAN secure_mode (void)
+ * Calculate the SHA1 and SHA256 hashes of a binary
+ */
+
+-static EFI_STATUS generate_hash (char *data, int datasize,
++static EFI_STATUS generate_hash (char *data, int datasize_in,
+ PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ UINT8 *sha256hash, UINT8 *sha1hash)
+
+ {
+ unsigned int sha256ctxsize, sha1ctxsize;
+- unsigned int size = datasize;
++ unsigned int size = datasize_in;
+ void *sha256ctx = NULL, *sha1ctx = NULL;
+ char *hashbase;
+ unsigned int hashsize;
+ unsigned int SumOfBytesHashed, SumOfSectionBytes;
+ unsigned int index, pos;
++ unsigned int datasize;
+ EFI_IMAGE_SECTION_HEADER *Section;
+ EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL;
+ EFI_IMAGE_SECTION_HEADER *SectionCache;
+@@ -517,6 +518,12 @@ static EFI_STATUS generate_hash (char *data, int datasize,
+ sha1ctxsize = Sha1GetContextSize();
+ sha1ctx = AllocatePool(sha1ctxsize);
+
++ if (datasize_in < 0) {
++ Print(L"Invalid data size\n");
++ return EFI_INVALID_PARAMETER;
++ }
++ size = datasize = (unsigned int)datasize_in;
++
+ if (!sha256ctx || !sha1ctx) {
+ Print(L"Unable to allocate memory for hash context\n");
+ return EFI_OUT_OF_RESOURCES;
+@@ -577,22 +584,29 @@ static EFI_STATUS generate_hash (char *data, int datasize,
+ SumOfBytesHashed = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders;
+ #endif
+
+- Section = (EFI_IMAGE_SECTION_HEADER *) (
+- (char *)context->PEHdr + sizeof (UINT32) +
+- sizeof (EFI_IMAGE_FILE_HEADER) +
+- context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader
+- );
+-
+- SectionCache = Section;
+-
++ /* Validate section locations and sizes */
+ for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++, SectionCache++) {
+- SumOfSectionBytes += SectionCache->SizeOfRawData;
+- }
+-
+- if (SumOfSectionBytes >= datasize) {
+- Print(L"Malformed binary: %x %x\n", SumOfSectionBytes, size);
+- status = EFI_INVALID_PARAMETER;
+- goto done;
++ EFI_IMAGE_SECTION_HEADER *SectionPtr;
++
++ /* Validate SectionPtr is within image */
++ SectionPtr = ImageAddress(data, datasize,
++ sizeof (UINT32) +
++ sizeof (EFI_IMAGE_FILE_HEADER) +
++ context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader +
++ (index * sizeof(*SectionPtr)));
++ if (!SectionPtr) {
++ Print(L"Malformed section %d\n", index);
++ status = EFI_INVALID_PARAMETER;
++ goto done;
++ }
++ /* Validate section size is within image. */
++ if (SectionPtr->SizeOfRawData >
++ datasize - SumOfBytesHashed - SumOfSectionBytes) {
++ Print(L"Malformed section %d size\n", index);
++ status = EFI_INVALID_PARAMETER;
++ goto done;
++ }
++ SumOfSectionBytes += SectionPtr->SizeOfRawData;
+ }
+
+ SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * context->PEHdr->Pe32.FileHeader.NumberOfSections);
+@@ -602,6 +616,11 @@ static EFI_STATUS generate_hash (char *data, int datasize,
+ goto done;
+ }
+
++ /* Already validated above */
++ Section = ImageAddress(data, datasize, sizeof (UINT32) +
++ sizeof (EFI_IMAGE_FILE_HEADER) +
++ context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader);
++
+ /* Sort the section headers */
+ for (index = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) {
+ pos = index;
+@@ -620,7 +639,6 @@ static EFI_STATUS generate_hash (char *data, int datasize,
+ continue;
+ }
+ hashbase = ImageAddress(data, size, Section->PointerToRawData);
+- hashsize = (unsigned int) Section->SizeOfRawData;
+
+ if (!hashbase) {
+ Print(L"Malformed section header\n");
+@@ -628,6 +646,15 @@ static EFI_STATUS generate_hash (char *data, int datasize,
+ goto done;
+ }
+
++ /* Verify hashsize within image. */
++ if (Section->SizeOfRawData >
++ datasize - Section->PointerToRawData) {
++ Print(L"Malformed section raw size %d\n", index);
++ status = EFI_INVALID_PARAMETER;
++ goto done;
++ }
++ hashsize = (unsigned int) Section->SizeOfRawData;
++
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+ !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+ Print(L"Unable to generate hash\n");
+@@ -638,10 +665,10 @@ static EFI_STATUS generate_hash (char *data, int datasize,
+ }
+
+ /* Hash all remaining data */
+- if (size > SumOfBytesHashed) {
++ if (datasize > SumOfBytesHashed) {
+ hashbase = data + SumOfBytesHashed;
+ hashsize = (unsigned int)(
+- size -
++ datasize -
+ #if __LP64__
+ context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
+ #else
+@@ -884,7 +911,8 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+ return EFI_UNSUPPORTED;
+ }
+
+- if (((UINT8 *)context->SecDir - (UINT8 *)data) > (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) {
++ if ((unsigned long)((UINT8 *)context->SecDir - (UINT8 *)data) >
++ (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) {
+ Print(L"Invalid image\n");
+ return EFI_UNSUPPORTED;
+ }
+@@ -904,7 +932,8 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ {
+ EFI_STATUS efi_status;
+ char *buffer;
+- int i, size;
++ int i;
++ unsigned int size;
+ EFI_IMAGE_SECTION_HEADER *Section;
+ char *base, *end;
+ PE_COFF_LOADER_IMAGE_CONTEXT context;
+@@ -1081,7 +1110,8 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath,
+ {
+ EFI_DEVICE_PATH *devpath;
+ EFI_HANDLE device;
+- int i, j, last = -1;
++ unsigned int i;
++ int j, last = -1;
+ unsigned int pathlen = 0;
+ EFI_STATUS efi_status = EFI_SUCCESS;
+ CHAR16 *bootpath;
+@@ -1637,9 +1667,10 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
+ EFI_STATUS status;
+ EFI_LOADED_IMAGE *li;
+ CHAR16 *start = NULL, *c;
+- int i, remaining_size = 0;
++ unsigned int i;
++ int remaining_size = 0;
+ CHAR16 *loader_str = NULL;
+- int loader_len = 0;
++ unsigned int loader_len = 0;
+
+ second_stage = DEFAULT_LOADER;
+ load_options = NULL;
+--
+1.9.3
+
diff --git a/SOURCES/0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch b/SOURCES/0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch
new file mode 100644
index 0000000..88b6f1c
--- /dev/null
+++ b/SOURCES/0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch
@@ -0,0 +1,75 @@
+From a876037a0d4b91638fcb6274bd7a976f8318a7e2 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 11 Apr 2014 15:05:24 -0400
+Subject: [PATCH 24/74] Kees' patch missed the offset adjustment to PEHdr.
+
+In read_header, we adjust context->PEHdr's address by doshdr->e_lfanew.
+If we're going to recompute that address, we have to adjust it here
+too.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ shim.c | 26 +++++++++++++++++++-------
+ 1 file changed, 19 insertions(+), 7 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index 8c583a4..d06bd02 100644
+--- a/shim.c
++++ b/shim.c
+@@ -511,12 +511,8 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+ EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL;
+ EFI_IMAGE_SECTION_HEADER *SectionCache;
+ EFI_STATUS status = EFI_SUCCESS;
+-
+- sha256ctxsize = Sha256GetContextSize();
+- sha256ctx = AllocatePool(sha256ctxsize);
+-
+- sha1ctxsize = Sha1GetContextSize();
+- sha1ctx = AllocatePool(sha1ctxsize);
++ EFI_IMAGE_DOS_HEADER *DosHdr = (void *)data;
++ unsigned int PEHdr_offset = 0;
+
+ if (datasize_in < 0) {
+ Print(L"Invalid data size\n");
+@@ -524,6 +520,19 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+ }
+ size = datasize = (unsigned int)datasize_in;
+
++ if (datasize <= sizeof (*DosHdr) ||
++ DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) {
++ Print(L"Invalid signature\n");
++ return EFI_INVALID_PARAMETER;
++ }
++ PEHdr_offset = DosHdr->e_lfanew;
++
++ sha256ctxsize = Sha256GetContextSize();
++ sha256ctx = AllocatePool(sha256ctxsize);
++
++ sha1ctxsize = Sha1GetContextSize();
++ sha1ctx = AllocatePool(sha1ctxsize);
++
+ if (!sha256ctx || !sha1ctx) {
+ Print(L"Unable to allocate memory for hash context\n");
+ return EFI_OUT_OF_RESOURCES;
+@@ -590,6 +599,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+
+ /* Validate SectionPtr is within image */
+ SectionPtr = ImageAddress(data, datasize,
++ PEHdr_offset +
+ sizeof (UINT32) +
+ sizeof (EFI_IMAGE_FILE_HEADER) +
+ context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader +
+@@ -617,7 +627,9 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+ }
+
+ /* Already validated above */
+- Section = ImageAddress(data, datasize, sizeof (UINT32) +
++ Section = ImageAddress(data, datasize,
++ PEHdr_offset +
++ sizeof (UINT32) +
+ sizeof (EFI_IMAGE_FILE_HEADER) +
+ context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader);
+
+--
+1.9.3
+
diff --git a/SOURCES/0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch b/SOURCES/0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch
new file mode 100644
index 0000000..eb7e4df
--- /dev/null
+++ b/SOURCES/0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch
@@ -0,0 +1,35 @@
+From 5103c3b368e04dd1eab1202b87363c7e6ba8f927 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 11 Apr 2014 15:07:45 -0400
+Subject: [PATCH 25/74] Get rid of SectionCache in generate_hash(), it is
+ unused.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ shim.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index d06bd02..48a6f2f 100644
+--- a/shim.c
++++ b/shim.c
+@@ -509,7 +509,6 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+ unsigned int datasize;
+ EFI_IMAGE_SECTION_HEADER *Section;
+ EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL;
+- EFI_IMAGE_SECTION_HEADER *SectionCache;
+ EFI_STATUS status = EFI_SUCCESS;
+ EFI_IMAGE_DOS_HEADER *DosHdr = (void *)data;
+ unsigned int PEHdr_offset = 0;
+@@ -594,7 +593,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+ #endif
+
+ /* Validate section locations and sizes */
+- for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++, SectionCache++) {
++ for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) {
+ EFI_IMAGE_SECTION_HEADER *SectionPtr;
+
+ /* Validate SectionPtr is within image */
+--
+1.9.3
+
diff --git a/SOURCES/0026-fallback-Avoid-duplicate-old-BootOrder.patch b/SOURCES/0026-fallback-Avoid-duplicate-old-BootOrder.patch
new file mode 100644
index 0000000..3992ae1
--- /dev/null
+++ b/SOURCES/0026-fallback-Avoid-duplicate-old-BootOrder.patch
@@ -0,0 +1,90 @@
+From 382a0b66e6c06ccf6775e3c05d5f9ce5f0eab5db Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Thu, 6 Mar 2014 11:58:36 +0800
+Subject: [PATCH 26/74] [fallback] Avoid duplicate old BootOrder
+
+set_boot_order() already copies the old BootOrder to the variable,
+bootorder. Besides, we can adjust BootOrder when adding the newly
+generated boot option. So, we don't have to copy the old one again
+in update_boot_order(). This avoid the duplicate entries in BootOrder.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ fallback.c | 37 ++++++++++++-------------------------
+ 1 file changed, 12 insertions(+), 25 deletions(-)
+
+diff --git a/fallback.c b/fallback.c
+index bc9a3c9..4bde9c1 100644
+--- a/fallback.c
++++ b/fallback.c
+@@ -204,12 +204,12 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp,
+ return EFI_OUT_OF_RESOURCES;
+
+ int j = 0;
++ newbootorder[0] = i & 0xffff;
+ if (nbootorder) {
+ for (j = 0; j < nbootorder; j++)
+- newbootorder[j] = bootorder[j];
++ newbootorder[j+1] = bootorder[j];
+ FreePool(bootorder);
+ }
+- newbootorder[j] = i & 0xffff;
+ bootorder = newbootorder;
+ nbootorder += 1;
+ #ifdef DEBUG_FALLBACK
+@@ -307,28 +307,17 @@ set_boot_order(void)
+ EFI_STATUS
+ update_boot_order(void)
+ {
+- CHAR16 *oldbootorder;
+ UINTN size;
++ UINTN len = 0;
+ EFI_GUID global = EFI_GLOBAL_VARIABLE;
+ CHAR16 *newbootorder = NULL;
++ EFI_STATUS rc;
+
+- oldbootorder = LibGetVariableAndSize(L"BootOrder", &global, &size);
+- if (oldbootorder) {
+- int n = size / sizeof (CHAR16) + nbootorder;
+-
+- newbootorder = AllocateZeroPool(n * sizeof (CHAR16));
+- if (!newbootorder)
+- return EFI_OUT_OF_RESOURCES;
+- CopyMem(newbootorder, bootorder, nbootorder * sizeof (CHAR16));
+- CopyMem(newbootorder + nbootorder, oldbootorder, size);
+- size = n * sizeof (CHAR16);
+- } else {
+- size = nbootorder * sizeof(CHAR16);
+- newbootorder = AllocateZeroPool(size);
+- if (!newbootorder)
+- return EFI_OUT_OF_RESOURCES;
+- CopyMem(newbootorder, bootorder, size);
+- }
++ size = nbootorder * sizeof(CHAR16);
++ newbootorder = AllocateZeroPool(size);
++ if (!newbootorder)
++ return EFI_OUT_OF_RESOURCES;
++ CopyMem(newbootorder, bootorder, size);
+
+ #ifdef DEBUG_FALLBACK
+ Print(L"nbootorder: %d\nBootOrder: ", size / sizeof (CHAR16));
+@@ -337,13 +326,11 @@ update_boot_order(void)
+ Print(L"%04x ", newbootorder[j]);
+ Print(L"\n");
+ #endif
+-
+- if (oldbootorder) {
++ rc = uefi_call_wrapper(RT->GetVariable, 5, L"BootOrder", &global,
++ NULL, &len, NULL);
++ if (rc == EFI_BUFFER_TOO_SMALL)
+ LibDeleteVariable(L"BootOrder", &global);
+- FreePool(oldbootorder);
+- }
+
+- EFI_STATUS rc;
+ rc = uefi_call_wrapper(RT->SetVariable, 5, L"BootOrder", &global,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+--
+1.9.3
+
diff --git a/SOURCES/0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch b/SOURCES/0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch
new file mode 100644
index 0000000..f644711
--- /dev/null
+++ b/SOURCES/0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch
@@ -0,0 +1,26 @@
+From 4aac8a1179e160397d7ef8f1e3232cfb4f3373d6 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Thu, 6 Mar 2014 10:57:02 +0800
+Subject: [PATCH 27/74] [fallback] Fix the data size for boot option comparison
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ fallback.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fallback.c b/fallback.c
+index 4bde9c1..7f242e1 100644
+--- a/fallback.c
++++ b/fallback.c
+@@ -231,7 +231,7 @@ find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label,
+ {
+ unsigned int size = sizeof(UINT32) + sizeof (UINT16) +
+ StrLen(label)*2 + 2 + DevicePathSize(dp) +
+- StrLen(arguments) * 2 + 2;
++ StrLen(arguments) * 2;
+
+ CHAR8 *data = AllocateZeroPool(size);
+ if (!data)
+--
+1.9.3
+
diff --git a/SOURCES/0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch b/SOURCES/0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch
new file mode 100644
index 0000000..82d5d29
--- /dev/null
+++ b/SOURCES/0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch
@@ -0,0 +1,58 @@
+From 0ba09477afac58ef2eadc7311440e695e6250029 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Wed, 5 Mar 2014 18:14:09 +0800
+Subject: [PATCH 28/74] [fallback] Try to boot the first boot option anyway
+
+Some UEFI implementations never care the boot options, so the
+restored boot options could be just ignored and this results in
+endless reboot. To avoid this situation, this commit makes
+fallback.efi to load the first matched boot option even if there
+is no boot option to be restored. It may not be perfect, but at
+least the bootloader is loaded...
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ fallback.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/fallback.c b/fallback.c
+index 7f242e1..d10fb62 100644
+--- a/fallback.c
++++ b/fallback.c
+@@ -226,8 +226,9 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp,
+ }
+
+ EFI_STATUS
+-find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label,
+- CHAR16 *arguments, UINT16 *optnum)
++find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
++ CHAR16 *filename, CHAR16 *label, CHAR16 *arguments,
++ UINT16 *optnum)
+ {
+ unsigned int size = sizeof(UINT32) + sizeof (UINT16) +
+ StrLen(label)*2 + 2 + DevicePathSize(dp) +
+@@ -278,6 +279,12 @@ find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label,
+ continue;
+
+ /* at this point, we have duplicate data. */
++ if (!first_new_option) {
++ first_new_option = DuplicateDevicePath(fulldp);
++ first_new_option_args = arguments;
++ first_new_option_size = StrLen(arguments) * sizeof (CHAR16);
++ }
++
+ *optnum = i;
+ FreePool(candidate);
+ FreePool(data);
+@@ -403,7 +410,7 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 *
+ #endif
+
+ UINT16 option;
+- rc = find_boot_option(dp, fullpath, label, arguments, &option);
++ rc = find_boot_option(dp, full_device_path, fullpath, label, arguments, &option);
+ if (EFI_ERROR(rc)) {
+ add_boot_option(dp, full_device_path, fullpath, label, arguments);
+ } else if (option != 0) {
+--
+1.9.3
+
diff --git a/SOURCES/0029-Fetch-the-netboot-image-from-the-same-device.patch b/SOURCES/0029-Fetch-the-netboot-image-from-the-same-device.patch
new file mode 100644
index 0000000..9b94ed1
--- /dev/null
+++ b/SOURCES/0029-Fetch-the-netboot-image-from-the-same-device.patch
@@ -0,0 +1,144 @@
+From f500a8742c19be604d33907b56ab9597fe448b65 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Tue, 27 May 2014 14:12:32 +0800
+Subject: [PATCH 29/74] Fetch the netboot image from the same device
+
+The previous strategy is to locate the first available PXE_BASE_CODE
+protocol and to fetch the second stage image from it, and this may
+cause shim to fetch the wrong second stage image, i.e. grub.efi.
+
+Consider the machine with the following boot order:
+1. PXE Boot
+2. Hard Drive
+
+Assume that the EFI image, e.g. bootx64.efi, in the PXE server is
+broken, then "PXE Boot" will fail and fallback to "Hard Drive". While
+shim.efi in "Hard Drive" is loaded, it will find the PXE protocol is
+available and fetch grub.efi from the PXE server, not grub.efi in the
+disk.
+
+This commit checks the DeviceHandle from Loaded Image. If the device
+supports PXE, then shim fetches grub.efi with the PXE protocol. Otherwise,
+shim loads grub.efi from the disk.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ netboot.c | 77 +++++++++++++--------------------------------------------------
+ shim.c | 2 +-
+ 2 files changed, 17 insertions(+), 62 deletions(-)
+
+diff --git a/netboot.c b/netboot.c
+index 07e2773..5ef53f7 100644
+--- a/netboot.c
++++ b/netboot.c
+@@ -85,78 +85,33 @@ translate_slashes(char *str)
+ * Returns TRUE if we identify a protocol that is enabled and Providing us with
+ * the needed information to fetch a grubx64.efi image
+ */
+-BOOLEAN findNetboot(EFI_HANDLE image_handle)
++BOOLEAN findNetboot(EFI_HANDLE device)
+ {
+- UINTN bs = sizeof(EFI_HANDLE);
+- EFI_GUID pxe_base_code_protocol = EFI_PXE_BASE_CODE_PROTOCOL;
+- EFI_HANDLE *hbuf;
+- BOOLEAN rc = FALSE;
+- void *buffer = AllocatePool(bs);
+- UINTN errcnt = 0;
+- UINTN i;
+ EFI_STATUS status;
+
+- if (!buffer)
++ status = uefi_call_wrapper(BS->HandleProtocol, 3, device,
++ &PxeBaseCodeProtocol, (VOID **)&pxe);
++ if (status != EFI_SUCCESS) {
++ pxe = NULL;
+ return FALSE;
+-
+-try_again:
+- status = uefi_call_wrapper(BS->LocateHandle,5, ByProtocol,
+- &pxe_base_code_protocol, NULL, &bs,
+- buffer);
+-
+- if (status == EFI_BUFFER_TOO_SMALL) {
+- errcnt++;
+- FreePool(buffer);
+- if (errcnt > 1)
+- return FALSE;
+- buffer = AllocatePool(bs);
+- if (!buffer)
+- return FALSE;
+- goto try_again;
+ }
+
+- if (status == EFI_NOT_FOUND) {
+- FreePool(buffer);
++ if (!pxe || !pxe->Mode) {
++ pxe = NULL;
+ return FALSE;
+ }
+
+- /*
+- * We have a list of pxe supporting protocols, lets see if any are
+- * active
+- */
+- hbuf = buffer;
+- pxe = NULL;
+- for (i=0; i < (bs / sizeof(EFI_HANDLE)); i++) {
+- status = uefi_call_wrapper(BS->OpenProtocol, 6, hbuf[i],
+- &pxe_base_code_protocol,
+- (void **)&pxe, image_handle, NULL,
+- EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+-
+- if (status != EFI_SUCCESS) {
+- pxe = NULL;
+- continue;
+- }
+-
+- if (!pxe || !pxe->Mode) {
+- pxe = NULL;
+- continue;
+- }
+-
+- if (pxe->Mode->Started && pxe->Mode->DhcpAckReceived) {
+- /*
+- * We've located a pxe protocol handle thats been
+- * started and has received an ACK, meaning its
+- * something we'll be able to get tftp server info
+- * out of
+- */
+- rc = TRUE;
+- break;
+- }
+-
++ if (!pxe->Mode->Started || !pxe->Mode->DhcpAckReceived) {
++ pxe = NULL;
++ return FALSE;
+ }
+
+- FreePool(buffer);
+- return rc;
++ /*
++ * We've located a pxe protocol handle thats been started and has
++ * received an ACK, meaning its something we'll be able to get
++ * tftp server info out of
++ */
++ return TRUE;
+ }
+
+ static CHAR8 *get_v6_bootfile_url(EFI_PXE_BASE_CODE_DHCPV6_PACKET *pkt)
+diff --git a/shim.c b/shim.c
+index 48a6f2f..d8699f9 100644
+--- a/shim.c
++++ b/shim.c
+@@ -1373,7 +1373,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
+ goto done;
+ }
+
+- if (findNetboot(image_handle)) {
++ if (findNetboot(li->DeviceHandle)) {
+ efi_status = parseNetbootinfo(image_handle);
+ if (efi_status != EFI_SUCCESS) {
+ Print(L"Netboot parsing failed: %r\n", efi_status);
+--
+1.9.3
+
diff --git a/SOURCES/0030-Check-the-first-4-bytes-of-the-certificate.patch b/SOURCES/0030-Check-the-first-4-bytes-of-the-certificate.patch
new file mode 100644
index 0000000..8fa702a
--- /dev/null
+++ b/SOURCES/0030-Check-the-first-4-bytes-of-the-certificate.patch
@@ -0,0 +1,140 @@
+From 5f18e2e3643524c6b6b38c44c6ce4eabdcfd59d1 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Tue, 27 May 2014 17:42:00 +0800
+Subject: [PATCH 30/74] Check the first 4 bytes of the certificate
+
+A non-DER encoding x509 certificate may be mistakenly enrolled into
+db or MokList. This commit checks the first 4 bytes of the certificate
+to ensure that it's DER encoding.
+
+This commit also removes the iteration of the x509 signature list.
+Per UEFI SPEC, each x509 signature list contains only one x509 certificate.
+Besides, the size of certificate is incorrect. The size of the header must
+be substracted from the signature size.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ MokManager.c | 23 +++++++++++++++++++++--
+ shim.c | 45 +++++++++++++++++++++++++++++++--------------
+ 2 files changed, 52 insertions(+), 16 deletions(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index 3da61f4..c9fbbac 100644
+--- a/MokManager.c
++++ b/MokManager.c
+@@ -1306,11 +1306,30 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) {
+ return -1;
+ }
+
+-static BOOLEAN verify_certificate(void *cert, UINTN size)
++static BOOLEAN verify_certificate(UINT8 *cert, UINTN size)
+ {
+ X509 *X509Cert;
+- if (!cert || size == 0)
++ UINTN length;
++ if (!cert || size < 0)
++ return FALSE;
++
++ /*
++ * A DER encoding x509 certificate starts with SEQUENCE(0x30),
++ * the number of length bytes, and the number of value bytes.
++ * The size of a x509 certificate is usually between 127 bytes
++ * and 64KB. For convenience, assume the number of value bytes
++ * is 2, i.e. the second byte is 0x82.
++ */
++ if (cert[0] != 0x30 || cert[1] != 0x82) {
++ console_notify(L"Not a DER encoding X509 certificate");
+ return FALSE;
++ }
++
++ length = (cert[2]<<8 | cert[3]);
++ if (length != (size - 4)) {
++ console_notify(L"Invalid X509 certificate: Inconsistent size");
++ return FALSE;
++ }
+
+ if (!(X509ConstructCertificate(cert, size, (UINT8 **) &X509Cert)) ||
+ X509Cert == NULL) {
+diff --git a/shim.c b/shim.c
+index d8699f9..cd26ce6 100644
+--- a/shim.c
++++ b/shim.c
+@@ -226,44 +226,61 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ return EFI_SUCCESS;
+ }
+
++static BOOLEAN verify_x509(UINT8 *Cert, UINTN CertSize)
++{
++ UINTN length;
++
++ if (!Cert || CertSize < 4)
++ return FALSE;
++
++ /*
++ * A DER encoding x509 certificate starts with SEQUENCE(0x30),
++ * the number of length bytes, and the number of value bytes.
++ * The size of a x509 certificate is usually between 127 bytes
++ * and 64KB. For convenience, assume the number of value bytes
++ * is 2, i.e. the second byte is 0x82.
++ */
++ if (Cert[0] != 0x30 || Cert[1] != 0x82)
++ return FALSE;
++
++ length = Cert[2]<<8 | Cert[3];
++ if (length != (CertSize - 4))
++ return FALSE;
++
++ return TRUE;
++}
++
+ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList,
+ UINTN dbsize,
+ WIN_CERTIFICATE_EFI_PKCS *data,
+ UINT8 *hash)
+ {
+ EFI_SIGNATURE_DATA *Cert;
+- UINTN CertCount, Index;
++ UINTN CertSize;
+ BOOLEAN IsFound = FALSE;
+ EFI_GUID CertType = X509_GUID;
+
+ while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
+ if (CompareGuid (&CertList->SignatureType, &CertType) == 0) {
+- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+- for (Index = 0; Index < CertCount; Index++) {
++ CertSize = CertList->SignatureSize - sizeof(EFI_GUID);
++ if (verify_x509(Cert->SignatureData, CertSize)) {
+ IsFound = AuthenticodeVerify (data->CertData,
+ data->Hdr.dwLength - sizeof(data->Hdr),
+ Cert->SignatureData,
+- CertList->SignatureSize,
++ CertSize,
+ hash, SHA256_DIGEST_SIZE);
+ if (IsFound)
+- break;
+-
+- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
++ return DATA_FOUND;
++ } else if (verbose) {
++ console_notify(L"Not a DER encoding x.509 Certificate");
+ }
+-
+ }
+
+- if (IsFound)
+- break;
+-
+ dbsize -= CertList->SignatureListSize;
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ }
+
+- if (IsFound)
+- return DATA_FOUND;
+-
+ return DATA_NOT_FOUND;
+ }
+
+--
+1.9.3
+
diff --git a/SOURCES/0031-Remove-grubpath-in-generate_path.patch b/SOURCES/0031-Remove-grubpath-in-generate_path.patch
new file mode 100644
index 0000000..bc0dfba
--- /dev/null
+++ b/SOURCES/0031-Remove-grubpath-in-generate_path.patch
@@ -0,0 +1,64 @@
+From 78aaad3003d53a14a009176ad5816937e18fa33f Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Mon, 26 May 2014 16:49:10 +0800
+Subject: [PATCH 31/74] Remove grubpath in generate_path()
+
+The variable is not used anymore.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ shim.c | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index cd26ce6..eb8542a 100644
+--- a/shim.c
++++ b/shim.c
+@@ -1134,17 +1134,15 @@ should_use_fallback(EFI_HANDLE image_handle)
+ * of the executable
+ */
+ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath,
+- EFI_DEVICE_PATH **grubpath, CHAR16 **PathName)
++ CHAR16 **PathName)
+ {
+ EFI_DEVICE_PATH *devpath;
+- EFI_HANDLE device;
+ unsigned int i;
+ int j, last = -1;
+ unsigned int pathlen = 0;
+ EFI_STATUS efi_status = EFI_SUCCESS;
+ CHAR16 *bootpath;
+
+- device = li->DeviceHandle;
+ devpath = li->FilePath;
+
+ bootpath = DevicePathToStr(devpath);
+@@ -1197,8 +1195,6 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath,
+ StrCat(*PathName, bootpath);
+ StrCat(*PathName, ImagePath);
+
+- *grubpath = FileDevicePath(device, *PathName);
+-
+ error:
+ FreePool(bootpath);
+
+@@ -1361,7 +1357,6 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
+ EFI_GUID loaded_image_protocol = LOADED_IMAGE_PROTOCOL;
+ EFI_STATUS efi_status;
+ EFI_LOADED_IMAGE *li, li_bak;
+- EFI_DEVICE_PATH *path;
+ CHAR16 *PathName = NULL;
+ void *sourcebuffer = NULL;
+ UINT64 sourcesize = 0;
+@@ -1383,7 +1378,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
+ /*
+ * Build a new path from the existing one plus the executable name
+ */
+- efi_status = generate_path(li, ImagePath, &path, &PathName);
++ efi_status = generate_path(li, ImagePath, &PathName);
+
+ if (efi_status != EFI_SUCCESS) {
+ Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status);
+--
+1.9.3
+
diff --git a/SOURCES/0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch b/SOURCES/0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch
new file mode 100644
index 0000000..cc781c9
--- /dev/null
+++ b/SOURCES/0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch
@@ -0,0 +1,69 @@
+From 53a8f8721c7e26717a47b668309e3ecb1f78a250 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Fri, 7 Mar 2014 16:56:14 +0800
+Subject: [PATCH 32/74] MokManager: delete the BS+NV variables the right way
+
+LibDeleteVariable assumes that the variable is RT+NV and it
+won't work on a BS+NV variable.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ MokManager.c | 28 +++++++++++++++++++++++++---
+ 1 file changed, 25 insertions(+), 3 deletions(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index c9fbbac..0ab308f 100644
+--- a/MokManager.c
++++ b/MokManager.c
+@@ -1112,7 +1112,16 @@ static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) {
+ return -1;
+ }
+ } else {
+- LibDeleteVariable(L"MokSBState", &shim_lock_guid);
++ efi_status = uefi_call_wrapper(RT->SetVariable,
++ 5, L"MokSBState",
++ &shim_lock_guid,
++ EFI_VARIABLE_NON_VOLATILE |
++ EFI_VARIABLE_BOOTSERVICE_ACCESS,
++ 0, NULL);
++ if (efi_status != EFI_SUCCESS) {
++ console_notify(L"Failed to delete Secure Boot state");
++ return -1;
++ }
+ }
+
+ console_notify(L"The system must now be rebooted");
+@@ -1224,7 +1233,16 @@ static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) {
+ return -1;
+ }
+ } else {
+- LibDeleteVariable(L"MokDBState", &shim_lock_guid);
++ efi_status = uefi_call_wrapper(RT->SetVariable, 5,
++ L"MokDBState",
++ &shim_lock_guid,
++ EFI_VARIABLE_NON_VOLATILE |
++ EFI_VARIABLE_BOOTSERVICE_ACCESS,
++ 0, NULL);
++ if (efi_status != EFI_SUCCESS) {
++ console_notify(L"Failed to delete DB state");
++ return -1;
++ }
+ }
+
+ console_notify(L"The system must now be rebooted");
+@@ -1261,7 +1279,11 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) {
+ if (console_yes_no((CHAR16 *[]){L"Clear MOK password?", NULL}) == 0)
+ return 0;
+
+- LibDeleteVariable(L"MokPWStore", &shim_lock_guid);
++ uefi_call_wrapper(RT->SetVariable, 5, L"MokPWStore",
++ &shim_lock_guid,
++ EFI_VARIABLE_NON_VOLATILE
++ | EFI_VARIABLE_BOOTSERVICE_ACCESS,
++ 0, NULL);
+ LibDeleteVariable(L"MokPW", &shim_lock_guid);
+ console_notify(L"The system must now be rebooted");
+ uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, EFI_SUCCESS, 0,
+--
+1.9.3
+
diff --git a/SOURCES/0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch b/SOURCES/0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch
new file mode 100644
index 0000000..cc73929
--- /dev/null
+++ b/SOURCES/0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch
@@ -0,0 +1,160 @@
+From 22254e2633d58edd0176ccdfab9dd35171f89963 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Tue, 3 Dec 2013 15:52:02 +0800
+Subject: [PATCH 33/74] MokManager: handle the error status from ReadKeyStroke
+
+On some machines, even though the key event was signaled, ReadKeyStroke
+still got EFI_NOT_READY. This commit handles the error status to avoid
+console_get_keystroke from returning unexpected keys.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+
+Conflicts:
+ MokManager.c
+---
+ MokManager.c | 17 +++++++++++++----
+ include/console.h | 4 ++--
+ lib/console.c | 26 ++++++++++++++++++--------
+ 3 files changed, 33 insertions(+), 14 deletions(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index 0ab308f..50cb9d7 100644
+--- a/MokManager.c
++++ b/MokManager.c
+@@ -488,13 +488,19 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title)
+ return EFI_SUCCESS;
+ }
+
+-static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show)
++static EFI_STATUS get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show)
+ {
+ EFI_INPUT_KEY key;
++ EFI_STATUS status;
+ unsigned int count = 0;
+
+ do {
+- key = console_get_keystroke();
++ status = console_get_keystroke(&key);
++ if (EFI_ERROR (status)) {
++ console_error(L"Failed to read the keystroke", status);
++ *length = 0;
++ return status;
++ }
+
+ if ((count >= line_max &&
+ key.UnicodeChar != CHAR_BACKSPACE) ||
+@@ -525,7 +531,7 @@ static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show
+
+ *length = count;
+
+- return 1;
++ return EFI_SUCCESS;
+ }
+
+ static EFI_STATUS compute_pw_hash (void *Data, UINTN DataSize, UINT8 *password,
+@@ -989,6 +995,7 @@ static INTN mok_deletion_prompt (void *MokDel, UINTN MokDelSize)
+ static CHAR16 get_password_charater (CHAR16 *prompt)
+ {
+ SIMPLE_TEXT_OUTPUT_MODE SavedMode;
++ EFI_STATUS status;
+ CHAR16 *message[2];
+ CHAR16 character;
+ UINTN length;
+@@ -1003,7 +1010,9 @@ static CHAR16 get_password_charater (CHAR16 *prompt)
+ message[1] = NULL;
+ length = StrLen(message[0]);
+ console_print_box_at(message, -1, -length-4, -5, length+4, 3, 0, 1);
+- get_line(&pw_length, &character, 1, 0);
++ status = get_line(&pw_length, &character, 1, 0);
++ if (EFI_ERROR(status))
++ character = 0;
+
+ console_restore_mode(&SavedMode);
+
+diff --git a/include/console.h b/include/console.h
+index e6c2818..9c793ea 100644
+--- a/include/console.h
++++ b/include/console.h
+@@ -1,8 +1,8 @@
+ #ifndef _SHIM_LIB_CONSOLE_H
+ #define _SHIM_LIB_CONSOLE_H 1
+
+-EFI_INPUT_KEY
+-console_get_keystroke(void);
++EFI_STATUS
++console_get_keystroke(EFI_INPUT_KEY *key);
+ void
+ console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_row, int size_cols, int size_rows, int offset, int lines);
+ void
+diff --git a/lib/console.c b/lib/console.c
+index 2fc8db3..41ed83a 100644
+--- a/lib/console.c
++++ b/lib/console.c
+@@ -40,16 +40,18 @@ SetMem16(CHAR16 *dst, UINT32 n, CHAR16 c)
+ }
+ }
+
+-EFI_INPUT_KEY
+-console_get_keystroke(void)
++EFI_STATUS
++console_get_keystroke(EFI_INPUT_KEY *key)
+ {
+- EFI_INPUT_KEY key;
+ UINTN EventIndex;
++ EFI_STATUS status;
+
+- uefi_call_wrapper(BS->WaitForEvent, 3, 1, &ST->ConIn->WaitForKey, &EventIndex);
+- uefi_call_wrapper(ST->ConIn->ReadKeyStroke, 2, ST->ConIn, &key);
++ do {
++ uefi_call_wrapper(BS->WaitForEvent, 3, 1, &ST->ConIn->WaitForKey, &EventIndex);
++ status = uefi_call_wrapper(ST->ConIn->ReadKeyStroke, 2, ST->ConIn, key);
++ } while (status == EFI_NOT_READY);
+
+- return key;
++ return status;
+ }
+
+ void
+@@ -162,6 +164,8 @@ console_print_box(CHAR16 *str_arr[], int highlight)
+ {
+ SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode;
+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
++ EFI_INPUT_KEY key;
++
+ CopyMem(&SavedConsoleMode, co->Mode, sizeof(SavedConsoleMode));
+ uefi_call_wrapper(co->EnableCursor, 2, co, FALSE);
+ uefi_call_wrapper(co->SetAttribute, 2, co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE);
+@@ -169,7 +173,7 @@ console_print_box(CHAR16 *str_arr[], int highlight)
+ console_print_box_at(str_arr, highlight, 0, 0, -1, -1, 0,
+ count_lines(str_arr));
+
+- console_get_keystroke();
++ console_get_keystroke(&key);
+
+ uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible);
+
+@@ -184,6 +188,7 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start)
+ SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode;
+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
+ EFI_INPUT_KEY k;
++ EFI_STATUS status;
+ int selector;
+ int selector_lines = count_lines(selectors);
+ int selector_max_cols = 0;
+@@ -237,7 +242,12 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start)
+ size_cols, size_rows, 0, lines);
+
+ do {
+- k = console_get_keystroke();
++ status = console_get_keystroke(&k);
++ if (EFI_ERROR (status)) {
++ Print(L"Failed to read the keystroke: %r", status);
++ selector = -1;
++ break;
++ }
+
+ if (k.ScanCode == SCAN_ESC) {
+ selector = -1;
+--
+1.9.3
+
diff --git a/SOURCES/0034-Exclude-ca.crt-while-signing-EFI-images.patch b/SOURCES/0034-Exclude-ca.crt-while-signing-EFI-images.patch
new file mode 100644
index 0000000..a1c9da7
--- /dev/null
+++ b/SOURCES/0034-Exclude-ca.crt-while-signing-EFI-images.patch
@@ -0,0 +1,30 @@
+From 09283f08f001305db5a3299b53acba85bf6c9876 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Mon, 4 Nov 2013 17:51:55 +0800
+Subject: [PATCH 34/74] Exclude ca.crt while signing EFI images
+
+If ca.crt was added into the certificate database, ca.crt would be the first
+certificate in the signature. Because shim couldn't verify ca.crt with the
+embedded shim.cer, it failed to load MokManager.efi.signed and
+fallback.efi.signed.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ Makefile | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 46e5ef9..df190a2 100644
+--- a/Makefile
++++ b/Makefile
+@@ -73,7 +73,6 @@ version.c : version.c.in
+
+ certdb/secmod.db: shim.crt
+ -mkdir certdb
+- certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt
+ pk12util -d certdb/ -i shim.p12 -W "" -K ""
+ certutil -d certdb/ -A -i shim.crt -n shim -t u
+
+--
+1.9.3
+
diff --git a/SOURCES/0035-No-newline-for-console_notify.patch b/SOURCES/0035-No-newline-for-console_notify.patch
new file mode 100644
index 0000000..a22e4b6
--- /dev/null
+++ b/SOURCES/0035-No-newline-for-console_notify.patch
@@ -0,0 +1,49 @@
+From dc8fc734b8d8c7720fd25ff8a35fc3f9ee384f3b Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Mon, 28 Oct 2013 16:36:34 +0800
+Subject: [PATCH 35/74] No newline for console_notify
+
+The newlines are for Print(), not console_notify().
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+
+Conflicts:
+ shim.c
+---
+ shim.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index eb8542a..f9fa606 100644
+--- a/shim.c
++++ b/shim.c
+@@ -479,7 +479,7 @@ static BOOLEAN secure_mode (void)
+ status = get_variable(L"SecureBoot", &Data, &len, global_var);
+ if (status != EFI_SUCCESS) {
+ if (verbose)
+- console_notify(L"Secure boot not enabled\n");
++ console_notify(L"Secure boot not enabled");
+ return FALSE;
+ }
+ sb = *Data;
+@@ -487,7 +487,7 @@ static BOOLEAN secure_mode (void)
+
+ if (sb != 1) {
+ if (verbose)
+- console_notify(L"Secure boot not enabled\n");
++ console_notify(L"Secure boot not enabled");
+ return FALSE;
+ }
+
+@@ -500,7 +500,7 @@ static BOOLEAN secure_mode (void)
+
+ if (setupmode == 1) {
+ if (verbose)
+- console_notify(L"Platform is in setup mode\n");
++ console_notify(L"Platform is in setup mode");
+ return FALSE;
+ }
+
+--
+1.9.3
+
diff --git a/SOURCES/0036-Remove-the-duplicate-calls-in-lib-console.c.patch b/SOURCES/0036-Remove-the-duplicate-calls-in-lib-console.c.patch
new file mode 100644
index 0000000..c6a4ced
--- /dev/null
+++ b/SOURCES/0036-Remove-the-duplicate-calls-in-lib-console.c.patch
@@ -0,0 +1,35 @@
+From 8bd7bad4b77bb99c3978d328ee54e64a53b4dcfc Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Thu, 31 Oct 2013 17:55:17 +0800
+Subject: [PATCH 36/74] Remove the duplicate calls in lib/console.c
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ lib/console.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/lib/console.c b/lib/console.c
+index 41ed83a..83ee679 100644
+--- a/lib/console.c
++++ b/lib/console.c
+@@ -176,8 +176,6 @@ console_print_box(CHAR16 *str_arr[], int highlight)
+ console_get_keystroke(&key);
+
+ uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible);
+-
+- uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible);
+ uefi_call_wrapper(co->SetCursorPosition, 3, co, SavedConsoleMode.CursorColumn, SavedConsoleMode.CursorRow);
+ uefi_call_wrapper(co->SetAttribute, 2, co, SavedConsoleMode.Attribute);
+ }
+@@ -273,8 +271,6 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start)
+ && k.UnicodeChar == CHAR_CARRIAGE_RETURN));
+
+ uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible);
+-
+- uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible);
+ uefi_call_wrapper(co->SetCursorPosition, 3, co, SavedConsoleMode.CursorColumn, SavedConsoleMode.CursorRow);
+ uefi_call_wrapper(co->SetAttribute, 2, co, SavedConsoleMode.Attribute);
+
+--
+1.9.3
+
diff --git a/SOURCES/0037-Silence-the-functions-of-shim-protocol.patch b/SOURCES/0037-Silence-the-functions-of-shim-protocol.patch
new file mode 100644
index 0000000..11bdd55
--- /dev/null
+++ b/SOURCES/0037-Silence-the-functions-of-shim-protocol.patch
@@ -0,0 +1,716 @@
+From 4bfb13d803f4d8efe544e0f2aa9cd712b8cb84b1 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Tue, 1 Oct 2013 11:58:52 +0800
+Subject: [PATCH 37/74] Silence the functions of shim protocol
+
+When grub2 invokes the functions of shim protocol in gfx mode,
+OutputString in shim could distort the screen.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+
+Conflicts:
+ shim.c
+
+(modified by pjones to include some newer Prints that weren't there when
+Gary did the initial work here.)
+---
+ shim.c | 192 ++++++++++++++++++++++++++++++++++++++---------------------------
+ 1 file changed, 114 insertions(+), 78 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index f9fa606..69af766 100644
+--- a/shim.c
++++ b/shim.c
+@@ -59,6 +59,14 @@ static EFI_STATUS (EFIAPI *entry_point) (EFI_HANDLE image_handle, EFI_SYSTEM_TAB
+ static CHAR16 *second_stage;
+ static void *load_options;
+ static UINT32 load_options_size;
++static UINT8 in_protocol;
++
++#define perror(fmt, ...) ({ \
++ UINTN __perror_ret = 0; \
++ if (in_protocol) \
++ __perror_ret = Print((fmt), ##__VA_ARGS__); \
++ __perror_ret; \
++ })
+
+ EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} };
+
+@@ -133,7 +141,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ #endif
+
+ if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) {
+- Print(L"Image has no relocation entry\n");
++ perror(L"Image has no relocation entry\n");
+ return EFI_UNSUPPORTED;
+ }
+
+@@ -141,7 +149,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1);
+
+ if (!RelocBase || !RelocBaseEnd) {
+- Print(L"Reloc table overflows binary\n");
++ perror(L"Reloc table overflows binary\n");
+ return EFI_UNSUPPORTED;
+ }
+
+@@ -154,19 +162,19 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION));
+
+ if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) {
+- Print(L"Reloc block size is invalid\n");
++ perror(L"Reloc block size is invalid\n");
+ return EFI_UNSUPPORTED;
+ }
+
+ RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock);
+ if ((void *)RelocEnd < data || (void *)RelocEnd > ImageEnd) {
+- Print(L"Reloc entry overflows binary\n");
++ perror(L"Reloc entry overflows binary\n");
+ return EFI_UNSUPPORTED;
+ }
+
+ FixupBase = ImageAddress(data, size, RelocBase->VirtualAddress);
+ if (!FixupBase) {
+- Print(L"Invalid fixupbase\n");
++ perror(L"Invalid fixupbase\n");
+ return EFI_UNSUPPORTED;
+ }
+
+@@ -215,7 +223,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ break;
+
+ default:
+- Print(L"Unknown relocation\n");
++ perror(L"Unknown relocation\n");
+ return EFI_UNSUPPORTED;
+ }
+ Reloc += 1;
+@@ -478,7 +486,7 @@ static BOOLEAN secure_mode (void)
+
+ status = get_variable(L"SecureBoot", &Data, &len, global_var);
+ if (status != EFI_SUCCESS) {
+- if (verbose)
++ if (verbose && !in_protocol)
+ console_notify(L"Secure boot not enabled");
+ return FALSE;
+ }
+@@ -486,7 +494,7 @@ static BOOLEAN secure_mode (void)
+ FreePool(Data);
+
+ if (sb != 1) {
+- if (verbose)
++ if (verbose && !in_protocol)
+ console_notify(L"Secure boot not enabled");
+ return FALSE;
+ }
+@@ -499,7 +507,7 @@ static BOOLEAN secure_mode (void)
+ FreePool(Data);
+
+ if (setupmode == 1) {
+- if (verbose)
++ if (verbose && !in_protocol)
+ console_notify(L"Platform is in setup mode");
+ return FALSE;
+ }
+@@ -531,14 +539,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+ unsigned int PEHdr_offset = 0;
+
+ if (datasize_in < 0) {
+- Print(L"Invalid data size\n");
++ perror(L"Invalid data size\n");
+ return EFI_INVALID_PARAMETER;
+ }
+ size = datasize = (unsigned int)datasize_in;
+
+ if (datasize <= sizeof (*DosHdr) ||
+ DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) {
+- Print(L"Invalid signature\n");
++ perror(L"Invalid signature\n");
+ return EFI_INVALID_PARAMETER;
+ }
+ PEHdr_offset = DosHdr->e_lfanew;
+@@ -550,12 +558,12 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+ sha1ctx = AllocatePool(sha1ctxsize);
+
+ if (!sha256ctx || !sha1ctx) {
+- Print(L"Unable to allocate memory for hash context\n");
++ perror(L"Unable to allocate memory for hash context\n");
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ if (!Sha256Init(sha256ctx) || !Sha1Init(sha1ctx)) {
+- Print(L"Unable to initialise hash\n");
++ perror(L"Unable to initialise hash\n");
+ status = EFI_OUT_OF_RESOURCES;
+ goto done;
+ }
+@@ -567,7 +575,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+ !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+- Print(L"Unable to generate hash\n");
++ perror(L"Unable to generate hash\n");
+ status = EFI_OUT_OF_RESOURCES;
+ goto done;
+ }
+@@ -579,7 +587,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+ !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+- Print(L"Unable to generate hash\n");
++ perror(L"Unable to generate hash\n");
+ status = EFI_OUT_OF_RESOURCES;
+ goto done;
+ }
+@@ -597,7 +605,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+ !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+- Print(L"Unable to generate hash\n");
++ perror(L"Unable to generate hash\n");
+ status = EFI_OUT_OF_RESOURCES;
+ goto done;
+ }
+@@ -621,14 +629,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+ context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader +
+ (index * sizeof(*SectionPtr)));
+ if (!SectionPtr) {
+- Print(L"Malformed section %d\n", index);
++ perror(L"Malformed section %d\n", index);
+ status = EFI_INVALID_PARAMETER;
+ goto done;
+ }
+ /* Validate section size is within image. */
+ if (SectionPtr->SizeOfRawData >
+ datasize - SumOfBytesHashed - SumOfSectionBytes) {
+- Print(L"Malformed section %d size\n", index);
++ perror(L"Malformed section %d size\n", index);
+ status = EFI_INVALID_PARAMETER;
+ goto done;
+ }
+@@ -637,7 +645,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+
+ SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * context->PEHdr->Pe32.FileHeader.NumberOfSections);
+ if (SectionHeader == NULL) {
+- Print(L"Unable to allocate section header\n");
++ perror(L"Unable to allocate section header\n");
+ status = EFI_OUT_OF_RESOURCES;
+ goto done;
+ }
+@@ -669,7 +677,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+ hashbase = ImageAddress(data, size, Section->PointerToRawData);
+
+ if (!hashbase) {
+- Print(L"Malformed section header\n");
++ perror(L"Malformed section header\n");
+ status = EFI_INVALID_PARAMETER;
+ goto done;
+ }
+@@ -677,7 +685,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+ /* Verify hashsize within image. */
+ if (Section->SizeOfRawData >
+ datasize - Section->PointerToRawData) {
+- Print(L"Malformed section raw size %d\n", index);
++ perror(L"Malformed section raw size %d\n", index);
+ status = EFI_INVALID_PARAMETER;
+ goto done;
+ }
+@@ -685,7 +693,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+ !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+- Print(L"Unable to generate hash\n");
++ perror(L"Unable to generate hash\n");
+ status = EFI_OUT_OF_RESOURCES;
+ goto done;
+ }
+@@ -706,7 +714,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+ !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+- Print(L"Unable to generate hash\n");
++ perror(L"Unable to generate hash\n");
+ status = EFI_OUT_OF_RESOURCES;
+ goto done;
+ }
+@@ -714,7 +722,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+
+ if (!(Sha256Final(sha256ctx, sha256hash)) ||
+ !(Sha1Final(sha1ctx, sha1hash))) {
+- Print(L"Unable to finalise hash\n");
++ perror(L"Unable to finalise hash\n");
+ status = EFI_OUT_OF_RESOURCES;
+ goto done;
+ }
+@@ -744,9 +752,9 @@ static EFI_STATUS verify_mok (void) {
+ shim_lock_guid, &attributes);
+
+ if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
+- Print(L"MokList is compromised!\nErase all keys in MokList!\n");
++ perror(L"MokList is compromised!\nErase all keys in MokList!\n");
+ if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) {
+- Print(L"Failed to erase MokList\n");
++ perror(L"Failed to erase MokList\n");
+ return EFI_ACCESS_DENIED;
+ }
+ }
+@@ -774,13 +782,13 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
+ context->SecDir->VirtualAddress);
+
+ if (!cert) {
+- Print(L"Certificate located outside the image\n");
++ perror(L"Certificate located outside the image\n");
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (cert->Hdr.wCertificateType !=
+ WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
+- Print(L"Unsupported certificate type %x\n",
++ perror(L"Unsupported certificate type %x\n",
+ cert->Hdr.wCertificateType);
+ return EFI_UNSUPPORTED;
+ }
+@@ -804,7 +812,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
+ status = check_blacklist(cert, sha256hash, sha1hash);
+
+ if (status != EFI_SUCCESS) {
+- Print(L"Binary is blacklisted\n");
++ perror(L"Binary is blacklisted\n");
+ return status;
+ }
+
+@@ -857,7 +865,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+ unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize;
+
+ if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) {
+- Print(L"Invalid image\n");
++ perror(L"Invalid image\n");
+ return EFI_UNSUPPORTED;
+ }
+
+@@ -877,7 +885,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+ context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections;
+
+ if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) {
+- Print(L"Image header too small\n");
++ perror(L"Image header too small\n");
+ return EFI_UNSUPPORTED;
+ }
+
+@@ -885,7 +893,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+ - sizeof (EFI_IMAGE_DATA_DIRECTORY) * EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES;
+ if (((UINT32)PEHdr->Pe32.FileHeader.SizeOfOptionalHeader - HeaderWithoutDataDir) !=
+ context->NumberOfRvaAndSizes * sizeof (EFI_IMAGE_DATA_DIRECTORY)) {
+- Print(L"Image header overflows data directory\n");
++ perror(L"Image header overflows data directory\n");
+ return EFI_UNSUPPORTED;
+ }
+
+@@ -895,28 +903,28 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+ + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader;
+ if (((UINT32)context->ImageSize - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER
+ <= context->NumberOfSections) {
+- Print(L"Image sections overflow image size\n");
++ perror(L"Image sections overflow image size\n");
+ return EFI_UNSUPPORTED;
+ }
+
+ if ((context->SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER
+ < (UINT32)context->NumberOfSections) {
+- Print(L"Image sections overflow section headers\n");
++ perror(L"Image sections overflow section headers\n");
+ return EFI_UNSUPPORTED;
+ }
+
+ if ((((UINT8 *)PEHdr - (UINT8 *)data) + sizeof(EFI_IMAGE_OPTIONAL_HEADER_UNION)) > datasize) {
+- Print(L"Invalid image\n");
++ perror(L"Invalid image\n");
+ return EFI_UNSUPPORTED;
+ }
+
+ if (PEHdr->Te.Signature != EFI_IMAGE_NT_SIGNATURE) {
+- Print(L"Unsupported image type\n");
++ perror(L"Unsupported image type\n");
+ return EFI_UNSUPPORTED;
+ }
+
+ if (PEHdr->Pe32.FileHeader.Characteristics & EFI_IMAGE_FILE_RELOCS_STRIPPED) {
+- Print(L"Unsupported image - Relocations have been stripped\n");
++ perror(L"Unsupported image - Relocations have been stripped\n");
+ return EFI_UNSUPPORTED;
+ }
+
+@@ -935,23 +943,24 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+ context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER));
+
+ if (context->ImageSize < context->SizeOfHeaders) {
+- Print(L"Invalid image\n");
++ perror(L"Invalid image\n");
+ return EFI_UNSUPPORTED;
+ }
+
+ if ((unsigned long)((UINT8 *)context->SecDir - (UINT8 *)data) >
+ (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) {
+- Print(L"Invalid image\n");
++ perror(L"Invalid image\n");
+ return EFI_UNSUPPORTED;
+ }
+
+ if (context->SecDir->VirtualAddress >= datasize) {
+- Print(L"Malformed security header\n");
++ perror(L"Malformed security header\n");
+ return EFI_INVALID_PARAMETER;
+ }
+ return EFI_SUCCESS;
+ }
+
++
+ /*
+ * Once the image has been loaded it needs to be validated and relocated
+ */
+@@ -971,7 +980,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ */
+ efi_status = read_header(data, datasize, &context);
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to read header: %r\n", efi_status);
++ perror(L"Failed to read header: %r\n", efi_status);
+ return efi_status;
+ }
+
+@@ -993,7 +1002,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ buffer = AllocatePool(context.ImageSize);
+
+ if (!buffer) {
+- Print(L"Failed to allocate image buffer\n");
++ perror(L"Failed to allocate image buffer\n");
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+@@ -1013,13 +1022,13 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ end = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress + size - 1);
+
+ if (!base || !end) {
+- Print(L"Invalid section size\n");
++ perror(L"Invalid section size\n");
+ return EFI_UNSUPPORTED;
+ }
+
+ if (Section->VirtualAddress < context.SizeOfHeaders ||
+ Section->PointerToRawData < context.SizeOfHeaders) {
+- Print(L"Section is inside image headers\n");
++ perror(L"Section is inside image headers\n");
+ return EFI_UNSUPPORTED;
+ }
+
+@@ -1038,7 +1047,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ efi_status = relocate_coff(&context, buffer);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Relocation failed: %r\n", efi_status);
++ perror(L"Relocation failed: %r\n", efi_status);
+ FreePool(buffer);
+ return efi_status;
+ }
+@@ -1056,7 +1065,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ li->LoadOptionsSize = load_options_size;
+
+ if (!entry_point) {
+- Print(L"Invalid entry point\n");
++ perror(L"Invalid entry point\n");
+ FreePool(buffer);
+ return EFI_UNSUPPORTED;
+ }
+@@ -1079,7 +1088,7 @@ should_use_fallback(EFI_HANDLE image_handle)
+ rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle,
+ &loaded_image_protocol, (void **)&li);
+ if (EFI_ERROR(rc)) {
+- Print(L"Could not get image for bootx64.efi: %r\n", rc);
++ perror(L"Could not get image for bootx64.efi: %r\n", rc);
+ return 0;
+ }
+
+@@ -1101,13 +1110,13 @@ should_use_fallback(EFI_HANDLE image_handle)
+ rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle,
+ &FileSystemProtocol, (void **)&fio);
+ if (EFI_ERROR(rc)) {
+- Print(L"Could not get fio for li->DeviceHandle: %r\n", rc);
++ perror(L"Could not get fio for li->DeviceHandle: %r\n", rc);
+ return 0;
+ }
+-
++
+ rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh);
+ if (EFI_ERROR(rc)) {
+- Print(L"Could not open fio volume: %r\n", rc);
++ perror(L"Could not open fio volume: %r\n", rc);
+ return 0;
+ }
+
+@@ -1185,7 +1194,7 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath,
+ *PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath));
+
+ if (!*PathName) {
+- Print(L"Failed to allocate path buffer\n");
++ perror(L"Failed to allocate path buffer\n");
+ efi_status = EFI_OUT_OF_RESOURCES;
+ goto error;
+ }
+@@ -1226,14 +1235,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
+ (void **)&drive);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to find fs: %r\n", efi_status);
++ perror(L"Failed to find fs: %r\n", efi_status);
+ goto error;
+ }
+
+ efi_status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to open fs: %r\n", efi_status);
++ perror(L"Failed to open fs: %r\n", efi_status);
+ goto error;
+ }
+
+@@ -1244,14 +1253,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
+ EFI_FILE_MODE_READ, 0);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to open %s - %r\n", PathName, efi_status);
++ perror(L"Failed to open %s - %r\n", PathName, efi_status);
+ goto error;
+ }
+
+ fileinfo = AllocatePool(buffersize);
+
+ if (!fileinfo) {
+- Print(L"Unable to allocate file info buffer\n");
++ perror(L"Unable to allocate file info buffer\n");
+ efi_status = EFI_OUT_OF_RESOURCES;
+ goto error;
+ }
+@@ -1267,7 +1276,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
+ FreePool(fileinfo);
+ fileinfo = AllocatePool(buffersize);
+ if (!fileinfo) {
+- Print(L"Unable to allocate file info buffer\n");
++ perror(L"Unable to allocate file info buffer\n");
+ efi_status = EFI_OUT_OF_RESOURCES;
+ goto error;
+ }
+@@ -1277,7 +1286,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
+ }
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Unable to get file info: %r\n", efi_status);
++ perror(L"Unable to get file info: %r\n", efi_status);
+ goto error;
+ }
+
+@@ -1286,7 +1295,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
+ *data = AllocatePool(buffersize);
+
+ if (!*data) {
+- Print(L"Unable to allocate file buffer\n");
++ perror(L"Unable to allocate file buffer\n");
+ efi_status = EFI_OUT_OF_RESOURCES;
+ goto error;
+ }
+@@ -1305,7 +1314,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
+ }
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize);
++ perror(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize);
+ goto error;
+ }
+
+@@ -1335,6 +1344,7 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size)
+ PE_COFF_LOADER_IMAGE_CONTEXT context;
+
+ loader_is_participating = 1;
++ in_protocol = 1;
+
+ if (!secure_mode())
+ return EFI_SUCCESS;
+@@ -1342,9 +1352,35 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size)
+ status = read_header(buffer, size, &context);
+
+ if (status != EFI_SUCCESS)
+- return status;
++ goto done;
+
+ status = verify_buffer(buffer, size, &context);
++done:
++ in_protocol = 0;
++ return status;
++}
++
++static EFI_STATUS shim_hash (char *data, int datasize,
++ PE_COFF_LOADER_IMAGE_CONTEXT *context,
++ UINT8 *sha256hash, UINT8 *sha1hash)
++{
++ EFI_STATUS status;
++
++ in_protocol = 1;
++ status = generate_hash(data, datasize, context, sha256hash, sha1hash);
++ in_protocol = 0;
++
++ return status;
++}
++
++static EFI_STATUS shim_read_header(void *data, unsigned int datasize,
++ PE_COFF_LOADER_IMAGE_CONTEXT *context)
++{
++ EFI_STATUS status;
++
++ in_protocol = 1;
++ status = read_header(data, datasize, context);
++ in_protocol = 0;
+
+ return status;
+ }
+@@ -1371,7 +1407,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
+ &loaded_image_protocol, (void **)&li);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Unable to init protocol\n");
++ perror(L"Unable to init protocol\n");
+ return efi_status;
+ }
+
+@@ -1381,20 +1417,20 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
+ efi_status = generate_path(li, ImagePath, &PathName);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status);
++ perror(L"Unable to generate path %s: %r\n", ImagePath, efi_status);
+ goto done;
+ }
+
+ if (findNetboot(li->DeviceHandle)) {
+ efi_status = parseNetbootinfo(image_handle);
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Netboot parsing failed: %r\n", efi_status);
++ perror(L"Netboot parsing failed: %r\n", efi_status);
+ return EFI_PROTOCOL_ERROR;
+ }
+ efi_status = FetchNetbootimage(image_handle, &sourcebuffer,
+ &sourcesize);
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Unable to fetch TFTP image: %r\n", efi_status);
++ perror(L"Unable to fetch TFTP image: %r\n", efi_status);
+ return efi_status;
+ }
+ data = sourcebuffer;
+@@ -1406,7 +1442,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
+ efi_status = load_image(li, &data, &datasize, PathName);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to load image %s: %r\n", PathName, efi_status);
++ perror(L"Failed to load image %s: %r\n", PathName, efi_status);
+ goto done;
+ }
+ }
+@@ -1423,7 +1459,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
+ efi_status = handle_image(data, datasize, li);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to load image: %r\n", efi_status);
++ perror(L"Failed to load image: %r\n", efi_status);
+ CopyMem(li, &li_bak, sizeof(li_bak));
+ goto done;
+ }
+@@ -1495,7 +1531,7 @@ EFI_STATUS mirror_mok_list()
+ ;
+ FullData = AllocatePool(FullDataSize);
+ if (!FullData) {
+- Print(L"Failed to allocate space for MokListRT\n");
++ perror(L"Failed to allocate space for MokListRT\n");
+ return EFI_OUT_OF_RESOURCES;
+ }
+ p = FullData;
+@@ -1526,7 +1562,7 @@ EFI_STATUS mirror_mok_list()
+ | EFI_VARIABLE_RUNTIME_ACCESS,
+ FullDataSize, FullData);
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to set MokListRT: %r\n", efi_status);
++ perror(L"Failed to set MokListRT: %r\n", efi_status);
+ }
+
+ return efi_status;
+@@ -1567,7 +1603,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
+ efi_status = start_image(image_handle, MOK_MANAGER);
+
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to start MokManager: %r\n", efi_status);
++ perror(L"Failed to start MokManager: %r\n", efi_status);
+ return efi_status;
+ }
+ }
+@@ -1601,9 +1637,9 @@ static EFI_STATUS check_mok_sb (void)
+ * modified by the OS
+ */
+ if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
+- Print(L"MokSBState is compromised! Clearing it\n");
++ perror(L"MokSBState is compromised! Clearing it\n");
+ if (LibDeleteVariable(L"MokSBState", &shim_lock_guid) != EFI_SUCCESS) {
+- Print(L"Failed to erase MokSBState\n");
++ perror(L"Failed to erase MokSBState\n");
+ }
+ status = EFI_ACCESS_DENIED;
+ } else {
+@@ -1642,9 +1678,9 @@ static EFI_STATUS check_mok_db (void)
+ * modified by the OS
+ */
+ if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
+- Print(L"MokDBState is compromised! Clearing it\n");
++ perror(L"MokDBState is compromised! Clearing it\n");
+ if (LibDeleteVariable(L"MokDBState", &shim_lock_guid) != EFI_SUCCESS) {
+- Print(L"Failed to erase MokDBState\n");
++ perror(L"Failed to erase MokDBState\n");
+ }
+ status = EFI_ACCESS_DENIED;
+ } else {
+@@ -1674,7 +1710,7 @@ static EFI_STATUS mok_ignore_db()
+ | EFI_VARIABLE_RUNTIME_ACCESS,
+ DataSize, (void *)&Data);
+ if (efi_status != EFI_SUCCESS) {
+- Print(L"Failed to set MokIgnoreDB: %r\n", efi_status);
++ perror(L"Failed to set MokIgnoreDB: %r\n", efi_status);
+ }
+ }
+
+@@ -1702,7 +1738,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
+ status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle,
+ &LoadedImageProtocol, (void **) &li);
+ if (status != EFI_SUCCESS) {
+- Print (L"Failed to get load options: %r\n", status);
++ perror (L"Failed to get load options: %r\n", status);
+ return status;
+ }
+
+@@ -1746,7 +1782,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
+ if (loader_len > 0) {
+ loader_str = AllocatePool((loader_len + 1) * sizeof(CHAR16));
+ if (!loader_str) {
+- Print(L"Failed to allocate loader string\n");
++ perror(L"Failed to allocate loader string\n");
+ return EFI_OUT_OF_RESOURCES;
+ }
+ for (i = 0; i < loader_len; i++)
+@@ -1825,8 +1861,8 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
+ * call back in and use shim functions
+ */
+ shim_lock_interface.Verify = shim_verify;
+- shim_lock_interface.Hash = generate_hash;
+- shim_lock_interface.Context = read_header;
++ shim_lock_interface.Hash = shim_hash;
++ shim_lock_interface.Context = shim_read_header;
+
+ systab = passed_systab;
+
+--
+1.9.3
+
diff --git a/SOURCES/0038-Free-the-string-from-DevicePathToStr.patch b/SOURCES/0038-Free-the-string-from-DevicePathToStr.patch
new file mode 100644
index 0000000..9885446
--- /dev/null
+++ b/SOURCES/0038-Free-the-string-from-DevicePathToStr.patch
@@ -0,0 +1,82 @@
+From c36d88cb16d10fdc8da2abcc00d3c51f0d425e34 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Thu, 31 Oct 2013 17:54:46 +0800
+Subject: [PATCH 38/74] Free the string from DevicePathToStr
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+
+Conflicts:
+ shim.c
+---
+ shim.c | 20 +++++++++++++-------
+ 1 file changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index 69af766..72d6072 100644
+--- a/shim.c
++++ b/shim.c
+@@ -1079,11 +1079,12 @@ should_use_fallback(EFI_HANDLE image_handle)
+ EFI_GUID loaded_image_protocol = LOADED_IMAGE_PROTOCOL;
+ EFI_LOADED_IMAGE *li;
+ unsigned int pathlen = 0;
+- CHAR16 *bootpath;
++ CHAR16 *bootpath = NULL;
+ EFI_FILE_IO_INTERFACE *fio = NULL;
+ EFI_FILE *vh;
+ EFI_FILE *fh;
+ EFI_STATUS rc;
++ int ret = 0;
+
+ rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle,
+ &loaded_image_protocol, (void **)&li);
+@@ -1101,23 +1102,23 @@ should_use_fallback(EFI_HANDLE image_handle)
+ */
+ if (StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\BOOT", 14) &&
+ StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\/BOOT", 15))
+- return 0;
++ goto error;
+
+ pathlen = StrLen(bootpath);
+ if (pathlen < 5 || StrCaseCmp(bootpath + pathlen - 4, L".EFI"))
+- return 0;
++ goto error;
+
+ rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle,
+ &FileSystemProtocol, (void **)&fio);
+ if (EFI_ERROR(rc)) {
+ perror(L"Could not get fio for li->DeviceHandle: %r\n", rc);
+- return 0;
++ goto error;
+ }
+
+ rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh);
+ if (EFI_ERROR(rc)) {
+ perror(L"Could not open fio volume: %r\n", rc);
+- return 0;
++ goto error;
+ }
+
+ rc = uefi_call_wrapper(vh->Open, 5, vh, &fh, L"\\EFI\\BOOT" FALLBACK,
+@@ -1130,12 +1131,17 @@ should_use_fallback(EFI_HANDLE image_handle)
+ * rc);
+ */
+ uefi_call_wrapper(vh->Close, 1, vh);
+- return 0;
++ goto error;
+ }
+ uefi_call_wrapper(fh->Close, 1, fh);
+ uefi_call_wrapper(vh->Close, 1, vh);
+
+- return 1;
++ ret = 1;
++error:
++ if (bootpath)
++ FreePool(bootpath);
++
++ return ret;
+ }
+
+ /*
+--
+1.9.3
+
diff --git a/SOURCES/0039-Explain-the-logic-in-secure_mode-better.patch b/SOURCES/0039-Explain-the-logic-in-secure_mode-better.patch
new file mode 100644
index 0000000..4c385a1
--- /dev/null
+++ b/SOURCES/0039-Explain-the-logic-in-secure_mode-better.patch
@@ -0,0 +1,33 @@
+From 86173dba42ad5ae002ac99cc515e60104da2245c Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 25 Jun 2014 10:46:19 -0400
+Subject: [PATCH 39/74] Explain the logic in secure_mode() better.
+
+I was getting confused reading it, and I wrote it, so clearly it needs
+more commentry.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ shim.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/shim.c b/shim.c
+index 72d6072..210e778 100644
+--- a/shim.c
++++ b/shim.c
+@@ -499,6 +499,12 @@ static BOOLEAN secure_mode (void)
+ return FALSE;
+ }
+
++ /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode",
++ * then the implementation is bad, but we assume that secure boot is
++ * enabled according to the status of "SecureBoot". If we have both
++ * of them, then "SetupMode" may tell us additional data, and we need
++ * to consider it.
++ */
+ status = get_variable(L"SetupMode", &Data, &len, global_var);
+ if (status != EFI_SUCCESS)
+ return TRUE;
+--
+1.9.3
+
diff --git a/SOURCES/0040-Check-the-secure-variables-with-the-lib-functions.patch b/SOURCES/0040-Check-the-secure-variables-with-the-lib-functions.patch
new file mode 100644
index 0000000..f8d0206
--- /dev/null
+++ b/SOURCES/0040-Check-the-secure-variables-with-the-lib-functions.patch
@@ -0,0 +1,106 @@
+From 868b3721159ee615a1b774645d610a13b5827e5e Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Thu, 31 Oct 2013 16:08:32 +0800
+Subject: [PATCH 40/74] Check the secure variables with the lib functions
+
+There are functions defined in lib to check the secure variables.
+Use the functions to shun the duplicate code.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+
+Conflicts:
+ shim.c
+---
+ lib/variables.c | 14 ++++++++++----
+ shim.c | 32 ++------------------------------
+ 2 files changed, 12 insertions(+), 34 deletions(-)
+
+diff --git a/lib/variables.c b/lib/variables.c
+index 3a9735e..4c64d7e 100644
+--- a/lib/variables.c
++++ b/lib/variables.c
+@@ -284,9 +284,12 @@ variable_is_setupmode(void)
+ /* set to 1 because we return true if SetupMode doesn't exist */
+ UINT8 SetupMode = 1;
+ UINTN DataSize = sizeof(SetupMode);
++ EFI_STATUS status;
+
+- uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL,
+- &DataSize, &SetupMode);
++ status = uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL,
++ &DataSize, &SetupMode);
++ if (EFI_ERROR(status))
++ return 1;
+
+ return SetupMode;
+ }
+@@ -297,10 +300,13 @@ variable_is_secureboot(void)
+ /* return false if variable doesn't exist */
+ UINT8 SecureBoot = 0;
+ UINTN DataSize;
++ EFI_STATUS status;
+
+ DataSize = sizeof(SecureBoot);
+- uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL,
+- &DataSize, &SecureBoot);
++ status = uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL,
++ &DataSize, &SecureBoot);
++ if (EFI_ERROR(status))
++ return 0;
+
+ return SecureBoot;
+ }
+diff --git a/shim.c b/shim.c
+index 210e778..14fb601 100644
+--- a/shim.c
++++ b/shim.c
+@@ -475,44 +475,16 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert,
+
+ static BOOLEAN secure_mode (void)
+ {
+- EFI_STATUS status;
+- EFI_GUID global_var = EFI_GLOBAL_VARIABLE;
+- UINTN len;
+- UINT8 *Data;
+- UINT8 sb, setupmode;
+-
+ if (user_insecure_mode)
+ return FALSE;
+
+- status = get_variable(L"SecureBoot", &Data, &len, global_var);
+- if (status != EFI_SUCCESS) {
++ if (variable_is_secureboot() != 1) {
+ if (verbose && !in_protocol)
+ console_notify(L"Secure boot not enabled");
+ return FALSE;
+ }
+- sb = *Data;
+- FreePool(Data);
+-
+- if (sb != 1) {
+- if (verbose && !in_protocol)
+- console_notify(L"Secure boot not enabled");
+- return FALSE;
+- }
+-
+- /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode",
+- * then the implementation is bad, but we assume that secure boot is
+- * enabled according to the status of "SecureBoot". If we have both
+- * of them, then "SetupMode" may tell us additional data, and we need
+- * to consider it.
+- */
+- status = get_variable(L"SetupMode", &Data, &len, global_var);
+- if (status != EFI_SUCCESS)
+- return TRUE;
+-
+- setupmode = *Data;
+- FreePool(Data);
+
+- if (setupmode == 1) {
++ if (variable_is_setupmode() == 1) {
+ if (verbose && !in_protocol)
+ console_notify(L"Platform is in setup mode");
+ return FALSE;
+--
+1.9.3
+
diff --git a/SOURCES/0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch b/SOURCES/0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch
new file mode 100644
index 0000000..c55346e
--- /dev/null
+++ b/SOURCES/0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch
@@ -0,0 +1,84 @@
+From eb4cb6a50981f9ef4698b3847bd32e70081ab71d Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 25 Jun 2014 10:55:56 -0400
+Subject: [PATCH 41/74] Make sure we default to assuming we're locked down.
+
+If "SecureBoot" exists but "SetupMode" does not, assume "SetupMode" says
+we're not in Setup Mode.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ include/variables.h | 2 +-
+ lib/variables.c | 8 ++++----
+ shim.c | 8 +++++++-
+ 3 files changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/include/variables.h b/include/variables.h
+index b207dbf..deed269 100644
+--- a/include/variables.h
++++ b/include/variables.h
+@@ -50,7 +50,7 @@ SETOSIndicationsAndReboot(UINT64 indications);
+ int
+ variable_is_secureboot(void);
+ int
+-variable_is_setupmode(void);
++variable_is_setupmode(int default_return);
+ EFI_STATUS
+ variable_enroll_hash(CHAR16 *var, EFI_GUID owner,
+ UINT8 hash[SHA256_DIGEST_SIZE]);
+diff --git a/lib/variables.c b/lib/variables.c
+index 4c64d7e..59d7d05 100644
+--- a/lib/variables.c
++++ b/lib/variables.c
+@@ -139,7 +139,7 @@ SetSecureVariable(CHAR16 *var, UINT8 *Data, UINTN len, EFI_GUID owner,
+ /* Microsoft request: Bugs in some UEFI platforms mean that PK or any
+ * other secure variable can be updated or deleted programmatically,
+ * so prevent */
+- if (!variable_is_setupmode())
++ if (!variable_is_setupmode(1))
+ return EFI_SECURITY_VIOLATION;
+
+ if (createtimebased) {
+@@ -279,17 +279,17 @@ find_in_variable_esl(CHAR16* var, EFI_GUID owner, UINT8 *key, UINTN keylen)
+ }
+
+ int
+-variable_is_setupmode(void)
++variable_is_setupmode(int default_return)
+ {
+ /* set to 1 because we return true if SetupMode doesn't exist */
+- UINT8 SetupMode = 1;
++ UINT8 SetupMode = default_return;
+ UINTN DataSize = sizeof(SetupMode);
+ EFI_STATUS status;
+
+ status = uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL,
+ &DataSize, &SetupMode);
+ if (EFI_ERROR(status))
+- return 1;
++ return default_return;
+
+ return SetupMode;
+ }
+diff --git a/shim.c b/shim.c
+index 14fb601..fe73ec1 100644
+--- a/shim.c
++++ b/shim.c
+@@ -484,7 +484,13 @@ static BOOLEAN secure_mode (void)
+ return FALSE;
+ }
+
+- if (variable_is_setupmode() == 1) {
++ /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode",
++ * then the implementation is bad, but we assume that secure boot is
++ * enabled according to the status of "SecureBoot". If we have both
++ * of them, then "SetupMode" may tell us additional data, and we need
++ * to consider it.
++ */
++ if (variable_is_setupmode(0) == 1) {
+ if (verbose && !in_protocol)
+ console_notify(L"Platform is in setup mode");
+ return FALSE;
+--
+1.9.3
+
diff --git a/SOURCES/0042-Simplify-the-checking-of-SB-and-DB-states.patch b/SOURCES/0042-Simplify-the-checking-of-SB-and-DB-states.patch
new file mode 100644
index 0000000..6cb4f18
--- /dev/null
+++ b/SOURCES/0042-Simplify-the-checking-of-SB-and-DB-states.patch
@@ -0,0 +1,92 @@
+From e5f161147de6bea68e09f33bc294c6ab644d9a78 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Thu, 31 Oct 2013 17:32:13 +0800
+Subject: [PATCH 42/74] Simplify the checking of SB and DB states
+
+MokSBState and MokDBState are just 1 byte variables, so a UINT8
+local variable is sufficient to include the content.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+
+Conflicts:
+ shim.c
+---
+ shim.c | 26 ++++++++++----------------
+ 1 file changed, 10 insertions(+), 16 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index fe73ec1..ea8eba8 100644
+--- a/shim.c
++++ b/shim.c
+@@ -1609,16 +1609,15 @@ static EFI_STATUS check_mok_sb (void)
+ {
+ EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
+ EFI_STATUS status = EFI_SUCCESS;
+- UINT8 *MokSBState = NULL;
+- UINTN MokSBStateSize = 0;
++ UINT8 MokSBState;
++ UINTN MokSBStateSize = sizeof(MokSBState);
+ UINT32 attributes;
+
+ user_insecure_mode = 0;
+ ignore_db = 0;
+
+- status = get_variable_attr(L"MokSBState", &MokSBState, &MokSBStateSize,
+- shim_lock_guid, &attributes);
+-
++ status = uefi_call_wrapper(RT->GetVariable, 5, L"MokSBState", &shim_lock_guid,
++ &attributes, &MokSBStateSize, &MokSBState);
+ if (status != EFI_SUCCESS)
+ return EFI_ACCESS_DENIED;
+
+@@ -1633,13 +1632,11 @@ static EFI_STATUS check_mok_sb (void)
+ }
+ status = EFI_ACCESS_DENIED;
+ } else {
+- if (*(UINT8 *)MokSBState == 1) {
++ if (MokSBState == 1) {
+ user_insecure_mode = 1;
+ }
+ }
+
+- FreePool(MokSBState);
+-
+ return status;
+ }
+
+@@ -1651,13 +1648,12 @@ static EFI_STATUS check_mok_db (void)
+ {
+ EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
+ EFI_STATUS status = EFI_SUCCESS;
+- UINT8 *MokDBState = NULL;
+- UINTN MokDBStateSize = 0;
++ UINT8 MokDBState;
++ UINTN MokDBStateSize = sizeof(MokDBStateSize);
+ UINT32 attributes;
+
+- status = get_variable_attr(L"MokDBState", &MokDBState, &MokDBStateSize,
+- shim_lock_guid, &attributes);
+-
++ status = uefi_call_wrapper(RT->GetVariable, 5, L"MokDBState", &shim_lock_guid,
++ &attributes, &MokDBStateSize, &MokDBState);
+ if (status != EFI_SUCCESS)
+ return EFI_ACCESS_DENIED;
+
+@@ -1674,13 +1670,11 @@ static EFI_STATUS check_mok_db (void)
+ }
+ status = EFI_ACCESS_DENIED;
+ } else {
+- if (*(UINT8 *)MokDBState == 1) {
++ if (MokDBState == 1) {
+ ignore_db = 1;
+ }
+ }
+
+- FreePool(MokDBState);
+-
+ return status;
+ }
+
+--
+1.9.3
+
diff --git a/SOURCES/0043-Update-openssl-to-0.9.8za.patch b/SOURCES/0043-Update-openssl-to-0.9.8za.patch
new file mode 100644
index 0000000..a31ff6e
--- /dev/null
+++ b/SOURCES/0043-Update-openssl-to-0.9.8za.patch
@@ -0,0 +1,3032 @@
+From 76f8050ff6003e6048fdc4430d8b503aff934255 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Wed, 9 Jul 2014 15:02:50 +0800
+Subject: [PATCH 43/74] Update openssl to 0.9.8za
+
+Also update to Tiano Cryptlib r15638
+---
+ Cryptlib/Cryptlib.diff | 4 +-
+ Cryptlib/Include/openssl/bn.h | 11 +
+ Cryptlib/Include/openssl/crypto.h | 37 +-
+ Cryptlib/Include/openssl/ec.h | 10 +-
+ Cryptlib/Include/openssl/engine.h | 8 +-
+ Cryptlib/Include/openssl/opensslv.h | 6 +-
+ Cryptlib/Include/openssl/ssl.h | 13 +-
+ Cryptlib/Include/openssl/ssl3.h | 10 +
+ Cryptlib/Include/openssl/symhacks.h | 10 +-
+ Cryptlib/Include/openssl/tls1.h | 14 +
+ Cryptlib/Makefile | 6 +-
+ Cryptlib/OpenSSL/crypto/asn1/a_int.c | 2 +-
+ Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 1 +
+ Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 2 +-
+ Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 6 +
+ Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 5 -
+ Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 5 +-
+ Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 52 ++
+ Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 46 +-
+ Cryptlib/OpenSSL/crypto/bn/bn_word.c | 25 +-
+ Cryptlib/OpenSSL/crypto/cryptlib.c | 16 +
+ Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 26 +-
+ Cryptlib/OpenSSL/crypto/ec/ec_key.c | 13 +-
+ Cryptlib/OpenSSL/crypto/ec/ec_lib.c | 10 +-
+ Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c | 11 +-
+ Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c | 11 +-
+ Cryptlib/OpenSSL/crypto/engine/eng_all.c | 6 +-
+ Cryptlib/OpenSSL/crypto/err/err_all.c | 2 +
+ Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 3 +-
+ Cryptlib/OpenSSL/crypto/evp/encode.c | 1 +
+ Cryptlib/OpenSSL/crypto/o_init.c | 14 +
+ Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 10 +-
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 8 +
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 2 +-
+ Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 4 +-
+ Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 2 +-
+ Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 6 +-
+ Cryptlib/OpenSSL/update.sh | 998 ++++++++++++-----------
+ Cryptlib/Pk/CryptPkcs7Sign.c | 207 +++++
+ Cryptlib/Pk/CryptPkcs7SignNull.c | 59 ++
+ Cryptlib/Pk/{CryptPkcs7.c => CryptPkcs7Verify.c} | 306 +++----
+ Cryptlib/Pk/CryptPkcs7VerifyNull.c | 100 +++
+ Cryptlib/Pk/CryptRsaExtNull.c | 125 +++
+ Cryptlib/Rand/CryptRand.c | 11 +-
+ Cryptlib/update.sh | 9 +-
+ 45 files changed, 1425 insertions(+), 808 deletions(-)
+ create mode 100644 Cryptlib/Pk/CryptPkcs7Sign.c
+ create mode 100644 Cryptlib/Pk/CryptPkcs7SignNull.c
+ rename Cryptlib/Pk/{CryptPkcs7.c => CryptPkcs7Verify.c} (74%)
+ create mode 100644 Cryptlib/Pk/CryptPkcs7VerifyNull.c
+ create mode 100644 Cryptlib/Pk/CryptRsaExtNull.c
+
+diff --git a/Cryptlib/Cryptlib.diff b/Cryptlib/Cryptlib.diff
+index 9663d90..a2f49d6 100644
+--- a/Cryptlib/Cryptlib.diff
++++ b/Cryptlib/Cryptlib.diff
+@@ -6,8 +6,8 @@ index 68bc25a..1abe78e 100644
+ // BUG: hardcode OldSize == size! We have no any knowledge about
+ // memory size of original pointer ptr.
+ //
+-- return ReallocatePool ((UINTN)size, (UINTN)size, ptr);
+-+ return ReallocatePool (ptr, (UINTN)size, (UINTN)size);
++- return ReallocatePool ((UINTN) size, (UINTN) size, ptr);
+++ return ReallocatePool (ptr, (UINTN) size, (UINTN) size);
+ }
+
+ /* De-allocates or frees a memory block */
+diff --git a/Cryptlib/Include/openssl/bn.h b/Cryptlib/Include/openssl/bn.h
+index f1719a5..688a4e7 100644
+--- a/Cryptlib/Include/openssl/bn.h
++++ b/Cryptlib/Include/openssl/bn.h
+@@ -511,6 +511,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
+ BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+ const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+
++void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
++
+ /* Deprecated versions */
+ #ifndef OPENSSL_NO_DEPRECATED
+ BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
+@@ -740,11 +742,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
+
+ #define bn_fix_top(a) bn_check_top(a)
+
++#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
++#define bn_wcheck_size(bn, words) \
++ do { \
++ const BIGNUM *_bnum2 = (bn); \
++ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
++ } while(0)
++
+ #else /* !BN_DEBUG */
+
+ #define bn_pollute(a)
+ #define bn_check_top(a)
+ #define bn_fix_top(a) bn_correct_top(a)
++#define bn_check_size(bn, bits)
++#define bn_wcheck_size(bn, words)
+
+ #endif
+
+diff --git a/Cryptlib/Include/openssl/crypto.h b/Cryptlib/Include/openssl/crypto.h
+index fc1374f..ac0c949 100644
+--- a/Cryptlib/Include/openssl/crypto.h
++++ b/Cryptlib/Include/openssl/crypto.h
+@@ -235,15 +235,15 @@ typedef struct openssl_item_st
+ #ifndef OPENSSL_NO_LOCKING
+ #ifndef CRYPTO_w_lock
+ #define CRYPTO_w_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
+ #define CRYPTO_w_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
+ #define CRYPTO_r_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
+ #define CRYPTO_r_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
+ #define CRYPTO_add(addr,amount,type) \
+- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
++ CRYPTO_add_lock(addr,amount,type,NULL,0)
+ #endif
+ #else
+ #define CRYPTO_w_lock(a)
+@@ -361,19 +361,19 @@ int CRYPTO_is_mem_check_on(void);
+ #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
+ #define is_MemCheck_on() CRYPTO_is_mem_check_on()
+
+-#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
+-#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
++#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
++#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
+ #define OPENSSL_realloc(addr,num) \
+- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_realloc((char *)addr,(int)num,NULL,0)
+ #define OPENSSL_realloc_clean(addr,old_num,num) \
+- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
+ #define OPENSSL_remalloc(addr,num) \
+- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
+ #define OPENSSL_freeFunc CRYPTO_free
+ #define OPENSSL_free(addr) CRYPTO_free(addr)
+
+ #define OPENSSL_malloc_locked(num) \
+- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
++ CRYPTO_malloc_locked((int)num,NULL,0)
+ #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
+
+
+@@ -487,7 +487,7 @@ void CRYPTO_set_mem_debug_options(long bits);
+ long CRYPTO_get_mem_debug_options(void);
+
+ #define CRYPTO_push_info(info) \
+- CRYPTO_push_info_(info, __FILE__, __LINE__);
++ CRYPTO_push_info_(info, NULL, 0);
+ int CRYPTO_push_info_(const char *info, const char *file, int line);
+ int CRYPTO_pop_info(void);
+ int CRYPTO_remove_all_info(void);
+@@ -528,17 +528,17 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
+
+ /* die if we have to */
+ void OpenSSLDie(const char *file,int line,const char *assertion);
+-#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
++#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
+
+ unsigned long *OPENSSL_ia32cap_loc(void);
+ #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
+ int OPENSSL_isservice(void);
+
+ #ifdef OPENSSL_FIPS
+-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
++#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
+ alg " previous FIPS forbidden algorithm error ignored");
+
+-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
++#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
+ #alg " Algorithm forbidden in FIPS mode");
+
+ #ifdef OPENSSL_FIPS_STRICT
+@@ -591,6 +591,13 @@ int OPENSSL_isservice(void);
+ #define OPENSSL_HAVE_INIT 1
+ void OPENSSL_init(void);
+
++/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
++ * takes an amount of time dependent on |len|, but independent of the contents
++ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
++ * defined order as the return value when a != b is undefined, other than to be
++ * non-zero. */
++int CRYPTO_memcmp(const void *a, const void *b, size_t len);
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+diff --git a/Cryptlib/Include/openssl/ec.h b/Cryptlib/Include/openssl/ec.h
+index 8bc2a23..367307f 100644
+--- a/Cryptlib/Include/openssl/ec.h
++++ b/Cryptlib/Include/openssl/ec.h
+@@ -321,7 +321,15 @@ void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
+ /* functions to set/get method specific data */
+ void *EC_KEY_get_key_method_data(EC_KEY *,
+ void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
+-void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
++/** Sets the key method data of an EC_KEY object, if none has yet been set.
++ * \param key EC_KEY object
++ * \param data opaque data to install.
++ * \param dup_func a function that duplicates |data|.
++ * \param free_func a function that frees |data|.
++ * \param clear_free_func a function that wipes and frees |data|.
++ * \return the previously set data pointer, or NULL if |data| was inserted.
++ */
++void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
+ void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
+ /* wrapper functions for the underlying EC_GROUP object */
+ void EC_KEY_set_asn1_flag(EC_KEY *, int);
+diff --git a/Cryptlib/Include/openssl/engine.h b/Cryptlib/Include/openssl/engine.h
+index d4bc1ef..b4e0444 100644
+--- a/Cryptlib/Include/openssl/engine.h
++++ b/Cryptlib/Include/openssl/engine.h
+@@ -335,15 +335,15 @@ void ENGINE_load_gmp(void);
+ void ENGINE_load_nuron(void);
+ void ENGINE_load_sureware(void);
+ void ENGINE_load_ubsec(void);
+-#endif
+-void ENGINE_load_cryptodev(void);
+-void ENGINE_load_padlock(void);
+-void ENGINE_load_builtin_engines(void);
+ #ifdef OPENSSL_SYS_WIN32
+ #ifndef OPENSSL_NO_CAPIENG
+ void ENGINE_load_capi(void);
+ #endif
+ #endif
++#endif
++void ENGINE_load_cryptodev(void);
++void ENGINE_load_padlock(void);
++void ENGINE_load_builtin_engines(void);
+
+ /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+ * "registry" handling. */
+diff --git a/Cryptlib/Include/openssl/opensslv.h b/Cryptlib/Include/openssl/opensslv.h
+index 4a5a5ae..e5ab5c4 100644
+--- a/Cryptlib/Include/openssl/opensslv.h
++++ b/Cryptlib/Include/openssl/opensslv.h
+@@ -25,11 +25,11 @@
+ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+ * major minor fix final patch/beta)
+ */
+-#define OPENSSL_VERSION_NUMBER 0x0090817fL
++#define OPENSSL_VERSION_NUMBER 0x009081afL
+ #ifdef OPENSSL_FIPS
+-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w-fips 23 Apr 2012"
++#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-fips 5 Jun 2014"
+ #else
+-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w 23 Apr 2012"
++#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za 5 Jun 2014"
+ #endif
+ #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
+
+diff --git a/Cryptlib/Include/openssl/ssl.h b/Cryptlib/Include/openssl/ssl.h
+index eb50e14..5f2a04e 100644
+--- a/Cryptlib/Include/openssl/ssl.h
++++ b/Cryptlib/Include/openssl/ssl.h
+@@ -490,11 +490,14 @@ typedef struct ssl_session_st
+ #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
+ #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
+ #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
+-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
++#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L
+ #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
+ #define SSL_OP_TLS_D5_BUG 0x00000100L
+ #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
+
++/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
++#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0
++
+ /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
+ * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
+ * the workaround is not needed. Unfortunately some broken SSL/TLS
+@@ -1204,6 +1207,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
+ #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
+ #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
+ #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
++#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
++#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
+
+ #define SSL_ERROR_NONE 0
+ #define SSL_ERROR_SSL 1
+@@ -1820,6 +1825,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_SSL_GET_NEW_SESSION 181
+ #define SSL_F_SSL_GET_PREV_SESSION 217
+ #define SSL_F_SSL_GET_SERVER_SEND_CERT 182
++#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317
+ #define SSL_F_SSL_GET_SIGN_PKEY 183
+ #define SSL_F_SSL_INIT_WBIO_BUFFER 184
+ #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
+@@ -2073,6 +2079,11 @@ void ERR_load_SSL_strings(void);
+ #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
+ #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
+ #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
++#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
++#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
++#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
++#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
++#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
+ #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
+ #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227
+ #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
+diff --git a/Cryptlib/Include/openssl/ssl3.h b/Cryptlib/Include/openssl/ssl3.h
+index b9a85ef..de5e559 100644
+--- a/Cryptlib/Include/openssl/ssl3.h
++++ b/Cryptlib/Include/openssl/ssl3.h
+@@ -333,6 +333,7 @@ typedef struct ssl3_buffer_st
+ #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
+ #define SSL3_FLAGS_POP_BUFFER 0x0004
+ #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
++#define SSL3_FLAGS_CCS_OK 0x0080
+
+ /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+ * restart a handshake because of MS SGC and so prevents us
+@@ -460,6 +461,15 @@ typedef struct ssl3_state_st
+ unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+ unsigned char previous_server_finished_len;
+ int send_connection_binding; /* TODOEKR */
++
++#ifndef OPENSSL_NO_TLSEXT
++#ifndef OPENSSL_NO_EC
++ /* This is set to true if we believe that this is a version of Safari
++ * running on OS X 10.6 or newer. We wish to know this because Safari
++ * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
++ char is_probably_safari;
++#endif /* !OPENSSL_NO_EC */
++#endif /* !OPENSSL_NO_TLSEXT */
+ } SSL3_STATE;
+
+
+diff --git a/Cryptlib/Include/openssl/symhacks.h b/Cryptlib/Include/openssl/symhacks.h
+index 0114093..c540771 100644
+--- a/Cryptlib/Include/openssl/symhacks.h
++++ b/Cryptlib/Include/openssl/symhacks.h
+@@ -252,15 +252,15 @@
+ #define EC_POINT_set_compressed_coordinates_GF2m \
+ EC_POINT_set_compr_coords_GF2m
+ #undef ec_GF2m_simple_group_clear_finish
+-#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish
++#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish
+ #undef ec_GF2m_simple_group_check_discriminant
+ #define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim
+ #undef ec_GF2m_simple_point_clear_finish
+-#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish
++#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish
+ #undef ec_GF2m_simple_point_set_to_infinity
+-#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf
++#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf
+ #undef ec_GF2m_simple_points_make_affine
+-#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine
++#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine
+ #undef ec_GF2m_simple_point_set_affine_coordinates
+ #define ec_GF2m_simple_point_set_affine_coordinates \
+ ec_GF2m_smp_pt_set_af_coords
+@@ -288,8 +288,6 @@
+ #define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf
+ #undef ec_GFp_simple_points_make_affine
+ #define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine
+-#undef ec_GFp_simple_group_get_curve_GFp
+-#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp
+ #undef ec_GFp_simple_set_Jprojective_coordinates_GFp
+ #define ec_GFp_simple_set_Jprojective_coordinates_GFp \
+ ec_GFp_smp_set_Jproj_coords_GFp
+diff --git a/Cryptlib/Include/openssl/tls1.h b/Cryptlib/Include/openssl/tls1.h
+index afe4807..47f25af 100644
+--- a/Cryptlib/Include/openssl/tls1.h
++++ b/Cryptlib/Include/openssl/tls1.h
+@@ -80,10 +80,24 @@ extern "C" {
+
+ #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
+
++#define TLS1_2_VERSION 0x0303
++#define TLS1_2_VERSION_MAJOR 0x03
++#define TLS1_2_VERSION_MINOR 0x03
++
++#define TLS1_1_VERSION 0x0302
++#define TLS1_1_VERSION_MAJOR 0x03
++#define TLS1_1_VERSION_MINOR 0x02
++
+ #define TLS1_VERSION 0x0301
+ #define TLS1_VERSION_MAJOR 0x03
+ #define TLS1_VERSION_MINOR 0x01
+
++#define TLS1_get_version(s) \
++ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
++
++#define TLS1_get_client_version(s) \
++ ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
++
+ #define TLS1_AD_DECRYPTION_FAILED 21
+ #define TLS1_AD_RECORD_OVERFLOW 22
+ #define TLS1_AD_UNKNOWN_CA 48 /* fatal */
+diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
+index d24e59e..678baac 100644
+--- a/Cryptlib/Makefile
++++ b/Cryptlib/Makefile
+@@ -30,7 +30,11 @@ OBJS = Hash/CryptMd4.o \
+ Rand/CryptRand.o \
+ Pk/CryptRsaBasic.o \
+ Pk/CryptRsaExt.o \
+- Pk/CryptPkcs7.o \
++ Pk/CryptRsaExtNull.o \
++ Pk/CryptPkcs7Sign.o \
++ Pk/CryptPkcs7SignNull.o \
++ Pk/CryptPkcs7Verify.o \
++ Pk/CryptPkcs7VerifyNull.o \
+ Pk/CryptDh.o \
+ Pk/CryptX509.o \
+ Pk/CryptAuthenticode.o \
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c
+index f551bdb..ee26c31 100755
+--- a/Cryptlib/OpenSSL/crypto/asn1/a_int.c
++++ b/Cryptlib/OpenSSL/crypto/asn1/a_int.c
+@@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+ int pad=0,ret,i,neg;
+ unsigned char *p,*n,pb=0;
+
+- if ((a == NULL) || (a->data == NULL)) return(0);
++ if (a == NULL) return(0);
+ neg=a->type & V_ASN1_NEG;
+ if (a->length == 0)
+ ret=1;
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c
+index 264ebf2..ead37ac 100755
+--- a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c
++++ b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c
+@@ -567,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
+ if(mbflag == -1) return -1;
+ mbflag |= MBSTRING_FLAG;
+ stmp.data = NULL;
++ stmp.length = 0;
+ ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+ if(ret < 0) return ret;
+ *out = stmp.data;
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c
+index b68ae43..9b7d688 100755
+--- a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c
++++ b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c
+@@ -75,7 +75,7 @@ static int table_cmp(const void *a, const void *b);
+ * certain software (e.g. Netscape) has problems with them.
+ */
+
+-static unsigned long global_mask = 0xFFFFFFFFL;
++static unsigned long global_mask = B_ASN1_UTF8STRING;
+
+ void ASN1_STRING_set_default_mask(unsigned long mask)
+ {
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c
+index da3efaa..7ded69b 100755
+--- a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c
++++ b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c
+@@ -138,6 +138,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
+ unsigned char *buf_in=NULL;
+ int ret= -1,i,inl;
+
++ if (!pkey)
++ {
++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
++ return -1;
++ }
++
+ EVP_MD_CTX_init(&ctx);
+ i=OBJ_obj2nid(a->algorithm);
+ type=EVP_get_digestbyname(OBJ_nid2sn(i));
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c
+index afb95d6..bc23f56 100755
+--- a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c
++++ b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c
+@@ -208,11 +208,6 @@ int DSA_print(BIO *bp, const DSA *x, int off)
+
+ if (x->p)
+ buf_len = (size_t)BN_num_bytes(x->p);
+- else
+- {
+- DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
+- goto err;
+- }
+ if (x->q)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+ buf_len = i;
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c
+index 94d9f7e..bc8a7bf 100755
+--- a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c
++++ b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c
+@@ -371,12 +371,15 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+ CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+ if (key->pkey)
+ {
++ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_free(ret);
+ ret = key->pkey;
+ }
+ else
++ {
+ key->pkey = ret;
+- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
++ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
++ }
+ CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ return(ret);
+ err:
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
+index 32a8fba..b66f507 100755
+--- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
++++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
+@@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
+ }
+ return bn_cmp_words(a,b,cl);
+ }
++
++/*
++ * Constant-time conditional swap of a and b.
++ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
++ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
++ * and that no more than nwords are used by either a or b.
++ * a and b cannot be the same number
++ */
++void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
++ {
++ BN_ULONG t;
++ int i;
++
++ bn_wcheck_size(a, nwords);
++ bn_wcheck_size(b, nwords);
++
++ assert(a != b);
++ assert((condition & (condition - 1)) == 0);
++ assert(sizeof(BN_ULONG) >= sizeof(int));
++
++ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
++
++ t = (a->top^b->top) & condition;
++ a->top ^= t;
++ b->top ^= t;
++
++#define BN_CONSTTIME_SWAP(ind) \
++ do { \
++ t = (a->d[ind] ^ b->d[ind]) & condition; \
++ a->d[ind] ^= t; \
++ b->d[ind] ^= t; \
++ } while (0)
++
++
++ switch (nwords) {
++ default:
++ for (i = 10; i < nwords; i++)
++ BN_CONSTTIME_SWAP(i);
++ /* Fallthrough */
++ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
++ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
++ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
++ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
++ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
++ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
++ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
++ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
++ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
++ case 1: BN_CONSTTIME_SWAP(0);
++ }
++#undef BN_CONSTTIME_SWAP
++}
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c
+index 4799b15..27cafb1 100755
+--- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c
++++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c
+@@ -701,32 +701,38 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
+ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+ const BIGNUM *mod, BN_CTX *ctx)
+ {
+- int got_write_lock = 0;
+ BN_MONT_CTX *ret;
+
+ CRYPTO_r_lock(lock);
+- if (!*pmont)
++ ret = *pmont;
++ CRYPTO_r_unlock(lock);
++ if (ret)
++ return ret;
++
++ /* We don't want to serialise globally while doing our lazy-init math in
++ * BN_MONT_CTX_set. That punishes threads that are doing independent
++ * things. Instead, punish the case where more than one thread tries to
++ * lazy-init the same 'pmont', by having each do the lazy-init math work
++ * independently and only use the one from the thread that wins the race
++ * (the losers throw away the work they've done). */
++ ret = BN_MONT_CTX_new();
++ if (!ret)
++ return NULL;
++ if (!BN_MONT_CTX_set(ret, mod, ctx))
+ {
+- CRYPTO_r_unlock(lock);
+- CRYPTO_w_lock(lock);
+- got_write_lock = 1;
++ BN_MONT_CTX_free(ret);
++ return NULL;
++ }
+
+- if (!*pmont)
+- {
+- ret = BN_MONT_CTX_new();
+- if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
+- BN_MONT_CTX_free(ret);
+- else
+- *pmont = ret;
+- }
++ /* The locked compare-and-set, after the local work is done. */
++ CRYPTO_w_lock(lock);
++ if (*pmont)
++ {
++ BN_MONT_CTX_free(ret);
++ ret = *pmont;
+ }
+-
+- ret = *pmont;
+-
+- if (got_write_lock)
+- CRYPTO_w_unlock(lock);
+ else
+- CRYPTO_r_unlock(lock);
+-
++ *pmont = ret;
++ CRYPTO_w_unlock(lock);
+ return ret;
+ }
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c
+index ee7b87c..de83a15 100755
+--- a/Cryptlib/OpenSSL/crypto/bn/bn_word.c
++++ b/Cryptlib/OpenSSL/crypto/bn/bn_word.c
+@@ -144,26 +144,17 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
+ a->neg=!(a->neg);
+ return(i);
+ }
+- /* Only expand (and risk failing) if it's possibly necessary */
+- if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) &&
+- (bn_wexpand(a,a->top+1) == NULL))
+- return(0);
+- i=0;
+- for (;;)
++ for (i=0;w!=0 && i<a->top;i++)
+ {
+- if (i >= a->top)
+- l=w;
+- else
+- l=(a->d[i]+w)&BN_MASK2;
+- a->d[i]=l;
+- if (w > l)
+- w=1;
+- else
+- break;
+- i++;
++ a->d[i] = l = (a->d[i]+w)&BN_MASK2;
++ w = (w>l)?1:0;
+ }
+- if (i >= a->top)
++ if (w && i==a->top)
++ {
++ if (bn_wexpand(a,a->top+1) == NULL) return 0;
+ a->top++;
++ a->d[i]=w;
++ }
+ bn_check_top(a);
+ return(1);
+ }
+diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c
+index dd74ea8..dec3286 100755
+--- a/Cryptlib/OpenSSL/crypto/cryptlib.c
++++ b/Cryptlib/OpenSSL/crypto/cryptlib.c
+@@ -542,3 +542,19 @@ void OpenSSLDie(const char *file,int line,const char *assertion)
+ }
+
+ void *OPENSSL_stderr(void) { return stderr; }
++
++#ifndef OPENSSL_FIPS
++
++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
++ {
++ size_t i;
++ const unsigned char *a = in_a;
++ const unsigned char *b = in_b;
++ unsigned char x = 0;
++
++ for (i = 0; i < len; i++)
++ x |= a[i] ^ b[i];
++
++ return x;
++ }
++#endif
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c
+index 7dca5e4..6b570a3 100755
+--- a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c
++++ b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c
+@@ -208,9 +208,12 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG
+
+ /* Computes scalar*point and stores the result in r.
+ * point can not equal r.
+- * Uses algorithm 2P of
++ * Uses a modified algorithm 2P of
+ * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over
+ * GF(2^m) without precomputation".
++ *
++ * To protect against side-channel attack the function uses constant time
++ * swap avoiding conditional branches.
+ */
+ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+ const EC_POINT *point, BN_CTX *ctx)
+@@ -244,6 +247,11 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
+ x2 = &r->X;
+ z2 = &r->Y;
+
++ bn_wexpand(x1, group->field.top);
++ bn_wexpand(z1, group->field.top);
++ bn_wexpand(x2, group->field.top);
++ bn_wexpand(z2, group->field.top);
++
+ if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
+ if (!BN_one(z1)) goto err; /* z1 = 1 */
+ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
+@@ -266,16 +274,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
+ {
+ for (; j >= 0; j--)
+ {
+- if (scalar->d[i] & mask)
+- {
+- if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
+- if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
+- }
+- else
+- {
+- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
+- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
+- }
++ BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top);
++ BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top);
++ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
++ if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
++ BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top);
++ BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top);
+ mask >>= 1;
+ }
+ j = BN_BITS2 - 1;
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c
+index 522802c..6c933d2 100755
+--- a/Cryptlib/OpenSSL/crypto/ec/ec_key.c
++++ b/Cryptlib/OpenSSL/crypto/ec/ec_key.c
+@@ -435,18 +435,27 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
+ void *EC_KEY_get_key_method_data(EC_KEY *key,
+ void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
+ {
+- return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
++ void *ret;
++
++ CRYPTO_r_lock(CRYPTO_LOCK_EC);
++ ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
++ CRYPTO_r_unlock(CRYPTO_LOCK_EC);
++
++ return ret;
+ }
+
+-void EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
++void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
+ void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
+ {
+ EC_EXTRA_DATA *ex_data;
++
+ CRYPTO_w_lock(CRYPTO_LOCK_EC);
+ ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
+ if (ex_data == NULL)
+ EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func);
+ CRYPTO_w_unlock(CRYPTO_LOCK_EC);
++
++ return ex_data;
+ }
+
+ void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c
+index 5af8437..bbf2799 100755
+--- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c
++++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c
+@@ -480,10 +480,10 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
+ EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
+ return 1;
+- /* compare the curve name (if present) */
++ /* compare the curve name (if present in both) */
+ if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
+- EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b))
+- return 0;
++ EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
++ return 1;
+
+ if (!ctx)
+ ctx_new = ctx = BN_CTX_new();
+@@ -1061,12 +1061,12 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN
+ if (group->meth->point_cmp == 0)
+ {
+ ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+- return 0;
++ return -1;
+ }
+ if ((group->meth != a->meth) || (a->meth != b->meth))
+ {
+ ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
+- return 0;
++ return -1;
+ }
+ return group->meth->point_cmp(group, a, b, ctx);
+ }
+diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c
+index bf22234..f9ba5fb 100755
+--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c
++++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c
+@@ -205,8 +205,15 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
+ ecdh_data = (ECDH_DATA *)ecdh_data_new();
+ if (ecdh_data == NULL)
+ return NULL;
+- EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
+- ecdh_data_dup, ecdh_data_free, ecdh_data_free);
++ data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
++ ecdh_data_dup, ecdh_data_free, ecdh_data_free);
++ if (data != NULL)
++ {
++ /* Another thread raced us to install the key_method
++ * data and won. */
++ ecdh_data_free(ecdh_data);
++ ecdh_data = (ECDH_DATA *)data;
++ }
+ }
+ else
+ ecdh_data = (ECDH_DATA *)data;
+diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c
+index 2ebae3a..81082c9 100755
+--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c
++++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c
+@@ -188,8 +188,15 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
+ ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();
+ if (ecdsa_data == NULL)
+ return NULL;
+- EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
+- ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
++ data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
++ ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
++ if (data != NULL)
++ {
++ /* Another thread raced us to install the key_method
++ * data and won. */
++ ecdsa_data_free(ecdsa_data);
++ ecdsa_data = (ECDSA_DATA *)data;
++ }
+ }
+ else
+ ecdsa_data = (ECDSA_DATA *)data;
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c
+index f29c167..8a1b9c7 100755
+--- a/Cryptlib/OpenSSL/crypto/engine/eng_all.c
++++ b/Cryptlib/OpenSSL/crypto/engine/eng_all.c
+@@ -102,14 +102,14 @@ void ENGINE_load_builtin_engines(void)
+ #if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP)
+ ENGINE_load_gmp();
+ #endif
++#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
++ ENGINE_load_capi();
++#endif
+ #endif
+ #ifndef OPENSSL_NO_HW
+ #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+ ENGINE_load_cryptodev();
+ #endif
+-#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+- ENGINE_load_capi();
+-#endif
+ #endif
+ }
+
+diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c
+index 39796f7..0429389 100755
+--- a/Cryptlib/OpenSSL/crypto/err/err_all.c
++++ b/Cryptlib/OpenSSL/crypto/err/err_all.c
+@@ -104,7 +104,9 @@
+ #ifndef OPENSSL_NO_JPAKE
+ #include <openssl/jpake.h>
+ #endif
++#ifndef OPENSSL_NO_COMP
+ #include <openssl/comp.h>
++#endif
+
+ void ERR_load_crypto_strings(void)
+ {
+diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c
+index 72a2a67..16863fe 100755
+--- a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c
++++ b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c
+@@ -226,6 +226,7 @@ static int b64_read(BIO *b, char *out, int outl)
+ else if (ctx->start)
+ {
+ q=p=(unsigned char *)ctx->tmp;
++ num = 0;
+ for (j=0; j<i; j++)
+ {
+ if (*(q++) != '\n') continue;
+@@ -264,7 +265,7 @@ static int b64_read(BIO *b, char *out, int outl)
+ }
+
+ /* we fell off the end without starting */
+- if (j == i)
++ if ((j == i) && (num == 0))
+ {
+ /* Is this is one long chunk?, if so, keep on
+ * reading until a new line. */
+diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c
+index e8a5218..69f7cca 100755
+--- a/Cryptlib/OpenSSL/crypto/evp/encode.c
++++ b/Cryptlib/OpenSSL/crypto/evp/encode.c
+@@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+ v=EVP_DecodeBlock(out,d,n);
+ n=0;
+ if (v < 0) { rv=0; goto end; }
++ if (eof > v) { rv=-1; goto end; }
+ ret+=(v-eof);
+ }
+ else
+diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c
+index d767a90..c89fda5 100755
+--- a/Cryptlib/OpenSSL/crypto/o_init.c
++++ b/Cryptlib/OpenSSL/crypto/o_init.c
+@@ -93,4 +93,18 @@ void OPENSSL_init(void)
+ #endif
+ }
+
++#ifdef OPENSSL_FIPS
++
++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
++ {
++ size_t i;
++ const unsigned char *a = in_a;
++ const unsigned char *b = in_b;
++ unsigned char x = 0;
+
++ for (i = 0; i < len; i++)
++ x |= a[i] ^ b[i];
++
++ return x;
++ }
++#endif
+diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c
+index 4a0c387..f24080f 100755
+--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c
++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c
+@@ -91,9 +91,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+ {
+ EVP_PKEY *skey;
+ skey = X509_get_pubkey(signer);
+- ret = OCSP_BASICRESP_verify(bs, skey, 0);
+- EVP_PKEY_free(skey);
+- if(ret <= 0)
++ if (skey)
++ {
++ ret = OCSP_BASICRESP_verify(bs, skey, 0);
++ EVP_PKEY_free(skey);
++ }
++ if(!skey || ret <= 0)
+ {
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+ goto end;
+@@ -108,6 +111,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+ init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+ if(!init_res)
+ {
++ ret = -1;
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
+ goto end;
+ }
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c
+index 9522342..3ef3be1 100755
+--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c
++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c
+@@ -100,7 +100,11 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else
+ #endif
++#ifdef OPENSSL_NO_RC2
++ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
++#else
+ nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
++#endif
+ }
+ if (!nid_key)
+ nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+@@ -290,7 +294,11 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+ free_safes = 0;
+
+ if (nid_safe == 0)
++#ifdef OPENSSL_NO_RC2
++ nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
++#else
+ nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
++#endif
+
+ if (nid_safe == -1)
+ p7 = PKCS12_pack_p7data(bags);
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c
+index 5c4c6ec..bdbbbec 100755
+--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c
++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c
+@@ -261,7 +261,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+ int len, r;
+ unsigned char *data;
+ len = ASN1_STRING_to_UTF8(&data, fname);
+- if(len > 0) {
++ if(len >= 0) {
+ r = X509_alias_set1(x509, data, len);
+ OPENSSL_free(data);
+ if (!r)
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
+index b0ff89a..49b450d 100755
+--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
+@@ -290,8 +290,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+
+ bufsiz = 4096;
+ buf = OPENSSL_malloc (bufsiz);
+- if (buf == NULL) {
+- goto err;
++ if (buf == NULL) {
++ goto err;
+ }
+
+ /* We now have to 'read' from p7bio to calculate digests etc. */
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c
+index 546ae5f..b8e3edc 100755
+--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c
++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c
+@@ -143,7 +143,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+
+ EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
+
+- if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
++ if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+ goto decoding_err;
+ else
+ {
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
+index af12520..b87617a 100755
+--- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
++++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
+@@ -386,11 +386,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+
+ static int check_chain_extensions(X509_STORE_CTX *ctx)
+ {
+-#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)
+- /*
+- NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting
+- in Authenticode Signing Certificates.
+- */
++#ifdef OPENSSL_NO_CHAIN_VERIFY
+ return 1;
+ #else
+ int i, ok=0, must_be_ca, plen = 0;
+diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh
+index cb25ccd..95875e7 100755
+--- a/Cryptlib/OpenSSL/update.sh
++++ b/Cryptlib/OpenSSL/update.sh
+@@ -1,499 +1,501 @@
+ #/bin/sh
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/e_os.h e_os.h
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cryptlib.c crypto/cryptlib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dyn_lck.c crypto/dyn_lck.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem.c crypto/mem.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem_clr.c crypto/mem_clr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem_dbg.c crypto/mem_dbg.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cversion.c crypto/cversion.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ex_data.c crypto/ex_data.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cpt_err.c crypto/cpt_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ebcdic.c crypto/ebcdic.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/uid.c crypto/uid.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_time.c crypto/o_time.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_str.c crypto/o_str.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_dir.c crypto/o_dir.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_init.c crypto/o_init.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/fips_err.c crypto/fips_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md2/md2_one.c crypto/md2/md2_one.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md4/md4_one.c crypto/md4/md4_one.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md5/md5_one.c crypto/md5/md5_one.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha_one.c crypto/sha/sha_one.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha1_one.c crypto/sha/sha1_one.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha256.c crypto/sha/sha256.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha512.c crypto/sha/sha512.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/hmac/hmac.c crypto/hmac/hmac.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_lib.c crypto/des/des_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/set_key.c crypto/des/set_key.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ecb_enc.c crypto/des/ecb_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cbc_enc.c crypto/des/cbc_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb64enc.c crypto/des/cfb64enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb64ede.c crypto/des/cfb64ede.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb_enc.c crypto/des/cfb_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb64ede.c crypto/des/ofb64ede.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/enc_read.c crypto/des/enc_read.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/enc_writ.c crypto/des/enc_writ.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb64enc.c crypto/des/ofb64enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb_enc.c crypto/des/ofb_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/str2key.c crypto/des/str2key.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/qud_cksm.c crypto/des/qud_cksm.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/rand_key.c crypto/des/rand_key.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_enc.c crypto/des/des_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/fcrypt.c crypto/des/fcrypt.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/rpc_enc.c crypto/des/rpc_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_old.c crypto/des/des_old.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_old2.c crypto/des/des_old2.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/read2pwd.c crypto/des/read2pwd.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_cbc.c crypto/idea/i_cbc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_ecb.c crypto/idea/i_ecb.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_skey.c crypto/idea/i_skey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_skey.c crypto/bf/bf_skey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_enc.c crypto/bf/bf_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_skey.c crypto/cast/c_skey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_ecb.c crypto/cast/c_ecb.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_enc.c crypto/cast/c_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_misc.c crypto/aes/aes_misc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ige.c crypto/aes/aes_ige.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_core.c crypto/aes/aes_core.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_add.c crypto/bn/bn_add.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_div.c crypto/bn/bn_div.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_exp.c crypto/bn/bn_exp.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_lib.c crypto/bn/bn_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mul.c crypto/bn/bn_mul.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mod.c crypto/bn/bn_mod.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_print.c crypto/bn/bn_print.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_rand.c crypto/bn/bn_rand.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_shift.c crypto/bn/bn_shift.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_word.c crypto/bn/bn_word.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_blind.c crypto/bn/bn_blind.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_kron.c crypto/bn/bn_kron.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_prime.c crypto/bn/bn_prime.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_err.c crypto/bn/bn_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_asm.c crypto/bn/bn_asm.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_recp.c crypto/bn/bn_recp.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mont.c crypto/bn/bn_mont.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_nist.c crypto/bn/bn_nist.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_depr.c crypto/bn/bn_depr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_const.c crypto/bn/bn_const.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_opt.c crypto/bn/bn_opt.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_dl.c crypto/dso/dso_dl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_err.c crypto/dso/dso_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_lib.c crypto/dso/dso_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_null.c crypto/dso/dso_null.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_win32.c crypto/dso/dso_win32.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_vms.c crypto/dso/dso_vms.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_gen.c crypto/dh/dh_gen.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_key.c crypto/dh/dh_key.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_lib.c crypto/dh/dh_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_check.c crypto/dh/dh_check.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_err.c crypto/dh/dh_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_depr.c crypto/dh/dh_depr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_lib.c crypto/ec/ec_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_mult.c crypto/ec/ec_mult.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_err.c crypto/ec/ec_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_curve.c crypto/ec/ec_curve.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_check.c crypto/ec/ec_check.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_print.c crypto/ec/ec_print.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_key.c crypto/ec/ec_key.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buffer.c crypto/buffer/buffer.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buf_str.c crypto/buffer/buf_str.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buf_err.c crypto/buffer/buf_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_lib.c crypto/bio/bio_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_cb.c crypto/bio/bio_cb.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_err.c crypto/bio/bio_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_mem.c crypto/bio/bss_mem.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_null.c crypto/bio/bss_null.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_fd.c crypto/bio/bss_fd.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_file.c crypto/bio/bss_file.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_null.c crypto/bio/bf_null.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_buff.c crypto/bio/bf_buff.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/b_dump.c crypto/bio/b_dump.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_log.c crypto/bio/bss_log.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_bio.c crypto/bio/bss_bio.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/stack/stack.c crypto/stack/stack.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/lhash/lhash.c crypto/lhash/lhash.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/md_rand.c crypto/rand/md_rand.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/randfile.c crypto/rand/randfile.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_lib.c crypto/rand/rand_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_eng.c crypto/rand/rand_eng.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_err.c crypto/rand/rand_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_egd.c crypto/rand/rand_egd.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_win.c crypto/rand/rand_win.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_unix.c crypto/rand/rand_unix.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_os2.c crypto/rand/rand_os2.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_nw.c crypto/rand/rand_nw.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err.c crypto/err/err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_def.c crypto/err/err_def.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_all.c crypto/err/err_all.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_prn.c crypto/err/err_prn.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_str.c crypto/err/err_str.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_bio.c crypto/err/err_bio.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/o_names.c crypto/objects/o_names.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_dat.c crypto/objects/obj_dat.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_lib.c crypto/objects/obj_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_err.c crypto/objects/obj_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/encode.c crypto/evp/encode.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/digest.c crypto/evp/digest.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/dig_eng.c crypto/evp/dig_eng.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_enc.c crypto/evp/evp_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_key.c crypto/evp/evp_key.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_des.c crypto/evp/e_des.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_bf.c crypto/evp/e_bf.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_idea.c crypto/evp/e_idea.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_des3.c crypto/evp/e_des3.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc4.c crypto/evp/e_rc4.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_aes.c crypto/evp/e_aes.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/names.c crypto/evp/names.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc2.c crypto/evp/e_rc2.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_cast.c crypto/evp/e_cast.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc5.c crypto/evp/e_rc5.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/enc_min.c crypto/evp/enc_min.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_null.c crypto/evp/m_null.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md2.c crypto/evp/m_md2.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md4.c crypto/evp/m_md4.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md5.c crypto/evp/m_md5.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_sha.c crypto/evp/m_sha.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_sha1.c crypto/evp/m_sha1.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_dss.c crypto/evp/m_dss.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_dss1.c crypto/evp/m_dss1.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_open.c crypto/evp/p_open.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_seal.c crypto/evp/p_seal.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_sign.c crypto/evp/p_sign.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_verify.c crypto/evp/p_verify.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_lib.c crypto/evp/p_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_enc.c crypto/evp/p_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_dec.c crypto/evp/p_dec.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_md.c crypto/evp/bio_md.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_b64.c crypto/evp/bio_b64.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_enc.c crypto/evp/bio_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_err.c crypto/evp/evp_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_null.c crypto/evp/e_null.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_all.c crypto/evp/c_all.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_allc.c crypto/evp/c_allc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_alld.c crypto/evp/c_alld.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_lib.c crypto/evp/evp_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_ok.c crypto/evp/bio_ok.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_old.c crypto/evp/e_old.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_object.c crypto/asn1/a_object.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_time.c crypto/asn1/a_time.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_int.c crypto/asn1/a_int.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_octet.c crypto/asn1/a_octet.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_print.c crypto/asn1/a_print.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_type.c crypto/asn1/a_type.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_set.c crypto/asn1/a_set.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_dup.c crypto/asn1/a_dup.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_enum.c crypto/asn1/a_enum.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_sign.c crypto/asn1/a_sign.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_digest.c crypto/asn1/a_digest.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_verify.c crypto/asn1/a_verify.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_strex.c crypto/asn1/a_strex.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_algor.c crypto/asn1/x_algor.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_val.c crypto/asn1/x_val.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_sig.c crypto/asn1/x_sig.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_req.c crypto/asn1/x_req.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_long.c crypto/asn1/x_long.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_name.c crypto/asn1/x_name.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_x509.c crypto/asn1/x_x509.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_crl.c crypto/asn1/x_crl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_info.c crypto/asn1/x_info.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_spki.c crypto/asn1/x_spki.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/nsseq.c crypto/asn1/nsseq.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_req.c crypto/asn1/t_req.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_x509.c crypto/asn1/t_x509.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_crl.c crypto/asn1/t_crl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_spki.c crypto/asn1/t_spki.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_int.c crypto/asn1/f_int.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_string.c crypto/asn1/f_string.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_enum.c crypto/asn1/f_enum.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bool.c crypto/asn1/a_bool.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_exten.c crypto/asn1/x_exten.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_meth.c crypto/asn1/a_meth.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_sign.c crypto/pem/pem_sign.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_seal.c crypto/pem/pem_seal.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_info.c crypto/pem/pem_info.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_lib.c crypto/pem/pem_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_all.c crypto/pem/pem_all.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_err.c crypto/pem/pem_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_x509.c crypto/pem/pem_x509.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_oth.c crypto/pem/pem_oth.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_def.c crypto/x509/x509_def.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_d2.c crypto/x509/x509_d2.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_obj.c crypto/x509/x509_obj.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_req.c crypto/x509/x509_req.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509spki.c crypto/x509/x509spki.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_set.c crypto/x509/x509_set.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509cset.c crypto/x509/x509cset.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509rset.c crypto/x509/x509rset.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_err.c crypto/x509/x509_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509name.c crypto/x509/x509name.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_v3.c crypto/x509/x509_v3.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_ext.c crypto/x509/x509_ext.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_att.c crypto/x509/x509_att.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509type.c crypto/x509/x509type.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_lu.c crypto/x509/x509_lu.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x_all.c crypto/x509/x_all.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_txt.c crypto/x509/x509_txt.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_trs.c crypto/x509/x509_trs.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/by_file.c crypto/x509/by_file.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/by_dir.c crypto/x509/by_dir.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3err.c crypto/x509v3/v3err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_err.c crypto/conf/conf_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_lib.c crypto/conf/conf_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_api.c crypto/conf/conf_api.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_def.c crypto/conf/conf_def.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_mod.c crypto/conf/conf_mod.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_mall.c crypto/conf/conf_mall.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_sap.c crypto/conf/conf_sap.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/comp_lib.c crypto/comp/comp_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/comp_err.c crypto/comp/comp_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/c_rle.c crypto/comp/c_rle.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/c_zlib.c crypto/comp/c_zlib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_err.c crypto/engine/eng_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_lib.c crypto/engine/eng_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_list.c crypto/engine/eng_list.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_init.c crypto/engine/eng_init.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_table.c crypto/engine/eng_table.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_fat.c crypto/engine/eng_fat.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_all.c crypto/engine/eng_all.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_dh.c crypto/engine/tb_dh.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_rand.c crypto/engine/tb_rand.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_store.c crypto/engine/tb_store.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_digest.c crypto/engine/tb_digest.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_err.c crypto/ui/ui_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_lib.c crypto/ui/ui_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_util.c crypto/ui/ui_util.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_compat.c crypto/ui/ui_compat.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_err.c crypto/store/str_err.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_lib.c crypto/store/str_lib.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_meth.c crypto/store/str_meth.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_mem.c crypto/store/str_mem.c
+-install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c
++DIR=$1
++
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/e_os.h e_os.h
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cryptlib.c crypto/cryptlib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dyn_lck.c crypto/dyn_lck.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem.c crypto/mem.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_clr.c crypto/mem_clr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_dbg.c crypto/mem_dbg.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cversion.c crypto/cversion.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ex_data.c crypto/ex_data.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cpt_err.c crypto/cpt_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ebcdic.c crypto/ebcdic.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/uid.c crypto/uid.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_time.c crypto/o_time.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_str.c crypto/o_str.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_dir.c crypto/o_dir.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_init.c crypto/o_init.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/fips_err.c crypto/fips_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_one.c crypto/md2/md2_one.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_one.c crypto/md4/md4_one.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_one.c crypto/md5/md5_one.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_one.c crypto/sha/sha_one.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1_one.c crypto/sha/sha1_one.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha256.c crypto/sha/sha256.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha512.c crypto/sha/sha512.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/hmac/hmac.c crypto/hmac/hmac.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_lib.c crypto/des/des_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/set_key.c crypto/des/set_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb_enc.c crypto/des/ecb_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_enc.c crypto/des/cbc_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64enc.c crypto/des/cfb64enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64ede.c crypto/des/cfb64ede.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb_enc.c crypto/des/cfb_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64ede.c crypto/des/ofb64ede.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_read.c crypto/des/enc_read.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_writ.c crypto/des/enc_writ.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64enc.c crypto/des/ofb64enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb_enc.c crypto/des/ofb_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/str2key.c crypto/des/str2key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/qud_cksm.c crypto/des/qud_cksm.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rand_key.c crypto/des/rand_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_enc.c crypto/des/des_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt.c crypto/des/fcrypt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rpc_enc.c crypto/des/rpc_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old.c crypto/des/des_old.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old2.c crypto/des/des_old2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/read2pwd.c crypto/des/read2pwd.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cbc.c crypto/idea/i_cbc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ecb.c crypto/idea/i_ecb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_skey.c crypto/idea/i_skey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_skey.c crypto/bf/bf_skey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_enc.c crypto/bf/bf_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_skey.c crypto/cast/c_skey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ecb.c crypto/cast/c_ecb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_enc.c crypto/cast/c_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_misc.c crypto/aes/aes_misc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ige.c crypto/aes/aes_ige.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_core.c crypto/aes/aes_core.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_add.c crypto/bn/bn_add.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_div.c crypto/bn/bn_div.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp.c crypto/bn/bn_exp.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_lib.c crypto/bn/bn_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mul.c crypto/bn/bn_mul.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mod.c crypto/bn/bn_mod.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_print.c crypto/bn/bn_print.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_rand.c crypto/bn/bn_rand.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_shift.c crypto/bn/bn_shift.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_word.c crypto/bn/bn_word.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_blind.c crypto/bn/bn_blind.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_kron.c crypto/bn/bn_kron.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_prime.c crypto/bn/bn_prime.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_err.c crypto/bn/bn_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_asm.c crypto/bn/bn_asm.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_recp.c crypto/bn/bn_recp.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mont.c crypto/bn/bn_mont.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_nist.c crypto/bn/bn_nist.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_depr.c crypto/bn/bn_depr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_const.c crypto/bn/bn_const.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_opt.c crypto/bn/bn_opt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dl.c crypto/dso/dso_dl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_err.c crypto/dso/dso_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_lib.c crypto/dso/dso_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_null.c crypto/dso/dso_null.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_win32.c crypto/dso/dso_win32.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_vms.c crypto/dso/dso_vms.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_gen.c crypto/dh/dh_gen.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_key.c crypto/dh/dh_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_lib.c crypto/dh/dh_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_check.c crypto/dh/dh_check.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_err.c crypto/dh/dh_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_depr.c crypto/dh/dh_depr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_lib.c crypto/ec/ec_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_mult.c crypto/ec/ec_mult.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_err.c crypto/ec/ec_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_curve.c crypto/ec/ec_curve.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_check.c crypto/ec/ec_check.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_print.c crypto/ec/ec_print.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_key.c crypto/ec/ec_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buffer.c crypto/buffer/buffer.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_str.c crypto/buffer/buf_str.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_err.c crypto/buffer/buf_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_lib.c crypto/bio/bio_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_cb.c crypto/bio/bio_cb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_err.c crypto/bio/bio_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_mem.c crypto/bio/bss_mem.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_null.c crypto/bio/bss_null.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_fd.c crypto/bio/bss_fd.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_file.c crypto/bio/bss_file.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_null.c crypto/bio/bf_null.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_buff.c crypto/bio/bf_buff.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/b_dump.c crypto/bio/b_dump.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_log.c crypto/bio/bss_log.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_bio.c crypto/bio/bss_bio.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/stack/stack.c crypto/stack/stack.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lhash.c crypto/lhash/lhash.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/md_rand.c crypto/rand/md_rand.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/randfile.c crypto/rand/randfile.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_lib.c crypto/rand/rand_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_eng.c crypto/rand/rand_eng.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_err.c crypto/rand/rand_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_egd.c crypto/rand/rand_egd.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_win.c crypto/rand/rand_win.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_unix.c crypto/rand/rand_unix.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_os2.c crypto/rand/rand_os2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_nw.c crypto/rand/rand_nw.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err.c crypto/err/err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_def.c crypto/err/err_def.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_all.c crypto/err/err_all.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_prn.c crypto/err/err_prn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_str.c crypto/err/err_str.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_bio.c crypto/err/err_bio.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/o_names.c crypto/objects/o_names.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_dat.c crypto/objects/obj_dat.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_lib.c crypto/objects/obj_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_err.c crypto/objects/obj_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/encode.c crypto/evp/encode.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/digest.c crypto/evp/digest.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/dig_eng.c crypto/evp/dig_eng.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_enc.c crypto/evp/evp_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_key.c crypto/evp/evp_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des.c crypto/evp/e_des.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_bf.c crypto/evp/e_bf.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_idea.c crypto/evp/e_idea.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des3.c crypto/evp/e_des3.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc4.c crypto/evp/e_rc4.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_aes.c crypto/evp/e_aes.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/names.c crypto/evp/names.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc2.c crypto/evp/e_rc2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_cast.c crypto/evp/e_cast.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc5.c crypto/evp/e_rc5.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/enc_min.c crypto/evp/enc_min.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_null.c crypto/evp/m_null.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md2.c crypto/evp/m_md2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md4.c crypto/evp/m_md4.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md5.c crypto/evp/m_md5.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha.c crypto/evp/m_sha.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha1.c crypto/evp/m_sha1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss.c crypto/evp/m_dss.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss1.c crypto/evp/m_dss1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_open.c crypto/evp/p_open.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_seal.c crypto/evp/p_seal.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_sign.c crypto/evp/p_sign.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_verify.c crypto/evp/p_verify.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_lib.c crypto/evp/p_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_enc.c crypto/evp/p_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_dec.c crypto/evp/p_dec.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_md.c crypto/evp/bio_md.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_b64.c crypto/evp/bio_b64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_enc.c crypto/evp/bio_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_err.c crypto/evp/evp_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_null.c crypto/evp/e_null.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_all.c crypto/evp/c_all.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_allc.c crypto/evp/c_allc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_alld.c crypto/evp/c_alld.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_lib.c crypto/evp/evp_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_ok.c crypto/evp/bio_ok.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_old.c crypto/evp/e_old.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_object.c crypto/asn1/a_object.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_time.c crypto/asn1/a_time.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_int.c crypto/asn1/a_int.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_octet.c crypto/asn1/a_octet.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_print.c crypto/asn1/a_print.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_type.c crypto/asn1/a_type.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_set.c crypto/asn1/a_set.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_dup.c crypto/asn1/a_dup.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_enum.c crypto/asn1/a_enum.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_sign.c crypto/asn1/a_sign.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_digest.c crypto/asn1/a_digest.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_verify.c crypto/asn1/a_verify.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strex.c crypto/asn1/a_strex.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_algor.c crypto/asn1/x_algor.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_val.c crypto/asn1/x_val.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_sig.c crypto/asn1/x_sig.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_req.c crypto/asn1/x_req.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_long.c crypto/asn1/x_long.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_name.c crypto/asn1/x_name.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509.c crypto/asn1/x_x509.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_crl.c crypto/asn1/x_crl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_info.c crypto/asn1/x_info.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_spki.c crypto/asn1/x_spki.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/nsseq.c crypto/asn1/nsseq.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_req.c crypto/asn1/t_req.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509.c crypto/asn1/t_x509.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_crl.c crypto/asn1/t_crl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_spki.c crypto/asn1/t_spki.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_int.c crypto/asn1/f_int.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_string.c crypto/asn1/f_string.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_enum.c crypto/asn1/f_enum.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bool.c crypto/asn1/a_bool.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_exten.c crypto/asn1/x_exten.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_meth.c crypto/asn1/a_meth.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_sign.c crypto/pem/pem_sign.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_seal.c crypto/pem/pem_seal.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_info.c crypto/pem/pem_info.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_lib.c crypto/pem/pem_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_all.c crypto/pem/pem_all.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_err.c crypto/pem/pem_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_x509.c crypto/pem/pem_x509.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_oth.c crypto/pem/pem_oth.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_def.c crypto/x509/x509_def.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_d2.c crypto/x509/x509_d2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_obj.c crypto/x509/x509_obj.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_req.c crypto/x509/x509_req.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509spki.c crypto/x509/x509spki.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_set.c crypto/x509/x509_set.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509cset.c crypto/x509/x509cset.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509rset.c crypto/x509/x509rset.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_err.c crypto/x509/x509_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509name.c crypto/x509/x509name.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_v3.c crypto/x509/x509_v3.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_ext.c crypto/x509/x509_ext.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_att.c crypto/x509/x509_att.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509type.c crypto/x509/x509type.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_lu.c crypto/x509/x509_lu.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x_all.c crypto/x509/x_all.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_txt.c crypto/x509/x509_txt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_trs.c crypto/x509/x509_trs.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_file.c crypto/x509/by_file.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_dir.c crypto/x509/by_dir.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3err.c crypto/x509v3/v3err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_err.c crypto/conf/conf_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_lib.c crypto/conf/conf_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_api.c crypto/conf/conf_api.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_def.c crypto/conf/conf_def.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mod.c crypto/conf/conf_mod.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mall.c crypto/conf/conf_mall.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_sap.c crypto/conf/conf_sap.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_lib.c crypto/comp/comp_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_err.c crypto/comp/comp_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_rle.c crypto/comp/c_rle.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_zlib.c crypto/comp/c_zlib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_err.c crypto/engine/eng_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_lib.c crypto/engine/eng_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_list.c crypto/engine/eng_list.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_init.c crypto/engine/eng_init.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_table.c crypto/engine/eng_table.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_fat.c crypto/engine/eng_fat.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_all.c crypto/engine/eng_all.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dh.c crypto/engine/tb_dh.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rand.c crypto/engine/tb_rand.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_store.c crypto/engine/tb_store.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_digest.c crypto/engine/tb_digest.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_err.c crypto/ui/ui_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_lib.c crypto/ui/ui_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_util.c crypto/ui/ui_util.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_compat.c crypto/ui/ui_compat.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_err.c crypto/store/str_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_lib.c crypto/store/str_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_meth.c crypto/store/str_meth.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_mem.c crypto/store/str_mem.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c
+diff --git a/Cryptlib/Pk/CryptPkcs7Sign.c b/Cryptlib/Pk/CryptPkcs7Sign.c
+new file mode 100644
+index 0000000..63fe78f
+--- /dev/null
++++ b/Cryptlib/Pk/CryptPkcs7Sign.c
+@@ -0,0 +1,207 @@
++/** @file
++ PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
++
++Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
++This program and the accompanying materials
++are licensed and made available under the terms and conditions of the BSD License
++which accompanies this distribution. The full text of the license may be found at
++http://opensource.org/licenses/bsd-license.php
++
++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++
++**/
++
++#include "InternalCryptLib.h"
++
++#include <openssl/objects.h>
++#include <openssl/x509.h>
++#include <openssl/pkcs7.h>
++
++
++/**
++ Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
++ Syntax Standard, version 1.5". This interface is only intended to be used for
++ application to perform PKCS#7 functionality validation.
++
++ @param[in] PrivateKey Pointer to the PEM-formatted private key data for
++ data signing.
++ @param[in] PrivateKeySize Size of the PEM private key data in bytes.
++ @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
++ key data.
++ @param[in] InData Pointer to the content to be signed.
++ @param[in] InDataSize Size of InData in bytes.
++ @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
++ @param[in] OtherCerts Pointer to an optional additional set of certificates to
++ include in the PKCS#7 signedData (e.g. any intermediate
++ CAs in the chain).
++ @param[out] SignedData Pointer to output PKCS#7 signedData.
++ @param[out] SignedDataSize Size of SignedData in bytes.
++
++ @retval TRUE PKCS#7 data signing succeeded.
++ @retval FALSE PKCS#7 data signing failed.
++
++**/
++BOOLEAN
++EFIAPI
++Pkcs7Sign (
++ IN CONST UINT8 *PrivateKey,
++ IN UINTN PrivateKeySize,
++ IN CONST UINT8 *KeyPassword,
++ IN UINT8 *InData,
++ IN UINTN InDataSize,
++ IN UINT8 *SignCert,
++ IN UINT8 *OtherCerts OPTIONAL,
++ OUT UINT8 **SignedData,
++ OUT UINTN *SignedDataSize
++ )
++{
++ BOOLEAN Status;
++ EVP_PKEY *Key;
++ BIO *DataBio;
++ PKCS7 *Pkcs7;
++ UINT8 *RsaContext;
++ UINT8 *P7Data;
++ UINTN P7DataSize;
++ UINT8 *Tmp;
++
++ //
++ // Check input parameters.
++ //
++ if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||
++ SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {
++ return FALSE;
++ }
++
++ RsaContext = NULL;
++ Key = NULL;
++ Pkcs7 = NULL;
++ DataBio = NULL;
++ Status = FALSE;
++
++ //
++ // Retrieve RSA private key from PEM data.
++ //
++ Status = RsaGetPrivateKeyFromPem (
++ PrivateKey,
++ PrivateKeySize,
++ (CONST CHAR8 *) KeyPassword,
++ (VOID **) &RsaContext
++ );
++ if (!Status) {
++ return Status;
++ }
++
++ Status = FALSE;
++
++ //
++ // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling
++ //
++ if (EVP_add_digest (EVP_md5 ()) == 0) {
++ goto _Exit;
++ }
++ if (EVP_add_digest (EVP_sha1 ()) == 0) {
++ goto _Exit;
++ }
++ if (EVP_add_digest (EVP_sha256 ()) == 0) {
++ goto _Exit;
++ }
++
++ RandomSeed (NULL, 0);
++
++ //
++ // Construct OpenSSL EVP_PKEY for private key.
++ //
++ Key = EVP_PKEY_new ();
++ if (Key == NULL) {
++ goto _Exit;
++ }
++ Key->save_type = EVP_PKEY_RSA;
++ Key->type = EVP_PKEY_type (EVP_PKEY_RSA);
++ Key->pkey.rsa = (RSA *) RsaContext;
++
++ //
++ // Convert the data to be signed to BIO format.
++ //
++ DataBio = BIO_new (BIO_s_mem ());
++ if (DataBio == NULL) {
++ goto _Exit;
++ }
++
++ if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) {
++ goto _Exit;
++ }
++
++ //
++ // Create the PKCS#7 signedData structure.
++ //
++ Pkcs7 = PKCS7_sign (
++ (X509 *) SignCert,
++ Key,
++ (STACK_OF(X509) *) OtherCerts,
++ DataBio,
++ PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED
++ );
++ if (Pkcs7 == NULL) {
++ goto _Exit;
++ }
++
++ //
++ // Convert PKCS#7 signedData structure into DER-encoded buffer.
++ //
++ P7DataSize = i2d_PKCS7 (Pkcs7, NULL);
++ if (P7DataSize <= 19) {
++ goto _Exit;
++ }
++
++ P7Data = malloc (P7DataSize);
++ if (P7Data == NULL) {
++ goto _Exit;
++ }
++
++ Tmp = P7Data;
++ P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);
++ ASSERT (P7DataSize > 19);
++
++ //
++ // Strip ContentInfo to content only for signeddata. The data be trimmed off
++ // is totally 19 bytes.
++ //
++ *SignedDataSize = P7DataSize - 19;
++ *SignedData = malloc (*SignedDataSize);
++ if (*SignedData == NULL) {
++ OPENSSL_free (P7Data);
++ goto _Exit;
++ }
++
++ CopyMem (*SignedData, P7Data + 19, *SignedDataSize);
++
++ OPENSSL_free (P7Data);
++
++ Status = TRUE;
++
++_Exit:
++ //
++ // Release Resources
++ //
++ if (RsaContext != NULL) {
++ RsaFree (RsaContext);
++ if (Key != NULL) {
++ Key->pkey.rsa = NULL;
++ }
++ }
++
++ if (Key != NULL) {
++ EVP_PKEY_free (Key);
++ }
++
++ if (DataBio != NULL) {
++ BIO_free (DataBio);
++ }
++
++ if (Pkcs7 != NULL) {
++ PKCS7_free (Pkcs7);
++ }
++
++ return Status;
++}
+diff --git a/Cryptlib/Pk/CryptPkcs7SignNull.c b/Cryptlib/Pk/CryptPkcs7SignNull.c
+new file mode 100644
+index 0000000..539bb6b
+--- /dev/null
++++ b/Cryptlib/Pk/CryptPkcs7SignNull.c
+@@ -0,0 +1,59 @@
++/** @file
++ PKCS#7 SignedData Sign Wrapper Implementation which does not provide real
++ capabilities.
++
++Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
++This program and the accompanying materials
++are licensed and made available under the terms and conditions of the BSD License
++which accompanies this distribution. The full text of the license may be found at
++http://opensource.org/licenses/bsd-license.php
++
++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++
++**/
++
++#include "InternalCryptLib.h"
++
++/**
++ Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
++ Syntax Standard, version 1.5". This interface is only intended to be used for
++ application to perform PKCS#7 functionality validation.
++
++ Return FALSE to indicate this interface is not supported.
++
++ @param[in] PrivateKey Pointer to the PEM-formatted private key data for
++ data signing.
++ @param[in] PrivateKeySize Size of the PEM private key data in bytes.
++ @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
++ key data.
++ @param[in] InData Pointer to the content to be signed.
++ @param[in] InDataSize Size of InData in bytes.
++ @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
++ @param[in] OtherCerts Pointer to an optional additional set of certificates to
++ include in the PKCS#7 signedData (e.g. any intermediate
++ CAs in the chain).
++ @param[out] SignedData Pointer to output PKCS#7 signedData.
++ @param[out] SignedDataSize Size of SignedData in bytes.
++
++ @retval FALSE This interface is not supported.
++
++**/
++BOOLEAN
++EFIAPI
++Pkcs7Sign (
++ IN CONST UINT8 *PrivateKey,
++ IN UINTN PrivateKeySize,
++ IN CONST UINT8 *KeyPassword,
++ IN UINT8 *InData,
++ IN UINTN InDataSize,
++ IN UINT8 *SignCert,
++ IN UINT8 *OtherCerts OPTIONAL,
++ OUT UINT8 **SignedData,
++ OUT UINTN *SignedDataSize
++ )
++{
++ ASSERT (FALSE);
++ return FALSE;
++}
++
+diff --git a/Cryptlib/Pk/CryptPkcs7.c b/Cryptlib/Pk/CryptPkcs7Verify.c
+similarity index 74%
+rename from Cryptlib/Pk/CryptPkcs7.c
+rename to Cryptlib/Pk/CryptPkcs7Verify.c
+index 218e7ac..05c3f87 100644
+--- a/Cryptlib/Pk/CryptPkcs7.c
++++ b/Cryptlib/Pk/CryptPkcs7Verify.c
+@@ -10,7 +10,7 @@
+ WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
+ Variable and will do basic check for data structure.
+
+-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
++Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+@@ -25,6 +25,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+ #include <openssl/objects.h>
+ #include <openssl/x509.h>
++#include <openssl/x509v3.h>
+ #include <openssl/pkcs7.h>
+
+ UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
+@@ -111,182 +112,6 @@ X509VerifyCb (
+ }
+
+ /**
+- Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
+- Syntax Standard, version 1.5". This interface is only intended to be used for
+- application to perform PKCS#7 functionality validation.
+-
+- @param[in] PrivateKey Pointer to the PEM-formatted private key data for
+- data signing.
+- @param[in] PrivateKeySize Size of the PEM private key data in bytes.
+- @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
+- key data.
+- @param[in] InData Pointer to the content to be signed.
+- @param[in] InDataSize Size of InData in bytes.
+- @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
+- @param[in] OtherCerts Pointer to an optional additional set of certificates to
+- include in the PKCS#7 signedData (e.g. any intermediate
+- CAs in the chain).
+- @param[out] SignedData Pointer to output PKCS#7 signedData.
+- @param[out] SignedDataSize Size of SignedData in bytes.
+-
+- @retval TRUE PKCS#7 data signing succeeded.
+- @retval FALSE PKCS#7 data signing failed.
+-
+-**/
+-BOOLEAN
+-EFIAPI
+-Pkcs7Sign (
+- IN CONST UINT8 *PrivateKey,
+- IN UINTN PrivateKeySize,
+- IN CONST UINT8 *KeyPassword,
+- IN UINT8 *InData,
+- IN UINTN InDataSize,
+- IN UINT8 *SignCert,
+- IN UINT8 *OtherCerts OPTIONAL,
+- OUT UINT8 **SignedData,
+- OUT UINTN *SignedDataSize
+- )
+-{
+- BOOLEAN Status;
+- EVP_PKEY *Key;
+- BIO *DataBio;
+- PKCS7 *Pkcs7;
+- UINT8 *RsaContext;
+- UINT8 *P7Data;
+- UINTN P7DataSize;
+- UINT8 *Tmp;
+-
+- //
+- // Check input parameters.
+- //
+- if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||
+- SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {
+- return FALSE;
+- }
+-
+- RsaContext = NULL;
+- Key = NULL;
+- Pkcs7 = NULL;
+- DataBio = NULL;
+- Status = FALSE;
+-
+- //
+- // Retrieve RSA private key from PEM data.
+- //
+- Status = RsaGetPrivateKeyFromPem (
+- PrivateKey,
+- PrivateKeySize,
+- (CONST CHAR8 *) KeyPassword,
+- (VOID **) &RsaContext
+- );
+- if (!Status) {
+- return Status;
+- }
+-
+- //
+- // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling
+- //
+- EVP_add_digest (EVP_md5());
+- EVP_add_digest (EVP_sha1());
+- EVP_add_digest (EVP_sha256());
+- RandomSeed (NULL, 0);
+-
+- //
+- // Construct OpenSSL EVP_PKEY for private key.
+- //
+- Key = EVP_PKEY_new ();
+- if (Key == NULL) {
+- Status = FALSE;
+- goto _Exit;
+- }
+- Key->save_type = EVP_PKEY_RSA;
+- Key->type = EVP_PKEY_type (EVP_PKEY_RSA);
+- Key->pkey.rsa = (RSA *) RsaContext;
+-
+- //
+- // Convert the data to be signed to BIO format.
+- //
+- DataBio = BIO_new (BIO_s_mem ());
+- BIO_write (DataBio, InData, (int) InDataSize);
+-
+- //
+- // Create the PKCS#7 signedData structure.
+- //
+- Pkcs7 = PKCS7_sign (
+- (X509 *) SignCert,
+- Key,
+- (STACK_OF(X509) *) OtherCerts,
+- DataBio,
+- PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED
+- );
+- if (Pkcs7 == NULL) {
+- Status = FALSE;
+- goto _Exit;
+- }
+-
+- //
+- // Convert PKCS#7 signedData structure into DER-encoded buffer.
+- //
+- P7DataSize = i2d_PKCS7 (Pkcs7, NULL);
+- if (P7DataSize <= 19) {
+- Status = FALSE;
+- goto _Exit;
+- }
+-
+- P7Data = malloc (P7DataSize);
+- if (P7Data == NULL) {
+- Status = FALSE;
+- goto _Exit;
+- }
+-
+- Tmp = P7Data;
+- P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);
+-
+- //
+- // Strip ContentInfo to content only for signeddata. The data be trimmed off
+- // is totally 19 bytes.
+- //
+- *SignedDataSize = P7DataSize - 19;
+- *SignedData = malloc (*SignedDataSize);
+- if (*SignedData == NULL) {
+- Status = FALSE;
+- OPENSSL_free (P7Data);
+- goto _Exit;
+- }
+-
+- CopyMem (*SignedData, P7Data + 19, *SignedDataSize);
+-
+- OPENSSL_free (P7Data);
+-
+- Status = TRUE;
+-
+-_Exit:
+- //
+- // Release Resources
+- //
+- if (RsaContext != NULL) {
+- RsaFree (RsaContext);
+- if (Key != NULL) {
+- Key->pkey.rsa = NULL;
+- }
+- }
+-
+- if (Key != NULL) {
+- EVP_PKEY_free (Key);
+- }
+-
+- if (DataBio != NULL) {
+- BIO_free (DataBio);
+- }
+-
+- if (Pkcs7 != NULL) {
+- PKCS7_free (Pkcs7);
+- }
+-
+- return Status;
+-}
+-
+-/**
+ Check input P7Data is a wrapped ContentInfo structure or not. If not construct
+ a new structure to wrap P7Data.
+
+@@ -395,6 +220,91 @@ WrapPkcs7Data (
+ }
+
+ /**
++ Pop single certificate from STACK_OF(X509).
++
++ If X509Stack, Cert, or CertSize is NULL, then return FALSE.
++
++ @param[in] X509Stack Pointer to a X509 stack object.
++ @param[out] Cert Pointer to a X509 certificate.
++ @param[out] CertSize Length of output X509 certificate in bytes.
++
++ @retval TRUE The X509 stack pop succeeded.
++ @retval FALSE The pop operation failed.
++
++**/
++BOOLEAN
++X509PopCertificate (
++ IN VOID *X509Stack,
++ OUT UINT8 **Cert,
++ OUT UINTN *CertSize
++ )
++{
++ BIO *CertBio;
++ X509 *X509Cert;
++ STACK_OF(X509) *CertStack;
++ BOOLEAN Status;
++ INT32 Result;
++ INT32 Length;
++ VOID *Buffer;
++
++ Status = FALSE;
++
++ if ((X509Stack == NULL) || (Cert == NULL) || (CertSize == NULL)) {
++ return Status;
++ }
++
++ CertStack = (STACK_OF(X509) *) X509Stack;
++
++ X509Cert = sk_X509_pop (CertStack);
++
++ if (X509Cert == NULL) {
++ return Status;
++ }
++
++ Buffer = NULL;
++
++ CertBio = BIO_new (BIO_s_mem ());
++ if (CertBio == NULL) {
++ return Status;
++ }
++
++ Result = i2d_X509_bio (CertBio, X509Cert);
++ if (Result == 0) {
++ goto _Exit;
++ }
++
++ Length = ((BUF_MEM *) CertBio->ptr)->length;
++ if (Length <= 0) {
++ goto _Exit;
++ }
++
++ Buffer = malloc (Length);
++ if (Buffer == NULL) {
++ goto _Exit;
++ }
++
++ Result = BIO_read (CertBio, Buffer, Length);
++ if (Result != Length) {
++ goto _Exit;
++ }
++
++ *Cert = Buffer;
++ *CertSize = Length;
++
++ Status = TRUE;
++
++_Exit:
++
++ BIO_free (CertBio);
++
++ if (!Status && (Buffer != NULL)) {
++ free (Buffer);
++ }
++
++ return Status;
++}
++
++/**
+ Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped
+ in a ContentInfo structure.
+@@ -634,7 +544,6 @@ Pkcs7Verify (
+ )
+ {
+ PKCS7 *Pkcs7;
+- BIO *CertBio;
+ BIO *DataBio;
+ BOOLEAN Status;
+ X509 *Cert;
+@@ -653,7 +562,6 @@ Pkcs7Verify (
+ }
+
+ Pkcs7 = NULL;
+- CertBio = NULL;
+ DataBio = NULL;
+ Cert = NULL;
+ CertStore = NULL;
+@@ -661,10 +569,19 @@ Pkcs7Verify (
+ //
+ // Register & Initialize necessary digest algorithms for PKCS#7 Handling
+ //
+- EVP_add_digest (EVP_md5());
+- EVP_add_digest (EVP_sha1());
+- EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+- EVP_add_digest (EVP_sha256());
++ if (EVP_add_digest (EVP_md5 ()) == 0) {
++ return FALSE;
++ }
++ if (EVP_add_digest (EVP_sha1 ()) == 0) {
++ return FALSE;
++ }
++ if (EVP_add_digest (EVP_sha256 ()) == 0) {
++ return FALSE;
++ }
++ if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) {
++ return FALSE;
++ }
++
+
+ Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
+ if (!Status) {
+@@ -696,12 +613,7 @@ Pkcs7Verify (
+ //
+ // Read DER-encoded root certificate and Construct X509 Certificate
+ //
+- CertBio = BIO_new (BIO_s_mem ());
+- BIO_write (CertBio, TrustedCert, (int)CertLength);
+- if (CertBio == NULL) {
+- goto _Exit;
+- }
+- Cert = d2i_X509_bio (CertBio, NULL);
++ Cert = d2i_X509 (NULL, &TrustedCert, (long) CertLength);
+ if (Cert == NULL) {
+ goto _Exit;
+ }
+@@ -728,7 +640,20 @@ Pkcs7Verify (
+ // in PKCS#7 structure. So ignore NULL checking here.
+ //
+ DataBio = BIO_new (BIO_s_mem ());
+- BIO_write (DataBio, InData, (int)DataLength);
++ if (DataBio == NULL) {
++ goto _Exit;
++ }
++
++ if (BIO_write (DataBio, InData, (int) DataLength) <= 0) {
++ goto _Exit;
++ }
++
++ //
++ // OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and
++ // doesn't support the extended key usage for Authenticode Code Signing.
++ // Bypass the certificate purpose checking by enabling any purposes setting.
++ //
++ X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY);
+
+ //
+ // Verifies the PKCS#7 signedData structure
+@@ -740,7 +665,6 @@ _Exit:
+ // Release Resources
+ //
+ BIO_free (DataBio);
+- BIO_free (CertBio);
+ X509_free (Cert);
+ X509_STORE_free (CertStore);
+ PKCS7_free (Pkcs7);
+diff --git a/Cryptlib/Pk/CryptPkcs7VerifyNull.c b/Cryptlib/Pk/CryptPkcs7VerifyNull.c
+new file mode 100644
+index 0000000..9a4c77a
+--- /dev/null
++++ b/Cryptlib/Pk/CryptPkcs7VerifyNull.c
+@@ -0,0 +1,100 @@
++/** @file
++ PKCS#7 SignedData Verification Wrapper Implementation which does not provide
++ real capabilities.
++
++Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
++This program and the accompanying materials
++are licensed and made available under the terms and conditions of the BSD License
++which accompanies this distribution. The full text of the license may be found at
++http://opensource.org/licenses/bsd-license.php
++
++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++
++**/
++
++#include "InternalCryptLib.h"
++
++/**
++ Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
++ Cryptographic Message Syntax Standard". The input signed data could be wrapped
++ in a ContentInfo structure.
++
++ Return FALSE to indicate this interface is not supported.
++
++ @param[in] P7Data Pointer to the PKCS#7 message to verify.
++ @param[in] P7Length Length of the PKCS#7 message in bytes.
++ @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
++ It's caller's responsiblity to free the buffer.
++ @param[out] StackLength Length of signer's certificates in bytes.
++ @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
++ It's caller's responsiblity to free the buffer.
++ @param[out] CertLength Length of the trusted certificate in bytes.
++
++ @retval FALSE This interface is not supported.
++
++**/
++BOOLEAN
++EFIAPI
++Pkcs7GetSigners (
++ IN CONST UINT8 *P7Data,
++ IN UINTN P7Length,
++ OUT UINT8 **CertStack,
++ OUT UINTN *StackLength,
++ OUT UINT8 **TrustedCert,
++ OUT UINTN *CertLength
++ )
++{
++ ASSERT (FALSE);
++ return FALSE;
++}
++
++/**
++ Wrap function to use free() to free allocated memory for certificates.
++
++ If the interface is not supported, then ASSERT().
++
++ @param[in] Certs Pointer to the certificates to be freed.
++
++**/
++VOID
++EFIAPI
++Pkcs7FreeSigners (
++ IN UINT8 *Certs
++ )
++{
++ ASSERT (FALSE);
++}
++
++/**
++ Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
++ Cryptographic Message Syntax Standard". The input signed data could be wrapped
++ in a ContentInfo structure.
++
++ Return FALSE to indicate this interface is not supported.
++
++ @param[in] P7Data Pointer to the PKCS#7 message to verify.
++ @param[in] P7Length Length of the PKCS#7 message in bytes.
++ @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
++ is used for certificate chain verification.
++ @param[in] CertLength Length of the trusted certificate in bytes.
++ @param[in] InData Pointer to the content to be verified.
++ @param[in] DataLength Length of InData in bytes.
++
++ @retval FALSE This interface is not supported.
++
++**/
++BOOLEAN
++EFIAPI
++Pkcs7Verify (
++ IN CONST UINT8 *P7Data,
++ IN UINTN P7Length,
++ IN CONST UINT8 *TrustedCert,
++ IN UINTN CertLength,
++ IN CONST UINT8 *InData,
++ IN UINTN DataLength
++ )
++{
++ ASSERT (FALSE);
++ return FALSE;
++}
+diff --git a/Cryptlib/Pk/CryptRsaExtNull.c b/Cryptlib/Pk/CryptRsaExtNull.c
+new file mode 100644
+index 0000000..e44cdde
+--- /dev/null
++++ b/Cryptlib/Pk/CryptRsaExtNull.c
+@@ -0,0 +1,125 @@
++/** @file
++ RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
++
++ This file does not provide real capabilities for following APIs in RSA handling:
++ 1) RsaGetKey
++ 2) RsaGenerateKey
++ 3) RsaCheckKey
++ 4) RsaPkcs1Sign
++
++Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
++This program and the accompanying materials
++are licensed and made available under the terms and conditions of the BSD License
++which accompanies this distribution. The full text of the license may be found at
++http://opensource.org/licenses/bsd-license.php
++
++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++
++**/
++
++#include "InternalCryptLib.h"
++
++/**
++ Gets the tag-designated RSA key component from the established RSA context.
++
++ Return FALSE to indicate this interface is not supported.
++
++ @param[in, out] RsaContext Pointer to RSA context being set.
++ @param[in] KeyTag Tag of RSA key component being set.
++ @param[out] BigNumber Pointer to octet integer buffer.
++ @param[in, out] BnSize On input, the size of big number buffer in bytes.
++ On output, the size of data returned in big number buffer in bytes.
++
++ @retval FALSE This interface is not supported.
++
++**/
++BOOLEAN
++EFIAPI
++RsaGetKey (
++ IN OUT VOID *RsaContext,
++ IN RSA_KEY_TAG KeyTag,
++ OUT UINT8 *BigNumber,
++ IN OUT UINTN *BnSize
++ )
++{
++ ASSERT (FALSE);
++ return FALSE;
++}
++
++/**
++ Generates RSA key components.
++
++ Return FALSE to indicate this interface is not supported.
++
++ @param[in, out] RsaContext Pointer to RSA context being set.
++ @param[in] ModulusLength Length of RSA modulus N in bits.
++ @param[in] PublicExponent Pointer to RSA public exponent.
++ @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
++
++ @retval FALSE This interface is not supported.
++
++**/
++BOOLEAN
++EFIAPI
++RsaGenerateKey (
++ IN OUT VOID *RsaContext,
++ IN UINTN ModulusLength,
++ IN CONST UINT8 *PublicExponent,
++ IN UINTN PublicExponentSize
++ )
++{
++ ASSERT (FALSE);
++ return FALSE;
++}
++
++/**
++ Validates key components of RSA context.
++
++ Return FALSE to indicate this interface is not supported.
++
++ @param[in] RsaContext Pointer to RSA context to check.
++
++ @retval FALSE This interface is not supported.
++
++**/
++BOOLEAN
++EFIAPI
++RsaCheckKey (
++ IN VOID *RsaContext
++ )
++{
++ ASSERT (FALSE);
++ return FALSE;
++}
++
++/**
++ Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
++
++ Return FALSE to indicate this interface is not supported.
++
++ @param[in] RsaContext Pointer to RSA context for signature generation.
++ @param[in] MessageHash Pointer to octet message hash to be signed.
++ @param[in] HashSize Size of the message hash in bytes.
++ @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
++ @param[in, out] SigSize On input, the size of Signature buffer in bytes.
++ On output, the size of data returned in Signature buffer in bytes.
++
++ @retval FALSE This interface is not supported.
++
++**/
++BOOLEAN
++EFIAPI
++RsaPkcs1Sign (
++ IN VOID *RsaContext,
++ IN CONST UINT8 *MessageHash,
++ IN UINTN HashSize,
++ OUT UINT8 *Signature,
++ IN OUT UINTN *SigSize
++ )
++{
++ ASSERT (FALSE);
++ return FALSE;
++}
++
++
+diff --git a/Cryptlib/Rand/CryptRand.c b/Cryptlib/Rand/CryptRand.c
+index dc3ab99..895ce83 100644
+--- a/Cryptlib/Rand/CryptRand.c
++++ b/Cryptlib/Rand/CryptRand.c
+@@ -1,7 +1,7 @@
+ /** @file
+ Pseudorandom Number Generator Wrapper Implementation over OpenSSL.
+
+-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
++Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+@@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+ #include "InternalCryptLib.h"
+ #include <openssl/rand.h>
++#include <openssl/evp.h>
+
+ //
+ // Default seed for UEFI Crypto Library
+@@ -48,6 +49,14 @@ RandomSeed (
+ }
+
+ //
++ // The software PRNG implementation built in OpenSSL depends on message digest algorithm.
++ // Make sure SHA-1 digest algorithm is available here.
++ //
++ if (EVP_add_digest (EVP_sha1 ()) == 0) {
++ return FALSE;
++ }
++
++ //
+ // Seed the pseudorandom number generator with user-supplied value.
+ // NOTE: A cryptographic PRNG must be seeded with unpredictable data.
+ //
+diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh
+index 96bbece..57b6631 100755
+--- a/Cryptlib/update.sh
++++ b/Cryptlib/update.sh
+@@ -13,8 +13,13 @@ cp $DIR/Cipher/CryptAes.c Cipher/CryptAes.c
+ cp $DIR/Cipher/CryptTdes.c Cipher/CryptTdes.c
+ cp $DIR/Cipher/CryptArc4.c Cipher/CryptArc4.c
+ cp $DIR/Rand/CryptRand.c Rand/CryptRand.c
+-cp $DIR/Pk/CryptRsa.c Pk/CryptRsa.c
+-cp $DIR/Pk/CryptPkcs7.c Pk/CryptPkcs7.c
++cp $DIR/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c
++cp $DIR/Pk/CryptRsaExt.c Pk/CryptRsaExt.c
++cp $DIR/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c
++cp $DIR/Pk/CryptPkcs7Sign.c Pk/CryptPkcs7Sign.c
++cp $DIR/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c
++cp $DIR/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c
++cp $DIR/Pk/CryptPkcs7VerifyNull.c Pk/CryptPkcs7VerifyNull.c
+ cp $DIR/Pk/CryptDh.c Pk/CryptDh.c
+ cp $DIR/Pk/CryptX509.c Pk/CryptX509.c
+ cp $DIR/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c
+--
+1.9.3
+
diff --git a/SOURCES/0044-Replace-build-instructions-in-README-with-something-.patch b/SOURCES/0044-Replace-build-instructions-in-README-with-something-.patch
new file mode 100644
index 0000000..b2a0f0c
--- /dev/null
+++ b/SOURCES/0044-Replace-build-instructions-in-README-with-something-.patch
@@ -0,0 +1,27 @@
+From 81ee561dde0213bc487aa1b701799f6d2faeaf31 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 21 Jul 2014 16:15:07 -0400
+Subject: [PATCH 44/74] Replace build instructions in README with something not
+ completely wrong.
+
+These were really, really out of date.
+---
+ README | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/README b/README
+index 2977f2a..24a39df 100644
+--- a/README
++++ b/README
+@@ -12,5 +12,5 @@ in the shim.h header file and provides a single entry point. On 64-bit systems
+ this entry point expects to be called with SysV ABI rather than MSABI, and
+ so calls to it should not be wrapped.
+
+-To use shim, simply place a hex dump of the public certificate in cert.h
+-and build it with make.
+\ No newline at end of file
++To use shim, simply place a DER-encoded public certificate in a file such as
++pub.cer and build with "make VENDOR_CERT_FILE=pub.cer".
+--
+1.9.3
+
diff --git a/SOURCES/0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch b/SOURCES/0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch
new file mode 100644
index 0000000..8372361
--- /dev/null
+++ b/SOURCES/0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch
@@ -0,0 +1,37 @@
+From a30276e095c10be69b5282d01c20cf5daf3fa671 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Tue, 12 Aug 2014 15:33:18 +0200
+Subject: [PATCH 45/74] CryptLib: undefine va_arg and friends before redefining
+ them
+
+Upstream GNU-EFI contains changes to efistdarg.h resulting in the va_start,
+va_arg and va_end macros to be #defined unconditionally. Make sure we #undef
+them before overriding the definitions.
+
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+---
+ Cryptlib/Include/OpenSslSupport.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h
+index 5a2745d..9e56ced 100644
+--- a/Cryptlib/Include/OpenSslSupport.h
++++ b/Cryptlib/Include/OpenSslSupport.h
+@@ -35,6 +35,14 @@ typedef VOID *FILE;
+ // Map all va_xxxx elements to VA_xxx defined in MdePkg/Include/Base.h
+ //
+ #if !defined(__CC_ARM) // if va_list is not already defined
++/*
++ * These are now unconditionally #defined by GNU_EFI's efistdarg.h,
++ * so we should #undef them here before providing a new definition.
++ */
++#undef va_arg
++#undef va_start
++#undef va_end
++
+ #define va_list VA_LIST
+ #define va_arg VA_ARG
+ #define va_start VA_START
+--
+1.9.3
+
diff --git a/SOURCES/0046-unhook_system_services-bail-on-systab-NULL.patch b/SOURCES/0046-unhook_system_services-bail-on-systab-NULL.patch
new file mode 100644
index 0000000..3f0bb9d
--- /dev/null
+++ b/SOURCES/0046-unhook_system_services-bail-on-systab-NULL.patch
@@ -0,0 +1,30 @@
+From 77cdb40423e29a5f9d1318cd0ada874ee1916450 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Tue, 12 Aug 2014 15:33:19 +0200
+Subject: [PATCH 46/74] unhook_system_services: bail on systab == NULL
+
+Prevent unhook_system_services() from dereferencing a NULL systab, which
+may occur if hook_system_services() has never been called.
+
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+---
+ replacements.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/replacements.c b/replacements.c
+index 48dc437..5dfa355 100644
+--- a/replacements.c
++++ b/replacements.c
+@@ -70,6 +70,9 @@ static EFI_HANDLE last_loaded_image;
+ void
+ unhook_system_services(void)
+ {
++ if (!systab)
++ return;
++
+ systab->BootServices->Exit = system_exit;
+ systab->BootServices->LoadImage = system_load_image;
+ systab->BootServices->StartImage = system_start_image;
+--
+1.9.3
+
diff --git a/SOURCES/0047-Factor-out-x86-isms-and-add-cross-compile-support.patch b/SOURCES/0047-Factor-out-x86-isms-and-add-cross-compile-support.patch
new file mode 100644
index 0000000..7d178f3
--- /dev/null
+++ b/SOURCES/0047-Factor-out-x86-isms-and-add-cross-compile-support.patch
@@ -0,0 +1,235 @@
+From 99d7b5e858945b8bb160fe3fea77596b2daf07ff Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Tue, 12 Aug 2014 15:33:20 +0200
+Subject: [PATCH 47/74] Factor out x86-isms and add cross compile support
+
+This patch cleans up and refactors the Makefiles to better allow new
+architectures to be added:
+- remove unused Makefile definitions
+- import Makefile definitions from top level rather than redefining
+- move x86 specific CFLAGS to inside ifeq() blocks
+- remove x86 inline asm
+- allow $(FORMAT) to be overridden: this is necessary as there exists no
+ EFI or PE/COFF aware objcopy for ARM
+
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+---
+ Cryptlib/Makefile | 16 ++++++----------
+ Cryptlib/OpenSSL/Makefile | 15 ++++++---------
+ Makefile | 45 +++++++++++++++++++++++++++------------------
+ lib/Makefile | 14 ++++----------
+ netboot.c | 10 +---------
+ 5 files changed, 44 insertions(+), 56 deletions(-)
+
+diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
+index 678baac..73a1e2b 100644
+--- a/Cryptlib/Makefile
++++ b/Cryptlib/Makefile
+@@ -1,19 +1,15 @@
+-ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,)
+
+-EFI_INCLUDE = /usr/include/efi
+-EFI_INCLUDES = -nostdinc -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol
+-EFI_PATH = /usr/lib64/gnuefi
+-
+-LIB_GCC = $(shell $(CC) -print-libgcc-file-name)
+-EFI_LIBS = -lefi -lgnuefi $(LIB_GCC)
++EFI_INCLUDES = -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol
+
+ CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar \
+- -Wall $(EFI_INCLUDES) -mno-red-zone -maccumulate-outgoing-args -mno-sse -mno-mmx
++ -Wall $(EFI_INCLUDES)
++
+ ifeq ($(ARCH),x86_64)
+- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \
++ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
+ endif
+ ifeq ($(ARCH),ia32)
+- CFLAGS += -m32
++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32
+ endif
+ LDFLAGS = -nostdlib -znocombreloc
+
+diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile
+index 8e2f2a6..9097580 100644
+--- a/Cryptlib/OpenSSL/Makefile
++++ b/Cryptlib/OpenSSL/Makefile
+@@ -1,19 +1,16 @@
+-ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,)
+
+-EFI_INCLUDE = /usr/include/efi
+ EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol
+-EFI_PATH = /usr/lib64/gnuefi
+
+-LIB_GCC = $(shell $(CC) -print-libgcc-file-name)
+-EFI_LIBS = -lefi -lgnuefi $(LIB_GCC)
+-
+-CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \
++CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \
+ -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC
++
+ ifeq ($(ARCH),x86_64)
+- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG
++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \
++ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG
+ endif
+ ifeq ($(ARCH),ia32)
+- CFLAGS += -m32 -DTHIRTY_TWO_BIT
++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \
++ -m32 -DTHIRTY_TWO_BIT
+ endif
+ LDFLAGS = -nostdlib -znocombreloc
+
+diff --git a/Makefile b/Makefile
+index df190a2..f65bb3b 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,10 +1,14 @@
+-ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,)
++CC = $(CROSS_COMPILE)gcc
++LD = $(CROSS_COMPILE)ld
++OBJCOPY = $(CROSS_COMPILE)objcopy
++
++ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,)
+
+ SUBDIRS = Cryptlib lib
+
+ LIB_PATH = /usr/lib64
+
+-EFI_INCLUDE = /usr/include/efi
++EFI_INCLUDE := /usr/include/efi
+ EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude
+ EFI_PATH := /usr/lib64/gnuefi
+
+@@ -16,9 +20,7 @@ EFI_LDS = elf_$(ARCH)_efi.lds
+
+ DEFAULT_LOADER := \\\\grub.efi
+ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
+- -fshort-wchar -Wall -Wsign-compare -Werror \
+- -mno-red-zone -maccumulate-outgoing-args \
+- -mno-mmx -mno-sse -fno-builtin \
++ -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
+ "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
+ "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
+ $(EFI_INCLUDES)
+@@ -26,12 +28,15 @@ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
+ ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
+ CFLAGS += -DOVERRIDE_SECURITY_POLICY
+ endif
++
+ ifeq ($(ARCH),x86_64)
+- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \
++ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
+ endif
+ ifeq ($(ARCH),ia32)
+- CFLAGS += -m32
++ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32
+ endif
++
+ ifneq ($(origin VENDOR_CERT_FILE), undefined)
+ CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
+ endif
+@@ -95,26 +100,28 @@ MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a
+ $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
+
+ Cryptlib/libcryptlib.a:
+- $(MAKE) -C Cryptlib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH)
++ $(MAKE) -C Cryptlib
+
+ Cryptlib/OpenSSL/libopenssl.a:
+- $(MAKE) -C Cryptlib/OpenSSL EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH)
++ $(MAKE) -C Cryptlib/OpenSSL
+
+ lib/lib.a:
+- $(MAKE) -C lib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH)
++ $(MAKE) -C lib
++
++FORMAT ?= --target efi-app-$(ARCH)
+
+ %.efi: %.so
+- objcopy -j .text -j .sdata -j .data \
+- -j .dynamic -j .dynsym -j .rel \
+- -j .rela -j .reloc -j .eh_frame \
++ $(OBJCOPY) -j .text -j .sdata -j .data \
++ -j .dynamic -j .dynsym -j .rel* \
++ -j .rela* -j .reloc -j .eh_frame \
+ -j .vendor_cert \
+- --target=efi-app-$(ARCH) $^ $@
+- objcopy -j .text -j .sdata -j .data \
+- -j .dynamic -j .dynsym -j .rel \
+- -j .rela -j .reloc -j .eh_frame \
++ $(FORMAT) $^ $@
++ $(OBJCOPY) -j .text -j .sdata -j .data \
++ -j .dynamic -j .dynsym -j .rel* \
++ -j .rela* -j .reloc -j .eh_frame \
+ -j .debug_info -j .debug_abbrev -j .debug_aranges \
+ -j .debug_line -j .debug_str -j .debug_ranges \
+- --target=efi-app-$(ARCH) $^ $@.debug
++ $(FORMAT) $^ $@.debug
+
+ %.efi.signed: %.efi certdb/secmod.db
+ pesign -n certdb -i $< -c "shim" -s -o $@ -f
+@@ -151,3 +158,5 @@ archive: tag
+ @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
+ @rm -rf /tmp/shim-$(VERSION)
+ @echo "The archive is in shim-$(VERSION).tar.bz2"
++
++export ARCH CC LD OBJCOPY EFI_INCLUDE
+diff --git a/lib/Makefile b/lib/Makefile
+index a9c9cf6..ebd21a1 100644
+--- a/lib/Makefile
++++ b/lib/Makefile
+@@ -2,23 +2,17 @@ TARGET = lib.a
+
+ LIBFILES = simple_file.o guid.o console.o execute.o configtable.o shell.o variables.o security_policy.o
+
+-ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,)
+-
+-EFI_INCLUDE = /usr/include/efi
+ EFI_INCLUDES = -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I../include
+
+-EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o
+-EFI_LDS = $(EFI_PATH)/elf_$(ARCH)_efi.lds
+-
+ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
+- -fshort-wchar -Wall -mno-red-zone -DBUILD_EFI -fno-builtin \
+- -Werror \
++ -fshort-wchar -Wall -DBUILD_EFI -fno-builtin -Werror \
+ $(EFI_INCLUDES)
++
+ ifeq ($(ARCH),x86_64)
+- CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
++ CFLAGS += -mno-red-zone -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
+ endif
+ ifeq ($(ARCH),ia32)
+- CFLAGS += -m32
++ CFLAGS += -mno-red-zone -m32
+ endif
+
+ lib.a: $(LIBFILES)
+diff --git a/netboot.c b/netboot.c
+index 5ef53f7..238937d 100644
+--- a/netboot.c
++++ b/netboot.c
+@@ -40,15 +40,7 @@
+ #include "netboot.h"
+ #include "str.h"
+
+-static inline unsigned short int __swap16(unsigned short int x)
+-{
+- __asm__("xchgb %b0,%h0"
+- : "=q" (x)
+- : "0" (x));
+- return x;
+-}
+-
+-#define ntohs(x) __swap16(x)
++#define ntohs(x) __builtin_bswap16(x) /* supported both by GCC and clang */
+ #define htons(x) ntohs(x)
+
+ static EFI_PXE_BASE_CODE *pxe;
+--
+1.9.3
+
diff --git a/SOURCES/0048-Add-support-for-64-bit-ARM-AArch64.patch b/SOURCES/0048-Add-support-for-64-bit-ARM-AArch64.patch
new file mode 100644
index 0000000..838e655
--- /dev/null
+++ b/SOURCES/0048-Add-support-for-64-bit-ARM-AArch64.patch
@@ -0,0 +1,131 @@
+From 04cba93d64b5ffd3a05be82aacea5c2b2d0ea94c Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Tue, 12 Aug 2014 15:33:21 +0200
+Subject: [PATCH 48/74] Add support for 64-bit ARM (AArch64)
+
+This adds support for building the shim for a 64-bit ARM UEFI environment.
+
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+---
+ Cryptlib/OpenSSL/Makefile | 3 +++
+ Makefile | 10 ++++++++
+ elf_aarch64_efi.lds | 65 +++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 78 insertions(+)
+ create mode 100644 elf_aarch64_efi.lds
+
+diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile
+index 9097580..17b5695 100644
+--- a/Cryptlib/OpenSSL/Makefile
++++ b/Cryptlib/OpenSSL/Makefile
+@@ -12,6 +12,9 @@ ifeq ($(ARCH),ia32)
+ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \
+ -m32 -DTHIRTY_TWO_BIT
+ endif
++ifeq ($(ARCH),aarch64)
++ CFLAGS += -O2 -DSIXTY_FOUR_BIT_LONG -ffreestanding -I$(shell $(CC) -print-file-name=include)
++endif
+ LDFLAGS = -nostdlib -znocombreloc
+
+ TARGET = libopenssl.a
+diff --git a/Makefile b/Makefile
+index f65bb3b..3529b45 100644
+--- a/Makefile
++++ b/Makefile
+@@ -37,6 +37,10 @@ ifeq ($(ARCH),ia32)
+ CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32
+ endif
+
++ifeq ($(ARCH),aarch64)
++ CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include)
++endif
++
+ ifneq ($(origin VENDOR_CERT_FILE), undefined)
+ CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
+ endif
+@@ -108,6 +112,12 @@ Cryptlib/OpenSSL/libopenssl.a:
+ lib/lib.a:
+ $(MAKE) -C lib
+
++ifeq ($(ARCH),aarch64)
++FORMAT := -O binary
++SUBSYSTEM := 0xa
++LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
++endif
++
+ FORMAT ?= --target efi-app-$(ARCH)
+
+ %.efi: %.so
+diff --git a/elf_aarch64_efi.lds b/elf_aarch64_efi.lds
+new file mode 100644
+index 0000000..9c9a055
+--- /dev/null
++++ b/elf_aarch64_efi.lds
+@@ -0,0 +1,65 @@
++OUTPUT_FORMAT("elf64-littleaarch64", "elf64-littleaarch64", "elf64-littleaarch64")
++OUTPUT_ARCH(aarch64)
++ENTRY(_start)
++SECTIONS
++{
++ .text 0x0 : {
++ *(.text.head)
++ *(.text)
++ *(.text.*)
++ *(.gnu.linkonce.t.*)
++ *(.srodata)
++ *(.rodata*)
++ . = ALIGN(16);
++ _etext = .;
++ }
++ .dynamic : { *(.dynamic) }
++ .data :
++ {
++ *(.sdata)
++ *(.data)
++ *(.data1)
++ *(.data.*)
++ *(.got.plt)
++ *(.got)
++
++ /* the EFI loader doesn't seem to like a .bss section, so we stick
++ it all into .data: */
++ . = ALIGN(16);
++ _bss = .;
++ *(.sbss)
++ *(.scommon)
++ *(.dynbss)
++ *(.bss)
++ *(COMMON)
++ . = ALIGN(16);
++ _bss_end = .;
++ }
++
++ . = ALIGN(4096);
++ .vendor_cert :
++ {
++ *(.vendor_cert)
++ }
++ . = ALIGN(4096);
++
++ .rela.dyn : { *(.rela.dyn) }
++ .rela.plt : { *(.rela.plt) }
++ .rela.got : { *(.rela.got) }
++ .rela.data : { *(.rela.data) *(.rela.data*) }
++ _edata = .;
++ _data_size = . - _etext;
++
++ . = ALIGN(4096);
++ .dynsym : { *(.dynsym) }
++ . = ALIGN(4096);
++ .dynstr : { *(.dynstr) }
++ . = ALIGN(4096);
++ /DISCARD/ :
++ {
++ *(.rel.reloc)
++ *(.eh_frame)
++ *(.note.GNU-stack)
++ }
++ .comment 0 : { *(.comment) }
++}
+--
+1.9.3
+
diff --git a/SOURCES/0049-Add-support-for-32-bit-ARM.patch b/SOURCES/0049-Add-support-for-32-bit-ARM.patch
new file mode 100644
index 0000000..49d4975
--- /dev/null
+++ b/SOURCES/0049-Add-support-for-32-bit-ARM.patch
@@ -0,0 +1,209 @@
+From fa525bc4632e04346fae82a98ce23b31c6cfc86d Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Tue, 12 Aug 2014 15:33:22 +0200
+Subject: [PATCH 49/74] Add support for 32-bit ARM
+
+This adds support for building the shim for a 32-bit ARM UEFI environment.
+
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+---
+ Cryptlib/OpenSSL/Makefile | 3 +++
+ Makefile | 10 ++++++++
+ cert.S | 30 ++++++++++------------
+ elf_arm_efi.lds | 65 +++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 92 insertions(+), 16 deletions(-)
+ create mode 100644 elf_arm_efi.lds
+
+diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile
+index 17b5695..7990b3c 100644
+--- a/Cryptlib/OpenSSL/Makefile
++++ b/Cryptlib/OpenSSL/Makefile
+@@ -15,6 +15,9 @@ endif
+ ifeq ($(ARCH),aarch64)
+ CFLAGS += -O2 -DSIXTY_FOUR_BIT_LONG -ffreestanding -I$(shell $(CC) -print-file-name=include)
+ endif
++ifeq ($(ARCH),arm)
++ CFLAGS += -O2 -DTHIRTY_TWO_BIT -ffreestanding -I$(shell $(CC) -print-file-name=include)
++endif
+ LDFLAGS = -nostdlib -znocombreloc
+
+ TARGET = libopenssl.a
+diff --git a/Makefile b/Makefile
+index 3529b45..5bc513c 100644
+--- a/Makefile
++++ b/Makefile
+@@ -41,6 +41,10 @@ ifeq ($(ARCH),aarch64)
+ CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include)
+ endif
+
++ifeq ($(ARCH),arm)
++ CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include)
++endif
++
+ ifneq ($(origin VENDOR_CERT_FILE), undefined)
+ CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
+ endif
+@@ -118,6 +122,12 @@ SUBSYSTEM := 0xa
+ LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
+ endif
+
++ifeq ($(ARCH),arm)
++FORMAT := -O binary
++SUBSYSTEM := 0xa
++LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
++endif
++
+ FORMAT ?= --target efi-app-$(ARCH)
+
+ %.efi: %.so
+diff --git a/cert.S b/cert.S
+index 3cfd665..cfc4525 100644
+--- a/cert.S
++++ b/cert.S
+@@ -1,9 +1,7 @@
+ .globl cert_table
+- .data
+- .align 16
+- .type cert_table, @object
++ .type cert_table, %object
+ .size cert_table, 4
+- .section .vendor_cert, "a", @progbits
++ .section .vendor_cert, "a", %progbits
+ cert_table:
+ #if defined(VENDOR_CERT_FILE)
+ .long vendor_cert_priv_end - vendor_cert_priv
+@@ -20,48 +18,48 @@ cert_table:
+ #if defined(VENDOR_CERT_FILE)
+ .data
+ .align 1
+- .type vendor_cert_priv, @object
++ .type vendor_cert_priv, %object
+ .size vendor_cert_priv, vendor_cert_priv_end-vendor_cert_priv
+- .section .vendor_cert, "a", @progbits
++ .section .vendor_cert, "a", %progbits
+ vendor_cert_priv:
+ .incbin VENDOR_CERT_FILE
+ vendor_cert_priv_end:
+ #else
+ .bss
+- .type vendor_cert_priv, @object
++ .type vendor_cert_priv, %object
+ .size vendor_cert_priv, 1
+- .section .vendor_cert, "a", @progbits
++ .section .vendor_cert, "a", %progbits
+ vendor_cert_priv:
+ .zero 1
+
+ .data
+ .align 4
+- .type vendor_cert_size_priv, @object
++ .type vendor_cert_size_priv, %object
+ .size vendor_cert_size_priv, 4
+- .section .vendor_cert, "a", @progbits
++ .section .vendor_cert, "a", %progbits
+ vendor_cert_priv_end:
+ #endif
+ #if defined(VENDOR_DBX_FILE)
+ .data
+ .align 1
+- .type vendor_dbx_priv, @object
++ .type vendor_dbx_priv, %object
+ .size vendor_dbx_priv, vendor_dbx_priv_end-vendor_dbx_priv
+- .section .vendor_cert, "a", @progbits
++ .section .vendor_cert, "a", %progbits
+ vendor_dbx_priv:
+ .incbin VENDOR_DBX_FILE
+ vendor_dbx_priv_end:
+ #else
+ .bss
+- .type vendor_dbx_priv, @object
++ .type vendor_dbx_priv, %object
+ .size vendor_dbx_priv, 1
+- .section .vendor_cert, "a", @progbits
++ .section .vendor_cert, "a", %progbits
+ vendor_dbx_priv:
+ .zero 1
+
+ .data
+ .align 4
+- .type vendor_dbx_size_priv, @object
++ .type vendor_dbx_size_priv, %object
+ .size vendor_dbx_size_priv, 4
+- .section .vendor_cert, "a", @progbits
++ .section .vendor_cert, "a", %progbits
+ vendor_dbx_priv_end:
+ #endif
+diff --git a/elf_arm_efi.lds b/elf_arm_efi.lds
+new file mode 100644
+index 0000000..fd1075d
+--- /dev/null
++++ b/elf_arm_efi.lds
+@@ -0,0 +1,65 @@
++OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm")
++OUTPUT_ARCH(arm)
++ENTRY(_start)
++SECTIONS
++{
++ .text 0x0 : {
++ *(.text.head)
++ *(.text)
++ *(.text.*)
++ *(.gnu.linkonce.t.*)
++ *(.srodata)
++ *(.rodata*)
++ . = ALIGN(16);
++ _etext = .;
++ }
++ .dynamic : { *(.dynamic) }
++ .data :
++ {
++ *(.sdata)
++ *(.data)
++ *(.data1)
++ *(.data)
++ *(.got.plt)
++ *(.got)
++
++ /* the EFI loader doesn't seem to like a .bss section, so we stick
++ it all into .data: */
++ . = ALIGN(16);
++ _bss = .;
++ *(.sbss)
++ *(.scommon)
++ *(.dynbss)
++ *(.bss)
++ *(COMMON)
++ . = ALIGN(16);
++ _bss_end = .;
++ }
++
++ . = ALIGN(4096);
++ .vendor_cert :
++ {
++ *(.vendor_cert)
++ }
++ . = ALIGN(4096);
++
++ .rel.dyn : { *(.rel.dyn) }
++ .rel.plt : { *(.rel.plt) }
++ .rel.got : { *(.rel.got) }
++ .rel.data : { *(.rel.data) *(.rel.data*) }
++ _edata = .;
++ _data_size = . - _etext;
++
++ . = ALIGN(4096);
++ .dynsym : { *(.dynsym) }
++ . = ALIGN(4096);
++ .dynstr : { *(.dynstr) }
++ . = ALIGN(4096);
++ /DISCARD/ :
++ {
++ *(.rel.reloc)
++ *(.eh_frame)
++ *(.note.GNU-stack)
++ }
++ .comment 0 : { *(.comment) }
++}
+--
+1.9.3
+
diff --git a/SOURCES/0050-Update-openssl-to-0.9.8zb.patch b/SOURCES/0050-Update-openssl-to-0.9.8zb.patch
new file mode 100644
index 0000000..825c0e8
--- /dev/null
+++ b/SOURCES/0050-Update-openssl-to-0.9.8zb.patch
@@ -0,0 +1,4231 @@
+From 21f96e586351fc8b535353f2dea7c784e931d14a Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Tue, 19 Aug 2014 12:15:00 +0800
+Subject: [PATCH 50/74] Update openssl to 0.9.8zb
+
+Also update to Tiano Cryptlib r15802 and remove the execute mode
+bits from the C and header files of openssl
+---
+ Cryptlib/OpenSSL/crypto/aes/aes_cbc.c | 0
+ Cryptlib/OpenSSL/crypto/aes/aes_cfb.c | 0
+ Cryptlib/OpenSSL/crypto/aes/aes_core.c | 0
+ Cryptlib/OpenSSL/crypto/aes/aes_ctr.c | 0
+ Cryptlib/OpenSSL/crypto/aes/aes_ecb.c | 0
+ Cryptlib/OpenSSL/crypto/aes/aes_ige.c | 0
+ Cryptlib/OpenSSL/crypto/aes/aes_misc.c | 0
+ Cryptlib/OpenSSL/crypto/aes/aes_ofb.c | 0
+ Cryptlib/OpenSSL/crypto/aes/aes_wrap.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_bool.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_bytes.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_digest.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_dup.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_enum.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_gentm.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_hdr.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_int.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_meth.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_object.c | 30 +-
+ Cryptlib/OpenSSL/crypto/asn1/a_octet.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_print.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_set.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_sign.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_time.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_type.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_utctm.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_utf8.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/asn1_err.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c | 3 +
+ Cryptlib/OpenSSL/crypto/asn1/asn1_par.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/asn_mime.c | 2 +
+ Cryptlib/OpenSSL/crypto/asn1/asn_moid.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/asn_pack.c | 12 +-
+ Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c | 6 +-
+ Cryptlib/OpenSSL/crypto/asn1/f_enum.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/f_int.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/f_string.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/n_pkey.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/nsseq.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/t_bitst.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/t_crl.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/t_req.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/t_spki.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/t_x509.c | 2 +
+ Cryptlib/OpenSSL/crypto/asn1/t_x509a.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c | 7 +-
+ Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/tasn_new.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_algor.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_attrib.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_bignum.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_crl.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_exten.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_info.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_long.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_name.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_pkey.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_req.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_sig.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_spki.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_val.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_x509.c | 0
+ Cryptlib/OpenSSL/crypto/asn1/x_x509a.c | 0
+ Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c | 0
+ Cryptlib/OpenSSL/crypto/bf/bf_ecb.c | 0
+ Cryptlib/OpenSSL/crypto/bf/bf_enc.c | 0
+ Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c | 0
+ Cryptlib/OpenSSL/crypto/bf/bf_skey.c | 0
+ Cryptlib/OpenSSL/crypto/bio/b_dump.c | 0
+ Cryptlib/OpenSSL/crypto/bio/bf_buff.c | 0
+ Cryptlib/OpenSSL/crypto/bio/bf_nbio.c | 0
+ Cryptlib/OpenSSL/crypto/bio/bf_null.c | 0
+ Cryptlib/OpenSSL/crypto/bio/bio_cb.c | 0
+ Cryptlib/OpenSSL/crypto/bio/bio_err.c | 0
+ Cryptlib/OpenSSL/crypto/bio/bio_lib.c | 4 +-
+ Cryptlib/OpenSSL/crypto/bio/bss_bio.c | 0
+ Cryptlib/OpenSSL/crypto/bio/bss_dgram.c | 0
+ Cryptlib/OpenSSL/crypto/bio/bss_fd.c | 0
+ Cryptlib/OpenSSL/crypto/bio/bss_file.c | 0
+ Cryptlib/OpenSSL/crypto/bio/bss_log.c | 0
+ Cryptlib/OpenSSL/crypto/bio/bss_mem.c | 0
+ Cryptlib/OpenSSL/crypto/bio/bss_null.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_add.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_asm.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_blind.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_const.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_ctx.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_depr.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_div.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_err.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_exp.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_exp2.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_gcd.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c | 51 ++
+ Cryptlib/OpenSSL/crypto/bn/bn_kron.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 61 +-
+ Cryptlib/OpenSSL/crypto/bn/bn_mod.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_mpi.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_mul.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_nist.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_opt.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_prime.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_print.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_rand.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_recp.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_shift.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_sqr.c | 1 +
+ Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_word.c | 0
+ Cryptlib/OpenSSL/crypto/bn/bn_x931p.c | 0
+ Cryptlib/OpenSSL/crypto/buffer/buf_err.c | 0
+ Cryptlib/OpenSSL/crypto/buffer/buf_str.c | 0
+ Cryptlib/OpenSSL/crypto/buffer/buffer.c | 0
+ Cryptlib/OpenSSL/crypto/cast/c_cfb64.c | 0
+ Cryptlib/OpenSSL/crypto/cast/c_ecb.c | 0
+ Cryptlib/OpenSSL/crypto/cast/c_enc.c | 0
+ Cryptlib/OpenSSL/crypto/cast/c_ofb64.c | 0
+ Cryptlib/OpenSSL/crypto/cast/c_skey.c | 0
+ Cryptlib/OpenSSL/crypto/comp/c_rle.c | 0
+ Cryptlib/OpenSSL/crypto/comp/c_zlib.c | 0
+ Cryptlib/OpenSSL/crypto/comp/comp_err.c | 0
+ Cryptlib/OpenSSL/crypto/comp/comp_lib.c | 0
+ Cryptlib/OpenSSL/crypto/conf/conf_api.c | 2 +-
+ Cryptlib/OpenSSL/crypto/conf/conf_def.c | 2 +-
+ Cryptlib/OpenSSL/crypto/conf/conf_err.c | 0
+ Cryptlib/OpenSSL/crypto/conf/conf_lib.c | 0
+ Cryptlib/OpenSSL/crypto/conf/conf_mall.c | 0
+ Cryptlib/OpenSSL/crypto/conf/conf_mod.c | 0
+ Cryptlib/OpenSSL/crypto/conf/conf_sap.c | 0
+ Cryptlib/OpenSSL/crypto/cpt_err.c | 0
+ Cryptlib/OpenSSL/crypto/cryptlib.c | 0
+ Cryptlib/OpenSSL/crypto/cversion.c | 0
+ Cryptlib/OpenSSL/crypto/des/cbc_cksm.c | 0
+ Cryptlib/OpenSSL/crypto/des/cbc_enc.c | 0
+ Cryptlib/OpenSSL/crypto/des/cfb64ede.c | 0
+ Cryptlib/OpenSSL/crypto/des/cfb64enc.c | 0
+ Cryptlib/OpenSSL/crypto/des/cfb_enc.c | 0
+ Cryptlib/OpenSSL/crypto/des/des_enc.c | 0
+ Cryptlib/OpenSSL/crypto/des/des_lib.c | 0
+ Cryptlib/OpenSSL/crypto/des/des_old.c | 0
+ Cryptlib/OpenSSL/crypto/des/des_old2.c | 0
+ Cryptlib/OpenSSL/crypto/des/ecb3_enc.c | 0
+ Cryptlib/OpenSSL/crypto/des/ecb_enc.c | 0
+ Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c | 0
+ Cryptlib/OpenSSL/crypto/des/enc_read.c | 0
+ Cryptlib/OpenSSL/crypto/des/enc_writ.c | 0
+ Cryptlib/OpenSSL/crypto/des/fcrypt.c | 0
+ Cryptlib/OpenSSL/crypto/des/fcrypt_b.c | 0
+ Cryptlib/OpenSSL/crypto/des/ofb64ede.c | 0
+ Cryptlib/OpenSSL/crypto/des/ofb64enc.c | 0
+ Cryptlib/OpenSSL/crypto/des/ofb_enc.c | 0
+ Cryptlib/OpenSSL/crypto/des/pcbc_enc.c | 0
+ Cryptlib/OpenSSL/crypto/des/qud_cksm.c | 0
+ Cryptlib/OpenSSL/crypto/des/rand_key.c | 0
+ Cryptlib/OpenSSL/crypto/des/read2pwd.c | 0
+ Cryptlib/OpenSSL/crypto/des/rpc_enc.c | 0
+ Cryptlib/OpenSSL/crypto/des/set_key.c | 0
+ Cryptlib/OpenSSL/crypto/des/str2key.c | 0
+ Cryptlib/OpenSSL/crypto/des/xcbc_enc.c | 0
+ Cryptlib/OpenSSL/crypto/dh/dh_asn1.c | 0
+ Cryptlib/OpenSSL/crypto/dh/dh_check.c | 0
+ Cryptlib/OpenSSL/crypto/dh/dh_depr.c | 0
+ Cryptlib/OpenSSL/crypto/dh/dh_err.c | 0
+ Cryptlib/OpenSSL/crypto/dh/dh_gen.c | 0
+ Cryptlib/OpenSSL/crypto/dh/dh_key.c | 0
+ Cryptlib/OpenSSL/crypto/dh/dh_lib.c | 0
+ Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c | 0
+ Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c | 0
+ Cryptlib/OpenSSL/crypto/dsa/dsa_err.c | 0
+ Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c | 0
+ Cryptlib/OpenSSL/crypto/dsa/dsa_key.c | 0
+ Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c | 0
+ Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c | 0
+ Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c | 0
+ Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c | 0
+ Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c | 0
+ Cryptlib/OpenSSL/crypto/dso/dso_dl.c | 0
+ Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c | 0
+ Cryptlib/OpenSSL/crypto/dso/dso_err.c | 0
+ Cryptlib/OpenSSL/crypto/dso/dso_lib.c | 0
+ Cryptlib/OpenSSL/crypto/dso/dso_null.c | 0
+ Cryptlib/OpenSSL/crypto/dso/dso_openssl.c | 0
+ Cryptlib/OpenSSL/crypto/dso/dso_vms.c | 0
+ Cryptlib/OpenSSL/crypto/dso/dso_win32.c | 0
+ Cryptlib/OpenSSL/crypto/dyn_lck.c | 0
+ Cryptlib/OpenSSL/crypto/ebcdic.c | 0
+ Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 0
+ Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c | 0
+ Cryptlib/OpenSSL/crypto/ec/ec_asn1.c | 0
+ Cryptlib/OpenSSL/crypto/ec/ec_check.c | 0
+ Cryptlib/OpenSSL/crypto/ec/ec_curve.c | 0
+ Cryptlib/OpenSSL/crypto/ec/ec_cvt.c | 0
+ Cryptlib/OpenSSL/crypto/ec/ec_err.c | 0
+ Cryptlib/OpenSSL/crypto/ec/ec_key.c | 0
+ Cryptlib/OpenSSL/crypto/ec/ec_lib.c | 2 +-
+ Cryptlib/OpenSSL/crypto/ec/ec_mult.c | 0
+ Cryptlib/OpenSSL/crypto/ec/ec_print.c | 0
+ Cryptlib/OpenSSL/crypto/ec/ecp_mont.c | 0
+ Cryptlib/OpenSSL/crypto/ec/ecp_nist.c | 0
+ Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c | 174 ++---
+ Cryptlib/OpenSSL/crypto/ecdh/ech_err.c | 0
+ Cryptlib/OpenSSL/crypto/ecdh/ech_key.c | 0
+ Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c | 0
+ Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c | 0
+ Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c | 0
+ Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c | 0
+ Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c | 0
+ Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c | 0
+ Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c | 0
+ Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c | 0
+ Cryptlib/OpenSSL/crypto/engine/eng_all.c | 0
+ Cryptlib/OpenSSL/crypto/engine/eng_cnf.c | 0
+ Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c | 0
+ Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c | 0
+ Cryptlib/OpenSSL/crypto/engine/eng_dyn.c | 0
+ Cryptlib/OpenSSL/crypto/engine/eng_err.c | 0
+ Cryptlib/OpenSSL/crypto/engine/eng_fat.c | 0
+ Cryptlib/OpenSSL/crypto/engine/eng_init.c | 0
+ Cryptlib/OpenSSL/crypto/engine/eng_lib.c | 0
+ Cryptlib/OpenSSL/crypto/engine/eng_list.c | 0
+ Cryptlib/OpenSSL/crypto/engine/eng_openssl.c | 0
+ Cryptlib/OpenSSL/crypto/engine/eng_padlock.c | 0
+ Cryptlib/OpenSSL/crypto/engine/eng_pkey.c | 0
+ Cryptlib/OpenSSL/crypto/engine/eng_table.c | 0
+ Cryptlib/OpenSSL/crypto/engine/tb_cipher.c | 0
+ Cryptlib/OpenSSL/crypto/engine/tb_dh.c | 0
+ Cryptlib/OpenSSL/crypto/engine/tb_digest.c | 0
+ Cryptlib/OpenSSL/crypto/engine/tb_dsa.c | 0
+ Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c | 0
+ Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c | 0
+ Cryptlib/OpenSSL/crypto/engine/tb_rand.c | 0
+ Cryptlib/OpenSSL/crypto/engine/tb_rsa.c | 0
+ Cryptlib/OpenSSL/crypto/engine/tb_store.c | 0
+ Cryptlib/OpenSSL/crypto/err/err.c | 0
+ Cryptlib/OpenSSL/crypto/err/err_all.c | 0
+ Cryptlib/OpenSSL/crypto/err/err_bio.c | 0
+ Cryptlib/OpenSSL/crypto/err/err_def.c | 0
+ Cryptlib/OpenSSL/crypto/err/err_prn.c | 0
+ Cryptlib/OpenSSL/crypto/err/err_str.c | 0
+ Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 0
+ Cryptlib/OpenSSL/crypto/evp/bio_enc.c | 0
+ Cryptlib/OpenSSL/crypto/evp/bio_md.c | 0
+ Cryptlib/OpenSSL/crypto/evp/bio_ok.c | 0
+ Cryptlib/OpenSSL/crypto/evp/c_all.c | 0
+ Cryptlib/OpenSSL/crypto/evp/c_allc.c | 0
+ Cryptlib/OpenSSL/crypto/evp/c_alld.c | 0
+ Cryptlib/OpenSSL/crypto/evp/dig_eng.c | 0
+ Cryptlib/OpenSSL/crypto/evp/digest.c | 0
+ Cryptlib/OpenSSL/crypto/evp/e_aes.c | 0
+ Cryptlib/OpenSSL/crypto/evp/e_bf.c | 0
+ Cryptlib/OpenSSL/crypto/evp/e_cast.c | 0
+ Cryptlib/OpenSSL/crypto/evp/e_des.c | 0
+ Cryptlib/OpenSSL/crypto/evp/e_des3.c | 0
+ Cryptlib/OpenSSL/crypto/evp/e_idea.c | 0
+ Cryptlib/OpenSSL/crypto/evp/e_null.c | 0
+ Cryptlib/OpenSSL/crypto/evp/e_old.c | 0
+ Cryptlib/OpenSSL/crypto/evp/e_rc2.c | 0
+ Cryptlib/OpenSSL/crypto/evp/e_rc4.c | 0
+ Cryptlib/OpenSSL/crypto/evp/e_rc5.c | 0
+ Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c | 0
+ Cryptlib/OpenSSL/crypto/evp/enc_min.c | 0
+ Cryptlib/OpenSSL/crypto/evp/encode.c | 0
+ Cryptlib/OpenSSL/crypto/evp/evp_acnf.c | 0
+ Cryptlib/OpenSSL/crypto/evp/evp_cnf.c | 0
+ Cryptlib/OpenSSL/crypto/evp/evp_enc.c | 0
+ Cryptlib/OpenSSL/crypto/evp/evp_err.c | 0
+ Cryptlib/OpenSSL/crypto/evp/evp_key.c | 0
+ Cryptlib/OpenSSL/crypto/evp/evp_lib.c | 0
+ Cryptlib/OpenSSL/crypto/evp/evp_pbe.c | 0
+ Cryptlib/OpenSSL/crypto/evp/evp_pkey.c | 0
+ Cryptlib/OpenSSL/crypto/evp/m_dss.c | 0
+ Cryptlib/OpenSSL/crypto/evp/m_dss1.c | 0
+ Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c | 0
+ Cryptlib/OpenSSL/crypto/evp/m_md2.c | 0
+ Cryptlib/OpenSSL/crypto/evp/m_md4.c | 0
+ Cryptlib/OpenSSL/crypto/evp/m_md5.c | 0
+ Cryptlib/OpenSSL/crypto/evp/m_null.c | 0
+ Cryptlib/OpenSSL/crypto/evp/m_ripemd.c | 0
+ Cryptlib/OpenSSL/crypto/evp/m_sha.c | 0
+ Cryptlib/OpenSSL/crypto/evp/m_sha1.c | 0
+ Cryptlib/OpenSSL/crypto/evp/names.c | 0
+ Cryptlib/OpenSSL/crypto/evp/p5_crpt.c | 0
+ Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c | 0
+ Cryptlib/OpenSSL/crypto/evp/p_dec.c | 0
+ Cryptlib/OpenSSL/crypto/evp/p_enc.c | 0
+ Cryptlib/OpenSSL/crypto/evp/p_lib.c | 0
+ Cryptlib/OpenSSL/crypto/evp/p_open.c | 0
+ Cryptlib/OpenSSL/crypto/evp/p_seal.c | 0
+ Cryptlib/OpenSSL/crypto/evp/p_sign.c | 0
+ Cryptlib/OpenSSL/crypto/evp/p_verify.c | 0
+ Cryptlib/OpenSSL/crypto/ex_data.c | 0
+ Cryptlib/OpenSSL/crypto/fips_err.c | 0
+ Cryptlib/OpenSSL/crypto/hmac/hmac.c | 0
+ Cryptlib/OpenSSL/crypto/idea/i_cbc.c | 0
+ Cryptlib/OpenSSL/crypto/idea/i_cfb64.c | 0
+ Cryptlib/OpenSSL/crypto/idea/i_ecb.c | 0
+ Cryptlib/OpenSSL/crypto/idea/i_ofb64.c | 0
+ Cryptlib/OpenSSL/crypto/idea/i_skey.c | 0
+ Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c | 0
+ Cryptlib/OpenSSL/crypto/lhash/lh_stats.c | 0
+ Cryptlib/OpenSSL/crypto/lhash/lhash.c | 0
+ Cryptlib/OpenSSL/crypto/md2/md2_dgst.c | 0
+ Cryptlib/OpenSSL/crypto/md2/md2_one.c | 0
+ Cryptlib/OpenSSL/crypto/md4/md4_dgst.c | 0
+ Cryptlib/OpenSSL/crypto/md4/md4_one.c | 0
+ Cryptlib/OpenSSL/crypto/md5/md5_dgst.c | 0
+ Cryptlib/OpenSSL/crypto/md5/md5_one.c | 0
+ Cryptlib/OpenSSL/crypto/mem.c | 0
+ Cryptlib/OpenSSL/crypto/mem_clr.c | 0
+ Cryptlib/OpenSSL/crypto/mem_dbg.c | 0
+ Cryptlib/OpenSSL/crypto/o_dir.c | 0
+ Cryptlib/OpenSSL/crypto/o_init.c | 0
+ Cryptlib/OpenSSL/crypto/o_str.c | 0
+ Cryptlib/OpenSSL/crypto/o_time.c | 0
+ Cryptlib/OpenSSL/crypto/objects/o_names.c | 0
+ Cryptlib/OpenSSL/crypto/objects/obj_dat.c | 16 +-
+ Cryptlib/OpenSSL/crypto/objects/obj_err.c | 0
+ Cryptlib/OpenSSL/crypto/objects/obj_lib.c | 0
+ Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c | 0
+ Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c | 0
+ Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c | 0
+ Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c | 0
+ Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c | 3 +
+ Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c | 13 +-
+ Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c | 0
+ Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c | 0
+ Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 0
+ Cryptlib/OpenSSL/crypto/pem/pem_all.c | 0
+ Cryptlib/OpenSSL/crypto/pem/pem_err.c | 0
+ Cryptlib/OpenSSL/crypto/pem/pem_info.c | 0
+ Cryptlib/OpenSSL/crypto/pem/pem_lib.c | 0
+ Cryptlib/OpenSSL/crypto/pem/pem_oth.c | 0
+ Cryptlib/OpenSSL/crypto/pem/pem_pk8.c | 0
+ Cryptlib/OpenSSL/crypto/pem/pem_pkey.c | 0
+ Cryptlib/OpenSSL/crypto/pem/pem_seal.c | 0
+ Cryptlib/OpenSSL/crypto/pem/pem_sign.c | 0
+ Cryptlib/OpenSSL/crypto/pem/pem_x509.c | 0
+ Cryptlib/OpenSSL/crypto/pem/pem_xaux.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 0
+ Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c | 0
+ Cryptlib/OpenSSL/crypto/pqueue/pqueue.c | 0
+ Cryptlib/OpenSSL/crypto/rand/md_rand.c | 0
+ Cryptlib/OpenSSL/crypto/rand/rand_egd.c | 0
+ Cryptlib/OpenSSL/crypto/rand/rand_eng.c | 0
+ Cryptlib/OpenSSL/crypto/rand/rand_err.c | 0
+ Cryptlib/OpenSSL/crypto/rand/rand_lib.c | 0
+ Cryptlib/OpenSSL/crypto/rand/rand_nw.c | 0
+ Cryptlib/OpenSSL/crypto/rand/rand_os2.c | 0
+ Cryptlib/OpenSSL/crypto/rand/rand_unix.c | 0
+ Cryptlib/OpenSSL/crypto/rand/rand_win.c | 0
+ Cryptlib/OpenSSL/crypto/rand/randfile.c | 0
+ Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c | 0
+ Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c | 0
+ Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c | 0
+ Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c | 0
+ Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c | 0
+ Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c | 0
+ Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c | 0
+ Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c | 0
+ Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c | 0
+ Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c | 2 +-
+ Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_err.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_none.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_null.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c | 0
+ Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c | 0
+ Cryptlib/OpenSSL/crypto/sha/sha1_one.c | 0
+ Cryptlib/OpenSSL/crypto/sha/sha1dgst.c | 0
+ Cryptlib/OpenSSL/crypto/sha/sha256.c | 0
+ Cryptlib/OpenSSL/crypto/sha/sha512.c | 0
+ Cryptlib/OpenSSL/crypto/sha/sha_dgst.c | 0
+ Cryptlib/OpenSSL/crypto/sha/sha_one.c | 0
+ Cryptlib/OpenSSL/crypto/stack/stack.c | 0
+ Cryptlib/OpenSSL/crypto/store/str_err.c | 0
+ Cryptlib/OpenSSL/crypto/store/str_lib.c | 0
+ Cryptlib/OpenSSL/crypto/store/str_mem.c | 0
+ Cryptlib/OpenSSL/crypto/store/str_meth.c | 0
+ Cryptlib/OpenSSL/crypto/txt_db/txt_db.c | 0
+ Cryptlib/OpenSSL/crypto/ui/ui_compat.c | 0
+ Cryptlib/OpenSSL/crypto/ui/ui_err.c | 0
+ Cryptlib/OpenSSL/crypto/ui/ui_lib.c | 2 +-
+ Cryptlib/OpenSSL/crypto/ui/ui_util.c | 0
+ Cryptlib/OpenSSL/crypto/uid.c | 0
+ Cryptlib/OpenSSL/crypto/x509/by_dir.c | 0
+ Cryptlib/OpenSSL/crypto/x509/by_file.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_att.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_cmp.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_d2.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_def.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_err.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_ext.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_lu.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_obj.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_r2x.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_req.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_set.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_trs.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_txt.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_v3.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509_vpm.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509cset.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509name.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509rset.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509spki.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x509type.c | 0
+ Cryptlib/OpenSSL/crypto/x509/x_all.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_info.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_int.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c | 0
+ Cryptlib/OpenSSL/crypto/x509v3/v3err.c | 0
+ Cryptlib/OpenSSL/e_os.h | 0
+ Cryptlib/OpenSSL/update.sh | 999 +++++++++++++------------
+ Cryptlib/Pk/CryptAuthenticode.c | 4 +-
+ 500 files changed, 720 insertions(+), 678 deletions(-)
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_cbc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_cfb.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_core.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ctr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ecb.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ige.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_misc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ofb.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_wrap.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bool.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bytes.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_digest.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_dup.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_enum.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_gentm.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_hdr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_int.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_meth.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_object.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_octet.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_print.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_set.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_sign.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_strex.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_strnid.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_time.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_type.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_utctm.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_utf8.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_verify.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_par.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_mime.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_moid.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_pack.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_enum.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_int.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_string.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/n_pkey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/nsseq.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_bitst.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_crl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_pkey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_req.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_spki.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_x509.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_x509a.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_new.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_algor.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_attrib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_bignum.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_crl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_exten.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_info.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_long.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_name.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_pkey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_req.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_sig.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_spki.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_val.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_x509.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_x509a.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_ecb.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_skey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/b_dump.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_buff.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_nbio.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_null.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_cb.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_bio.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_dgram.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_fd.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_file.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_log.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_mem.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_null.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_add.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_asm.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_blind.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_const.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_ctx.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_depr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_div.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_exp.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_exp2.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_gcd.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_kron.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mod.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mont.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mpi.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mul.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_nist.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_opt.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_prime.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_print.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_rand.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_recp.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_shift.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_sqr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_word.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_x931p.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buf_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buf_str.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buffer.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_cfb64.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_ecb.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_ofb64.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_skey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/c_rle.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/c_zlib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/comp_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/comp_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_api.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_def.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_mall.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_mod.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_sap.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cpt_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cryptlib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cversion.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cbc_cksm.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cbc_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb64ede.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb64enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_old.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_old2.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ecb3_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ecb_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/enc_read.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/enc_writ.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/fcrypt.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/fcrypt_b.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb64ede.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb64enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/pcbc_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/qud_cksm.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/rand_key.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/read2pwd.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/rpc_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/set_key.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/str2key.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/xcbc_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_asn1.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_check.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_depr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_gen.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_key.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_key.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_dl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_null.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_openssl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_vms.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_win32.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dyn_lck.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ebcdic.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec2_mult.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_asn1.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_check.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_curve.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_cvt.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_key.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_mult.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_print.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_mont.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_nist.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_key.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_all.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_cnf.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_dyn.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_fat.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_init.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_list.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_openssl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_padlock.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_pkey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_table.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_cipher.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_dh.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_digest.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_dsa.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_rand.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_rsa.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_store.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_all.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_bio.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_def.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_prn.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_str.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_b64.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_md.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_ok.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_all.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_allc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_alld.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/dig_eng.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/digest.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_aes.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_bf.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_cast.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_des.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_des3.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_idea.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_null.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_old.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc2.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc4.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc5.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/enc_min.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/encode.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_acnf.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_cnf.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_key.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_pbe.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_pkey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_dss.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_dss1.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md2.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md4.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md5.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_null.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_ripemd.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_sha.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_sha1.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/names.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p5_crpt.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_dec.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_open.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_seal.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_sign.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_verify.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ex_data.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/fips_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/hmac/hmac.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_cbc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_cfb64.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_ecb.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_ofb64.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_skey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/lhash/lh_stats.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/lhash/lhash.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md2/md2_dgst.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md2/md2_one.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md4/md4_dgst.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md4/md4_one.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md5/md5_dgst.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md5/md5_one.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem_clr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem_dbg.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_dir.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_init.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_str.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_time.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/o_names.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_dat.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_all.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_info.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_oth.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_pk8.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_pkey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_seal.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_sign.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_x509.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_xaux.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pqueue/pqueue.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/md_rand.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_egd.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_eng.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_nw.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_os2.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_unix.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_win.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/randfile.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_none.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_null.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha1_one.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha1dgst.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha256.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha512.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha_dgst.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha_one.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/stack/stack.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_mem.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_meth.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/txt_db/txt_db.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_compat.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_util.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/uid.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/by_dir.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/by_file.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_att.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_cmp.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_d2.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_def.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_ext.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_lu.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_obj.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_r2x.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_req.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_set.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_trs.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_txt.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_v3.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_vpm.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509cset.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509name.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509rset.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509spki.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509type.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x_all.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_info.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_int.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3err.c
+ mode change 100755 => 100644 Cryptlib/OpenSSL/e_os.h
+
+diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_core.c b/Cryptlib/OpenSSL/crypto/aes/aes_core.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bool.c b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_enum.c b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c b/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_meth.c b/Cryptlib/OpenSSL/crypto/asn1/a_meth.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_object.c b/Cryptlib/OpenSSL/crypto/asn1/a_object.c
+old mode 100755
+new mode 100644
+index 3ac2bc2..e50501a
+--- a/Cryptlib/OpenSSL/crypto/asn1/a_object.c
++++ b/Cryptlib/OpenSSL/crypto/asn1/a_object.c
+@@ -285,16 +285,28 @@ err:
+ ASN1_OBJECT_free(ret);
+ return(NULL);
+ }
++
+ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ long len)
+ {
+ ASN1_OBJECT *ret=NULL;
+ const unsigned char *p;
+- int i;
+- /* Sanity check OID encoding: can't have leading 0x80 in
+- * subidentifiers, see: X.690 8.19.2
++ int i, length;
++
++ /* Sanity check OID encoding.
++ * Need at least one content octet.
++ * MSB must be clear in the last octet.
++ * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
+ */
+- for (i = 0, p = *pp; i < len; i++, p++)
++ if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
++ p[len - 1] & 0x80)
++ {
++ ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
++ return NULL;
++ }
++ /* Now 0 < len <= INT_MAX, so the cast is safe. */
++ length = (int)len;
++ for (i = 0; i < length; i++, p++)
+ {
+ if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
+ {
+@@ -313,20 +325,20 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ else ret=(*a);
+
+ p= *pp;
+- if ((ret->data == NULL) || (ret->length < len))
++ if ((ret->data == NULL) || (ret->length < length))
+ {
+ if (ret->data != NULL) OPENSSL_free(ret->data);
+- ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
++ ret->data=(unsigned char *)OPENSSL_malloc(length);
+ ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+ if (ret->data == NULL)
+ { i=ERR_R_MALLOC_FAILURE; goto err; }
+ }
+- memcpy(ret->data,p,(int)len);
+- ret->length=(int)len;
++ memcpy(ret->data,p,length);
++ ret->length=length;
+ ret->sn=NULL;
+ ret->ln=NULL;
+ /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
+- p+=len;
++ p+=length;
+
+ if (a != NULL) (*a)=ret;
+ *pp=p;
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_print.c b/Cryptlib/OpenSSL/crypto/asn1/a_print.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_set.c b/Cryptlib/OpenSSL/crypto/asn1/a_set.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_time.c b/Cryptlib/OpenSSL/crypto/asn1/a_time.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_type.c b/Cryptlib/OpenSSL/crypto/asn1/a_type.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c
+old mode 100755
+new mode 100644
+index 5af559e..d345155
+--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c
++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c
+@@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+ *pclass=xclass;
+ if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
+
++ if (inf && !(ret & V_ASN1_CONSTRUCTED))
++ goto err;
++
+ #if 0
+ fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n",
+ (int)p,*plength,omax,(int)*pp,(int)(p+ *plength),
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c
+old mode 100755
+new mode 100644
+index ad8fbed..095887f
+--- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c
++++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c
+@@ -595,6 +595,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
+ int len, state, save_state = 0;
+
+ headers = sk_MIME_HEADER_new(mime_hdr_cmp);
++ if (!headers)
++ return NULL;
+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+ /* If whitespace at line start then continuation line */
+ if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c
+old mode 100755
+new mode 100644
+index f1a5a05..c373714
+--- a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c
++++ b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c
+@@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
+
+ if (!(octmp->length = i2d(obj, NULL))) {
+ ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
+- return NULL;
++ goto err;
+ }
+ if (!(p = OPENSSL_malloc (octmp->length))) {
+ ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+- return NULL;
++ goto err;
+ }
+ octmp->data = p;
+ i2d (obj, &p);
+ return octmp;
++ err:
++ if (!oct || !*oct)
++ {
++ ASN1_STRING_free(octmp);
++ if (oct)
++ *oct = NULL;
++ }
++ return NULL;
+ }
+
+ #endif
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c
+old mode 100755
+new mode 100644
+index f3d9804..1b94459
+--- a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c
++++ b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c
+@@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
+ ASN1_STRING *os;
+
+ if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
+- if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);
++ if (!M_ASN1_OCTET_STRING_set(os,data,len))
++ {
++ M_ASN1_OCTET_STRING_free(os);
++ return 0;
++ }
+ ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
+ return(1);
+ }
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_enum.c b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_int.c b/Cryptlib/OpenSSL/crypto/asn1/f_int.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_string.c b/Cryptlib/OpenSSL/crypto/asn1/f_string.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c
+old mode 100755
+new mode 100644
+index 6f295b4..f9dad0e
+--- a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c
++++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c
+@@ -465,6 +465,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
+ l=80-2-obase;
+
+ b=X509_NAME_oneline(name,NULL,0);
++ if (!b)
++ return 0;
+ if (!*b)
+ {
+ OPENSSL_free(b);
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c
+old mode 100755
+new mode 100644
+index 2721f90..b3687f9
+--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c
++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c
+@@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+ {
+ derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
+ * sizeof(*derlst));
++ if (!derlst)
++ return 0;
+ tmpdat = OPENSSL_malloc(skcontlen);
+- if (!derlst || !tmpdat)
++ if (!tmpdat)
++ {
++ OPENSSL_free(derlst);
+ return 0;
++ }
+ }
+ }
+ /* If not sorting just output each item */
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_exten.c b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_info.c b/Cryptlib/OpenSSL/crypto/asn1/x_info.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_long.c b/Cryptlib/OpenSSL/crypto/asn1/x_long.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_name.c b/Cryptlib/OpenSSL/crypto/asn1/x_name.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_req.c b/Cryptlib/OpenSSL/crypto/asn1/x_req.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_val.c b/Cryptlib/OpenSSL/crypto/asn1/x_val.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c b/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_enc.c b/Cryptlib/OpenSSL/crypto/bf/bf_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_skey.c b/Cryptlib/OpenSSL/crypto/bf/bf_skey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bio/b_dump.c b/Cryptlib/OpenSSL/crypto/bio/b_dump.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_null.c b/Cryptlib/OpenSSL/crypto/bio/bf_null.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_err.c b/Cryptlib/OpenSSL/crypto/bio/bio_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c
+old mode 100755
+new mode 100644
+index 371cdf5..6346c19
+--- a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c
++++ b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c
+@@ -132,8 +132,8 @@ int BIO_free(BIO *a)
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
+
+- if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
+- a->method->destroy(a);
++ if ((a->method != NULL) && (a->method->destroy != NULL))
++ a->method->destroy(a);
+ OPENSSL_free(a);
+ return(1);
+ }
+diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_file.c b/Cryptlib/OpenSSL/crypto/bio/bss_file.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_log.c b/Cryptlib/OpenSSL/crypto/bio/bss_log.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_null.c b/Cryptlib/OpenSSL/crypto/bio/bss_null.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_add.c b/Cryptlib/OpenSSL/crypto/bn/bn_add.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_const.c b/Cryptlib/OpenSSL/crypto/bn/bn_const.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_div.c b/Cryptlib/OpenSSL/crypto/bn/bn_div.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_err.c b/Cryptlib/OpenSSL/crypto/bn/bn_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c
+old mode 100755
+new mode 100644
+index 5d90f1e..28f1fa8
+--- a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c
++++ b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c
+@@ -1095,3 +1095,54 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a)
+ return 1;
+ }
+
++/*
++ * Constant-time conditional swap of a and b.
++ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
++ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
++ * and that no more than nwords are used by either a or b.
++ * a and b cannot be the same number
++ */
++void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
++ {
++ BN_ULONG t;
++ int i;
++
++ bn_wcheck_size(a, nwords);
++ bn_wcheck_size(b, nwords);
++
++ assert(a != b);
++ assert((condition & (condition - 1)) == 0);
++ assert(sizeof(BN_ULONG) >= sizeof(int));
++
++ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
++
++ t = (a->top^b->top) & condition;
++ a->top ^= t;
++ b->top ^= t;
++
++#define BN_CONSTTIME_SWAP(ind) \
++ do { \
++ t = (a->d[ind] ^ b->d[ind]) & condition; \
++ a->d[ind] ^= t; \
++ b->d[ind] ^= t; \
++ } while (0)
++
++
++ switch (nwords) {
++ default:
++ for (i = 10; i < nwords; i++)
++ BN_CONSTTIME_SWAP(i);
++ /* Fallthrough */
++ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
++ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
++ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
++ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
++ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
++ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
++ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
++ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
++ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
++ case 1: BN_CONSTTIME_SWAP(0);
++ }
++#undef BN_CONSTTIME_SWAP
++}
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
+old mode 100755
+new mode 100644
+index b66f507..c288844
+--- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
++++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
+@@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
+ BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
++#ifdef PURIFY
++ /* Valgrind complains in BN_consttime_swap because we process the whole
++ * array even if it's not initialised yet. This doesn't matter in that
++ * function - what's important is constant time operation (we're not
++ * actually going to use the data)
++ */
++ memset(a, 0, sizeof(BN_ULONG)*words);
++#endif
++
+ #if 1
+ B=b->d;
+ /* Check if the previous number needs to be copied */
+@@ -824,55 +833,3 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
+ }
+ return bn_cmp_words(a,b,cl);
+ }
+-
+-/*
+- * Constant-time conditional swap of a and b.
+- * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
+- * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
+- * and that no more than nwords are used by either a or b.
+- * a and b cannot be the same number
+- */
+-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+- {
+- BN_ULONG t;
+- int i;
+-
+- bn_wcheck_size(a, nwords);
+- bn_wcheck_size(b, nwords);
+-
+- assert(a != b);
+- assert((condition & (condition - 1)) == 0);
+- assert(sizeof(BN_ULONG) >= sizeof(int));
+-
+- condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+-
+- t = (a->top^b->top) & condition;
+- a->top ^= t;
+- b->top ^= t;
+-
+-#define BN_CONSTTIME_SWAP(ind) \
+- do { \
+- t = (a->d[ind] ^ b->d[ind]) & condition; \
+- a->d[ind] ^= t; \
+- b->d[ind] ^= t; \
+- } while (0)
+-
+-
+- switch (nwords) {
+- default:
+- for (i = 10; i < nwords; i++)
+- BN_CONSTTIME_SWAP(i);
+- /* Fallthrough */
+- case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+- case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+- case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+- case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+- case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+- case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+- case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+- case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+- case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+- case 1: BN_CONSTTIME_SWAP(0);
+- }
+-#undef BN_CONSTTIME_SWAP
+-}
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c b/Cryptlib/OpenSSL/crypto/bn/bn_opt.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_print.c b/Cryptlib/OpenSSL/crypto/bn/bn_print.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c
+old mode 100755
+new mode 100644
+index 270d0cd..65bbf16
+--- a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c
++++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c
+@@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+ if (al <= 0)
+ {
+ r->top=0;
++ r->neg = 0;
+ return 1;
+ }
+
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/buffer/buffer.c b/Cryptlib/OpenSSL/crypto/buffer/buffer.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c b/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ecb.c b/Cryptlib/OpenSSL/crypto/cast/c_ecb.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/cast/c_enc.c b/Cryptlib/OpenSSL/crypto/cast/c_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c b/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/cast/c_skey.c b/Cryptlib/OpenSSL/crypto/cast/c_skey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/comp/c_rle.c b/Cryptlib/OpenSSL/crypto/comp/c_rle.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_err.c b/Cryptlib/OpenSSL/crypto/comp/comp_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_api.c b/Cryptlib/OpenSSL/crypto/conf/conf_api.c
+old mode 100755
+new mode 100644
+index 17bae83..55d1d50
+--- a/Cryptlib/OpenSSL/crypto/conf/conf_api.c
++++ b/Cryptlib/OpenSSL/crypto/conf/conf_api.c
+@@ -294,7 +294,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
+ v->value=(char *)sk;
+
+ vv=(CONF_VALUE *)lh_insert(conf->data,v);
+- assert(vv == NULL);
++ OPENSSL_assert(vv == NULL);
+ ok=1;
+ err:
+ if (!ok)
+diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.c b/Cryptlib/OpenSSL/crypto/conf/conf_def.c
+old mode 100755
+new mode 100644
+index 3c58936..a168339
+--- a/Cryptlib/OpenSSL/crypto/conf/conf_def.c
++++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.c
+@@ -324,7 +324,7 @@ again:
+ p=eat_ws(conf, end);
+ if (*p != ']')
+ {
+- if (*p != '\0')
++ if (*p != '\0' && ss != p)
+ {
+ ss=p;
+ goto again;
+diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_err.c b/Cryptlib/OpenSSL/crypto/conf/conf_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/cpt_err.c b/Cryptlib/OpenSSL/crypto/cpt_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/cversion.c b/Cryptlib/OpenSSL/crypto/cversion.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_enc.c b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64ede.c b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64enc.c b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/cfb_enc.c b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/des_enc.c b/Cryptlib/OpenSSL/crypto/des/des_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/des_lib.c b/Cryptlib/OpenSSL/crypto/des/des_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/des_old.c b/Cryptlib/OpenSSL/crypto/des/des_old.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/des_old2.c b/Cryptlib/OpenSSL/crypto/des/des_old2.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/enc_read.c b/Cryptlib/OpenSSL/crypto/des/enc_read.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/enc_writ.c b/Cryptlib/OpenSSL/crypto/des/enc_writ.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt.c b/Cryptlib/OpenSSL/crypto/des/fcrypt.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64ede.c b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64enc.c b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/ofb_enc.c b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/qud_cksm.c b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/rand_key.c b/Cryptlib/OpenSSL/crypto/des/rand_key.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/read2pwd.c b/Cryptlib/OpenSSL/crypto/des/read2pwd.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/rpc_enc.c b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/set_key.c b/Cryptlib/OpenSSL/crypto/des/set_key.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/str2key.c b/Cryptlib/OpenSSL/crypto/des/str2key.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_check.c b/Cryptlib/OpenSSL/crypto/dh/dh_check.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_err.c b/Cryptlib/OpenSSL/crypto/dh/dh_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_key.c b/Cryptlib/OpenSSL/crypto/dh/dh_key.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_err.c b/Cryptlib/OpenSSL/crypto/dso/dso_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_null.c b/Cryptlib/OpenSSL/crypto/dso/dso_null.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/dyn_lck.c b/Cryptlib/OpenSSL/crypto/dyn_lck.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ebcdic.c b/Cryptlib/OpenSSL/crypto/ebcdic.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c b/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_check.c b/Cryptlib/OpenSSL/crypto/ec/ec_check.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_curve.c b/Cryptlib/OpenSSL/crypto/ec/ec_curve.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c b/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_err.c b/Cryptlib/OpenSSL/crypto/ec/ec_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c
+old mode 100755
+new mode 100644
+index bbf2799..e7d11ff
+--- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c
++++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c
+@@ -1010,7 +1010,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *
+
+ int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
+ {
+- if (group->meth->dbl == 0)
++ if (group->meth->invert == 0)
+ {
+ ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec_mult.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_print.c b/Cryptlib/OpenSSL/crypto/ec/ec_print.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c b/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c b/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c
+old mode 100755
+new mode 100644
+index 66a92e2..b239088
+--- a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c
++++ b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c
+@@ -1540,9 +1540,8 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ct
+ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
+ {
+ BN_CTX *new_ctx = NULL;
+- BIGNUM *tmp0, *tmp1;
+- size_t pow2 = 0;
+- BIGNUM **heap = NULL;
++ BIGNUM *tmp, *tmp_Z;
++ BIGNUM **prod_Z = NULL;
+ size_t i;
+ int ret = 0;
+
+@@ -1557,124 +1556,104 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT
+ }
+
+ BN_CTX_start(ctx);
+- tmp0 = BN_CTX_get(ctx);
+- tmp1 = BN_CTX_get(ctx);
+- if (tmp0 == NULL || tmp1 == NULL) goto err;
++ tmp = BN_CTX_get(ctx);
++ tmp_Z = BN_CTX_get(ctx);
++ if (tmp == NULL || tmp_Z == NULL) goto err;
+
+- /* Before converting the individual points, compute inverses of all Z values.
+- * Modular inversion is rather slow, but luckily we can do with a single
+- * explicit inversion, plus about 3 multiplications per input value.
+- */
++ prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]);
++ if (prod_Z == NULL) goto err;
++ for (i = 0; i < num; i++)
++ {
++ prod_Z[i] = BN_new();
++ if (prod_Z[i] == NULL) goto err;
++ }
+
+- pow2 = 1;
+- while (num > pow2)
+- pow2 <<= 1;
+- /* Now pow2 is the smallest power of 2 satifsying pow2 >= num.
+- * We need twice that. */
+- pow2 <<= 1;
++ /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z,
++ * skipping any zero-valued inputs (pretend that they're 1). */
+
+- heap = OPENSSL_malloc(pow2 * sizeof heap[0]);
+- if (heap == NULL) goto err;
+-
+- /* The array is used as a binary tree, exactly as in heapsort:
+- *
+- * heap[1]
+- * heap[2] heap[3]
+- * heap[4] heap[5] heap[6] heap[7]
+- * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15]
+- *
+- * We put the Z's in the last line;
+- * then we set each other node to the product of its two child-nodes (where
+- * empty or 0 entries are treated as ones);
+- * then we invert heap[1];
+- * then we invert each other node by replacing it by the product of its
+- * parent (after inversion) and its sibling (before inversion).
+- */
+- heap[0] = NULL;
+- for (i = pow2/2 - 1; i > 0; i--)
+- heap[i] = NULL;
+- for (i = 0; i < num; i++)
+- heap[pow2/2 + i] = &points[i]->Z;
+- for (i = pow2/2 + num; i < pow2; i++)
+- heap[i] = NULL;
+-
+- /* set each node to the product of its children */
+- for (i = pow2/2 - 1; i > 0; i--)
++ if (!BN_is_zero(&points[0]->Z))
+ {
+- heap[i] = BN_new();
+- if (heap[i] == NULL) goto err;
+-
+- if (heap[2*i] != NULL)
++ if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err;
++ }
++ else
++ {
++ if (group->meth->field_set_to_one != 0)
+ {
+- if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1]))
+- {
+- if (!BN_copy(heap[i], heap[2*i])) goto err;
+- }
+- else
+- {
+- if (BN_is_zero(heap[2*i]))
+- {
+- if (!BN_copy(heap[i], heap[2*i + 1])) goto err;
+- }
+- else
+- {
+- if (!group->meth->field_mul(group, heap[i],
+- heap[2*i], heap[2*i + 1], ctx)) goto err;
+- }
+- }
++ if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err;
++ }
++ else
++ {
++ if (!BN_one(prod_Z[0])) goto err;
+ }
+ }
+
+- /* invert heap[1] */
+- if (!BN_is_zero(heap[1]))
++ for (i = 1; i < num; i++)
+ {
+- if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx))
++ if (!BN_is_zero(&points[i]->Z))
+ {
+- ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
+- goto err;
++ if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err;
++ }
++ else
++ {
++ if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err;
+ }
+ }
++
++ /* Now use a single explicit inversion to replace every
++ * non-zero points[i]->Z by its inverse. */
++
++ if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx))
++ {
++ ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
++ goto err;
++ }
+ if (group->meth->field_encode != 0)
+ {
+- /* in the Montgomery case, we just turned R*H (representing H)
++ /* In the Montgomery case, we just turned R*H (representing H)
+ * into 1/(R*H), but we need R*(1/H) (representing 1/H);
+- * i.e. we have need to multiply by the Montgomery factor twice */
+- if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
+- if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
++ * i.e. we need to multiply by the Montgomery factor twice. */
++ if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
++ if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
+ }
+
+- /* set other heap[i]'s to their inverses */
+- for (i = 2; i < pow2/2 + num; i += 2)
++ for (i = num - 1; i > 0; --i)
+ {
+- /* i is even */
+- if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1]))
+- {
+- if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err;
+- if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err;
+- if (!BN_copy(heap[i], tmp0)) goto err;
+- if (!BN_copy(heap[i + 1], tmp1)) goto err;
+- }
+- else
++ /* Loop invariant: tmp is the product of the inverses of
++ * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */
++ if (!BN_is_zero(&points[i]->Z))
+ {
+- if (!BN_copy(heap[i], heap[i/2])) goto err;
++ /* Set tmp_Z to the inverse of points[i]->Z (as product
++ * of Z inverses 0 .. i, Z values 0 .. i - 1). */
++ if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err;
++ /* Update tmp to satisfy the loop invariant for i - 1. */
++ if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err;
++ /* Replace points[i]->Z by its inverse. */
++ if (!BN_copy(&points[i]->Z, tmp_Z)) goto err;
+ }
+ }
+
+- /* we have replaced all non-zero Z's by their inverses, now fix up all the points */
++ if (!BN_is_zero(&points[0]->Z))
++ {
++ /* Replace points[0]->Z by its inverse. */
++ if (!BN_copy(&points[0]->Z, tmp)) goto err;
++ }
++
++ /* Finally, fix up the X and Y coordinates for all points. */
++
+ for (i = 0; i < num; i++)
+ {
+ EC_POINT *p = points[i];
+-
++
+ if (!BN_is_zero(&p->Z))
+ {
+ /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */
+
+- if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err;
+- if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err;
++ if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err;
++ if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err;
++
++ if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err;
++ if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err;
+
+- if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err;
+- if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err;
+-
+ if (group->meth->field_set_to_one != 0)
+ {
+ if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;
+@@ -1688,20 +1667,19 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT
+ }
+
+ ret = 1;
+-
++
+ err:
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+- if (heap != NULL)
++ if (prod_Z != NULL)
+ {
+- /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */
+- for (i = pow2/2 - 1; i > 0; i--)
++ for (i = 0; i < num; i++)
+ {
+- if (heap[i] != NULL)
+- BN_clear_free(heap[i]);
++ if (prod_Z[i] != NULL)
++ BN_clear_free(prod_Z[i]);
+ }
+- OPENSSL_free(heap);
++ OPENSSL_free(prod_Z);
+ }
+ return ret;
+ }
+diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c b/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c b/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c b/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c b/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_err.c b/Cryptlib/OpenSSL/crypto/engine/eng_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_fat.c b/Cryptlib/OpenSSL/crypto/engine/eng_fat.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_init.c b/Cryptlib/OpenSSL/crypto/engine/eng_init.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_lib.c b/Cryptlib/OpenSSL/crypto/engine/eng_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_list.c b/Cryptlib/OpenSSL/crypto/engine/eng_list.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c b/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c b/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c b/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_table.c b/Cryptlib/OpenSSL/crypto/engine/eng_table.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c b/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dh.c b/Cryptlib/OpenSSL/crypto/engine/tb_dh.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_digest.c b/Cryptlib/OpenSSL/crypto/engine/tb_digest.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rand.c b/Cryptlib/OpenSSL/crypto/engine/tb_rand.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_store.c b/Cryptlib/OpenSSL/crypto/engine/tb_store.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/err/err_bio.c b/Cryptlib/OpenSSL/crypto/err/err_bio.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/err/err_def.c b/Cryptlib/OpenSSL/crypto/err/err_def.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/err/err_prn.c b/Cryptlib/OpenSSL/crypto/err/err_prn.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/err/err_str.c b/Cryptlib/OpenSSL/crypto/err/err_str.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_md.c b/Cryptlib/OpenSSL/crypto/evp/bio_md.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/c_all.c b/Cryptlib/OpenSSL/crypto/evp/c_all.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/c_allc.c b/Cryptlib/OpenSSL/crypto/evp/c_allc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/c_alld.c b/Cryptlib/OpenSSL/crypto/evp/c_alld.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/dig_eng.c b/Cryptlib/OpenSSL/crypto/evp/dig_eng.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/digest.c b/Cryptlib/OpenSSL/crypto/evp/digest.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes.c b/Cryptlib/OpenSSL/crypto/evp/e_aes.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/e_bf.c b/Cryptlib/OpenSSL/crypto/evp/e_bf.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/e_cast.c b/Cryptlib/OpenSSL/crypto/evp/e_cast.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des.c b/Cryptlib/OpenSSL/crypto/evp/e_des.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des3.c b/Cryptlib/OpenSSL/crypto/evp/e_des3.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/e_idea.c b/Cryptlib/OpenSSL/crypto/evp/e_idea.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/e_null.c b/Cryptlib/OpenSSL/crypto/evp/e_null.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/e_old.c b/Cryptlib/OpenSSL/crypto/evp/e_old.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/enc_min.c b/Cryptlib/OpenSSL/crypto/evp/enc_min.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_err.c b/Cryptlib/OpenSSL/crypto/evp/evp_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_key.c b/Cryptlib/OpenSSL/crypto/evp/evp_key.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss.c b/Cryptlib/OpenSSL/crypto/evp/m_dss.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md2.c b/Cryptlib/OpenSSL/crypto/evp/m_md2.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md4.c b/Cryptlib/OpenSSL/crypto/evp/m_md4.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5.c b/Cryptlib/OpenSSL/crypto/evp/m_md5.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/m_null.c b/Cryptlib/OpenSSL/crypto/evp/m_null.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha.c b/Cryptlib/OpenSSL/crypto/evp/m_sha.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/names.c b/Cryptlib/OpenSSL/crypto/evp/names.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/p_dec.c b/Cryptlib/OpenSSL/crypto/evp/p_dec.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/p_enc.c b/Cryptlib/OpenSSL/crypto/evp/p_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/p_lib.c b/Cryptlib/OpenSSL/crypto/evp/p_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/p_open.c b/Cryptlib/OpenSSL/crypto/evp/p_open.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/p_seal.c b/Cryptlib/OpenSSL/crypto/evp/p_seal.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/p_sign.c b/Cryptlib/OpenSSL/crypto/evp/p_sign.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/evp/p_verify.c b/Cryptlib/OpenSSL/crypto/evp/p_verify.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ex_data.c b/Cryptlib/OpenSSL/crypto/ex_data.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/fips_err.c b/Cryptlib/OpenSSL/crypto/fips_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/hmac/hmac.c b/Cryptlib/OpenSSL/crypto/hmac/hmac.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cbc.c b/Cryptlib/OpenSSL/crypto/idea/i_cbc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c b/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ecb.c b/Cryptlib/OpenSSL/crypto/idea/i_ecb.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c b/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/idea/i_skey.c b/Cryptlib/OpenSSL/crypto/idea/i_skey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash.c b/Cryptlib/OpenSSL/crypto/lhash/lhash.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c b/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_one.c b/Cryptlib/OpenSSL/crypto/md2/md2_one.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_one.c b/Cryptlib/OpenSSL/crypto/md4/md4_one.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_one.c b/Cryptlib/OpenSSL/crypto/md5/md5_one.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/mem.c b/Cryptlib/OpenSSL/crypto/mem.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/mem_clr.c b/Cryptlib/OpenSSL/crypto/mem_clr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/o_dir.c b/Cryptlib/OpenSSL/crypto/o_dir.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/o_str.c b/Cryptlib/OpenSSL/crypto/o_str.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/o_time.c b/Cryptlib/OpenSSL/crypto/o_time.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/objects/o_names.c b/Cryptlib/OpenSSL/crypto/objects/o_names.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c
+old mode 100755
+new mode 100644
+index 760af16..cf5ba2a
+--- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c
++++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c
+@@ -444,11 +444,12 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
+ unsigned char *p;
+ char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
+
+- if ((a == NULL) || (a->data == NULL)) {
+- buf[0]='\0';
+- return(0);
+- }
++ /* Ensure that, at every state, |buf| is NUL-terminated. */
++ if (buf && buf_len > 0)
++ buf[0] = '\0';
+
++ if ((a == NULL) || (a->data == NULL))
++ return(0);
+
+ if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef)
+ {
+@@ -527,9 +528,10 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
+ i=(int)(l/40);
+ l-=(long)(i*40);
+ }
+- if (buf && (buf_len > 0))
++ if (buf && (buf_len > 1))
+ {
+ *buf++ = i + '0';
++ *buf = '\0';
+ buf_len--;
+ }
+ n++;
+@@ -544,9 +546,10 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
+ i = strlen(bndec);
+ if (buf)
+ {
+- if (buf_len > 0)
++ if (buf_len > 1)
+ {
+ *buf++ = '.';
++ *buf = '\0';
+ buf_len--;
+ }
+ BUF_strlcpy(buf,bndec,buf_len);
+@@ -786,4 +789,3 @@ err:
+ OPENSSL_free(buf);
+ return(ok);
+ }
+-
+diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_err.c b/Cryptlib/OpenSSL/crypto/objects/obj_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c
+old mode 100755
+new mode 100644
+index 92aba08..fb87cd7
+--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c
++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c
+@@ -464,6 +464,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
+
+ ctx = OCSP_sendreq_new(b, path, req, -1);
+
++ if (!ctx)
++ return NULL;
++
+ do
+ {
+ rv = OCSP_sendreq_nbio(&resp, ctx);
+diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c
+old mode 100755
+new mode 100644
+index 441ccb7..5883b4e
+--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c
++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c
+@@ -220,8 +220,19 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
+
+ if (!*ppath) goto mem_err;
+
++ p = host;
++ if(host[0] == '[')
++ {
++ /* ipv6 literal */
++ host++;
++ p = strchr(host, ']');
++ if(!p) goto parse_err;
++ *p = '\0';
++ p++;
++ }
++
+ /* Look for optional ':' for port number */
+- if ((p = strchr(host, ':')))
++ if ((p = strchr(p, ':')))
+ {
+ *p = 0;
+ port = p + 1;
+diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_all.c b/Cryptlib/OpenSSL/crypto/pem/pem_all.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_err.c b/Cryptlib/OpenSSL/crypto/pem/pem_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_info.c b/Cryptlib/OpenSSL/crypto/pem/pem_info.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rand/md_rand.c b/Cryptlib/OpenSSL/crypto/rand/md_rand.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_eng.c b/Cryptlib/OpenSSL/crypto/rand/rand_eng.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_err.c b/Cryptlib/OpenSSL/crypto/rand/rand_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_nw.c b/Cryptlib/OpenSSL/crypto/rand/rand_nw.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_os2.c b/Cryptlib/OpenSSL/crypto/rand/rand_os2.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_win.c b/Cryptlib/OpenSSL/crypto/rand/rand_win.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rand/randfile.c b/Cryptlib/OpenSSL/crypto/rand/randfile.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c
+old mode 100755
+new mode 100644
+index d477f08..203d702
+--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c
++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c
+@@ -457,7 +457,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+ if (padding == RSA_X931_PADDING)
+ {
+ BN_sub(f, rsa->n, ret);
+- if (BN_cmp(ret, f))
++ if (BN_cmp(ret, f) > 0)
+ res = f;
+ else
+ res = ret;
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/sha/sha256.c b/Cryptlib/OpenSSL/crypto/sha/sha256.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/sha/sha512.c b/Cryptlib/OpenSSL/crypto/sha/sha512.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_one.c b/Cryptlib/OpenSSL/crypto/sha/sha_one.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/stack/stack.c b/Cryptlib/OpenSSL/crypto/stack/stack.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/store/str_err.c b/Cryptlib/OpenSSL/crypto/store/str_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/store/str_lib.c b/Cryptlib/OpenSSL/crypto/store/str_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/store/str_mem.c b/Cryptlib/OpenSSL/crypto/store/str_mem.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/store/str_meth.c b/Cryptlib/OpenSSL/crypto/store/str_meth.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_compat.c b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_err.c b/Cryptlib/OpenSSL/crypto/ui/ui_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c
+old mode 100755
+new mode 100644
+index ac01008..67013f8
+--- a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c
++++ b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c
+@@ -897,9 +897,9 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
+ break;
+ }
+ }
++ }
+ default:
+ break;
+ }
+- }
+ return 0;
+ }
+diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_util.c b/Cryptlib/OpenSSL/crypto/ui/ui_util.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/uid.c b/Cryptlib/OpenSSL/crypto/uid.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/by_dir.c b/Cryptlib/OpenSSL/crypto/x509/by_dir.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/by_file.c b/Cryptlib/OpenSSL/crypto/x509/by_file.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_att.c b/Cryptlib/OpenSSL/crypto/x509/x509_att.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_def.c b/Cryptlib/OpenSSL/crypto/x509/x509_def.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_err.c b/Cryptlib/OpenSSL/crypto/x509/x509_err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_req.c b/Cryptlib/OpenSSL/crypto/x509/x509_req.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_set.c b/Cryptlib/OpenSSL/crypto/x509/x509_set.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509cset.c b/Cryptlib/OpenSSL/crypto/x509/x509cset.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509name.c b/Cryptlib/OpenSSL/crypto/x509/x509name.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509rset.c b/Cryptlib/OpenSSL/crypto/x509/x509rset.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509spki.c b/Cryptlib/OpenSSL/crypto/x509/x509spki.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509type.c b/Cryptlib/OpenSSL/crypto/x509/x509type.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x_all.c b/Cryptlib/OpenSSL/crypto/x509/x_all.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/e_os.h b/Cryptlib/OpenSSL/e_os.h
+old mode 100755
+new mode 100644
+diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh
+index 95875e7..897ef2d 100755
+--- a/Cryptlib/OpenSSL/update.sh
++++ b/Cryptlib/OpenSSL/update.sh
+@@ -1,501 +1,504 @@
+ #/bin/sh
+ DIR=$1
++version="0.9.8zb"
+
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/e_os.h e_os.h
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cryptlib.c crypto/cryptlib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dyn_lck.c crypto/dyn_lck.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem.c crypto/mem.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_clr.c crypto/mem_clr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_dbg.c crypto/mem_dbg.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cversion.c crypto/cversion.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ex_data.c crypto/ex_data.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cpt_err.c crypto/cpt_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ebcdic.c crypto/ebcdic.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/uid.c crypto/uid.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_time.c crypto/o_time.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_str.c crypto/o_str.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_dir.c crypto/o_dir.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_init.c crypto/o_init.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/fips_err.c crypto/fips_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_one.c crypto/md2/md2_one.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_one.c crypto/md4/md4_one.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_one.c crypto/md5/md5_one.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_one.c crypto/sha/sha_one.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1_one.c crypto/sha/sha1_one.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha256.c crypto/sha/sha256.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha512.c crypto/sha/sha512.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/hmac/hmac.c crypto/hmac/hmac.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_lib.c crypto/des/des_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/set_key.c crypto/des/set_key.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb_enc.c crypto/des/ecb_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_enc.c crypto/des/cbc_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64enc.c crypto/des/cfb64enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64ede.c crypto/des/cfb64ede.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb_enc.c crypto/des/cfb_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64ede.c crypto/des/ofb64ede.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_read.c crypto/des/enc_read.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_writ.c crypto/des/enc_writ.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64enc.c crypto/des/ofb64enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb_enc.c crypto/des/ofb_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/str2key.c crypto/des/str2key.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/qud_cksm.c crypto/des/qud_cksm.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rand_key.c crypto/des/rand_key.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_enc.c crypto/des/des_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt.c crypto/des/fcrypt.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rpc_enc.c crypto/des/rpc_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old.c crypto/des/des_old.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old2.c crypto/des/des_old2.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/read2pwd.c crypto/des/read2pwd.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cbc.c crypto/idea/i_cbc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ecb.c crypto/idea/i_ecb.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_skey.c crypto/idea/i_skey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_skey.c crypto/bf/bf_skey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_enc.c crypto/bf/bf_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_skey.c crypto/cast/c_skey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ecb.c crypto/cast/c_ecb.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_enc.c crypto/cast/c_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_misc.c crypto/aes/aes_misc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ige.c crypto/aes/aes_ige.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_core.c crypto/aes/aes_core.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_add.c crypto/bn/bn_add.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_div.c crypto/bn/bn_div.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp.c crypto/bn/bn_exp.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_lib.c crypto/bn/bn_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mul.c crypto/bn/bn_mul.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mod.c crypto/bn/bn_mod.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_print.c crypto/bn/bn_print.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_rand.c crypto/bn/bn_rand.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_shift.c crypto/bn/bn_shift.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_word.c crypto/bn/bn_word.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_blind.c crypto/bn/bn_blind.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_kron.c crypto/bn/bn_kron.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_prime.c crypto/bn/bn_prime.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_err.c crypto/bn/bn_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_asm.c crypto/bn/bn_asm.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_recp.c crypto/bn/bn_recp.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mont.c crypto/bn/bn_mont.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_nist.c crypto/bn/bn_nist.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_depr.c crypto/bn/bn_depr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_const.c crypto/bn/bn_const.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_opt.c crypto/bn/bn_opt.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dl.c crypto/dso/dso_dl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_err.c crypto/dso/dso_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_lib.c crypto/dso/dso_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_null.c crypto/dso/dso_null.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_win32.c crypto/dso/dso_win32.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_vms.c crypto/dso/dso_vms.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_gen.c crypto/dh/dh_gen.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_key.c crypto/dh/dh_key.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_lib.c crypto/dh/dh_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_check.c crypto/dh/dh_check.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_err.c crypto/dh/dh_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_depr.c crypto/dh/dh_depr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_lib.c crypto/ec/ec_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_mult.c crypto/ec/ec_mult.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_err.c crypto/ec/ec_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_curve.c crypto/ec/ec_curve.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_check.c crypto/ec/ec_check.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_print.c crypto/ec/ec_print.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_key.c crypto/ec/ec_key.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buffer.c crypto/buffer/buffer.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_str.c crypto/buffer/buf_str.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_err.c crypto/buffer/buf_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_lib.c crypto/bio/bio_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_cb.c crypto/bio/bio_cb.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_err.c crypto/bio/bio_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_mem.c crypto/bio/bss_mem.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_null.c crypto/bio/bss_null.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_fd.c crypto/bio/bss_fd.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_file.c crypto/bio/bss_file.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_null.c crypto/bio/bf_null.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_buff.c crypto/bio/bf_buff.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/b_dump.c crypto/bio/b_dump.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_log.c crypto/bio/bss_log.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_bio.c crypto/bio/bss_bio.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/stack/stack.c crypto/stack/stack.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lhash.c crypto/lhash/lhash.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/md_rand.c crypto/rand/md_rand.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/randfile.c crypto/rand/randfile.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_lib.c crypto/rand/rand_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_eng.c crypto/rand/rand_eng.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_err.c crypto/rand/rand_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_egd.c crypto/rand/rand_egd.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_win.c crypto/rand/rand_win.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_unix.c crypto/rand/rand_unix.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_os2.c crypto/rand/rand_os2.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_nw.c crypto/rand/rand_nw.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err.c crypto/err/err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_def.c crypto/err/err_def.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_all.c crypto/err/err_all.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_prn.c crypto/err/err_prn.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_str.c crypto/err/err_str.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_bio.c crypto/err/err_bio.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/o_names.c crypto/objects/o_names.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_dat.c crypto/objects/obj_dat.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_lib.c crypto/objects/obj_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_err.c crypto/objects/obj_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/encode.c crypto/evp/encode.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/digest.c crypto/evp/digest.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/dig_eng.c crypto/evp/dig_eng.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_enc.c crypto/evp/evp_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_key.c crypto/evp/evp_key.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des.c crypto/evp/e_des.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_bf.c crypto/evp/e_bf.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_idea.c crypto/evp/e_idea.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des3.c crypto/evp/e_des3.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc4.c crypto/evp/e_rc4.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_aes.c crypto/evp/e_aes.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/names.c crypto/evp/names.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc2.c crypto/evp/e_rc2.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_cast.c crypto/evp/e_cast.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc5.c crypto/evp/e_rc5.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/enc_min.c crypto/evp/enc_min.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_null.c crypto/evp/m_null.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md2.c crypto/evp/m_md2.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md4.c crypto/evp/m_md4.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md5.c crypto/evp/m_md5.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha.c crypto/evp/m_sha.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha1.c crypto/evp/m_sha1.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss.c crypto/evp/m_dss.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss1.c crypto/evp/m_dss1.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_open.c crypto/evp/p_open.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_seal.c crypto/evp/p_seal.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_sign.c crypto/evp/p_sign.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_verify.c crypto/evp/p_verify.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_lib.c crypto/evp/p_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_enc.c crypto/evp/p_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_dec.c crypto/evp/p_dec.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_md.c crypto/evp/bio_md.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_b64.c crypto/evp/bio_b64.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_enc.c crypto/evp/bio_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_err.c crypto/evp/evp_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_null.c crypto/evp/e_null.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_all.c crypto/evp/c_all.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_allc.c crypto/evp/c_allc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_alld.c crypto/evp/c_alld.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_lib.c crypto/evp/evp_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_ok.c crypto/evp/bio_ok.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_old.c crypto/evp/e_old.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_object.c crypto/asn1/a_object.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_time.c crypto/asn1/a_time.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_int.c crypto/asn1/a_int.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_octet.c crypto/asn1/a_octet.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_print.c crypto/asn1/a_print.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_type.c crypto/asn1/a_type.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_set.c crypto/asn1/a_set.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_dup.c crypto/asn1/a_dup.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_enum.c crypto/asn1/a_enum.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_sign.c crypto/asn1/a_sign.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_digest.c crypto/asn1/a_digest.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_verify.c crypto/asn1/a_verify.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strex.c crypto/asn1/a_strex.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_algor.c crypto/asn1/x_algor.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_val.c crypto/asn1/x_val.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_sig.c crypto/asn1/x_sig.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_req.c crypto/asn1/x_req.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_long.c crypto/asn1/x_long.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_name.c crypto/asn1/x_name.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509.c crypto/asn1/x_x509.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_crl.c crypto/asn1/x_crl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_info.c crypto/asn1/x_info.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_spki.c crypto/asn1/x_spki.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/nsseq.c crypto/asn1/nsseq.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_req.c crypto/asn1/t_req.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509.c crypto/asn1/t_x509.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_crl.c crypto/asn1/t_crl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_spki.c crypto/asn1/t_spki.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_int.c crypto/asn1/f_int.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_string.c crypto/asn1/f_string.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_enum.c crypto/asn1/f_enum.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bool.c crypto/asn1/a_bool.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_exten.c crypto/asn1/x_exten.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_meth.c crypto/asn1/a_meth.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_sign.c crypto/pem/pem_sign.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_seal.c crypto/pem/pem_seal.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_info.c crypto/pem/pem_info.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_lib.c crypto/pem/pem_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_all.c crypto/pem/pem_all.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_err.c crypto/pem/pem_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_x509.c crypto/pem/pem_x509.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_oth.c crypto/pem/pem_oth.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_def.c crypto/x509/x509_def.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_d2.c crypto/x509/x509_d2.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_obj.c crypto/x509/x509_obj.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_req.c crypto/x509/x509_req.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509spki.c crypto/x509/x509spki.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_set.c crypto/x509/x509_set.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509cset.c crypto/x509/x509cset.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509rset.c crypto/x509/x509rset.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_err.c crypto/x509/x509_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509name.c crypto/x509/x509name.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_v3.c crypto/x509/x509_v3.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_ext.c crypto/x509/x509_ext.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_att.c crypto/x509/x509_att.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509type.c crypto/x509/x509type.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_lu.c crypto/x509/x509_lu.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x_all.c crypto/x509/x_all.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_txt.c crypto/x509/x509_txt.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_trs.c crypto/x509/x509_trs.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_file.c crypto/x509/by_file.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_dir.c crypto/x509/by_dir.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3err.c crypto/x509v3/v3err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_err.c crypto/conf/conf_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_lib.c crypto/conf/conf_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_api.c crypto/conf/conf_api.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_def.c crypto/conf/conf_def.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mod.c crypto/conf/conf_mod.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mall.c crypto/conf/conf_mall.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_sap.c crypto/conf/conf_sap.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_lib.c crypto/comp/comp_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_err.c crypto/comp/comp_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_rle.c crypto/comp/c_rle.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_zlib.c crypto/comp/c_zlib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_err.c crypto/engine/eng_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_lib.c crypto/engine/eng_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_list.c crypto/engine/eng_list.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_init.c crypto/engine/eng_init.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_table.c crypto/engine/eng_table.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_fat.c crypto/engine/eng_fat.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_all.c crypto/engine/eng_all.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dh.c crypto/engine/tb_dh.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rand.c crypto/engine/tb_rand.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_store.c crypto/engine/tb_store.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_digest.c crypto/engine/tb_digest.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_err.c crypto/ui/ui_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_lib.c crypto/ui/ui_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_util.c crypto/ui/ui_util.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_compat.c crypto/ui/ui_compat.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_err.c crypto/store/str_err.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_lib.c crypto/store/str_lib.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_meth.c crypto/store/str_meth.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_mem.c crypto/store/str_mem.c
+-install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/e_os.h e_os.h
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cryptlib.c crypto/cryptlib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dyn_lck.c crypto/dyn_lck.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem.c crypto/mem.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_clr.c crypto/mem_clr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_dbg.c crypto/mem_dbg.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cversion.c crypto/cversion.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ex_data.c crypto/ex_data.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cpt_err.c crypto/cpt_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ebcdic.c crypto/ebcdic.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/uid.c crypto/uid.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_time.c crypto/o_time.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_str.c crypto/o_str.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_dir.c crypto/o_dir.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_init.c crypto/o_init.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/fips_err.c crypto/fips_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md2/md2_one.c crypto/md2/md2_one.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_one.c crypto/md4/md4_one.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_one.c crypto/md5/md5_one.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_one.c crypto/sha/sha_one.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1_one.c crypto/sha/sha1_one.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha256.c crypto/sha/sha256.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha512.c crypto/sha/sha512.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/hmac/hmac.c crypto/hmac/hmac.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_lib.c crypto/des/des_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/set_key.c crypto/des/set_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb_enc.c crypto/des/ecb_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_enc.c crypto/des/cbc_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64enc.c crypto/des/cfb64enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64ede.c crypto/des/cfb64ede.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb_enc.c crypto/des/cfb_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb64ede.c crypto/des/ofb64ede.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/enc_read.c crypto/des/enc_read.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/enc_writ.c crypto/des/enc_writ.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb64enc.c crypto/des/ofb64enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb_enc.c crypto/des/ofb_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/str2key.c crypto/des/str2key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/qud_cksm.c crypto/des/qud_cksm.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rand_key.c crypto/des/rand_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_enc.c crypto/des/des_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/fcrypt.c crypto/des/fcrypt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rpc_enc.c crypto/des/rpc_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old.c crypto/des/des_old.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old2.c crypto/des/des_old2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/read2pwd.c crypto/des/read2pwd.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_cbc.c crypto/idea/i_cbc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_ecb.c crypto/idea/i_ecb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_skey.c crypto/idea/i_skey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_skey.c crypto/bf/bf_skey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_enc.c crypto/bf/bf_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_skey.c crypto/cast/c_skey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_ecb.c crypto/cast/c_ecb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_enc.c crypto/cast/c_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_misc.c crypto/aes/aes_misc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ige.c crypto/aes/aes_ige.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_core.c crypto/aes/aes_core.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_add.c crypto/bn/bn_add.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_div.c crypto/bn/bn_div.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp.c crypto/bn/bn_exp.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_lib.c crypto/bn/bn_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mul.c crypto/bn/bn_mul.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mod.c crypto/bn/bn_mod.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_print.c crypto/bn/bn_print.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_rand.c crypto/bn/bn_rand.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_shift.c crypto/bn/bn_shift.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_word.c crypto/bn/bn_word.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_blind.c crypto/bn/bn_blind.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_kron.c crypto/bn/bn_kron.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_prime.c crypto/bn/bn_prime.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_err.c crypto/bn/bn_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_asm.c crypto/bn/bn_asm.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_recp.c crypto/bn/bn_recp.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mont.c crypto/bn/bn_mont.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_nist.c crypto/bn/bn_nist.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_depr.c crypto/bn/bn_depr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_const.c crypto/bn/bn_const.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_opt.c crypto/bn/bn_opt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dl.c crypto/dso/dso_dl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_err.c crypto/dso/dso_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_lib.c crypto/dso/dso_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_null.c crypto/dso/dso_null.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_win32.c crypto/dso/dso_win32.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_vms.c crypto/dso/dso_vms.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_gen.c crypto/dh/dh_gen.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_key.c crypto/dh/dh_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_lib.c crypto/dh/dh_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_check.c crypto/dh/dh_check.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_err.c crypto/dh/dh_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_depr.c crypto/dh/dh_depr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_lib.c crypto/ec/ec_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_mult.c crypto/ec/ec_mult.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_err.c crypto/ec/ec_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_curve.c crypto/ec/ec_curve.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_check.c crypto/ec/ec_check.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_print.c crypto/ec/ec_print.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_key.c crypto/ec/ec_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buffer.c crypto/buffer/buffer.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_str.c crypto/buffer/buf_str.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_err.c crypto/buffer/buf_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_lib.c crypto/bio/bio_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_cb.c crypto/bio/bio_cb.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_err.c crypto/bio/bio_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_mem.c crypto/bio/bss_mem.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_null.c crypto/bio/bss_null.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_fd.c crypto/bio/bss_fd.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_file.c crypto/bio/bss_file.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_null.c crypto/bio/bf_null.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_buff.c crypto/bio/bf_buff.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/b_dump.c crypto/bio/b_dump.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_log.c crypto/bio/bss_log.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_bio.c crypto/bio/bss_bio.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/stack/stack.c crypto/stack/stack.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lhash.c crypto/lhash/lhash.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/md_rand.c crypto/rand/md_rand.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/randfile.c crypto/rand/randfile.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_lib.c crypto/rand/rand_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_eng.c crypto/rand/rand_eng.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_err.c crypto/rand/rand_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_egd.c crypto/rand/rand_egd.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_win.c crypto/rand/rand_win.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_unix.c crypto/rand/rand_unix.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_os2.c crypto/rand/rand_os2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_nw.c crypto/rand/rand_nw.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err.c crypto/err/err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_def.c crypto/err/err_def.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_all.c crypto/err/err_all.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_prn.c crypto/err/err_prn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_str.c crypto/err/err_str.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_bio.c crypto/err/err_bio.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/o_names.c crypto/objects/o_names.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_dat.c crypto/objects/obj_dat.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_lib.c crypto/objects/obj_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_err.c crypto/objects/obj_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/encode.c crypto/evp/encode.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/digest.c crypto/evp/digest.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/dig_eng.c crypto/evp/dig_eng.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_enc.c crypto/evp/evp_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_key.c crypto/evp/evp_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des.c crypto/evp/e_des.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_bf.c crypto/evp/e_bf.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_idea.c crypto/evp/e_idea.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des3.c crypto/evp/e_des3.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc4.c crypto/evp/e_rc4.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_aes.c crypto/evp/e_aes.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/names.c crypto/evp/names.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc2.c crypto/evp/e_rc2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_cast.c crypto/evp/e_cast.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc5.c crypto/evp/e_rc5.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/enc_min.c crypto/evp/enc_min.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_null.c crypto/evp/m_null.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md2.c crypto/evp/m_md2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md4.c crypto/evp/m_md4.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md5.c crypto/evp/m_md5.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha.c crypto/evp/m_sha.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha1.c crypto/evp/m_sha1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss.c crypto/evp/m_dss.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss1.c crypto/evp/m_dss1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_open.c crypto/evp/p_open.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_seal.c crypto/evp/p_seal.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_sign.c crypto/evp/p_sign.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_verify.c crypto/evp/p_verify.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_lib.c crypto/evp/p_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_enc.c crypto/evp/p_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_dec.c crypto/evp/p_dec.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_md.c crypto/evp/bio_md.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_b64.c crypto/evp/bio_b64.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_enc.c crypto/evp/bio_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_err.c crypto/evp/evp_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_null.c crypto/evp/e_null.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_all.c crypto/evp/c_all.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_allc.c crypto/evp/c_allc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_alld.c crypto/evp/c_alld.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_lib.c crypto/evp/evp_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_ok.c crypto/evp/bio_ok.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_old.c crypto/evp/e_old.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_object.c crypto/asn1/a_object.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_time.c crypto/asn1/a_time.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_int.c crypto/asn1/a_int.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_octet.c crypto/asn1/a_octet.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_print.c crypto/asn1/a_print.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_type.c crypto/asn1/a_type.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_set.c crypto/asn1/a_set.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_dup.c crypto/asn1/a_dup.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_enum.c crypto/asn1/a_enum.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_sign.c crypto/asn1/a_sign.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_digest.c crypto/asn1/a_digest.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_verify.c crypto/asn1/a_verify.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strex.c crypto/asn1/a_strex.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_algor.c crypto/asn1/x_algor.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_val.c crypto/asn1/x_val.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_sig.c crypto/asn1/x_sig.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_req.c crypto/asn1/x_req.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_long.c crypto/asn1/x_long.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_name.c crypto/asn1/x_name.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_x509.c crypto/asn1/x_x509.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_crl.c crypto/asn1/x_crl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_info.c crypto/asn1/x_info.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_spki.c crypto/asn1/x_spki.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/nsseq.c crypto/asn1/nsseq.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_req.c crypto/asn1/t_req.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_x509.c crypto/asn1/t_x509.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_crl.c crypto/asn1/t_crl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_spki.c crypto/asn1/t_spki.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_int.c crypto/asn1/f_int.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_string.c crypto/asn1/f_string.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_enum.c crypto/asn1/f_enum.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bool.c crypto/asn1/a_bool.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_exten.c crypto/asn1/x_exten.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_meth.c crypto/asn1/a_meth.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_sign.c crypto/pem/pem_sign.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_seal.c crypto/pem/pem_seal.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_info.c crypto/pem/pem_info.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_lib.c crypto/pem/pem_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_all.c crypto/pem/pem_all.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_err.c crypto/pem/pem_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_x509.c crypto/pem/pem_x509.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_oth.c crypto/pem/pem_oth.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_def.c crypto/x509/x509_def.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_d2.c crypto/x509/x509_d2.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_obj.c crypto/x509/x509_obj.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_req.c crypto/x509/x509_req.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509spki.c crypto/x509/x509spki.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_set.c crypto/x509/x509_set.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509cset.c crypto/x509/x509cset.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509rset.c crypto/x509/x509rset.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_err.c crypto/x509/x509_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509name.c crypto/x509/x509name.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_v3.c crypto/x509/x509_v3.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_ext.c crypto/x509/x509_ext.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_att.c crypto/x509/x509_att.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509type.c crypto/x509/x509type.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_lu.c crypto/x509/x509_lu.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x_all.c crypto/x509/x_all.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_txt.c crypto/x509/x509_txt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_trs.c crypto/x509/x509_trs.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/by_file.c crypto/x509/by_file.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/by_dir.c crypto/x509/by_dir.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3err.c crypto/x509v3/v3err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_err.c crypto/conf/conf_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_lib.c crypto/conf/conf_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_api.c crypto/conf/conf_api.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_def.c crypto/conf/conf_def.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mod.c crypto/conf/conf_mod.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mall.c crypto/conf/conf_mall.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_sap.c crypto/conf/conf_sap.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_lib.c crypto/comp/comp_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_err.c crypto/comp/comp_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_rle.c crypto/comp/c_rle.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_zlib.c crypto/comp/c_zlib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_err.c crypto/engine/eng_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_lib.c crypto/engine/eng_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_list.c crypto/engine/eng_list.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_init.c crypto/engine/eng_init.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_table.c crypto/engine/eng_table.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_fat.c crypto/engine/eng_fat.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_all.c crypto/engine/eng_all.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_dh.c crypto/engine/tb_dh.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_rand.c crypto/engine/tb_rand.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_store.c crypto/engine/tb_store.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_digest.c crypto/engine/tb_digest.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_err.c crypto/ui/ui_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_lib.c crypto/ui/ui_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_util.c crypto/ui/ui_util.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_compat.c crypto/ui/ui_compat.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_err.c crypto/store/str_err.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_lib.c crypto/store/str_lib.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_meth.c crypto/store/str_meth.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_mem.c crypto/store/str_mem.c
++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c
++
++find . -name "*.[ch]" -exec chmod -x {} \;
+diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c
+index bb5f6d4..7b8bca5 100644
+--- a/Cryptlib/Pk/CryptAuthenticode.c
++++ b/Cryptlib/Pk/CryptAuthenticode.c
+@@ -146,8 +146,8 @@ AuthenticodeVerify (
+ //
+ // Long Form of Length Encoding, only support two bytes.
+ //
+- ContentSize = (UINTN) (*(SpcIndirectDataContent + 2));
+- ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3));
++ ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2));
++ ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 3));
+ //
+ // Skip the SEQUENCE Tag;
+ //
+--
+1.9.3
+
diff --git a/SOURCES/0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch b/SOURCES/0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch
new file mode 100644
index 0000000..9ebc9e2
--- /dev/null
+++ b/SOURCES/0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch
@@ -0,0 +1,30 @@
+From 14acaa4a3361403e06b284bf8e1e32ad9cec5457 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 27 Aug 2014 11:48:39 -0400
+Subject: [PATCH 51/74] Fix typo from Ard's old tree 32-bit ARM patch.
+
+We don't need to .data entries; the second one should be .data*. He's
+since fixed this in his tree, but I'd already pulled it and pushed to
+master.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ elf_arm_efi.lds | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/elf_arm_efi.lds b/elf_arm_efi.lds
+index fd1075d..c5dc298 100644
+--- a/elf_arm_efi.lds
++++ b/elf_arm_efi.lds
+@@ -19,7 +19,7 @@ SECTIONS
+ *(.sdata)
+ *(.data)
+ *(.data1)
+- *(.data)
++ *(.data*)
+ *(.got.plt)
+ *(.got)
+
+--
+1.9.3
+
diff --git a/SOURCES/0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch b/SOURCES/0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch
new file mode 100644
index 0000000..d2038fb
--- /dev/null
+++ b/SOURCES/0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch
@@ -0,0 +1,54 @@
+From 94c9a77f6504170a6bd38b0aa29039208987650e Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Wed, 13 Aug 2014 13:35:38 +0200
+Subject: [PATCH 52/74] Handle empty .reloc section in PE/COFF loader
+
+On archs where no EFI aware objcopy is available, the generated PE/COFF
+header contains a .reloc section which is completely empty. Handle this by
+- returning early from relocate_coff() with EFI_SUCCESS,
+- ignoring discardable sections in the section loader.
+
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+---
+ shim.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index ea8eba8..1329212 100644
+--- a/shim.c
++++ b/shim.c
+@@ -145,6 +145,9 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ return EFI_UNSUPPORTED;
+ }
+
++ if (!context->RelocDir->Size)
++ return EFI_SUCCESS;
++
+ RelocBase = ImageAddress(data, size, context->RelocDir->VirtualAddress);
+ RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1);
+
+@@ -996,7 +999,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ * Copy the executable's sections to their desired offsets
+ */
+ Section = context.FirstSection;
+- for (i = 0; i < context.NumberOfSections; i++) {
++ for (i = 0; i < context.NumberOfSections; i++, Section++) {
++ if (Section->Characteristics & 0x02000000)
++ /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */
++ continue;
++
+ size = Section->Misc.VirtualSize;
+
+ if (size > Section->SizeOfRawData)
+@@ -1021,8 +1028,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+
+ if (size < Section->Misc.VirtualSize)
+ ZeroMem (base + size, Section->Misc.VirtualSize - size);
+-
+- Section += 1;
+ }
+
+ /*
+--
+1.9.3
+
diff --git a/SOURCES/0053-Don-t-name-something-exit.patch b/SOURCES/0053-Don-t-name-something-exit.patch
new file mode 100644
index 0000000..d7dd5e5
--- /dev/null
+++ b/SOURCES/0053-Don-t-name-something-exit.patch
@@ -0,0 +1,37 @@
+From 32f10548cdf1919103654ab65601c8b15c3976a1 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 27 Aug 2014 13:26:23 -0400
+Subject: [PATCH 53/74] Don't name something exit().
+
+On aarch64 due to some terrifying include chain we wind up with
+Cryptlib's definition of exit here. I'm not a glutton for punishment,
+so I'm just changing the name so it's not coliding.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ replacements.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/replacements.c b/replacements.c
+index 5dfa355..f7623d9 100644
+--- a/replacements.c
++++ b/replacements.c
+@@ -162,7 +162,7 @@ exit_boot_services(EFI_HANDLE image_key, UINTN map_key)
+ }
+
+ static EFI_STATUS EFIAPI
+-exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus,
++do_exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus,
+ UINTN ExitDataSize, CHAR16 *ExitData)
+ {
+ EFI_STATUS status;
+@@ -206,5 +206,5 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab)
+ * bootloader and still e.g. start a new one or run an internal
+ * shell. */
+ system_exit = systab->BootServices->Exit;
+- systab->BootServices->Exit = exit;
++ systab->BootServices->Exit = do_exit;
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch b/SOURCES/0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch
new file mode 100644
index 0000000..c807b9c
--- /dev/null
+++ b/SOURCES/0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch
@@ -0,0 +1,68 @@
+From fa2a35ce78b3dc4e9b29f47a9ebc675a97a9a7c7 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 27 Aug 2014 16:39:51 -0400
+Subject: [PATCH 54/74] Make sure we don't try to load a binary from a
+ different arch.
+
+Since in theory you could, for example, get an x86_64 binary signed that
+also behaves as an ARM executable, we should be checking this before
+people build on other architectures.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ include/PeImage.h | 1 +
+ shim.c | 19 +++++++++++++++++++
+ 2 files changed, 20 insertions(+)
+
+diff --git a/include/PeImage.h b/include/PeImage.h
+index ec13404..133e11e 100644
+--- a/include/PeImage.h
++++ b/include/PeImage.h
+@@ -49,6 +49,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+ #define IMAGE_FILE_MACHINE_EBC 0x0EBC
+ #define IMAGE_FILE_MACHINE_X64 0x8664
+ #define IMAGE_FILE_MACHINE_ARMTHUMB_MIXED 0x01c2
++#define IMAGE_FILE_MACHINE_ARM64 0xaa64
+
+ //
+ // EXE file formats
+diff --git a/shim.c b/shim.c
+index 1329212..1ec1e11 100644
+--- a/shim.c
++++ b/shim.c
+@@ -947,6 +947,20 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+ return EFI_SUCCESS;
+ }
+
++static const UINT16 machine_type =
++#if defined(__x86_64__)
++ IMAGE_FILE_MACHINE_X64;
++#elif defined(__aarch64__)
++ IMAGE_FILE_MACHINE_ARM64;
++#elif defined(__arm__)
++ IMAGE_FILE_MACHINE_ARMTHUMB_MIXED;
++#elif defined(__i386__) || defined(__i486__) || defined(__i686__)
++ IMAGE_FILE_MACHINE_I386;
++#elif defined(__ia64__)
++ IMAGE_FILE_MACHINE_IA64;
++#else
++#error this architecture is not supported by shim
++#endif
+
+ /*
+ * Once the image has been loaded it needs to be validated and relocated
+@@ -971,6 +985,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ return efi_status;
+ }
+
++ if (context.PEHdr->Pe32.FileHeader.Machine != machine_type) {
++ perror(L"Image is for a different architecture\n");
++ return EFI_UNSUPPORTED;
++ }
++
+ /*
+ * We only need to verify the binary if we're in secure mode
+ */
+--
+1.9.3
+
diff --git a/SOURCES/0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch b/SOURCES/0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch
new file mode 100644
index 0000000..82ec5df
--- /dev/null
+++ b/SOURCES/0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch
@@ -0,0 +1,140 @@
+From a7249a65aff174d2a51d6a7bf77dbbf58744a170 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 18 Sep 2014 18:34:38 -0400
+Subject: [PATCH 55/74] Actually refer to the base relocation table of our
+ loaded image.
+
+Currently when we process base relocations, we get the correct Data
+Directory pointer from the headers (context->RelocDir), and that header
+has been copied into our pristine allocated image when we copied up to
+SizeOfHeaders. But the data it points to has not been mirrored in to
+the new image, so it is whatever data AllocPool() gave us.
+
+This patch changes relocate_coff() to refer to the base relocation table
+from the image we loaded from disk, but apply the fixups to the new
+copy.
+
+I have no idea how x86_64 worked without this, but I can't make aarch64
+work without it. I also don't know how Ard or Leif have seen aarch64
+work. Maybe they haven't? Leif indicated on irc that they may have
+only tested shim with simple "hello world" applications from gnu-efi;
+they are certainly much less complex than grub.efi, and are generated
+through a different linking process.
+
+My only theory is that we're getting recycled data there pretty reliably
+that just makes us /not/ process any relocations, but since our
+ImageBase is 0, and I don't think we ever load grub with 0 as its base
+virtual address, that doesn't follow. I'm open to any other ideas
+anybody has.
+
+I do know that on x86_64 (and presumably aarch64 as well), we don't
+actually start seeing *symptoms* of this bug until the first chunk[0] of
+94c9a77f is applied[1]. Once that is applied, relocate_coff() starts
+seeing zero[2] for both RelocBase->VirtualAddress and
+RelocBase->SizeOfBlock, because RelocBase is a (generated, relative)
+pointer that only makes sense in the context of the original binary, not
+our partial copy. Since RelocBase->SizeOfBlock is tested first,
+relocate_base() gives us "Reloc block size is invalid"[3] and returns
+EFI_UNSUPPORTED. At that point shim exits with an error.
+
+[0] The second chunk of 94c9a77f patch makes no difference on this
+ issue.
+[1] I don't see why at all.
+[2] Which could really be any value since it's AllocatePool() and not
+ AllocateZeroPool() results, but 0 is all I've observed; I think
+ AllocatePool() has simply never recycled any memory in my test
+ cases.
+[3] which is silent because perror() tries to avoid talking because that
+ has caused much crashing in the past; work needs to go in to 0.9 for
+ this.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ shim.c | 42 +++++++++++++++++++++---------------------
+ 1 file changed, 21 insertions(+), 21 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index 1ec1e11..4b4d31a 100644
+--- a/shim.c
++++ b/shim.c
+@@ -122,7 +122,7 @@ static void *ImageAddress (void *image, unsigned int size, unsigned int address)
+ * Perform the actual relocation
+ */
+ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+- void *data)
++ void *orig, void *data)
+ {
+ EFI_IMAGE_BASE_RELOCATION *RelocBase, *RelocBaseEnd;
+ UINT64 Adjust;
+@@ -132,7 +132,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ UINT32 *Fixup32;
+ UINT64 *Fixup64;
+ int size = context->ImageSize;
+- void *ImageEnd = (char *)data + size;
++ void *ImageEnd = (char *)orig + size;
+
+ #if __LP64__
+ context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data;
+@@ -140,16 +140,8 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)data;
+ #endif
+
+- if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) {
+- perror(L"Image has no relocation entry\n");
+- return EFI_UNSUPPORTED;
+- }
+-
+- if (!context->RelocDir->Size)
+- return EFI_SUCCESS;
+-
+- RelocBase = ImageAddress(data, size, context->RelocDir->VirtualAddress);
+- RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1);
++ RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress);
++ RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1);
+
+ if (!RelocBase || !RelocBaseEnd) {
+ perror(L"Reloc table overflows binary\n");
+@@ -170,7 +162,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ }
+
+ RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock);
+- if ((void *)RelocEnd < data || (void *)RelocEnd > ImageEnd) {
++ if ((void *)RelocEnd < orig || (void *)RelocEnd > ImageEnd) {
+ perror(L"Reloc entry overflows binary\n");
+ return EFI_UNSUPPORTED;
+ }
+@@ -1049,15 +1041,23 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ ZeroMem (base + size, Section->Misc.VirtualSize - size);
+ }
+
+- /*
+- * Run the relocation fixups
+- */
+- efi_status = relocate_coff(&context, buffer);
+-
+- if (efi_status != EFI_SUCCESS) {
+- perror(L"Relocation failed: %r\n", efi_status);
++ if (context.NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) {
++ perror(L"Image has no relocation entry\n");
+ FreePool(buffer);
+- return efi_status;
++ return EFI_UNSUPPORTED;
++ }
++
++ if (context.RelocDir->Size) {
++ /*
++ * Run the relocation fixups
++ */
++ efi_status = relocate_coff(&context, data, buffer);
++
++ if (efi_status != EFI_SUCCESS) {
++ perror(L"Relocation failed: %r\n", efi_status);
++ FreePool(buffer);
++ return efi_status;
++ }
+ }
+
+ entry_point = ImageAddress(buffer, context.ImageSize, context.EntryPoint);
+--
+1.9.3
+
diff --git a/SOURCES/0056-Make-64-on-32-maybe-work-on-x86_64.patch b/SOURCES/0056-Make-64-on-32-maybe-work-on-x86_64.patch
new file mode 100644
index 0000000..97ad998
--- /dev/null
+++ b/SOURCES/0056-Make-64-on-32-maybe-work-on-x86_64.patch
@@ -0,0 +1,331 @@
+From 750584c207757688cbab47f51a18a33c3e36fb8b Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 19 Sep 2014 11:37:35 -0400
+Subject: [PATCH 56/74] Make 64-on-32 maybe work on x86_64.
+
+This is mostly based on a patch (https://github.com/mjg59/shim/issues/30)
+from https://github.com/TBOpen , which refactors our __LP64__
+tests to be tests of the header magic instead. I've simplified things
+by using what we've pre-loaded into "context" and making some helper
+functions so the conditionals in most of the code say what they do,
+instead of how they work.
+
+Note that we're only allowing that from in_protocol's loader - that is,
+we'll let 64-bit grub load a 32-bit kernel or 32-bit grub load a 64-bit
+kernel, but 32-bit shim isn't loading a 64-bit grub.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ shim.c | 220 ++++++++++++++++++++++++++++++++++++++++++++---------------------
+ 1 file changed, 148 insertions(+), 72 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index 4b4d31a..c1b5c17 100644
+--- a/shim.c
++++ b/shim.c
+@@ -118,6 +118,106 @@ static void *ImageAddress (void *image, unsigned int size, unsigned int address)
+ return image + address;
+ }
+
++/* here's a chart:
++ * i686 x86_64 aarch64
++ * 64-on-64: nyet yes yes
++ * 64-on-32: nyet yes nyet
++ * 32-on-32: yes yes no
++ */
++static int
++allow_64_bit(void)
++{
++#if defined(__x86_64__) || defined(__aarch64__)
++ return 1;
++#elif defined(__i386__) || defined(__i686__)
++ /* Right now blindly assuming the kernel will correctly detect this
++ * and /halt the system/ if you're not really on a 64-bit cpu */
++ if (in_protocol)
++ return 1;
++ return 0;
++#else /* assuming everything else is 32-bit... */
++ return 0;
++#endif
++}
++
++static int
++allow_32_bit(void)
++{
++#if defined(__x86_64__)
++#if defined(ALLOW_32BIT_KERNEL_ON_X64)
++ if (in_protocol)
++ return 1;
++ return 0;
++#else
++ return 0;
++#endif
++#elif defined(__i386__) || defined(__i686__)
++ return 1;
++#elif defined(__arch64__)
++ return 0;
++#else /* assuming everything else is 32-bit... */
++ return 1;
++#endif
++}
++
++static int
++image_is_64_bit(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr)
++{
++ /* .Magic is the same offset in all cases */
++ if (PEHdr->Pe32Plus.OptionalHeader.Magic
++ == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC)
++ return 1;
++ return 0;
++}
++
++static const UINT16 machine_type =
++#if defined(__x86_64__)
++ IMAGE_FILE_MACHINE_X64;
++#elif defined(__aarch64__)
++ IMAGE_FILE_MACHINE_ARM64;
++#elif defined(__arm__)
++ IMAGE_FILE_MACHINE_ARMTHUMB_MIXED;
++#elif defined(__i386__) || defined(__i486__) || defined(__i686__)
++ IMAGE_FILE_MACHINE_I386;
++#elif defined(__ia64__)
++ IMAGE_FILE_MACHINE_IA64;
++#else
++#error this architecture is not supported by shim
++#endif
++
++static int
++image_is_loadable(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr)
++{
++ /* If the machine type doesn't match the binary, bail, unless
++ * we're in an allowed 64-on-32 scenario */
++ if (PEHdr->Pe32.FileHeader.Machine != machine_type) {
++ if (!(machine_type == IMAGE_FILE_MACHINE_I386 &&
++ PEHdr->Pe32.FileHeader.Machine == IMAGE_FILE_MACHINE_X64 &&
++ allow_64_bit())) {
++ return 0;
++ }
++ }
++
++ /* If it's not a header type we recognize at all, bail */
++ switch (PEHdr->Pe32Plus.OptionalHeader.Magic) {
++ case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC:
++ case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC:
++ break;
++ default:
++ return 0;
++ }
++
++ /* and now just check for general 64-vs-32 compatibility */
++ if (image_is_64_bit(PEHdr)) {
++ if (allow_64_bit())
++ return 1;
++ } else {
++ if (allow_32_bit())
++ return 1;
++ }
++ return 0;
++}
++
+ /*
+ * Perform the actual relocation
+ */
+@@ -134,11 +234,10 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ int size = context->ImageSize;
+ void *ImageEnd = (char *)orig + size;
+
+-#if __LP64__
+- context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data;
+-#else
+- context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)data;
+-#endif
++ if (image_is_64_bit(context->PEHdr))
++ context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)(unsigned long)data;
++ else
++ context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)(unsigned long)data;
+
+ RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress);
+ RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1);
+@@ -157,7 +256,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION));
+
+ if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) {
+- perror(L"Reloc block size is invalid\n");
++ perror(L"Reloc block size %d is invalid\n", RelocBase->SizeOfBlock);
+ return EFI_UNSUPPORTED;
+ }
+
+@@ -498,7 +597,7 @@ static BOOLEAN secure_mode (void)
+ * Calculate the SHA1 and SHA256 hashes of a binary
+ */
+
+-static EFI_STATUS generate_hash (char *data, int datasize_in,
++static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
+ PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ UINT8 *sha256hash, UINT8 *sha1hash)
+
+@@ -572,15 +671,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+ }
+
+ /* Hash end of certificate table to end of image header */
+-#if __LP64__
+- hashbase = (char *) &context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
+- hashsize = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders -
+- (int) ((char *) (&context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data);
+-#else
+- hashbase = (char *) &context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
+- hashsize = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders -
+- (int) ((char *) (&context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data);
+-#endif
++ EFI_IMAGE_DATA_DIRECTORY *dd = context->SecDir + 1;
++ hashbase = (char *)dd;
++ hashsize = context->SizeOfHeaders - (unsigned long)((char *)dd - data);
++ if (hashsize > datasize_in) {
++ perror(L"Data Directory size %d is invalid\n", hashsize);
++ status = EFI_INVALID_PARAMETER;
++ goto done;
++ }
+
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+ !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+@@ -590,11 +688,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+ }
+
+ /* Sort sections */
+-#if __LP64__
+- SumOfBytesHashed = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders;
+-#else
+- SumOfBytesHashed = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders;
+-#endif
++ SumOfBytesHashed = context->SizeOfHeaders;
+
+ /* Validate section locations and sizes */
+ for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) {
+@@ -682,14 +776,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,
+ /* Hash all remaining data */
+ if (datasize > SumOfBytesHashed) {
+ hashbase = data + SumOfBytesHashed;
+- hashsize = (unsigned int)(
+- datasize -
+-#if __LP64__
+- context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
+-#else
+- context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
+-#endif
+- SumOfBytesHashed);
++ hashsize = datasize - context->SecDir->Size - SumOfBytesHashed;
+
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+ !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+@@ -843,24 +930,31 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+ EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr = data;
+ unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize;
+
+- if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) {
++ if (datasize < sizeof (PEHdr->Pe32)) {
+ perror(L"Invalid image\n");
+ return EFI_UNSUPPORTED;
+ }
+
+ if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE)
+ PEHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)((char *)data + DosHdr->e_lfanew);
+-#if __LP64__
+- context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes;
+- context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders;
+- context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage;
+- OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64);
+-#else
+- context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes;
+- context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders;
+- context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage;
+- OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32);
+-#endif
++
++ if (!image_is_loadable(PEHdr)) {
++ perror(L"Platform does not support this image\n");
++ return EFI_UNSUPPORTED;
++ }
++
++ if (image_is_64_bit(PEHdr)) {
++ context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes;
++ context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders;
++ context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage;
++ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64);
++ } else {
++ context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes;
++ context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders;
++ context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage;
++ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32);
++ }
++
+ context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections;
+
+ if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) {
+@@ -908,17 +1002,19 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+ }
+
+ context->PEHdr = PEHdr;
+-#if __LP64__
+- context->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase;
+- context->EntryPoint = PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint;
+- context->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC];
+- context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
+-#else
+- context->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase;
+- context->EntryPoint = PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint;
+- context->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC];
+- context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
+-#endif
++
++ if (image_is_64_bit(PEHdr)) {
++ context->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase;
++ context->EntryPoint = PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint;
++ context->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC];
++ context->SecDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
++ } else {
++ context->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase;
++ context->EntryPoint = PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint;
++ context->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC];
++ context->SecDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
++ }
++
+ context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER));
+
+ if (context->ImageSize < context->SizeOfHeaders) {
+@@ -939,21 +1035,6 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
+ return EFI_SUCCESS;
+ }
+
+-static const UINT16 machine_type =
+-#if defined(__x86_64__)
+- IMAGE_FILE_MACHINE_X64;
+-#elif defined(__aarch64__)
+- IMAGE_FILE_MACHINE_ARM64;
+-#elif defined(__arm__)
+- IMAGE_FILE_MACHINE_ARMTHUMB_MIXED;
+-#elif defined(__i386__) || defined(__i486__) || defined(__i686__)
+- IMAGE_FILE_MACHINE_I386;
+-#elif defined(__ia64__)
+- IMAGE_FILE_MACHINE_IA64;
+-#else
+-#error this architecture is not supported by shim
+-#endif
+-
+ /*
+ * Once the image has been loaded it needs to be validated and relocated
+ */
+@@ -977,11 +1058,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ return efi_status;
+ }
+
+- if (context.PEHdr->Pe32.FileHeader.Machine != machine_type) {
+- perror(L"Image is for a different architecture\n");
+- return EFI_UNSUPPORTED;
+- }
+-
+ /*
+ * We only need to verify the binary if we're in secure mode
+ */
+--
+1.9.3
+
diff --git a/SOURCES/0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch b/SOURCES/0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch
new file mode 100644
index 0000000..1ad40eb
--- /dev/null
+++ b/SOURCES/0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch
@@ -0,0 +1,84 @@
+From f04d50b74770f5c7f7e0a1c3c24b7713fbec0802 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sat, 20 Sep 2014 16:47:08 -0400
+Subject: [PATCH 57/74] Validate computed hash bases/hash sizes more
+ thoroughly.
+
+I screwed one of these up when working on 750584c, and it's a real pain
+to figure out, so that means we should be validating them.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ shim.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/shim.c b/shim.c
+index c1b5c17..cfa90d1 100644
+--- a/shim.c
++++ b/shim.c
+@@ -593,6 +593,22 @@ static BOOLEAN secure_mode (void)
+ return TRUE;
+ }
+
++#define check_size_line(data, datasize_in, hashbase, hashsize, l) ({ \
++ if ((unsigned long)hashbase > \
++ (unsigned long)data + datasize_in) { \
++ perror(L"shim.c:%d Invalid hash base 0x%016x\n", l, \
++ hashbase); \
++ goto done; \
++ } \
++ if ((unsigned long)hashbase + hashsize > \
++ (unsigned long)data + datasize_in) { \
++ perror(L"shim.c:%d Invalid hash size 0x%016x\n", l, \
++ hashsize); \
++ goto done; \
++ } \
++})
++#define check_size(d,ds,h,hs) check_size_line(d,ds,h,hs,__LINE__)
++
+ /*
+ * Calculate the SHA1 and SHA256 hashes of a binary
+ */
+@@ -650,6 +666,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
+ hashbase = data;
+ hashsize = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum -
+ hashbase;
++ check_size(data, datasize_in, hashbase, hashsize);
+
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+ !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+@@ -662,6 +679,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
+ hashbase = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum +
+ sizeof (int);
+ hashsize = (char *)context->SecDir - hashbase;
++ check_size(data, datasize_in, hashbase, hashsize);
+
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+ !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+@@ -679,6 +697,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
+ status = EFI_INVALID_PARAMETER;
+ goto done;
+ }
++ check_size(data, datasize_in, hashbase, hashsize);
+
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+ !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+@@ -763,6 +782,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
+ goto done;
+ }
+ hashsize = (unsigned int) Section->SizeOfRawData;
++ check_size(data, datasize_in, hashbase, hashsize);
+
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+ !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+@@ -777,6 +797,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
+ if (datasize > SumOfBytesHashed) {
+ hashbase = data + SumOfBytesHashed;
+ hashsize = datasize - context->SecDir->Size - SumOfBytesHashed;
++ check_size(data, datasize_in, hashbase, hashsize);
+
+ if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
+ !(Sha1Update(sha1ctx, hashbase, hashsize))) {
+--
+1.9.3
+
diff --git a/SOURCES/0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch b/SOURCES/0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch
new file mode 100644
index 0000000..8b1f939
--- /dev/null
+++ b/SOURCES/0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch
@@ -0,0 +1,47 @@
+From 3d1cdbc4e3815dd8e489b8a9c95e945b67d3a045 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 19 Sep 2014 11:48:56 -0400
+Subject: [PATCH 58/74] Don't call AuthenticodeVerify if vendor_cert_size is 0.
+
+Actually check the size of our vendor cert quite early, so that there's
+no confusion as to what's going on.
+
+This isn't strictly necessary, in that in all cases if vendor_cert_size
+is 0, then AuthenticodeVerify -> Pkcs7Verify() -> d2i_X509() will result
+in a NULL "Cert", and it will return FALSE, and we'll reject the
+signature, but better to avoid all that code in the first place. Belt
+and suspenders and whatnot.
+
+Based on a patch from https://github.com/TBOpen .
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ shim.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index cfa90d1..caa05d8 100644
+--- a/shim.c
++++ b/shim.c
+@@ -923,14 +923,13 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
+ return status;
+ }
+
+-
+ /*
+ * And finally, check against shim's built-in key
+ */
+- if (AuthenticodeVerify(cert->CertData,
+- context->SecDir->Size - sizeof(cert->Hdr),
+- vendor_cert, vendor_cert_size, sha256hash,
+- SHA256_DIGEST_SIZE)) {
++ if (vendor_cert_size && AuthenticodeVerify(cert->CertData,
++ context->SecDir->Size - sizeof(cert->Hdr),
++ vendor_cert, vendor_cert_size, sha256hash,
++ SHA256_DIGEST_SIZE)) {
+ status = EFI_SUCCESS;
+ return status;
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0059-Fix-our-in_protocol-printing.patch b/SOURCES/0059-Fix-our-in_protocol-printing.patch
new file mode 100644
index 0000000..6895765
--- /dev/null
+++ b/SOURCES/0059-Fix-our-in_protocol-printing.patch
@@ -0,0 +1,30 @@
+From eb72a4c3a1be9a10512886d2c95f9c015b77e15f Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 19 Sep 2014 16:46:01 -0400
+Subject: [PATCH 59/74] Fix our "in_protocol" printing.
+
+When I merged 4bfb13d and fixed the conflicts, I managed to make the
+in_protocol test exactly backwards, so that's why we don't currently see
+error messages.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ shim.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/shim.c b/shim.c
+index caa05d8..7cd4182 100644
+--- a/shim.c
++++ b/shim.c
+@@ -63,7 +63,7 @@ static UINT8 in_protocol;
+
+ #define perror(fmt, ...) ({ \
+ UINTN __perror_ret = 0; \
+- if (in_protocol) \
++ if (!in_protocol) \
+ __perror_ret = Print((fmt), ##__VA_ARGS__); \
+ __perror_ret; \
+ })
+--
+1.9.3
+
diff --git a/SOURCES/0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch b/SOURCES/0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch
new file mode 100644
index 0000000..cef43e7
--- /dev/null
+++ b/SOURCES/0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch
@@ -0,0 +1,417 @@
+From 0e7ba5947eb38b79de2051ecf3b95055e620475c Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sat, 20 Sep 2014 14:03:03 -0400
+Subject: [PATCH 60/74] Generate a sane PE header on shim, fallback, and
+ MokManager.
+
+It turns out a7249a65 was masking a second problem - on some binaries,
+when we actually don't have any base relocations at all, binutils'
+"objcopy --target efi-app-x86_64" is generating a PE header with a base
+relocations pointer that happily points into the middle of our text
+section. So with shim processing base relocations correctly, it refuses
+to load those binaries.
+
+For example, on one binary I just built:
+
+00000130 00 a0 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 |................|
+
+which says there's a Base Relocation Table at 0xa000 that's 0xa bytes long.
+That's here:
+
+0000a000 58 00 29 00 00 00 00 00 48 00 44 00 28 00 50 00 |X.).....H.D.(.P.|
+0000a010 61 00 72 00 74 00 25 00 64 00 2c 00 53 00 69 00 |a.r.t.%.d.,.S.i.|
+0000a020 67 00 25 00 67 00 29 00 00 00 00 00 00 00 00 00 |g.%.g.).........|
+0000a030 48 00 44 00 28 00 50 00 61 00 72 00 74 00 25 00 |H.D.(.P.a.r.t.%.|
+
+So the table is:
+
+0000a000 58 00 29 00 00 00 00 00 48 00 |X.).....H. |
+
+That wouldn't be so bad, except those binaries are MokManager.efi,
+fallback.efi, and shim.efi, and sometimes they're .reloc, which we're
+actually trying to handle correctly now because grub builds with a real
+and valid .reloc table. So though I didn't think there was any hair
+left on this yak, more shaving ensues.
+
+With this change, instead of letting objcopy do whatever it likes, we
+switch to "-O binary" and merely link in a header that's appropriate for
+our binaries. This is the same method Ard wrote for aarch64, and it
+seems to work fine in either place (modulo some minor changes.)
+
+At some point this should be merged into gnu-efi instead of carrying our
+own crt0-efi-x86_64.S, but that's a less immediate problem.
+
+I did not need this problem.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ Makefile | 24 ++++++--
+ crt0-efi-x86_64.S | 177 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ elf_x86_64_efi.lds | 85 +++++++++++++------------
+ 3 files changed, 236 insertions(+), 50 deletions(-)
+ create mode 100644 crt0-efi-x86_64.S
+
+diff --git a/Makefile b/Makefile
+index 5bc513c..d5fd55b 100644
+--- a/Makefile
++++ b/Makefile
+@@ -15,7 +15,10 @@ EFI_PATH := /usr/lib64/gnuefi
+ LIB_GCC = $(shell $(CC) -print-libgcc-file-name)
+ EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
+
+-EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o
++ifeq ($(ARCH),x86_64)
++EFI_CRT_OBJS := crt0-efi-$(ARCH).o
++endif
++EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o
+ EFI_LDS = elf_$(ARCH)_efi.lds
+
+ DEFAULT_LOADER := \\\\grub.efi
+@@ -52,11 +55,11 @@ ifneq ($(origin VENDOR_DBX_FILE), undefined)
+ CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\"
+ endif
+
+-LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS)
++LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL
+
+ VERSION = 0.7
+
+-TARGET = shim.efi MokManager.efi.signed fallback.efi.signed
++TARGET += shim.efi MokManager.efi.signed fallback.efi.signed
+ OBJS = shim.o netboot.o cert.o replacements.o version.o
+ KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
+ SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h
+@@ -94,17 +97,17 @@ shim.o: $(SOURCES) shim_cert.h
+ cert.o : cert.S
+ $(CC) $(CFLAGS) -c -o $@ $<
+
+-shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
++shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS)
+ $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
+
+ fallback.o: $(FALLBACK_SRCS)
+
+-fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
++fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS)
+ $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
+
+ MokManager.o: $(MOK_SOURCES)
+
+-MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
++MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS)
+ $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
+
+ Cryptlib/libcryptlib.a:
+@@ -128,8 +131,17 @@ SUBSYSTEM := 0xa
+ LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
+ endif
+
++ifeq ($(ARCH),x86_64)
++FORMAT := -O binary
++SUBSYSTEM := 0xa
++LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
++endif
++
+ FORMAT ?= --target efi-app-$(ARCH)
+
++crt0-efi-x86_64.o : crt0-efi-x86_64.S
++ $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $<
++
+ %.efi: %.so
+ $(OBJCOPY) -j .text -j .sdata -j .data \
+ -j .dynamic -j .dynsym -j .rel* \
+diff --git a/crt0-efi-x86_64.S b/crt0-efi-x86_64.S
+new file mode 100644
+index 0000000..f334a63
+--- /dev/null
++++ b/crt0-efi-x86_64.S
+@@ -0,0 +1,177 @@
++/* crt0-efi-x86_64.S - x86_64 EFI startup code.
++ *
++ * Copyright 2014 Red Hat, Inc. <pjones@redhat.com>
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the
++ * distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
++ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++ .section .text.head
++
++ /*
++ * Magic "MZ" signature for PE/COFF
++ */
++ .globl ImageBase
++ImageBase:
++ .ascii "MZ"
++ .skip 58 // 'MZ' + pad + offset == 64
++ .long pe_header - ImageBase // Offset to the PE header.
++ .long 0x0eba1f0e /* terrifying code */
++ .long 0xcd09b400 /* terrifying code */
++ .long 0x4c01b821 /* terrifying code */
++ .short 0x21cd /* terrfiying code */
++ .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */
++ .skip 9
++pe_header:
++ .ascii "PE"
++ .short 0
++coff_header:
++ .short 0x8664 // x86_64
++ .short 1 // nr_sections
++ .long 0 // TimeDateStamp
++ .long 0 // PointerToSymbolTable
++ .long 0 // NumberOfSymbols
++ .short section_table - optional_header // SizeOfOptionalHeader
++ .short 0x206 // Characteristics.
++ // IMAGE_FILE_DEBUG_STRIPPED |
++ // IMAGE_FILE_EXECUTABLE_IMAGE |
++ // IMAGE_FILE_LINE_NUMS_STRIPPED
++optional_header:
++ .short 0x20b // PE32+ format
++ .byte 0x02 // MajorLinkerVersion
++ .byte 0x18 // MinorLinkerVersion
++ .long _edata - _start // SizeOfCode
++ .long 0 // SizeOfInitializedData
++ .long 0 // SizeOfUninitializedData
++ .long _start - ImageBase // AddressOfEntryPoint
++ .long _start - ImageBase // BaseOfCode
++
++extra_header_fields:
++ .quad 0 // ImageBase
++ .long 0x20 // SectionAlignment
++ .long 0x8 // FileAlignment
++ .short 0 // MajorOperatingSystemVersion
++ .short 0 // MinorOperatingSystemVersion
++ .short 0 // MajorImageVersion
++ .short 0 // MinorImageVersion
++ .short 0 // MajorSubsystemVersion
++ .short 0 // MinorSubsystemVersion
++ .long 0 // Win32VersionValue
++
++ .long _edata - ImageBase // SizeOfImage
++
++ // Everything before the kernel image is considered part of the header
++ .long _start - ImageBase // SizeOfHeaders
++ .long 0 // CheckSum
++ .short EFI_SUBSYSTEM // Subsystem
++ .short 0 // DllCharacteristics
++ .quad 0 // SizeOfStackReserve
++ .quad 0 // SizeOfStackCommit
++ .quad 0 // SizeOfHeapReserve
++ .quad 0 // SizeOfHeapCommit
++ .long 0 // LoaderFlags
++ .long 0x10 // NumberOfRvaAndSizes
++
++ .quad 0 // ExportTable
++ .quad 0 // ImportTable
++ .quad 0 // ResourceTable
++ .quad 0 // ExceptionTable
++ .quad 0 // CertificationTable
++ .quad 0 // BaseRelocationTable
++ .quad 0 // DebugTable
++ .quad 0 // ArchTable
++ .quad 0 // GlobalPointerTable
++ .quad 0 // .tls
++ .quad 0 // LoadConfigTable
++ .quad 0 // BoundImportsTable
++ .quad 0 // ImportAddressTable
++ .quad 0 // DelayLoadImportTable
++ .quad 0 // ClrRuntimeHeader (.cor)
++ .quad 0 // Reserved
++
++ // Section table
++section_table:
++ .ascii ".text"
++ .byte 0
++ .byte 0
++ .byte 0 // end of 0 padding of section name
++
++ .long _edata - _start // VirtualSize
++ .long _start - ImageBase // VirtualAddress
++ .long _edata - _start // SizeOfRawData
++ .long _start - ImageBase // PointerToRawData
++ .long 0 // PointerToRelocations (0 for executables)
++ .long 0 // PointerToLineNumbers (0 for executables)
++ .short 0 // NumberOfRelocations (0 for executables)
++ .short 0 // NumberOfLineNumbers (0 for executables)
++ .long 0x60500020 // Characteristics (section flags)
++
++ /*
++ * The EFI application loader requires a relocation section
++ * because EFI applications must be relocatable. This is a
++ * dummy section as far as we are concerned.
++ */
++ .ascii ".reloc"
++ .byte 0
++ .byte 0 // end of 0 padding of section name
++
++ .long 0 // VirtualSize
++ .long 0 // VirtualAddress
++ .long 0 // SizeOfRawData
++ .long 0 // PointerToRawData
++ .long 0 // PointerToRelocations
++ .long 0 // PointerToLineNumbers
++ .short 0 // NumberOfRelocations
++ .short 0 // NumberOfLineNumbers
++ .long 0x42100040 // Characteristics (section flags)
++
++ /* x86-64 needs this padding here; without it, some machines simply
++ * refuse to admit this is an EFI binary. I'm not really sure why;
++ * reading the spec, it's unclear, but you'd expect it would need to
++ * be aligned to (1 << FileAlignment), which would mean not having
++ * the spacing.
++ */
++ .quad 0
++_start:
++ subq $8, %rsp
++ pushq %rcx
++ pushq %rdx
++
++0:
++ lea ImageBase(%rip), %rdi
++ lea _DYNAMIC(%rip), %rsi
++
++ popq %rcx
++ popq %rdx
++ pushq %rcx
++ pushq %rdx
++ call _relocate
++
++ popq %rdi
++ popq %rsi
++
++ call efi_main
++ addq $8, %rsp
++
++.exit:
++ ret
+diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds
+index f981102..091187b 100644
+--- a/elf_x86_64_efi.lds
++++ b/elf_x86_64_efi.lds
+@@ -4,63 +4,60 @@ OUTPUT_ARCH(i386:x86-64)
+ ENTRY(_start)
+ SECTIONS
+ {
+- . = 0;
+- ImageBase = .;
+- .hash : { *(.hash) } /* this MUST come first! */
+- . = ALIGN(4096);
+- .eh_frame :
+- {
+- *(.eh_frame)
+- }
+- . = ALIGN(4096);
+- .text :
+- {
+- *(.text)
+- }
+- . = ALIGN(4096);
+- .reloc :
+- {
+- *(.reloc)
++ .text 0x0 : {
++ *(.text.head)
++ *(.text)
++ *(.text.*)
++ *(.gnu.linkonce.t.*)
++ *(.srodata)
++ *(.rodata*)
++ . = ALIGN(16);
++ _etext = .;
+ }
+- . = ALIGN(4096);
++ .dynamic : { *(.dynamic) }
+ .data :
+ {
+- *(.rodata*)
+- *(.got.plt)
+- *(.got)
+- *(.data*)
+- *(.sdata)
+- /* the EFI loader doesn't seem to like a .bss section, so we stick
+- it all into .data: */
+- *(.sbss)
+- *(.scommon)
+- *(.dynbss)
+- *(.bss)
+- *(COMMON)
+- *(.rel.local)
++ *(.sdata)
++ *(.data)
++ *(.data1)
++ *(.data.*)
++ *(.got.plt)
++ *(.got)
++
++ /* the EFI loader doesn't seem to like a .bss section, so we stick
++ * it all into .data: */
++ . = ALIGN(16);
++ _bss = .;
++ *(.sbss)
++ *(.scommon)
++ *(.dynbss)
++ *(.bss)
++ *(COMMON)
++ . = ALIGN(16);
++ _bss_end = .;
+ }
+ . = ALIGN(4096);
+ .vendor_cert :
+ {
+- *(.vendor_cert)
++ *(.vendor_cert)
+ }
++
+ . = ALIGN(4096);
+- .dynamic : { *(.dynamic) }
+- . = ALIGN(4096);
+- .rela :
+- {
+- *(.rela.data*)
+- *(.rela.got)
+- *(.rela.stab)
+- }
++ .rela.dyn : { *(.rela.dyn) }
++ .rela.plt : { *(.rela.plt) }
++ .rela.got : { *(.rela.got) }
++ .rela.data : { *(.rela.data) *(.rela.data*) }
++ _edata = .;
++ _data_size = . - _etext;
++
+ . = ALIGN(4096);
+- .dynsym : { *(.dynsym) }
++ .dynsym : { *(.dynsym) }
+ . = ALIGN(4096);
+- .dynstr : { *(.dynstr) }
++ .dynstr : { *(.dynstr) }
+ . = ALIGN(4096);
+- .ignored.reloc :
++ /DISCARD/ :
+ {
+- *(.rela.reloc)
++ *(.rel.reloc)
+ *(.eh_frame)
+ *(.note.GNU-stack)
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0061-Do-the-same-for-ia32.patch b/SOURCES/0061-Do-the-same-for-ia32.patch
new file mode 100644
index 0000000..575a312
--- /dev/null
+++ b/SOURCES/0061-Do-the-same-for-ia32.patch
@@ -0,0 +1,383 @@
+From 6744a7ef8eca44948565c3d1244ec931ed3f6fee Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sun, 21 Sep 2014 13:11:11 -0400
+Subject: [PATCH 61/74] Do the same for ia32...
+
+Once again, on ia32 this time, we see:
+
+00000120 47 84 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 |G...............|
+
+Which is where the pointer on ia32 for the Base Relocation Table should
+be. It points to 0x8447, which isn't a particularly reasonable address as
+numbers go, and happens to have this data there:
+
+00008440 6f 00 6e 00 66 00 69 00 67 00 75 00 72 00 65 00 |o.n.f.i.g.u.r.e.|
+00008450 00 00 49 00 50 00 76 00 36 00 28 00 00 00 2c 00 |..I.P.v.6.(...,.|
+00008460 25 00 73 00 2c 00 00 00 29 00 00 00 25 00 64 00 |%.s.,...)...%.d.|
+00008470 2e 00 25 00 64 00 2e 00 25 00 64 00 2e 00 25 00 |..%.d...%.d...%.|
+00008480 64 00 00 00 44 00 48 00 43 00 50 00 00 00 49 00 |d...D.H.C.P...I.|
+00008490 50 00 76 00 34 00 28 00 00 00 2c 00 25 00 73 00 |P.v.4.(...,.%.s.|
+
+And so that table is, in theory, this part:
+
+00008447 00 67 00 75 00 72 00 65 00 | .g.u.r.e.|
+00008450 00 |. |
+
+Which is pretty clearly not a pointer table of any kind.
+
+So give ia32 the same treatment as x86_64, and now all arches work basically
+the same.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ Makefile | 22 +++++--
+ crt0-efi-ia32.S | 180 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ elf_ia32_efi.lds | 83 ++++++++++++-------------
+ 3 files changed, 236 insertions(+), 49 deletions(-)
+ create mode 100644 crt0-efi-ia32.S
+
+diff --git a/Makefile b/Makefile
+index d5fd55b..a52984f 100644
+--- a/Makefile
++++ b/Makefile
+@@ -6,19 +6,25 @@ ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,)
+
+ SUBDIRS = Cryptlib lib
+
+-LIB_PATH = /usr/lib64
+-
+ EFI_INCLUDE := /usr/include/efi
+ EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude
+-EFI_PATH := /usr/lib64/gnuefi
++ifeq ($(ARCH),ia32)
++LIB_PATH := /usr/lib
++EFI_PATH := /usr/lib/gnuefi
++endif
++LIB_PATH ?= /usr/lib64
++EFI_PATH ?= /usr/lib64/gnuefi
+
+ LIB_GCC = $(shell $(CC) -print-libgcc-file-name)
+ EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
+
+ ifeq ($(ARCH),x86_64)
+ EFI_CRT_OBJS := crt0-efi-$(ARCH).o
+-endif
++else ifeq ($(ARCH),ia32)
++EFI_CRT_OBJS := crt0-efi-$(ARCH).o
++else
+ EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o
++endif
+ EFI_LDS = elf_$(ARCH)_efi.lds
+
+ DEFAULT_LOADER := \\\\grub.efi
+@@ -137,9 +143,15 @@ SUBSYSTEM := 0xa
+ LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
+ endif
+
++ifeq ($(ARCH),ia32)
++FORMAT := -O binary
++SUBSYSTEM := 0xa
++LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
++endif
++
+ FORMAT ?= --target efi-app-$(ARCH)
+
+-crt0-efi-x86_64.o : crt0-efi-x86_64.S
++crt0-efi-$(ARCH).o : crt0-efi-$(ARCH).S
+ $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $<
+
+ %.efi: %.so
+diff --git a/crt0-efi-ia32.S b/crt0-efi-ia32.S
+new file mode 100644
+index 0000000..70b5b44
+--- /dev/null
++++ b/crt0-efi-ia32.S
+@@ -0,0 +1,180 @@
++/* crt0-efi-x86_64.S - x86_64 EFI startup code.
++ *
++ * Copyright 2014 Red Hat, Inc. <pjones@redhat.com>
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the
++ * distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
++ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++ .section .text.head
++
++ /*
++ * Magic "MZ" signature for PE/COFF
++ */
++ .globl ImageBase
++ImageBase:
++ .ascii "MZ"
++ .skip 58 // 'MZ' + pad + offset == 64
++ .long pe_header - ImageBase // Offset to the PE header.
++ .long 0x0eba1f0e /* terrifying code */
++ .long 0xcd09b400 /* terrifying code */
++ .long 0x4c01b821 /* terrifying code */
++ .short 0x21cd /* terrfiying code */
++ .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */
++ .skip 9
++pe_header:
++ .ascii "PE"
++ .short 0
++coff_header:
++ .short 0x014c // i386
++ .short 1 // nr_sections
++ .long 0 // TimeDateStamp
++ .long 0 // PointerToSymbolTable
++ .long 0 // NumberOfSymbols
++ .short section_table - optional_header // SizeOfOptionalHeader
++ .short 0x306 // Characteristics.
++ // IMAGE_FILE_DEBUG_STRIPPED |
++ // IMAGE_FILE_EXECUTABLE_IMAGE |
++ // IMAGE_FILE_LINE_NUMS_STRIPPED
++ // | IMAGE_FILE_32BIT_MACHINE
++optional_header:
++ .short 0x10b // PE32+ format
++ .byte 0x02 // MajorLinkerVersion
++ .byte 0x18 // MinorLinkerVersion
++ .long _edata - _start // SizeOfCode
++ .long 0 // SizeOfInitializedData
++ .long 0 // SizeOfUninitializedData
++ .long _start - ImageBase // AddressOfEntryPoint
++ .long _start - ImageBase // BaseOfCode
++ .long 0 // BaseOfData
++
++extra_header_fields:
++ .long 0 // ImageBase
++ .long 0x20 // SectionAlignment
++ .long 0x8 // FileAlignment
++ .short 0 // MajorOperatingSystemVersion
++ .short 0 // MinorOperatingSystemVersion
++ .short 0 // MajorImageVersion
++ .short 0 // MinorImageVersion
++ .short 0 // MajorSubsystemVersion
++ .short 0 // MinorSubsystemVersion
++ .long 0 // Win32VersionValue
++
++ .long _edata - ImageBase // SizeOfImage
++
++ // Everything before the kernel image is considered part of the header
++ .long _start - ImageBase // SizeOfHeaders
++ .long 0 // CheckSum
++ .short EFI_SUBSYSTEM // Subsystem
++ .short 0 // DllCharacteristics
++ .long 0 // SizeOfStackReserve
++ .long 0 // SizeOfStackCommit
++ .long 0 // SizeOfHeapReserve
++ .long 0 // SizeOfHeapCommit
++ .long 0 // LoaderFlags
++ .long 0x10 // NumberOfRvaAndSizes
++
++ .quad 0 // ExportTable
++ .quad 0 // ImportTable
++ .quad 0 // ResourceTable
++ .quad 0 // ExceptionTable
++ .quad 0 // CertificationTable
++ .quad 0 // BaseRelocationTable
++ .quad 0 // DebugTable
++ .quad 0 // ArchTable
++ .quad 0 // GlobalPointerTable
++ .quad 0 // .tls
++ .quad 0 // LoadConfigTable
++ .quad 0 // BoundImportsTable
++ .quad 0 // ImportAddressTable
++ .quad 0 // DelayLoadImportTable
++ .quad 0 // ClrRuntimeHeader (.cor)
++ .quad 0 // Reserved
++
++ // Section table
++section_table:
++ .ascii ".text"
++ .byte 0
++ .byte 0
++ .byte 0 // end of 0 padding of section name
++
++ .long _edata - _start // VirtualSize
++ .long _start - ImageBase // VirtualAddress
++ .long _edata - _start // SizeOfRawData
++ .long _start - ImageBase // PointerToRawData
++ .long 0 // PointerToRelocations (0 for executables)
++ .long 0 // PointerToLineNumbers (0 for executables)
++ .short 0 // NumberOfRelocations (0 for executables)
++ .short 0 // NumberOfLineNumbers (0 for executables)
++ .long 0x60500020 // Characteristics (section flags)
++
++ /*
++ * The EFI application loader requires a relocation section
++ * because EFI applications must be relocatable. This is a
++ * dummy section as far as we are concerned.
++ */
++ .ascii ".reloc"
++ .byte 0
++ .byte 0 // end of 0 padding of section name
++
++ .long 0 // VirtualSize
++ .long 0 // VirtualAddress
++ .long 0 // SizeOfRawData
++ .long 0 // PointerToRawData
++ .long 0 // PointerToRelocations
++ .long 0 // PointerToLineNumbers
++ .short 0 // NumberOfRelocations
++ .short 0 // NumberOfLineNumbers
++ .long 0x42100040 // Characteristics (section flags)
++
++ /* most if not all ia32 binaries binutils makes seem to have .text
++ * starting at 0x400; no reason to assume that's a bad idea. */
++ .align 1024
++
++_start:
++ pushl %ebp
++ movl %esp,%ebp
++
++ pushl 12(%ebp) # copy "image" argument
++ pushl 8(%ebp) # copy "systab" argument
++
++ call 0f
++0: popl %eax
++ movl %eax,%ebx
++
++ addl $ImageBase-0b,%eax # %eax = ldbase
++ addl $_DYNAMIC-0b,%ebx # %ebx = _DYNAMIC
++
++ pushl %ebx # pass _DYNAMIC as second argument
++ pushl %eax # pass ldbase as first argument
++ call _relocate
++ popl %ebx
++ popl %ebx
++ testl %eax,%eax
++ jne .exit
++
++ call efi_main # call app with "image" and "systab" argument
++
++.exit:
++ leave
++ ret
+diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds
+index 12d4085..b649e15 100644
+--- a/elf_ia32_efi.lds
++++ b/elf_ia32_efi.lds
+@@ -3,61 +3,56 @@ OUTPUT_ARCH(i386)
+ ENTRY(_start)
+ SECTIONS
+ {
+- . = 0;
+- ImageBase = .;
+- .hash : { *(.hash) } /* this MUST come first! */
+- . = ALIGN(4096);
+- .text :
+- {
+- *(.text)
+- *(.text.*)
+- *(.gnu.linkonce.t.*)
+- }
+- .reloc :
+- {
+- *(.reloc)
++ .text 0x0 : {
++ *(.text.head)
++ *(.text)
++ *(.text.*)
++ *(.gnu.linkonce.t.*)
++ *(.srodata)
++ *(.rodata*)
++ . = ALIGN(16);
++ _etext = .;
+ }
+- . = ALIGN(4096);
++ .dynamic : { *(.dynamic) }
+ .data :
+ {
+- *(.rodata*)
+- *(.data)
+- *(.data1)
+- *(.data.*)
+- *(.sdata)
+- *(.got.plt)
+- *(.got)
+- /* the EFI loader doesn't seem to like a .bss section, so we stick
+- it all into .data: */
+- *(.sbss)
+- *(.scommon)
+- *(.dynbss)
+- *(.bss)
+- *(COMMON)
++ *(.sdata)
++ *(.data)
++ *(.data1)
++ *(.data.*)
++ *(.got.plt)
++ *(.got)
++
++ /* the EFI loader doesn't seem to like a .bss section, so we stick
++ * it all into .data: */
++ . = ALIGN(16);
++ _bss = .;
++ *(.sbss)
++ *(.scommon)
++ *(.dynbss)
++ *(.bss)
++ *(COMMON)
++ . = ALIGN(16);
++ _bss_end = .;
+ }
+ . = ALIGN(4096);
+ .vendor_cert :
+ {
+- *(.vendor_cert)
++ *(.vendor_cert)
+ }
++
+ . = ALIGN(4096);
+- .dynamic : { *(.dynamic) }
+- . = ALIGN(4096);
+- .rel :
+- {
+- *(.rel.data)
+- *(.rel.data.*)
+- *(.rel.got)
+- *(.rel.stab)
+- *(.data.rel.ro.local)
+- *(.data.rel.local)
+- *(.data.rel.ro)
+- *(.data.rel*)
+- }
++ .rel.dyn : { *(.rel.dyn) }
++ .rel.plt : { *(.rel.plt) }
++ .rel.got : { *(.rel.got) }
++ .rel.data : { *(.rel.data) *(.rel.data*) }
++ _edata = .;
++ _data_size = . - _etext;
++
+ . = ALIGN(4096);
+- .dynsym : { *(.dynsym) }
++ .dynsym : { *(.dynsym) }
+ . = ALIGN(4096);
+- .dynstr : { *(.dynstr) }
++ .dynstr : { *(.dynstr) }
+ . = ALIGN(4096);
+ /DISCARD/ :
+ {
+--
+1.9.3
+
diff --git a/SOURCES/0062-Make-list_keys-index-variables-all-be-signed.patch b/SOURCES/0062-Make-list_keys-index-variables-all-be-signed.patch
new file mode 100644
index 0000000..c93d5be
--- /dev/null
+++ b/SOURCES/0062-Make-list_keys-index-variables-all-be-signed.patch
@@ -0,0 +1,34 @@
+From 9db91ca0e1f7ac94871f34f654b41cbb7f9e2da1 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sun, 21 Sep 2014 13:19:30 -0400
+Subject: [PATCH 62/74] Make list_keys() index variables all be signed.
+
+We build with -Werror=signed-compare in fedora/rhel rpms, and this
+showed up.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ MokManager.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index 50cb9d7..ecbcdd3 100644
+--- a/MokManager.c
++++ b/MokManager.c
+@@ -436,11 +436,11 @@ static void show_mok_info (void *Mok, UINTN MokSize)
+
+ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title)
+ {
+- UINT32 MokNum = 0;
++ INTN MokNum = 0;
+ MokListNode *keys = NULL;
+ INTN key_num = 0;
+ CHAR16 **menu_strings;
+- unsigned int i;
++ int i;
+
+ if (KeyListSize < (sizeof(EFI_SIGNATURE_LIST) +
+ sizeof(EFI_SIGNATURE_DATA))) {
+--
+1.9.3
+
diff --git a/SOURCES/0063-Revert-header-changes.patch b/SOURCES/0063-Revert-header-changes.patch
new file mode 100644
index 0000000..3a70cf7
--- /dev/null
+++ b/SOURCES/0063-Revert-header-changes.patch
@@ -0,0 +1,702 @@
+From c6281c6a195edee611858a8d802ff5f3dee34aa5 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Tue, 30 Sep 2014 22:47:39 -0400
+Subject: [PATCH 63/74] Revert header changes
+
+Revert "Do the same for ia32..."
+and "Generate a sane PE header on shim, fallback, and MokManager."
+This reverts commit 6744a7ef8eca44948565c3d1244ec931ed3f6fee.
+and commit 0e7ba5947eb38b79de2051ecf3b95055e620475c.
+
+These are premature and I can do this without such drastic measures.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ Makefile | 42 +++----------
+ crt0-efi-ia32.S | 180 -----------------------------------------------------
+ crt0-efi-x86_64.S | 177 ----------------------------------------------------
+ elf_ia32_efi.lds | 83 ++++++++++++------------
+ elf_x86_64_efi.lds | 85 +++++++++++++------------
+ 5 files changed, 97 insertions(+), 470 deletions(-)
+ delete mode 100644 crt0-efi-ia32.S
+ delete mode 100644 crt0-efi-x86_64.S
+
+diff --git a/Makefile b/Makefile
+index a52984f..5bc513c 100644
+--- a/Makefile
++++ b/Makefile
+@@ -6,25 +6,16 @@ ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,)
+
+ SUBDIRS = Cryptlib lib
+
++LIB_PATH = /usr/lib64
++
+ EFI_INCLUDE := /usr/include/efi
+ EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude
+-ifeq ($(ARCH),ia32)
+-LIB_PATH := /usr/lib
+-EFI_PATH := /usr/lib/gnuefi
+-endif
+-LIB_PATH ?= /usr/lib64
+-EFI_PATH ?= /usr/lib64/gnuefi
++EFI_PATH := /usr/lib64/gnuefi
+
+ LIB_GCC = $(shell $(CC) -print-libgcc-file-name)
+ EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
+
+-ifeq ($(ARCH),x86_64)
+-EFI_CRT_OBJS := crt0-efi-$(ARCH).o
+-else ifeq ($(ARCH),ia32)
+-EFI_CRT_OBJS := crt0-efi-$(ARCH).o
+-else
+-EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o
+-endif
++EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o
+ EFI_LDS = elf_$(ARCH)_efi.lds
+
+ DEFAULT_LOADER := \\\\grub.efi
+@@ -61,11 +52,11 @@ ifneq ($(origin VENDOR_DBX_FILE), undefined)
+ CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\"
+ endif
+
+-LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL
++LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS)
+
+ VERSION = 0.7
+
+-TARGET += shim.efi MokManager.efi.signed fallback.efi.signed
++TARGET = shim.efi MokManager.efi.signed fallback.efi.signed
+ OBJS = shim.o netboot.o cert.o replacements.o version.o
+ KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
+ SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h
+@@ -103,17 +94,17 @@ shim.o: $(SOURCES) shim_cert.h
+ cert.o : cert.S
+ $(CC) $(CFLAGS) -c -o $@ $<
+
+-shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS)
++shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
+ $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
+
+ fallback.o: $(FALLBACK_SRCS)
+
+-fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS)
++fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
+ $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
+
+ MokManager.o: $(MOK_SOURCES)
+
+-MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS)
++MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
+ $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
+
+ Cryptlib/libcryptlib.a:
+@@ -137,23 +128,8 @@ SUBSYSTEM := 0xa
+ LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
+ endif
+
+-ifeq ($(ARCH),x86_64)
+-FORMAT := -O binary
+-SUBSYSTEM := 0xa
+-LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
+-endif
+-
+-ifeq ($(ARCH),ia32)
+-FORMAT := -O binary
+-SUBSYSTEM := 0xa
+-LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
+-endif
+-
+ FORMAT ?= --target efi-app-$(ARCH)
+
+-crt0-efi-$(ARCH).o : crt0-efi-$(ARCH).S
+- $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $<
+-
+ %.efi: %.so
+ $(OBJCOPY) -j .text -j .sdata -j .data \
+ -j .dynamic -j .dynsym -j .rel* \
+diff --git a/crt0-efi-ia32.S b/crt0-efi-ia32.S
+deleted file mode 100644
+index 70b5b44..0000000
+--- a/crt0-efi-ia32.S
++++ /dev/null
+@@ -1,180 +0,0 @@
+-/* crt0-efi-x86_64.S - x86_64 EFI startup code.
+- *
+- * Copyright 2014 Red Hat, Inc. <pjones@redhat.com>
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- *
+- * Redistributions of source code must retain the above copyright
+- * notice, this list of conditions and the following disclaimer.
+- *
+- * Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in the
+- * documentation and/or other materials provided with the
+- * distribution.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+- * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+- * OF THE POSSIBILITY OF SUCH DAMAGE.
+- */
+- .section .text.head
+-
+- /*
+- * Magic "MZ" signature for PE/COFF
+- */
+- .globl ImageBase
+-ImageBase:
+- .ascii "MZ"
+- .skip 58 // 'MZ' + pad + offset == 64
+- .long pe_header - ImageBase // Offset to the PE header.
+- .long 0x0eba1f0e /* terrifying code */
+- .long 0xcd09b400 /* terrifying code */
+- .long 0x4c01b821 /* terrifying code */
+- .short 0x21cd /* terrfiying code */
+- .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */
+- .skip 9
+-pe_header:
+- .ascii "PE"
+- .short 0
+-coff_header:
+- .short 0x014c // i386
+- .short 1 // nr_sections
+- .long 0 // TimeDateStamp
+- .long 0 // PointerToSymbolTable
+- .long 0 // NumberOfSymbols
+- .short section_table - optional_header // SizeOfOptionalHeader
+- .short 0x306 // Characteristics.
+- // IMAGE_FILE_DEBUG_STRIPPED |
+- // IMAGE_FILE_EXECUTABLE_IMAGE |
+- // IMAGE_FILE_LINE_NUMS_STRIPPED
+- // | IMAGE_FILE_32BIT_MACHINE
+-optional_header:
+- .short 0x10b // PE32+ format
+- .byte 0x02 // MajorLinkerVersion
+- .byte 0x18 // MinorLinkerVersion
+- .long _edata - _start // SizeOfCode
+- .long 0 // SizeOfInitializedData
+- .long 0 // SizeOfUninitializedData
+- .long _start - ImageBase // AddressOfEntryPoint
+- .long _start - ImageBase // BaseOfCode
+- .long 0 // BaseOfData
+-
+-extra_header_fields:
+- .long 0 // ImageBase
+- .long 0x20 // SectionAlignment
+- .long 0x8 // FileAlignment
+- .short 0 // MajorOperatingSystemVersion
+- .short 0 // MinorOperatingSystemVersion
+- .short 0 // MajorImageVersion
+- .short 0 // MinorImageVersion
+- .short 0 // MajorSubsystemVersion
+- .short 0 // MinorSubsystemVersion
+- .long 0 // Win32VersionValue
+-
+- .long _edata - ImageBase // SizeOfImage
+-
+- // Everything before the kernel image is considered part of the header
+- .long _start - ImageBase // SizeOfHeaders
+- .long 0 // CheckSum
+- .short EFI_SUBSYSTEM // Subsystem
+- .short 0 // DllCharacteristics
+- .long 0 // SizeOfStackReserve
+- .long 0 // SizeOfStackCommit
+- .long 0 // SizeOfHeapReserve
+- .long 0 // SizeOfHeapCommit
+- .long 0 // LoaderFlags
+- .long 0x10 // NumberOfRvaAndSizes
+-
+- .quad 0 // ExportTable
+- .quad 0 // ImportTable
+- .quad 0 // ResourceTable
+- .quad 0 // ExceptionTable
+- .quad 0 // CertificationTable
+- .quad 0 // BaseRelocationTable
+- .quad 0 // DebugTable
+- .quad 0 // ArchTable
+- .quad 0 // GlobalPointerTable
+- .quad 0 // .tls
+- .quad 0 // LoadConfigTable
+- .quad 0 // BoundImportsTable
+- .quad 0 // ImportAddressTable
+- .quad 0 // DelayLoadImportTable
+- .quad 0 // ClrRuntimeHeader (.cor)
+- .quad 0 // Reserved
+-
+- // Section table
+-section_table:
+- .ascii ".text"
+- .byte 0
+- .byte 0
+- .byte 0 // end of 0 padding of section name
+-
+- .long _edata - _start // VirtualSize
+- .long _start - ImageBase // VirtualAddress
+- .long _edata - _start // SizeOfRawData
+- .long _start - ImageBase // PointerToRawData
+- .long 0 // PointerToRelocations (0 for executables)
+- .long 0 // PointerToLineNumbers (0 for executables)
+- .short 0 // NumberOfRelocations (0 for executables)
+- .short 0 // NumberOfLineNumbers (0 for executables)
+- .long 0x60500020 // Characteristics (section flags)
+-
+- /*
+- * The EFI application loader requires a relocation section
+- * because EFI applications must be relocatable. This is a
+- * dummy section as far as we are concerned.
+- */
+- .ascii ".reloc"
+- .byte 0
+- .byte 0 // end of 0 padding of section name
+-
+- .long 0 // VirtualSize
+- .long 0 // VirtualAddress
+- .long 0 // SizeOfRawData
+- .long 0 // PointerToRawData
+- .long 0 // PointerToRelocations
+- .long 0 // PointerToLineNumbers
+- .short 0 // NumberOfRelocations
+- .short 0 // NumberOfLineNumbers
+- .long 0x42100040 // Characteristics (section flags)
+-
+- /* most if not all ia32 binaries binutils makes seem to have .text
+- * starting at 0x400; no reason to assume that's a bad idea. */
+- .align 1024
+-
+-_start:
+- pushl %ebp
+- movl %esp,%ebp
+-
+- pushl 12(%ebp) # copy "image" argument
+- pushl 8(%ebp) # copy "systab" argument
+-
+- call 0f
+-0: popl %eax
+- movl %eax,%ebx
+-
+- addl $ImageBase-0b,%eax # %eax = ldbase
+- addl $_DYNAMIC-0b,%ebx # %ebx = _DYNAMIC
+-
+- pushl %ebx # pass _DYNAMIC as second argument
+- pushl %eax # pass ldbase as first argument
+- call _relocate
+- popl %ebx
+- popl %ebx
+- testl %eax,%eax
+- jne .exit
+-
+- call efi_main # call app with "image" and "systab" argument
+-
+-.exit:
+- leave
+- ret
+diff --git a/crt0-efi-x86_64.S b/crt0-efi-x86_64.S
+deleted file mode 100644
+index f334a63..0000000
+--- a/crt0-efi-x86_64.S
++++ /dev/null
+@@ -1,177 +0,0 @@
+-/* crt0-efi-x86_64.S - x86_64 EFI startup code.
+- *
+- * Copyright 2014 Red Hat, Inc. <pjones@redhat.com>
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- *
+- * Redistributions of source code must retain the above copyright
+- * notice, this list of conditions and the following disclaimer.
+- *
+- * Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in the
+- * documentation and/or other materials provided with the
+- * distribution.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+- * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+- * OF THE POSSIBILITY OF SUCH DAMAGE.
+- */
+- .section .text.head
+-
+- /*
+- * Magic "MZ" signature for PE/COFF
+- */
+- .globl ImageBase
+-ImageBase:
+- .ascii "MZ"
+- .skip 58 // 'MZ' + pad + offset == 64
+- .long pe_header - ImageBase // Offset to the PE header.
+- .long 0x0eba1f0e /* terrifying code */
+- .long 0xcd09b400 /* terrifying code */
+- .long 0x4c01b821 /* terrifying code */
+- .short 0x21cd /* terrfiying code */
+- .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */
+- .skip 9
+-pe_header:
+- .ascii "PE"
+- .short 0
+-coff_header:
+- .short 0x8664 // x86_64
+- .short 1 // nr_sections
+- .long 0 // TimeDateStamp
+- .long 0 // PointerToSymbolTable
+- .long 0 // NumberOfSymbols
+- .short section_table - optional_header // SizeOfOptionalHeader
+- .short 0x206 // Characteristics.
+- // IMAGE_FILE_DEBUG_STRIPPED |
+- // IMAGE_FILE_EXECUTABLE_IMAGE |
+- // IMAGE_FILE_LINE_NUMS_STRIPPED
+-optional_header:
+- .short 0x20b // PE32+ format
+- .byte 0x02 // MajorLinkerVersion
+- .byte 0x18 // MinorLinkerVersion
+- .long _edata - _start // SizeOfCode
+- .long 0 // SizeOfInitializedData
+- .long 0 // SizeOfUninitializedData
+- .long _start - ImageBase // AddressOfEntryPoint
+- .long _start - ImageBase // BaseOfCode
+-
+-extra_header_fields:
+- .quad 0 // ImageBase
+- .long 0x20 // SectionAlignment
+- .long 0x8 // FileAlignment
+- .short 0 // MajorOperatingSystemVersion
+- .short 0 // MinorOperatingSystemVersion
+- .short 0 // MajorImageVersion
+- .short 0 // MinorImageVersion
+- .short 0 // MajorSubsystemVersion
+- .short 0 // MinorSubsystemVersion
+- .long 0 // Win32VersionValue
+-
+- .long _edata - ImageBase // SizeOfImage
+-
+- // Everything before the kernel image is considered part of the header
+- .long _start - ImageBase // SizeOfHeaders
+- .long 0 // CheckSum
+- .short EFI_SUBSYSTEM // Subsystem
+- .short 0 // DllCharacteristics
+- .quad 0 // SizeOfStackReserve
+- .quad 0 // SizeOfStackCommit
+- .quad 0 // SizeOfHeapReserve
+- .quad 0 // SizeOfHeapCommit
+- .long 0 // LoaderFlags
+- .long 0x10 // NumberOfRvaAndSizes
+-
+- .quad 0 // ExportTable
+- .quad 0 // ImportTable
+- .quad 0 // ResourceTable
+- .quad 0 // ExceptionTable
+- .quad 0 // CertificationTable
+- .quad 0 // BaseRelocationTable
+- .quad 0 // DebugTable
+- .quad 0 // ArchTable
+- .quad 0 // GlobalPointerTable
+- .quad 0 // .tls
+- .quad 0 // LoadConfigTable
+- .quad 0 // BoundImportsTable
+- .quad 0 // ImportAddressTable
+- .quad 0 // DelayLoadImportTable
+- .quad 0 // ClrRuntimeHeader (.cor)
+- .quad 0 // Reserved
+-
+- // Section table
+-section_table:
+- .ascii ".text"
+- .byte 0
+- .byte 0
+- .byte 0 // end of 0 padding of section name
+-
+- .long _edata - _start // VirtualSize
+- .long _start - ImageBase // VirtualAddress
+- .long _edata - _start // SizeOfRawData
+- .long _start - ImageBase // PointerToRawData
+- .long 0 // PointerToRelocations (0 for executables)
+- .long 0 // PointerToLineNumbers (0 for executables)
+- .short 0 // NumberOfRelocations (0 for executables)
+- .short 0 // NumberOfLineNumbers (0 for executables)
+- .long 0x60500020 // Characteristics (section flags)
+-
+- /*
+- * The EFI application loader requires a relocation section
+- * because EFI applications must be relocatable. This is a
+- * dummy section as far as we are concerned.
+- */
+- .ascii ".reloc"
+- .byte 0
+- .byte 0 // end of 0 padding of section name
+-
+- .long 0 // VirtualSize
+- .long 0 // VirtualAddress
+- .long 0 // SizeOfRawData
+- .long 0 // PointerToRawData
+- .long 0 // PointerToRelocations
+- .long 0 // PointerToLineNumbers
+- .short 0 // NumberOfRelocations
+- .short 0 // NumberOfLineNumbers
+- .long 0x42100040 // Characteristics (section flags)
+-
+- /* x86-64 needs this padding here; without it, some machines simply
+- * refuse to admit this is an EFI binary. I'm not really sure why;
+- * reading the spec, it's unclear, but you'd expect it would need to
+- * be aligned to (1 << FileAlignment), which would mean not having
+- * the spacing.
+- */
+- .quad 0
+-_start:
+- subq $8, %rsp
+- pushq %rcx
+- pushq %rdx
+-
+-0:
+- lea ImageBase(%rip), %rdi
+- lea _DYNAMIC(%rip), %rsi
+-
+- popq %rcx
+- popq %rdx
+- pushq %rcx
+- pushq %rdx
+- call _relocate
+-
+- popq %rdi
+- popq %rsi
+-
+- call efi_main
+- addq $8, %rsp
+-
+-.exit:
+- ret
+diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds
+index b649e15..12d4085 100644
+--- a/elf_ia32_efi.lds
++++ b/elf_ia32_efi.lds
+@@ -3,56 +3,61 @@ OUTPUT_ARCH(i386)
+ ENTRY(_start)
+ SECTIONS
+ {
+- .text 0x0 : {
+- *(.text.head)
+- *(.text)
+- *(.text.*)
+- *(.gnu.linkonce.t.*)
+- *(.srodata)
+- *(.rodata*)
+- . = ALIGN(16);
+- _etext = .;
++ . = 0;
++ ImageBase = .;
++ .hash : { *(.hash) } /* this MUST come first! */
++ . = ALIGN(4096);
++ .text :
++ {
++ *(.text)
++ *(.text.*)
++ *(.gnu.linkonce.t.*)
++ }
++ .reloc :
++ {
++ *(.reloc)
+ }
+- .dynamic : { *(.dynamic) }
++ . = ALIGN(4096);
+ .data :
+ {
+- *(.sdata)
+- *(.data)
+- *(.data1)
+- *(.data.*)
+- *(.got.plt)
+- *(.got)
+-
+- /* the EFI loader doesn't seem to like a .bss section, so we stick
+- * it all into .data: */
+- . = ALIGN(16);
+- _bss = .;
+- *(.sbss)
+- *(.scommon)
+- *(.dynbss)
+- *(.bss)
+- *(COMMON)
+- . = ALIGN(16);
+- _bss_end = .;
++ *(.rodata*)
++ *(.data)
++ *(.data1)
++ *(.data.*)
++ *(.sdata)
++ *(.got.plt)
++ *(.got)
++ /* the EFI loader doesn't seem to like a .bss section, so we stick
++ it all into .data: */
++ *(.sbss)
++ *(.scommon)
++ *(.dynbss)
++ *(.bss)
++ *(COMMON)
+ }
+ . = ALIGN(4096);
+ .vendor_cert :
+ {
+- *(.vendor_cert)
++ *(.vendor_cert)
+ }
+-
+ . = ALIGN(4096);
+- .rel.dyn : { *(.rel.dyn) }
+- .rel.plt : { *(.rel.plt) }
+- .rel.got : { *(.rel.got) }
+- .rel.data : { *(.rel.data) *(.rel.data*) }
+- _edata = .;
+- _data_size = . - _etext;
+-
++ .dynamic : { *(.dynamic) }
++ . = ALIGN(4096);
++ .rel :
++ {
++ *(.rel.data)
++ *(.rel.data.*)
++ *(.rel.got)
++ *(.rel.stab)
++ *(.data.rel.ro.local)
++ *(.data.rel.local)
++ *(.data.rel.ro)
++ *(.data.rel*)
++ }
+ . = ALIGN(4096);
+- .dynsym : { *(.dynsym) }
++ .dynsym : { *(.dynsym) }
+ . = ALIGN(4096);
+- .dynstr : { *(.dynstr) }
++ .dynstr : { *(.dynstr) }
+ . = ALIGN(4096);
+ /DISCARD/ :
+ {
+diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds
+index 091187b..f981102 100644
+--- a/elf_x86_64_efi.lds
++++ b/elf_x86_64_efi.lds
+@@ -4,60 +4,63 @@ OUTPUT_ARCH(i386:x86-64)
+ ENTRY(_start)
+ SECTIONS
+ {
+- .text 0x0 : {
+- *(.text.head)
+- *(.text)
+- *(.text.*)
+- *(.gnu.linkonce.t.*)
+- *(.srodata)
+- *(.rodata*)
+- . = ALIGN(16);
+- _etext = .;
++ . = 0;
++ ImageBase = .;
++ .hash : { *(.hash) } /* this MUST come first! */
++ . = ALIGN(4096);
++ .eh_frame :
++ {
++ *(.eh_frame)
++ }
++ . = ALIGN(4096);
++ .text :
++ {
++ *(.text)
++ }
++ . = ALIGN(4096);
++ .reloc :
++ {
++ *(.reloc)
+ }
+- .dynamic : { *(.dynamic) }
++ . = ALIGN(4096);
+ .data :
+ {
+- *(.sdata)
+- *(.data)
+- *(.data1)
+- *(.data.*)
+- *(.got.plt)
+- *(.got)
+-
+- /* the EFI loader doesn't seem to like a .bss section, so we stick
+- * it all into .data: */
+- . = ALIGN(16);
+- _bss = .;
+- *(.sbss)
+- *(.scommon)
+- *(.dynbss)
+- *(.bss)
+- *(COMMON)
+- . = ALIGN(16);
+- _bss_end = .;
++ *(.rodata*)
++ *(.got.plt)
++ *(.got)
++ *(.data*)
++ *(.sdata)
++ /* the EFI loader doesn't seem to like a .bss section, so we stick
++ it all into .data: */
++ *(.sbss)
++ *(.scommon)
++ *(.dynbss)
++ *(.bss)
++ *(COMMON)
++ *(.rel.local)
+ }
+ . = ALIGN(4096);
+ .vendor_cert :
+ {
+- *(.vendor_cert)
++ *(.vendor_cert)
+ }
+-
+ . = ALIGN(4096);
+- .rela.dyn : { *(.rela.dyn) }
+- .rela.plt : { *(.rela.plt) }
+- .rela.got : { *(.rela.got) }
+- .rela.data : { *(.rela.data) *(.rela.data*) }
+- _edata = .;
+- _data_size = . - _etext;
+-
++ .dynamic : { *(.dynamic) }
++ . = ALIGN(4096);
++ .rela :
++ {
++ *(.rela.data*)
++ *(.rela.got)
++ *(.rela.stab)
++ }
+ . = ALIGN(4096);
+- .dynsym : { *(.dynsym) }
++ .dynsym : { *(.dynsym) }
+ . = ALIGN(4096);
+- .dynstr : { *(.dynstr) }
++ .dynstr : { *(.dynstr) }
+ . = ALIGN(4096);
+- /DISCARD/ :
++ .ignored.reloc :
+ {
+- *(.rel.reloc)
++ *(.rela.reloc)
+ *(.eh_frame)
+ *(.note.GNU-stack)
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0064-Actually-find-the-relocations-correctly-and-process-.patch b/SOURCES/0064-Actually-find-the-relocations-correctly-and-process-.patch
new file mode 100644
index 0000000..f9e8c05
--- /dev/null
+++ b/SOURCES/0064-Actually-find-the-relocations-correctly-and-process-.patch
@@ -0,0 +1,200 @@
+From a846aedd0e9dfe26ca6afaf6a1db8a54c20363c1 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Tue, 30 Sep 2014 18:52:59 -0400
+Subject: [PATCH 64/74] Actually find the relocations correctly and process
+ them that way.
+
+Find the relocations based on the *file* address in the old binary,
+because it's only the same as the virtual address some of the time.
+
+Also perform some extra validation before processing it, and don't bail
+out in /error/ if both ReloceBase and RelocEnd are null - that condition
+is fine.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ shim.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------
+ 1 file changed, 77 insertions(+), 13 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index 7cd4182..4baf8b1 100644
+--- a/shim.c
++++ b/shim.c
+@@ -222,6 +222,7 @@ image_is_loadable(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr)
+ * Perform the actual relocation
+ */
+ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
++ EFI_IMAGE_SECTION_HEADER *Section,
+ void *orig, void *data)
+ {
+ EFI_IMAGE_BASE_RELOCATION *RelocBase, *RelocBaseEnd;
+@@ -233,14 +234,46 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ UINT64 *Fixup64;
+ int size = context->ImageSize;
+ void *ImageEnd = (char *)orig + size;
++ int n = 0;
+
+ if (image_is_64_bit(context->PEHdr))
+ context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)(unsigned long)data;
+ else
+ context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)(unsigned long)data;
+
+- RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress);
+- RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1);
++ /* Alright, so here's how this works:
++ *
++ * context->RelocDir gives us two things:
++ * - the VA the table of base relocation blocks are (maybe) to be
++ * mapped at (RelocDir->VirtualAddress)
++ * - the virtual size (RelocDir->Size)
++ *
++ * The .reloc section (Section here) gives us some other things:
++ * - the name! kind of. (Section->Name)
++ * - the virtual size (Section->VirtualSize), which should be the same
++ * as RelocDir->Size
++ * - the virtual address (Section->VirtualAddress)
++ * - the file section size (Section->SizeOfRawData), which is
++ * a multiple of OptHdr->FileAlignment. Only useful for image
++ * validation, not really useful for iteration bounds.
++ * - the file address (Section->PointerToRawData)
++ * - a bunch of stuff we don't use that's 0 in our binaries usually
++ * - Flags (Section->Characteristics)
++ *
++ * and then the thing that's actually at the file address is an array
++ * of EFI_IMAGE_BASE_RELOCATION structs with some values packed behind
++ * them. The SizeOfBlock field of this structure includes the
++ * structure itself, and adding it to that structure's address will
++ * yield the next entry in the array.
++ */
++ RelocBase = ImageAddress(orig, size, Section->PointerToRawData);
++ /* RelocBaseEnd here is the address of the first entry /past/ the
++ * table. */
++ RelocBaseEnd = ImageAddress(orig, size, Section->PointerToRawData +
++ Section->Misc.VirtualSize);
++
++ if (!RelocBase && !RelocBaseEnd)
++ return EFI_SUCCESS;
+
+ if (!RelocBase || !RelocBaseEnd) {
+ perror(L"Reloc table overflows binary\n");
+@@ -256,19 +289,19 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION));
+
+ if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) {
+- perror(L"Reloc block size %d is invalid\n", RelocBase->SizeOfBlock);
++ perror(L"Reloc %d block size %d is invalid\n", n, RelocBase->SizeOfBlock);
+ return EFI_UNSUPPORTED;
+ }
+
+ RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock);
+ if ((void *)RelocEnd < orig || (void *)RelocEnd > ImageEnd) {
+- perror(L"Reloc entry overflows binary\n");
++ perror(L"Reloc %d entry overflows binary\n", n);
+ return EFI_UNSUPPORTED;
+ }
+
+ FixupBase = ImageAddress(data, size, RelocBase->VirtualAddress);
+ if (!FixupBase) {
+- perror(L"Invalid fixupbase\n");
++ perror(L"Reloc %d Invalid fixupbase\n", n);
+ return EFI_UNSUPPORTED;
+ }
+
+@@ -317,12 +350,13 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ break;
+
+ default:
+- perror(L"Unknown relocation\n");
++ perror(L"Reloc %d Unknown relocation\n", n);
+ return EFI_UNSUPPORTED;
+ }
+ Reloc += 1;
+ }
+ RelocBase = (EFI_IMAGE_BASE_RELOCATION *) RelocEnd;
++ n++;
+ }
+
+ return EFI_SUCCESS;
+@@ -1102,15 +1136,21 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+
+ CopyMem(buffer, data, context.SizeOfHeaders);
+
++ char *RelocBase, *RelocBaseEnd;
++ RelocBase = ImageAddress(buffer, datasize,
++ context.RelocDir->VirtualAddress);
++ /* RelocBaseEnd here is the address of the last byte of the table */
++ RelocBaseEnd = ImageAddress(buffer, datasize,
++ context.RelocDir->VirtualAddress +
++ context.RelocDir->Size - 1);
++
++ EFI_IMAGE_SECTION_HEADER *RelocSection = NULL;
++
+ /*
+ * Copy the executable's sections to their desired offsets
+ */
+ Section = context.FirstSection;
+ for (i = 0; i < context.NumberOfSections; i++, Section++) {
+- if (Section->Characteristics & 0x02000000)
+- /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */
+- continue;
+-
+ size = Section->Misc.VirtualSize;
+
+ if (size > Section->SizeOfRawData)
+@@ -1118,7 +1158,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+
+ base = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress);
+ end = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress + size - 1);
+-
+ if (!base || !end) {
+ perror(L"Invalid section size\n");
+ return EFI_UNSUPPORTED;
+@@ -1130,6 +1169,30 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ return EFI_UNSUPPORTED;
+ }
+
++ /* We do want to process .reloc, but it's often marked
++ * discardable, so we don't want to memcpy it. */
++ if (CompareMem(Section->Name, ".reloc\0\0", 8) == 0) {
++ if (RelocSection) {
++ perror(L"Image has multiple relocation sections\n");
++ return EFI_UNSUPPORTED;
++ }
++ /* If it has nonzero sizes, and our bounds check
++ * made sense, and the VA and size match RelocDir's
++ * versions, then we believe in this section table. */
++ if (Section->SizeOfRawData &&
++ Section->Misc.VirtualSize &&
++ base && end &&
++ RelocBase == base &&
++ RelocBaseEnd == end) {
++ RelocSection = Section;
++ }
++ }
++
++ if (Section->Characteristics & 0x02000000) {
++ /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */
++ continue;
++ }
++
+ if (Section->SizeOfRawData > 0)
+ CopyMem(base, data + Section->PointerToRawData, size);
+
+@@ -1143,11 +1206,12 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
+ return EFI_UNSUPPORTED;
+ }
+
+- if (context.RelocDir->Size) {
++ if (context.RelocDir->Size && RelocSection) {
+ /*
+ * Run the relocation fixups
+ */
+- efi_status = relocate_coff(&context, data, buffer);
++ efi_status = relocate_coff(&context, RelocSection, data,
++ buffer);
+
+ if (efi_status != EFI_SUCCESS) {
+ perror(L"Relocation failed: %r\n", efi_status);
+--
+1.9.3
+
diff --git a/SOURCES/0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch b/SOURCES/0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch
new file mode 100644
index 0000000..7b48e8f
--- /dev/null
+++ b/SOURCES/0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch
@@ -0,0 +1,90 @@
+From f14119502ee3301e1ae80b5ab7fbe1ba46580e23 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 1 Oct 2014 22:47:20 -0400
+Subject: [PATCH 65/74] Don't append an empty cert list to MokListRT if
+ vendor_cert_size is 0.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ shim.c | 63 ++++++++++++++++++++++++++++++++++-----------------------------
+ 1 file changed, 34 insertions(+), 29 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index 4baf8b1..a282ee3 100644
+--- a/shim.c
++++ b/shim.c
+@@ -1698,37 +1698,42 @@ EFI_STATUS mirror_mok_list()
+ if (efi_status != EFI_SUCCESS)
+ DataSize = 0;
+
+- FullDataSize = DataSize
+- + sizeof (*CertList)
+- + sizeof (EFI_GUID)
+- + vendor_cert_size
+- ;
+- FullData = AllocatePool(FullDataSize);
+- if (!FullData) {
+- perror(L"Failed to allocate space for MokListRT\n");
+- return EFI_OUT_OF_RESOURCES;
+- }
+- p = FullData;
++ if (vendor_cert_size) {
++ FullDataSize = DataSize
++ + sizeof (*CertList)
++ + sizeof (EFI_GUID)
++ + vendor_cert_size
++ ;
++ FullData = AllocatePool(FullDataSize);
++ if (!FullData) {
++ perror(L"Failed to allocate space for MokListRT\n");
++ return EFI_OUT_OF_RESOURCES;
++ }
++ p = FullData;
+
+- if (efi_status == EFI_SUCCESS && DataSize > 0) {
+- CopyMem(p, Data, DataSize);
+- p += DataSize;
++ if (efi_status == EFI_SUCCESS && DataSize > 0) {
++ CopyMem(p, Data, DataSize);
++ p += DataSize;
++ }
++ CertList = (EFI_SIGNATURE_LIST *)p;
++ p += sizeof (*CertList);
++ CertData = (EFI_SIGNATURE_DATA *)p;
++ p += sizeof (EFI_GUID);
++
++ CertList->SignatureType = EFI_CERT_X509_GUID;
++ CertList->SignatureListSize = vendor_cert_size
++ + sizeof (*CertList)
++ + sizeof (*CertData)
++ -1;
++ CertList->SignatureHeaderSize = 0;
++ CertList->SignatureSize = vendor_cert_size + sizeof (EFI_GUID);
++
++ CertData->SignatureOwner = SHIM_LOCK_GUID;
++ CopyMem(p, vendor_cert, vendor_cert_size);
++ } else {
++ FullDataSize = DataSize;
++ FullData = Data;
+ }
+- CertList = (EFI_SIGNATURE_LIST *)p;
+- p += sizeof (*CertList);
+- CertData = (EFI_SIGNATURE_DATA *)p;
+- p += sizeof (EFI_GUID);
+-
+- CertList->SignatureType = EFI_CERT_X509_GUID;
+- CertList->SignatureListSize = vendor_cert_size
+- + sizeof (*CertList)
+- + sizeof (*CertData)
+- -1;
+- CertList->SignatureHeaderSize = 0;
+- CertList->SignatureSize = vendor_cert_size + sizeof (EFI_GUID);
+-
+- CertData->SignatureOwner = SHIM_LOCK_GUID;
+- CopyMem(p, vendor_cert, vendor_cert_size);
+
+ efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokListRT",
+ &shim_lock_guid,
+--
+1.9.3
+
diff --git a/SOURCES/0066-Fix-some-minor-testplan-errors.patch b/SOURCES/0066-Fix-some-minor-testplan-errors.patch
new file mode 100644
index 0000000..f304978
--- /dev/null
+++ b/SOURCES/0066-Fix-some-minor-testplan-errors.patch
@@ -0,0 +1,37 @@
+From aa818fe639f103d9c40fcbc8342edd82ff5d49d2 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 1 Oct 2014 23:42:11 -0400
+Subject: [PATCH 66/74] Fix some minor testplan errors.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ testplan.txt | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/testplan.txt b/testplan.txt
+index 2fbf238..ab88781 100644
+--- a/testplan.txt
++++ b/testplan.txt
+@@ -12,7 +12,7 @@ How to test a new shim build for RHEL/fedora:
+ -s -c "Red Hat Test Certificate"
+ 6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi
+ cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \
+- /boot/efi/EFI/test/test.efi
++ /boot/efi/EFI/test/grubx64.efi
+ 7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\ . Also
+ leave an unsigned copy there:
+ pesign -i /boot/efi/EFI/redhat/grubx64.efi \
+@@ -38,7 +38,9 @@ How to test a new shim build for RHEL/fedora:
+ 12) put shim.efi there as well
+ cp /boot/efi/EFI/test/shim.efi /boot/efi/EFI/BOOT/BOOTX64.EFI
+ 13) enroll the current kernel's certificate with mokutil:
+- mokutil --import ~/redhatsecurebootca2.cer
++ # this should be a /different/ cert than the one signing pesign-test-app.
++ # for instance use a RHEL cert for p-t-a and a fedora cert+kernel here.
++ mokutil --import ~/fedora-ca.cer
+ 14) put machine in setup mode
+ 15) boot to the UEFI shell
+ 16) run lockdown.efi from #4:
+--
+1.9.3
+
diff --git a/SOURCES/0067-Don-t-verify-images-with-the-empty-build-key.patch b/SOURCES/0067-Don-t-verify-images-with-the-empty-build-key.patch
new file mode 100644
index 0000000..9ac183b
--- /dev/null
+++ b/SOURCES/0067-Don-t-verify-images-with-the-empty-build-key.patch
@@ -0,0 +1,31 @@
+From db43ba5a5fcb88e3b0acac0da5737e499be236a2 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Tue, 30 Sep 2014 16:13:27 +0800
+Subject: [PATCH 67/74] Don't verify images with the empty build key
+
+We replaced the build key with an empty file while compiling shim
+for our distro. Skip the verification with the empty build key
+since this makes no sense.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ shim.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/shim.c b/shim.c
+index a282ee3..8076caa 100644
+--- a/shim.c
++++ b/shim.c
+@@ -949,7 +949,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
+ /*
+ * Check against the shim build key
+ */
+- if (AuthenticodeVerify(cert->CertData,
++ if (sizeof(shim_cert) &&
++ AuthenticodeVerify(cert->CertData,
+ context->SecDir->Size - sizeof(cert->Hdr),
+ shim_cert, sizeof(shim_cert), sha256hash,
+ SHA256_DIGEST_SIZE)) {
+--
+1.9.3
+
diff --git a/SOURCES/0068-Cryptlib-remove-the-unused-files.patch b/SOURCES/0068-Cryptlib-remove-the-unused-files.patch
new file mode 100644
index 0000000..6a1eea2
--- /dev/null
+++ b/SOURCES/0068-Cryptlib-remove-the-unused-files.patch
@@ -0,0 +1,1265 @@
+From 663a5ca59d8b0037b3d1b445ce93ae3181f03685 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Tue, 30 Sep 2014 15:27:19 +0800
+Subject: [PATCH 68/74] Cryptlib: remove the unused files
+
+I mistakenly added CryptPkcs7VerifyNull.c which may make Pkcs7Verify
+always return FALSE. Besides CryptPkcs7VerifyNull.c, there are some
+functions we would never use. This commit removes those files to
+avoid any potential trouble.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ Cryptlib/Makefile | 5 +-
+ Cryptlib/Pk/CryptDh.c | 328 --------------------------------
+ Cryptlib/Pk/CryptDhNull.c | 156 +++++++++++++++
+ Cryptlib/Pk/CryptPkcs7Sign.c | 207 --------------------
+ Cryptlib/Pk/CryptPkcs7VerifyNull.c | 100 ----------
+ Cryptlib/Pk/CryptRsaExt.c | 377 -------------------------------------
+ Cryptlib/update.sh | 5 +-
+ 7 files changed, 158 insertions(+), 1020 deletions(-)
+ delete mode 100644 Cryptlib/Pk/CryptDh.c
+ create mode 100644 Cryptlib/Pk/CryptDhNull.c
+ delete mode 100644 Cryptlib/Pk/CryptPkcs7Sign.c
+ delete mode 100644 Cryptlib/Pk/CryptPkcs7VerifyNull.c
+ delete mode 100644 Cryptlib/Pk/CryptRsaExt.c
+
+diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
+index 73a1e2b..9719a27 100644
+--- a/Cryptlib/Makefile
++++ b/Cryptlib/Makefile
+@@ -25,13 +25,10 @@ OBJS = Hash/CryptMd4.o \
+ Cipher/CryptArc4.o \
+ Rand/CryptRand.o \
+ Pk/CryptRsaBasic.o \
+- Pk/CryptRsaExt.o \
+ Pk/CryptRsaExtNull.o \
+- Pk/CryptPkcs7Sign.o \
+ Pk/CryptPkcs7SignNull.o \
+ Pk/CryptPkcs7Verify.o \
+- Pk/CryptPkcs7VerifyNull.o \
+- Pk/CryptDh.o \
++ Pk/CryptDhNull.o \
+ Pk/CryptX509.o \
+ Pk/CryptAuthenticode.o \
+ Pem/CryptPem.o \
+diff --git a/Cryptlib/Pk/CryptDh.c b/Cryptlib/Pk/CryptDh.c
+deleted file mode 100644
+index 942b3d1..0000000
+--- a/Cryptlib/Pk/CryptDh.c
++++ /dev/null
+@@ -1,328 +0,0 @@
+-/** @file
+- Diffie-Hellman Wrapper Implementation over OpenSSL.
+-
+-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+-This program and the accompanying materials
+-are licensed and made available under the terms and conditions of the BSD License
+-which accompanies this distribution. The full text of the license may be found at
+-http://opensource.org/licenses/bsd-license.php
+-
+-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+-
+-**/
+-
+-#include "InternalCryptLib.h"
+-#include <openssl/dh.h>
+-
+-
+-/**
+- Allocates and Initializes one Diffie-Hellman Context for subsequent use.
+-
+- @return Pointer to the Diffie-Hellman Context that has been initialized.
+- If the allocations fails, DhNew() returns NULL.
+-
+-**/
+-VOID *
+-EFIAPI
+-DhNew (
+- VOID
+- )
+-{
+- //
+- // Allocates & Initializes DH Context by OpenSSL DH_new()
+- //
+- return (VOID *) DH_new ();
+-}
+-
+-/**
+- Release the specified DH context.
+-
+- If DhContext is NULL, then return FALSE.
+-
+- @param[in] DhContext Pointer to the DH context to be released.
+-
+-**/
+-VOID
+-EFIAPI
+-DhFree (
+- IN VOID *DhContext
+- )
+-{
+- //
+- // Free OpenSSL DH Context
+- //
+- DH_free ((DH *) DhContext);
+-}
+-
+-/**
+- Generates DH parameter.
+-
+- Given generator g, and length of prime number p in bits, this function generates p,
+- and sets DH context according to value of g and p.
+-
+- Before this function can be invoked, pseudorandom number generator must be correctly
+- initialized by RandomSeed().
+-
+- If DhContext is NULL, then return FALSE.
+- If Prime is NULL, then return FALSE.
+-
+- @param[in, out] DhContext Pointer to the DH context.
+- @param[in] Generator Value of generator.
+- @param[in] PrimeLength Length in bits of prime to be generated.
+- @param[out] Prime Pointer to the buffer to receive the generated prime number.
+-
+- @retval TRUE DH pamameter generation succeeded.
+- @retval FALSE Value of Generator is not supported.
+- @retval FALSE PRNG fails to generate random prime number with PrimeLength.
+-
+-**/
+-BOOLEAN
+-EFIAPI
+-DhGenerateParameter (
+- IN OUT VOID *DhContext,
+- IN UINTN Generator,
+- IN UINTN PrimeLength,
+- OUT UINT8 *Prime
+- )
+-{
+- BOOLEAN RetVal;
+-
+- //
+- // Check input parameters.
+- //
+- if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
+- return FALSE;
+- }
+-
+- if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
+- return FALSE;
+- }
+-
+- RetVal = (BOOLEAN) DH_generate_parameters_ex (DhContext, (UINT32) PrimeLength, (UINT32) Generator, NULL);
+- if (!RetVal) {
+- return FALSE;
+- }
+-
+- BN_bn2bin (((DH *) DhContext)->p, Prime);
+-
+- return TRUE;
+-}
+-
+-/**
+- Sets generator and prime parameters for DH.
+-
+- Given generator g, and prime number p, this function and sets DH
+- context accordingly.
+-
+- If DhContext is NULL, then return FALSE.
+- If Prime is NULL, then return FALSE.
+-
+- @param[in, out] DhContext Pointer to the DH context.
+- @param[in] Generator Value of generator.
+- @param[in] PrimeLength Length in bits of prime to be generated.
+- @param[in] Prime Pointer to the prime number.
+-
+- @retval TRUE DH pamameter setting succeeded.
+- @retval FALSE Value of Generator is not supported.
+- @retval FALSE Value of Generator is not suitable for the Prime.
+- @retval FALSE Value of Prime is not a prime number.
+- @retval FALSE Value of Prime is not a safe prime number.
+-
+-**/
+-BOOLEAN
+-EFIAPI
+-DhSetParameter (
+- IN OUT VOID *DhContext,
+- IN UINTN Generator,
+- IN UINTN PrimeLength,
+- IN CONST UINT8 *Prime
+- )
+-{
+- DH *Dh;
+- BIGNUM *Bn;
+-
+- //
+- // Check input parameters.
+- //
+- if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
+- return FALSE;
+- }
+-
+- if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
+- return FALSE;
+- }
+-
+- Bn = NULL;
+-
+- Dh = (DH *) DhContext;
+- Dh->g = NULL;
+- Dh->p = BN_new ();
+- if (Dh->p == NULL) {
+- goto Error;
+- }
+-
+- Dh->g = BN_new ();
+- if (Dh->g == NULL) {
+- goto Error;
+- }
+-
+- Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);
+- if (Bn == NULL) {
+- goto Error;
+- }
+-
+- if (BN_set_word (Dh->g, (UINT32) Generator) == 0) {
+- goto Error;
+- }
+-
+- return TRUE;
+-
+-Error:
+-
+- if (Dh->p != NULL) {
+- BN_free (Dh->p);
+- }
+-
+- if (Dh->g != NULL) {
+- BN_free (Dh->g);
+- }
+-
+- if (Bn != NULL) {
+- BN_free (Bn);
+- }
+-
+- return FALSE;
+-}
+-
+-/**
+- Generates DH public key.
+-
+- This function generates random secret exponent, and computes the public key, which is
+- returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly.
+- If the PublicKey buffer is too small to hold the public key, FALSE is returned and
+- PublicKeySize is set to the required buffer size to obtain the public key.
+-
+- If DhContext is NULL, then return FALSE.
+- If PublicKeySize is NULL, then return FALSE.
+- If PublicKeySize is large enough but PublicKey is NULL, then return FALSE.
+-
+- @param[in, out] DhContext Pointer to the DH context.
+- @param[out] PublicKey Pointer to the buffer to receive generated public key.
+- @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.
+- On output, the size of data returned in PublicKey buffer in bytes.
+-
+- @retval TRUE DH public key generation succeeded.
+- @retval FALSE DH public key generation failed.
+- @retval FALSE PublicKeySize is not large enough.
+-
+-**/
+-BOOLEAN
+-EFIAPI
+-DhGenerateKey (
+- IN OUT VOID *DhContext,
+- OUT UINT8 *PublicKey,
+- IN OUT UINTN *PublicKeySize
+- )
+-{
+- BOOLEAN RetVal;
+- DH *Dh;
+- INTN Size;
+-
+- //
+- // Check input parameters.
+- //
+- if (DhContext == NULL || PublicKeySize == NULL) {
+- return FALSE;
+- }
+-
+- if (PublicKey == NULL && *PublicKeySize != 0) {
+- return FALSE;
+- }
+-
+- Dh = (DH *) DhContext;
+-
+- RetVal = (BOOLEAN) DH_generate_key (DhContext);
+- if (RetVal) {
+- Size = BN_num_bytes (Dh->pub_key);
+- if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) {
+- *PublicKeySize = Size;
+- return FALSE;
+- }
+-
+- BN_bn2bin (Dh->pub_key, PublicKey);
+- *PublicKeySize = Size;
+- }
+-
+- return RetVal;
+-}
+-
+-/**
+- Computes exchanged common key.
+-
+- Given peer's public key, this function computes the exchanged common key, based on its own
+- context including value of prime modulus and random secret exponent.
+-
+- If DhContext is NULL, then return FALSE.
+- If PeerPublicKey is NULL, then return FALSE.
+- If KeySize is NULL, then return FALSE.
+- If Key is NULL, then return FALSE.
+- If KeySize is not large enough, then return FALSE.
+-
+- @param[in, out] DhContext Pointer to the DH context.
+- @param[in] PeerPublicKey Pointer to the peer's public key.
+- @param[in] PeerPublicKeySize Size of peer's public key in bytes.
+- @param[out] Key Pointer to the buffer to receive generated key.
+- @param[in, out] KeySize On input, the size of Key buffer in bytes.
+- On output, the size of data returned in Key buffer in bytes.
+-
+- @retval TRUE DH exchanged key generation succeeded.
+- @retval FALSE DH exchanged key generation failed.
+- @retval FALSE KeySize is not large enough.
+-
+-**/
+-BOOLEAN
+-EFIAPI
+-DhComputeKey (
+- IN OUT VOID *DhContext,
+- IN CONST UINT8 *PeerPublicKey,
+- IN UINTN PeerPublicKeySize,
+- OUT UINT8 *Key,
+- IN OUT UINTN *KeySize
+- )
+-{
+- BIGNUM *Bn;
+- INTN Size;
+-
+- //
+- // Check input parameters.
+- //
+- if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) {
+- return FALSE;
+- }
+-
+- if (PeerPublicKeySize > INT_MAX) {
+- return FALSE;
+- }
+-
+- Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);
+- if (Bn == NULL) {
+- return FALSE;
+- }
+-
+- Size = DH_compute_key (Key, Bn, DhContext);
+- if (Size < 0) {
+- BN_free (Bn);
+- return FALSE;
+- }
+-
+- if (*KeySize < (UINTN) Size) {
+- *KeySize = Size;
+- BN_free (Bn);
+- return FALSE;
+- }
+-
+- *KeySize = Size;
+- BN_free (Bn);
+- return TRUE;
+-}
+diff --git a/Cryptlib/Pk/CryptDhNull.c b/Cryptlib/Pk/CryptDhNull.c
+new file mode 100644
+index 0000000..35045db
+--- /dev/null
++++ b/Cryptlib/Pk/CryptDhNull.c
+@@ -0,0 +1,156 @@
++/** @file
++ Diffie-Hellman Wrapper Implementation which does not provide
++ real capabilities.
++
++Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
++This program and the accompanying materials
++are licensed and made available under the terms and conditions of the BSD License
++which accompanies this distribution. The full text of the license may be found at
++http://opensource.org/licenses/bsd-license.php
++
++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++
++**/
++
++#include "InternalCryptLib.h"
++
++/**
++ Allocates and Initializes one Diffie-Hellman Context for subsequent use.
++
++ @return Pointer to the Diffie-Hellman Context that has been initialized.
++ If the interface is not supported, DhNew() returns NULL.
++
++**/
++VOID *
++EFIAPI
++DhNew (
++ VOID
++ )
++{
++ ASSERT (FALSE);
++ return NULL;
++}
++
++/**
++ Release the specified DH context.
++
++ If the interface is not supported, then ASSERT().
++
++ @param[in] DhContext Pointer to the DH context to be released.
++
++**/
++VOID
++EFIAPI
++DhFree (
++ IN VOID *DhContext
++ )
++{
++ ASSERT (FALSE);
++}
++
++/**
++ Generates DH parameter.
++
++ Return FALSE to indicate this interface is not supported.
++
++ @param[in, out] DhContext Pointer to the DH context.
++ @param[in] Generator Value of generator.
++ @param[in] PrimeLength Length in bits of prime to be generated.
++ @param[out] Prime Pointer to the buffer to receive the generated prime number.
++
++ @retval FALSE This interface is not supported.
++
++**/
++BOOLEAN
++EFIAPI
++DhGenerateParameter (
++ IN OUT VOID *DhContext,
++ IN UINTN Generator,
++ IN UINTN PrimeLength,
++ OUT UINT8 *Prime
++ )
++{
++ ASSERT (FALSE);
++ return FALSE;
++}
++
++/**
++ Sets generator and prime parameters for DH.
++
++ Return FALSE to indicate this interface is not supported.
++
++ @param[in, out] DhContext Pointer to the DH context.
++ @param[in] Generator Value of generator.
++ @param[in] PrimeLength Length in bits of prime to be generated.
++ @param[in] Prime Pointer to the prime number.
++
++ @retval FALSE This interface is not supported.
++
++**/
++BOOLEAN
++EFIAPI
++DhSetParameter (
++ IN OUT VOID *DhContext,
++ IN UINTN Generator,
++ IN UINTN PrimeLength,
++ IN CONST UINT8 *Prime
++ )
++{
++ ASSERT (FALSE);
++ return FALSE;
++}
++
++/**
++ Generates DH public key.
++
++ Return FALSE to indicate this interface is not supported.
++
++ @param[in, out] DhContext Pointer to the DH context.
++ @param[out] PublicKey Pointer to the buffer to receive generated public key.
++ @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.
++ On output, the size of data returned in PublicKey buffer in bytes.
++
++ @retval FALSE This interface is not supported.
++
++**/
++BOOLEAN
++EFIAPI
++DhGenerateKey (
++ IN OUT VOID *DhContext,
++ OUT UINT8 *PublicKey,
++ IN OUT UINTN *PublicKeySize
++ )
++{
++ ASSERT (FALSE);
++ return FALSE;
++}
++
++/**
++ Computes exchanged common key.
++
++ Return FALSE to indicate this interface is not supported.
++
++ @param[in, out] DhContext Pointer to the DH context.
++ @param[in] PeerPublicKey Pointer to the peer's public key.
++ @param[in] PeerPublicKeySize Size of peer's public key in bytes.
++ @param[out] Key Pointer to the buffer to receive generated key.
++ @param[in, out] KeySize On input, the size of Key buffer in bytes.
++ On output, the size of data returned in Key buffer in bytes.
++
++ @retval FALSE This interface is not supported.
++
++**/
++BOOLEAN
++EFIAPI
++DhComputeKey (
++ IN OUT VOID *DhContext,
++ IN CONST UINT8 *PeerPublicKey,
++ IN UINTN PeerPublicKeySize,
++ OUT UINT8 *Key,
++ IN OUT UINTN *KeySize
++ )
++{
++ ASSERT (FALSE);
++ return FALSE;
++}
+diff --git a/Cryptlib/Pk/CryptPkcs7Sign.c b/Cryptlib/Pk/CryptPkcs7Sign.c
+deleted file mode 100644
+index 63fe78f..0000000
+--- a/Cryptlib/Pk/CryptPkcs7Sign.c
++++ /dev/null
+@@ -1,207 +0,0 @@
+-/** @file
+- PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
+-
+-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+-This program and the accompanying materials
+-are licensed and made available under the terms and conditions of the BSD License
+-which accompanies this distribution. The full text of the license may be found at
+-http://opensource.org/licenses/bsd-license.php
+-
+-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+-
+-**/
+-
+-#include "InternalCryptLib.h"
+-
+-#include <openssl/objects.h>
+-#include <openssl/x509.h>
+-#include <openssl/pkcs7.h>
+-
+-
+-/**
+- Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
+- Syntax Standard, version 1.5". This interface is only intended to be used for
+- application to perform PKCS#7 functionality validation.
+-
+- @param[in] PrivateKey Pointer to the PEM-formatted private key data for
+- data signing.
+- @param[in] PrivateKeySize Size of the PEM private key data in bytes.
+- @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
+- key data.
+- @param[in] InData Pointer to the content to be signed.
+- @param[in] InDataSize Size of InData in bytes.
+- @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
+- @param[in] OtherCerts Pointer to an optional additional set of certificates to
+- include in the PKCS#7 signedData (e.g. any intermediate
+- CAs in the chain).
+- @param[out] SignedData Pointer to output PKCS#7 signedData.
+- @param[out] SignedDataSize Size of SignedData in bytes.
+-
+- @retval TRUE PKCS#7 data signing succeeded.
+- @retval FALSE PKCS#7 data signing failed.
+-
+-**/
+-BOOLEAN
+-EFIAPI
+-Pkcs7Sign (
+- IN CONST UINT8 *PrivateKey,
+- IN UINTN PrivateKeySize,
+- IN CONST UINT8 *KeyPassword,
+- IN UINT8 *InData,
+- IN UINTN InDataSize,
+- IN UINT8 *SignCert,
+- IN UINT8 *OtherCerts OPTIONAL,
+- OUT UINT8 **SignedData,
+- OUT UINTN *SignedDataSize
+- )
+-{
+- BOOLEAN Status;
+- EVP_PKEY *Key;
+- BIO *DataBio;
+- PKCS7 *Pkcs7;
+- UINT8 *RsaContext;
+- UINT8 *P7Data;
+- UINTN P7DataSize;
+- UINT8 *Tmp;
+-
+- //
+- // Check input parameters.
+- //
+- if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||
+- SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {
+- return FALSE;
+- }
+-
+- RsaContext = NULL;
+- Key = NULL;
+- Pkcs7 = NULL;
+- DataBio = NULL;
+- Status = FALSE;
+-
+- //
+- // Retrieve RSA private key from PEM data.
+- //
+- Status = RsaGetPrivateKeyFromPem (
+- PrivateKey,
+- PrivateKeySize,
+- (CONST CHAR8 *) KeyPassword,
+- (VOID **) &RsaContext
+- );
+- if (!Status) {
+- return Status;
+- }
+-
+- Status = FALSE;
+-
+- //
+- // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling
+- //
+- if (EVP_add_digest (EVP_md5 ()) == 0) {
+- goto _Exit;
+- }
+- if (EVP_add_digest (EVP_sha1 ()) == 0) {
+- goto _Exit;
+- }
+- if (EVP_add_digest (EVP_sha256 ()) == 0) {
+- goto _Exit;
+- }
+-
+- RandomSeed (NULL, 0);
+-
+- //
+- // Construct OpenSSL EVP_PKEY for private key.
+- //
+- Key = EVP_PKEY_new ();
+- if (Key == NULL) {
+- goto _Exit;
+- }
+- Key->save_type = EVP_PKEY_RSA;
+- Key->type = EVP_PKEY_type (EVP_PKEY_RSA);
+- Key->pkey.rsa = (RSA *) RsaContext;
+-
+- //
+- // Convert the data to be signed to BIO format.
+- //
+- DataBio = BIO_new (BIO_s_mem ());
+- if (DataBio == NULL) {
+- goto _Exit;
+- }
+-
+- if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) {
+- goto _Exit;
+- }
+-
+- //
+- // Create the PKCS#7 signedData structure.
+- //
+- Pkcs7 = PKCS7_sign (
+- (X509 *) SignCert,
+- Key,
+- (STACK_OF(X509) *) OtherCerts,
+- DataBio,
+- PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED
+- );
+- if (Pkcs7 == NULL) {
+- goto _Exit;
+- }
+-
+- //
+- // Convert PKCS#7 signedData structure into DER-encoded buffer.
+- //
+- P7DataSize = i2d_PKCS7 (Pkcs7, NULL);
+- if (P7DataSize <= 19) {
+- goto _Exit;
+- }
+-
+- P7Data = malloc (P7DataSize);
+- if (P7Data == NULL) {
+- goto _Exit;
+- }
+-
+- Tmp = P7Data;
+- P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);
+- ASSERT (P7DataSize > 19);
+-
+- //
+- // Strip ContentInfo to content only for signeddata. The data be trimmed off
+- // is totally 19 bytes.
+- //
+- *SignedDataSize = P7DataSize - 19;
+- *SignedData = malloc (*SignedDataSize);
+- if (*SignedData == NULL) {
+- OPENSSL_free (P7Data);
+- goto _Exit;
+- }
+-
+- CopyMem (*SignedData, P7Data + 19, *SignedDataSize);
+-
+- OPENSSL_free (P7Data);
+-
+- Status = TRUE;
+-
+-_Exit:
+- //
+- // Release Resources
+- //
+- if (RsaContext != NULL) {
+- RsaFree (RsaContext);
+- if (Key != NULL) {
+- Key->pkey.rsa = NULL;
+- }
+- }
+-
+- if (Key != NULL) {
+- EVP_PKEY_free (Key);
+- }
+-
+- if (DataBio != NULL) {
+- BIO_free (DataBio);
+- }
+-
+- if (Pkcs7 != NULL) {
+- PKCS7_free (Pkcs7);
+- }
+-
+- return Status;
+-}
+diff --git a/Cryptlib/Pk/CryptPkcs7VerifyNull.c b/Cryptlib/Pk/CryptPkcs7VerifyNull.c
+deleted file mode 100644
+index 9a4c77a..0000000
+--- a/Cryptlib/Pk/CryptPkcs7VerifyNull.c
++++ /dev/null
+@@ -1,100 +0,0 @@
+-/** @file
+- PKCS#7 SignedData Verification Wrapper Implementation which does not provide
+- real capabilities.
+-
+-Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+-This program and the accompanying materials
+-are licensed and made available under the terms and conditions of the BSD License
+-which accompanies this distribution. The full text of the license may be found at
+-http://opensource.org/licenses/bsd-license.php
+-
+-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+-
+-**/
+-
+-#include "InternalCryptLib.h"
+-
+-/**
+- Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
+- Cryptographic Message Syntax Standard". The input signed data could be wrapped
+- in a ContentInfo structure.
+-
+- Return FALSE to indicate this interface is not supported.
+-
+- @param[in] P7Data Pointer to the PKCS#7 message to verify.
+- @param[in] P7Length Length of the PKCS#7 message in bytes.
+- @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
+- It's caller's responsiblity to free the buffer.
+- @param[out] StackLength Length of signer's certificates in bytes.
+- @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
+- It's caller's responsiblity to free the buffer.
+- @param[out] CertLength Length of the trusted certificate in bytes.
+-
+- @retval FALSE This interface is not supported.
+-
+-**/
+-BOOLEAN
+-EFIAPI
+-Pkcs7GetSigners (
+- IN CONST UINT8 *P7Data,
+- IN UINTN P7Length,
+- OUT UINT8 **CertStack,
+- OUT UINTN *StackLength,
+- OUT UINT8 **TrustedCert,
+- OUT UINTN *CertLength
+- )
+-{
+- ASSERT (FALSE);
+- return FALSE;
+-}
+-
+-/**
+- Wrap function to use free() to free allocated memory for certificates.
+-
+- If the interface is not supported, then ASSERT().
+-
+- @param[in] Certs Pointer to the certificates to be freed.
+-
+-**/
+-VOID
+-EFIAPI
+-Pkcs7FreeSigners (
+- IN UINT8 *Certs
+- )
+-{
+- ASSERT (FALSE);
+-}
+-
+-/**
+- Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
+- Cryptographic Message Syntax Standard". The input signed data could be wrapped
+- in a ContentInfo structure.
+-
+- Return FALSE to indicate this interface is not supported.
+-
+- @param[in] P7Data Pointer to the PKCS#7 message to verify.
+- @param[in] P7Length Length of the PKCS#7 message in bytes.
+- @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
+- is used for certificate chain verification.
+- @param[in] CertLength Length of the trusted certificate in bytes.
+- @param[in] InData Pointer to the content to be verified.
+- @param[in] DataLength Length of InData in bytes.
+-
+- @retval FALSE This interface is not supported.
+-
+-**/
+-BOOLEAN
+-EFIAPI
+-Pkcs7Verify (
+- IN CONST UINT8 *P7Data,
+- IN UINTN P7Length,
+- IN CONST UINT8 *TrustedCert,
+- IN UINTN CertLength,
+- IN CONST UINT8 *InData,
+- IN UINTN DataLength
+- )
+-{
+- ASSERT (FALSE);
+- return FALSE;
+-}
+diff --git a/Cryptlib/Pk/CryptRsaExt.c b/Cryptlib/Pk/CryptRsaExt.c
+deleted file mode 100644
+index 5c21d12..0000000
+--- a/Cryptlib/Pk/CryptRsaExt.c
++++ /dev/null
+@@ -1,377 +0,0 @@
+-/** @file
+- RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
+-
+- This file implements following APIs which provide more capabilities for RSA:
+- 1) RsaGetKey
+- 2) RsaGenerateKey
+- 3) RsaCheckKey
+- 4) RsaPkcs1Sign
+-
+-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+-This program and the accompanying materials
+-are licensed and made available under the terms and conditions of the BSD License
+-which accompanies this distribution. The full text of the license may be found at
+-http://opensource.org/licenses/bsd-license.php
+-
+-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+-
+-**/
+-
+-#include "InternalCryptLib.h"
+-
+-#include <openssl/rsa.h>
+-#include <openssl/err.h>
+-#include <openssl/objects.h>
+-
+-/**
+- Gets the tag-designated RSA key component from the established RSA context.
+-
+- This function retrieves the tag-designated RSA key component from the
+- established RSA context as a non-negative integer (octet string format
+- represented in RSA PKCS#1).
+- If specified key component has not been set or has been cleared, then returned
+- BnSize is set to 0.
+- If the BigNumber buffer is too small to hold the contents of the key, FALSE
+- is returned and BnSize is set to the required buffer size to obtain the key.
+-
+- If RsaContext is NULL, then return FALSE.
+- If BnSize is NULL, then return FALSE.
+- If BnSize is large enough but BigNumber is NULL, then return FALSE.
+-
+- @param[in, out] RsaContext Pointer to RSA context being set.
+- @param[in] KeyTag Tag of RSA key component being set.
+- @param[out] BigNumber Pointer to octet integer buffer.
+- @param[in, out] BnSize On input, the size of big number buffer in bytes.
+- On output, the size of data returned in big number buffer in bytes.
+-
+- @retval TRUE RSA key component was retrieved successfully.
+- @retval FALSE Invalid RSA key component tag.
+- @retval FALSE BnSize is too small.
+-
+-**/
+-BOOLEAN
+-EFIAPI
+-RsaGetKey (
+- IN OUT VOID *RsaContext,
+- IN RSA_KEY_TAG KeyTag,
+- OUT UINT8 *BigNumber,
+- IN OUT UINTN *BnSize
+- )
+-{
+- RSA *RsaKey;
+- BIGNUM *BnKey;
+- UINTN Size;
+-
+- //
+- // Check input parameters.
+- //
+- if (RsaContext == NULL || BnSize == NULL) {
+- return FALSE;
+- }
+-
+- RsaKey = (RSA *) RsaContext;
+- Size = *BnSize;
+- *BnSize = 0;
+-
+- switch (KeyTag) {
+-
+- //
+- // RSA Public Modulus (N)
+- //
+- case RsaKeyN:
+- if (RsaKey->n == NULL) {
+- return TRUE;
+- }
+- BnKey = RsaKey->n;
+- break;
+-
+- //
+- // RSA Public Exponent (e)
+- //
+- case RsaKeyE:
+- if (RsaKey->e == NULL) {
+- return TRUE;
+- }
+- BnKey = RsaKey->e;
+- break;
+-
+- //
+- // RSA Private Exponent (d)
+- //
+- case RsaKeyD:
+- if (RsaKey->d == NULL) {
+- return TRUE;
+- }
+- BnKey = RsaKey->d;
+- break;
+-
+- //
+- // RSA Secret Prime Factor of Modulus (p)
+- //
+- case RsaKeyP:
+- if (RsaKey->p == NULL) {
+- return TRUE;
+- }
+- BnKey = RsaKey->p;
+- break;
+-
+- //
+- // RSA Secret Prime Factor of Modules (q)
+- //
+- case RsaKeyQ:
+- if (RsaKey->q == NULL) {
+- return TRUE;
+- }
+- BnKey = RsaKey->q;
+- break;
+-
+- //
+- // p's CRT Exponent (== d mod (p - 1))
+- //
+- case RsaKeyDp:
+- if (RsaKey->dmp1 == NULL) {
+- return TRUE;
+- }
+- BnKey = RsaKey->dmp1;
+- break;
+-
+- //
+- // q's CRT Exponent (== d mod (q - 1))
+- //
+- case RsaKeyDq:
+- if (RsaKey->dmq1 == NULL) {
+- return TRUE;
+- }
+- BnKey = RsaKey->dmq1;
+- break;
+-
+- //
+- // The CRT Coefficient (== 1/q mod p)
+- //
+- case RsaKeyQInv:
+- if (RsaKey->iqmp == NULL) {
+- return TRUE;
+- }
+- BnKey = RsaKey->iqmp;
+- break;
+-
+- default:
+- return FALSE;
+- }
+-
+- *BnSize = Size;
+- Size = BN_num_bytes (BnKey);
+-
+- if (*BnSize < Size) {
+- *BnSize = Size;
+- return FALSE;
+- }
+-
+- if (BigNumber == NULL) {
+- return FALSE;
+- }
+- *BnSize = BN_bn2bin (BnKey, BigNumber) ;
+-
+- return TRUE;
+-}
+-
+-/**
+- Generates RSA key components.
+-
+- This function generates RSA key components. It takes RSA public exponent E and
+- length in bits of RSA modulus N as input, and generates all key components.
+- If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.
+-
+- Before this function can be invoked, pseudorandom number generator must be correctly
+- initialized by RandomSeed().
+-
+- If RsaContext is NULL, then return FALSE.
+-
+- @param[in, out] RsaContext Pointer to RSA context being set.
+- @param[in] ModulusLength Length of RSA modulus N in bits.
+- @param[in] PublicExponent Pointer to RSA public exponent.
+- @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
+-
+- @retval TRUE RSA key component was generated successfully.
+- @retval FALSE Invalid RSA key component tag.
+-
+-**/
+-BOOLEAN
+-EFIAPI
+-RsaGenerateKey (
+- IN OUT VOID *RsaContext,
+- IN UINTN ModulusLength,
+- IN CONST UINT8 *PublicExponent,
+- IN UINTN PublicExponentSize
+- )
+-{
+- BIGNUM *KeyE;
+- BOOLEAN RetVal;
+-
+- //
+- // Check input parameters.
+- //
+- if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) {
+- return FALSE;
+- }
+-
+- KeyE = BN_new ();
+- if (KeyE == NULL) {
+- return FALSE;
+- }
+-
+- RetVal = FALSE;
+-
+- if (PublicExponent == NULL) {
+- if (BN_set_word (KeyE, 0x10001) == 0) {
+- goto _Exit;
+- }
+- } else {
+- if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) {
+- goto _Exit;
+- }
+- }
+-
+- if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {
+- RetVal = TRUE;
+- }
+-
+-_Exit:
+- BN_free (KeyE);
+- return RetVal;
+-}
+-
+-/**
+- Validates key components of RSA context.
+-
+- This function validates key compoents of RSA context in following aspects:
+- - Whether p is a prime
+- - Whether q is a prime
+- - Whether n = p * q
+- - Whether d*e = 1 mod lcm(p-1,q-1)
+-
+- If RsaContext is NULL, then return FALSE.
+-
+- @param[in] RsaContext Pointer to RSA context to check.
+-
+- @retval TRUE RSA key components are valid.
+- @retval FALSE RSA key components are not valid.
+-
+-**/
+-BOOLEAN
+-EFIAPI
+-RsaCheckKey (
+- IN VOID *RsaContext
+- )
+-{
+- UINTN Reason;
+-
+- //
+- // Check input parameters.
+- //
+- if (RsaContext == NULL) {
+- return FALSE;
+- }
+-
+- if (RSA_check_key ((RSA *) RsaContext) != 1) {
+- Reason = ERR_GET_REASON (ERR_peek_last_error ());
+- if (Reason == RSA_R_P_NOT_PRIME ||
+- Reason == RSA_R_Q_NOT_PRIME ||
+- Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q ||
+- Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) {
+- return FALSE;
+- }
+- }
+-
+- return TRUE;
+-}
+-
+-/**
+- Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
+-
+- This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in
+- RSA PKCS#1.
+- If the Signature buffer is too small to hold the contents of signature, FALSE
+- is returned and SigSize is set to the required buffer size to obtain the signature.
+-
+- If RsaContext is NULL, then return FALSE.
+- If MessageHash is NULL, then return FALSE.
+- If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
+- If SigSize is large enough but Signature is NULL, then return FALSE.
+-
+- @param[in] RsaContext Pointer to RSA context for signature generation.
+- @param[in] MessageHash Pointer to octet message hash to be signed.
+- @param[in] HashSize Size of the message hash in bytes.
+- @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
+- @param[in, out] SigSize On input, the size of Signature buffer in bytes.
+- On output, the size of data returned in Signature buffer in bytes.
+-
+- @retval TRUE Signature successfully generated in PKCS1-v1_5.
+- @retval FALSE Signature generation failed.
+- @retval FALSE SigSize is too small.
+-
+-**/
+-BOOLEAN
+-EFIAPI
+-RsaPkcs1Sign (
+- IN VOID *RsaContext,
+- IN CONST UINT8 *MessageHash,
+- IN UINTN HashSize,
+- OUT UINT8 *Signature,
+- IN OUT UINTN *SigSize
+- )
+-{
+- RSA *Rsa;
+- UINTN Size;
+- INT32 DigestType;
+-
+- //
+- // Check input parameters.
+- //
+- if (RsaContext == NULL || MessageHash == NULL) {
+- return FALSE;
+- }
+-
+- Rsa = (RSA *) RsaContext;
+- Size = BN_num_bytes (Rsa->n);
+-
+- if (*SigSize < Size) {
+- *SigSize = Size;
+- return FALSE;
+- }
+-
+- if (Signature == NULL) {
+- return FALSE;
+- }
+-
+- //
+- // Determine the message digest algorithm according to digest size.
+- // Only MD5, SHA-1 or SHA-256 algorithm is supported.
+- //
+- switch (HashSize) {
+- case MD5_DIGEST_SIZE:
+- DigestType = NID_md5;
+- break;
+-
+- case SHA1_DIGEST_SIZE:
+- DigestType = NID_sha1;
+- break;
+-
+- case SHA256_DIGEST_SIZE:
+- DigestType = NID_sha256;
+- break;
+-
+- default:
+- return FALSE;
+- }
+-
+- return (BOOLEAN) RSA_sign (
+- DigestType,
+- MessageHash,
+- (UINT32) HashSize,
+- Signature,
+- (UINT32 *) SigSize,
+- (RSA *) RsaContext
+- );
+-}
+diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh
+index 57b6631..0e34db9 100755
+--- a/Cryptlib/update.sh
++++ b/Cryptlib/update.sh
+@@ -14,13 +14,10 @@ cp $DIR/Cipher/CryptTdes.c Cipher/CryptTdes.c
+ cp $DIR/Cipher/CryptArc4.c Cipher/CryptArc4.c
+ cp $DIR/Rand/CryptRand.c Rand/CryptRand.c
+ cp $DIR/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c
+-cp $DIR/Pk/CryptRsaExt.c Pk/CryptRsaExt.c
+ cp $DIR/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c
+-cp $DIR/Pk/CryptPkcs7Sign.c Pk/CryptPkcs7Sign.c
+ cp $DIR/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c
+ cp $DIR/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c
+-cp $DIR/Pk/CryptPkcs7VerifyNull.c Pk/CryptPkcs7VerifyNull.c
+-cp $DIR/Pk/CryptDh.c Pk/CryptDh.c
++cp $DIR/Pk/CryptDhNull.c Pk/CryptDhNull.c
+ cp $DIR/Pk/CryptX509.c Pk/CryptX509.c
+ cp $DIR/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c
+ cp $DIR/Pem/CryptPem.c Pem/CryptPem.c
+--
+1.9.3
+
diff --git a/SOURCES/0069-Another-testplan-error.patch b/SOURCES/0069-Another-testplan-error.patch
new file mode 100644
index 0000000..e3475b6
--- /dev/null
+++ b/SOURCES/0069-Another-testplan-error.patch
@@ -0,0 +1,71 @@
+From a2e66ece4d6b46ba2195cef76913c42177e6b4a2 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 2 Oct 2014 01:01:17 -0400
+Subject: [PATCH 69/74] Another testplan error.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ testplan.txt | 24 +++++++++++-------------
+ 1 file changed, 11 insertions(+), 13 deletions(-)
+
+diff --git a/testplan.txt b/testplan.txt
+index ab88781..0b0569e 100644
+--- a/testplan.txt
++++ b/testplan.txt
+@@ -47,27 +47,25 @@ How to test a new shim build for RHEL/fedora:
+ fs0:\EFI\test\lockdown.efi
+ 17) enable secure boot verification
+ 18) verify it can't run other binaries:
+- fs0:\EFI\redhat\grubx64.efi
++ fs0:\EFI\test\grubx64.efi
+ result should be an error, probably similar to:
+ "fs0:\...\grubx64.efi is not recognized as an internal or external command"
+-19) copy test.efi to grubx64.efi:
+- cp \EFI\test\test.efi \EFI\test\grubx64.efi
+-20) in the EFI shell, run fs0:\EFI\test\shim.efi
+-21) you should see MokManager. Enroll the certificate you added in #13, and
++19) in the EFI shell, run fs0:\EFI\test\shim.efi
++20) you should see MokManager. Enroll the certificate you added in #13, and
+ the system will reboot.
+-22) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi
++21) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi
+ result: "This is a test application that should be completely safe."
+ If you get the expected result, shim can run things signed by its internal
+ key ring. Check a box someplace that says it can do that.
+-23) from the EFI shell, copy grub to grubx64.efi:
++22) from the EFI shell, copy grub to grubx64.efi:
+ cp \EFI\test\grub.efi \EFI\test\grubx64.efi
+-24) in the EFI shell, run fs0:\EFI\test\shim.efi
++23) in the EFI shell, run fs0:\EFI\test\shim.efi
+ result: this should start grub, which will let you boot a kernel
+ If grub starts, it means shim can run things signed by a key in the system's
+ db. Check a box someplace that says it can do that.
+ If the kernel boots, it means shim can run things from Mok. Check a box
+ someplace that says it can do that.
+-25) remove all boot entries and the BootOrder variable:
++24) remove all boot entries and the BootOrder variable:
+ [root@uefi ~]# cd /sys/firmware/efi/efivars/
+ [root@uefi efivars]# rm -vf Boot[0123456789]* BootOrder-*
+ removed ‘Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c’
+@@ -76,14 +74,14 @@ How to test a new shim build for RHEL/fedora:
+ removed ‘Boot2001-8be4df61-93ca-11d2-aa0d-00e098032b8c’
+ removed ‘BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c’
+ [root@uefi efivars]#
+-27) reboot
+-28) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just
++25) reboot
++26) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just
+ have an old machine. In that case, go to the EFI shell and run:
+ fs0:\EFI\BOOT\BOOTX64.EFI
+ If this works, you should see a bit of output very quickly and then the same
+ thing as #24. This means shim recognized it was in \EFI\BOOT and ran
+ fallback.efi, which worked.
+-29) copy the unsigned grub into place and reboot:
++27) copy the unsigned grub into place and reboot:
+ cp /boot/efi/EFI/test/grubx64-unsigned.efi /boot/efi/EFI/test/grubx64.efi
+-30) reboot again.
++28) reboot again.
+ result: shim should refuse to load grub.
+--
+1.9.3
+
diff --git a/SOURCES/0070-shim-buffer-overflow-on-ipv6-option-parsing.patch b/SOURCES/0070-shim-buffer-overflow-on-ipv6-option-parsing.patch
new file mode 100644
index 0000000..a61889e
--- /dev/null
+++ b/SOURCES/0070-shim-buffer-overflow-on-ipv6-option-parsing.patch
@@ -0,0 +1,173 @@
+From e253c2a2c07bc526de1528ed9839b2b584025fa2 Mon Sep 17 00:00:00 2001
+From: Sebastian Krahmer <krahmer@suse.com>
+Date: Tue, 29 Jul 2014 09:55:00 +0000
+Subject: [PATCH 70/74] shim buffer overflow on ipv6 option parsing
+
+---
+ netboot.c | 102 ++++++++++++++++++++++++++++++++++++++------------------------
+ 1 file changed, 62 insertions(+), 40 deletions(-)
+
+diff --git a/netboot.c b/netboot.c
+index 238937d..f884cba 100644
+--- a/netboot.c
++++ b/netboot.c
+@@ -108,29 +108,34 @@ BOOLEAN findNetboot(EFI_HANDLE device)
+
+ static CHAR8 *get_v6_bootfile_url(EFI_PXE_BASE_CODE_DHCPV6_PACKET *pkt)
+ {
+- void *optr;
+- EFI_DHCP6_PACKET_OPTION *option;
+- CHAR8 *url;
+- UINT32 urllen;
++ void *optr = NULL, *end = NULL;
++ EFI_DHCP6_PACKET_OPTION *option = NULL;
++ CHAR8 *url = NULL;
++ UINT32 urllen = 0;
+
+ optr = pkt->DhcpOptions;
++ end = optr + sizeof(pkt->DhcpOptions);
+
+- for(;;) {
++ for (;;) {
+ option = (EFI_DHCP6_PACKET_OPTION *)optr;
+
+ if (ntohs(option->OpCode) == 0)
+- return NULL;
++ break;
+
+ if (ntohs(option->OpCode) == 59) {
+ /* This is the bootfile url option */
+ urllen = ntohs(option->Length);
+- url = AllocateZeroPool(urllen+1);
++ if ((void *)(option->Data + urllen) > end)
++ break;
++ url = AllocateZeroPool(urllen + 1);
+ if (!url)
+- return NULL;
++ break;
+ memcpy(url, option->Data, urllen);
+ return url;
+ }
+ optr += 4 + ntohs(option->Length);
++ if (optr + sizeof(EFI_DHCP6_PACKET_OPTION) > end)
++ break;
+ }
+
+ return NULL;
+@@ -156,45 +161,60 @@ static CHAR16 str2ns(CHAR8 *str)
+
+ static CHAR8 *str2ip6(CHAR8 *str)
+ {
+- UINT8 i, j, p;
+- size_t len;
+- CHAR8 *a, *b, t;
+- static UINT16 ip[8];
++ UINT8 i = 0, j = 0, p = 0;
++ size_t len = 0, dotcount = 0;
++ enum { MAX_IP6_DOTS = 7 };
++ CHAR8 *a = NULL, *b = NULL, t = 0;
++ static UINT16 ip[8];
+
+- for(i=0; i < 8; i++) {
+- ip[i] = 0;
+- }
+- len = strlen(str);
+- a = b = str;
+- for(i=p=0; i < len; i++, b++) {
+- if (*b != ':')
+- continue;
+- *b = '\0';
+- ip[p++] = str2ns(a);
+- *b = ':';
+- a = b + 1;
+- if ( *(b+1) == ':' )
+- break;
+- }
+- a = b = (str + len);
+- for(j=len, p=7; j > i; j--, a--) {
+- if (*a != ':')
+- continue;
+- t = *b;
+- *b = '\0';
+- ip[p--] = str2ns(a+1);
+- *b = t;
+- b = a;
+- }
+- return (CHAR8 *)ip;
++ memset(ip, 0, sizeof(ip));
++
++ /* Count amount of ':' to prevent overflows.
++ * max. count = 7. Returns an invalid ip6 that
++ * can be checked against
++ */
++ for (a = str; *a != 0; ++a) {
++ if (*a == ':')
++ ++dotcount;
++ }
++ if (dotcount > MAX_IP6_DOTS)
++ return (CHAR8 *)ip;
++
++ len = strlen(str);
++ a = b = str;
++ for (i = p = 0; i < len; i++, b++) {
++ if (*b != ':')
++ continue;
++ *b = '\0';
++ ip[p++] = str2ns(a);
++ *b = ':';
++ a = b + 1;
++ if (b[1] == ':' )
++ break;
++ }
++ a = b = (str + len);
++ for (j = len, p = 7; j > i; j--, a--) {
++ if (*a != ':')
++ continue;
++ t = *b;
++ *b = '\0';
++ ip[p--] = str2ns(a+1);
++ *b = t;
++ b = a;
++ }
++ return (CHAR8 *)ip;
+ }
+
+ static BOOLEAN extract_tftp_info(CHAR8 *url)
+ {
+ CHAR8 *start, *end;
+ CHAR8 ip6str[40];
++ CHAR8 ip6inv[16];
+ CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
+
++ // to check against str2ip6() errors
++ memset(ip6inv, 0, sizeof(ip6inv));
++
+ if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) {
+ Print(L"URLS MUST START WITH tftp://\n");
+ return FALSE;
+@@ -209,7 +229,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url)
+ end = start;
+ while ((*end != '\0') && (*end != ']')) {
+ end++;
+- if (end - start > 39) {
++ if (end - start >= (int)sizeof(ip6str)) {
+ Print(L"TFTP URL includes malformed IPv6 address\n");
+ return FALSE;
+ }
+@@ -218,10 +238,12 @@ static BOOLEAN extract_tftp_info(CHAR8 *url)
+ Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n");
+ return FALSE;
+ }
+- memset(ip6str, 0, 40);
++ memset(ip6str, 0, sizeof(ip6str));
+ memcpy(ip6str, start, end - start);
+ end++;
+ memcpy(&tftp_addr.v6, str2ip6(ip6str), 16);
++ if (memcmp(&tftp_addr.v6, ip6inv, sizeof(ip6inv)) == 0)
++ return FALSE;
+ full_path = AllocateZeroPool(strlen(end)+strlen(template)+1);
+ if (!full_path)
+ return FALSE;
+--
+1.9.3
+
diff --git a/SOURCES/0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch b/SOURCES/0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch
new file mode 100644
index 0000000..448d03a
--- /dev/null
+++ b/SOURCES/0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch
@@ -0,0 +1,88 @@
+From 034466b7734a2749346151d903bbd7c8a1288db1 Mon Sep 17 00:00:00 2001
+From: Sebastian Krahmer <krahmer@suse.com>
+Date: Tue, 12 Aug 2014 09:23:28 +0000
+Subject: [PATCH 71/74] OOB access when parsing MOK List/Certificates on MOK
+ enrollment
+
+---
+ MokManager.c | 30 ++++++++++++++++++++++++++++++
+ 1 file changed, 30 insertions(+)
+
+diff --git a/MokManager.c b/MokManager.c
+index ecbcdd3..4a9b102 100644
+--- a/MokManager.c
++++ b/MokManager.c
+@@ -100,8 +100,18 @@ static UINT32 count_keys(void *Data, UINTN DataSize)
+ EFI_GUID HashType = EFI_CERT_SHA256_GUID;
+ UINTN dbsize = DataSize;
+ UINT32 MokNum = 0;
++ void *end = Data + DataSize;
+
+ while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
++
++ /* Use ptr arithmetics to ensure bounded access. Do not allow 0
++ * SignatureListSize that will cause endless loop.
++ */
++ if ((void *)(CertList + 1) > end || CertList->SignatureListSize == 0) {
++ console_notify(L"Invalid MOK detected! Ignoring MOK List.");
++ return 0;
++ }
++
+ if ((CompareGuid (&CertList->SignatureType, &CertType) != 0) &&
+ (CompareGuid (&CertList->SignatureType, &HashType) != 0)) {
+ console_notify(L"Doesn't look like a key or hash");
+@@ -137,6 +147,7 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
+ EFI_GUID HashType = EFI_CERT_SHA256_GUID;
+ UINTN dbsize = DataSize;
+ UINTN count = 0;
++ void *end = Data + DataSize;
+
+ list = AllocatePool(sizeof(MokListNode) * num);
+
+@@ -146,6 +157,11 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
+ }
+
+ while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
++ /* CertList out of bounds? */
++ if ((void *)(CertList + 1) > end || CertList->SignatureListSize == 0) {
++ FreePool(list);
++ return NULL;
++ }
+ if ((CompareGuid (&CertList->SignatureType, &CertType) != 0) &&
+ (CompareGuid (&CertList->SignatureType, &HashType) != 0)) {
+ dbsize -= CertList->SignatureListSize;
+@@ -165,10 +181,22 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
+ Cert = (EFI_SIGNATURE_DATA *) (((UINT8 *) CertList) +
+ sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+
++ /* Cert out of bounds? */
++ if ((void *)(Cert + 1) > end || CertList->SignatureSize <= sizeof(EFI_GUID)) {
++ FreePool(list);
++ return NULL;
++ }
++
+ list[count].MokSize = CertList->SignatureSize - sizeof(EFI_GUID);
+ list[count].Mok = (void *)Cert->SignatureData;
+ list[count].Type = CertList->SignatureType;
+
++ /* MOK out of bounds? */
++ if (list[count].MokSize > end - (void *)list[count].Mok) {
++ FreePool(list);
++ return NULL;
++ }
++
+ count++;
+ dbsize -= CertList->SignatureListSize;
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList +
+@@ -449,6 +477,8 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title)
+ }
+
+ MokNum = count_keys(KeyList, KeyListSize);
++ if (MokNum == 0)
++ return 0;
+ keys = build_mok_list(MokNum, KeyList, KeyListSize);
+
+ if (!keys) {
+--
+1.9.3
+
diff --git a/SOURCES/0072-Make-another-integer-compare-be-signed-unsigned-safe.patch b/SOURCES/0072-Make-another-integer-compare-be-signed-unsigned-safe.patch
new file mode 100644
index 0000000..cb6cb15
--- /dev/null
+++ b/SOURCES/0072-Make-another-integer-compare-be-signed-unsigned-safe.patch
@@ -0,0 +1,28 @@
+From c622b677d67ebd88b94f13555b30da80ca74a8c1 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sun, 21 Sep 2014 13:45:38 -0400
+Subject: [PATCH 72/74] Make another integer compare be signed/unsigned safe as
+ well.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ MokManager.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index 4a9b102..ee29051 100644
+--- a/MokManager.c
++++ b/MokManager.c
+@@ -192,7 +192,8 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
+ list[count].Type = CertList->SignatureType;
+
+ /* MOK out of bounds? */
+- if (list[count].MokSize > end - (void *)list[count].Mok) {
++ if (list[count].MokSize > (unsigned long)end -
++ (unsigned long)list[count].Mok) {
+ FreePool(list);
+ return NULL;
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0073-Use-Werror-sign-compare.patch b/SOURCES/0073-Use-Werror-sign-compare.patch
new file mode 100644
index 0000000..be6ff0c
--- /dev/null
+++ b/SOURCES/0073-Use-Werror-sign-compare.patch
@@ -0,0 +1,28 @@
+From 6a115d038af259dd5b42f1651193eb0b8a83a5c8 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sun, 21 Sep 2014 13:50:13 -0400
+Subject: [PATCH 73/74] Use -Werror=sign-compare .
+
+I'm going to have to fix any errors that have this anyway, so may as
+well do it here properly.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ Makefile | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile b/Makefile
+index 5bc513c..694480b 100644
+--- a/Makefile
++++ b/Makefile
+@@ -21,6 +21,7 @@ EFI_LDS = elf_$(ARCH)_efi.lds
+ DEFAULT_LOADER := \\\\grub.efi
+ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
+ -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
++ -Werror=sign-compare \
+ "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
+ "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
+ $(EFI_INCLUDES)
+--
+1.9.3
+
diff --git a/SOURCES/0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch b/SOURCES/0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch
new file mode 100644
index 0000000..dea5584
--- /dev/null
+++ b/SOURCES/0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch
@@ -0,0 +1,32 @@
+From c0949c0a7916e81767ab35f67005b80cfb565e2c Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sun, 21 Sep 2014 15:19:34 -0400
+Subject: [PATCH 74/74] Correctly reject bad tftp addresses earlier, rather
+ than later.
+
+This check is for end == NULL but was meant to be *end == '\0'. Without
+this change, we'll pass a plausibly bad address (i.e. one with no ']' at
+the end) to Mtftp(... READ_FILE ...), which should fail correctly, but
+our error messaging will be inconsistent.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ netboot.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/netboot.c b/netboot.c
+index f884cba..ad5d37e 100644
+--- a/netboot.c
++++ b/netboot.c
+@@ -234,7 +234,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url)
+ return FALSE;
+ }
+ }
+- if (end == '\0') {
++ if (*end == '\0') {
+ Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n");
+ return FALSE;
+ }
+--
+1.9.3
+
diff --git a/SOURCES/rhtest.cer b/SOURCES/rhtest.cer
new file mode 100644
index 0000000..7c21c7a
Binary files /dev/null and b/SOURCES/rhtest.cer differ
diff --git a/SOURCES/securebootca.cer b/SOURCES/securebootca.cer
new file mode 100644
index 0000000..b235400
Binary files /dev/null and b/SOURCES/securebootca.cer differ
diff --git a/SPECS/shim.spec b/SPECS/shim.spec
new file mode 100644
index 0000000..ab52105
--- /dev/null
+++ b/SPECS/shim.spec
@@ -0,0 +1,297 @@
+Name: shim
+Version: 0.7
+Release: 10%{?dist}
+Summary: First-stage UEFI bootloader
+
+License: BSD
+URL: http://www.codon.org.uk/~mjg59/shim/
+Source0: https://github.com/mjg59/shim/releases/download/%{version}/shim-%{version}.tar.bz2
+Source1: securebootca.cer
+ExclusiveArch: aarch64
+
+# incorporate mokutil for packaging simplicity
+%global mokutilver 0.2.0
+Source2: https://github.com/lcp/mokutil/archive/mokutil-%{mokutilver}.tar.gz
+# currently here's what's in our dbx:
+# nothing.
+#Source3: dbx.esl
+Source4: rhtest.cer
+
+Patch0001: 0001-fix-verify_mok.patch
+Patch0002: 0002-shim.c-Add-support-for-hashing-relocation-of-32-bit-.patch
+Patch0003: 0003-netboot.h-fix-build-error-on-32-bit-systems.patch
+Patch0004: 0004-properly-compile-OpenSSL-in-32-bit-mode.patch
+Patch0005: 0005-fallback.c-fix-32-bit-compilation.patch
+Patch0006: 0006-fix-fallback.so-build-dependency.patch
+Patch0007: 0007-propagate-some-path-variables.patch
+Patch0008: 0008-allow-32-bit-compilation-with-64-bit-compiler.patch
+Patch0009: 0009-shim-improve-error-messages.patch
+Patch0010: 0010-Clarify-meaning-of-insecure_mode.patch
+Patch0011: 0011-Don-t-hook-system-services-if-shim-has-no-built-in-k.patch
+Patch0012: 0012-Fix-path-generation-for-Dhcpv4-bootloader.patch
+Patch0013: 0013-Lengths-that-might-be-1-can-t-be-unsigned-Peter.patch
+Patch0014: 0014-Fix-wrong-sizeof.patch
+Patch0015: 0015-Initialize-entries-before-we-pass-it-to-another-func.patch
+Patch0016: 0016-Rewrite-directory-traversal-allocation-path-so-cover.patch
+Patch0017: 0017-Error-check-the-right-thing-in-get_variable_attr-whe.patch
+Patch0018: 0018-fallback-For-HD-device-paths-use-just-the-media-node.patch
+Patch0019: 0019-fallback-Attempt-to-re-use-existing-entries-when-pos.patch
+Patch0020: 0020-Add-a-preliminary-test-plan.patch
+Patch0021: 0021-Add-a-failure-case-to-the-test-plan-and-fix-an-order.patch
+Patch0022: 0022-Allow-fallback-to-use-the-system-s-LoadImage-StartIm.patch
+Patch0023: 0023-additional-bounds-checking-on-section-sizes.patch
+Patch0024: 0024-Kees-patch-missed-the-offset-adjustment-to-PEHdr.patch
+Patch0025: 0025-Get-rid-of-SectionCache-in-generate_hash-it-is-unuse.patch
+Patch0026: 0026-fallback-Avoid-duplicate-old-BootOrder.patch
+Patch0027: 0027-fallback-Fix-the-data-size-for-boot-option-compariso.patch
+Patch0028: 0028-fallback-Try-to-boot-the-first-boot-option-anyway.patch
+Patch0029: 0029-Fetch-the-netboot-image-from-the-same-device.patch
+Patch0030: 0030-Check-the-first-4-bytes-of-the-certificate.patch
+Patch0031: 0031-Remove-grubpath-in-generate_path.patch
+Patch0032: 0032-MokManager-delete-the-BS-NV-variables-the-right-way.patch
+Patch0033: 0033-MokManager-handle-the-error-status-from-ReadKeyStrok.patch
+Patch0034: 0034-Exclude-ca.crt-while-signing-EFI-images.patch
+Patch0035: 0035-No-newline-for-console_notify.patch
+Patch0036: 0036-Remove-the-duplicate-calls-in-lib-console.c.patch
+Patch0037: 0037-Silence-the-functions-of-shim-protocol.patch
+Patch0038: 0038-Free-the-string-from-DevicePathToStr.patch
+Patch0039: 0039-Explain-the-logic-in-secure_mode-better.patch
+Patch0040: 0040-Check-the-secure-variables-with-the-lib-functions.patch
+Patch0041: 0041-Make-sure-we-default-to-assuming-we-re-locked-down.patch
+Patch0042: 0042-Simplify-the-checking-of-SB-and-DB-states.patch
+Patch0043: 0043-Update-openssl-to-0.9.8za.patch
+Patch0044: 0044-Replace-build-instructions-in-README-with-something-.patch
+Patch0045: 0045-CryptLib-undefine-va_arg-and-friends-before-redefini.patch
+Patch0046: 0046-unhook_system_services-bail-on-systab-NULL.patch
+Patch0047: 0047-Factor-out-x86-isms-and-add-cross-compile-support.patch
+Patch0048: 0048-Add-support-for-64-bit-ARM-AArch64.patch
+Patch0049: 0049-Add-support-for-32-bit-ARM.patch
+Patch0050: 0050-Update-openssl-to-0.9.8zb.patch
+Patch0051: 0051-Fix-typo-from-Ard-s-old-tree-32-bit-ARM-patch.patch
+Patch0052: 0052-Handle-empty-.reloc-section-in-PE-COFF-loader.patch
+Patch0053: 0053-Don-t-name-something-exit.patch
+Patch0054: 0054-Make-sure-we-don-t-try-to-load-a-binary-from-a-diffe.patch
+Patch0055: 0055-Actually-refer-to-the-base-relocation-table-of-our-l.patch
+Patch0056: 0056-Make-64-on-32-maybe-work-on-x86_64.patch
+Patch0057: 0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch
+Patch0058: 0058-Don-t-call-AuthenticodeVerify-if-vendor_cert_size-is.patch
+Patch0059: 0059-Fix-our-in_protocol-printing.patch
+Patch0060: 0060-Generate-a-sane-PE-header-on-shim-fallback-and-MokMa.patch
+Patch0061: 0061-Do-the-same-for-ia32.patch
+Patch0062: 0062-Make-list_keys-index-variables-all-be-signed.patch
+Patch0063: 0063-Revert-header-changes.patch
+Patch0064: 0064-Actually-find-the-relocations-correctly-and-process-.patch
+Patch0065: 0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch
+Patch0066: 0066-Fix-some-minor-testplan-errors.patch
+Patch0067: 0067-Don-t-verify-images-with-the-empty-build-key.patch
+Patch0068: 0068-Cryptlib-remove-the-unused-files.patch
+Patch0069: 0069-Another-testplan-error.patch
+Patch0070: 0070-shim-buffer-overflow-on-ipv6-option-parsing.patch
+Patch0071: 0071-OOB-access-when-parsing-MOK-List-Certificates-on-MOK.patch
+Patch0072: 0072-Make-another-integer-compare-be-signed-unsigned-safe.patch
+Patch0073: 0073-Use-Werror-sign-compare.patch
+Patch0074: 0074-Correctly-reject-bad-tftp-addresses-earlier-rather-t.patch
+Patch0075: 0001-Align-the-sections-we-re-loading-and-check-for-valid.patch
+Patch0076: 0001-fallback-Fix-comparison-between-signed-and-unsigned-.patch
+Patch0077: 0002-Fix-length-of-allocated-buffer-for-boot-option-compa.patch
+Patch0078: 0001-Make-lib-build-right-with-the-cflags-it-should-be-us.patch
+Patch0079: 0002-Make-lib-use-the-right-CFLAGS.patch
+
+BuildRequires: git openssl-devel openssl
+BuildRequires: pesign >= 0.106-1
+BuildRequires: gnu-efi = 3.0w, gnu-efi-devel = 3.0w
+
+# for xxd
+BuildRequires: vim-common
+
+# for mokutil's configure
+BuildRequires: autoconf automake
+
+# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
+# compatible with SysV (there's no red zone under UEFI) and there isn't a
+# POSIX-style C library.
+# BuildRequires: OpenSSL
+Provides: bundled(openssl) = 0.9.8w
+
+# Shim is only required on platforms implementing the UEFI secure boot
+# protocol. The only one of those we currently wish to support is 64-bit x86.
+# Adding further platforms will require adding appropriate relocation code.
+ExclusiveArch: x86_64 aarch64
+
+%ifarch x86_64
+%global efiarch x64
+%endif
+%ifarch aarch64
+%global efiarch aa64
+%endif
+
+# Figure out the right file path to use
+%if 0%{?rhel}
+%global efidir redhat
+%endif
+%if 0%{?fedora}
+%global efidir fedora
+%endif
+
+%description
+Initial UEFI bootloader that handles chaining to a trusted full bootloader
+under secure boot environments.
+
+%package -n shim-unsigned
+Summary: First-stage UEFI bootloader (unsigned data)
+
+%description -n shim-unsigned
+Initial UEFI bootloader that handles chaining to a trusted full bootloader
+under secure boot environments.
+
+%package -n mokutil
+Summary: Utilities for managing Secure Boot/MoK keys.
+
+%description -n mokutil
+Utilities for managing the "Machine's Own Keys" list.
+
+%prep
+%setup -q
+%setup -q -a 2 -D -T
+
+git init
+git config user.email "example@example.com"
+git config user.name "rpmbuild -bp"
+git add .
+git commit -a -q -m "%{version} baseline."
+git am --ignore-whitespace %{patches} </dev/null
+git config --unset user.email
+git config --unset user.name
+
+%build
+MAKEFLAGS=""
+%ifarch aarch64
+if [ -f "%{SOURCE4}" ]; then
+ MAKEFLAGS="VENDOR_CERT_FILE=%{SOURCE4}"
+fi
+%else
+if [ -f "%{SOURCE1}" ]; then
+ MAKEFLAGS="VENDOR_CERT_FILE=%{SOURCE1}"
+fi
+%endif
+# MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE3}"
+make 'DEFAULT_LOADER=\\\\grub%{efiarch}.efi' ${MAKEFLAGS} shim.efi MokManager.efi fallback.efi
+cd mokutil-%{mokutilver}
+./autogen.sh
+%configure
+make %{?_smp_mflags}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+pesign -h -P -i shim.efi -h > shim.hash
+install -D -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/shim/
+install -m 0644 shim.efi $RPM_BUILD_ROOT%{_datadir}/shim/shim.efi
+install -m 0644 shim.hash $RPM_BUILD_ROOT%{_datadir}/shim/shim.hash
+install -m 0644 fallback.efi $RPM_BUILD_ROOT%{_datadir}/shim/fallback.efi
+install -m 0644 MokManager.efi $RPM_BUILD_ROOT%{_datadir}/shim/MokManager.efi
+cd mokutil-%{mokutilver}
+make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install
+
+%files -n shim-unsigned
+%doc
+%dir %{_datadir}/shim
+%{_datadir}/shim/*
+
+%files -n mokutil
+/usr/bin/mokutil
+/usr/share/man/man1/mokutil.1.gz
+
+%changelog
+* Wed Feb 25 2015 Peter Jones <pjones@redhat.com> - 0.7-10
+- Fix a couple more minor bugs aavmf has found in fallback.
+ Related: rhbz#1190191
+- Build lib/ with the right CFLAGS
+ Related: rhbz#1190191
+
+* Tue Feb 24 2015 Peter Jones <pjones@redhat.com> - 0.7-9
+- Fix aarch64 section loading.
+ Related: rhbz#1190191
+
+* Tue Sep 30 2014 Peter Jones <pjones@redhat.com> - 0.7-8
+- Build -8 for arm as well.
+ Related: rhbz#1100048
+- out-of-bounds memory read flaw in DHCPv6 packet processing
+ Resolves: CVE-2014-3675
+- heap-based buffer overflow flaw in IPv6 address parsing
+ Resolves: CVE-2014-3676
+- memory corruption flaw when processing Machine Owner Keys (MOKs)
+ Resolves: CVE-2014-3677
+
+* Tue Sep 23 2014 Peter Jones <pjones@redhat.com> - 0.7-7
+- Use the right key for ARM Aarch64.
+
+* Sun Sep 21 2014 Peter Jones <pjones@redhat.com> - 0.7-6
+- Preliminary build for ARM Aarch64.
+
+* Tue Feb 18 2014 Peter Jones <pjones@redhat.com> - 0.7-5
+- Update for production signing
+ Resolves: rhbz#1064424
+ Related: rhbz#1064449
+
+* Thu Nov 21 2013 Peter Jones <pjones@redhat.com> - 0.7-4
+- Make dhcpv4 paths work better when netbooting.
+ Resolves: rhbz#1032583
+
+* Thu Nov 14 2013 Peter Jones <pjones@redhat.com> - 0.7-3
+- Make lockdown include UEFI and other KEK/DB entries.
+ Resolves: rhbz#1030492
+
+* Fri Nov 08 2013 Peter Jones <pjones@redhat.com> - 0.7-2
+- Update lockdown to reflect SetupMode better as well
+ Related: rhbz#996863
+
+* Wed Nov 06 2013 Peter Jones <pjones@redhat.com> - 0.7-1
+- Fix logic to handle SetupMode efi variable.
+ Related: rhbz#996863
+
+* Thu Oct 31 2013 Peter Jones <pjones@redhat.com> - 0.6-1
+- Fix a FreePool(NULL) call on machines too old for SB
+
+* Fri Oct 04 2013 Peter Jones <pjones@redhat.com> - 0.5-1
+- Update to 0.5
+
+* Tue Aug 06 2013 Peter Jones <pjones@redhat.com> - 0.4-3
+- Build with early RHEL test keys.
+ Related: rhbz#989442
+
+* Thu Jul 25 2013 Peter Jones <pjones@redhat.com> - 0.4-2
+- Fix minor RHEL 7.0 build issues
+ Resolves: rhbz#978766
+- Be less verbose by default
+
+* Tue Jun 11 2013 Peter Jones <pjones@redhat.com> - 0.4-1
+- Update to 0.4
+
+* Fri Jun 07 2013 Peter Jones <pjones@redhat.com> - 0.3-2
+- Require gnu-efi-3.0q for now.
+- Don't allow mmx or sse during compilation.
+- Re-organize this so all real signing happens in shim-signed instead.
+- Split out mokutil
+
+* Wed Dec 12 2012 Peter Jones <pjones@redhat.com> - 0.2-3
+- Fix mokutil's idea of signature sizes.
+
+* Wed Nov 28 2012 Matthew Garrett <mjg59@srcf.ucam.org> - 0.2-2
+- Fix secure_mode() always returning true
+
+* Mon Nov 26 2012 Matthew Garrett <mjg59@srcf.ucam.org> - 0.2-1
+- Update shim
+- Include mokutil
+- Add debuginfo package since mokutil is a userspace executable
+
+* Mon Oct 22 2012 Peter Jones <pjones@redhat.com> - 0.1-4
+- Produce an unsigned shim
+
+* Tue Aug 14 2012 Peter Jones <pjones@redhat.com> - 0.1-3
+- Update how embedded cert and signing work.
+
+* Mon Aug 13 2012 Josh Boyer <jwboyer@redhat.com> - 0.1-2
+- Add patch to fix image size calculation
+
+* Mon Aug 13 2012 Matthew Garrett <mjg@redhat.com> - 0.1-1
+- initial release