From 42426e6eae764da650b963ad1cd957fee7df351a Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Tue, 12 Nov 2013 10:24:01 -0500 Subject: [PATCH 01/75] fix verify_mok() () Fix the return value semantics. If the MokList doesn't exist, we are OK. If the MokList was compromised but we were able to erase it, that is OK too. Only if the list can't be nuked do we return an error. () Fix use of potentially uninitialized attribute variable () Actually use the return value when called from verify_buffer. Change-Id: If16df21d79c52a1726928df96d133390cde4cb7e Signed-off-by: Andrew Boie --- shim.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/shim.c b/shim.c index 23dd0ee..dcb36d0 100644 --- a/shim.c +++ b/shim.c @@ -670,13 +670,12 @@ static EFI_STATUS verify_mok (void) { status = get_variable_attr(L"MokList", &MokListData, &MokListDataSize, shim_lock_guid, &attributes); - if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { + if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) { Print(L"MokList is compromised!\nErase all keys in MokList!\n"); if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) { Print(L"Failed to erase MokList\n"); + return EFI_ACCESS_DENIED; } - status = EFI_ACCESS_DENIED; - return status; } if (MokListData) @@ -722,7 +721,9 @@ static EFI_STATUS verify_buffer (char *data, int datasize, /* * Check that the MOK database hasn't been modified */ - verify_mok(); + status = verify_mok(); + if (status != EFI_SUCCESS) + return status; /* * Ensure that the binary isn't blacklisted From b6a12d99be4659e85f383061749f2bd2f8e8f2d2 Mon Sep 17 00:00:00 2001 From: Mohanraj S Date: Tue, 12 Nov 2013 10:25:23 -0500 Subject: [PATCH 02/75] shim.c: Add support for hashing/relocation of 32-bit binaries Change-Id: Ib93305f7f1691d1b142567507df1058de62dde06 Signed-off-by: Andrew Boie --- shim.c | 72 +++++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 49 insertions(+), 23 deletions(-) diff --git a/shim.c b/shim.c index dcb36d0..a043779 100644 --- a/shim.c +++ b/shim.c @@ -126,7 +126,11 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, int size = context->ImageSize; void *ImageEnd = (char *)data + size; +#if __LP64__ context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data; +#else + context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)data; +#endif if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { Print(L"Image has no relocation entry\n"); @@ -141,7 +145,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, return EFI_UNSUPPORTED; } - Adjust = (UINT64)data - context->ImageAddress; + Adjust = (UINTN)data - context->ImageAddress; if (Adjust == 0) return EFI_SUCCESS; @@ -549,9 +553,15 @@ static EFI_STATUS generate_hash (char *data, int datasize, } /* Hash end of certificate table to end of image header */ +#if __LP64__ hashbase = (char *) &context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; hashsize = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders - (int) ((char *) (&context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data); +#else + hashbase = (char *) &context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + hashsize = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders - + (int) ((char *) (&context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data); +#endif if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { @@ -561,7 +571,11 @@ static EFI_STATUS generate_hash (char *data, int datasize, } /* Sort sections */ +#if __LP64__ SumOfBytesHashed = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; +#else + SumOfBytesHashed = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders; +#endif Section = (EFI_IMAGE_SECTION_HEADER *) ( (char *)context->PEHdr + sizeof (UINT32) + @@ -628,7 +642,11 @@ static EFI_STATUS generate_hash (char *data, int datasize, hashbase = data + SumOfBytesHashed; hashsize = (unsigned int)( size - +#if __LP64__ context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - +#else + context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - +#endif SumOfBytesHashed); if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || @@ -781,7 +799,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, { EFI_IMAGE_DOS_HEADER *DosHdr = data; EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr = data; - unsigned long HeaderWithoutDataDir, SectionHeaderOffset; + unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize; if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) { Print(L"Invalid image\n"); @@ -790,18 +808,28 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) PEHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)((char *)data + DosHdr->e_lfanew); +#if __LP64__ + context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; + context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; + context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; + OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64); +#else + context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes; + context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders; + context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage; + OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32); +#endif + context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; - if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES - < PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes) { + if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) { Print(L"Image header too small\n"); return EFI_UNSUPPORTED; } - HeaderWithoutDataDir = sizeof (EFI_IMAGE_OPTIONAL_HEADER64) + HeaderWithoutDataDir = OptHeaderSize - sizeof (EFI_IMAGE_DATA_DIRECTORY) * EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES; - if (((UINT32)PEHdr->Pe32Plus.FileHeader.SizeOfOptionalHeader - HeaderWithoutDataDir) != - PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes - * sizeof (EFI_IMAGE_DATA_DIRECTORY)) { + if (((UINT32)PEHdr->Pe32.FileHeader.SizeOfOptionalHeader - HeaderWithoutDataDir) != + context->NumberOfRvaAndSizes * sizeof (EFI_IMAGE_DATA_DIRECTORY)) { Print(L"Image header overflows data directory\n"); return EFI_UNSUPPORTED; } @@ -809,15 +837,15 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, SectionHeaderOffset = DosHdr->e_lfanew + sizeof (UINT32) + sizeof (EFI_IMAGE_FILE_HEADER) - + PEHdr->Pe32Plus.FileHeader.SizeOfOptionalHeader; - if ((PEHdr->Pe32Plus.OptionalHeader.SizeOfImage - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER - <= PEHdr->Pe32Plus.FileHeader.NumberOfSections) { + + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader; + if (((UINT32)context->ImageSize - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER + <= context->NumberOfSections) { Print(L"Image sections overflow image size\n"); return EFI_UNSUPPORTED; } - if ((PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER - < (UINT32)PEHdr->Pe32Plus.FileHeader.NumberOfSections) { + if ((context->SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER + < (UINT32)context->NumberOfSections) { Print(L"Image sections overflow section headers\n"); return EFI_UNSUPPORTED; } @@ -837,21 +865,19 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, return EFI_UNSUPPORTED; } - if (PEHdr->Pe32.OptionalHeader.Magic != EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) { - Print(L"Only 64-bit images supported\n"); - return EFI_UNSUPPORTED; - } - context->PEHdr = PEHdr; +#if __LP64__ context->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase; - context->ImageSize = (UINT64)PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; - context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; context->EntryPoint = PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint; context->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; - context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; - context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; - context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER)); context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; +#else + context->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase; + context->EntryPoint = PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint; + context->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; + context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; +#endif + context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER)); if (context->ImageSize < context->SizeOfHeaders) { Print(L"Invalid image\n"); From 75d0c1d8219047d0dfc80dea8752ea695516f19d Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Tue, 12 Nov 2013 10:25:40 -0500 Subject: [PATCH 03/75] netboot.h: fix build error on 32-bit systems Function prototype/implementation mismatch. Change-Id: I89aaae1b49d0372d3aed76fc21c194e0ae55f72e Signed-off-by: Andrew Boie --- netboot.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netboot.h b/netboot.h index 2cdb421..6417373 100644 --- a/netboot.h +++ b/netboot.h @@ -5,5 +5,5 @@ extern BOOLEAN findNetboot(EFI_HANDLE image_handle); extern EFI_STATUS parseNetbootinfo(EFI_HANDLE image_handle); -extern EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINTN *bufsiz); +extern EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINT64 *bufsiz); #endif From e226b35e65d7bcb63924519e009f8415f2c4c23f Mon Sep 17 00:00:00 2001 From: Andrey Petrov Date: Tue, 12 Nov 2013 10:25:51 -0500 Subject: [PATCH 04/75] properly compile OpenSSL in 32-bit mode Change-Id: Iff3ee5ae0f0b95b282b99a23e465723b4e9f6104 Signed-off-by: Andrey Petrov Signed-off-by: Andrew Boie --- Cryptlib/OpenSSL/Makefile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index c93d5af..3d5a87c 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -10,9 +10,12 @@ LIB_GCC = $(shell $(CC) -print-libgcc-file-name) EFI_LIBS = -lefi -lgnuefi $(LIB_GCC) CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ - -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -DSIXTY_FOUR_BIT_LONG -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC + -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC ifeq ($(ARCH),x86_64) - CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI + CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG +endif +ifeq ($(ARCH),ia32) + CFLAGS += -DTHIRTY_TWO_BIT endif LDFLAGS = -nostdlib -znocombreloc From 2c5f9938addac2d259c9db37f3f119cc9cd4c6ac Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Tue, 12 Nov 2013 10:30:02 -0500 Subject: [PATCH 05/75] fallback.c: fix 32-bit compilation fh->Read expects pointer to 32-bit int, use UINTN Change-Id: If1a728efd51a9a24dfcd8123e84bf4c0713491fe Signed-off-by: Andrew Boie --- fallback.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fallback.c b/fallback.c index 82ddbf2..c875144 100644 --- a/fallback.c +++ b/fallback.c @@ -15,7 +15,7 @@ EFI_LOADED_IMAGE *this_image = NULL; static EFI_STATUS -get_file_size(EFI_FILE_HANDLE fh, UINT64 *retsize) +get_file_size(EFI_FILE_HANDLE fh, UINTN *retsize) { EFI_STATUS rc; void *buffer = NULL; @@ -60,7 +60,7 @@ read_file(EFI_FILE_HANDLE fh, CHAR16 *fullpath, CHAR16 **buffer, UINT64 *bs) return rc; } - UINT64 len = 0; + UINTN len = 0; CHAR16 *b = NULL; rc = get_file_size(fh2, &len); if (EFI_ERROR(rc)) { From 663b2b931f95350894f011d77f4124bd2d41d806 Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Tue, 12 Nov 2013 10:30:30 -0500 Subject: [PATCH 06/75] fix fallback.so build dependency Exposed during parallel builds Change-Id: I9867858166dcafd69438f37ee5da14a267ace8f4 Signed-off-by: Andrew Boie --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a22c6b3..2eab862 100644 --- a/Makefile +++ b/Makefile @@ -83,7 +83,7 @@ shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a fallback.o: $(FALLBACK_SRCS) -fallback.so: $(FALLBACK_OBJS) +fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) MokManager.o: $(MOK_SOURCES) From cfac0bb9f40f7d1fbd1de9bbff87df65e7392f1b Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Tue, 12 Nov 2013 10:30:53 -0500 Subject: [PATCH 07/75] propagate some path variables If these are overridden on the command line, pass them along to the sub-makes. Change-Id: I531ccb5d2f5e4be8e99d4892cdcfffffc1ad9877 Signed-off-by: Andrew Boie --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 2eab862..d619ff4 100644 --- a/Makefile +++ b/Makefile @@ -92,13 +92,13 @@ MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a Cryptlib/libcryptlib.a: - $(MAKE) -C Cryptlib + $(MAKE) -C Cryptlib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) Cryptlib/OpenSSL/libopenssl.a: - $(MAKE) -C Cryptlib/OpenSSL + $(MAKE) -C Cryptlib/OpenSSL EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) lib/lib.a: - $(MAKE) -C lib EFI_PATH=$(EFI_PATH) + $(MAKE) -C lib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) %.efi: %.so objcopy -j .text -j .sdata -j .data \ From 6caa9bad715eba8ce423527f8b876a636327b0be Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Tue, 12 Nov 2013 10:31:59 -0500 Subject: [PATCH 08/75] allow 32-bit compilation with 64-bit compiler Also removed unused LIB_PATH from some Makefiles. Change-Id: I7d28d18f7531b51b6121a2ffb88bcaedec57c467 Signed-off-by: Andrew Boie --- Cryptlib/Makefile | 5 +++-- Cryptlib/OpenSSL/Makefile | 4 +--- Makefile | 3 +++ lib/Makefile | 3 +++ 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index a05a4db..d24e59e 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -1,7 +1,5 @@ ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) -LIB_PATH = /usr/lib64 - EFI_INCLUDE = /usr/include/efi EFI_INCLUDES = -nostdinc -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol EFI_PATH = /usr/lib64/gnuefi @@ -14,6 +12,9 @@ CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort- ifeq ($(ARCH),x86_64) CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI endif +ifeq ($(ARCH),ia32) + CFLAGS += -m32 +endif LDFLAGS = -nostdlib -znocombreloc TARGET = libcryptlib.a diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 3d5a87c..8e2f2a6 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -1,7 +1,5 @@ ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) -LIB_PATH = /usr/lib64 - EFI_INCLUDE = /usr/include/efi EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol EFI_PATH = /usr/lib64/gnuefi @@ -15,7 +13,7 @@ ifeq ($(ARCH),x86_64) CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG endif ifeq ($(ARCH),ia32) - CFLAGS += -DTHIRTY_TWO_BIT + CFLAGS += -m32 -DTHIRTY_TWO_BIT endif LDFLAGS = -nostdlib -znocombreloc diff --git a/Makefile b/Makefile index d619ff4..e65d28d 100644 --- a/Makefile +++ b/Makefile @@ -28,6 +28,9 @@ endif ifeq ($(ARCH),x86_64) CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI endif +ifeq ($(ARCH),ia32) + CFLAGS += -m32 +endif ifneq ($(origin VENDOR_CERT_FILE), undefined) CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" endif diff --git a/lib/Makefile b/lib/Makefile index adb0347..a9c9cf6 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -17,6 +17,9 @@ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ ifeq ($(ARCH),x86_64) CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI endif +ifeq ($(ARCH),ia32) + CFLAGS += -m32 +endif lib.a: $(LIBFILES) ar rcs lib.a $(LIBFILES) From acacfca319119bb86c32674034edab42df670619 Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Tue, 12 Nov 2013 10:32:48 -0500 Subject: [PATCH 09/75] shim: improve error messages %r when used in Print() will show a string representation of an EFI_STATUS code. Change-Id: I6db47f5213454603bd66177aca378ad01e9f0bd4 Signed-off-by: Andrew Boie --- shim.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/shim.c b/shim.c index a043779..9ae1936 100644 --- a/shim.c +++ b/shim.c @@ -914,7 +914,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, */ efi_status = read_header(data, datasize, &context); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to read header\n"); + Print(L"Failed to read header: %r\n", efi_status); return efi_status; } @@ -981,7 +981,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, efi_status = relocate_coff(&context, buffer); if (efi_status != EFI_SUCCESS) { - Print(L"Relocation failed\n"); + Print(L"Relocation failed: %r\n", efi_status); FreePool(buffer); return efi_status; } @@ -1022,7 +1022,7 @@ should_use_fallback(EFI_HANDLE image_handle) rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, &loaded_image_protocol, (void **)&li); if (EFI_ERROR(rc)) { - Print(L"Could not get image for bootx64.efi: %d\n", rc); + Print(L"Could not get image for bootx64.efi: %r\n", rc); return 0; } @@ -1044,13 +1044,13 @@ should_use_fallback(EFI_HANDLE image_handle) rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle, &FileSystemProtocol, (void **)&fio); if (EFI_ERROR(rc)) { - Print(L"Could not get fio for li->DeviceHandle: %d\n", rc); + Print(L"Could not get fio for li->DeviceHandle: %r\n", rc); return 0; } rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh); if (EFI_ERROR(rc)) { - Print(L"Could not open fio volume: %d\n", rc); + Print(L"Could not open fio volume: %r\n", rc); return 0; } @@ -1172,14 +1172,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, (void **)&drive); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to find fs\n"); + Print(L"Failed to find fs: %r\n", efi_status); goto error; } efi_status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to open fs\n"); + Print(L"Failed to open fs: %r\n", efi_status); goto error; } @@ -1190,7 +1190,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, EFI_FILE_MODE_READ, 0); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to open %s - %lx\n", PathName, efi_status); + Print(L"Failed to open %s - %r\n", PathName, efi_status); goto error; } @@ -1223,7 +1223,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, } if (efi_status != EFI_SUCCESS) { - Print(L"Unable to get file info\n"); + Print(L"Unable to get file info: %r\n", efi_status); goto error; } @@ -1251,7 +1251,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, } if (efi_status != EFI_SUCCESS) { - Print(L"Unexpected return from initial read: %x, buffersize %x\n", efi_status, buffersize); + Print(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize); goto error; } @@ -1328,20 +1328,20 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) efi_status = generate_path(li, ImagePath, &path, &PathName); if (efi_status != EFI_SUCCESS) { - Print(L"Unable to generate path: %s\n", ImagePath); + Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status); goto done; } if (findNetboot(image_handle)) { efi_status = parseNetbootinfo(image_handle); if (efi_status != EFI_SUCCESS) { - Print(L"Netboot parsing failed: %d\n", efi_status); + Print(L"Netboot parsing failed: %r\n", efi_status); return EFI_PROTOCOL_ERROR; } efi_status = FetchNetbootimage(image_handle, &sourcebuffer, &sourcesize); if (efi_status != EFI_SUCCESS) { - Print(L"Unable to fetch TFTP image\n"); + Print(L"Unable to fetch TFTP image: %r\n", efi_status); return efi_status; } data = sourcebuffer; @@ -1353,7 +1353,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) efi_status = load_image(li, &data, &datasize, PathName); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to load image\n"); + Print(L"Failed to load image %s: %r\n", PathName, efi_status); goto done; } } @@ -1370,7 +1370,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) efi_status = handle_image(data, datasize, li); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to load image\n"); + Print(L"Failed to load image: %r\n", efi_status); CopyMem(li, &li_bak, sizeof(li_bak)); goto done; } @@ -1473,7 +1473,7 @@ EFI_STATUS mirror_mok_list() | EFI_VARIABLE_RUNTIME_ACCESS, FullDataSize, FullData); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to set MokListRT %d\n", efi_status); + Print(L"Failed to set MokListRT: %r\n", efi_status); } return efi_status; @@ -1514,7 +1514,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) efi_status = start_image(image_handle, MOK_MANAGER); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to start MokManager\n"); + Print(L"Failed to start MokManager: %r\n", efi_status); return efi_status; } } @@ -1621,7 +1621,7 @@ static EFI_STATUS mok_ignore_db() | EFI_VARIABLE_RUNTIME_ACCESS, DataSize, (void *)&Data); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to set MokIgnoreDB %d\n", efi_status); + Print(L"Failed to set MokIgnoreDB: %r\n", efi_status); } } @@ -1648,7 +1648,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, &LoadedImageProtocol, (void **) &li); if (status != EFI_SUCCESS) { - Print (L"Failed to get load options\n"); + Print (L"Failed to get load options: %r\n", status); return status; } From e60f118155e55f33c3ea9045abc2c43851d82516 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 19 Nov 2013 10:20:34 -0500 Subject: [PATCH 10/75] Clarify meaning of insecure_mode insecure_mode was intended to indicate that the user had explicity disabled checks with mokutil, which means it wasn't the opposite of secure_mode(). Change the names to clarify this and don't show the insecure mode message unless the user has explicitly enabled that mode. Signed-off-by: Matthew Garrett --- replacements.c | 6 ------ shim.c | 12 ++++++------ 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/replacements.c b/replacements.c index bac5e5d..5ea5c32 100644 --- a/replacements.c +++ b/replacements.c @@ -64,13 +64,9 @@ static typeof(systab->BootServices->StartImage) system_start_image; static typeof(systab->BootServices->Exit) system_exit; static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services; -extern UINT8 insecure_mode; - void unhook_system_services(void) { - if (insecure_mode) - return; systab->BootServices->Exit = system_exit; systab->BootServices->StartImage = system_start_image; systab->BootServices->ExitBootServices = system_exit_boot_services; @@ -123,8 +119,6 @@ exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, void hook_system_services(EFI_SYSTEM_TABLE *local_systab) { - if (insecure_mode) - return; systab = local_systab; /* We need to hook various calls to make this work... */ diff --git a/shim.c b/shim.c index 9ae1936..524f5fc 100644 --- a/shim.c +++ b/shim.c @@ -85,7 +85,7 @@ int loader_is_participating; #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }} -UINT8 insecure_mode; +UINT8 user_insecure_mode; UINT8 ignore_db; typedef enum { @@ -456,7 +456,7 @@ static BOOLEAN secure_mode (void) UINT8 *Data; UINT8 sb, setupmode; - if (insecure_mode) + if (user_insecure_mode) return FALSE; status = get_variable(L"SecureBoot", &Data, &len, global_var); @@ -1534,7 +1534,7 @@ static EFI_STATUS check_mok_sb (void) UINTN MokSBStateSize = 0; UINT32 attributes; - insecure_mode = 0; + user_insecure_mode = 0; ignore_db = 0; status = get_variable_attr(L"MokSBState", &MokSBState, &MokSBStateSize, @@ -1555,7 +1555,7 @@ static EFI_STATUS check_mok_sb (void) status = EFI_ACCESS_DENIED; } else { if (*(UINT8 *)MokSBState == 1) { - insecure_mode = 1; + user_insecure_mode = 1; } } @@ -1753,10 +1753,10 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) /* * Tell the user that we're in insecure mode if necessary */ - if (!secure_mode()) { + if (user_insecure_mode) { Print(L"Booting in insecure mode\n"); uefi_call_wrapper(BS->Stall, 1, 2000000); - } else { + } else if (secure_mode()) { /* * Install our hooks for ExitBootServices() and StartImage() */ From 7c1f49dacc1c39e6286d6e27d4348ea34968a175 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 19 Nov 2013 10:20:34 -0500 Subject: [PATCH 11/75] Don't hook system services if shim has no built-in keys Shim should only need to enforce its security policy when its launching binaries signed with its built-in key. Binaries signed by keys in db or Mokdb should be able to rely on their own security policy. Signed-off-by: Matthew Garrett --- shim.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/shim.c b/shim.c index 524f5fc..cf93d65 100644 --- a/shim.c +++ b/shim.c @@ -1757,11 +1757,15 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) Print(L"Booting in insecure mode\n"); uefi_call_wrapper(BS->Stall, 1, 2000000); } else if (secure_mode()) { - /* - * Install our hooks for ExitBootServices() and StartImage() - */ - hook_system_services(systab); - loader_is_participating = 0; + if (vendor_cert_size || vendor_dbx_size) { + /* + * If shim includes its own certificates then ensure + * that anything it boots has performed some + * validation of the next image. + */ + hook_system_services(systab); + loader_is_participating = 0; + } } /* From d9355ab635b2e620e6d908317627b7aa9718a999 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 21 Nov 2013 11:48:24 -0500 Subject: [PATCH 12/75] Fix path generation for Dhcpv4 bootloader. Right now we always look for e.g. "\grubx64.efi", which is completely wrong. This makes it look for the path shim was loaded from and modify that to end in a sanitized version of our default loader name. Resolves: rhbz#1032583 Signed-off-by: Peter Jones --- include/str.h | 45 +++++++++++++++++++++++++++++++++++++++++++++ netboot.c | 28 +++++++++++++++++++++------- 2 files changed, 66 insertions(+), 7 deletions(-) create mode 100644 include/str.h diff --git a/include/str.h b/include/str.h new file mode 100644 index 0000000..0f3e003 --- /dev/null +++ b/include/str.h @@ -0,0 +1,45 @@ +#ifndef SHIM_STR_H +#define SHIM_STR_H + +static inline +__attribute__((unused)) +unsigned long strnlena(const CHAR8 *s, unsigned long n) +{ + unsigned long i; + for (i = 0; i <= n; i++) + if (s[i] == '\0') + break; + return i; +} + +static inline +__attribute__((unused)) +CHAR8 * +strncpya(CHAR8 *dest, const CHAR8 *src, unsigned long n) +{ + unsigned long i; + + for (i = 0; i < n && src[i] != '\0'; i++) + dest[i] = src[i]; + for (; i < n; i++) + dest[i] = '\0'; + + return dest; +} + +static inline +__attribute__((unused)) +CHAR8 * +strcata(CHAR8 *dest, const CHAR8 *src) +{ + unsigned long dest_len = strlena(dest); + unsigned long i; + + for (i = 0; src[i] != '\0'; i++) + dest[dest_len + i] = src[i]; + dest[dest_len + i] = '\0'; + + return dest; +} + +#endif /* SHIM_STR_H */ diff --git a/netboot.c b/netboot.c index a83c82a..1732dc7 100644 --- a/netboot.c +++ b/netboot.c @@ -38,6 +38,7 @@ #include #include "shim.h" #include "netboot.h" +#include "str.h" static inline unsigned short int __swap16(unsigned short int x) { @@ -305,19 +306,32 @@ static EFI_STATUS parseDhcp6() static EFI_STATUS parseDhcp4() { - CHAR8 *template = (CHAR8 *)DEFAULT_LOADER_CHAR; - full_path = AllocateZeroPool(strlen(template)+1); + CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR); + UINTN template_len = strlen(template) + 1; + + UINTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127); + UINTN i; + UINT8 *dir = pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile; + + for (i = dir_len; i >= 0; i--) { + if (dir[i] == '/') + break; + } + dir_len = (i >= 0) ? i + 1 : 0; + + full_path = AllocateZeroPool(dir_len + template_len); if (!full_path) return EFI_OUT_OF_RESOURCES; + if (dir_len > 0) { + strncpya(full_path, dir, dir_len); + if (full_path[dir_len-1] == '/' && template[0] == '/') + full_path[dir_len-1] = '\0'; + } + strcata(full_path, template); memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4); - memcpy(full_path, template, strlen(template)); - - /* Note we don't capture the filename option here because we know its shim.efi - * We instead assume the filename at the end of the path is going to be grubx64.efi - */ return EFI_SUCCESS; } From e724cfb1bf7834c21fbab2baff289e8633633c14 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 21 Nov 2013 11:48:24 -0500 Subject: [PATCH 13/75] Lengths that might be -1 can't be unsigned, Peter. Signed-off-by: Peter Jones --- netboot.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/netboot.c b/netboot.c index 1732dc7..07e2773 100644 --- a/netboot.c +++ b/netboot.c @@ -307,10 +307,10 @@ static EFI_STATUS parseDhcp6() static EFI_STATUS parseDhcp4() { CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR); - UINTN template_len = strlen(template) + 1; + INTN template_len = strlen(template) + 1; - UINTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127); - UINTN i; + INTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127); + INTN i; UINT8 *dir = pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile; for (i = dir_len; i >= 0; i--) { @@ -329,6 +329,8 @@ static EFI_STATUS parseDhcp4() if (full_path[dir_len-1] == '/' && template[0] == '/') full_path[dir_len-1] = '\0'; } + if (dir_len == 0 && dir[0] != '/' && template[0] == '/') + template++; strcata(full_path, template); memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4); From 28cd5c6b9a797cda2e166b90c29c972613080c1a Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 21 Nov 2013 11:48:24 -0500 Subject: [PATCH 14/75] Fix wrong sizeof(). CHAR16* vs CHAR16**, so the result is the same on all platforms. Detected by coverity. Signed-off-by: Peter Jones --- lib/shell.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/shell.c b/lib/shell.c index 51de4e0..7337834 100644 --- a/lib/shell.c +++ b/lib/shell.c @@ -35,7 +35,7 @@ argsplit(EFI_HANDLE image, int *argc, CHAR16*** ARGV) (*argc)++; /* we counted spaces, so add one for initial */ - *ARGV = AllocatePool(*argc * sizeof(*ARGV)); + *ARGV = AllocatePool(*argc * sizeof(**ARGV)); if (!*ARGV) { return EFI_OUT_OF_RESOURCES; } From 040f08c24960bf9076c07d92c46d5f32a1f186d3 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 21 Nov 2013 11:48:24 -0500 Subject: [PATCH 15/75] Initialize entries before we pass it to another function. Coverity scan noticed that entries is uninitialized when we pass its location to another function. Signed-off-by: Peter Jones --- lib/simple_file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/simple_file.c b/lib/simple_file.c index 3af0ec8..d345d87 100644 --- a/lib/simple_file.c +++ b/lib/simple_file.c @@ -415,7 +415,7 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name, CHAR16 *filter, CHAR16 **result) { EFI_STATUS status; - CHAR16 **entries; + CHAR16 **entries = NULL; EFI_FILE_INFO *dmp; int count, select, len; CHAR16 *newname, *selected; From dd77b3447cb4ee3c80659265f9ea084af8829ae4 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 21 Nov 2013 11:48:24 -0500 Subject: [PATCH 16/75] Rewrite directory traversal allocation path so coverity can grok it. The things we do for our tools. In this case, make the AllocatePool() happen outside of a conditional, even though that conditional will always bee satisfied. This way coverity won't think we're setting fi to NULL and passing it to StrCaseCmp. Signed-off-by: Peter Jones --- fallback.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/fallback.c b/fallback.c index c875144..ba864ee 100644 --- a/fallback.c +++ b/fallback.c @@ -445,25 +445,32 @@ find_boot_csv(EFI_FILE_HANDLE fh, CHAR16 *dirname) return EFI_SUCCESS; } FreePool(buffer); + buffer = NULL; bs = 0; do { bs = 0; rc = uefi_call_wrapper(fh->Read, 3, fh, &bs, NULL); - if (rc == EFI_BUFFER_TOO_SMALL) { - buffer = AllocateZeroPool(bs); - if (!buffer) { - Print(L"Could not allocate memory\n"); - return EFI_OUT_OF_RESOURCES; - } - - rc = uefi_call_wrapper(fh->Read, 3, fh, &bs, buffer); + if (EFI_ERROR(rc) && rc != EFI_BUFFER_TOO_SMALL) { + Print(L"Could not read \\EFI\\%s\\: %d\n", dirname, rc); + if (buffer) + FreePool(buffer); + return rc; } + + buffer = AllocateZeroPool(bs); + if (!buffer) { + Print(L"Could not allocate memory\n"); + return EFI_OUT_OF_RESOURCES; + } + + rc = uefi_call_wrapper(fh->Read, 3, fh, &bs, buffer); if (EFI_ERROR(rc)) { Print(L"Could not read \\EFI\\%s\\: %d\n", dirname, rc); FreePool(buffer); return rc; } + if (bs == 0) break; From 17621118315466dc878cf468d8c15ffadcb50482 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 21 Nov 2013 11:48:24 -0500 Subject: [PATCH 17/75] Error check the right thing in get_variable_attr() when allocating. Signed-off-by: Peter Jones --- lib/variables.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/variables.c b/lib/variables.c index 81bd34d..3a9735e 100644 --- a/lib/variables.c +++ b/lib/variables.c @@ -224,7 +224,7 @@ get_variable_attr(CHAR16 *var, UINT8 **data, UINTN *len, EFI_GUID owner, return efi_status; *data = AllocateZeroPool(*len); - if (!data) + if (!*data) return EFI_OUT_OF_RESOURCES; efi_status = uefi_call_wrapper(RT->GetVariable, 5, var, &owner, From 6edc6ec0a3da59e4519dec3f8af6fd48be00b980 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 31 Jan 2014 10:30:36 -0500 Subject: [PATCH 18/75] [fallback] For HD() device paths, use just the media node and later. UEFI 2.x section 3.1.2 provides for "short-form device path", where the first element specified is a "hard drive media device path", so that you can move a disk around on different buses without invalidating your device path. Fallback has not been using this option, though in most cases efibootmgr has. Note that we still keep the full device path, because LoadImage() isn't necessarily the layer where HD() works - one some systems BDS is responsible for resolving the full path and passes that to LoadImage() instead. So we have to do LoadImage() with the full path. --- fallback.c | 103 ++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 78 insertions(+), 25 deletions(-) diff --git a/fallback.c b/fallback.c index ba864ee..a12bb74 100644 --- a/fallback.c +++ b/fallback.c @@ -14,6 +14,27 @@ EFI_LOADED_IMAGE *this_image = NULL; +static EFI_STATUS +FindSubDevicePath(EFI_DEVICE_PATH *In, UINT8 Type, UINT8 SubType, + EFI_DEVICE_PATH **Out) +{ + EFI_DEVICE_PATH *dp = In; + if (!In || !Out) + return EFI_INVALID_PARAMETER; + + for (dp = In; !IsDevicePathEnd(dp); dp = NextDevicePathNode(dp)) { + if (DevicePathType(dp) == Type && + DevicePathSubType(dp) == SubType) { + *Out = DuplicateDevicePath(dp); + if (!*Out) + return EFI_OUT_OF_RESOURCES; + return EFI_SUCCESS; + } + } + *Out = NULL; + return EFI_NOT_FOUND; +} + static EFI_STATUS get_file_size(EFI_FILE_HANDLE fh, UINTN *retsize) { @@ -93,7 +114,9 @@ make_full_path(CHAR16 *dirname, CHAR16 *filename, CHAR16 **out, UINT64 *outlen) { UINT64 len; - len = StrLen(dirname) + StrLen(filename) + StrLen(L"\\EFI\\\\") + 2; + len = StrLen(L"\\EFI\\") + StrLen(dirname) + + StrLen(L"\\") + StrLen(filename) + + 2; CHAR16 *fullpath = AllocateZeroPool(len*sizeof(CHAR16)); if (!fullpath) { @@ -119,7 +142,8 @@ VOID *first_new_option_args = NULL; UINTN first_new_option_size = 0; EFI_STATUS -add_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, CHAR16 *arguments) +add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, + CHAR16 *filename, CHAR16 *label, CHAR16 *arguments) { static int i = 0; CHAR16 varname[] = L"Boot0000"; @@ -136,24 +160,31 @@ add_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, CHAR16 *ar void *var = LibGetVariable(varname, &global); if (!var) { int size = sizeof(UINT32) + sizeof (UINT16) + - StrLen(label)*2 + 2 + DevicePathSize(dp) + - StrLen(arguments) * 2 + 2; + StrLen(label)*2 + 2 + DevicePathSize(hddp) + + StrLen(arguments) * 2; CHAR8 *data = AllocateZeroPool(size); CHAR8 *cursor = data; *(UINT32 *)cursor = LOAD_OPTION_ACTIVE; cursor += sizeof (UINT32); - *(UINT16 *)cursor = DevicePathSize(dp); + *(UINT16 *)cursor = DevicePathSize(hddp); cursor += sizeof (UINT16); StrCpy((CHAR16 *)cursor, label); cursor += StrLen(label)*2 + 2; - CopyMem(cursor, dp, DevicePathSize(dp)); - cursor += DevicePathSize(dp); + CopyMem(cursor, hddp, DevicePathSize(hddp)); + cursor += DevicePathSize(hddp); StrCpy((CHAR16 *)cursor, arguments); Print(L"Creating boot entry \"%s\" with label \"%s\" " L"for file \"%s\"\n", varname, label, filename); + + if (!first_new_option) { + first_new_option = DuplicateDevicePath(fulldp); + first_new_option_args = arguments; + first_new_option_size = StrLen(arguments) * sizeof (CHAR16); + } + rc = uefi_call_wrapper(RT->SetVariable, 5, varname, &global, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | @@ -254,7 +285,10 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * if (EFI_ERROR(rc)) return rc; - EFI_DEVICE_PATH *dph = NULL, *dpf = NULL, *dp = NULL; + EFI_DEVICE_PATH *dph = NULL; + EFI_DEVICE_PATH *file = NULL; + EFI_DEVICE_PATH *full_device_path = NULL; + EFI_DEVICE_PATH *dp = NULL; dph = DevicePathFromHandle(this_image->DeviceHandle); if (!dph) { @@ -262,19 +296,31 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * goto err; } - dpf = FileDevicePath(fh, fullpath); - if (!dpf) { + file = FileDevicePath(fh, fullpath); + if (!file) { rc = EFI_OUT_OF_RESOURCES; goto err; } - dp = AppendDevicePath(dph, dpf); - if (!dp) { + full_device_path = AppendDevicePath(dph, file); + if (!full_device_path) { rc = EFI_OUT_OF_RESOURCES; goto err; } + rc = FindSubDevicePath(full_device_path, + MEDIA_DEVICE_PATH, MEDIA_HARDDRIVE_DP, &dp); + if (EFI_ERROR(rc)) { + if (rc == EFI_NOT_FOUND) { + dp = full_device_path; + } else { + rc = EFI_OUT_OF_RESOURCES; + goto err; + } + } + #ifdef DEBUG_FALLBACK + { UINTN s = DevicePathSize(dp); int i; UINT8 *dpv = (void *)dp; @@ -287,20 +333,16 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * CHAR16 *dps = DevicePathToStr(dp); Print(L"device path: \"%s\"\n", dps); -#endif - if (!first_new_option) { - CHAR16 *dps = DevicePathToStr(dp); - Print(L"device path: \"%s\"\n", dps); - first_new_option = DuplicateDevicePath(dp); - first_new_option_args = arguments; - first_new_option_size = StrLen(arguments) * sizeof (CHAR16); } +#endif - add_boot_option(dp, fullpath, label, arguments); + add_boot_option(dp, full_device_path, fullpath, label, arguments); err: - if (dpf) - FreePool(dpf); + if (file) + FreePool(file); + if (full_device_path) + FreePool(full_device_path); if (dp) FreePool(dp); if (fullpath) @@ -629,8 +671,19 @@ try_start_first_option(EFI_HANDLE parent_image_handle) first_new_option, NULL, 0, &image_handle); if (EFI_ERROR(rc)) { - Print(L"LoadImage failed: %d\n", rc); - uefi_call_wrapper(BS->Stall, 1, 2000000); + CHAR16 *dps = DevicePathToStr(first_new_option); + UINTN s = DevicePathSize(first_new_option); + int i; + UINT8 *dpv = (void *)first_new_option; + Print(L"LoadImage failed: %d\nDevice path: \"%s\"\n", rc, dps); + for (i = 0; i < s; i++) { + if (i > 0 && i % 16 == 0) + Print(L"\n"); + Print(L"%02x ", dpv[i]); + } + Print(L"\n"); + + uefi_call_wrapper(BS->Stall, 1, 500000000); return rc; } @@ -644,7 +697,7 @@ try_start_first_option(EFI_HANDLE parent_image_handle) rc = uefi_call_wrapper(BS->StartImage, 3, image_handle, NULL, NULL); if (EFI_ERROR(rc)) { Print(L"StartImage failed: %d\n", rc); - uefi_call_wrapper(BS->Stall, 1, 2000000); + uefi_call_wrapper(BS->Stall, 1, 500000000); } return rc; } From 9fcd221ef143df5a52671a6f23240eb246ccf448 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 31 Jan 2014 10:31:10 -0500 Subject: [PATCH 19/75] [fallback] Attempt to re-use existing entries when possible. Some firmwares seem to ignore our boot entries and put their fallback entries back on top. Right now that results in a lot of boot entries for our stuff, a la https://bugzilla.redhat.com/show_bug.cgi?id=995834 . Instead of that happening, if we simply find existing entries that match the entry we would create and move them to the top of the boot order, the machine will continue to operate in failure mode (which we can't avoid), but at least we won't create thousands of extra entries. Signed-off-by: Peter Jones --- fallback.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 98 insertions(+), 1 deletion(-) diff --git a/fallback.c b/fallback.c index a12bb74..44638ec 100644 --- a/fallback.c +++ b/fallback.c @@ -225,6 +225,85 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, return EFI_OUT_OF_RESOURCES; } +EFI_STATUS +find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, + CHAR16 *arguments, UINT16 *optnum) +{ + int size = sizeof(UINT32) + sizeof (UINT16) + + StrLen(label)*2 + 2 + DevicePathSize(dp) + + StrLen(arguments) * 2 + 2; + + CHAR8 *data = AllocateZeroPool(size); + if (!data) + return EFI_OUT_OF_RESOURCES; + CHAR8 *cursor = data; + *(UINT32 *)cursor = LOAD_OPTION_ACTIVE; + cursor += sizeof (UINT32); + *(UINT16 *)cursor = DevicePathSize(dp); + cursor += sizeof (UINT16); + StrCpy((CHAR16 *)cursor, label); + cursor += StrLen(label)*2 + 2; + CopyMem(cursor, dp, DevicePathSize(dp)); + cursor += DevicePathSize(dp); + StrCpy((CHAR16 *)cursor, arguments); + + int i = 0; + CHAR16 varname[] = L"Boot0000"; + CHAR16 hexmap[] = L"0123456789ABCDEF"; + EFI_GUID global = EFI_GLOBAL_VARIABLE; + EFI_STATUS rc; + + CHAR8 *candidate = AllocateZeroPool(size); + if (!candidate) { + FreePool(data); + return EFI_OUT_OF_RESOURCES; + } + + for(i = 0; i < nbootorder && i < 0x10000; i++) { + varname[4] = hexmap[(bootorder[i] & 0xf000) >> 12]; + varname[5] = hexmap[(bootorder[i] & 0x0f00) >> 8]; + varname[6] = hexmap[(bootorder[i] & 0x00f0) >> 4]; + varname[7] = hexmap[(bootorder[i] & 0x000f) >> 0]; + + UINTN candidate_size = size; + rc = uefi_call_wrapper(RT->GetVariable, 5, varname, &global, + NULL, &candidate_size, candidate); + if (EFI_ERROR(rc)) + continue; + + if (candidate_size != size) + continue; + + if (CompareMem(candidate, data, size)) + continue; + + /* at this point, we have duplicate data. */ + *optnum = i; + FreePool(candidate); + FreePool(data); + return EFI_SUCCESS; + } + FreePool(candidate); + FreePool(data); + return EFI_NOT_FOUND; +} + +EFI_STATUS +set_boot_order(void) +{ + CHAR16 *oldbootorder; + UINTN size; + EFI_GUID global = EFI_GLOBAL_VARIABLE; + + oldbootorder = LibGetVariableAndSize(L"BootOrder", &global, &size); + if (oldbootorder) { + nbootorder = size / sizeof (CHAR16); + bootorder = oldbootorder; + } + return EFI_SUCCESS; + +} + EFI_STATUS update_boot_order(void) { @@ -336,7 +415,23 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * } #endif - add_boot_option(dp, full_device_path, fullpath, label, arguments); + UINT16 option; + rc = find_boot_option(dp, fullpath, label, arguments, &option); + if (EFI_ERROR(rc)) { + add_boot_option(dp, full_device_path, fullpath, label, arguments); + } else if (option != 0) { + CHAR16 *newbootorder; + newbootorder = AllocateZeroPool(sizeof (CHAR16) * nbootorder); + if (!newbootorder) + return EFI_OUT_OF_RESOURCES; + + newbootorder[0] = bootorder[option]; + CopyMem(newbootorder + 1, bootorder, sizeof (CHAR16) * option); + CopyMem(newbootorder + option + 1, bootorder + option + 1, + sizeof (CHAR16) * (nbootorder - option - 1)); + FreePool(bootorder); + bootorder = newbootorder; + } err: if (file) @@ -717,6 +812,8 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) Print(L"System BootOrder not found. Initializing defaults.\n"); + set_boot_order(); + rc = find_boot_options(this_image->DeviceHandle); if (EFI_ERROR(rc)) { Print(L"Error: could not find boot options: %d\n", rc); From a4c3653d59fbcbe397d3f9dd868e2071493973aa Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 14 Feb 2014 14:08:30 -0500 Subject: [PATCH 20/75] Add a preliminary test plan. Because you know you wanted a test plan. You feel it deeply inside. Note that none of the /negative/ cases are tested yet. Signed-off-by: Peter Jones --- testplan.txt | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 testplan.txt diff --git a/testplan.txt b/testplan.txt new file mode 100644 index 0000000..118dfcd --- /dev/null +++ b/testplan.txt @@ -0,0 +1,80 @@ +How to test a new shim build for RHEL/fedora: + +1) build pesign-test-app, and sign it with the appropriate key +2) build shim with the appropriate key built in +3) install pesign-test-app and shim-unsigned on the test machine +4) make a lockdown.efi for "Red Hat Test Certificate" and put it in \EFI\test + mkdir /boot/efi/EFI/test/ + wget http://pjones.fedorapeople.org/shim/LockDown-rhtest.efi + mv LockDown-rhtest.efi /boot/efi/EFI/test/lockdown.efi +5) sign shim with RHTC and put it in \EFI\test: + pesign -i /usr/share/shim/shim.efi -o /boot/efi/EFI/test/shim.efi \ + -s -c "Red Hat Test Certificate" +6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi + cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \ + /boot/efi/EFI/test/test.efi +7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\: + pesign -i /boot/efi/EFI/redhat/grubx64.efi -o grubx64-unsigned.efi \ + -r -u 0 + pesign -i grubx64-unsigned.efi -o /boot/efi/EFI/test/grub.efi \ + -s -c "Red Hat Test Certificate" +8) sign a copy of mokmanager with RHTC and put it in \EFI\test: + pesign -i /usr/share/shim/MokManager.efi \ + -o /boot/efi/EFI/test/MokManager.efi -s \ + -c "Red Hat Test Certificate" +9) copy grub.cfg to our test directory: + cp /boot/efi/EFI/redhat/grub.cfg /boot/efi/EFI/test/grub.cfg +10) *move* \EFI\redhat\BOOT.CSV to \EFI\test + mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV +11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi + rm -rf /boot/efi/EFI/BOOT/ + mkdir /boot/efi/EFI/BOOT/ + pesign -i /usr/share/shim/fallback.efi \ + -o /boot/efi/EFI/BOOT/fallback.efi \ + -s -c "Red Hat Test Certificate" +12) put shim.efi there as well + cp /boot/efi/EFI/test/shim.efi /boot/efi/EFI/BOOT/BOOTX64.EFI +13) enroll the current kernel's certificate with mokutil: + mokutil --import ~/redhatsecurebootca2.cer +14) put machine in setup mode +15) boot to the UEFI shell +16) run lockdown.efi from #4: + fs0:\EFI\test\lockdown.efi +17) enable secure boot verification +18) verify it can't run other binaries: + fs0:\EFI\redhat\grubx64.efi + result should be an error, probably similar to: + "fs0:\...\grubx64.efi is not recognized as an internal or external command" +19) copy test.efi to grubx64.efi: + cp \EFI\test\test.efi \EFI\test\grubx64.efi +20) in the EFI shell, run fs0:\EFI\test\shim.efi +21) you should see MokManager. Enroll the certificate you added in #13, and + the system will reboot. +22) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi + result: "This is a test application that should be completely safe." + If you get the expected result, shim can run things signed by its internal + key ring. Check a box someplace that says it can do that. +23) from the EFI shell, copy grub to grubx64.efi: + cp \EFI\test\grubx.efi \EFI\test\grubx64.efi +24) in the EFI shell, run fs0:\EFI\test\shim.efi + result: this should start grub, which will let you boot a kernel + If grub starts, it means shim can run things signed by a key in the system's + db. Check a box someplace that says it can do that. + If the kernel boots, it means shim can run things from Mok. Check a box + someplace that says it can do that. +25) remove all boot entries and the BootOrder variable: + [root@uefi ~]# cd /sys/firmware/efi/efivars/ + [root@uefi efivars]# rm -vf Boot[0123456789]* BootOrder-* + removed ‘Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c’ + removed ‘Boot0001-8be4df61-93ca-11d2-aa0d-00e098032b8c’ + removed ‘Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c’ + removed ‘Boot2001-8be4df61-93ca-11d2-aa0d-00e098032b8c’ + removed ‘BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c’ + [root@uefi efivars]# +27) reboot +28) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just + have an old machine. In that case, go to the EFI shell and run: + fs0:\EFI\BOOT\BOOTX64.EFI + If this works, you should see a bit of output very quickly and then the same + thing as #24. This means shim recognized it was in \EFI\BOOT and ran + fallback.efi, which worked. From a5d135bd2dd128dd68cc5476c53c83eda378fb45 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 14 Feb 2014 17:48:01 -0500 Subject: [PATCH 21/75] Add a failure case to the test plan and fix an ordering error. Signed-off-by: Peter Jones --- testplan.txt | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/testplan.txt b/testplan.txt index 118dfcd..2fbf238 100644 --- a/testplan.txt +++ b/testplan.txt @@ -12,23 +12,26 @@ How to test a new shim build for RHEL/fedora: -s -c "Red Hat Test Certificate" 6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \ - /boot/efi/EFI/test/test.efi -7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\: - pesign -i /boot/efi/EFI/redhat/grubx64.efi -o grubx64-unsigned.efi \ - -r -u 0 - pesign -i grubx64-unsigned.efi -o /boot/efi/EFI/test/grub.efi \ - -s -c "Red Hat Test Certificate" + /boot/efi/EFI/test/test.efi +7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\ . Also + leave an unsigned copy there: + pesign -i /boot/efi/EFI/redhat/grubx64.efi \ + -o /boot/efi/EFI/test/grubx64-unsigned.efi \ + -r -u 0 + pesign -i /boot/efi/EFI/test/grubx64-unsigned.efi \ + -o /boot/efi/EFI/test/grub.efi \ + -s -c "Red Hat Test Certificate" 8) sign a copy of mokmanager with RHTC and put it in \EFI\test: pesign -i /usr/share/shim/MokManager.efi \ - -o /boot/efi/EFI/test/MokManager.efi -s \ + -o /boot/efi/EFI/test/MokManager.efi -s \ -c "Red Hat Test Certificate" 9) copy grub.cfg to our test directory: cp /boot/efi/EFI/redhat/grub.cfg /boot/efi/EFI/test/grub.cfg 10) *move* \EFI\redhat\BOOT.CSV to \EFI\test - mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV -11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi rm -rf /boot/efi/EFI/BOOT/ mkdir /boot/efi/EFI/BOOT/ + mv /boot/efi/EFI/redhat/BOOT.CSV /boot/efi/EFI/test/BOOT.CSV +11) sign a copy of fallback.efi and put it in \EFI\BOOT\fallback.efi pesign -i /usr/share/shim/fallback.efi \ -o /boot/efi/EFI/BOOT/fallback.efi \ -s -c "Red Hat Test Certificate" @@ -55,7 +58,7 @@ How to test a new shim build for RHEL/fedora: If you get the expected result, shim can run things signed by its internal key ring. Check a box someplace that says it can do that. 23) from the EFI shell, copy grub to grubx64.efi: - cp \EFI\test\grubx.efi \EFI\test\grubx64.efi + cp \EFI\test\grub.efi \EFI\test\grubx64.efi 24) in the EFI shell, run fs0:\EFI\test\shim.efi result: this should start grub, which will let you boot a kernel If grub starts, it means shim can run things signed by a key in the system's @@ -78,3 +81,7 @@ How to test a new shim build for RHEL/fedora: If this works, you should see a bit of output very quickly and then the same thing as #24. This means shim recognized it was in \EFI\BOOT and ran fallback.efi, which worked. +29) copy the unsigned grub into place and reboot: + cp /boot/efi/EFI/test/grubx64-unsigned.efi /boot/efi/EFI/test/grubx64.efi +30) reboot again. + result: shim should refuse to load grub. From cf90edfff585cfb6d51f0b4992c7f4fc9195c4c2 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 14 Feb 2014 17:48:01 -0500 Subject: [PATCH 22/75] Allow fallback to use the system's LoadImage/StartImage . Track use of the system's LoadImage(), and when the next StartImage() call is for an image the system verified, allow that to count as participating, since it has been verified by the system's db. Signed-off-by: Peter Jones --- replacements.c | 68 +++++++++++++++++++++++++++++++++++++++- replacements.h | 3 ++ shim.c | 85 ++++++++++++++++++++++++++++++-------------------- 3 files changed, 121 insertions(+), 35 deletions(-) diff --git a/replacements.c b/replacements.c index 5ea5c32..48dc437 100644 --- a/replacements.c +++ b/replacements.c @@ -60,26 +60,82 @@ static EFI_SYSTEM_TABLE *systab; +static typeof(systab->BootServices->LoadImage) system_load_image; static typeof(systab->BootServices->StartImage) system_start_image; static typeof(systab->BootServices->Exit) system_exit; static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services; +static EFI_HANDLE last_loaded_image; + void unhook_system_services(void) { systab->BootServices->Exit = system_exit; + systab->BootServices->LoadImage = system_load_image; systab->BootServices->StartImage = system_start_image; systab->BootServices->ExitBootServices = system_exit_boot_services; } +static EFI_STATUS EFIAPI +load_image(BOOLEAN BootPolicy, EFI_HANDLE ParentImageHandle, + EFI_DEVICE_PATH *DevicePath, VOID *SourceBuffer, + UINTN SourceSize, EFI_HANDLE *ImageHandle) +{ + EFI_STATUS status; + unhook_system_services(); + + status = systab->BootServices->LoadImage(BootPolicy, + ParentImageHandle, DevicePath, + SourceBuffer, SourceSize, ImageHandle); + hook_system_services(systab); + if (EFI_ERROR(status)) + last_loaded_image = NULL; + else + last_loaded_image = *ImageHandle; + return status; +} + static EFI_STATUS EFIAPI start_image(EFI_HANDLE image_handle, UINTN *exit_data_size, CHAR16 **exit_data) { EFI_STATUS status; unhook_system_services(); + + /* We have to uninstall shim's protocol here, because if we're + * On the fallback.efi path, then our call pathway is: + * + * shim->fallback->shim->grub + * ^ ^ ^ + * | | \- gets protocol #0 + * | \- installs its protocol (#1) + * \- installs its protocol (#0) + * and if we haven't removed this, then grub will get the *first* + * shim's protocol, but it'll get the second shim's systab + * replacements. So even though it will participate and verify + * the kernel, the systab never finds out. + */ + if (image_handle == last_loaded_image) { + loader_is_participating = 1; + uninstall_shim_protocols(); + } status = systab->BootServices->StartImage(image_handle, exit_data_size, exit_data); - if (EFI_ERROR(status)) + if (EFI_ERROR(status)) { + if (image_handle == last_loaded_image) { + EFI_STATUS status2 = install_shim_protocols(); + + if (EFI_ERROR(status2)) { + Print(L"Something has gone seriously wrong: %d\n", + status2); + Print(L"shim cannot continue, sorry.\n"); + systab->BootServices->Stall(5000000); + systab->RuntimeServices->ResetSystem( + EfiResetShutdown, + EFI_SECURITY_VIOLATION, 0, NULL); + } + } hook_system_services(systab); + loader_is_participating = 0; + } return status; } @@ -123,6 +179,16 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab) /* We need to hook various calls to make this work... */ + /* We need LoadImage() hooked so that fallback.c can load shim + * without having to fake LoadImage as well. This allows it + * to call the system LoadImage(), and have us track the output + * and mark loader_is_participating in start_image. This means + * anything added by fallback has to be verified by the system db, + * which we want to preserve anyway, since that's all launching + * through BDS gives us. */ + system_load_image = systab->BootServices->LoadImage; + systab->BootServices->LoadImage = load_image; + /* we need StartImage() so that we can allow chain booting to an * image trusted by the firmware */ system_start_image = systab->BootServices->StartImage; diff --git a/replacements.h b/replacements.h index 5b57bc2..bd09424 100644 --- a/replacements.h +++ b/replacements.h @@ -41,4 +41,7 @@ extern int loader_is_participating; extern void hook_system_services(EFI_SYSTEM_TABLE *local_systab); extern void unhook_system_services(void); +extern EFI_STATUS install_shim_protocols(void); +extern void uninstall_shim_protocols(void); + #endif /* SHIM_REPLACEMENTS_H */ diff --git a/shim.c b/shim.c index cf93d65..0e18d38 100644 --- a/shim.c +++ b/shim.c @@ -1707,11 +1707,56 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) return EFI_SUCCESS; } -EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) +static SHIM_LOCK shim_lock_interface; +static EFI_HANDLE shim_lock_handle; + +EFI_STATUS +install_shim_protocols(void) { EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; - static SHIM_LOCK shim_lock_interface; - EFI_HANDLE handle = NULL; + EFI_STATUS efi_status; + /* + * Install the protocol + */ + efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4, + &shim_lock_handle, &shim_lock_guid, + EFI_NATIVE_INTERFACE, &shim_lock_interface); + if (EFI_ERROR(efi_status)) { + console_error(L"Could not install security protocol", + efi_status); + return efi_status; + } + +#if defined(OVERRIDE_SECURITY_POLICY) + /* + * Install the security protocol hook + */ + security_policy_install(shim_verify); +#endif + + return EFI_SUCCESS; +} + +void +uninstall_shim_protocols(void) +{ + EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; +#if defined(OVERRIDE_SECURITY_POLICY) + /* + * Clean up the security protocol hook + */ + security_policy_uninstall(); +#endif + + /* + * If we're back here then clean everything up before exiting + */ + uefi_call_wrapper(BS->UninstallProtocolInterface, 3, shim_lock_handle, + &shim_lock_guid, &shim_lock_interface); +} + +EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) +{ EFI_STATUS efi_status; verification_method = VERIFIED_BY_NOTHING; @@ -1768,24 +1813,9 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) } } - /* - * Install the protocol - */ - efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4, - &handle, &shim_lock_guid, EFI_NATIVE_INTERFACE, - &shim_lock_interface); - if (EFI_ERROR(efi_status)) { - console_error(L"Could not install security protocol", - efi_status); + efi_status = install_shim_protocols(); + if (EFI_ERROR(efi_status)) return efi_status; - } - -#if defined(OVERRIDE_SECURITY_POLICY) - /* - * Install the security protocol hook - */ - security_policy_install(shim_verify); -#endif /* * Enter MokManager if necessary @@ -1810,20 +1840,7 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) efi_status = init_grub(image_handle); -#if defined(OVERRIDE_SECURITY_POLICY) - /* - * Clean up the security protocol hook - */ - security_policy_uninstall(); -#endif - - /* - * If we're back here then clean everything up before exiting - */ - uefi_call_wrapper(BS->UninstallProtocolInterface, 3, handle, - &shim_lock_guid, &shim_lock_interface); - - + uninstall_shim_protocols(); /* * Remove our hooks from system services. */ From 47a9d2c908078ff79c4a4043855ec499241c8977 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Fri, 11 Apr 2014 14:41:22 -0400 Subject: [PATCH 23/75] additional bounds-checking on section sizes This adds additional bounds-checking on the section sizes. Also adds -Wsign-compare to the Makefile and replaces some signed variables with unsigned counteparts for robustness. Signed-off-by: Kees Cook --- Makefile | 3 +- MokManager.c | 6 ++-- PasswordCrypt.c | 4 +-- fallback.c | 4 +-- shim.c | 81 ++++++++++++++++++++++++++++++++++--------------- 5 files changed, 65 insertions(+), 33 deletions(-) diff --git a/Makefile b/Makefile index e65d28d..46e5ef9 100644 --- a/Makefile +++ b/Makefile @@ -16,7 +16,8 @@ EFI_LDS = elf_$(ARCH)_efi.lds DEFAULT_LOADER := \\\\grub.efi CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ - -fshort-wchar -Wall -Werror -mno-red-zone -maccumulate-outgoing-args \ + -fshort-wchar -Wall -Wsign-compare -Werror \ + -mno-red-zone -maccumulate-outgoing-args \ -mno-mmx -mno-sse -fno-builtin \ "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ diff --git a/MokManager.c b/MokManager.c index f5ed379..3da61f4 100644 --- a/MokManager.c +++ b/MokManager.c @@ -440,7 +440,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) MokListNode *keys = NULL; INTN key_num = 0; CHAR16 **menu_strings; - int i; + unsigned int i; if (KeyListSize < (sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA))) { @@ -491,7 +491,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show) { EFI_INPUT_KEY key; - int count = 0; + unsigned int count = 0; do { key = console_get_keystroke(); @@ -640,7 +640,7 @@ static EFI_STATUS match_password (PASSWORD_CRYPT *pw_crypt, CHAR16 password[PASSWORD_MAX]; UINT32 pw_length; UINT8 fail_count = 0; - int i; + unsigned int i; if (pw_crypt) { auth_hash = pw_crypt->hash; diff --git a/PasswordCrypt.c b/PasswordCrypt.c index 8d72a82..e0a82cf 100644 --- a/PasswordCrypt.c +++ b/PasswordCrypt.c @@ -154,7 +154,7 @@ static EFI_STATUS sha256_crypt (const char *key, UINT32 key_len, CopyMem(cp, tmp_result, cnt); SHA256_Init(&alt_ctx); - for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) + for (cnt = 0; cnt < 16ul + alt_result[0]; ++cnt) SHA256_Update(&alt_ctx, salt, salt_size); SHA256_Final(tmp_result, &alt_ctx); @@ -242,7 +242,7 @@ static EFI_STATUS sha512_crypt (const char *key, UINT32 key_len, CopyMem(cp, tmp_result, cnt); SHA512_Init(&alt_ctx); - for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) + for (cnt = 0; cnt < 16ul + alt_result[0]; ++cnt) SHA512_Update(&alt_ctx, salt, salt_size); SHA512_Final(tmp_result, &alt_ctx); diff --git a/fallback.c b/fallback.c index 44638ec..bc9a3c9 100644 --- a/fallback.c +++ b/fallback.c @@ -229,7 +229,7 @@ EFI_STATUS find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, CHAR16 *arguments, UINT16 *optnum) { - int size = sizeof(UINT32) + sizeof (UINT16) + + unsigned int size = sizeof(UINT32) + sizeof (UINT16) + StrLen(label)*2 + 2 + DevicePathSize(dp) + StrLen(arguments) * 2 + 2; @@ -768,7 +768,7 @@ try_start_first_option(EFI_HANDLE parent_image_handle) if (EFI_ERROR(rc)) { CHAR16 *dps = DevicePathToStr(first_new_option); UINTN s = DevicePathSize(first_new_option); - int i; + unsigned int i; UINT8 *dpv = (void *)first_new_option; Print(L"LoadImage failed: %d\nDevice path: \"%s\"\n", rc, dps); for (i = 0; i < s; i++) { diff --git a/shim.c b/shim.c index 0e18d38..8c583a4 100644 --- a/shim.c +++ b/shim.c @@ -102,7 +102,7 @@ typedef struct { /* * Perform basic bounds checking of the intra-image pointers */ -static void *ImageAddress (void *image, int size, unsigned int address) +static void *ImageAddress (void *image, unsigned int size, unsigned int address) { if (address > size) return NULL; @@ -494,18 +494,19 @@ static BOOLEAN secure_mode (void) * Calculate the SHA1 and SHA256 hashes of a binary */ -static EFI_STATUS generate_hash (char *data, int datasize, +static EFI_STATUS generate_hash (char *data, int datasize_in, PE_COFF_LOADER_IMAGE_CONTEXT *context, UINT8 *sha256hash, UINT8 *sha1hash) { unsigned int sha256ctxsize, sha1ctxsize; - unsigned int size = datasize; + unsigned int size = datasize_in; void *sha256ctx = NULL, *sha1ctx = NULL; char *hashbase; unsigned int hashsize; unsigned int SumOfBytesHashed, SumOfSectionBytes; unsigned int index, pos; + unsigned int datasize; EFI_IMAGE_SECTION_HEADER *Section; EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL; EFI_IMAGE_SECTION_HEADER *SectionCache; @@ -517,6 +518,12 @@ static EFI_STATUS generate_hash (char *data, int datasize, sha1ctxsize = Sha1GetContextSize(); sha1ctx = AllocatePool(sha1ctxsize); + if (datasize_in < 0) { + Print(L"Invalid data size\n"); + return EFI_INVALID_PARAMETER; + } + size = datasize = (unsigned int)datasize_in; + if (!sha256ctx || !sha1ctx) { Print(L"Unable to allocate memory for hash context\n"); return EFI_OUT_OF_RESOURCES; @@ -577,22 +584,29 @@ static EFI_STATUS generate_hash (char *data, int datasize, SumOfBytesHashed = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders; #endif - Section = (EFI_IMAGE_SECTION_HEADER *) ( - (char *)context->PEHdr + sizeof (UINT32) + - sizeof (EFI_IMAGE_FILE_HEADER) + - context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader - ); - - SectionCache = Section; - + /* Validate section locations and sizes */ for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++, SectionCache++) { - SumOfSectionBytes += SectionCache->SizeOfRawData; - } + EFI_IMAGE_SECTION_HEADER *SectionPtr; - if (SumOfSectionBytes >= datasize) { - Print(L"Malformed binary: %x %x\n", SumOfSectionBytes, size); - status = EFI_INVALID_PARAMETER; - goto done; + /* Validate SectionPtr is within image */ + SectionPtr = ImageAddress(data, datasize, + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + + (index * sizeof(*SectionPtr))); + if (!SectionPtr) { + Print(L"Malformed section %d\n", index); + status = EFI_INVALID_PARAMETER; + goto done; + } + /* Validate section size is within image. */ + if (SectionPtr->SizeOfRawData > + datasize - SumOfBytesHashed - SumOfSectionBytes) { + Print(L"Malformed section %d size\n", index); + status = EFI_INVALID_PARAMETER; + goto done; + } + SumOfSectionBytes += SectionPtr->SizeOfRawData; } SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * context->PEHdr->Pe32.FileHeader.NumberOfSections); @@ -602,6 +616,11 @@ static EFI_STATUS generate_hash (char *data, int datasize, goto done; } + /* Already validated above */ + Section = ImageAddress(data, datasize, sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader); + /* Sort the section headers */ for (index = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) { pos = index; @@ -620,7 +639,6 @@ static EFI_STATUS generate_hash (char *data, int datasize, continue; } hashbase = ImageAddress(data, size, Section->PointerToRawData); - hashsize = (unsigned int) Section->SizeOfRawData; if (!hashbase) { Print(L"Malformed section header\n"); @@ -628,6 +646,15 @@ static EFI_STATUS generate_hash (char *data, int datasize, goto done; } + /* Verify hashsize within image. */ + if (Section->SizeOfRawData > + datasize - Section->PointerToRawData) { + Print(L"Malformed section raw size %d\n", index); + status = EFI_INVALID_PARAMETER; + goto done; + } + hashsize = (unsigned int) Section->SizeOfRawData; + if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { Print(L"Unable to generate hash\n"); @@ -638,10 +665,10 @@ static EFI_STATUS generate_hash (char *data, int datasize, } /* Hash all remaining data */ - if (size > SumOfBytesHashed) { + if (datasize > SumOfBytesHashed) { hashbase = data + SumOfBytesHashed; hashsize = (unsigned int)( - size - + datasize - #if __LP64__ context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - #else @@ -884,7 +911,8 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, return EFI_UNSUPPORTED; } - if (((UINT8 *)context->SecDir - (UINT8 *)data) > (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) { + if ((unsigned long)((UINT8 *)context->SecDir - (UINT8 *)data) > + (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) { Print(L"Invalid image\n"); return EFI_UNSUPPORTED; } @@ -904,7 +932,8 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, { EFI_STATUS efi_status; char *buffer; - int i, size; + int i; + unsigned int size; EFI_IMAGE_SECTION_HEADER *Section; char *base, *end; PE_COFF_LOADER_IMAGE_CONTEXT context; @@ -1081,7 +1110,8 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, { EFI_DEVICE_PATH *devpath; EFI_HANDLE device; - int i, j, last = -1; + unsigned int i; + int j, last = -1; unsigned int pathlen = 0; EFI_STATUS efi_status = EFI_SUCCESS; CHAR16 *bootpath; @@ -1637,9 +1667,10 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) EFI_STATUS status; EFI_LOADED_IMAGE *li; CHAR16 *start = NULL, *c; - int i, remaining_size = 0; + unsigned int i; + int remaining_size = 0; CHAR16 *loader_str = NULL; - int loader_len = 0; + unsigned int loader_len = 0; second_stage = DEFAULT_LOADER; load_options = NULL; From 16a83563508e28d3ebc5a53c12f0c735d08ae728 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 11 Apr 2014 15:05:24 -0400 Subject: [PATCH 24/75] Kees' patch missed the offset adjustment to PEHdr. In read_header, we adjust context->PEHdr's address by doshdr->e_lfanew. If we're going to recompute that address, we have to adjust it here too. Signed-off-by: Peter Jones --- shim.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/shim.c b/shim.c index 8c583a4..d06bd02 100644 --- a/shim.c +++ b/shim.c @@ -511,12 +511,8 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL; EFI_IMAGE_SECTION_HEADER *SectionCache; EFI_STATUS status = EFI_SUCCESS; - - sha256ctxsize = Sha256GetContextSize(); - sha256ctx = AllocatePool(sha256ctxsize); - - sha1ctxsize = Sha1GetContextSize(); - sha1ctx = AllocatePool(sha1ctxsize); + EFI_IMAGE_DOS_HEADER *DosHdr = (void *)data; + unsigned int PEHdr_offset = 0; if (datasize_in < 0) { Print(L"Invalid data size\n"); @@ -524,6 +520,19 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, } size = datasize = (unsigned int)datasize_in; + if (datasize <= sizeof (*DosHdr) || + DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) { + Print(L"Invalid signature\n"); + return EFI_INVALID_PARAMETER; + } + PEHdr_offset = DosHdr->e_lfanew; + + sha256ctxsize = Sha256GetContextSize(); + sha256ctx = AllocatePool(sha256ctxsize); + + sha1ctxsize = Sha1GetContextSize(); + sha1ctx = AllocatePool(sha1ctxsize); + if (!sha256ctx || !sha1ctx) { Print(L"Unable to allocate memory for hash context\n"); return EFI_OUT_OF_RESOURCES; @@ -590,6 +599,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, /* Validate SectionPtr is within image */ SectionPtr = ImageAddress(data, datasize, + PEHdr_offset + sizeof (UINT32) + sizeof (EFI_IMAGE_FILE_HEADER) + context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + @@ -617,7 +627,9 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, } /* Already validated above */ - Section = ImageAddress(data, datasize, sizeof (UINT32) + + Section = ImageAddress(data, datasize, + PEHdr_offset + + sizeof (UINT32) + sizeof (EFI_IMAGE_FILE_HEADER) + context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader); From a63d665fb8407997ae057803877ed8149f80a25e Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 11 Apr 2014 15:07:45 -0400 Subject: [PATCH 25/75] Get rid of SectionCache in generate_hash(), it is unused. Signed-off-by: Peter Jones --- shim.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/shim.c b/shim.c index d06bd02..48a6f2f 100644 --- a/shim.c +++ b/shim.c @@ -509,7 +509,6 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, unsigned int datasize; EFI_IMAGE_SECTION_HEADER *Section; EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL; - EFI_IMAGE_SECTION_HEADER *SectionCache; EFI_STATUS status = EFI_SUCCESS; EFI_IMAGE_DOS_HEADER *DosHdr = (void *)data; unsigned int PEHdr_offset = 0; @@ -594,7 +593,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, #endif /* Validate section locations and sizes */ - for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++, SectionCache++) { + for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) { EFI_IMAGE_SECTION_HEADER *SectionPtr; /* Validate SectionPtr is within image */ From ec7eddbf05abd6b721b1f1f0fa6c1816d35ddc09 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 13 May 2014 13:23:41 -0400 Subject: [PATCH 26/75] [fallback] Avoid duplicate old BootOrder set_boot_order() already copies the old BootOrder to the variable, bootorder. Besides, we can adjust BootOrder when adding the newly generated boot option. So, we don't have to copy the old one again in update_boot_order(). This avoid the duplicate entries in BootOrder. Signed-off-by: Gary Ching-Pang Lin --- fallback.c | 37 ++++++++++++------------------------- 1 file changed, 12 insertions(+), 25 deletions(-) diff --git a/fallback.c b/fallback.c index bc9a3c9..4bde9c1 100644 --- a/fallback.c +++ b/fallback.c @@ -204,12 +204,12 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, return EFI_OUT_OF_RESOURCES; int j = 0; + newbootorder[0] = i & 0xffff; if (nbootorder) { for (j = 0; j < nbootorder; j++) - newbootorder[j] = bootorder[j]; + newbootorder[j+1] = bootorder[j]; FreePool(bootorder); } - newbootorder[j] = i & 0xffff; bootorder = newbootorder; nbootorder += 1; #ifdef DEBUG_FALLBACK @@ -307,28 +307,17 @@ set_boot_order(void) EFI_STATUS update_boot_order(void) { - CHAR16 *oldbootorder; UINTN size; + UINTN len = 0; EFI_GUID global = EFI_GLOBAL_VARIABLE; CHAR16 *newbootorder = NULL; + EFI_STATUS rc; - oldbootorder = LibGetVariableAndSize(L"BootOrder", &global, &size); - if (oldbootorder) { - int n = size / sizeof (CHAR16) + nbootorder; - - newbootorder = AllocateZeroPool(n * sizeof (CHAR16)); - if (!newbootorder) - return EFI_OUT_OF_RESOURCES; - CopyMem(newbootorder, bootorder, nbootorder * sizeof (CHAR16)); - CopyMem(newbootorder + nbootorder, oldbootorder, size); - size = n * sizeof (CHAR16); - } else { - size = nbootorder * sizeof(CHAR16); - newbootorder = AllocateZeroPool(size); - if (!newbootorder) - return EFI_OUT_OF_RESOURCES; - CopyMem(newbootorder, bootorder, size); - } + size = nbootorder * sizeof(CHAR16); + newbootorder = AllocateZeroPool(size); + if (!newbootorder) + return EFI_OUT_OF_RESOURCES; + CopyMem(newbootorder, bootorder, size); #ifdef DEBUG_FALLBACK Print(L"nbootorder: %d\nBootOrder: ", size / sizeof (CHAR16)); @@ -337,13 +326,11 @@ update_boot_order(void) Print(L"%04x ", newbootorder[j]); Print(L"\n"); #endif - - if (oldbootorder) { + rc = uefi_call_wrapper(RT->GetVariable, 5, L"BootOrder", &global, + NULL, &len, NULL); + if (rc == EFI_BUFFER_TOO_SMALL) LibDeleteVariable(L"BootOrder", &global); - FreePool(oldbootorder); - } - EFI_STATUS rc; rc = uefi_call_wrapper(RT->SetVariable, 5, L"BootOrder", &global, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | From 30cead3b403650d320926971b671b4cda3d609e5 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 13 May 2014 13:24:12 -0400 Subject: [PATCH 27/75] [fallback] Fix the data size for boot option comparison Signed-off-by: Gary Ching-Pang Lin --- fallback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fallback.c b/fallback.c index 4bde9c1..7f242e1 100644 --- a/fallback.c +++ b/fallback.c @@ -231,7 +231,7 @@ find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, { unsigned int size = sizeof(UINT32) + sizeof (UINT16) + StrLen(label)*2 + 2 + DevicePathSize(dp) + - StrLen(arguments) * 2 + 2; + StrLen(arguments) * 2; CHAR8 *data = AllocateZeroPool(size); if (!data) From 8bf83b55dc252cc6b5b83bb0f33cdc8fb68c448b Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 13 May 2014 13:30:07 -0400 Subject: [PATCH 28/75] [fallback] Try to boot the first boot option anyway Some UEFI implementations never care the boot options, so the restored boot options could be just ignored and this results in endless reboot. To avoid this situation, this commit makes fallback.efi to load the first matched boot option even if there is no boot option to be restored. It may not be perfect, but at least the bootloader is loaded... Signed-off-by: Gary Ching-Pang Lin --- fallback.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/fallback.c b/fallback.c index 7f242e1..d10fb62 100644 --- a/fallback.c +++ b/fallback.c @@ -226,8 +226,9 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, } EFI_STATUS -find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, - CHAR16 *arguments, UINT16 *optnum) +find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, + CHAR16 *filename, CHAR16 *label, CHAR16 *arguments, + UINT16 *optnum) { unsigned int size = sizeof(UINT32) + sizeof (UINT16) + StrLen(label)*2 + 2 + DevicePathSize(dp) + @@ -278,6 +279,12 @@ find_boot_option(EFI_DEVICE_PATH *dp, CHAR16 *filename, CHAR16 *label, continue; /* at this point, we have duplicate data. */ + if (!first_new_option) { + first_new_option = DuplicateDevicePath(fulldp); + first_new_option_args = arguments; + first_new_option_size = StrLen(arguments) * sizeof (CHAR16); + } + *optnum = i; FreePool(candidate); FreePool(data); @@ -403,7 +410,7 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 * #endif UINT16 option; - rc = find_boot_option(dp, fullpath, label, arguments, &option); + rc = find_boot_option(dp, full_device_path, fullpath, label, arguments, &option); if (EFI_ERROR(rc)) { add_boot_option(dp, full_device_path, fullpath, label, arguments); } else if (option != 0) { From da49ac6d699f2a91bd088fc66ba31c42803ade3e Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Jun 2014 09:53:23 -0400 Subject: [PATCH 29/75] Fetch the netboot image from the same device The previous strategy is to locate the first available PXE_BASE_CODE protocol and to fetch the second stage image from it, and this may cause shim to fetch the wrong second stage image, i.e. grub.efi. Consider the machine with the following boot order: 1. PXE Boot 2. Hard Drive Assume that the EFI image, e.g. bootx64.efi, in the PXE server is broken, then "PXE Boot" will fail and fallback to "Hard Drive". While shim.efi in "Hard Drive" is loaded, it will find the PXE protocol is available and fetch grub.efi from the PXE server, not grub.efi in the disk. This commit checks the DeviceHandle from Loaded Image. If the device supports PXE, then shim fetches grub.efi with the PXE protocol. Otherwise, shim loads grub.efi from the disk. Signed-off-by: Gary Ching-Pang Lin --- netboot.c | 79 ++++++++++++------------------------------------------- shim.c | 2 +- 2 files changed, 18 insertions(+), 63 deletions(-) diff --git a/netboot.c b/netboot.c index 07e2773..5ef53f7 100644 --- a/netboot.c +++ b/netboot.c @@ -85,78 +85,33 @@ translate_slashes(char *str) * Returns TRUE if we identify a protocol that is enabled and Providing us with * the needed information to fetch a grubx64.efi image */ -BOOLEAN findNetboot(EFI_HANDLE image_handle) +BOOLEAN findNetboot(EFI_HANDLE device) { - UINTN bs = sizeof(EFI_HANDLE); - EFI_GUID pxe_base_code_protocol = EFI_PXE_BASE_CODE_PROTOCOL; - EFI_HANDLE *hbuf; - BOOLEAN rc = FALSE; - void *buffer = AllocatePool(bs); - UINTN errcnt = 0; - UINTN i; EFI_STATUS status; - if (!buffer) + status = uefi_call_wrapper(BS->HandleProtocol, 3, device, + &PxeBaseCodeProtocol, (VOID **)&pxe); + if (status != EFI_SUCCESS) { + pxe = NULL; return FALSE; - -try_again: - status = uefi_call_wrapper(BS->LocateHandle,5, ByProtocol, - &pxe_base_code_protocol, NULL, &bs, - buffer); - - if (status == EFI_BUFFER_TOO_SMALL) { - errcnt++; - FreePool(buffer); - if (errcnt > 1) - return FALSE; - buffer = AllocatePool(bs); - if (!buffer) - return FALSE; - goto try_again; } - if (status == EFI_NOT_FOUND) { - FreePool(buffer); + if (!pxe || !pxe->Mode) { + pxe = NULL; + return FALSE; + } + + if (!pxe->Mode->Started || !pxe->Mode->DhcpAckReceived) { + pxe = NULL; return FALSE; } /* - * We have a list of pxe supporting protocols, lets see if any are - * active - */ - hbuf = buffer; - pxe = NULL; - for (i=0; i < (bs / sizeof(EFI_HANDLE)); i++) { - status = uefi_call_wrapper(BS->OpenProtocol, 6, hbuf[i], - &pxe_base_code_protocol, - (void **)&pxe, image_handle, NULL, - EFI_OPEN_PROTOCOL_GET_PROTOCOL); - - if (status != EFI_SUCCESS) { - pxe = NULL; - continue; - } - - if (!pxe || !pxe->Mode) { - pxe = NULL; - continue; - } - - if (pxe->Mode->Started && pxe->Mode->DhcpAckReceived) { - /* - * We've located a pxe protocol handle thats been - * started and has received an ACK, meaning its - * something we'll be able to get tftp server info - * out of - */ - rc = TRUE; - break; - } - - } - - FreePool(buffer); - return rc; + * We've located a pxe protocol handle thats been started and has + * received an ACK, meaning its something we'll be able to get + * tftp server info out of + */ + return TRUE; } static CHAR8 *get_v6_bootfile_url(EFI_PXE_BASE_CODE_DHCPV6_PACKET *pkt) diff --git a/shim.c b/shim.c index 48a6f2f..d8699f9 100644 --- a/shim.c +++ b/shim.c @@ -1373,7 +1373,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) goto done; } - if (findNetboot(image_handle)) { + if (findNetboot(li->DeviceHandle)) { efi_status = parseNetbootinfo(image_handle); if (efi_status != EFI_SUCCESS) { Print(L"Netboot parsing failed: %r\n", efi_status); From b8070380eef2596837916358393fa789bfa883f3 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Jun 2014 09:55:49 -0400 Subject: [PATCH 30/75] Check the first 4 bytes of the certificate A non-DER encoding x509 certificate may be mistakenly enrolled into db or MokList. This commit checks the first 4 bytes of the certificate to ensure that it's DER encoding. This commit also removes the iteration of the x509 signature list. Per UEFI SPEC, each x509 signature list contains only one x509 certificate. Besides, the size of certificate is incorrect. The size of the header must be substracted from the signature size. Signed-off-by: Gary Ching-Pang Lin --- MokManager.c | 23 +++++++++++++++++++++-- shim.c | 45 +++++++++++++++++++++++++++++++-------------- 2 files changed, 52 insertions(+), 16 deletions(-) diff --git a/MokManager.c b/MokManager.c index 3da61f4..c9fbbac 100644 --- a/MokManager.c +++ b/MokManager.c @@ -1306,12 +1306,31 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) { return -1; } -static BOOLEAN verify_certificate(void *cert, UINTN size) +static BOOLEAN verify_certificate(UINT8 *cert, UINTN size) { X509 *X509Cert; - if (!cert || size == 0) + UINTN length; + if (!cert || size < 0) return FALSE; + /* + * A DER encoding x509 certificate starts with SEQUENCE(0x30), + * the number of length bytes, and the number of value bytes. + * The size of a x509 certificate is usually between 127 bytes + * and 64KB. For convenience, assume the number of value bytes + * is 2, i.e. the second byte is 0x82. + */ + if (cert[0] != 0x30 || cert[1] != 0x82) { + console_notify(L"Not a DER encoding X509 certificate"); + return FALSE; + } + + length = (cert[2]<<8 | cert[3]); + if (length != (size - 4)) { + console_notify(L"Invalid X509 certificate: Inconsistent size"); + return FALSE; + } + if (!(X509ConstructCertificate(cert, size, (UINT8 **) &X509Cert)) || X509Cert == NULL) { console_notify(L"Invalid X509 certificate"); diff --git a/shim.c b/shim.c index d8699f9..cd26ce6 100644 --- a/shim.c +++ b/shim.c @@ -226,44 +226,61 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, return EFI_SUCCESS; } +static BOOLEAN verify_x509(UINT8 *Cert, UINTN CertSize) +{ + UINTN length; + + if (!Cert || CertSize < 4) + return FALSE; + + /* + * A DER encoding x509 certificate starts with SEQUENCE(0x30), + * the number of length bytes, and the number of value bytes. + * The size of a x509 certificate is usually between 127 bytes + * and 64KB. For convenience, assume the number of value bytes + * is 2, i.e. the second byte is 0x82. + */ + if (Cert[0] != 0x30 || Cert[1] != 0x82) + return FALSE; + + length = Cert[2]<<8 | Cert[3]; + if (length != (CertSize - 4)) + return FALSE; + + return TRUE; +} + static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList, UINTN dbsize, WIN_CERTIFICATE_EFI_PKCS *data, UINT8 *hash) { EFI_SIGNATURE_DATA *Cert; - UINTN CertCount, Index; + UINTN CertSize; BOOLEAN IsFound = FALSE; EFI_GUID CertType = X509_GUID; while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { if (CompareGuid (&CertList->SignatureType, &CertType) == 0) { - CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); - for (Index = 0; Index < CertCount; Index++) { + CertSize = CertList->SignatureSize - sizeof(EFI_GUID); + if (verify_x509(Cert->SignatureData, CertSize)) { IsFound = AuthenticodeVerify (data->CertData, data->Hdr.dwLength - sizeof(data->Hdr), Cert->SignatureData, - CertList->SignatureSize, + CertSize, hash, SHA256_DIGEST_SIZE); if (IsFound) - break; - - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); + return DATA_FOUND; + } else if (verbose) { + console_notify(L"Not a DER encoding x.509 Certificate"); } - } - if (IsFound) - break; - dbsize -= CertList->SignatureListSize; CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); } - if (IsFound) - return DATA_FOUND; - return DATA_NOT_FOUND; } From c902256046459353118dfa25c7ff2af67dc36156 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Jun 2014 09:56:27 -0400 Subject: [PATCH 31/75] Remove grubpath in generate_path() The variable is not used anymore. Signed-off-by: Gary Ching-Pang Lin --- shim.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/shim.c b/shim.c index cd26ce6..eb8542a 100644 --- a/shim.c +++ b/shim.c @@ -1134,17 +1134,15 @@ should_use_fallback(EFI_HANDLE image_handle) * of the executable */ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, - EFI_DEVICE_PATH **grubpath, CHAR16 **PathName) + CHAR16 **PathName) { EFI_DEVICE_PATH *devpath; - EFI_HANDLE device; unsigned int i; int j, last = -1; unsigned int pathlen = 0; EFI_STATUS efi_status = EFI_SUCCESS; CHAR16 *bootpath; - device = li->DeviceHandle; devpath = li->FilePath; bootpath = DevicePathToStr(devpath); @@ -1197,8 +1195,6 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, StrCat(*PathName, bootpath); StrCat(*PathName, ImagePath); - *grubpath = FileDevicePath(device, *PathName); - error: FreePool(bootpath); @@ -1361,7 +1357,6 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) EFI_GUID loaded_image_protocol = LOADED_IMAGE_PROTOCOL; EFI_STATUS efi_status; EFI_LOADED_IMAGE *li, li_bak; - EFI_DEVICE_PATH *path; CHAR16 *PathName = NULL; void *sourcebuffer = NULL; UINT64 sourcesize = 0; @@ -1383,7 +1378,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) /* * Build a new path from the existing one plus the executable name */ - efi_status = generate_path(li, ImagePath, &path, &PathName); + efi_status = generate_path(li, ImagePath, &PathName); if (efi_status != EFI_SUCCESS) { Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status); From 38fe58d33aa9abfa1f5c086e5396ef31ee95ecb9 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Jun 2014 09:57:10 -0400 Subject: [PATCH 32/75] MokManager: delete the BS+NV variables the right way LibDeleteVariable assumes that the variable is RT+NV and it won't work on a BS+NV variable. Signed-off-by: Gary Ching-Pang Lin --- MokManager.c | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/MokManager.c b/MokManager.c index c9fbbac..0ab308f 100644 --- a/MokManager.c +++ b/MokManager.c @@ -1112,7 +1112,16 @@ static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) { return -1; } } else { - LibDeleteVariable(L"MokSBState", &shim_lock_guid); + efi_status = uefi_call_wrapper(RT->SetVariable, + 5, L"MokSBState", + &shim_lock_guid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS, + 0, NULL); + if (efi_status != EFI_SUCCESS) { + console_notify(L"Failed to delete Secure Boot state"); + return -1; + } } console_notify(L"The system must now be rebooted"); @@ -1224,7 +1233,16 @@ static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) { return -1; } } else { - LibDeleteVariable(L"MokDBState", &shim_lock_guid); + efi_status = uefi_call_wrapper(RT->SetVariable, 5, + L"MokDBState", + &shim_lock_guid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS, + 0, NULL); + if (efi_status != EFI_SUCCESS) { + console_notify(L"Failed to delete DB state"); + return -1; + } } console_notify(L"The system must now be rebooted"); @@ -1261,7 +1279,11 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) { if (console_yes_no((CHAR16 *[]){L"Clear MOK password?", NULL}) == 0) return 0; - LibDeleteVariable(L"MokPWStore", &shim_lock_guid); + uefi_call_wrapper(RT->SetVariable, 5, L"MokPWStore", + &shim_lock_guid, + EFI_VARIABLE_NON_VOLATILE + | EFI_VARIABLE_BOOTSERVICE_ACCESS, + 0, NULL); LibDeleteVariable(L"MokPW", &shim_lock_guid); console_notify(L"The system must now be rebooted"); uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, EFI_SUCCESS, 0, From dcc523811b7763036682ba42cc83cbf88f42a8f2 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Jun 2014 10:02:18 -0400 Subject: [PATCH 33/75] MokManager: handle the error status from ReadKeyStroke On some machines, even though the key event was signaled, ReadKeyStroke still got EFI_NOT_READY. This commit handles the error status to avoid console_get_keystroke from returning unexpected keys. Signed-off-by: Gary Ching-Pang Lin Conflicts: MokManager.c --- MokManager.c | 17 +++++++++++++---- include/console.h | 4 ++-- lib/console.c | 26 ++++++++++++++++++-------- 3 files changed, 33 insertions(+), 14 deletions(-) diff --git a/MokManager.c b/MokManager.c index 0ab308f..50cb9d7 100644 --- a/MokManager.c +++ b/MokManager.c @@ -488,13 +488,19 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) return EFI_SUCCESS; } -static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show) +static EFI_STATUS get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show) { EFI_INPUT_KEY key; + EFI_STATUS status; unsigned int count = 0; do { - key = console_get_keystroke(); + status = console_get_keystroke(&key); + if (EFI_ERROR (status)) { + console_error(L"Failed to read the keystroke", status); + *length = 0; + return status; + } if ((count >= line_max && key.UnicodeChar != CHAR_BACKSPACE) || @@ -525,7 +531,7 @@ static UINT8 get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show *length = count; - return 1; + return EFI_SUCCESS; } static EFI_STATUS compute_pw_hash (void *Data, UINTN DataSize, UINT8 *password, @@ -989,6 +995,7 @@ static INTN mok_deletion_prompt (void *MokDel, UINTN MokDelSize) static CHAR16 get_password_charater (CHAR16 *prompt) { SIMPLE_TEXT_OUTPUT_MODE SavedMode; + EFI_STATUS status; CHAR16 *message[2]; CHAR16 character; UINTN length; @@ -1003,7 +1010,9 @@ static CHAR16 get_password_charater (CHAR16 *prompt) message[1] = NULL; length = StrLen(message[0]); console_print_box_at(message, -1, -length-4, -5, length+4, 3, 0, 1); - get_line(&pw_length, &character, 1, 0); + status = get_line(&pw_length, &character, 1, 0); + if (EFI_ERROR(status)) + character = 0; console_restore_mode(&SavedMode); diff --git a/include/console.h b/include/console.h index e6c2818..9c793ea 100644 --- a/include/console.h +++ b/include/console.h @@ -1,8 +1,8 @@ #ifndef _SHIM_LIB_CONSOLE_H #define _SHIM_LIB_CONSOLE_H 1 -EFI_INPUT_KEY -console_get_keystroke(void); +EFI_STATUS +console_get_keystroke(EFI_INPUT_KEY *key); void console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_row, int size_cols, int size_rows, int offset, int lines); void diff --git a/lib/console.c b/lib/console.c index 2fc8db3..41ed83a 100644 --- a/lib/console.c +++ b/lib/console.c @@ -40,16 +40,18 @@ SetMem16(CHAR16 *dst, UINT32 n, CHAR16 c) } } -EFI_INPUT_KEY -console_get_keystroke(void) +EFI_STATUS +console_get_keystroke(EFI_INPUT_KEY *key) { - EFI_INPUT_KEY key; UINTN EventIndex; + EFI_STATUS status; - uefi_call_wrapper(BS->WaitForEvent, 3, 1, &ST->ConIn->WaitForKey, &EventIndex); - uefi_call_wrapper(ST->ConIn->ReadKeyStroke, 2, ST->ConIn, &key); + do { + uefi_call_wrapper(BS->WaitForEvent, 3, 1, &ST->ConIn->WaitForKey, &EventIndex); + status = uefi_call_wrapper(ST->ConIn->ReadKeyStroke, 2, ST->ConIn, key); + } while (status == EFI_NOT_READY); - return key; + return status; } void @@ -162,6 +164,8 @@ console_print_box(CHAR16 *str_arr[], int highlight) { SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode; SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; + EFI_INPUT_KEY key; + CopyMem(&SavedConsoleMode, co->Mode, sizeof(SavedConsoleMode)); uefi_call_wrapper(co->EnableCursor, 2, co, FALSE); uefi_call_wrapper(co->SetAttribute, 2, co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); @@ -169,7 +173,7 @@ console_print_box(CHAR16 *str_arr[], int highlight) console_print_box_at(str_arr, highlight, 0, 0, -1, -1, 0, count_lines(str_arr)); - console_get_keystroke(); + console_get_keystroke(&key); uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); @@ -184,6 +188,7 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start) SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode; SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; EFI_INPUT_KEY k; + EFI_STATUS status; int selector; int selector_lines = count_lines(selectors); int selector_max_cols = 0; @@ -237,7 +242,12 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start) size_cols, size_rows, 0, lines); do { - k = console_get_keystroke(); + status = console_get_keystroke(&k); + if (EFI_ERROR (status)) { + Print(L"Failed to read the keystroke: %r", status); + selector = -1; + break; + } if (k.ScanCode == SCAN_ESC) { selector = -1; From ea1c89b047eb4b071efb533808b7d6ca6ae6e719 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Jun 2014 10:03:08 -0400 Subject: [PATCH 34/75] Exclude ca.crt while signing EFI images If ca.crt was added into the certificate database, ca.crt would be the first certificate in the signature. Because shim couldn't verify ca.crt with the embedded shim.cer, it failed to load MokManager.efi.signed and fallback.efi.signed. Signed-off-by: Gary Ching-Pang Lin --- Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/Makefile b/Makefile index 46e5ef9..df190a2 100644 --- a/Makefile +++ b/Makefile @@ -73,7 +73,6 @@ version.c : version.c.in certdb/secmod.db: shim.crt -mkdir certdb - certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt pk12util -d certdb/ -i shim.p12 -W "" -K "" certutil -d certdb/ -A -i shim.crt -n shim -t u From 95c6743e4cc8f89d25c634ad85359081f3e7ab00 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Jun 2014 10:12:43 -0400 Subject: [PATCH 35/75] No newline for console_notify The newlines are for Print(), not console_notify(). Signed-off-by: Gary Ching-Pang Lin Conflicts: shim.c --- shim.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/shim.c b/shim.c index eb8542a..f9fa606 100644 --- a/shim.c +++ b/shim.c @@ -479,7 +479,7 @@ static BOOLEAN secure_mode (void) status = get_variable(L"SecureBoot", &Data, &len, global_var); if (status != EFI_SUCCESS) { if (verbose) - console_notify(L"Secure boot not enabled\n"); + console_notify(L"Secure boot not enabled"); return FALSE; } sb = *Data; @@ -487,7 +487,7 @@ static BOOLEAN secure_mode (void) if (sb != 1) { if (verbose) - console_notify(L"Secure boot not enabled\n"); + console_notify(L"Secure boot not enabled"); return FALSE; } @@ -500,7 +500,7 @@ static BOOLEAN secure_mode (void) if (setupmode == 1) { if (verbose) - console_notify(L"Platform is in setup mode\n"); + console_notify(L"Platform is in setup mode"); return FALSE; } From d8d7464f2cdd86ae01293086119463bf4a6b4a9c Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Jun 2014 10:15:31 -0400 Subject: [PATCH 36/75] Remove the duplicate calls in lib/console.c Signed-off-by: Gary Ching-Pang Lin --- lib/console.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/console.c b/lib/console.c index 41ed83a..83ee679 100644 --- a/lib/console.c +++ b/lib/console.c @@ -175,8 +175,6 @@ console_print_box(CHAR16 *str_arr[], int highlight) console_get_keystroke(&key); - uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); - uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); uefi_call_wrapper(co->SetCursorPosition, 3, co, SavedConsoleMode.CursorColumn, SavedConsoleMode.CursorRow); uefi_call_wrapper(co->SetAttribute, 2, co, SavedConsoleMode.Attribute); @@ -272,8 +270,6 @@ console_select(CHAR16 *title[], CHAR16* selectors[], int start) } while (!(k.ScanCode == SCAN_NULL && k.UnicodeChar == CHAR_CARRIAGE_RETURN)); - uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); - uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); uefi_call_wrapper(co->SetCursorPosition, 3, co, SavedConsoleMode.CursorColumn, SavedConsoleMode.CursorRow); uefi_call_wrapper(co->SetAttribute, 2, co, SavedConsoleMode.Attribute); From e50cfe371f58b9313180093f1217b2fc20d94718 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Jun 2014 10:30:38 -0400 Subject: [PATCH 37/75] Silence the functions of shim protocol When grub2 invokes the functions of shim protocol in gfx mode, OutputString in shim could distort the screen. Signed-off-by: Gary Ching-Pang Lin Conflicts: shim.c (modified by pjones to include some newer Prints that weren't there when Gary did the initial work here.) --- shim.c | 192 ++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 114 insertions(+), 78 deletions(-) diff --git a/shim.c b/shim.c index f9fa606..69af766 100644 --- a/shim.c +++ b/shim.c @@ -59,6 +59,14 @@ static EFI_STATUS (EFIAPI *entry_point) (EFI_HANDLE image_handle, EFI_SYSTEM_TAB static CHAR16 *second_stage; static void *load_options; static UINT32 load_options_size; +static UINT8 in_protocol; + +#define perror(fmt, ...) ({ \ + UINTN __perror_ret = 0; \ + if (in_protocol) \ + __perror_ret = Print((fmt), ##__VA_ARGS__); \ + __perror_ret; \ + }) EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }; @@ -133,7 +141,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, #endif if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { - Print(L"Image has no relocation entry\n"); + perror(L"Image has no relocation entry\n"); return EFI_UNSUPPORTED; } @@ -141,7 +149,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); if (!RelocBase || !RelocBaseEnd) { - Print(L"Reloc table overflows binary\n"); + perror(L"Reloc table overflows binary\n"); return EFI_UNSUPPORTED; } @@ -154,19 +162,19 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION)); if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) { - Print(L"Reloc block size is invalid\n"); + perror(L"Reloc block size is invalid\n"); return EFI_UNSUPPORTED; } RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock); if ((void *)RelocEnd < data || (void *)RelocEnd > ImageEnd) { - Print(L"Reloc entry overflows binary\n"); + perror(L"Reloc entry overflows binary\n"); return EFI_UNSUPPORTED; } FixupBase = ImageAddress(data, size, RelocBase->VirtualAddress); if (!FixupBase) { - Print(L"Invalid fixupbase\n"); + perror(L"Invalid fixupbase\n"); return EFI_UNSUPPORTED; } @@ -215,7 +223,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, break; default: - Print(L"Unknown relocation\n"); + perror(L"Unknown relocation\n"); return EFI_UNSUPPORTED; } Reloc += 1; @@ -478,7 +486,7 @@ static BOOLEAN secure_mode (void) status = get_variable(L"SecureBoot", &Data, &len, global_var); if (status != EFI_SUCCESS) { - if (verbose) + if (verbose && !in_protocol) console_notify(L"Secure boot not enabled"); return FALSE; } @@ -486,7 +494,7 @@ static BOOLEAN secure_mode (void) FreePool(Data); if (sb != 1) { - if (verbose) + if (verbose && !in_protocol) console_notify(L"Secure boot not enabled"); return FALSE; } @@ -499,7 +507,7 @@ static BOOLEAN secure_mode (void) FreePool(Data); if (setupmode == 1) { - if (verbose) + if (verbose && !in_protocol) console_notify(L"Platform is in setup mode"); return FALSE; } @@ -531,14 +539,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, unsigned int PEHdr_offset = 0; if (datasize_in < 0) { - Print(L"Invalid data size\n"); + perror(L"Invalid data size\n"); return EFI_INVALID_PARAMETER; } size = datasize = (unsigned int)datasize_in; if (datasize <= sizeof (*DosHdr) || DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) { - Print(L"Invalid signature\n"); + perror(L"Invalid signature\n"); return EFI_INVALID_PARAMETER; } PEHdr_offset = DosHdr->e_lfanew; @@ -550,12 +558,12 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, sha1ctx = AllocatePool(sha1ctxsize); if (!sha256ctx || !sha1ctx) { - Print(L"Unable to allocate memory for hash context\n"); + perror(L"Unable to allocate memory for hash context\n"); return EFI_OUT_OF_RESOURCES; } if (!Sha256Init(sha256ctx) || !Sha1Init(sha1ctx)) { - Print(L"Unable to initialise hash\n"); + perror(L"Unable to initialise hash\n"); status = EFI_OUT_OF_RESOURCES; goto done; } @@ -567,7 +575,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { - Print(L"Unable to generate hash\n"); + perror(L"Unable to generate hash\n"); status = EFI_OUT_OF_RESOURCES; goto done; } @@ -579,7 +587,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { - Print(L"Unable to generate hash\n"); + perror(L"Unable to generate hash\n"); status = EFI_OUT_OF_RESOURCES; goto done; } @@ -597,7 +605,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { - Print(L"Unable to generate hash\n"); + perror(L"Unable to generate hash\n"); status = EFI_OUT_OF_RESOURCES; goto done; } @@ -621,14 +629,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + (index * sizeof(*SectionPtr))); if (!SectionPtr) { - Print(L"Malformed section %d\n", index); + perror(L"Malformed section %d\n", index); status = EFI_INVALID_PARAMETER; goto done; } /* Validate section size is within image. */ if (SectionPtr->SizeOfRawData > datasize - SumOfBytesHashed - SumOfSectionBytes) { - Print(L"Malformed section %d size\n", index); + perror(L"Malformed section %d size\n", index); status = EFI_INVALID_PARAMETER; goto done; } @@ -637,7 +645,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * context->PEHdr->Pe32.FileHeader.NumberOfSections); if (SectionHeader == NULL) { - Print(L"Unable to allocate section header\n"); + perror(L"Unable to allocate section header\n"); status = EFI_OUT_OF_RESOURCES; goto done; } @@ -669,7 +677,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, hashbase = ImageAddress(data, size, Section->PointerToRawData); if (!hashbase) { - Print(L"Malformed section header\n"); + perror(L"Malformed section header\n"); status = EFI_INVALID_PARAMETER; goto done; } @@ -677,7 +685,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, /* Verify hashsize within image. */ if (Section->SizeOfRawData > datasize - Section->PointerToRawData) { - Print(L"Malformed section raw size %d\n", index); + perror(L"Malformed section raw size %d\n", index); status = EFI_INVALID_PARAMETER; goto done; } @@ -685,7 +693,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { - Print(L"Unable to generate hash\n"); + perror(L"Unable to generate hash\n"); status = EFI_OUT_OF_RESOURCES; goto done; } @@ -706,7 +714,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { - Print(L"Unable to generate hash\n"); + perror(L"Unable to generate hash\n"); status = EFI_OUT_OF_RESOURCES; goto done; } @@ -714,7 +722,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, if (!(Sha256Final(sha256ctx, sha256hash)) || !(Sha1Final(sha1ctx, sha1hash))) { - Print(L"Unable to finalise hash\n"); + perror(L"Unable to finalise hash\n"); status = EFI_OUT_OF_RESOURCES; goto done; } @@ -744,9 +752,9 @@ static EFI_STATUS verify_mok (void) { shim_lock_guid, &attributes); if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) { - Print(L"MokList is compromised!\nErase all keys in MokList!\n"); + perror(L"MokList is compromised!\nErase all keys in MokList!\n"); if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) { - Print(L"Failed to erase MokList\n"); + perror(L"Failed to erase MokList\n"); return EFI_ACCESS_DENIED; } } @@ -774,13 +782,13 @@ static EFI_STATUS verify_buffer (char *data, int datasize, context->SecDir->VirtualAddress); if (!cert) { - Print(L"Certificate located outside the image\n"); + perror(L"Certificate located outside the image\n"); return EFI_INVALID_PARAMETER; } if (cert->Hdr.wCertificateType != WIN_CERT_TYPE_PKCS_SIGNED_DATA) { - Print(L"Unsupported certificate type %x\n", + perror(L"Unsupported certificate type %x\n", cert->Hdr.wCertificateType); return EFI_UNSUPPORTED; } @@ -804,7 +812,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, status = check_blacklist(cert, sha256hash, sha1hash); if (status != EFI_SUCCESS) { - Print(L"Binary is blacklisted\n"); + perror(L"Binary is blacklisted\n"); return status; } @@ -857,7 +865,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize; if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) { - Print(L"Invalid image\n"); + perror(L"Invalid image\n"); return EFI_UNSUPPORTED; } @@ -877,7 +885,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) { - Print(L"Image header too small\n"); + perror(L"Image header too small\n"); return EFI_UNSUPPORTED; } @@ -885,7 +893,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, - sizeof (EFI_IMAGE_DATA_DIRECTORY) * EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES; if (((UINT32)PEHdr->Pe32.FileHeader.SizeOfOptionalHeader - HeaderWithoutDataDir) != context->NumberOfRvaAndSizes * sizeof (EFI_IMAGE_DATA_DIRECTORY)) { - Print(L"Image header overflows data directory\n"); + perror(L"Image header overflows data directory\n"); return EFI_UNSUPPORTED; } @@ -895,28 +903,28 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader; if (((UINT32)context->ImageSize - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER <= context->NumberOfSections) { - Print(L"Image sections overflow image size\n"); + perror(L"Image sections overflow image size\n"); return EFI_UNSUPPORTED; } if ((context->SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER < (UINT32)context->NumberOfSections) { - Print(L"Image sections overflow section headers\n"); + perror(L"Image sections overflow section headers\n"); return EFI_UNSUPPORTED; } if ((((UINT8 *)PEHdr - (UINT8 *)data) + sizeof(EFI_IMAGE_OPTIONAL_HEADER_UNION)) > datasize) { - Print(L"Invalid image\n"); + perror(L"Invalid image\n"); return EFI_UNSUPPORTED; } if (PEHdr->Te.Signature != EFI_IMAGE_NT_SIGNATURE) { - Print(L"Unsupported image type\n"); + perror(L"Unsupported image type\n"); return EFI_UNSUPPORTED; } if (PEHdr->Pe32.FileHeader.Characteristics & EFI_IMAGE_FILE_RELOCS_STRIPPED) { - Print(L"Unsupported image - Relocations have been stripped\n"); + perror(L"Unsupported image - Relocations have been stripped\n"); return EFI_UNSUPPORTED; } @@ -935,23 +943,24 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER)); if (context->ImageSize < context->SizeOfHeaders) { - Print(L"Invalid image\n"); + perror(L"Invalid image\n"); return EFI_UNSUPPORTED; } if ((unsigned long)((UINT8 *)context->SecDir - (UINT8 *)data) > (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) { - Print(L"Invalid image\n"); + perror(L"Invalid image\n"); return EFI_UNSUPPORTED; } if (context->SecDir->VirtualAddress >= datasize) { - Print(L"Malformed security header\n"); + perror(L"Malformed security header\n"); return EFI_INVALID_PARAMETER; } return EFI_SUCCESS; } + /* * Once the image has been loaded it needs to be validated and relocated */ @@ -971,7 +980,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, */ efi_status = read_header(data, datasize, &context); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to read header: %r\n", efi_status); + perror(L"Failed to read header: %r\n", efi_status); return efi_status; } @@ -993,7 +1002,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, buffer = AllocatePool(context.ImageSize); if (!buffer) { - Print(L"Failed to allocate image buffer\n"); + perror(L"Failed to allocate image buffer\n"); return EFI_OUT_OF_RESOURCES; } @@ -1013,13 +1022,13 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, end = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress + size - 1); if (!base || !end) { - Print(L"Invalid section size\n"); + perror(L"Invalid section size\n"); return EFI_UNSUPPORTED; } if (Section->VirtualAddress < context.SizeOfHeaders || Section->PointerToRawData < context.SizeOfHeaders) { - Print(L"Section is inside image headers\n"); + perror(L"Section is inside image headers\n"); return EFI_UNSUPPORTED; } @@ -1038,7 +1047,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, efi_status = relocate_coff(&context, buffer); if (efi_status != EFI_SUCCESS) { - Print(L"Relocation failed: %r\n", efi_status); + perror(L"Relocation failed: %r\n", efi_status); FreePool(buffer); return efi_status; } @@ -1056,7 +1065,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, li->LoadOptionsSize = load_options_size; if (!entry_point) { - Print(L"Invalid entry point\n"); + perror(L"Invalid entry point\n"); FreePool(buffer); return EFI_UNSUPPORTED; } @@ -1079,7 +1088,7 @@ should_use_fallback(EFI_HANDLE image_handle) rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, &loaded_image_protocol, (void **)&li); if (EFI_ERROR(rc)) { - Print(L"Could not get image for bootx64.efi: %r\n", rc); + perror(L"Could not get image for bootx64.efi: %r\n", rc); return 0; } @@ -1101,13 +1110,13 @@ should_use_fallback(EFI_HANDLE image_handle) rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle, &FileSystemProtocol, (void **)&fio); if (EFI_ERROR(rc)) { - Print(L"Could not get fio for li->DeviceHandle: %r\n", rc); + perror(L"Could not get fio for li->DeviceHandle: %r\n", rc); return 0; } - + rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh); if (EFI_ERROR(rc)) { - Print(L"Could not open fio volume: %r\n", rc); + perror(L"Could not open fio volume: %r\n", rc); return 0; } @@ -1185,7 +1194,7 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath, *PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath)); if (!*PathName) { - Print(L"Failed to allocate path buffer\n"); + perror(L"Failed to allocate path buffer\n"); efi_status = EFI_OUT_OF_RESOURCES; goto error; } @@ -1226,14 +1235,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, (void **)&drive); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to find fs: %r\n", efi_status); + perror(L"Failed to find fs: %r\n", efi_status); goto error; } efi_status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to open fs: %r\n", efi_status); + perror(L"Failed to open fs: %r\n", efi_status); goto error; } @@ -1244,14 +1253,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, EFI_FILE_MODE_READ, 0); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to open %s - %r\n", PathName, efi_status); + perror(L"Failed to open %s - %r\n", PathName, efi_status); goto error; } fileinfo = AllocatePool(buffersize); if (!fileinfo) { - Print(L"Unable to allocate file info buffer\n"); + perror(L"Unable to allocate file info buffer\n"); efi_status = EFI_OUT_OF_RESOURCES; goto error; } @@ -1267,7 +1276,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, FreePool(fileinfo); fileinfo = AllocatePool(buffersize); if (!fileinfo) { - Print(L"Unable to allocate file info buffer\n"); + perror(L"Unable to allocate file info buffer\n"); efi_status = EFI_OUT_OF_RESOURCES; goto error; } @@ -1277,7 +1286,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, } if (efi_status != EFI_SUCCESS) { - Print(L"Unable to get file info: %r\n", efi_status); + perror(L"Unable to get file info: %r\n", efi_status); goto error; } @@ -1286,7 +1295,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, *data = AllocatePool(buffersize); if (!*data) { - Print(L"Unable to allocate file buffer\n"); + perror(L"Unable to allocate file buffer\n"); efi_status = EFI_OUT_OF_RESOURCES; goto error; } @@ -1305,7 +1314,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, } if (efi_status != EFI_SUCCESS) { - Print(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize); + perror(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize); goto error; } @@ -1335,6 +1344,7 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size) PE_COFF_LOADER_IMAGE_CONTEXT context; loader_is_participating = 1; + in_protocol = 1; if (!secure_mode()) return EFI_SUCCESS; @@ -1342,9 +1352,35 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size) status = read_header(buffer, size, &context); if (status != EFI_SUCCESS) - return status; + goto done; status = verify_buffer(buffer, size, &context); +done: + in_protocol = 0; + return status; +} + +static EFI_STATUS shim_hash (char *data, int datasize, + PE_COFF_LOADER_IMAGE_CONTEXT *context, + UINT8 *sha256hash, UINT8 *sha1hash) +{ + EFI_STATUS status; + + in_protocol = 1; + status = generate_hash(data, datasize, context, sha256hash, sha1hash); + in_protocol = 0; + + return status; +} + +static EFI_STATUS shim_read_header(void *data, unsigned int datasize, + PE_COFF_LOADER_IMAGE_CONTEXT *context) +{ + EFI_STATUS status; + + in_protocol = 1; + status = read_header(data, datasize, context); + in_protocol = 0; return status; } @@ -1371,7 +1407,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) &loaded_image_protocol, (void **)&li); if (efi_status != EFI_SUCCESS) { - Print(L"Unable to init protocol\n"); + perror(L"Unable to init protocol\n"); return efi_status; } @@ -1381,20 +1417,20 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) efi_status = generate_path(li, ImagePath, &PathName); if (efi_status != EFI_SUCCESS) { - Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status); + perror(L"Unable to generate path %s: %r\n", ImagePath, efi_status); goto done; } if (findNetboot(li->DeviceHandle)) { efi_status = parseNetbootinfo(image_handle); if (efi_status != EFI_SUCCESS) { - Print(L"Netboot parsing failed: %r\n", efi_status); + perror(L"Netboot parsing failed: %r\n", efi_status); return EFI_PROTOCOL_ERROR; } efi_status = FetchNetbootimage(image_handle, &sourcebuffer, &sourcesize); if (efi_status != EFI_SUCCESS) { - Print(L"Unable to fetch TFTP image: %r\n", efi_status); + perror(L"Unable to fetch TFTP image: %r\n", efi_status); return efi_status; } data = sourcebuffer; @@ -1406,7 +1442,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) efi_status = load_image(li, &data, &datasize, PathName); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to load image %s: %r\n", PathName, efi_status); + perror(L"Failed to load image %s: %r\n", PathName, efi_status); goto done; } } @@ -1423,7 +1459,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) efi_status = handle_image(data, datasize, li); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to load image: %r\n", efi_status); + perror(L"Failed to load image: %r\n", efi_status); CopyMem(li, &li_bak, sizeof(li_bak)); goto done; } @@ -1495,7 +1531,7 @@ EFI_STATUS mirror_mok_list() ; FullData = AllocatePool(FullDataSize); if (!FullData) { - Print(L"Failed to allocate space for MokListRT\n"); + perror(L"Failed to allocate space for MokListRT\n"); return EFI_OUT_OF_RESOURCES; } p = FullData; @@ -1526,7 +1562,7 @@ EFI_STATUS mirror_mok_list() | EFI_VARIABLE_RUNTIME_ACCESS, FullDataSize, FullData); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to set MokListRT: %r\n", efi_status); + perror(L"Failed to set MokListRT: %r\n", efi_status); } return efi_status; @@ -1567,7 +1603,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) efi_status = start_image(image_handle, MOK_MANAGER); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to start MokManager: %r\n", efi_status); + perror(L"Failed to start MokManager: %r\n", efi_status); return efi_status; } } @@ -1601,9 +1637,9 @@ static EFI_STATUS check_mok_sb (void) * modified by the OS */ if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { - Print(L"MokSBState is compromised! Clearing it\n"); + perror(L"MokSBState is compromised! Clearing it\n"); if (LibDeleteVariable(L"MokSBState", &shim_lock_guid) != EFI_SUCCESS) { - Print(L"Failed to erase MokSBState\n"); + perror(L"Failed to erase MokSBState\n"); } status = EFI_ACCESS_DENIED; } else { @@ -1642,9 +1678,9 @@ static EFI_STATUS check_mok_db (void) * modified by the OS */ if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { - Print(L"MokDBState is compromised! Clearing it\n"); + perror(L"MokDBState is compromised! Clearing it\n"); if (LibDeleteVariable(L"MokDBState", &shim_lock_guid) != EFI_SUCCESS) { - Print(L"Failed to erase MokDBState\n"); + perror(L"Failed to erase MokDBState\n"); } status = EFI_ACCESS_DENIED; } else { @@ -1674,7 +1710,7 @@ static EFI_STATUS mok_ignore_db() | EFI_VARIABLE_RUNTIME_ACCESS, DataSize, (void *)&Data); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to set MokIgnoreDB: %r\n", efi_status); + perror(L"Failed to set MokIgnoreDB: %r\n", efi_status); } } @@ -1702,7 +1738,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, &LoadedImageProtocol, (void **) &li); if (status != EFI_SUCCESS) { - Print (L"Failed to get load options: %r\n", status); + perror (L"Failed to get load options: %r\n", status); return status; } @@ -1746,7 +1782,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) if (loader_len > 0) { loader_str = AllocatePool((loader_len + 1) * sizeof(CHAR16)); if (!loader_str) { - Print(L"Failed to allocate loader string\n"); + perror(L"Failed to allocate loader string\n"); return EFI_OUT_OF_RESOURCES; } for (i = 0; i < loader_len; i++) @@ -1825,8 +1861,8 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) * call back in and use shim functions */ shim_lock_interface.Verify = shim_verify; - shim_lock_interface.Hash = generate_hash; - shim_lock_interface.Context = read_header; + shim_lock_interface.Hash = shim_hash; + shim_lock_interface.Context = shim_read_header; systab = passed_systab; From fe8527aaa6305ae5992a70491e6b1c06432aaa3a Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Jun 2014 10:33:25 -0400 Subject: [PATCH 38/75] Free the string from DevicePathToStr Signed-off-by: Gary Ching-Pang Lin Conflicts: shim.c --- shim.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/shim.c b/shim.c index 69af766..72d6072 100644 --- a/shim.c +++ b/shim.c @@ -1079,11 +1079,12 @@ should_use_fallback(EFI_HANDLE image_handle) EFI_GUID loaded_image_protocol = LOADED_IMAGE_PROTOCOL; EFI_LOADED_IMAGE *li; unsigned int pathlen = 0; - CHAR16 *bootpath; + CHAR16 *bootpath = NULL; EFI_FILE_IO_INTERFACE *fio = NULL; EFI_FILE *vh; EFI_FILE *fh; EFI_STATUS rc; + int ret = 0; rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, &loaded_image_protocol, (void **)&li); @@ -1101,23 +1102,23 @@ should_use_fallback(EFI_HANDLE image_handle) */ if (StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\BOOT", 14) && StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\/BOOT", 15)) - return 0; + goto error; pathlen = StrLen(bootpath); if (pathlen < 5 || StrCaseCmp(bootpath + pathlen - 4, L".EFI")) - return 0; + goto error; rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle, &FileSystemProtocol, (void **)&fio); if (EFI_ERROR(rc)) { perror(L"Could not get fio for li->DeviceHandle: %r\n", rc); - return 0; + goto error; } rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh); if (EFI_ERROR(rc)) { perror(L"Could not open fio volume: %r\n", rc); - return 0; + goto error; } rc = uefi_call_wrapper(vh->Open, 5, vh, &fh, L"\\EFI\\BOOT" FALLBACK, @@ -1130,12 +1131,17 @@ should_use_fallback(EFI_HANDLE image_handle) * rc); */ uefi_call_wrapper(vh->Close, 1, vh); - return 0; + goto error; } uefi_call_wrapper(fh->Close, 1, fh); uefi_call_wrapper(vh->Close, 1, vh); - return 1; + ret = 1; +error: + if (bootpath) + FreePool(bootpath); + + return ret; } /* From 3b414422277f5a47c5fdd2d260eff8329d280ce8 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 25 Jun 2014 10:46:52 -0400 Subject: [PATCH 39/75] Explain the logic in secure_mode() better. I was getting confused reading it, and I wrote it, so clearly it needs more commentry. Signed-off-by: Peter Jones --- shim.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/shim.c b/shim.c index 72d6072..210e778 100644 --- a/shim.c +++ b/shim.c @@ -499,6 +499,12 @@ static BOOLEAN secure_mode (void) return FALSE; } + /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode", + * then the implementation is bad, but we assume that secure boot is + * enabled according to the status of "SecureBoot". If we have both + * of them, then "SetupMode" may tell us additional data, and we need + * to consider it. + */ status = get_variable(L"SetupMode", &Data, &len, global_var); if (status != EFI_SUCCESS) return TRUE; From 7a72592b75879542e9ebd808868f83a78bdfbbc6 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Jun 2014 10:55:12 -0400 Subject: [PATCH 40/75] Check the secure variables with the lib functions There are functions defined in lib to check the secure variables. Use the functions to shun the duplicate code. Signed-off-by: Gary Ching-Pang Lin Conflicts: shim.c --- lib/variables.c | 14 ++++++++++---- shim.c | 32 ++------------------------------ 2 files changed, 12 insertions(+), 34 deletions(-) diff --git a/lib/variables.c b/lib/variables.c index 3a9735e..4c64d7e 100644 --- a/lib/variables.c +++ b/lib/variables.c @@ -284,9 +284,12 @@ variable_is_setupmode(void) /* set to 1 because we return true if SetupMode doesn't exist */ UINT8 SetupMode = 1; UINTN DataSize = sizeof(SetupMode); + EFI_STATUS status; - uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL, - &DataSize, &SetupMode); + status = uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL, + &DataSize, &SetupMode); + if (EFI_ERROR(status)) + return 1; return SetupMode; } @@ -297,10 +300,13 @@ variable_is_secureboot(void) /* return false if variable doesn't exist */ UINT8 SecureBoot = 0; UINTN DataSize; + EFI_STATUS status; DataSize = sizeof(SecureBoot); - uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL, - &DataSize, &SecureBoot); + status = uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL, + &DataSize, &SecureBoot); + if (EFI_ERROR(status)) + return 0; return SecureBoot; } diff --git a/shim.c b/shim.c index 210e778..14fb601 100644 --- a/shim.c +++ b/shim.c @@ -475,44 +475,16 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert, static BOOLEAN secure_mode (void) { - EFI_STATUS status; - EFI_GUID global_var = EFI_GLOBAL_VARIABLE; - UINTN len; - UINT8 *Data; - UINT8 sb, setupmode; - if (user_insecure_mode) return FALSE; - status = get_variable(L"SecureBoot", &Data, &len, global_var); - if (status != EFI_SUCCESS) { - if (verbose && !in_protocol) - console_notify(L"Secure boot not enabled"); - return FALSE; - } - sb = *Data; - FreePool(Data); - - if (sb != 1) { + if (variable_is_secureboot() != 1) { if (verbose && !in_protocol) console_notify(L"Secure boot not enabled"); return FALSE; } - /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode", - * then the implementation is bad, but we assume that secure boot is - * enabled according to the status of "SecureBoot". If we have both - * of them, then "SetupMode" may tell us additional data, and we need - * to consider it. - */ - status = get_variable(L"SetupMode", &Data, &len, global_var); - if (status != EFI_SUCCESS) - return TRUE; - - setupmode = *Data; - FreePool(Data); - - if (setupmode == 1) { + if (variable_is_setupmode() == 1) { if (verbose && !in_protocol) console_notify(L"Platform is in setup mode"); return FALSE; From 9ea3d9b401ed73ae95b60e6b566f9293af3ac4d7 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 25 Jun 2014 10:55:56 -0400 Subject: [PATCH 41/75] Make sure we default to assuming we're locked down. If "SecureBoot" exists but "SetupMode" does not, assume "SetupMode" says we're not in Setup Mode. Signed-off-by: Peter Jones --- include/variables.h | 2 +- lib/variables.c | 8 ++++---- shim.c | 8 +++++++- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/include/variables.h b/include/variables.h index b207dbf..deed269 100644 --- a/include/variables.h +++ b/include/variables.h @@ -50,7 +50,7 @@ SETOSIndicationsAndReboot(UINT64 indications); int variable_is_secureboot(void); int -variable_is_setupmode(void); +variable_is_setupmode(int default_return); EFI_STATUS variable_enroll_hash(CHAR16 *var, EFI_GUID owner, UINT8 hash[SHA256_DIGEST_SIZE]); diff --git a/lib/variables.c b/lib/variables.c index 4c64d7e..59d7d05 100644 --- a/lib/variables.c +++ b/lib/variables.c @@ -139,7 +139,7 @@ SetSecureVariable(CHAR16 *var, UINT8 *Data, UINTN len, EFI_GUID owner, /* Microsoft request: Bugs in some UEFI platforms mean that PK or any * other secure variable can be updated or deleted programmatically, * so prevent */ - if (!variable_is_setupmode()) + if (!variable_is_setupmode(1)) return EFI_SECURITY_VIOLATION; if (createtimebased) { @@ -279,17 +279,17 @@ find_in_variable_esl(CHAR16* var, EFI_GUID owner, UINT8 *key, UINTN keylen) } int -variable_is_setupmode(void) +variable_is_setupmode(int default_return) { /* set to 1 because we return true if SetupMode doesn't exist */ - UINT8 SetupMode = 1; + UINT8 SetupMode = default_return; UINTN DataSize = sizeof(SetupMode); EFI_STATUS status; status = uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL, &DataSize, &SetupMode); if (EFI_ERROR(status)) - return 1; + return default_return; return SetupMode; } diff --git a/shim.c b/shim.c index 14fb601..fe73ec1 100644 --- a/shim.c +++ b/shim.c @@ -484,7 +484,13 @@ static BOOLEAN secure_mode (void) return FALSE; } - if (variable_is_setupmode() == 1) { + /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode", + * then the implementation is bad, but we assume that secure boot is + * enabled according to the status of "SecureBoot". If we have both + * of them, then "SetupMode" may tell us additional data, and we need + * to consider it. + */ + if (variable_is_setupmode(0) == 1) { if (verbose && !in_protocol) console_notify(L"Platform is in setup mode"); return FALSE; From 875eb1b9d501d853b2c44f86a32a51b59f85eef9 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Jun 2014 10:58:23 -0400 Subject: [PATCH 42/75] Simplify the checking of SB and DB states MokSBState and MokDBState are just 1 byte variables, so a UINT8 local variable is sufficient to include the content. Signed-off-by: Gary Ching-Pang Lin Conflicts: shim.c --- shim.c | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/shim.c b/shim.c index fe73ec1..ea8eba8 100644 --- a/shim.c +++ b/shim.c @@ -1609,16 +1609,15 @@ static EFI_STATUS check_mok_sb (void) { EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; EFI_STATUS status = EFI_SUCCESS; - UINT8 *MokSBState = NULL; - UINTN MokSBStateSize = 0; + UINT8 MokSBState; + UINTN MokSBStateSize = sizeof(MokSBState); UINT32 attributes; user_insecure_mode = 0; ignore_db = 0; - status = get_variable_attr(L"MokSBState", &MokSBState, &MokSBStateSize, - shim_lock_guid, &attributes); - + status = uefi_call_wrapper(RT->GetVariable, 5, L"MokSBState", &shim_lock_guid, + &attributes, &MokSBStateSize, &MokSBState); if (status != EFI_SUCCESS) return EFI_ACCESS_DENIED; @@ -1633,13 +1632,11 @@ static EFI_STATUS check_mok_sb (void) } status = EFI_ACCESS_DENIED; } else { - if (*(UINT8 *)MokSBState == 1) { + if (MokSBState == 1) { user_insecure_mode = 1; } } - FreePool(MokSBState); - return status; } @@ -1651,13 +1648,12 @@ static EFI_STATUS check_mok_db (void) { EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; EFI_STATUS status = EFI_SUCCESS; - UINT8 *MokDBState = NULL; - UINTN MokDBStateSize = 0; + UINT8 MokDBState; + UINTN MokDBStateSize = sizeof(MokDBStateSize); UINT32 attributes; - status = get_variable_attr(L"MokDBState", &MokDBState, &MokDBStateSize, - shim_lock_guid, &attributes); - + status = uefi_call_wrapper(RT->GetVariable, 5, L"MokDBState", &shim_lock_guid, + &attributes, &MokDBStateSize, &MokDBState); if (status != EFI_SUCCESS) return EFI_ACCESS_DENIED; @@ -1674,13 +1670,11 @@ static EFI_STATUS check_mok_db (void) } status = EFI_ACCESS_DENIED; } else { - if (*(UINT8 *)MokDBState == 1) { + if (MokDBState == 1) { ignore_db = 1; } } - FreePool(MokDBState); - return status; } From f9368474dd80b630adf745314b0336c16a35b0ad Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Mon, 14 Jul 2014 09:03:36 -0400 Subject: [PATCH 43/75] Update openssl to 0.9.8za Also update to Tiano Cryptlib r15638 --- Cryptlib/Cryptlib.diff | 4 +- Cryptlib/Include/openssl/bn.h | 11 + Cryptlib/Include/openssl/crypto.h | 37 +- Cryptlib/Include/openssl/ec.h | 10 +- Cryptlib/Include/openssl/engine.h | 8 +- Cryptlib/Include/openssl/opensslv.h | 6 +- Cryptlib/Include/openssl/ssl.h | 13 +- Cryptlib/Include/openssl/ssl3.h | 10 + Cryptlib/Include/openssl/symhacks.h | 10 +- Cryptlib/Include/openssl/tls1.h | 14 + Cryptlib/Makefile | 6 +- Cryptlib/OpenSSL/crypto/asn1/a_int.c | 2 +- Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 1 + Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 2 +- Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 6 + Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 5 - Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 5 +- Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 52 + Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 50 +- Cryptlib/OpenSSL/crypto/bn/bn_word.c | 25 +- Cryptlib/OpenSSL/crypto/cryptlib.c | 16 + Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 26 +- Cryptlib/OpenSSL/crypto/ec/ec_key.c | 13 +- Cryptlib/OpenSSL/crypto/ec/ec_lib.c | 10 +- Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c | 11 +- Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c | 11 +- Cryptlib/OpenSSL/crypto/engine/eng_all.c | 6 +- Cryptlib/OpenSSL/crypto/err/err_all.c | 2 + Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 3 +- Cryptlib/OpenSSL/crypto/evp/encode.c | 1 + Cryptlib/OpenSSL/crypto/o_init.c | 14 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 10 +- Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 8 + Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 2 +- Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 4 +- Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 2 +- Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 6 +- Cryptlib/OpenSSL/update.sh | 998 +++++++++--------- Cryptlib/Pk/CryptPkcs7Sign.c | 207 ++++ Cryptlib/Pk/CryptPkcs7SignNull.c | 59 ++ .../Pk/{CryptPkcs7.c => CryptPkcs7Verify.c} | 306 ++---- Cryptlib/Pk/CryptPkcs7VerifyNull.c | 100 ++ Cryptlib/Pk/CryptRsaExtNull.c | 125 +++ Cryptlib/Rand/CryptRand.c | 11 +- Cryptlib/update.sh | 9 +- 45 files changed, 1427 insertions(+), 810 deletions(-) create mode 100644 Cryptlib/Pk/CryptPkcs7Sign.c create mode 100644 Cryptlib/Pk/CryptPkcs7SignNull.c rename Cryptlib/Pk/{CryptPkcs7.c => CryptPkcs7Verify.c} (74%) create mode 100644 Cryptlib/Pk/CryptPkcs7VerifyNull.c create mode 100644 Cryptlib/Pk/CryptRsaExtNull.c diff --git a/Cryptlib/Cryptlib.diff b/Cryptlib/Cryptlib.diff index 9663d90..a2f49d6 100644 --- a/Cryptlib/Cryptlib.diff +++ b/Cryptlib/Cryptlib.diff @@ -6,8 +6,8 @@ index 68bc25a..1abe78e 100644 // BUG: hardcode OldSize == size! We have no any knowledge about // memory size of original pointer ptr. // -- return ReallocatePool ((UINTN)size, (UINTN)size, ptr); -+ return ReallocatePool (ptr, (UINTN)size, (UINTN)size); +- return ReallocatePool ((UINTN) size, (UINTN) size, ptr); ++ return ReallocatePool (ptr, (UINTN) size, (UINTN) size); } /* De-allocates or frees a memory block */ diff --git a/Cryptlib/Include/openssl/bn.h b/Cryptlib/Include/openssl/bn.h index f1719a5..688a4e7 100644 --- a/Cryptlib/Include/openssl/bn.h +++ b/Cryptlib/Include/openssl/bn.h @@ -511,6 +511,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -740,11 +742,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif diff --git a/Cryptlib/Include/openssl/crypto.h b/Cryptlib/Include/openssl/crypto.h index fc1374f..ac0c949 100644 --- a/Cryptlib/Include/openssl/crypto.h +++ b/Cryptlib/Include/openssl/crypto.h @@ -235,15 +235,15 @@ typedef struct openssl_item_st #ifndef OPENSSL_NO_LOCKING #ifndef CRYPTO_w_lock #define CRYPTO_w_lock(type) \ - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) #define CRYPTO_w_unlock(type) \ - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) #define CRYPTO_r_lock(type) \ - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) #define CRYPTO_r_unlock(type) \ - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) #define CRYPTO_add(addr,amount,type) \ - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) + CRYPTO_add_lock(addr,amount,type,NULL,0) #endif #else #define CRYPTO_w_lock(a) @@ -361,19 +361,19 @@ int CRYPTO_is_mem_check_on(void); #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) #define is_MemCheck_on() CRYPTO_is_mem_check_on() -#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) -#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) +#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) +#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) #define OPENSSL_realloc(addr,num) \ - CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) + CRYPTO_realloc((char *)addr,(int)num,NULL,0) #define OPENSSL_realloc_clean(addr,old_num,num) \ - CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) + CRYPTO_realloc_clean(addr,old_num,num,NULL,0) #define OPENSSL_remalloc(addr,num) \ - CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) + CRYPTO_remalloc((char **)addr,(int)num,NULL,0) #define OPENSSL_freeFunc CRYPTO_free #define OPENSSL_free(addr) CRYPTO_free(addr) #define OPENSSL_malloc_locked(num) \ - CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) + CRYPTO_malloc_locked((int)num,NULL,0) #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) @@ -487,7 +487,7 @@ void CRYPTO_set_mem_debug_options(long bits); long CRYPTO_get_mem_debug_options(void); #define CRYPTO_push_info(info) \ - CRYPTO_push_info_(info, __FILE__, __LINE__); + CRYPTO_push_info_(info, NULL, 0); int CRYPTO_push_info_(const char *info, const char *file, int line); int CRYPTO_pop_info(void); int CRYPTO_remove_all_info(void); @@ -528,17 +528,17 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); /* die if we have to */ void OpenSSLDie(const char *file,int line,const char *assertion); -#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) +#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1)) unsigned long *OPENSSL_ia32cap_loc(void); #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) int OPENSSL_isservice(void); #ifdef OPENSSL_FIPS -#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ +#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \ alg " previous FIPS forbidden algorithm error ignored"); -#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ +#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \ #alg " Algorithm forbidden in FIPS mode"); #ifdef OPENSSL_FIPS_STRICT @@ -591,6 +591,13 @@ int OPENSSL_isservice(void); #define OPENSSL_HAVE_INIT 1 void OPENSSL_init(void); +/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It + * takes an amount of time dependent on |len|, but independent of the contents + * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a + * defined order as the return value when a != b is undefined, other than to be + * non-zero. */ +int CRYPTO_memcmp(const void *a, const void *b, size_t len); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/Cryptlib/Include/openssl/ec.h b/Cryptlib/Include/openssl/ec.h index 8bc2a23..367307f 100644 --- a/Cryptlib/Include/openssl/ec.h +++ b/Cryptlib/Include/openssl/ec.h @@ -321,7 +321,15 @@ void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t); /* functions to set/get method specific data */ void *EC_KEY_get_key_method_data(EC_KEY *, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); -void EC_KEY_insert_key_method_data(EC_KEY *, void *data, +/** Sets the key method data of an EC_KEY object, if none has yet been set. + * \param key EC_KEY object + * \param data opaque data to install. + * \param dup_func a function that duplicates |data|. + * \param free_func a function that frees |data|. + * \param clear_free_func a function that wipes and frees |data|. + * \return the previously set data pointer, or NULL if |data| was inserted. + */ +void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); /* wrapper functions for the underlying EC_GROUP object */ void EC_KEY_set_asn1_flag(EC_KEY *, int); diff --git a/Cryptlib/Include/openssl/engine.h b/Cryptlib/Include/openssl/engine.h index d4bc1ef..b4e0444 100644 --- a/Cryptlib/Include/openssl/engine.h +++ b/Cryptlib/Include/openssl/engine.h @@ -335,15 +335,15 @@ void ENGINE_load_gmp(void); void ENGINE_load_nuron(void); void ENGINE_load_sureware(void); void ENGINE_load_ubsec(void); -#endif -void ENGINE_load_cryptodev(void); -void ENGINE_load_padlock(void); -void ENGINE_load_builtin_engines(void); #ifdef OPENSSL_SYS_WIN32 #ifndef OPENSSL_NO_CAPIENG void ENGINE_load_capi(void); #endif #endif +#endif +void ENGINE_load_cryptodev(void); +void ENGINE_load_padlock(void); +void ENGINE_load_builtin_engines(void); /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation * "registry" handling. */ diff --git a/Cryptlib/Include/openssl/opensslv.h b/Cryptlib/Include/openssl/opensslv.h index 4a5a5ae..e5ab5c4 100644 --- a/Cryptlib/Include/openssl/opensslv.h +++ b/Cryptlib/Include/openssl/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090817fL +#define OPENSSL_VERSION_NUMBER 0x009081afL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w-fips 23 Apr 2012" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-fips 5 Jun 2014" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8w 23 Apr 2012" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za 5 Jun 2014" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/Cryptlib/Include/openssl/ssl.h b/Cryptlib/Include/openssl/ssl.h index eb50e14..5f2a04e 100644 --- a/Cryptlib/Include/openssl/ssl.h +++ b/Cryptlib/Include/openssl/ssl.h @@ -490,11 +490,14 @@ typedef struct ssl_session_st #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L -#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ +#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L #define SSL_OP_TLS_D5_BUG 0x00000100L #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L +/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ +#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 + /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added * in OpenSSL 0.9.6d. Usually (depending on the application protocol) * the workaround is not needed. Unfortunately some broken SSL/TLS @@ -1204,6 +1207,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -1820,6 +1825,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_GET_NEW_SESSION 181 #define SSL_F_SSL_GET_PREV_SESSION 217 #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 +#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 #define SSL_F_SSL_GET_SIGN_PKEY 183 #define SSL_F_SSL_INIT_WBIO_BUFFER 184 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 @@ -2073,6 +2079,11 @@ void ERR_load_SSL_strings(void); #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 diff --git a/Cryptlib/Include/openssl/ssl3.h b/Cryptlib/Include/openssl/ssl3.h index b9a85ef..de5e559 100644 --- a/Cryptlib/Include/openssl/ssl3.h +++ b/Cryptlib/Include/openssl/ssl3.h @@ -333,6 +333,7 @@ typedef struct ssl3_buffer_st #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 #define SSL3_FLAGS_POP_BUFFER 0x0004 #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +#define SSL3_FLAGS_CCS_OK 0x0080 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we * restart a handshake because of MS SGC and so prevents us @@ -460,6 +461,15 @@ typedef struct ssl3_state_st unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; unsigned char previous_server_finished_len; int send_connection_binding; /* TODOEKR */ + +#ifndef OPENSSL_NO_TLSEXT +#ifndef OPENSSL_NO_EC + /* This is set to true if we believe that this is a version of Safari + * running on OS X 10.6 or newer. We wish to know this because Safari + * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ + char is_probably_safari; +#endif /* !OPENSSL_NO_EC */ +#endif /* !OPENSSL_NO_TLSEXT */ } SSL3_STATE; diff --git a/Cryptlib/Include/openssl/symhacks.h b/Cryptlib/Include/openssl/symhacks.h index 0114093..c540771 100644 --- a/Cryptlib/Include/openssl/symhacks.h +++ b/Cryptlib/Include/openssl/symhacks.h @@ -252,15 +252,15 @@ #define EC_POINT_set_compressed_coordinates_GF2m \ EC_POINT_set_compr_coords_GF2m #undef ec_GF2m_simple_group_clear_finish -#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish +#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish #undef ec_GF2m_simple_group_check_discriminant #define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim #undef ec_GF2m_simple_point_clear_finish -#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish +#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish #undef ec_GF2m_simple_point_set_to_infinity -#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf +#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf #undef ec_GF2m_simple_points_make_affine -#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine +#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine #undef ec_GF2m_simple_point_set_affine_coordinates #define ec_GF2m_simple_point_set_affine_coordinates \ ec_GF2m_smp_pt_set_af_coords @@ -288,8 +288,6 @@ #define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf #undef ec_GFp_simple_points_make_affine #define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine -#undef ec_GFp_simple_group_get_curve_GFp -#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp #undef ec_GFp_simple_set_Jprojective_coordinates_GFp #define ec_GFp_simple_set_Jprojective_coordinates_GFp \ ec_GFp_smp_set_Jproj_coords_GFp diff --git a/Cryptlib/Include/openssl/tls1.h b/Cryptlib/Include/openssl/tls1.h index afe4807..47f25af 100644 --- a/Cryptlib/Include/openssl/tls1.h +++ b/Cryptlib/Include/openssl/tls1.h @@ -80,10 +80,24 @@ extern "C" { #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 +#define TLS1_2_VERSION 0x0303 +#define TLS1_2_VERSION_MAJOR 0x03 +#define TLS1_2_VERSION_MINOR 0x03 + +#define TLS1_1_VERSION 0x0302 +#define TLS1_1_VERSION_MAJOR 0x03 +#define TLS1_1_VERSION_MINOR 0x02 + #define TLS1_VERSION 0x0301 #define TLS1_VERSION_MAJOR 0x03 #define TLS1_VERSION_MINOR 0x01 +#define TLS1_get_version(s) \ + ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) + +#define TLS1_get_client_version(s) \ + ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) + #define TLS1_AD_DECRYPTION_FAILED 21 #define TLS1_AD_RECORD_OVERFLOW 22 #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index d24e59e..678baac 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -30,7 +30,11 @@ OBJS = Hash/CryptMd4.o \ Rand/CryptRand.o \ Pk/CryptRsaBasic.o \ Pk/CryptRsaExt.o \ - Pk/CryptPkcs7.o \ + Pk/CryptRsaExtNull.o \ + Pk/CryptPkcs7Sign.o \ + Pk/CryptPkcs7SignNull.o \ + Pk/CryptPkcs7Verify.o \ + Pk/CryptPkcs7VerifyNull.o \ Pk/CryptDh.o \ Pk/CryptX509.o \ Pk/CryptAuthenticode.o \ diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c index f551bdb..ee26c31 100755 --- a/Cryptlib/OpenSSL/crypto/asn1/a_int.c +++ b/Cryptlib/OpenSSL/crypto/asn1/a_int.c @@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) int pad=0,ret,i,neg; unsigned char *p,*n,pb=0; - if ((a == NULL) || (a->data == NULL)) return(0); + if (a == NULL) return(0); neg=a->type & V_ASN1_NEG; if (a->length == 0) ret=1; diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c index 264ebf2..ead37ac 100755 --- a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +++ b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c @@ -567,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) if(mbflag == -1) return -1; mbflag |= MBSTRING_FLAG; stmp.data = NULL; + stmp.length = 0; ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); if(ret < 0) return ret; *out = stmp.data; diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c index b68ae43..9b7d688 100755 --- a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +++ b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c @@ -75,7 +75,7 @@ static int table_cmp(const void *a, const void *b); * certain software (e.g. Netscape) has problems with them. */ -static unsigned long global_mask = 0xFFFFFFFFL; +static unsigned long global_mask = B_ASN1_UTF8STRING; void ASN1_STRING_set_default_mask(unsigned long mask) { diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c index da3efaa..7ded69b 100755 --- a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +++ b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c @@ -138,6 +138,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat unsigned char *buf_in=NULL; int ret= -1,i,inl; + if (!pkey) + { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); + return -1; + } + EVP_MD_CTX_init(&ctx); i=OBJ_obj2nid(a->algorithm); type=EVP_get_digestbyname(OBJ_nid2sn(i)); diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c index afb95d6..bc23f56 100755 --- a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +++ b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c @@ -208,11 +208,6 @@ int DSA_print(BIO *bp, const DSA *x, int off) if (x->p) buf_len = (size_t)BN_num_bytes(x->p); - else - { - DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS); - goto err; - } if (x->q) if (buf_len < (i = (size_t)BN_num_bytes(x->q))) buf_len = i; diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c index 94d9f7e..bc8a7bf 100755 --- a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +++ b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c @@ -371,12 +371,15 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); if (key->pkey) { + CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); EVP_PKEY_free(ret); ret = key->pkey; } else + { key->pkey = ret; - CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + } CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); return(ret); err: diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c index 32a8fba..b66f507 100755 --- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c @@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, } return bn_cmp_words(a,b,cl); } + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c index 4799b15..27cafb1 100755 --- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c @@ -701,32 +701,38 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, const BIGNUM *mod, BN_CTX *ctx) { - int got_write_lock = 0; BN_MONT_CTX *ret; CRYPTO_r_lock(lock); - if (!*pmont) - { - CRYPTO_r_unlock(lock); - CRYPTO_w_lock(lock); - got_write_lock = 1; - - if (!*pmont) - { - ret = BN_MONT_CTX_new(); - if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) - BN_MONT_CTX_free(ret); - else - *pmont = ret; - } - } - ret = *pmont; - - if (got_write_lock) - CRYPTO_w_unlock(lock); + CRYPTO_r_unlock(lock); + if (ret) + return ret; + + /* We don't want to serialise globally while doing our lazy-init math in + * BN_MONT_CTX_set. That punishes threads that are doing independent + * things. Instead, punish the case where more than one thread tries to + * lazy-init the same 'pmont', by having each do the lazy-init math work + * independently and only use the one from the thread that wins the race + * (the losers throw away the work they've done). */ + ret = BN_MONT_CTX_new(); + if (!ret) + return NULL; + if (!BN_MONT_CTX_set(ret, mod, ctx)) + { + BN_MONT_CTX_free(ret); + return NULL; + } + + /* The locked compare-and-set, after the local work is done. */ + CRYPTO_w_lock(lock); + if (*pmont) + { + BN_MONT_CTX_free(ret); + ret = *pmont; + } else - CRYPTO_r_unlock(lock); - + *pmont = ret; + CRYPTO_w_unlock(lock); return ret; } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c index ee7b87c..de83a15 100755 --- a/Cryptlib/OpenSSL/crypto/bn/bn_word.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_word.c @@ -144,26 +144,17 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) a->neg=!(a->neg); return(i); } - /* Only expand (and risk failing) if it's possibly necessary */ - if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) && - (bn_wexpand(a,a->top+1) == NULL)) - return(0); - i=0; - for (;;) + for (i=0;w!=0 && itop;i++) { - if (i >= a->top) - l=w; - else - l=(a->d[i]+w)&BN_MASK2; - a->d[i]=l; - if (w > l) - w=1; - else - break; - i++; + a->d[i] = l = (a->d[i]+w)&BN_MASK2; + w = (w>l)?1:0; } - if (i >= a->top) + if (w && i==a->top) + { + if (bn_wexpand(a,a->top+1) == NULL) return 0; a->top++; + a->d[i]=w; + } bn_check_top(a); return(1); } diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c index dd74ea8..dec3286 100755 --- a/Cryptlib/OpenSSL/crypto/cryptlib.c +++ b/Cryptlib/OpenSSL/crypto/cryptlib.c @@ -542,3 +542,19 @@ void OpenSSLDie(const char *file,int line,const char *assertion) } void *OPENSSL_stderr(void) { return stderr; } + +#ifndef OPENSSL_FIPS + +int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) + { + size_t i; + const unsigned char *a = in_a; + const unsigned char *b = in_b; + unsigned char x = 0; + + for (i = 0; i < len; i++) + x |= a[i] ^ b[i]; + + return x; + } +#endif diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c index 7dca5e4..6b570a3 100755 --- a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c +++ b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c @@ -208,9 +208,12 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG /* Computes scalar*point and stores the result in r. * point can not equal r. - * Uses algorithm 2P of + * Uses a modified algorithm 2P of * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation". + * + * To protect against side-channel attack the function uses constant time + * swap avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) @@ -244,6 +247,11 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, x2 = &r->X; z2 = &r->Y; + bn_wexpand(x1, group->field.top); + bn_wexpand(z1, group->field.top); + bn_wexpand(x2, group->field.top); + bn_wexpand(z2, group->field.top); + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ if (!BN_one(z1)) goto err; /* z1 = 1 */ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ @@ -266,16 +274,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, { for (; j >= 0; j--) { - if (scalar->d[i] & mask) - { - if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; - if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; - } - else - { - if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - } + BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); + BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); + BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); mask >>= 1; } j = BN_BITS2 - 1; diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c index 522802c..6c933d2 100755 --- a/Cryptlib/OpenSSL/crypto/ec/ec_key.c +++ b/Cryptlib/OpenSSL/crypto/ec/ec_key.c @@ -435,18 +435,27 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) void *EC_KEY_get_key_method_data(EC_KEY *key, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { - return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); + void *ret; + + CRYPTO_r_lock(CRYPTO_LOCK_EC); + ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); + CRYPTO_r_unlock(CRYPTO_LOCK_EC); + + return ret; } -void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, +void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { EC_EXTRA_DATA *ex_data; + CRYPTO_w_lock(CRYPTO_LOCK_EC); ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); if (ex_data == NULL) EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); CRYPTO_w_unlock(CRYPTO_LOCK_EC); + + return ex_data; } void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c index 5af8437..bbf2799 100755 --- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c @@ -480,10 +480,10 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != EC_METHOD_get_field_type(EC_GROUP_method_of(b))) return 1; - /* compare the curve name (if present) */ + /* compare the curve name (if present in both) */ if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && - EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b)) - return 0; + EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) + return 1; if (!ctx) ctx_new = ctx = BN_CTX_new(); @@ -1061,12 +1061,12 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN if (group->meth->point_cmp == 0) { ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; + return -1; } if ((group->meth != a->meth) || (a->meth != b->meth)) { ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); - return 0; + return -1; } return group->meth->point_cmp(group, a, b, ctx); } diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c index bf22234..f9ba5fb 100755 --- a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c +++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c @@ -205,8 +205,15 @@ ECDH_DATA *ecdh_check(EC_KEY *key) ecdh_data = (ECDH_DATA *)ecdh_data_new(); if (ecdh_data == NULL) return NULL; - EC_KEY_insert_key_method_data(key, (void *)ecdh_data, - ecdh_data_dup, ecdh_data_free, ecdh_data_free); + data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, + ecdh_data_dup, ecdh_data_free, ecdh_data_free); + if (data != NULL) + { + /* Another thread raced us to install the key_method + * data and won. */ + ecdh_data_free(ecdh_data); + ecdh_data = (ECDH_DATA *)data; + } } else ecdh_data = (ECDH_DATA *)data; diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c index 2ebae3a..81082c9 100755 --- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c +++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c @@ -188,8 +188,15 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key) ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); if (ecdsa_data == NULL) return NULL; - EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, - ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); + data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, + ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); + if (data != NULL) + { + /* Another thread raced us to install the key_method + * data and won. */ + ecdsa_data_free(ecdsa_data); + ecdsa_data = (ECDSA_DATA *)data; + } } else ecdsa_data = (ECDSA_DATA *)data; diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c index f29c167..8a1b9c7 100755 --- a/Cryptlib/OpenSSL/crypto/engine/eng_all.c +++ b/Cryptlib/OpenSSL/crypto/engine/eng_all.c @@ -102,14 +102,14 @@ void ENGINE_load_builtin_engines(void) #if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) ENGINE_load_gmp(); #endif +#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) + ENGINE_load_capi(); +#endif #endif #ifndef OPENSSL_NO_HW #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) ENGINE_load_cryptodev(); #endif -#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) - ENGINE_load_capi(); -#endif #endif } diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c index 39796f7..0429389 100755 --- a/Cryptlib/OpenSSL/crypto/err/err_all.c +++ b/Cryptlib/OpenSSL/crypto/err/err_all.c @@ -104,7 +104,9 @@ #ifndef OPENSSL_NO_JPAKE #include #endif +#ifndef OPENSSL_NO_COMP #include +#endif void ERR_load_crypto_strings(void) { diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c index 72a2a67..16863fe 100755 --- a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +++ b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c @@ -226,6 +226,7 @@ static int b64_read(BIO *b, char *out, int outl) else if (ctx->start) { q=p=(unsigned char *)ctx->tmp; + num = 0; for (j=0; j v) { rv=-1; goto end; } ret+=(v-eof); } else diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c index d767a90..c89fda5 100755 --- a/Cryptlib/OpenSSL/crypto/o_init.c +++ b/Cryptlib/OpenSSL/crypto/o_init.c @@ -93,4 +93,18 @@ void OPENSSL_init(void) #endif } +#ifdef OPENSSL_FIPS +int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) + { + size_t i; + const unsigned char *a = in_a; + const unsigned char *b = in_b; + unsigned char x = 0; + + for (i = 0; i < len; i++) + x |= a[i] ^ b[i]; + + return x; + } +#endif diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c index 4a0c387..f24080f 100755 --- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c @@ -91,9 +91,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, { EVP_PKEY *skey; skey = X509_get_pubkey(signer); - ret = OCSP_BASICRESP_verify(bs, skey, 0); - EVP_PKEY_free(skey); - if(ret <= 0) + if (skey) + { + ret = OCSP_BASICRESP_verify(bs, skey, 0); + EVP_PKEY_free(skey); + } + if(!skey || ret <= 0) { OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); goto end; @@ -108,6 +111,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); if(!init_res) { + ret = -1; OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); goto end; } diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c index 9522342..3ef3be1 100755 --- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c @@ -100,7 +100,11 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; else #endif +#ifdef OPENSSL_NO_RC2 + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; +#else nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; +#endif } if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; @@ -290,7 +294,11 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, free_safes = 0; if (nid_safe == 0) +#ifdef OPENSSL_NO_RC2 + nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; +#else nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; +#endif if (nid_safe == -1) p7 = PKCS12_pack_p7data(bags); diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c index 5c4c6ec..bdbbbec 100755 --- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c @@ -261,7 +261,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, int len, r; unsigned char *data; len = ASN1_STRING_to_UTF8(&data, fname); - if(len > 0) { + if(len >= 0) { r = X509_alias_set1(x509, data, len); OPENSSL_free(data); if (!r) diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c index b0ff89a..49b450d 100755 --- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c @@ -290,8 +290,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, bufsiz = 4096; buf = OPENSSL_malloc (bufsiz); - if (buf == NULL) { - goto err; + if (buf == NULL) { + goto err; } /* We now have to 'read' from p7bio to calculate digests etc. */ diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c index 546ae5f..b8e3edc 100755 --- a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c @@ -143,7 +143,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); - if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) + if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) goto decoding_err; else { diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c index af12520..b87617a 100755 --- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c @@ -386,11 +386,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) static int check_chain_extensions(X509_STORE_CTX *ctx) { -#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI) - /* - NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting - in Authenticode Signing Certificates. - */ +#ifdef OPENSSL_NO_CHAIN_VERIFY return 1; #else int i, ok=0, must_be_ca, plen = 0; diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh index cb25ccd..95875e7 100755 --- a/Cryptlib/OpenSSL/update.sh +++ b/Cryptlib/OpenSSL/update.sh @@ -1,499 +1,501 @@ #/bin/sh -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/e_os.h e_os.h -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cryptlib.c crypto/cryptlib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dyn_lck.c crypto/dyn_lck.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem.c crypto/mem.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem_clr.c crypto/mem_clr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/mem_dbg.c crypto/mem_dbg.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cversion.c crypto/cversion.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ex_data.c crypto/ex_data.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cpt_err.c crypto/cpt_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ebcdic.c crypto/ebcdic.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/uid.c crypto/uid.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_time.c crypto/o_time.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_str.c crypto/o_str.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_dir.c crypto/o_dir.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/o_init.c crypto/o_init.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/fips_err.c crypto/fips_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md2/md2_one.c crypto/md2/md2_one.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md4/md4_one.c crypto/md4/md4_one.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/md5/md5_one.c crypto/md5/md5_one.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha_one.c crypto/sha/sha_one.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha1_one.c crypto/sha/sha1_one.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha256.c crypto/sha/sha256.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/sha/sha512.c crypto/sha/sha512.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/hmac/hmac.c crypto/hmac/hmac.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_lib.c crypto/des/des_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/set_key.c crypto/des/set_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ecb_enc.c crypto/des/ecb_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cbc_enc.c crypto/des/cbc_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb64enc.c crypto/des/cfb64enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb64ede.c crypto/des/cfb64ede.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cfb_enc.c crypto/des/cfb_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb64ede.c crypto/des/ofb64ede.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/enc_read.c crypto/des/enc_read.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/enc_writ.c crypto/des/enc_writ.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb64enc.c crypto/des/ofb64enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ofb_enc.c crypto/des/ofb_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/str2key.c crypto/des/str2key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/qud_cksm.c crypto/des/qud_cksm.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/rand_key.c crypto/des/rand_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_enc.c crypto/des/des_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/fcrypt.c crypto/des/fcrypt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/rpc_enc.c crypto/des/rpc_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_old.c crypto/des/des_old.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/des_old2.c crypto/des/des_old2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/des/read2pwd.c crypto/des/read2pwd.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_cbc.c crypto/idea/i_cbc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_ecb.c crypto/idea/i_ecb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/idea/i_skey.c crypto/idea/i_skey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_skey.c crypto/bf/bf_skey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_enc.c crypto/bf/bf_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_skey.c crypto/cast/c_skey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_ecb.c crypto/cast/c_ecb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_enc.c crypto/cast/c_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_misc.c crypto/aes/aes_misc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_ige.c crypto/aes/aes_ige.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_core.c crypto/aes/aes_core.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_add.c crypto/bn/bn_add.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_div.c crypto/bn/bn_div.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_exp.c crypto/bn/bn_exp.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_lib.c crypto/bn/bn_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mul.c crypto/bn/bn_mul.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mod.c crypto/bn/bn_mod.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_print.c crypto/bn/bn_print.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_rand.c crypto/bn/bn_rand.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_shift.c crypto/bn/bn_shift.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_word.c crypto/bn/bn_word.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_blind.c crypto/bn/bn_blind.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_kron.c crypto/bn/bn_kron.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_prime.c crypto/bn/bn_prime.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_err.c crypto/bn/bn_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_asm.c crypto/bn/bn_asm.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_recp.c crypto/bn/bn_recp.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mont.c crypto/bn/bn_mont.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_nist.c crypto/bn/bn_nist.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_depr.c crypto/bn/bn_depr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_const.c crypto/bn/bn_const.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bn/bn_opt.c crypto/bn/bn_opt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_dl.c crypto/dso/dso_dl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_err.c crypto/dso/dso_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_lib.c crypto/dso/dso_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_null.c crypto/dso/dso_null.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_win32.c crypto/dso/dso_win32.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dso/dso_vms.c crypto/dso/dso_vms.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_gen.c crypto/dh/dh_gen.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_key.c crypto/dh/dh_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_lib.c crypto/dh/dh_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_check.c crypto/dh/dh_check.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_err.c crypto/dh/dh_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/dh/dh_depr.c crypto/dh/dh_depr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_lib.c crypto/ec/ec_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_mult.c crypto/ec/ec_mult.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_err.c crypto/ec/ec_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_curve.c crypto/ec/ec_curve.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_check.c crypto/ec/ec_check.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_print.c crypto/ec/ec_print.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec_key.c crypto/ec/ec_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buffer.c crypto/buffer/buffer.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buf_str.c crypto/buffer/buf_str.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/buffer/buf_err.c crypto/buffer/buf_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_lib.c crypto/bio/bio_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_cb.c crypto/bio/bio_cb.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bio_err.c crypto/bio/bio_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_mem.c crypto/bio/bss_mem.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_null.c crypto/bio/bss_null.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_fd.c crypto/bio/bss_fd.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_file.c crypto/bio/bss_file.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_null.c crypto/bio/bf_null.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_buff.c crypto/bio/bf_buff.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/b_dump.c crypto/bio/b_dump.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_log.c crypto/bio/bss_log.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_bio.c crypto/bio/bss_bio.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/stack/stack.c crypto/stack/stack.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/lhash/lhash.c crypto/lhash/lhash.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/md_rand.c crypto/rand/md_rand.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/randfile.c crypto/rand/randfile.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_lib.c crypto/rand/rand_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_eng.c crypto/rand/rand_eng.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_err.c crypto/rand/rand_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_egd.c crypto/rand/rand_egd.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_win.c crypto/rand/rand_win.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_unix.c crypto/rand/rand_unix.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_os2.c crypto/rand/rand_os2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/rand/rand_nw.c crypto/rand/rand_nw.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err.c crypto/err/err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_def.c crypto/err/err_def.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_all.c crypto/err/err_all.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_prn.c crypto/err/err_prn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_str.c crypto/err/err_str.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/err/err_bio.c crypto/err/err_bio.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/o_names.c crypto/objects/o_names.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_dat.c crypto/objects/obj_dat.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_lib.c crypto/objects/obj_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/objects/obj_err.c crypto/objects/obj_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/encode.c crypto/evp/encode.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/digest.c crypto/evp/digest.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/dig_eng.c crypto/evp/dig_eng.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_enc.c crypto/evp/evp_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_key.c crypto/evp/evp_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_des.c crypto/evp/e_des.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_bf.c crypto/evp/e_bf.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_idea.c crypto/evp/e_idea.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_des3.c crypto/evp/e_des3.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc4.c crypto/evp/e_rc4.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_aes.c crypto/evp/e_aes.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/names.c crypto/evp/names.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc2.c crypto/evp/e_rc2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_cast.c crypto/evp/e_cast.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_rc5.c crypto/evp/e_rc5.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/enc_min.c crypto/evp/enc_min.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_null.c crypto/evp/m_null.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md2.c crypto/evp/m_md2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md4.c crypto/evp/m_md4.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_md5.c crypto/evp/m_md5.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_sha.c crypto/evp/m_sha.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_sha1.c crypto/evp/m_sha1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_dss.c crypto/evp/m_dss.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_dss1.c crypto/evp/m_dss1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_open.c crypto/evp/p_open.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_seal.c crypto/evp/p_seal.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_sign.c crypto/evp/p_sign.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_verify.c crypto/evp/p_verify.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_lib.c crypto/evp/p_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_enc.c crypto/evp/p_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p_dec.c crypto/evp/p_dec.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_md.c crypto/evp/bio_md.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_b64.c crypto/evp/bio_b64.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_enc.c crypto/evp/bio_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_err.c crypto/evp/evp_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_null.c crypto/evp/e_null.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_all.c crypto/evp/c_all.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_allc.c crypto/evp/c_allc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/c_alld.c crypto/evp/c_alld.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_lib.c crypto/evp/evp_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/bio_ok.c crypto/evp/bio_ok.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/evp/e_old.c crypto/evp/e_old.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_object.c crypto/asn1/a_object.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_time.c crypto/asn1/a_time.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_int.c crypto/asn1/a_int.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_octet.c crypto/asn1/a_octet.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_print.c crypto/asn1/a_print.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_type.c crypto/asn1/a_type.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_set.c crypto/asn1/a_set.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_dup.c crypto/asn1/a_dup.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_enum.c crypto/asn1/a_enum.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_sign.c crypto/asn1/a_sign.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_digest.c crypto/asn1/a_digest.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_verify.c crypto/asn1/a_verify.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_strex.c crypto/asn1/a_strex.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_algor.c crypto/asn1/x_algor.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_val.c crypto/asn1/x_val.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_sig.c crypto/asn1/x_sig.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_req.c crypto/asn1/x_req.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_long.c crypto/asn1/x_long.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_name.c crypto/asn1/x_name.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_x509.c crypto/asn1/x_x509.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_crl.c crypto/asn1/x_crl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_info.c crypto/asn1/x_info.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_spki.c crypto/asn1/x_spki.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/nsseq.c crypto/asn1/nsseq.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_req.c crypto/asn1/t_req.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_x509.c crypto/asn1/t_x509.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_crl.c crypto/asn1/t_crl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_spki.c crypto/asn1/t_spki.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_int.c crypto/asn1/f_int.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_string.c crypto/asn1/f_string.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/f_enum.c crypto/asn1/f_enum.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bool.c crypto/asn1/a_bool.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/x_exten.c crypto/asn1/x_exten.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_meth.c crypto/asn1/a_meth.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_sign.c crypto/pem/pem_sign.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_seal.c crypto/pem/pem_seal.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_info.c crypto/pem/pem_info.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_lib.c crypto/pem/pem_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_all.c crypto/pem/pem_all.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_err.c crypto/pem/pem_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_x509.c crypto/pem/pem_x509.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_oth.c crypto/pem/pem_oth.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_def.c crypto/x509/x509_def.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_d2.c crypto/x509/x509_d2.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_obj.c crypto/x509/x509_obj.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_req.c crypto/x509/x509_req.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509spki.c crypto/x509/x509spki.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_set.c crypto/x509/x509_set.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509cset.c crypto/x509/x509cset.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509rset.c crypto/x509/x509rset.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_err.c crypto/x509/x509_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509name.c crypto/x509/x509name.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_v3.c crypto/x509/x509_v3.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_ext.c crypto/x509/x509_ext.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_att.c crypto/x509/x509_att.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509type.c crypto/x509/x509type.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_lu.c crypto/x509/x509_lu.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x_all.c crypto/x509/x_all.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_txt.c crypto/x509/x509_txt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_trs.c crypto/x509/x509_trs.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/by_file.c crypto/x509/by_file.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/by_dir.c crypto/x509/by_dir.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3err.c crypto/x509v3/v3err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_err.c crypto/conf/conf_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_lib.c crypto/conf/conf_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_api.c crypto/conf/conf_api.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_def.c crypto/conf/conf_def.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_mod.c crypto/conf/conf_mod.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_mall.c crypto/conf/conf_mall.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/conf/conf_sap.c crypto/conf/conf_sap.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/comp_lib.c crypto/comp/comp_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/comp_err.c crypto/comp/comp_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/c_rle.c crypto/comp/c_rle.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/comp/c_zlib.c crypto/comp/c_zlib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_err.c crypto/engine/eng_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_lib.c crypto/engine/eng_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_list.c crypto/engine/eng_list.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_init.c crypto/engine/eng_init.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_table.c crypto/engine/eng_table.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_fat.c crypto/engine/eng_fat.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_all.c crypto/engine/eng_all.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_dh.c crypto/engine/tb_dh.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_rand.c crypto/engine/tb_rand.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_store.c crypto/engine/tb_store.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/tb_digest.c crypto/engine/tb_digest.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_err.c crypto/ui/ui_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_lib.c crypto/ui/ui_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_util.c crypto/ui/ui_util.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/ui/ui_compat.c crypto/ui/ui_compat.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_err.c crypto/store/str_err.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_lib.c crypto/store/str_lib.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_meth.c crypto/store/str_meth.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/store/str_mem.c crypto/store/str_mem.c -install -D /home/mjg59/Source/efi/edk2/CryptoPkg/Library/OpensslLib/openssl-0.9.8w/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c +DIR=$1 + +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/e_os.h e_os.h +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cryptlib.c crypto/cryptlib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dyn_lck.c crypto/dyn_lck.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem.c crypto/mem.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_clr.c crypto/mem_clr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_dbg.c crypto/mem_dbg.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cversion.c crypto/cversion.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ex_data.c crypto/ex_data.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cpt_err.c crypto/cpt_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ebcdic.c crypto/ebcdic.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/uid.c crypto/uid.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_time.c crypto/o_time.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_str.c crypto/o_str.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_dir.c crypto/o_dir.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_init.c crypto/o_init.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/fips_err.c crypto/fips_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_one.c crypto/md2/md2_one.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_one.c crypto/md4/md4_one.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_one.c crypto/md5/md5_one.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_one.c crypto/sha/sha_one.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1_one.c crypto/sha/sha1_one.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha256.c crypto/sha/sha256.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha512.c crypto/sha/sha512.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/hmac/hmac.c crypto/hmac/hmac.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_lib.c crypto/des/des_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/set_key.c crypto/des/set_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb_enc.c crypto/des/ecb_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_enc.c crypto/des/cbc_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64enc.c crypto/des/cfb64enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64ede.c crypto/des/cfb64ede.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb_enc.c crypto/des/cfb_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64ede.c crypto/des/ofb64ede.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_read.c crypto/des/enc_read.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_writ.c crypto/des/enc_writ.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64enc.c crypto/des/ofb64enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb_enc.c crypto/des/ofb_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/str2key.c crypto/des/str2key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/qud_cksm.c crypto/des/qud_cksm.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rand_key.c crypto/des/rand_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_enc.c crypto/des/des_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt.c crypto/des/fcrypt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rpc_enc.c crypto/des/rpc_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old.c crypto/des/des_old.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old2.c crypto/des/des_old2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/read2pwd.c crypto/des/read2pwd.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cbc.c crypto/idea/i_cbc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ecb.c crypto/idea/i_ecb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_skey.c crypto/idea/i_skey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_skey.c crypto/bf/bf_skey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_enc.c crypto/bf/bf_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_skey.c crypto/cast/c_skey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ecb.c crypto/cast/c_ecb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_enc.c crypto/cast/c_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_misc.c crypto/aes/aes_misc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ige.c crypto/aes/aes_ige.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_core.c crypto/aes/aes_core.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_add.c crypto/bn/bn_add.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_div.c crypto/bn/bn_div.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp.c crypto/bn/bn_exp.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_lib.c crypto/bn/bn_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mul.c crypto/bn/bn_mul.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mod.c crypto/bn/bn_mod.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_print.c crypto/bn/bn_print.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_rand.c crypto/bn/bn_rand.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_shift.c crypto/bn/bn_shift.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_word.c crypto/bn/bn_word.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_blind.c crypto/bn/bn_blind.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_kron.c crypto/bn/bn_kron.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_prime.c crypto/bn/bn_prime.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_err.c crypto/bn/bn_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_asm.c crypto/bn/bn_asm.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_recp.c crypto/bn/bn_recp.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mont.c crypto/bn/bn_mont.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_nist.c crypto/bn/bn_nist.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_depr.c crypto/bn/bn_depr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_const.c crypto/bn/bn_const.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_opt.c crypto/bn/bn_opt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dl.c crypto/dso/dso_dl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_err.c crypto/dso/dso_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_lib.c crypto/dso/dso_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_null.c crypto/dso/dso_null.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_win32.c crypto/dso/dso_win32.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_vms.c crypto/dso/dso_vms.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_gen.c crypto/dh/dh_gen.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_key.c crypto/dh/dh_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_lib.c crypto/dh/dh_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_check.c crypto/dh/dh_check.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_err.c crypto/dh/dh_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_depr.c crypto/dh/dh_depr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_lib.c crypto/ec/ec_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_mult.c crypto/ec/ec_mult.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_err.c crypto/ec/ec_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_curve.c crypto/ec/ec_curve.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_check.c crypto/ec/ec_check.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_print.c crypto/ec/ec_print.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_key.c crypto/ec/ec_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buffer.c crypto/buffer/buffer.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_str.c crypto/buffer/buf_str.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_err.c crypto/buffer/buf_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_lib.c crypto/bio/bio_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_cb.c crypto/bio/bio_cb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_err.c crypto/bio/bio_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_mem.c crypto/bio/bss_mem.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_null.c crypto/bio/bss_null.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_fd.c crypto/bio/bss_fd.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_file.c crypto/bio/bss_file.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_null.c crypto/bio/bf_null.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_buff.c crypto/bio/bf_buff.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/b_dump.c crypto/bio/b_dump.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_log.c crypto/bio/bss_log.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_bio.c crypto/bio/bss_bio.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/stack/stack.c crypto/stack/stack.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lhash.c crypto/lhash/lhash.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/md_rand.c crypto/rand/md_rand.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/randfile.c crypto/rand/randfile.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_lib.c crypto/rand/rand_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_eng.c crypto/rand/rand_eng.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_err.c crypto/rand/rand_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_egd.c crypto/rand/rand_egd.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_win.c crypto/rand/rand_win.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_unix.c crypto/rand/rand_unix.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_os2.c crypto/rand/rand_os2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_nw.c crypto/rand/rand_nw.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err.c crypto/err/err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_def.c crypto/err/err_def.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_all.c crypto/err/err_all.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_prn.c crypto/err/err_prn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_str.c crypto/err/err_str.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_bio.c crypto/err/err_bio.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/o_names.c crypto/objects/o_names.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_dat.c crypto/objects/obj_dat.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_lib.c crypto/objects/obj_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_err.c crypto/objects/obj_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/encode.c crypto/evp/encode.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/digest.c crypto/evp/digest.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/dig_eng.c crypto/evp/dig_eng.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_enc.c crypto/evp/evp_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_key.c crypto/evp/evp_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des.c crypto/evp/e_des.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_bf.c crypto/evp/e_bf.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_idea.c crypto/evp/e_idea.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des3.c crypto/evp/e_des3.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc4.c crypto/evp/e_rc4.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_aes.c crypto/evp/e_aes.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/names.c crypto/evp/names.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc2.c crypto/evp/e_rc2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_cast.c crypto/evp/e_cast.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc5.c crypto/evp/e_rc5.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/enc_min.c crypto/evp/enc_min.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_null.c crypto/evp/m_null.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md2.c crypto/evp/m_md2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md4.c crypto/evp/m_md4.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md5.c crypto/evp/m_md5.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha.c crypto/evp/m_sha.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha1.c crypto/evp/m_sha1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss.c crypto/evp/m_dss.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss1.c crypto/evp/m_dss1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_open.c crypto/evp/p_open.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_seal.c crypto/evp/p_seal.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_sign.c crypto/evp/p_sign.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_verify.c crypto/evp/p_verify.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_lib.c crypto/evp/p_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_enc.c crypto/evp/p_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_dec.c crypto/evp/p_dec.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_md.c crypto/evp/bio_md.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_b64.c crypto/evp/bio_b64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_enc.c crypto/evp/bio_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_err.c crypto/evp/evp_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_null.c crypto/evp/e_null.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_all.c crypto/evp/c_all.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_allc.c crypto/evp/c_allc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_alld.c crypto/evp/c_alld.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_lib.c crypto/evp/evp_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_ok.c crypto/evp/bio_ok.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_old.c crypto/evp/e_old.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_object.c crypto/asn1/a_object.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_time.c crypto/asn1/a_time.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_int.c crypto/asn1/a_int.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_octet.c crypto/asn1/a_octet.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_print.c crypto/asn1/a_print.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_type.c crypto/asn1/a_type.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_set.c crypto/asn1/a_set.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_dup.c crypto/asn1/a_dup.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_enum.c crypto/asn1/a_enum.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_sign.c crypto/asn1/a_sign.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_digest.c crypto/asn1/a_digest.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_verify.c crypto/asn1/a_verify.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strex.c crypto/asn1/a_strex.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_algor.c crypto/asn1/x_algor.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_val.c crypto/asn1/x_val.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_sig.c crypto/asn1/x_sig.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_req.c crypto/asn1/x_req.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_long.c crypto/asn1/x_long.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_name.c crypto/asn1/x_name.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509.c crypto/asn1/x_x509.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_crl.c crypto/asn1/x_crl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_info.c crypto/asn1/x_info.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_spki.c crypto/asn1/x_spki.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/nsseq.c crypto/asn1/nsseq.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_req.c crypto/asn1/t_req.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509.c crypto/asn1/t_x509.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_crl.c crypto/asn1/t_crl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_spki.c crypto/asn1/t_spki.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_int.c crypto/asn1/f_int.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_string.c crypto/asn1/f_string.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_enum.c crypto/asn1/f_enum.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bool.c crypto/asn1/a_bool.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_exten.c crypto/asn1/x_exten.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_meth.c crypto/asn1/a_meth.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_sign.c crypto/pem/pem_sign.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_seal.c crypto/pem/pem_seal.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_info.c crypto/pem/pem_info.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_lib.c crypto/pem/pem_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_all.c crypto/pem/pem_all.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_err.c crypto/pem/pem_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_x509.c crypto/pem/pem_x509.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_oth.c crypto/pem/pem_oth.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_def.c crypto/x509/x509_def.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_d2.c crypto/x509/x509_d2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_obj.c crypto/x509/x509_obj.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_req.c crypto/x509/x509_req.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509spki.c crypto/x509/x509spki.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_set.c crypto/x509/x509_set.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509cset.c crypto/x509/x509cset.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509rset.c crypto/x509/x509rset.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_err.c crypto/x509/x509_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509name.c crypto/x509/x509name.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_v3.c crypto/x509/x509_v3.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_ext.c crypto/x509/x509_ext.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_att.c crypto/x509/x509_att.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509type.c crypto/x509/x509type.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_lu.c crypto/x509/x509_lu.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x_all.c crypto/x509/x_all.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_txt.c crypto/x509/x509_txt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_trs.c crypto/x509/x509_trs.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_file.c crypto/x509/by_file.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_dir.c crypto/x509/by_dir.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3err.c crypto/x509v3/v3err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_err.c crypto/conf/conf_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_lib.c crypto/conf/conf_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_api.c crypto/conf/conf_api.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_def.c crypto/conf/conf_def.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mod.c crypto/conf/conf_mod.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mall.c crypto/conf/conf_mall.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_sap.c crypto/conf/conf_sap.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_lib.c crypto/comp/comp_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_err.c crypto/comp/comp_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_rle.c crypto/comp/c_rle.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_zlib.c crypto/comp/c_zlib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_err.c crypto/engine/eng_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_lib.c crypto/engine/eng_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_list.c crypto/engine/eng_list.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_init.c crypto/engine/eng_init.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_table.c crypto/engine/eng_table.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_fat.c crypto/engine/eng_fat.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_all.c crypto/engine/eng_all.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dh.c crypto/engine/tb_dh.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rand.c crypto/engine/tb_rand.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_store.c crypto/engine/tb_store.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_digest.c crypto/engine/tb_digest.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_err.c crypto/ui/ui_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_lib.c crypto/ui/ui_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_util.c crypto/ui/ui_util.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_compat.c crypto/ui/ui_compat.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_err.c crypto/store/str_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_lib.c crypto/store/str_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_meth.c crypto/store/str_meth.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_mem.c crypto/store/str_mem.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c diff --git a/Cryptlib/Pk/CryptPkcs7Sign.c b/Cryptlib/Pk/CryptPkcs7Sign.c new file mode 100644 index 0000000..63fe78f --- /dev/null +++ b/Cryptlib/Pk/CryptPkcs7Sign.c @@ -0,0 +1,207 @@ +/** @file + PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL. + +Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" + +#include +#include +#include + + +/** + Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message + Syntax Standard, version 1.5". This interface is only intended to be used for + application to perform PKCS#7 functionality validation. + + @param[in] PrivateKey Pointer to the PEM-formatted private key data for + data signing. + @param[in] PrivateKeySize Size of the PEM private key data in bytes. + @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM + key data. + @param[in] InData Pointer to the content to be signed. + @param[in] InDataSize Size of InData in bytes. + @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. + @param[in] OtherCerts Pointer to an optional additional set of certificates to + include in the PKCS#7 signedData (e.g. any intermediate + CAs in the chain). + @param[out] SignedData Pointer to output PKCS#7 signedData. + @param[out] SignedDataSize Size of SignedData in bytes. + + @retval TRUE PKCS#7 data signing succeeded. + @retval FALSE PKCS#7 data signing failed. + +**/ +BOOLEAN +EFIAPI +Pkcs7Sign ( + IN CONST UINT8 *PrivateKey, + IN UINTN PrivateKeySize, + IN CONST UINT8 *KeyPassword, + IN UINT8 *InData, + IN UINTN InDataSize, + IN UINT8 *SignCert, + IN UINT8 *OtherCerts OPTIONAL, + OUT UINT8 **SignedData, + OUT UINTN *SignedDataSize + ) +{ + BOOLEAN Status; + EVP_PKEY *Key; + BIO *DataBio; + PKCS7 *Pkcs7; + UINT8 *RsaContext; + UINT8 *P7Data; + UINTN P7DataSize; + UINT8 *Tmp; + + // + // Check input parameters. + // + if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL || + SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) { + return FALSE; + } + + RsaContext = NULL; + Key = NULL; + Pkcs7 = NULL; + DataBio = NULL; + Status = FALSE; + + // + // Retrieve RSA private key from PEM data. + // + Status = RsaGetPrivateKeyFromPem ( + PrivateKey, + PrivateKeySize, + (CONST CHAR8 *) KeyPassword, + (VOID **) &RsaContext + ); + if (!Status) { + return Status; + } + + Status = FALSE; + + // + // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling + // + if (EVP_add_digest (EVP_md5 ()) == 0) { + goto _Exit; + } + if (EVP_add_digest (EVP_sha1 ()) == 0) { + goto _Exit; + } + if (EVP_add_digest (EVP_sha256 ()) == 0) { + goto _Exit; + } + + RandomSeed (NULL, 0); + + // + // Construct OpenSSL EVP_PKEY for private key. + // + Key = EVP_PKEY_new (); + if (Key == NULL) { + goto _Exit; + } + Key->save_type = EVP_PKEY_RSA; + Key->type = EVP_PKEY_type (EVP_PKEY_RSA); + Key->pkey.rsa = (RSA *) RsaContext; + + // + // Convert the data to be signed to BIO format. + // + DataBio = BIO_new (BIO_s_mem ()); + if (DataBio == NULL) { + goto _Exit; + } + + if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) { + goto _Exit; + } + + // + // Create the PKCS#7 signedData structure. + // + Pkcs7 = PKCS7_sign ( + (X509 *) SignCert, + Key, + (STACK_OF(X509) *) OtherCerts, + DataBio, + PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED + ); + if (Pkcs7 == NULL) { + goto _Exit; + } + + // + // Convert PKCS#7 signedData structure into DER-encoded buffer. + // + P7DataSize = i2d_PKCS7 (Pkcs7, NULL); + if (P7DataSize <= 19) { + goto _Exit; + } + + P7Data = malloc (P7DataSize); + if (P7Data == NULL) { + goto _Exit; + } + + Tmp = P7Data; + P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp); + ASSERT (P7DataSize > 19); + + // + // Strip ContentInfo to content only for signeddata. The data be trimmed off + // is totally 19 bytes. + // + *SignedDataSize = P7DataSize - 19; + *SignedData = malloc (*SignedDataSize); + if (*SignedData == NULL) { + OPENSSL_free (P7Data); + goto _Exit; + } + + CopyMem (*SignedData, P7Data + 19, *SignedDataSize); + + OPENSSL_free (P7Data); + + Status = TRUE; + +_Exit: + // + // Release Resources + // + if (RsaContext != NULL) { + RsaFree (RsaContext); + if (Key != NULL) { + Key->pkey.rsa = NULL; + } + } + + if (Key != NULL) { + EVP_PKEY_free (Key); + } + + if (DataBio != NULL) { + BIO_free (DataBio); + } + + if (Pkcs7 != NULL) { + PKCS7_free (Pkcs7); + } + + return Status; +} diff --git a/Cryptlib/Pk/CryptPkcs7SignNull.c b/Cryptlib/Pk/CryptPkcs7SignNull.c new file mode 100644 index 0000000..539bb6b --- /dev/null +++ b/Cryptlib/Pk/CryptPkcs7SignNull.c @@ -0,0 +1,59 @@ +/** @file + PKCS#7 SignedData Sign Wrapper Implementation which does not provide real + capabilities. + +Copyright (c) 2012, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" + +/** + Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message + Syntax Standard, version 1.5". This interface is only intended to be used for + application to perform PKCS#7 functionality validation. + + Return FALSE to indicate this interface is not supported. + + @param[in] PrivateKey Pointer to the PEM-formatted private key data for + data signing. + @param[in] PrivateKeySize Size of the PEM private key data in bytes. + @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM + key data. + @param[in] InData Pointer to the content to be signed. + @param[in] InDataSize Size of InData in bytes. + @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. + @param[in] OtherCerts Pointer to an optional additional set of certificates to + include in the PKCS#7 signedData (e.g. any intermediate + CAs in the chain). + @param[out] SignedData Pointer to output PKCS#7 signedData. + @param[out] SignedDataSize Size of SignedData in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Pkcs7Sign ( + IN CONST UINT8 *PrivateKey, + IN UINTN PrivateKeySize, + IN CONST UINT8 *KeyPassword, + IN UINT8 *InData, + IN UINTN InDataSize, + IN UINT8 *SignCert, + IN UINT8 *OtherCerts OPTIONAL, + OUT UINT8 **SignedData, + OUT UINTN *SignedDataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + diff --git a/Cryptlib/Pk/CryptPkcs7.c b/Cryptlib/Pk/CryptPkcs7Verify.c similarity index 74% rename from Cryptlib/Pk/CryptPkcs7.c rename to Cryptlib/Pk/CryptPkcs7Verify.c index 218e7ac..05c3f87 100644 --- a/Cryptlib/Pk/CryptPkcs7.c +++ b/Cryptlib/Pk/CryptPkcs7Verify.c @@ -10,7 +10,7 @@ WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated Variable and will do basic check for data structure. -Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -25,6 +25,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include +#include #include UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 }; @@ -110,182 +111,6 @@ X509VerifyCb ( return Status; } -/** - Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message - Syntax Standard, version 1.5". This interface is only intended to be used for - application to perform PKCS#7 functionality validation. - - @param[in] PrivateKey Pointer to the PEM-formatted private key data for - data signing. - @param[in] PrivateKeySize Size of the PEM private key data in bytes. - @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM - key data. - @param[in] InData Pointer to the content to be signed. - @param[in] InDataSize Size of InData in bytes. - @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. - @param[in] OtherCerts Pointer to an optional additional set of certificates to - include in the PKCS#7 signedData (e.g. any intermediate - CAs in the chain). - @param[out] SignedData Pointer to output PKCS#7 signedData. - @param[out] SignedDataSize Size of SignedData in bytes. - - @retval TRUE PKCS#7 data signing succeeded. - @retval FALSE PKCS#7 data signing failed. - -**/ -BOOLEAN -EFIAPI -Pkcs7Sign ( - IN CONST UINT8 *PrivateKey, - IN UINTN PrivateKeySize, - IN CONST UINT8 *KeyPassword, - IN UINT8 *InData, - IN UINTN InDataSize, - IN UINT8 *SignCert, - IN UINT8 *OtherCerts OPTIONAL, - OUT UINT8 **SignedData, - OUT UINTN *SignedDataSize - ) -{ - BOOLEAN Status; - EVP_PKEY *Key; - BIO *DataBio; - PKCS7 *Pkcs7; - UINT8 *RsaContext; - UINT8 *P7Data; - UINTN P7DataSize; - UINT8 *Tmp; - - // - // Check input parameters. - // - if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL || - SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) { - return FALSE; - } - - RsaContext = NULL; - Key = NULL; - Pkcs7 = NULL; - DataBio = NULL; - Status = FALSE; - - // - // Retrieve RSA private key from PEM data. - // - Status = RsaGetPrivateKeyFromPem ( - PrivateKey, - PrivateKeySize, - (CONST CHAR8 *) KeyPassword, - (VOID **) &RsaContext - ); - if (!Status) { - return Status; - } - - // - // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling - // - EVP_add_digest (EVP_md5()); - EVP_add_digest (EVP_sha1()); - EVP_add_digest (EVP_sha256()); - RandomSeed (NULL, 0); - - // - // Construct OpenSSL EVP_PKEY for private key. - // - Key = EVP_PKEY_new (); - if (Key == NULL) { - Status = FALSE; - goto _Exit; - } - Key->save_type = EVP_PKEY_RSA; - Key->type = EVP_PKEY_type (EVP_PKEY_RSA); - Key->pkey.rsa = (RSA *) RsaContext; - - // - // Convert the data to be signed to BIO format. - // - DataBio = BIO_new (BIO_s_mem ()); - BIO_write (DataBio, InData, (int) InDataSize); - - // - // Create the PKCS#7 signedData structure. - // - Pkcs7 = PKCS7_sign ( - (X509 *) SignCert, - Key, - (STACK_OF(X509) *) OtherCerts, - DataBio, - PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED - ); - if (Pkcs7 == NULL) { - Status = FALSE; - goto _Exit; - } - - // - // Convert PKCS#7 signedData structure into DER-encoded buffer. - // - P7DataSize = i2d_PKCS7 (Pkcs7, NULL); - if (P7DataSize <= 19) { - Status = FALSE; - goto _Exit; - } - - P7Data = malloc (P7DataSize); - if (P7Data == NULL) { - Status = FALSE; - goto _Exit; - } - - Tmp = P7Data; - P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp); - - // - // Strip ContentInfo to content only for signeddata. The data be trimmed off - // is totally 19 bytes. - // - *SignedDataSize = P7DataSize - 19; - *SignedData = malloc (*SignedDataSize); - if (*SignedData == NULL) { - Status = FALSE; - OPENSSL_free (P7Data); - goto _Exit; - } - - CopyMem (*SignedData, P7Data + 19, *SignedDataSize); - - OPENSSL_free (P7Data); - - Status = TRUE; - -_Exit: - // - // Release Resources - // - if (RsaContext != NULL) { - RsaFree (RsaContext); - if (Key != NULL) { - Key->pkey.rsa = NULL; - } - } - - if (Key != NULL) { - EVP_PKEY_free (Key); - } - - if (DataBio != NULL) { - BIO_free (DataBio); - } - - if (Pkcs7 != NULL) { - PKCS7_free (Pkcs7); - } - - return Status; -} - /** Check input P7Data is a wrapped ContentInfo structure or not. If not construct a new structure to wrap P7Data. @@ -394,6 +219,91 @@ WrapPkcs7Data ( return TRUE; } +/** + Pop single certificate from STACK_OF(X509). + + If X509Stack, Cert, or CertSize is NULL, then return FALSE. + + @param[in] X509Stack Pointer to a X509 stack object. + @param[out] Cert Pointer to a X509 certificate. + @param[out] CertSize Length of output X509 certificate in bytes. + + @retval TRUE The X509 stack pop succeeded. + @retval FALSE The pop operation failed. + +**/ +BOOLEAN +X509PopCertificate ( + IN VOID *X509Stack, + OUT UINT8 **Cert, + OUT UINTN *CertSize + ) +{ + BIO *CertBio; + X509 *X509Cert; + STACK_OF(X509) *CertStack; + BOOLEAN Status; + INT32 Result; + INT32 Length; + VOID *Buffer; + + Status = FALSE; + + if ((X509Stack == NULL) || (Cert == NULL) || (CertSize == NULL)) { + return Status; + } + + CertStack = (STACK_OF(X509) *) X509Stack; + + X509Cert = sk_X509_pop (CertStack); + + if (X509Cert == NULL) { + return Status; + } + + Buffer = NULL; + + CertBio = BIO_new (BIO_s_mem ()); + if (CertBio == NULL) { + return Status; + } + + Result = i2d_X509_bio (CertBio, X509Cert); + if (Result == 0) { + goto _Exit; + } + + Length = ((BUF_MEM *) CertBio->ptr)->length; + if (Length <= 0) { + goto _Exit; + } + + Buffer = malloc (Length); + if (Buffer == NULL) { + goto _Exit; + } + + Result = BIO_read (CertBio, Buffer, Length); + if (Result != Length) { + goto _Exit; + } + + *Cert = Buffer; + *CertSize = Length; + + Status = TRUE; + +_Exit: + + BIO_free (CertBio); + + if (!Status && (Buffer != NULL)) { + free (Buffer); + } + + return Status; +} + /** Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: Cryptographic Message Syntax Standard". The input signed data could be wrapped @@ -634,7 +544,6 @@ Pkcs7Verify ( ) { PKCS7 *Pkcs7; - BIO *CertBio; BIO *DataBio; BOOLEAN Status; X509 *Cert; @@ -653,7 +562,6 @@ Pkcs7Verify ( } Pkcs7 = NULL; - CertBio = NULL; DataBio = NULL; Cert = NULL; CertStore = NULL; @@ -661,10 +569,19 @@ Pkcs7Verify ( // // Register & Initialize necessary digest algorithms for PKCS#7 Handling // - EVP_add_digest (EVP_md5()); - EVP_add_digest (EVP_sha1()); - EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA); - EVP_add_digest (EVP_sha256()); + if (EVP_add_digest (EVP_md5 ()) == 0) { + return FALSE; + } + if (EVP_add_digest (EVP_sha1 ()) == 0) { + return FALSE; + } + if (EVP_add_digest (EVP_sha256 ()) == 0) { + return FALSE; + } + if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) { + return FALSE; + } + Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize); if (!Status) { @@ -696,12 +613,7 @@ Pkcs7Verify ( // // Read DER-encoded root certificate and Construct X509 Certificate // - CertBio = BIO_new (BIO_s_mem ()); - BIO_write (CertBio, TrustedCert, (int)CertLength); - if (CertBio == NULL) { - goto _Exit; - } - Cert = d2i_X509_bio (CertBio, NULL); + Cert = d2i_X509 (NULL, &TrustedCert, (long) CertLength); if (Cert == NULL) { goto _Exit; } @@ -728,7 +640,20 @@ Pkcs7Verify ( // in PKCS#7 structure. So ignore NULL checking here. // DataBio = BIO_new (BIO_s_mem ()); - BIO_write (DataBio, InData, (int)DataLength); + if (DataBio == NULL) { + goto _Exit; + } + + if (BIO_write (DataBio, InData, (int) DataLength) <= 0) { + goto _Exit; + } + + // + // OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and + // doesn't support the extended key usage for Authenticode Code Signing. + // Bypass the certificate purpose checking by enabling any purposes setting. + // + X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY); // // Verifies the PKCS#7 signedData structure @@ -740,7 +665,6 @@ _Exit: // Release Resources // BIO_free (DataBio); - BIO_free (CertBio); X509_free (Cert); X509_STORE_free (CertStore); PKCS7_free (Pkcs7); diff --git a/Cryptlib/Pk/CryptPkcs7VerifyNull.c b/Cryptlib/Pk/CryptPkcs7VerifyNull.c new file mode 100644 index 0000000..9a4c77a --- /dev/null +++ b/Cryptlib/Pk/CryptPkcs7VerifyNull.c @@ -0,0 +1,100 @@ +/** @file + PKCS#7 SignedData Verification Wrapper Implementation which does not provide + real capabilities. + +Copyright (c) 2012, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" + +/** + Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: + Cryptographic Message Syntax Standard". The input signed data could be wrapped + in a ContentInfo structure. + + Return FALSE to indicate this interface is not supported. + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. + It's caller's responsiblity to free the buffer. + @param[out] StackLength Length of signer's certificates in bytes. + @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. + It's caller's responsiblity to free the buffer. + @param[out] CertLength Length of the trusted certificate in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Pkcs7GetSigners ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT UINT8 **CertStack, + OUT UINTN *StackLength, + OUT UINT8 **TrustedCert, + OUT UINTN *CertLength + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Wrap function to use free() to free allocated memory for certificates. + + If the interface is not supported, then ASSERT(). + + @param[in] Certs Pointer to the certificates to be freed. + +**/ +VOID +EFIAPI +Pkcs7FreeSigners ( + IN UINT8 *Certs + ) +{ + ASSERT (FALSE); +} + +/** + Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: + Cryptographic Message Syntax Standard". The input signed data could be wrapped + in a ContentInfo structure. + + Return FALSE to indicate this interface is not supported. + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which + is used for certificate chain verification. + @param[in] CertLength Length of the trusted certificate in bytes. + @param[in] InData Pointer to the content to be verified. + @param[in] DataLength Length of InData in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Pkcs7Verify ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + IN CONST UINT8 *TrustedCert, + IN UINTN CertLength, + IN CONST UINT8 *InData, + IN UINTN DataLength + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/Cryptlib/Pk/CryptRsaExtNull.c b/Cryptlib/Pk/CryptRsaExtNull.c new file mode 100644 index 0000000..e44cdde --- /dev/null +++ b/Cryptlib/Pk/CryptRsaExtNull.c @@ -0,0 +1,125 @@ +/** @file + RSA Asymmetric Cipher Wrapper Implementation over OpenSSL. + + This file does not provide real capabilities for following APIs in RSA handling: + 1) RsaGetKey + 2) RsaGenerateKey + 3) RsaCheckKey + 4) RsaPkcs1Sign + +Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" + +/** + Gets the tag-designated RSA key component from the established RSA context. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] KeyTag Tag of RSA key component being set. + @param[out] BigNumber Pointer to octet integer buffer. + @param[in, out] BnSize On input, the size of big number buffer in bytes. + On output, the size of data returned in big number buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RsaGetKey ( + IN OUT VOID *RsaContext, + IN RSA_KEY_TAG KeyTag, + OUT UINT8 *BigNumber, + IN OUT UINTN *BnSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Generates RSA key components. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] ModulusLength Length of RSA modulus N in bits. + @param[in] PublicExponent Pointer to RSA public exponent. + @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RsaGenerateKey ( + IN OUT VOID *RsaContext, + IN UINTN ModulusLength, + IN CONST UINT8 *PublicExponent, + IN UINTN PublicExponentSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Validates key components of RSA context. + + Return FALSE to indicate this interface is not supported. + + @param[in] RsaContext Pointer to RSA context to check. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RsaCheckKey ( + IN VOID *RsaContext + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme. + + Return FALSE to indicate this interface is not supported. + + @param[in] RsaContext Pointer to RSA context for signature generation. + @param[in] MessageHash Pointer to octet message hash to be signed. + @param[in] HashSize Size of the message hash in bytes. + @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature. + @param[in, out] SigSize On input, the size of Signature buffer in bytes. + On output, the size of data returned in Signature buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RsaPkcs1Sign ( + IN VOID *RsaContext, + IN CONST UINT8 *MessageHash, + IN UINTN HashSize, + OUT UINT8 *Signature, + IN OUT UINTN *SigSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + + diff --git a/Cryptlib/Rand/CryptRand.c b/Cryptlib/Rand/CryptRand.c index dc3ab99..895ce83 100644 --- a/Cryptlib/Rand/CryptRand.c +++ b/Cryptlib/Rand/CryptRand.c @@ -1,7 +1,7 @@ /** @file Pseudorandom Number Generator Wrapper Implementation over OpenSSL. -Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "InternalCryptLib.h" #include +#include // // Default seed for UEFI Crypto Library @@ -47,6 +48,14 @@ RandomSeed ( return FALSE; } + // + // The software PRNG implementation built in OpenSSL depends on message digest algorithm. + // Make sure SHA-1 digest algorithm is available here. + // + if (EVP_add_digest (EVP_sha1 ()) == 0) { + return FALSE; + } + // // Seed the pseudorandom number generator with user-supplied value. // NOTE: A cryptographic PRNG must be seeded with unpredictable data. diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh index 96bbece..57b6631 100755 --- a/Cryptlib/update.sh +++ b/Cryptlib/update.sh @@ -13,8 +13,13 @@ cp $DIR/Cipher/CryptAes.c Cipher/CryptAes.c cp $DIR/Cipher/CryptTdes.c Cipher/CryptTdes.c cp $DIR/Cipher/CryptArc4.c Cipher/CryptArc4.c cp $DIR/Rand/CryptRand.c Rand/CryptRand.c -cp $DIR/Pk/CryptRsa.c Pk/CryptRsa.c -cp $DIR/Pk/CryptPkcs7.c Pk/CryptPkcs7.c +cp $DIR/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c +cp $DIR/Pk/CryptRsaExt.c Pk/CryptRsaExt.c +cp $DIR/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c +cp $DIR/Pk/CryptPkcs7Sign.c Pk/CryptPkcs7Sign.c +cp $DIR/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c +cp $DIR/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c +cp $DIR/Pk/CryptPkcs7VerifyNull.c Pk/CryptPkcs7VerifyNull.c cp $DIR/Pk/CryptDh.c Pk/CryptDh.c cp $DIR/Pk/CryptX509.c Pk/CryptX509.c cp $DIR/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c From 2220be4e6aa959175230bdf71820c11c150d8b2e Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 21 Jul 2014 16:15:07 -0400 Subject: [PATCH 44/75] Replace build instructions in README with something not completely wrong. These were really, really out of date. --- README | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README b/README index 2977f2a..24a39df 100644 --- a/README +++ b/README @@ -12,5 +12,5 @@ in the shim.h header file and provides a single entry point. On 64-bit systems this entry point expects to be called with SysV ABI rather than MSABI, and so calls to it should not be wrapped. -To use shim, simply place a hex dump of the public certificate in cert.h -and build it with make. \ No newline at end of file +To use shim, simply place a DER-encoded public certificate in a file such as +pub.cer and build with "make VENDOR_CERT_FILE=pub.cer". From 4dabdb22b4d72ac21e9817c3d60711dc03f58059 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Tue, 12 Aug 2014 10:54:05 -0400 Subject: [PATCH 45/75] CryptLib: undefine va_arg and friends before redefining them Upstream GNU-EFI contains changes to efistdarg.h resulting in the va_start, va_arg and va_end macros to be #defined unconditionally. Make sure we #undef them before overriding the definitions. Signed-off-by: Ard Biesheuvel --- Cryptlib/Include/OpenSslSupport.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index 5a2745d..9e56ced 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -35,6 +35,14 @@ typedef VOID *FILE; // Map all va_xxxx elements to VA_xxx defined in MdePkg/Include/Base.h // #if !defined(__CC_ARM) // if va_list is not already defined +/* + * These are now unconditionally #defined by GNU_EFI's efistdarg.h, + * so we should #undef them here before providing a new definition. + */ +#undef va_arg +#undef va_start +#undef va_end + #define va_list VA_LIST #define va_arg VA_ARG #define va_start VA_START From 277127d1b34778076c07556b11c6cbf917bf6252 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Tue, 12 Aug 2014 10:54:05 -0400 Subject: [PATCH 46/75] unhook_system_services: bail on systab == NULL Prevent unhook_system_services() from dereferencing a NULL systab, which may occur if hook_system_services() has never been called. Signed-off-by: Ard Biesheuvel --- replacements.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/replacements.c b/replacements.c index 48dc437..5dfa355 100644 --- a/replacements.c +++ b/replacements.c @@ -70,6 +70,9 @@ static EFI_HANDLE last_loaded_image; void unhook_system_services(void) { + if (!systab) + return; + systab->BootServices->Exit = system_exit; systab->BootServices->LoadImage = system_load_image; systab->BootServices->StartImage = system_start_image; From f7a182154e19e99e1eb88f5fe8111a37e68cda8e Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Tue, 12 Aug 2014 10:54:05 -0400 Subject: [PATCH 47/75] Factor out x86-isms and add cross compile support This patch cleans up and refactors the Makefiles to better allow new architectures to be added: - remove unused Makefile definitions - import Makefile definitions from top level rather than redefining - move x86 specific CFLAGS to inside ifeq() blocks - remove x86 inline asm - allow $(FORMAT) to be overridden: this is necessary as there exists no EFI or PE/COFF aware objcopy for ARM Signed-off-by: Ard Biesheuvel --- Cryptlib/Makefile | 16 ++++++-------- Cryptlib/OpenSSL/Makefile | 15 ++++++------- Makefile | 45 +++++++++++++++++++++++---------------- lib/Makefile | 14 ++++-------- netboot.c | 10 +-------- 5 files changed, 44 insertions(+), 56 deletions(-) diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 678baac..73a1e2b 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -1,19 +1,15 @@ -ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) -EFI_INCLUDE = /usr/include/efi -EFI_INCLUDES = -nostdinc -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -EFI_PATH = /usr/lib64/gnuefi - -LIB_GCC = $(shell $(CC) -print-libgcc-file-name) -EFI_LIBS = -lefi -lgnuefi $(LIB_GCC) +EFI_INCLUDES = -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar \ - -Wall $(EFI_INCLUDES) -mno-red-zone -maccumulate-outgoing-args -mno-sse -mno-mmx + -Wall $(EFI_INCLUDES) + ifeq ($(ARCH),x86_64) - CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI + CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \ + -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI endif ifeq ($(ARCH),ia32) - CFLAGS += -m32 + CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 endif LDFLAGS = -nostdlib -znocombreloc diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 8e2f2a6..9097580 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -1,19 +1,16 @@ -ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) -EFI_INCLUDE = /usr/include/efi EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -EFI_PATH = /usr/lib64/gnuefi -LIB_GCC = $(shell $(CC) -print-libgcc-file-name) -EFI_LIBS = -lefi -lgnuefi $(LIB_GCC) - -CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ +CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \ -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC + ifeq ($(ARCH),x86_64) - CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG + CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ + -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DSIXTY_FOUR_BIT_LONG endif ifeq ($(ARCH),ia32) - CFLAGS += -m32 -DTHIRTY_TWO_BIT + CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ + -m32 -DTHIRTY_TWO_BIT endif LDFLAGS = -nostdlib -znocombreloc diff --git a/Makefile b/Makefile index df190a2..f65bb3b 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,14 @@ -ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) +CC = $(CROSS_COMPILE)gcc +LD = $(CROSS_COMPILE)ld +OBJCOPY = $(CROSS_COMPILE)objcopy + +ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) SUBDIRS = Cryptlib lib LIB_PATH = /usr/lib64 -EFI_INCLUDE = /usr/include/efi +EFI_INCLUDE := /usr/include/efi EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude EFI_PATH := /usr/lib64/gnuefi @@ -16,9 +20,7 @@ EFI_LDS = elf_$(ARCH)_efi.lds DEFAULT_LOADER := \\\\grub.efi CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ - -fshort-wchar -Wall -Wsign-compare -Werror \ - -mno-red-zone -maccumulate-outgoing-args \ - -mno-mmx -mno-sse -fno-builtin \ + -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ $(EFI_INCLUDES) @@ -26,12 +28,15 @@ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined) CFLAGS += -DOVERRIDE_SECURITY_POLICY endif + ifeq ($(ARCH),x86_64) - CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI + CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \ + -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI endif ifeq ($(ARCH),ia32) - CFLAGS += -m32 + CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 endif + ifneq ($(origin VENDOR_CERT_FILE), undefined) CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" endif @@ -95,26 +100,28 @@ MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a Cryptlib/libcryptlib.a: - $(MAKE) -C Cryptlib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) + $(MAKE) -C Cryptlib Cryptlib/OpenSSL/libopenssl.a: - $(MAKE) -C Cryptlib/OpenSSL EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) + $(MAKE) -C Cryptlib/OpenSSL lib/lib.a: - $(MAKE) -C lib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) + $(MAKE) -C lib + +FORMAT ?= --target efi-app-$(ARCH) %.efi: %.so - objcopy -j .text -j .sdata -j .data \ - -j .dynamic -j .dynsym -j .rel \ - -j .rela -j .reloc -j .eh_frame \ + $(OBJCOPY) -j .text -j .sdata -j .data \ + -j .dynamic -j .dynsym -j .rel* \ + -j .rela* -j .reloc -j .eh_frame \ -j .vendor_cert \ - --target=efi-app-$(ARCH) $^ $@ - objcopy -j .text -j .sdata -j .data \ - -j .dynamic -j .dynsym -j .rel \ - -j .rela -j .reloc -j .eh_frame \ + $(FORMAT) $^ $@ + $(OBJCOPY) -j .text -j .sdata -j .data \ + -j .dynamic -j .dynsym -j .rel* \ + -j .rela* -j .reloc -j .eh_frame \ -j .debug_info -j .debug_abbrev -j .debug_aranges \ -j .debug_line -j .debug_str -j .debug_ranges \ - --target=efi-app-$(ARCH) $^ $@.debug + $(FORMAT) $^ $@.debug %.efi.signed: %.efi certdb/secmod.db pesign -n certdb -i $< -c "shim" -s -o $@ -f @@ -151,3 +158,5 @@ archive: tag @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) @rm -rf /tmp/shim-$(VERSION) @echo "The archive is in shim-$(VERSION).tar.bz2" + +export ARCH CC LD OBJCOPY EFI_INCLUDE diff --git a/lib/Makefile b/lib/Makefile index a9c9cf6..ebd21a1 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -2,23 +2,17 @@ TARGET = lib.a LIBFILES = simple_file.o guid.o console.o execute.o configtable.o shell.o variables.o security_policy.o -ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) - -EFI_INCLUDE = /usr/include/efi EFI_INCLUDES = -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I../include -EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o -EFI_LDS = $(EFI_PATH)/elf_$(ARCH)_efi.lds - CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ - -fshort-wchar -Wall -mno-red-zone -DBUILD_EFI -fno-builtin \ - -Werror \ + -fshort-wchar -Wall -DBUILD_EFI -fno-builtin -Werror \ $(EFI_INCLUDES) + ifeq ($(ARCH),x86_64) - CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI + CFLAGS += -mno-red-zone -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI endif ifeq ($(ARCH),ia32) - CFLAGS += -m32 + CFLAGS += -mno-red-zone -m32 endif lib.a: $(LIBFILES) diff --git a/netboot.c b/netboot.c index 5ef53f7..238937d 100644 --- a/netboot.c +++ b/netboot.c @@ -40,15 +40,7 @@ #include "netboot.h" #include "str.h" -static inline unsigned short int __swap16(unsigned short int x) -{ - __asm__("xchgb %b0,%h0" - : "=q" (x) - : "0" (x)); - return x; -} - -#define ntohs(x) __swap16(x) +#define ntohs(x) __builtin_bswap16(x) /* supported both by GCC and clang */ #define htons(x) ntohs(x) static EFI_PXE_BASE_CODE *pxe; From 9196c7cfbc974dcfdc4f3bde09bf56f1a92723e9 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Tue, 12 Aug 2014 10:54:05 -0400 Subject: [PATCH 48/75] Add support for 64-bit ARM (AArch64) This adds support for building the shim for a 64-bit ARM UEFI environment. Signed-off-by: Ard Biesheuvel --- Cryptlib/OpenSSL/Makefile | 3 ++ Makefile | 10 ++++++ elf_aarch64_efi.lds | 65 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 elf_aarch64_efi.lds diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 9097580..17b5695 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -12,6 +12,9 @@ ifeq ($(ARCH),ia32) CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ -m32 -DTHIRTY_TWO_BIT endif +ifeq ($(ARCH),aarch64) + CFLAGS += -O2 -DSIXTY_FOUR_BIT_LONG -ffreestanding -I$(shell $(CC) -print-file-name=include) +endif LDFLAGS = -nostdlib -znocombreloc TARGET = libopenssl.a diff --git a/Makefile b/Makefile index f65bb3b..3529b45 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,10 @@ ifeq ($(ARCH),ia32) CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 endif +ifeq ($(ARCH),aarch64) + CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include) +endif + ifneq ($(origin VENDOR_CERT_FILE), undefined) CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" endif @@ -108,6 +112,12 @@ Cryptlib/OpenSSL/libopenssl.a: lib/lib.a: $(MAKE) -C lib +ifeq ($(ARCH),aarch64) +FORMAT := -O binary +SUBSYSTEM := 0xa +LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) +endif + FORMAT ?= --target efi-app-$(ARCH) %.efi: %.so diff --git a/elf_aarch64_efi.lds b/elf_aarch64_efi.lds new file mode 100644 index 0000000..9c9a055 --- /dev/null +++ b/elf_aarch64_efi.lds @@ -0,0 +1,65 @@ +OUTPUT_FORMAT("elf64-littleaarch64", "elf64-littleaarch64", "elf64-littleaarch64") +OUTPUT_ARCH(aarch64) +ENTRY(_start) +SECTIONS +{ + .text 0x0 : { + *(.text.head) + *(.text) + *(.text.*) + *(.gnu.linkonce.t.*) + *(.srodata) + *(.rodata*) + . = ALIGN(16); + _etext = .; + } + .dynamic : { *(.dynamic) } + .data : + { + *(.sdata) + *(.data) + *(.data1) + *(.data.*) + *(.got.plt) + *(.got) + + /* the EFI loader doesn't seem to like a .bss section, so we stick + it all into .data: */ + . = ALIGN(16); + _bss = .; + *(.sbss) + *(.scommon) + *(.dynbss) + *(.bss) + *(COMMON) + . = ALIGN(16); + _bss_end = .; + } + + . = ALIGN(4096); + .vendor_cert : + { + *(.vendor_cert) + } + . = ALIGN(4096); + + .rela.dyn : { *(.rela.dyn) } + .rela.plt : { *(.rela.plt) } + .rela.got : { *(.rela.got) } + .rela.data : { *(.rela.data) *(.rela.data*) } + _edata = .; + _data_size = . - _etext; + + . = ALIGN(4096); + .dynsym : { *(.dynsym) } + . = ALIGN(4096); + .dynstr : { *(.dynstr) } + . = ALIGN(4096); + /DISCARD/ : + { + *(.rel.reloc) + *(.eh_frame) + *(.note.GNU-stack) + } + .comment 0 : { *(.comment) } +} From 221faac51bc430c0bac3b26ff65b75ab6f24da58 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Tue, 12 Aug 2014 10:54:05 -0400 Subject: [PATCH 49/75] Add support for 32-bit ARM This adds support for building the shim for a 32-bit ARM UEFI environment. Signed-off-by: Ard Biesheuvel --- Cryptlib/OpenSSL/Makefile | 3 ++ Makefile | 10 ++++++ cert.S | 30 +++++++++--------- elf_arm_efi.lds | 65 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 92 insertions(+), 16 deletions(-) create mode 100644 elf_arm_efi.lds diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 17b5695..7990b3c 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -15,6 +15,9 @@ endif ifeq ($(ARCH),aarch64) CFLAGS += -O2 -DSIXTY_FOUR_BIT_LONG -ffreestanding -I$(shell $(CC) -print-file-name=include) endif +ifeq ($(ARCH),arm) + CFLAGS += -O2 -DTHIRTY_TWO_BIT -ffreestanding -I$(shell $(CC) -print-file-name=include) +endif LDFLAGS = -nostdlib -znocombreloc TARGET = libopenssl.a diff --git a/Makefile b/Makefile index 3529b45..5bc513c 100644 --- a/Makefile +++ b/Makefile @@ -41,6 +41,10 @@ ifeq ($(ARCH),aarch64) CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include) endif +ifeq ($(ARCH),arm) + CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include) +endif + ifneq ($(origin VENDOR_CERT_FILE), undefined) CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" endif @@ -118,6 +122,12 @@ SUBSYSTEM := 0xa LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) endif +ifeq ($(ARCH),arm) +FORMAT := -O binary +SUBSYSTEM := 0xa +LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) +endif + FORMAT ?= --target efi-app-$(ARCH) %.efi: %.so diff --git a/cert.S b/cert.S index 3cfd665..cfc4525 100644 --- a/cert.S +++ b/cert.S @@ -1,9 +1,7 @@ .globl cert_table - .data - .align 16 - .type cert_table, @object + .type cert_table, %object .size cert_table, 4 - .section .vendor_cert, "a", @progbits + .section .vendor_cert, "a", %progbits cert_table: #if defined(VENDOR_CERT_FILE) .long vendor_cert_priv_end - vendor_cert_priv @@ -20,48 +18,48 @@ cert_table: #if defined(VENDOR_CERT_FILE) .data .align 1 - .type vendor_cert_priv, @object + .type vendor_cert_priv, %object .size vendor_cert_priv, vendor_cert_priv_end-vendor_cert_priv - .section .vendor_cert, "a", @progbits + .section .vendor_cert, "a", %progbits vendor_cert_priv: .incbin VENDOR_CERT_FILE vendor_cert_priv_end: #else .bss - .type vendor_cert_priv, @object + .type vendor_cert_priv, %object .size vendor_cert_priv, 1 - .section .vendor_cert, "a", @progbits + .section .vendor_cert, "a", %progbits vendor_cert_priv: .zero 1 .data .align 4 - .type vendor_cert_size_priv, @object + .type vendor_cert_size_priv, %object .size vendor_cert_size_priv, 4 - .section .vendor_cert, "a", @progbits + .section .vendor_cert, "a", %progbits vendor_cert_priv_end: #endif #if defined(VENDOR_DBX_FILE) .data .align 1 - .type vendor_dbx_priv, @object + .type vendor_dbx_priv, %object .size vendor_dbx_priv, vendor_dbx_priv_end-vendor_dbx_priv - .section .vendor_cert, "a", @progbits + .section .vendor_cert, "a", %progbits vendor_dbx_priv: .incbin VENDOR_DBX_FILE vendor_dbx_priv_end: #else .bss - .type vendor_dbx_priv, @object + .type vendor_dbx_priv, %object .size vendor_dbx_priv, 1 - .section .vendor_cert, "a", @progbits + .section .vendor_cert, "a", %progbits vendor_dbx_priv: .zero 1 .data .align 4 - .type vendor_dbx_size_priv, @object + .type vendor_dbx_size_priv, %object .size vendor_dbx_size_priv, 4 - .section .vendor_cert, "a", @progbits + .section .vendor_cert, "a", %progbits vendor_dbx_priv_end: #endif diff --git a/elf_arm_efi.lds b/elf_arm_efi.lds new file mode 100644 index 0000000..fd1075d --- /dev/null +++ b/elf_arm_efi.lds @@ -0,0 +1,65 @@ +OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm") +OUTPUT_ARCH(arm) +ENTRY(_start) +SECTIONS +{ + .text 0x0 : { + *(.text.head) + *(.text) + *(.text.*) + *(.gnu.linkonce.t.*) + *(.srodata) + *(.rodata*) + . = ALIGN(16); + _etext = .; + } + .dynamic : { *(.dynamic) } + .data : + { + *(.sdata) + *(.data) + *(.data1) + *(.data) + *(.got.plt) + *(.got) + + /* the EFI loader doesn't seem to like a .bss section, so we stick + it all into .data: */ + . = ALIGN(16); + _bss = .; + *(.sbss) + *(.scommon) + *(.dynbss) + *(.bss) + *(COMMON) + . = ALIGN(16); + _bss_end = .; + } + + . = ALIGN(4096); + .vendor_cert : + { + *(.vendor_cert) + } + . = ALIGN(4096); + + .rel.dyn : { *(.rel.dyn) } + .rel.plt : { *(.rel.plt) } + .rel.got : { *(.rel.got) } + .rel.data : { *(.rel.data) *(.rel.data*) } + _edata = .; + _data_size = . - _etext; + + . = ALIGN(4096); + .dynsym : { *(.dynsym) } + . = ALIGN(4096); + .dynstr : { *(.dynstr) } + . = ALIGN(4096); + /DISCARD/ : + { + *(.rel.reloc) + *(.eh_frame) + *(.note.GNU-stack) + } + .comment 0 : { *(.comment) } +} From 5cbe75a3facfe8256454595ca3abbff7ad6076b0 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 19 Aug 2014 14:20:23 -0400 Subject: [PATCH 50/75] Update openssl to 0.9.8zb Also update to Tiano Cryptlib r15802 and remove the execute mode bits from the C and header files of openssl --- Cryptlib/OpenSSL/crypto/aes/aes_cbc.c | 0 Cryptlib/OpenSSL/crypto/aes/aes_cfb.c | 0 Cryptlib/OpenSSL/crypto/aes/aes_core.c | 0 Cryptlib/OpenSSL/crypto/aes/aes_ctr.c | 0 Cryptlib/OpenSSL/crypto/aes/aes_ecb.c | 0 Cryptlib/OpenSSL/crypto/aes/aes_ige.c | 0 Cryptlib/OpenSSL/crypto/aes/aes_misc.c | 0 Cryptlib/OpenSSL/crypto/aes/aes_ofb.c | 0 Cryptlib/OpenSSL/crypto/aes/aes_wrap.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_bool.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_bytes.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_digest.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_dup.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_enum.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_gentm.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_hdr.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_int.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_meth.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_object.c | 30 +- Cryptlib/OpenSSL/crypto/asn1/a_octet.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_print.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_set.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_sign.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_time.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_type.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_utctm.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_utf8.c | 0 Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 0 Cryptlib/OpenSSL/crypto/asn1/asn1_err.c | 0 Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c | 0 Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c | 3 + Cryptlib/OpenSSL/crypto/asn1/asn1_par.c | 0 Cryptlib/OpenSSL/crypto/asn1/asn_mime.c | 2 + Cryptlib/OpenSSL/crypto/asn1/asn_moid.c | 0 Cryptlib/OpenSSL/crypto/asn1/asn_pack.c | 12 +- Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c | 0 Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c | 0 Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c | 6 +- Cryptlib/OpenSSL/crypto/asn1/f_enum.c | 0 Cryptlib/OpenSSL/crypto/asn1/f_int.c | 0 Cryptlib/OpenSSL/crypto/asn1/f_string.c | 0 Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c | 0 Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c | 0 Cryptlib/OpenSSL/crypto/asn1/n_pkey.c | 0 Cryptlib/OpenSSL/crypto/asn1/nsseq.c | 0 Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c | 0 Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c | 0 Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c | 0 Cryptlib/OpenSSL/crypto/asn1/t_bitst.c | 0 Cryptlib/OpenSSL/crypto/asn1/t_crl.c | 0 Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 0 Cryptlib/OpenSSL/crypto/asn1/t_req.c | 0 Cryptlib/OpenSSL/crypto/asn1/t_spki.c | 0 Cryptlib/OpenSSL/crypto/asn1/t_x509.c | 2 + Cryptlib/OpenSSL/crypto/asn1/t_x509a.c | 0 Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c | 0 Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c | 9 +- Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c | 0 Cryptlib/OpenSSL/crypto/asn1/tasn_new.c | 0 Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c | 0 Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_algor.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_attrib.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_bignum.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_crl.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_exten.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_info.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_long.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_name.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_pkey.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_req.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_sig.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_spki.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_val.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_x509.c | 0 Cryptlib/OpenSSL/crypto/asn1/x_x509a.c | 0 Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c | 0 Cryptlib/OpenSSL/crypto/bf/bf_ecb.c | 0 Cryptlib/OpenSSL/crypto/bf/bf_enc.c | 0 Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c | 0 Cryptlib/OpenSSL/crypto/bf/bf_skey.c | 0 Cryptlib/OpenSSL/crypto/bio/b_dump.c | 0 Cryptlib/OpenSSL/crypto/bio/bf_buff.c | 0 Cryptlib/OpenSSL/crypto/bio/bf_nbio.c | 0 Cryptlib/OpenSSL/crypto/bio/bf_null.c | 0 Cryptlib/OpenSSL/crypto/bio/bio_cb.c | 0 Cryptlib/OpenSSL/crypto/bio/bio_err.c | 0 Cryptlib/OpenSSL/crypto/bio/bio_lib.c | 4 +- Cryptlib/OpenSSL/crypto/bio/bss_bio.c | 0 Cryptlib/OpenSSL/crypto/bio/bss_dgram.c | 0 Cryptlib/OpenSSL/crypto/bio/bss_fd.c | 0 Cryptlib/OpenSSL/crypto/bio/bss_file.c | 0 Cryptlib/OpenSSL/crypto/bio/bss_log.c | 0 Cryptlib/OpenSSL/crypto/bio/bss_mem.c | 0 Cryptlib/OpenSSL/crypto/bio/bss_null.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_add.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_asm.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_blind.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_const.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_ctx.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_depr.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_div.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_err.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_exp.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_exp2.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_gcd.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c | 51 + Cryptlib/OpenSSL/crypto/bn/bn_kron.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 61 +- Cryptlib/OpenSSL/crypto/bn/bn_mod.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_mpi.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_mul.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_nist.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_opt.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_prime.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_print.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_rand.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_recp.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_shift.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_sqr.c | 1 + Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_word.c | 0 Cryptlib/OpenSSL/crypto/bn/bn_x931p.c | 0 Cryptlib/OpenSSL/crypto/buffer/buf_err.c | 0 Cryptlib/OpenSSL/crypto/buffer/buf_str.c | 0 Cryptlib/OpenSSL/crypto/buffer/buffer.c | 0 Cryptlib/OpenSSL/crypto/cast/c_cfb64.c | 0 Cryptlib/OpenSSL/crypto/cast/c_ecb.c | 0 Cryptlib/OpenSSL/crypto/cast/c_enc.c | 0 Cryptlib/OpenSSL/crypto/cast/c_ofb64.c | 0 Cryptlib/OpenSSL/crypto/cast/c_skey.c | 0 Cryptlib/OpenSSL/crypto/comp/c_rle.c | 0 Cryptlib/OpenSSL/crypto/comp/c_zlib.c | 0 Cryptlib/OpenSSL/crypto/comp/comp_err.c | 0 Cryptlib/OpenSSL/crypto/comp/comp_lib.c | 0 Cryptlib/OpenSSL/crypto/conf/conf_api.c | 2 +- Cryptlib/OpenSSL/crypto/conf/conf_def.c | 2 +- Cryptlib/OpenSSL/crypto/conf/conf_err.c | 0 Cryptlib/OpenSSL/crypto/conf/conf_lib.c | 0 Cryptlib/OpenSSL/crypto/conf/conf_mall.c | 0 Cryptlib/OpenSSL/crypto/conf/conf_mod.c | 0 Cryptlib/OpenSSL/crypto/conf/conf_sap.c | 0 Cryptlib/OpenSSL/crypto/cpt_err.c | 0 Cryptlib/OpenSSL/crypto/cryptlib.c | 0 Cryptlib/OpenSSL/crypto/cversion.c | 0 Cryptlib/OpenSSL/crypto/des/cbc_cksm.c | 0 Cryptlib/OpenSSL/crypto/des/cbc_enc.c | 0 Cryptlib/OpenSSL/crypto/des/cfb64ede.c | 0 Cryptlib/OpenSSL/crypto/des/cfb64enc.c | 0 Cryptlib/OpenSSL/crypto/des/cfb_enc.c | 0 Cryptlib/OpenSSL/crypto/des/des_enc.c | 0 Cryptlib/OpenSSL/crypto/des/des_lib.c | 0 Cryptlib/OpenSSL/crypto/des/des_old.c | 0 Cryptlib/OpenSSL/crypto/des/des_old2.c | 0 Cryptlib/OpenSSL/crypto/des/ecb3_enc.c | 0 Cryptlib/OpenSSL/crypto/des/ecb_enc.c | 0 Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c | 0 Cryptlib/OpenSSL/crypto/des/enc_read.c | 0 Cryptlib/OpenSSL/crypto/des/enc_writ.c | 0 Cryptlib/OpenSSL/crypto/des/fcrypt.c | 0 Cryptlib/OpenSSL/crypto/des/fcrypt_b.c | 0 Cryptlib/OpenSSL/crypto/des/ofb64ede.c | 0 Cryptlib/OpenSSL/crypto/des/ofb64enc.c | 0 Cryptlib/OpenSSL/crypto/des/ofb_enc.c | 0 Cryptlib/OpenSSL/crypto/des/pcbc_enc.c | 0 Cryptlib/OpenSSL/crypto/des/qud_cksm.c | 0 Cryptlib/OpenSSL/crypto/des/rand_key.c | 0 Cryptlib/OpenSSL/crypto/des/read2pwd.c | 0 Cryptlib/OpenSSL/crypto/des/rpc_enc.c | 0 Cryptlib/OpenSSL/crypto/des/set_key.c | 0 Cryptlib/OpenSSL/crypto/des/str2key.c | 0 Cryptlib/OpenSSL/crypto/des/xcbc_enc.c | 0 Cryptlib/OpenSSL/crypto/dh/dh_asn1.c | 0 Cryptlib/OpenSSL/crypto/dh/dh_check.c | 0 Cryptlib/OpenSSL/crypto/dh/dh_depr.c | 0 Cryptlib/OpenSSL/crypto/dh/dh_err.c | 0 Cryptlib/OpenSSL/crypto/dh/dh_gen.c | 0 Cryptlib/OpenSSL/crypto/dh/dh_key.c | 0 Cryptlib/OpenSSL/crypto/dh/dh_lib.c | 0 Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c | 0 Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c | 0 Cryptlib/OpenSSL/crypto/dsa/dsa_err.c | 0 Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c | 0 Cryptlib/OpenSSL/crypto/dsa/dsa_key.c | 0 Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c | 0 Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c | 0 Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c | 0 Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c | 0 Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c | 0 Cryptlib/OpenSSL/crypto/dso/dso_dl.c | 0 Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c | 0 Cryptlib/OpenSSL/crypto/dso/dso_err.c | 0 Cryptlib/OpenSSL/crypto/dso/dso_lib.c | 0 Cryptlib/OpenSSL/crypto/dso/dso_null.c | 0 Cryptlib/OpenSSL/crypto/dso/dso_openssl.c | 0 Cryptlib/OpenSSL/crypto/dso/dso_vms.c | 0 Cryptlib/OpenSSL/crypto/dso/dso_win32.c | 0 Cryptlib/OpenSSL/crypto/dyn_lck.c | 0 Cryptlib/OpenSSL/crypto/ebcdic.c | 0 Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 0 Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c | 0 Cryptlib/OpenSSL/crypto/ec/ec_asn1.c | 0 Cryptlib/OpenSSL/crypto/ec/ec_check.c | 0 Cryptlib/OpenSSL/crypto/ec/ec_curve.c | 0 Cryptlib/OpenSSL/crypto/ec/ec_cvt.c | 0 Cryptlib/OpenSSL/crypto/ec/ec_err.c | 0 Cryptlib/OpenSSL/crypto/ec/ec_key.c | 0 Cryptlib/OpenSSL/crypto/ec/ec_lib.c | 2 +- Cryptlib/OpenSSL/crypto/ec/ec_mult.c | 0 Cryptlib/OpenSSL/crypto/ec/ec_print.c | 0 Cryptlib/OpenSSL/crypto/ec/ecp_mont.c | 0 Cryptlib/OpenSSL/crypto/ec/ecp_nist.c | 0 Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c | 190 ++-- Cryptlib/OpenSSL/crypto/ecdh/ech_err.c | 0 Cryptlib/OpenSSL/crypto/ecdh/ech_key.c | 0 Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c | 0 Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c | 0 Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c | 0 Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c | 0 Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c | 0 Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c | 0 Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c | 0 Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c | 0 Cryptlib/OpenSSL/crypto/engine/eng_all.c | 0 Cryptlib/OpenSSL/crypto/engine/eng_cnf.c | 0 .../OpenSSL/crypto/engine/eng_cryptodev.c | 0 Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c | 0 Cryptlib/OpenSSL/crypto/engine/eng_dyn.c | 0 Cryptlib/OpenSSL/crypto/engine/eng_err.c | 0 Cryptlib/OpenSSL/crypto/engine/eng_fat.c | 0 Cryptlib/OpenSSL/crypto/engine/eng_init.c | 0 Cryptlib/OpenSSL/crypto/engine/eng_lib.c | 0 Cryptlib/OpenSSL/crypto/engine/eng_list.c | 0 Cryptlib/OpenSSL/crypto/engine/eng_openssl.c | 0 Cryptlib/OpenSSL/crypto/engine/eng_padlock.c | 0 Cryptlib/OpenSSL/crypto/engine/eng_pkey.c | 0 Cryptlib/OpenSSL/crypto/engine/eng_table.c | 0 Cryptlib/OpenSSL/crypto/engine/tb_cipher.c | 0 Cryptlib/OpenSSL/crypto/engine/tb_dh.c | 0 Cryptlib/OpenSSL/crypto/engine/tb_digest.c | 0 Cryptlib/OpenSSL/crypto/engine/tb_dsa.c | 0 Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c | 0 Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c | 0 Cryptlib/OpenSSL/crypto/engine/tb_rand.c | 0 Cryptlib/OpenSSL/crypto/engine/tb_rsa.c | 0 Cryptlib/OpenSSL/crypto/engine/tb_store.c | 0 Cryptlib/OpenSSL/crypto/err/err.c | 0 Cryptlib/OpenSSL/crypto/err/err_all.c | 0 Cryptlib/OpenSSL/crypto/err/err_bio.c | 0 Cryptlib/OpenSSL/crypto/err/err_def.c | 0 Cryptlib/OpenSSL/crypto/err/err_prn.c | 0 Cryptlib/OpenSSL/crypto/err/err_str.c | 0 Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 0 Cryptlib/OpenSSL/crypto/evp/bio_enc.c | 0 Cryptlib/OpenSSL/crypto/evp/bio_md.c | 0 Cryptlib/OpenSSL/crypto/evp/bio_ok.c | 0 Cryptlib/OpenSSL/crypto/evp/c_all.c | 0 Cryptlib/OpenSSL/crypto/evp/c_allc.c | 0 Cryptlib/OpenSSL/crypto/evp/c_alld.c | 0 Cryptlib/OpenSSL/crypto/evp/dig_eng.c | 0 Cryptlib/OpenSSL/crypto/evp/digest.c | 0 Cryptlib/OpenSSL/crypto/evp/e_aes.c | 0 Cryptlib/OpenSSL/crypto/evp/e_bf.c | 0 Cryptlib/OpenSSL/crypto/evp/e_cast.c | 0 Cryptlib/OpenSSL/crypto/evp/e_des.c | 0 Cryptlib/OpenSSL/crypto/evp/e_des3.c | 0 Cryptlib/OpenSSL/crypto/evp/e_idea.c | 0 Cryptlib/OpenSSL/crypto/evp/e_null.c | 0 Cryptlib/OpenSSL/crypto/evp/e_old.c | 0 Cryptlib/OpenSSL/crypto/evp/e_rc2.c | 0 Cryptlib/OpenSSL/crypto/evp/e_rc4.c | 0 Cryptlib/OpenSSL/crypto/evp/e_rc5.c | 0 Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c | 0 Cryptlib/OpenSSL/crypto/evp/enc_min.c | 0 Cryptlib/OpenSSL/crypto/evp/encode.c | 0 Cryptlib/OpenSSL/crypto/evp/evp_acnf.c | 0 Cryptlib/OpenSSL/crypto/evp/evp_cnf.c | 0 Cryptlib/OpenSSL/crypto/evp/evp_enc.c | 0 Cryptlib/OpenSSL/crypto/evp/evp_err.c | 0 Cryptlib/OpenSSL/crypto/evp/evp_key.c | 0 Cryptlib/OpenSSL/crypto/evp/evp_lib.c | 0 Cryptlib/OpenSSL/crypto/evp/evp_pbe.c | 0 Cryptlib/OpenSSL/crypto/evp/evp_pkey.c | 0 Cryptlib/OpenSSL/crypto/evp/m_dss.c | 0 Cryptlib/OpenSSL/crypto/evp/m_dss1.c | 0 Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c | 0 Cryptlib/OpenSSL/crypto/evp/m_md2.c | 0 Cryptlib/OpenSSL/crypto/evp/m_md4.c | 0 Cryptlib/OpenSSL/crypto/evp/m_md5.c | 0 Cryptlib/OpenSSL/crypto/evp/m_null.c | 0 Cryptlib/OpenSSL/crypto/evp/m_ripemd.c | 0 Cryptlib/OpenSSL/crypto/evp/m_sha.c | 0 Cryptlib/OpenSSL/crypto/evp/m_sha1.c | 0 Cryptlib/OpenSSL/crypto/evp/names.c | 0 Cryptlib/OpenSSL/crypto/evp/p5_crpt.c | 0 Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c | 0 Cryptlib/OpenSSL/crypto/evp/p_dec.c | 0 Cryptlib/OpenSSL/crypto/evp/p_enc.c | 0 Cryptlib/OpenSSL/crypto/evp/p_lib.c | 0 Cryptlib/OpenSSL/crypto/evp/p_open.c | 0 Cryptlib/OpenSSL/crypto/evp/p_seal.c | 0 Cryptlib/OpenSSL/crypto/evp/p_sign.c | 0 Cryptlib/OpenSSL/crypto/evp/p_verify.c | 0 Cryptlib/OpenSSL/crypto/ex_data.c | 0 Cryptlib/OpenSSL/crypto/fips_err.c | 0 Cryptlib/OpenSSL/crypto/hmac/hmac.c | 0 Cryptlib/OpenSSL/crypto/idea/i_cbc.c | 0 Cryptlib/OpenSSL/crypto/idea/i_cfb64.c | 0 Cryptlib/OpenSSL/crypto/idea/i_ecb.c | 0 Cryptlib/OpenSSL/crypto/idea/i_ofb64.c | 0 Cryptlib/OpenSSL/crypto/idea/i_skey.c | 0 Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c | 0 Cryptlib/OpenSSL/crypto/lhash/lh_stats.c | 0 Cryptlib/OpenSSL/crypto/lhash/lhash.c | 0 Cryptlib/OpenSSL/crypto/md2/md2_dgst.c | 0 Cryptlib/OpenSSL/crypto/md2/md2_one.c | 0 Cryptlib/OpenSSL/crypto/md4/md4_dgst.c | 0 Cryptlib/OpenSSL/crypto/md4/md4_one.c | 0 Cryptlib/OpenSSL/crypto/md5/md5_dgst.c | 0 Cryptlib/OpenSSL/crypto/md5/md5_one.c | 0 Cryptlib/OpenSSL/crypto/mem.c | 0 Cryptlib/OpenSSL/crypto/mem_clr.c | 0 Cryptlib/OpenSSL/crypto/mem_dbg.c | 0 Cryptlib/OpenSSL/crypto/o_dir.c | 0 Cryptlib/OpenSSL/crypto/o_init.c | 0 Cryptlib/OpenSSL/crypto/o_str.c | 0 Cryptlib/OpenSSL/crypto/o_time.c | 0 Cryptlib/OpenSSL/crypto/objects/o_names.c | 0 Cryptlib/OpenSSL/crypto/objects/obj_dat.c | 16 +- Cryptlib/OpenSSL/crypto/objects/obj_err.c | 0 Cryptlib/OpenSSL/crypto/objects/obj_lib.c | 0 Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c | 0 Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c | 0 Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c | 0 Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c | 0 Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c | 3 + Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c | 13 +- Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c | 0 Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c | 0 Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 0 Cryptlib/OpenSSL/crypto/pem/pem_all.c | 0 Cryptlib/OpenSSL/crypto/pem/pem_err.c | 0 Cryptlib/OpenSSL/crypto/pem/pem_info.c | 0 Cryptlib/OpenSSL/crypto/pem/pem_lib.c | 0 Cryptlib/OpenSSL/crypto/pem/pem_oth.c | 0 Cryptlib/OpenSSL/crypto/pem/pem_pk8.c | 0 Cryptlib/OpenSSL/crypto/pem/pem_pkey.c | 0 Cryptlib/OpenSSL/crypto/pem/pem_seal.c | 0 Cryptlib/OpenSSL/crypto/pem/pem_sign.c | 0 Cryptlib/OpenSSL/crypto/pem/pem_x509.c | 0 Cryptlib/OpenSSL/crypto/pem/pem_xaux.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c | 0 Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c | 0 Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c | 0 Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c | 0 Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 0 Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c | 0 Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c | 0 Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 0 Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c | 0 Cryptlib/OpenSSL/crypto/pqueue/pqueue.c | 0 Cryptlib/OpenSSL/crypto/rand/md_rand.c | 0 Cryptlib/OpenSSL/crypto/rand/rand_egd.c | 0 Cryptlib/OpenSSL/crypto/rand/rand_eng.c | 0 Cryptlib/OpenSSL/crypto/rand/rand_err.c | 0 Cryptlib/OpenSSL/crypto/rand/rand_lib.c | 0 Cryptlib/OpenSSL/crypto/rand/rand_nw.c | 0 Cryptlib/OpenSSL/crypto/rand/rand_os2.c | 0 Cryptlib/OpenSSL/crypto/rand/rand_unix.c | 0 Cryptlib/OpenSSL/crypto/rand/rand_win.c | 0 Cryptlib/OpenSSL/crypto/rand/randfile.c | 0 Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c | 0 Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c | 0 Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c | 0 Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c | 0 Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c | 0 Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c | 0 Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c | 0 Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c | 0 Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c | 0 Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c | 2 +- Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_err.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_none.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_null.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c | 0 Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c | 0 Cryptlib/OpenSSL/crypto/sha/sha1_one.c | 0 Cryptlib/OpenSSL/crypto/sha/sha1dgst.c | 0 Cryptlib/OpenSSL/crypto/sha/sha256.c | 0 Cryptlib/OpenSSL/crypto/sha/sha512.c | 0 Cryptlib/OpenSSL/crypto/sha/sha_dgst.c | 0 Cryptlib/OpenSSL/crypto/sha/sha_one.c | 0 Cryptlib/OpenSSL/crypto/stack/stack.c | 0 Cryptlib/OpenSSL/crypto/store/str_err.c | 0 Cryptlib/OpenSSL/crypto/store/str_lib.c | 0 Cryptlib/OpenSSL/crypto/store/str_mem.c | 0 Cryptlib/OpenSSL/crypto/store/str_meth.c | 0 Cryptlib/OpenSSL/crypto/txt_db/txt_db.c | 0 Cryptlib/OpenSSL/crypto/ui/ui_compat.c | 0 Cryptlib/OpenSSL/crypto/ui/ui_err.c | 0 Cryptlib/OpenSSL/crypto/ui/ui_lib.c | 2 +- Cryptlib/OpenSSL/crypto/ui/ui_util.c | 0 Cryptlib/OpenSSL/crypto/uid.c | 0 Cryptlib/OpenSSL/crypto/x509/by_dir.c | 0 Cryptlib/OpenSSL/crypto/x509/by_file.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_att.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_cmp.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_d2.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_def.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_err.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_ext.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_lu.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_obj.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_r2x.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_req.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_set.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_trs.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_txt.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_v3.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 0 Cryptlib/OpenSSL/crypto/x509/x509_vpm.c | 0 Cryptlib/OpenSSL/crypto/x509/x509cset.c | 0 Cryptlib/OpenSSL/crypto/x509/x509name.c | 0 Cryptlib/OpenSSL/crypto/x509/x509rset.c | 0 Cryptlib/OpenSSL/crypto/x509/x509spki.c | 0 Cryptlib/OpenSSL/crypto/x509/x509type.c | 0 Cryptlib/OpenSSL/crypto/x509/x_all.c | 0 Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c | 0 Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c | 0 Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c | 0 Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c | 0 Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c | 0 Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_info.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_int.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c | 0 Cryptlib/OpenSSL/crypto/x509v3/v3err.c | 0 Cryptlib/OpenSSL/e_os.h | 0 Cryptlib/OpenSSL/update.sh | 999 +++++++++--------- Cryptlib/Pk/CryptAuthenticode.c | 4 +- 500 files changed, 729 insertions(+), 687 deletions(-) mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_cbc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_cfb.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_core.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ctr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ecb.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ige.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_misc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_ofb.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/aes/aes_wrap.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bool.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_bytes.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_digest.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_dup.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_enum.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_gentm.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_hdr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_int.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_meth.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_object.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_octet.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_print.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_set.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_sign.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_strex.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_strnid.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_time.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_type.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_utctm.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_utf8.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/a_verify.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn1_par.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_mime.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_moid.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/asn_pack.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_enum.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_int.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/f_string.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/n_pkey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/nsseq.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_bitst.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_crl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_pkey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_req.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_spki.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_x509.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/t_x509a.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_new.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_algor.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_attrib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_bignum.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_crl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_exten.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_info.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_long.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_name.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_pkey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_req.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_sig.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_spki.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_val.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_x509.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/asn1/x_x509a.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_ecb.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bf/bf_skey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/b_dump.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_buff.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_nbio.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bf_null.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_cb.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bio_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_bio.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_dgram.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_fd.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_file.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_log.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_mem.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bio/bss_null.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_add.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_asm.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_blind.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_const.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_ctx.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_depr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_div.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_exp.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_exp2.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_gcd.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_kron.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mod.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mont.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mpi.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_mul.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_nist.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_opt.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_prime.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_print.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_rand.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_recp.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_shift.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_sqr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_word.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/bn/bn_x931p.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buf_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buf_str.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/buffer/buffer.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_cfb64.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_ecb.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_ofb64.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cast/c_skey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/c_rle.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/c_zlib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/comp_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/comp/comp_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_api.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_def.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_mall.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_mod.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/conf/conf_sap.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cpt_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cryptlib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/cversion.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cbc_cksm.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cbc_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb64ede.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb64enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/cfb_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_old.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/des_old2.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ecb3_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ecb_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/enc_read.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/enc_writ.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/fcrypt.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/fcrypt_b.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb64ede.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb64enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/ofb_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/pcbc_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/qud_cksm.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/rand_key.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/read2pwd.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/rpc_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/set_key.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/str2key.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/des/xcbc_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_asn1.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_check.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_depr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_gen.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_key.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dh/dh_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_key.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_dl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_null.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_openssl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_vms.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dso/dso_win32.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/dyn_lck.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ebcdic.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec2_mult.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_asn1.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_check.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_curve.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_cvt.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_key.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_mult.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ec_print.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_mont.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_nist.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_key.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_all.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_cnf.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_dyn.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_fat.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_init.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_list.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_openssl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_padlock.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_pkey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/eng_table.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_cipher.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_dh.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_digest.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_dsa.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_rand.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_rsa.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/engine/tb_store.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_all.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_bio.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_def.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_prn.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/err/err_str.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_b64.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_md.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/bio_ok.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_all.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_allc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/c_alld.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/dig_eng.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/digest.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_aes.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_bf.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_cast.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_des.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_des3.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_idea.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_null.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_old.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc2.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc4.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_rc5.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/enc_min.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/encode.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_acnf.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_cnf.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_key.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_pbe.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/evp_pkey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_dss.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_dss1.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md2.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md4.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_md5.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_null.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_ripemd.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_sha.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/m_sha1.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/names.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p5_crpt.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_dec.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_open.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_seal.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_sign.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/evp/p_verify.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ex_data.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/fips_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/hmac/hmac.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_cbc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_cfb64.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_ecb.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_ofb64.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/idea/i_skey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/lhash/lh_stats.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/lhash/lhash.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md2/md2_dgst.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md2/md2_one.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md4/md4_dgst.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md4/md4_one.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md5/md5_dgst.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/md5/md5_one.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem_clr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/mem_dbg.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_dir.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_init.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_str.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/o_time.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/o_names.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_dat.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/objects/obj_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_all.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_info.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_oth.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_pk8.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_pkey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_seal.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_sign.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_x509.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pem/pem_xaux.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/pqueue/pqueue.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/md_rand.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_egd.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_eng.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_nw.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_os2.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_unix.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/rand_win.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rand/randfile.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_none.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_null.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha1_one.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha1dgst.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha256.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha512.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha_dgst.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/sha/sha_one.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/stack/stack.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_mem.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/store/str_meth.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/txt_db/txt_db.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_compat.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/ui/ui_util.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/uid.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/by_dir.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/by_file.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_att.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_cmp.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_d2.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_def.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_err.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_ext.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_lu.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_obj.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_r2x.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_req.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_set.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_trs.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_txt.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_v3.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_vfy.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509_vpm.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509cset.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509name.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509rset.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509spki.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x509type.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509/x_all.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_info.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_int.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c mode change 100755 => 100644 Cryptlib/OpenSSL/crypto/x509v3/v3err.c mode change 100755 => 100644 Cryptlib/OpenSSL/e_os.h diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_core.c b/Cryptlib/OpenSSL/crypto/aes/aes_core.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bool.c b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_enum.c b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c b/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_meth.c b/Cryptlib/OpenSSL/crypto/asn1/a_meth.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_object.c b/Cryptlib/OpenSSL/crypto/asn1/a_object.c old mode 100755 new mode 100644 index 3ac2bc2..e50501a --- a/Cryptlib/OpenSSL/crypto/asn1/a_object.c +++ b/Cryptlib/OpenSSL/crypto/asn1/a_object.c @@ -285,16 +285,28 @@ err: ASN1_OBJECT_free(ret); return(NULL); } + ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len) { ASN1_OBJECT *ret=NULL; const unsigned char *p; - int i; - /* Sanity check OID encoding: can't have leading 0x80 in - * subidentifiers, see: X.690 8.19.2 + int i, length; + + /* Sanity check OID encoding. + * Need at least one content octet. + * MSB must be clear in the last octet. + * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 */ - for (i = 0, p = *pp; i < len; i++, p++) + if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || + p[len - 1] & 0x80) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + /* Now 0 < len <= INT_MAX, so the cast is safe. */ + length = (int)len; + for (i = 0; i < length; i++, p++) { if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { @@ -313,20 +325,20 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, else ret=(*a); p= *pp; - if ((ret->data == NULL) || (ret->length < len)) + if ((ret->data == NULL) || (ret->length < length)) { if (ret->data != NULL) OPENSSL_free(ret->data); - ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); + ret->data=(unsigned char *)OPENSSL_malloc(length); ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; if (ret->data == NULL) { i=ERR_R_MALLOC_FAILURE; goto err; } } - memcpy(ret->data,p,(int)len); - ret->length=(int)len; + memcpy(ret->data,p,length); + ret->length=length; ret->sn=NULL; ret->ln=NULL; /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ - p+=len; + p+=length; if (a != NULL) (*a)=ret; *pp=p; diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_print.c b/Cryptlib/OpenSSL/crypto/asn1/a_print.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_set.c b/Cryptlib/OpenSSL/crypto/asn1/a_set.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_time.c b/Cryptlib/OpenSSL/crypto/asn1/a_time.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_type.c b/Cryptlib/OpenSSL/crypto/asn1/a_type.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c old mode 100755 new mode 100644 index 5af559e..d345155 --- a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c +++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c @@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, *pclass=xclass; if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; + if (inf && !(ret & V_ASN1_CONSTRUCTED)) + goto err; + #if 0 fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c old mode 100755 new mode 100644 index ad8fbed..095887f --- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c +++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c @@ -595,6 +595,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) int len, state, save_state = 0; headers = sk_MIME_HEADER_new(mime_hdr_cmp); + if (!headers) + return NULL; while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { /* If whitespace at line start then continuation line */ if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c old mode 100755 new mode 100644 index f1a5a05..c373714 --- a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c +++ b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c @@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct) if (!(octmp->length = i2d(obj, NULL))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); - return NULL; + goto err; } if (!(p = OPENSSL_malloc (octmp->length))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } octmp->data = p; i2d (obj, &p); return octmp; + err: + if (!oct || !*oct) + { + ASN1_STRING_free(octmp); + if (oct) + *oct = NULL; + } + return NULL; } #endif diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c old mode 100755 new mode 100644 index f3d9804..1b94459 --- a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c +++ b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c @@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) ASN1_STRING *os; if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); - if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0); + if (!M_ASN1_OCTET_STRING_set(os,data,len)) + { + M_ASN1_OCTET_STRING_free(os); + return 0; + } ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); return(1); } diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_enum.c b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_int.c b/Cryptlib/OpenSSL/crypto/asn1/f_int.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_string.c b/Cryptlib/OpenSSL/crypto/asn1/f_string.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c old mode 100755 new mode 100644 index 6f295b4..f9dad0e --- a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c +++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c @@ -465,6 +465,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) l=80-2-obase; b=X509_NAME_oneline(name,NULL,0); + if (!b) + return 0; if (!*b) { OPENSSL_free(b); diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c old mode 100755 new mode 100644 index 2721f90..b3687f9 --- a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c +++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c @@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, { derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst)); - tmpdat = OPENSSL_malloc(skcontlen); - if (!derlst || !tmpdat) + if (!derlst) return 0; + tmpdat = OPENSSL_malloc(skcontlen); + if (!tmpdat) + { + OPENSSL_free(derlst); + return 0; + } } } /* If not sorting just output each item */ diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_exten.c b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_info.c b/Cryptlib/OpenSSL/crypto/asn1/x_info.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_long.c b/Cryptlib/OpenSSL/crypto/asn1/x_long.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_name.c b/Cryptlib/OpenSSL/crypto/asn1/x_name.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_req.c b/Cryptlib/OpenSSL/crypto/asn1/x_req.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_val.c b/Cryptlib/OpenSSL/crypto/asn1/x_val.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c b/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_enc.c b/Cryptlib/OpenSSL/crypto/bf/bf_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_skey.c b/Cryptlib/OpenSSL/crypto/bf/bf_skey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bio/b_dump.c b/Cryptlib/OpenSSL/crypto/bio/b_dump.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_null.c b/Cryptlib/OpenSSL/crypto/bio/bf_null.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_err.c b/Cryptlib/OpenSSL/crypto/bio/bio_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c old mode 100755 new mode 100644 index 371cdf5..6346c19 --- a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c +++ b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c @@ -132,8 +132,8 @@ int BIO_free(BIO *a) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); - if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - a->method->destroy(a); + if ((a->method != NULL) && (a->method->destroy != NULL)) + a->method->destroy(a); OPENSSL_free(a); return(1); } diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_file.c b/Cryptlib/OpenSSL/crypto/bio/bss_file.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_log.c b/Cryptlib/OpenSSL/crypto/bio/bss_log.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_null.c b/Cryptlib/OpenSSL/crypto/bio/bss_null.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_add.c b/Cryptlib/OpenSSL/crypto/bn/bn_add.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_const.c b/Cryptlib/OpenSSL/crypto/bn/bn_const.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_div.c b/Cryptlib/OpenSSL/crypto/bn/bn_div.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_err.c b/Cryptlib/OpenSSL/crypto/bn/bn_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c old mode 100755 new mode 100644 index 5d90f1e..28f1fa8 --- a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c @@ -1095,3 +1095,54 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) return 1; } +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c old mode 100755 new mode 100644 index b66f507..c288844 --- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c @@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); return(NULL); } +#ifdef PURIFY + /* Valgrind complains in BN_consttime_swap because we process the whole + * array even if it's not initialised yet. This doesn't matter in that + * function - what's important is constant time operation (we're not + * actually going to use the data) + */ + memset(a, 0, sizeof(BN_ULONG)*words); +#endif + #if 1 B=b->d; /* Check if the previous number needs to be copied */ @@ -824,55 +833,3 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, } return bn_cmp_words(a,b,cl); } - -/* - * Constant-time conditional swap of a and b. - * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. - * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, - * and that no more than nwords are used by either a or b. - * a and b cannot be the same number - */ -void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) - { - BN_ULONG t; - int i; - - bn_wcheck_size(a, nwords); - bn_wcheck_size(b, nwords); - - assert(a != b); - assert((condition & (condition - 1)) == 0); - assert(sizeof(BN_ULONG) >= sizeof(int)); - - condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; - - t = (a->top^b->top) & condition; - a->top ^= t; - b->top ^= t; - -#define BN_CONSTTIME_SWAP(ind) \ - do { \ - t = (a->d[ind] ^ b->d[ind]) & condition; \ - a->d[ind] ^= t; \ - b->d[ind] ^= t; \ - } while (0) - - - switch (nwords) { - default: - for (i = 10; i < nwords; i++) - BN_CONSTTIME_SWAP(i); - /* Fallthrough */ - case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ - case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ - case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ - case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ - case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ - case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ - case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ - case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ - case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ - case 1: BN_CONSTTIME_SWAP(0); - } -#undef BN_CONSTTIME_SWAP -} diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c b/Cryptlib/OpenSSL/crypto/bn/bn_opt.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_print.c b/Cryptlib/OpenSSL/crypto/bn/bn_print.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c old mode 100755 new mode 100644 index 270d0cd..65bbf16 --- a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c @@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) if (al <= 0) { r->top=0; + r->neg = 0; return 1; } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/buffer/buffer.c b/Cryptlib/OpenSSL/crypto/buffer/buffer.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c b/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ecb.c b/Cryptlib/OpenSSL/crypto/cast/c_ecb.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/cast/c_enc.c b/Cryptlib/OpenSSL/crypto/cast/c_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c b/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/cast/c_skey.c b/Cryptlib/OpenSSL/crypto/cast/c_skey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/comp/c_rle.c b/Cryptlib/OpenSSL/crypto/comp/c_rle.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_err.c b/Cryptlib/OpenSSL/crypto/comp/comp_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_api.c b/Cryptlib/OpenSSL/crypto/conf/conf_api.c old mode 100755 new mode 100644 index 17bae83..55d1d50 --- a/Cryptlib/OpenSSL/crypto/conf/conf_api.c +++ b/Cryptlib/OpenSSL/crypto/conf/conf_api.c @@ -294,7 +294,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) v->value=(char *)sk; vv=(CONF_VALUE *)lh_insert(conf->data,v); - assert(vv == NULL); + OPENSSL_assert(vv == NULL); ok=1; err: if (!ok) diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.c b/Cryptlib/OpenSSL/crypto/conf/conf_def.c old mode 100755 new mode 100644 index 3c58936..a168339 --- a/Cryptlib/OpenSSL/crypto/conf/conf_def.c +++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.c @@ -324,7 +324,7 @@ again: p=eat_ws(conf, end); if (*p != ']') { - if (*p != '\0') + if (*p != '\0' && ss != p) { ss=p; goto again; diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_err.c b/Cryptlib/OpenSSL/crypto/conf/conf_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/cpt_err.c b/Cryptlib/OpenSSL/crypto/cpt_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/cversion.c b/Cryptlib/OpenSSL/crypto/cversion.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_enc.c b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64ede.c b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64enc.c b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/cfb_enc.c b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/des_enc.c b/Cryptlib/OpenSSL/crypto/des/des_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/des_lib.c b/Cryptlib/OpenSSL/crypto/des/des_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/des_old.c b/Cryptlib/OpenSSL/crypto/des/des_old.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/des_old2.c b/Cryptlib/OpenSSL/crypto/des/des_old2.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/enc_read.c b/Cryptlib/OpenSSL/crypto/des/enc_read.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/enc_writ.c b/Cryptlib/OpenSSL/crypto/des/enc_writ.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt.c b/Cryptlib/OpenSSL/crypto/des/fcrypt.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64ede.c b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64enc.c b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/ofb_enc.c b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/qud_cksm.c b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/rand_key.c b/Cryptlib/OpenSSL/crypto/des/rand_key.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/read2pwd.c b/Cryptlib/OpenSSL/crypto/des/read2pwd.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/rpc_enc.c b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/set_key.c b/Cryptlib/OpenSSL/crypto/des/set_key.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/str2key.c b/Cryptlib/OpenSSL/crypto/des/str2key.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_check.c b/Cryptlib/OpenSSL/crypto/dh/dh_check.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_err.c b/Cryptlib/OpenSSL/crypto/dh/dh_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_key.c b/Cryptlib/OpenSSL/crypto/dh/dh_key.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_err.c b/Cryptlib/OpenSSL/crypto/dso/dso_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_null.c b/Cryptlib/OpenSSL/crypto/dso/dso_null.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/dyn_lck.c b/Cryptlib/OpenSSL/crypto/dyn_lck.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ebcdic.c b/Cryptlib/OpenSSL/crypto/ebcdic.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c b/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_check.c b/Cryptlib/OpenSSL/crypto/ec/ec_check.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_curve.c b/Cryptlib/OpenSSL/crypto/ec/ec_curve.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c b/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_err.c b/Cryptlib/OpenSSL/crypto/ec/ec_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c old mode 100755 new mode 100644 index bbf2799..e7d11ff --- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c @@ -1010,7 +1010,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX * int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) { - if (group->meth->dbl == 0) + if (group->meth->invert == 0) { ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec_mult.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_print.c b/Cryptlib/OpenSSL/crypto/ec/ec_print.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c b/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c b/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c old mode 100755 new mode 100644 index 66a92e2..b239088 --- a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c +++ b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c @@ -1540,9 +1540,8 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ct int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) { BN_CTX *new_ctx = NULL; - BIGNUM *tmp0, *tmp1; - size_t pow2 = 0; - BIGNUM **heap = NULL; + BIGNUM *tmp, *tmp_Z; + BIGNUM **prod_Z = NULL; size_t i; int ret = 0; @@ -1557,124 +1556,104 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT } BN_CTX_start(ctx); - tmp0 = BN_CTX_get(ctx); - tmp1 = BN_CTX_get(ctx); - if (tmp0 == NULL || tmp1 == NULL) goto err; + tmp = BN_CTX_get(ctx); + tmp_Z = BN_CTX_get(ctx); + if (tmp == NULL || tmp_Z == NULL) goto err; - /* Before converting the individual points, compute inverses of all Z values. - * Modular inversion is rather slow, but luckily we can do with a single - * explicit inversion, plus about 3 multiplications per input value. - */ - - pow2 = 1; - while (num > pow2) - pow2 <<= 1; - /* Now pow2 is the smallest power of 2 satifsying pow2 >= num. - * We need twice that. */ - pow2 <<= 1; - - heap = OPENSSL_malloc(pow2 * sizeof heap[0]); - if (heap == NULL) goto err; - - /* The array is used as a binary tree, exactly as in heapsort: - * - * heap[1] - * heap[2] heap[3] - * heap[4] heap[5] heap[6] heap[7] - * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15] - * - * We put the Z's in the last line; - * then we set each other node to the product of its two child-nodes (where - * empty or 0 entries are treated as ones); - * then we invert heap[1]; - * then we invert each other node by replacing it by the product of its - * parent (after inversion) and its sibling (before inversion). - */ - heap[0] = NULL; - for (i = pow2/2 - 1; i > 0; i--) - heap[i] = NULL; + prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); + if (prod_Z == NULL) goto err; for (i = 0; i < num; i++) - heap[pow2/2 + i] = &points[i]->Z; - for (i = pow2/2 + num; i < pow2; i++) - heap[i] = NULL; - - /* set each node to the product of its children */ - for (i = pow2/2 - 1; i > 0; i--) { - heap[i] = BN_new(); - if (heap[i] == NULL) goto err; - - if (heap[2*i] != NULL) - { - if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1])) - { - if (!BN_copy(heap[i], heap[2*i])) goto err; - } - else - { - if (BN_is_zero(heap[2*i])) - { - if (!BN_copy(heap[i], heap[2*i + 1])) goto err; - } - else - { - if (!group->meth->field_mul(group, heap[i], - heap[2*i], heap[2*i + 1], ctx)) goto err; - } - } - } + prod_Z[i] = BN_new(); + if (prod_Z[i] == NULL) goto err; } - /* invert heap[1] */ - if (!BN_is_zero(heap[1])) - { - if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx)) - { - ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); - goto err; - } - } - if (group->meth->field_encode != 0) - { - /* in the Montgomery case, we just turned R*H (representing H) - * into 1/(R*H), but we need R*(1/H) (representing 1/H); - * i.e. we have need to multiply by the Montgomery factor twice */ - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; - } + /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, + * skipping any zero-valued inputs (pretend that they're 1). */ - /* set other heap[i]'s to their inverses */ - for (i = 2; i < pow2/2 + num; i += 2) + if (!BN_is_zero(&points[0]->Z)) { - /* i is even */ - if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1])) + if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err; + } + else + { + if (group->meth->field_set_to_one != 0) { - if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err; - if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err; - if (!BN_copy(heap[i], tmp0)) goto err; - if (!BN_copy(heap[i + 1], tmp1)) goto err; + if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err; } else { - if (!BN_copy(heap[i], heap[i/2])) goto err; + if (!BN_one(prod_Z[0])) goto err; } } - /* we have replaced all non-zero Z's by their inverses, now fix up all the points */ + for (i = 1; i < num; i++) + { + if (!BN_is_zero(&points[i]->Z)) + { + if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err; + } + else + { + if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err; + } + } + + /* Now use a single explicit inversion to replace every + * non-zero points[i]->Z by its inverse. */ + + if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) + { + ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); + goto err; + } + if (group->meth->field_encode != 0) + { + /* In the Montgomery case, we just turned R*H (representing H) + * into 1/(R*H), but we need R*(1/H) (representing 1/H); + * i.e. we need to multiply by the Montgomery factor twice. */ + if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; + if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; + } + + for (i = num - 1; i > 0; --i) + { + /* Loop invariant: tmp is the product of the inverses of + * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */ + if (!BN_is_zero(&points[i]->Z)) + { + /* Set tmp_Z to the inverse of points[i]->Z (as product + * of Z inverses 0 .. i, Z values 0 .. i - 1). */ + if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err; + /* Update tmp to satisfy the loop invariant for i - 1. */ + if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err; + /* Replace points[i]->Z by its inverse. */ + if (!BN_copy(&points[i]->Z, tmp_Z)) goto err; + } + } + + if (!BN_is_zero(&points[0]->Z)) + { + /* Replace points[0]->Z by its inverse. */ + if (!BN_copy(&points[0]->Z, tmp)) goto err; + } + + /* Finally, fix up the X and Y coordinates for all points. */ + for (i = 0; i < num; i++) { EC_POINT *p = points[i]; - + if (!BN_is_zero(&p->Z)) { /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ - if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err; - if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err; + if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err; + if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err; + + if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err; + if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err; - if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err; - if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err; - if (group->meth->field_set_to_one != 0) { if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err; @@ -1688,20 +1667,19 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT } ret = 1; - + err: BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); - if (heap != NULL) + if (prod_Z != NULL) { - /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */ - for (i = pow2/2 - 1; i > 0; i--) + for (i = 0; i < num; i++) { - if (heap[i] != NULL) - BN_clear_free(heap[i]); + if (prod_Z[i] != NULL) + BN_clear_free(prod_Z[i]); } - OPENSSL_free(heap); + OPENSSL_free(prod_Z); } return ret; } diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c b/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c b/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c b/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c b/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_err.c b/Cryptlib/OpenSSL/crypto/engine/eng_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_fat.c b/Cryptlib/OpenSSL/crypto/engine/eng_fat.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_init.c b/Cryptlib/OpenSSL/crypto/engine/eng_init.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_lib.c b/Cryptlib/OpenSSL/crypto/engine/eng_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_list.c b/Cryptlib/OpenSSL/crypto/engine/eng_list.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c b/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c b/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c b/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_table.c b/Cryptlib/OpenSSL/crypto/engine/eng_table.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c b/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dh.c b/Cryptlib/OpenSSL/crypto/engine/tb_dh.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_digest.c b/Cryptlib/OpenSSL/crypto/engine/tb_digest.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rand.c b/Cryptlib/OpenSSL/crypto/engine/tb_rand.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_store.c b/Cryptlib/OpenSSL/crypto/engine/tb_store.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/err/err_bio.c b/Cryptlib/OpenSSL/crypto/err/err_bio.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/err/err_def.c b/Cryptlib/OpenSSL/crypto/err/err_def.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/err/err_prn.c b/Cryptlib/OpenSSL/crypto/err/err_prn.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/err/err_str.c b/Cryptlib/OpenSSL/crypto/err/err_str.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_md.c b/Cryptlib/OpenSSL/crypto/evp/bio_md.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/c_all.c b/Cryptlib/OpenSSL/crypto/evp/c_all.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/c_allc.c b/Cryptlib/OpenSSL/crypto/evp/c_allc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/c_alld.c b/Cryptlib/OpenSSL/crypto/evp/c_alld.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/dig_eng.c b/Cryptlib/OpenSSL/crypto/evp/dig_eng.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/digest.c b/Cryptlib/OpenSSL/crypto/evp/digest.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes.c b/Cryptlib/OpenSSL/crypto/evp/e_aes.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/e_bf.c b/Cryptlib/OpenSSL/crypto/evp/e_bf.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/e_cast.c b/Cryptlib/OpenSSL/crypto/evp/e_cast.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des.c b/Cryptlib/OpenSSL/crypto/evp/e_des.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des3.c b/Cryptlib/OpenSSL/crypto/evp/e_des3.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/e_idea.c b/Cryptlib/OpenSSL/crypto/evp/e_idea.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/e_null.c b/Cryptlib/OpenSSL/crypto/evp/e_null.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/e_old.c b/Cryptlib/OpenSSL/crypto/evp/e_old.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/enc_min.c b/Cryptlib/OpenSSL/crypto/evp/enc_min.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_err.c b/Cryptlib/OpenSSL/crypto/evp/evp_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_key.c b/Cryptlib/OpenSSL/crypto/evp/evp_key.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss.c b/Cryptlib/OpenSSL/crypto/evp/m_dss.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md2.c b/Cryptlib/OpenSSL/crypto/evp/m_md2.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md4.c b/Cryptlib/OpenSSL/crypto/evp/m_md4.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5.c b/Cryptlib/OpenSSL/crypto/evp/m_md5.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/m_null.c b/Cryptlib/OpenSSL/crypto/evp/m_null.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha.c b/Cryptlib/OpenSSL/crypto/evp/m_sha.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/names.c b/Cryptlib/OpenSSL/crypto/evp/names.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/p_dec.c b/Cryptlib/OpenSSL/crypto/evp/p_dec.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/p_enc.c b/Cryptlib/OpenSSL/crypto/evp/p_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/p_lib.c b/Cryptlib/OpenSSL/crypto/evp/p_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/p_open.c b/Cryptlib/OpenSSL/crypto/evp/p_open.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/p_seal.c b/Cryptlib/OpenSSL/crypto/evp/p_seal.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/p_sign.c b/Cryptlib/OpenSSL/crypto/evp/p_sign.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/evp/p_verify.c b/Cryptlib/OpenSSL/crypto/evp/p_verify.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ex_data.c b/Cryptlib/OpenSSL/crypto/ex_data.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/fips_err.c b/Cryptlib/OpenSSL/crypto/fips_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/hmac/hmac.c b/Cryptlib/OpenSSL/crypto/hmac/hmac.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cbc.c b/Cryptlib/OpenSSL/crypto/idea/i_cbc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c b/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ecb.c b/Cryptlib/OpenSSL/crypto/idea/i_ecb.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c b/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/idea/i_skey.c b/Cryptlib/OpenSSL/crypto/idea/i_skey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash.c b/Cryptlib/OpenSSL/crypto/lhash/lhash.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c b/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_one.c b/Cryptlib/OpenSSL/crypto/md2/md2_one.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_one.c b/Cryptlib/OpenSSL/crypto/md4/md4_one.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_one.c b/Cryptlib/OpenSSL/crypto/md5/md5_one.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/mem.c b/Cryptlib/OpenSSL/crypto/mem.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/mem_clr.c b/Cryptlib/OpenSSL/crypto/mem_clr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/o_dir.c b/Cryptlib/OpenSSL/crypto/o_dir.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/o_str.c b/Cryptlib/OpenSSL/crypto/o_str.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/o_time.c b/Cryptlib/OpenSSL/crypto/o_time.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/objects/o_names.c b/Cryptlib/OpenSSL/crypto/objects/o_names.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c old mode 100755 new mode 100644 index 760af16..cf5ba2a --- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c +++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c @@ -444,11 +444,12 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) unsigned char *p; char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; - if ((a == NULL) || (a->data == NULL)) { - buf[0]='\0'; - return(0); - } + /* Ensure that, at every state, |buf| is NUL-terminated. */ + if (buf && buf_len > 0) + buf[0] = '\0'; + if ((a == NULL) || (a->data == NULL)) + return(0); if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef) { @@ -527,9 +528,10 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) i=(int)(l/40); l-=(long)(i*40); } - if (buf && (buf_len > 0)) + if (buf && (buf_len > 1)) { *buf++ = i + '0'; + *buf = '\0'; buf_len--; } n++; @@ -544,9 +546,10 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) i = strlen(bndec); if (buf) { - if (buf_len > 0) + if (buf_len > 1) { *buf++ = '.'; + *buf = '\0'; buf_len--; } BUF_strlcpy(buf,bndec,buf_len); @@ -786,4 +789,3 @@ err: OPENSSL_free(buf); return(ok); } - diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_err.c b/Cryptlib/OpenSSL/crypto/objects/obj_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c old mode 100755 new mode 100644 index 92aba08..fb87cd7 --- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c +++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c @@ -464,6 +464,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) ctx = OCSP_sendreq_new(b, path, req, -1); + if (!ctx) + return NULL; + do { rv = OCSP_sendreq_nbio(&resp, ctx); diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c old mode 100755 new mode 100644 index 441ccb7..5883b4e --- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c +++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c @@ -220,8 +220,19 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss if (!*ppath) goto mem_err; + p = host; + if(host[0] == '[') + { + /* ipv6 literal */ + host++; + p = strchr(host, ']'); + if(!p) goto parse_err; + *p = '\0'; + p++; + } + /* Look for optional ':' for port number */ - if ((p = strchr(host, ':'))) + if ((p = strchr(p, ':'))) { *p = 0; port = p + 1; diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_all.c b/Cryptlib/OpenSSL/crypto/pem/pem_all.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_err.c b/Cryptlib/OpenSSL/crypto/pem/pem_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_info.c b/Cryptlib/OpenSSL/crypto/pem/pem_info.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rand/md_rand.c b/Cryptlib/OpenSSL/crypto/rand/md_rand.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_eng.c b/Cryptlib/OpenSSL/crypto/rand/rand_eng.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_err.c b/Cryptlib/OpenSSL/crypto/rand/rand_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_nw.c b/Cryptlib/OpenSSL/crypto/rand/rand_nw.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_os2.c b/Cryptlib/OpenSSL/crypto/rand/rand_os2.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_win.c b/Cryptlib/OpenSSL/crypto/rand/rand_win.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rand/randfile.c b/Cryptlib/OpenSSL/crypto/rand/randfile.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c old mode 100755 new mode 100644 index d477f08..203d702 --- a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c +++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c @@ -457,7 +457,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, if (padding == RSA_X931_PADDING) { BN_sub(f, rsa->n, ret); - if (BN_cmp(ret, f)) + if (BN_cmp(ret, f) > 0) res = f; else res = ret; diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/sha/sha256.c b/Cryptlib/OpenSSL/crypto/sha/sha256.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/sha/sha512.c b/Cryptlib/OpenSSL/crypto/sha/sha512.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_one.c b/Cryptlib/OpenSSL/crypto/sha/sha_one.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/stack/stack.c b/Cryptlib/OpenSSL/crypto/stack/stack.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/store/str_err.c b/Cryptlib/OpenSSL/crypto/store/str_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/store/str_lib.c b/Cryptlib/OpenSSL/crypto/store/str_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/store/str_mem.c b/Cryptlib/OpenSSL/crypto/store/str_mem.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/store/str_meth.c b/Cryptlib/OpenSSL/crypto/store/str_meth.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_compat.c b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_err.c b/Cryptlib/OpenSSL/crypto/ui/ui_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c old mode 100755 new mode 100644 index ac01008..67013f8 --- a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c +++ b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c @@ -897,9 +897,9 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) break; } } + } default: break; } - } return 0; } diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_util.c b/Cryptlib/OpenSSL/crypto/ui/ui_util.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/uid.c b/Cryptlib/OpenSSL/crypto/uid.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/by_dir.c b/Cryptlib/OpenSSL/crypto/x509/by_dir.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/by_file.c b/Cryptlib/OpenSSL/crypto/x509/by_file.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_att.c b/Cryptlib/OpenSSL/crypto/x509/x509_att.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_def.c b/Cryptlib/OpenSSL/crypto/x509/x509_def.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_err.c b/Cryptlib/OpenSSL/crypto/x509/x509_err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_req.c b/Cryptlib/OpenSSL/crypto/x509/x509_req.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_set.c b/Cryptlib/OpenSSL/crypto/x509/x509_set.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509cset.c b/Cryptlib/OpenSSL/crypto/x509/x509cset.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509name.c b/Cryptlib/OpenSSL/crypto/x509/x509name.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509rset.c b/Cryptlib/OpenSSL/crypto/x509/x509rset.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509spki.c b/Cryptlib/OpenSSL/crypto/x509/x509spki.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x509type.c b/Cryptlib/OpenSSL/crypto/x509/x509type.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509/x_all.c b/Cryptlib/OpenSSL/crypto/x509/x_all.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/e_os.h b/Cryptlib/OpenSSL/e_os.h old mode 100755 new mode 100644 diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh index 95875e7..897ef2d 100755 --- a/Cryptlib/OpenSSL/update.sh +++ b/Cryptlib/OpenSSL/update.sh @@ -1,501 +1,504 @@ #/bin/sh DIR=$1 +version="0.9.8zb" -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/e_os.h e_os.h -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cryptlib.c crypto/cryptlib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dyn_lck.c crypto/dyn_lck.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem.c crypto/mem.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_clr.c crypto/mem_clr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/mem_dbg.c crypto/mem_dbg.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cversion.c crypto/cversion.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ex_data.c crypto/ex_data.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cpt_err.c crypto/cpt_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ebcdic.c crypto/ebcdic.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/uid.c crypto/uid.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_time.c crypto/o_time.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_str.c crypto/o_str.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_dir.c crypto/o_dir.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/o_init.c crypto/o_init.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/fips_err.c crypto/fips_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md2/md2_one.c crypto/md2/md2_one.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md4/md4_one.c crypto/md4/md4_one.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/md5/md5_one.c crypto/md5/md5_one.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha_one.c crypto/sha/sha_one.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha1_one.c crypto/sha/sha1_one.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha256.c crypto/sha/sha256.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/sha/sha512.c crypto/sha/sha512.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/hmac/hmac.c crypto/hmac/hmac.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_lib.c crypto/des/des_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/set_key.c crypto/des/set_key.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb_enc.c crypto/des/ecb_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_enc.c crypto/des/cbc_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64enc.c crypto/des/cfb64enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb64ede.c crypto/des/cfb64ede.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cfb_enc.c crypto/des/cfb_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64ede.c crypto/des/ofb64ede.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_read.c crypto/des/enc_read.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/enc_writ.c crypto/des/enc_writ.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb64enc.c crypto/des/ofb64enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ofb_enc.c crypto/des/ofb_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/str2key.c crypto/des/str2key.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/qud_cksm.c crypto/des/qud_cksm.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rand_key.c crypto/des/rand_key.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_enc.c crypto/des/des_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/fcrypt.c crypto/des/fcrypt.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/rpc_enc.c crypto/des/rpc_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old.c crypto/des/des_old.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/des_old2.c crypto/des/des_old2.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/des/read2pwd.c crypto/des/read2pwd.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cbc.c crypto/idea/i_cbc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_ecb.c crypto/idea/i_ecb.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/idea/i_skey.c crypto/idea/i_skey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_skey.c crypto/bf/bf_skey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_enc.c crypto/bf/bf_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_skey.c crypto/cast/c_skey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ecb.c crypto/cast/c_ecb.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_enc.c crypto/cast/c_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_misc.c crypto/aes/aes_misc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_ige.c crypto/aes/aes_ige.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_core.c crypto/aes/aes_core.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_add.c crypto/bn/bn_add.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_div.c crypto/bn/bn_div.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp.c crypto/bn/bn_exp.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_lib.c crypto/bn/bn_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mul.c crypto/bn/bn_mul.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mod.c crypto/bn/bn_mod.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_print.c crypto/bn/bn_print.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_rand.c crypto/bn/bn_rand.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_shift.c crypto/bn/bn_shift.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_word.c crypto/bn/bn_word.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_blind.c crypto/bn/bn_blind.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_kron.c crypto/bn/bn_kron.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_prime.c crypto/bn/bn_prime.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_err.c crypto/bn/bn_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_asm.c crypto/bn/bn_asm.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_recp.c crypto/bn/bn_recp.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mont.c crypto/bn/bn_mont.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_nist.c crypto/bn/bn_nist.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_depr.c crypto/bn/bn_depr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_const.c crypto/bn/bn_const.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bn/bn_opt.c crypto/bn/bn_opt.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dl.c crypto/dso/dso_dl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_err.c crypto/dso/dso_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_lib.c crypto/dso/dso_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_null.c crypto/dso/dso_null.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_win32.c crypto/dso/dso_win32.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dso/dso_vms.c crypto/dso/dso_vms.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_gen.c crypto/dh/dh_gen.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_key.c crypto/dh/dh_key.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_lib.c crypto/dh/dh_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_check.c crypto/dh/dh_check.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_err.c crypto/dh/dh_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/dh/dh_depr.c crypto/dh/dh_depr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_lib.c crypto/ec/ec_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_mult.c crypto/ec/ec_mult.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_err.c crypto/ec/ec_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_curve.c crypto/ec/ec_curve.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_check.c crypto/ec/ec_check.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_print.c crypto/ec/ec_print.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec_key.c crypto/ec/ec_key.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buffer.c crypto/buffer/buffer.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_str.c crypto/buffer/buf_str.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/buffer/buf_err.c crypto/buffer/buf_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_lib.c crypto/bio/bio_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_cb.c crypto/bio/bio_cb.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bio_err.c crypto/bio/bio_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_mem.c crypto/bio/bss_mem.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_null.c crypto/bio/bss_null.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_fd.c crypto/bio/bss_fd.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_file.c crypto/bio/bss_file.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_null.c crypto/bio/bf_null.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_buff.c crypto/bio/bf_buff.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/b_dump.c crypto/bio/b_dump.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_log.c crypto/bio/bss_log.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_bio.c crypto/bio/bss_bio.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/stack/stack.c crypto/stack/stack.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lhash.c crypto/lhash/lhash.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/md_rand.c crypto/rand/md_rand.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/randfile.c crypto/rand/randfile.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_lib.c crypto/rand/rand_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_eng.c crypto/rand/rand_eng.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_err.c crypto/rand/rand_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_egd.c crypto/rand/rand_egd.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_win.c crypto/rand/rand_win.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_unix.c crypto/rand/rand_unix.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_os2.c crypto/rand/rand_os2.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/rand/rand_nw.c crypto/rand/rand_nw.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err.c crypto/err/err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_def.c crypto/err/err_def.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_all.c crypto/err/err_all.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_prn.c crypto/err/err_prn.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_str.c crypto/err/err_str.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/err/err_bio.c crypto/err/err_bio.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/o_names.c crypto/objects/o_names.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_dat.c crypto/objects/obj_dat.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_lib.c crypto/objects/obj_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/objects/obj_err.c crypto/objects/obj_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/encode.c crypto/evp/encode.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/digest.c crypto/evp/digest.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/dig_eng.c crypto/evp/dig_eng.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_enc.c crypto/evp/evp_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_key.c crypto/evp/evp_key.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des.c crypto/evp/e_des.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_bf.c crypto/evp/e_bf.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_idea.c crypto/evp/e_idea.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_des3.c crypto/evp/e_des3.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc4.c crypto/evp/e_rc4.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_aes.c crypto/evp/e_aes.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/names.c crypto/evp/names.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc2.c crypto/evp/e_rc2.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_cast.c crypto/evp/e_cast.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_rc5.c crypto/evp/e_rc5.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/enc_min.c crypto/evp/enc_min.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_null.c crypto/evp/m_null.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md2.c crypto/evp/m_md2.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md4.c crypto/evp/m_md4.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_md5.c crypto/evp/m_md5.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha.c crypto/evp/m_sha.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_sha1.c crypto/evp/m_sha1.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss.c crypto/evp/m_dss.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_dss1.c crypto/evp/m_dss1.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_open.c crypto/evp/p_open.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_seal.c crypto/evp/p_seal.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_sign.c crypto/evp/p_sign.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_verify.c crypto/evp/p_verify.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_lib.c crypto/evp/p_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_enc.c crypto/evp/p_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p_dec.c crypto/evp/p_dec.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_md.c crypto/evp/bio_md.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_b64.c crypto/evp/bio_b64.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_enc.c crypto/evp/bio_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_err.c crypto/evp/evp_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_null.c crypto/evp/e_null.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_all.c crypto/evp/c_all.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_allc.c crypto/evp/c_allc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/c_alld.c crypto/evp/c_alld.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_lib.c crypto/evp/evp_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/bio_ok.c crypto/evp/bio_ok.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/evp/e_old.c crypto/evp/e_old.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_object.c crypto/asn1/a_object.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_time.c crypto/asn1/a_time.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_int.c crypto/asn1/a_int.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_octet.c crypto/asn1/a_octet.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_print.c crypto/asn1/a_print.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_type.c crypto/asn1/a_type.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_set.c crypto/asn1/a_set.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_dup.c crypto/asn1/a_dup.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_enum.c crypto/asn1/a_enum.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_sign.c crypto/asn1/a_sign.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_digest.c crypto/asn1/a_digest.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_verify.c crypto/asn1/a_verify.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strex.c crypto/asn1/a_strex.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_algor.c crypto/asn1/x_algor.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_val.c crypto/asn1/x_val.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_sig.c crypto/asn1/x_sig.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_req.c crypto/asn1/x_req.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_long.c crypto/asn1/x_long.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_name.c crypto/asn1/x_name.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509.c crypto/asn1/x_x509.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_crl.c crypto/asn1/x_crl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_info.c crypto/asn1/x_info.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_spki.c crypto/asn1/x_spki.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/nsseq.c crypto/asn1/nsseq.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_req.c crypto/asn1/t_req.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509.c crypto/asn1/t_x509.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_crl.c crypto/asn1/t_crl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_spki.c crypto/asn1/t_spki.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_int.c crypto/asn1/f_int.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_string.c crypto/asn1/f_string.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/f_enum.c crypto/asn1/f_enum.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bool.c crypto/asn1/a_bool.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/x_exten.c crypto/asn1/x_exten.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_meth.c crypto/asn1/a_meth.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_sign.c crypto/pem/pem_sign.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_seal.c crypto/pem/pem_seal.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_info.c crypto/pem/pem_info.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_lib.c crypto/pem/pem_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_all.c crypto/pem/pem_all.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_err.c crypto/pem/pem_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_x509.c crypto/pem/pem_x509.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_oth.c crypto/pem/pem_oth.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_def.c crypto/x509/x509_def.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_d2.c crypto/x509/x509_d2.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_obj.c crypto/x509/x509_obj.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_req.c crypto/x509/x509_req.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509spki.c crypto/x509/x509spki.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_set.c crypto/x509/x509_set.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509cset.c crypto/x509/x509cset.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509rset.c crypto/x509/x509rset.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_err.c crypto/x509/x509_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509name.c crypto/x509/x509name.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_v3.c crypto/x509/x509_v3.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_ext.c crypto/x509/x509_ext.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_att.c crypto/x509/x509_att.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509type.c crypto/x509/x509type.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_lu.c crypto/x509/x509_lu.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x_all.c crypto/x509/x_all.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_txt.c crypto/x509/x509_txt.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_trs.c crypto/x509/x509_trs.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_file.c crypto/x509/by_file.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/by_dir.c crypto/x509/by_dir.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3err.c crypto/x509v3/v3err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_err.c crypto/conf/conf_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_lib.c crypto/conf/conf_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_api.c crypto/conf/conf_api.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_def.c crypto/conf/conf_def.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mod.c crypto/conf/conf_mod.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_mall.c crypto/conf/conf_mall.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/conf/conf_sap.c crypto/conf/conf_sap.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_lib.c crypto/comp/comp_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/comp_err.c crypto/comp/comp_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_rle.c crypto/comp/c_rle.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/comp/c_zlib.c crypto/comp/c_zlib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_err.c crypto/engine/eng_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_lib.c crypto/engine/eng_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_list.c crypto/engine/eng_list.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_init.c crypto/engine/eng_init.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_table.c crypto/engine/eng_table.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_fat.c crypto/engine/eng_fat.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_all.c crypto/engine/eng_all.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_dh.c crypto/engine/tb_dh.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_rand.c crypto/engine/tb_rand.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_store.c crypto/engine/tb_store.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/tb_digest.c crypto/engine/tb_digest.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_err.c crypto/ui/ui_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_lib.c crypto/ui/ui_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_util.c crypto/ui/ui_util.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/ui/ui_compat.c crypto/ui/ui_compat.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_err.c crypto/store/str_err.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_lib.c crypto/store/str_lib.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_meth.c crypto/store/str_meth.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/store/str_mem.c crypto/store/str_mem.c -install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-0.9.8za/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/e_os.h e_os.h +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cryptlib.c crypto/cryptlib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dyn_lck.c crypto/dyn_lck.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem.c crypto/mem.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_clr.c crypto/mem_clr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_dbg.c crypto/mem_dbg.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cversion.c crypto/cversion.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ex_data.c crypto/ex_data.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cpt_err.c crypto/cpt_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ebcdic.c crypto/ebcdic.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/uid.c crypto/uid.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_time.c crypto/o_time.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_str.c crypto/o_str.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_dir.c crypto/o_dir.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_init.c crypto/o_init.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/fips_err.c crypto/fips_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md2/md2_dgst.c crypto/md2/md2_dgst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md2/md2_one.c crypto/md2/md2_one.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_one.c crypto/md4/md4_one.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_one.c crypto/md5/md5_one.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_one.c crypto/sha/sha_one.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1_one.c crypto/sha/sha1_one.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha256.c crypto/sha/sha256.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha512.c crypto/sha/sha512.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/hmac/hmac.c crypto/hmac/hmac.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ripemd/rmd_dgst.c crypto/ripemd/rmd_dgst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ripemd/rmd_one.c crypto/ripemd/rmd_one.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_lib.c crypto/des/des_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/set_key.c crypto/des/set_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb_enc.c crypto/des/ecb_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_enc.c crypto/des/cbc_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64enc.c crypto/des/cfb64enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64ede.c crypto/des/cfb64ede.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb_enc.c crypto/des/cfb_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb64ede.c crypto/des/ofb64ede.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/enc_read.c crypto/des/enc_read.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/enc_writ.c crypto/des/enc_writ.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb64enc.c crypto/des/ofb64enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb_enc.c crypto/des/ofb_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/str2key.c crypto/des/str2key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/qud_cksm.c crypto/des/qud_cksm.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rand_key.c crypto/des/rand_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_enc.c crypto/des/des_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/fcrypt.c crypto/des/fcrypt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rpc_enc.c crypto/des/rpc_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old.c crypto/des/des_old.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old2.c crypto/des/des_old2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/read2pwd.c crypto/des/read2pwd.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_ecb.c crypto/rc2/rc2_ecb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_skey.c crypto/rc2/rc2_skey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2_cbc.c crypto/rc2/rc2_cbc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2cfb64.c crypto/rc2/rc2cfb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc2/rc2ofb64.c crypto/rc2/rc2ofb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_fblk.c crypto/rc4/rc4_fblk.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_cbc.c crypto/idea/i_cbc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_cfb64.c crypto/idea/i_cfb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_ofb64.c crypto/idea/i_ofb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_ecb.c crypto/idea/i_ecb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/idea/i_skey.c crypto/idea/i_skey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_skey.c crypto/bf/bf_skey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_ecb.c crypto/bf/bf_ecb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_enc.c crypto/bf/bf_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_cfb64.c crypto/bf/bf_cfb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bf/bf_ofb64.c crypto/bf/bf_ofb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_skey.c crypto/cast/c_skey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_ecb.c crypto/cast/c_ecb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_enc.c crypto/cast/c_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_cfb64.c crypto/cast/c_cfb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cast/c_ofb64.c crypto/cast/c_ofb64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_misc.c crypto/aes/aes_misc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ige.c crypto/aes/aes_ige.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_core.c crypto/aes/aes_core.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_add.c crypto/bn/bn_add.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_div.c crypto/bn/bn_div.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp.c crypto/bn/bn_exp.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_lib.c crypto/bn/bn_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mul.c crypto/bn/bn_mul.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mod.c crypto/bn/bn_mod.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_print.c crypto/bn/bn_print.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_rand.c crypto/bn/bn_rand.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_shift.c crypto/bn/bn_shift.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_word.c crypto/bn/bn_word.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_blind.c crypto/bn/bn_blind.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_kron.c crypto/bn/bn_kron.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_prime.c crypto/bn/bn_prime.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_err.c crypto/bn/bn_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_asm.c crypto/bn/bn_asm.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_recp.c crypto/bn/bn_recp.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mont.c crypto/bn/bn_mont.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_nist.c crypto/bn/bn_nist.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_depr.c crypto/bn/bn_depr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_const.c crypto/bn/bn_const.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_opt.c crypto/bn/bn_opt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_x931g.c crypto/rsa/rsa_x931g.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_eng.c crypto/rsa/rsa_eng.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_gen.c crypto/dsa/dsa_gen.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_lib.c crypto/dsa/dsa_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_asn1.c crypto/dsa/dsa_asn1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_vrf.c crypto/dsa/dsa_vrf.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_sign.c crypto/dsa/dsa_sign.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_err.c crypto/dsa/dsa_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_ossl.c crypto/dsa/dsa_ossl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_depr.c crypto/dsa/dsa_depr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dsa/dsa_utl.c crypto/dsa/dsa_utl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dl.c crypto/dso/dso_dl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_err.c crypto/dso/dso_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_lib.c crypto/dso/dso_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_null.c crypto/dso/dso_null.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_win32.c crypto/dso/dso_win32.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_vms.c crypto/dso/dso_vms.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_gen.c crypto/dh/dh_gen.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_key.c crypto/dh/dh_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_lib.c crypto/dh/dh_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_check.c crypto/dh/dh_check.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_err.c crypto/dh/dh_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_depr.c crypto/dh/dh_depr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_lib.c crypto/ec/ec_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_smpl.c crypto/ec/ecp_smpl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_mont.c crypto/ec/ecp_mont.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ecp_nist.c crypto/ec/ecp_nist.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_cvt.c crypto/ec/ec_cvt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_mult.c crypto/ec/ec_mult.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_err.c crypto/ec/ec_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_curve.c crypto/ec/ec_curve.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_check.c crypto/ec/ec_check.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_print.c crypto/ec/ec_print.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_asn1.c crypto/ec/ec_asn1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec_key.c crypto/ec/ec_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec2_smpl.c crypto/ec/ec2_smpl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ec/ec2_mult.c crypto/ec/ec2_mult.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_lib.c crypto/ecdh/ech_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_key.c crypto/ecdh/ech_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdh/ech_err.c crypto/ecdh/ech_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_lib.c crypto/ecdsa/ecs_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_asn1.c crypto/ecdsa/ecs_asn1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_sign.c crypto/ecdsa/ecs_sign.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_vrf.c crypto/ecdsa/ecs_vrf.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ecdsa/ecs_err.c crypto/ecdsa/ecs_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buffer.c crypto/buffer/buffer.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_str.c crypto/buffer/buf_str.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_err.c crypto/buffer/buf_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_lib.c crypto/bio/bio_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_cb.c crypto/bio/bio_cb.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_err.c crypto/bio/bio_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_mem.c crypto/bio/bss_mem.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_null.c crypto/bio/bss_null.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_fd.c crypto/bio/bss_fd.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_file.c crypto/bio/bss_file.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_null.c crypto/bio/bf_null.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_buff.c crypto/bio/bf_buff.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/b_dump.c crypto/bio/b_dump.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_log.c crypto/bio/bss_log.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_bio.c crypto/bio/bss_bio.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/stack/stack.c crypto/stack/stack.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lhash.c crypto/lhash/lhash.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/md_rand.c crypto/rand/md_rand.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/randfile.c crypto/rand/randfile.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_lib.c crypto/rand/rand_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_eng.c crypto/rand/rand_eng.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_err.c crypto/rand/rand_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_egd.c crypto/rand/rand_egd.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_win.c crypto/rand/rand_win.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_unix.c crypto/rand/rand_unix.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_os2.c crypto/rand/rand_os2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_nw.c crypto/rand/rand_nw.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err.c crypto/err/err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_def.c crypto/err/err_def.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_all.c crypto/err/err_all.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_prn.c crypto/err/err_prn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_str.c crypto/err/err_str.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_bio.c crypto/err/err_bio.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/o_names.c crypto/objects/o_names.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_dat.c crypto/objects/obj_dat.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_lib.c crypto/objects/obj_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_err.c crypto/objects/obj_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/encode.c crypto/evp/encode.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/digest.c crypto/evp/digest.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/dig_eng.c crypto/evp/dig_eng.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_enc.c crypto/evp/evp_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_key.c crypto/evp/evp_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des.c crypto/evp/e_des.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_bf.c crypto/evp/e_bf.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_idea.c crypto/evp/e_idea.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des3.c crypto/evp/e_des3.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc4.c crypto/evp/e_rc4.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_aes.c crypto/evp/e_aes.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/names.c crypto/evp/names.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc2.c crypto/evp/e_rc2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_cast.c crypto/evp/e_cast.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc5.c crypto/evp/e_rc5.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/enc_min.c crypto/evp/enc_min.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_null.c crypto/evp/m_null.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md2.c crypto/evp/m_md2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md4.c crypto/evp/m_md4.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md5.c crypto/evp/m_md5.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha.c crypto/evp/m_sha.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha1.c crypto/evp/m_sha1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss.c crypto/evp/m_dss.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss1.c crypto/evp/m_dss1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_open.c crypto/evp/p_open.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_seal.c crypto/evp/p_seal.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_sign.c crypto/evp/p_sign.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_verify.c crypto/evp/p_verify.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_lib.c crypto/evp/p_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_enc.c crypto/evp/p_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_dec.c crypto/evp/p_dec.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_md.c crypto/evp/bio_md.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_b64.c crypto/evp/bio_b64.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_enc.c crypto/evp/bio_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_err.c crypto/evp/evp_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_null.c crypto/evp/e_null.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_all.c crypto/evp/c_all.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_allc.c crypto/evp/c_allc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_alld.c crypto/evp/c_alld.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_lib.c crypto/evp/evp_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_ok.c crypto/evp/bio_ok.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_old.c crypto/evp/e_old.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_object.c crypto/asn1/a_object.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_time.c crypto/asn1/a_time.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_int.c crypto/asn1/a_int.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_octet.c crypto/asn1/a_octet.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_print.c crypto/asn1/a_print.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_type.c crypto/asn1/a_type.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_set.c crypto/asn1/a_set.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_dup.c crypto/asn1/a_dup.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_enum.c crypto/asn1/a_enum.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_sign.c crypto/asn1/a_sign.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_digest.c crypto/asn1/a_digest.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_verify.c crypto/asn1/a_verify.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strex.c crypto/asn1/a_strex.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_algor.c crypto/asn1/x_algor.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_val.c crypto/asn1/x_val.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_sig.c crypto/asn1/x_sig.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_req.c crypto/asn1/x_req.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_long.c crypto/asn1/x_long.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_name.c crypto/asn1/x_name.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_x509.c crypto/asn1/x_x509.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_crl.c crypto/asn1/x_crl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_info.c crypto/asn1/x_info.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_spki.c crypto/asn1/x_spki.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/nsseq.c crypto/asn1/nsseq.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_req.c crypto/asn1/t_req.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_x509.c crypto/asn1/t_x509.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_crl.c crypto/asn1/t_crl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_spki.c crypto/asn1/t_spki.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_int.c crypto/asn1/f_int.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_string.c crypto/asn1/f_string.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_enum.c crypto/asn1/f_enum.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_hdr.c crypto/asn1/a_hdr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bool.c crypto/asn1/a_bool.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_exten.c crypto/asn1/x_exten.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_meth.c crypto/asn1/a_meth.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_sign.c crypto/pem/pem_sign.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_seal.c crypto/pem/pem_seal.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_info.c crypto/pem/pem_info.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_lib.c crypto/pem/pem_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_all.c crypto/pem/pem_all.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_err.c crypto/pem/pem_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_x509.c crypto/pem/pem_x509.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_oth.c crypto/pem/pem_oth.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_def.c crypto/x509/x509_def.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_d2.c crypto/x509/x509_d2.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_obj.c crypto/x509/x509_obj.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_req.c crypto/x509/x509_req.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509spki.c crypto/x509/x509spki.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_set.c crypto/x509/x509_set.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509cset.c crypto/x509/x509cset.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509rset.c crypto/x509/x509rset.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_err.c crypto/x509/x509_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509name.c crypto/x509/x509name.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_v3.c crypto/x509/x509_v3.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_ext.c crypto/x509/x509_ext.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_att.c crypto/x509/x509_att.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509type.c crypto/x509/x509type.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_lu.c crypto/x509/x509_lu.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x_all.c crypto/x509/x_all.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_txt.c crypto/x509/x509_txt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_trs.c crypto/x509/x509_trs.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/by_file.c crypto/x509/by_file.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/by_dir.c crypto/x509/by_dir.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3err.c crypto/x509v3/v3err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_err.c crypto/conf/conf_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_lib.c crypto/conf/conf_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_api.c crypto/conf/conf_api.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_def.c crypto/conf/conf_def.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mod.c crypto/conf/conf_mod.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mall.c crypto/conf/conf_mall.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_sap.c crypto/conf/conf_sap.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_lib.c crypto/comp/comp_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_err.c crypto/comp/comp_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_rle.c crypto/comp/c_rle.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_zlib.c crypto/comp/c_zlib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_err.c crypto/engine/eng_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_lib.c crypto/engine/eng_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_list.c crypto/engine/eng_list.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_init.c crypto/engine/eng_init.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_ctrl.c crypto/engine/eng_ctrl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_table.c crypto/engine/eng_table.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_pkey.c crypto/engine/eng_pkey.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_fat.c crypto/engine/eng_fat.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_all.c crypto/engine/eng_all.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_rsa.c crypto/engine/tb_rsa.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_dsa.c crypto/engine/tb_dsa.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_ecdsa.c crypto/engine/tb_ecdsa.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_dh.c crypto/engine/tb_dh.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_ecdh.c crypto/engine/tb_ecdh.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_rand.c crypto/engine/tb_rand.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_store.c crypto/engine/tb_store.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_cipher.c crypto/engine/tb_cipher.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/tb_digest.c crypto/engine/tb_digest.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_openssl.c crypto/engine/eng_openssl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_cnf.c crypto/engine/eng_cnf.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_dyn.c crypto/engine/eng_dyn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/engine/eng_padlock.c crypto/engine/eng_padlock.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_err.c crypto/ui/ui_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_lib.c crypto/ui/ui_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_util.c crypto/ui/ui_util.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_compat.c crypto/ui/ui_compat.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_err.c crypto/store/str_err.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_lib.c crypto/store/str_lib.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_meth.c crypto/store/str_meth.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/store/str_mem.c crypto/store/str_mem.c +install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pqueue/pqueue.c crypto/pqueue/pqueue.c + +find . -name "*.[ch]" -exec chmod -x {} \; diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c index bb5f6d4..7b8bca5 100644 --- a/Cryptlib/Pk/CryptAuthenticode.c +++ b/Cryptlib/Pk/CryptAuthenticode.c @@ -146,8 +146,8 @@ AuthenticodeVerify ( // // Long Form of Length Encoding, only support two bytes. // - ContentSize = (UINTN) (*(SpcIndirectDataContent + 2)); - ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3)); + ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2)); + ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 3)); // // Skip the SEQUENCE Tag; // From 64508097209970e0df28ed77446a9a816149052a Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 27 Aug 2014 11:49:39 -0400 Subject: [PATCH 51/75] Fix typo from Ard's old tree 32-bit ARM patch. We don't need to .data entries; the second one should be .data*. He's since fixed this in his tree, but I'd already pulled it and pushed to master. Signed-off-by: Peter Jones --- elf_arm_efi.lds | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elf_arm_efi.lds b/elf_arm_efi.lds index fd1075d..c5dc298 100644 --- a/elf_arm_efi.lds +++ b/elf_arm_efi.lds @@ -19,7 +19,7 @@ SECTIONS *(.sdata) *(.data) *(.data1) - *(.data) + *(.data*) *(.got.plt) *(.got) From 4ca60879150d3290b616044b5556116586983cdd Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Wed, 27 Aug 2014 11:49:39 -0400 Subject: [PATCH 52/75] Handle empty .reloc section in PE/COFF loader On archs where no EFI aware objcopy is available, the generated PE/COFF header contains a .reloc section which is completely empty. Handle this by - returning early from relocate_coff() with EFI_SUCCESS, - ignoring discardable sections in the section loader. Signed-off-by: Ard Biesheuvel --- shim.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/shim.c b/shim.c index ea8eba8..1329212 100644 --- a/shim.c +++ b/shim.c @@ -145,6 +145,9 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, return EFI_UNSUPPORTED; } + if (!context->RelocDir->Size) + return EFI_SUCCESS; + RelocBase = ImageAddress(data, size, context->RelocDir->VirtualAddress); RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); @@ -996,7 +999,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, * Copy the executable's sections to their desired offsets */ Section = context.FirstSection; - for (i = 0; i < context.NumberOfSections; i++) { + for (i = 0; i < context.NumberOfSections; i++, Section++) { + if (Section->Characteristics & 0x02000000) + /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */ + continue; + size = Section->Misc.VirtualSize; if (size > Section->SizeOfRawData) @@ -1021,8 +1028,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, if (size < Section->Misc.VirtualSize) ZeroMem (base + size, Section->Misc.VirtualSize - size); - - Section += 1; } /* From 1042fd7c725ebde7d7064c23523a61605617a7ae Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 27 Aug 2014 16:40:57 -0400 Subject: [PATCH 53/75] Don't name something exit(). On aarch64 due to some terrifying include chain we wind up with Cryptlib's definition of exit here. I'm not a glutton for punishment, so I'm just changing the name so it's not coliding. Signed-off-by: Peter Jones --- replacements.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/replacements.c b/replacements.c index 5dfa355..f7623d9 100644 --- a/replacements.c +++ b/replacements.c @@ -162,7 +162,7 @@ exit_boot_services(EFI_HANDLE image_key, UINTN map_key) } static EFI_STATUS EFIAPI -exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, +do_exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, UINTN ExitDataSize, CHAR16 *ExitData) { EFI_STATUS status; @@ -206,5 +206,5 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab) * bootloader and still e.g. start a new one or run an internal * shell. */ system_exit = systab->BootServices->Exit; - systab->BootServices->Exit = exit; + systab->BootServices->Exit = do_exit; } From 00c84188667546b3f7181487691f183e8fd58540 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 27 Aug 2014 16:40:57 -0400 Subject: [PATCH 54/75] Make sure we don't try to load a binary from a different arch. Since in theory you could, for example, get an x86_64 binary signed that also behaves as an ARM executable, we should be checking this before people build on other architectures. Signed-off-by: Peter Jones --- include/PeImage.h | 1 + shim.c | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/include/PeImage.h b/include/PeImage.h index ec13404..133e11e 100644 --- a/include/PeImage.h +++ b/include/PeImage.h @@ -49,6 +49,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define IMAGE_FILE_MACHINE_EBC 0x0EBC #define IMAGE_FILE_MACHINE_X64 0x8664 #define IMAGE_FILE_MACHINE_ARMTHUMB_MIXED 0x01c2 +#define IMAGE_FILE_MACHINE_ARM64 0xaa64 // // EXE file formats diff --git a/shim.c b/shim.c index 1329212..1ec1e11 100644 --- a/shim.c +++ b/shim.c @@ -947,6 +947,20 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, return EFI_SUCCESS; } +static const UINT16 machine_type = +#if defined(__x86_64__) + IMAGE_FILE_MACHINE_X64; +#elif defined(__aarch64__) + IMAGE_FILE_MACHINE_ARM64; +#elif defined(__arm__) + IMAGE_FILE_MACHINE_ARMTHUMB_MIXED; +#elif defined(__i386__) || defined(__i486__) || defined(__i686__) + IMAGE_FILE_MACHINE_I386; +#elif defined(__ia64__) + IMAGE_FILE_MACHINE_IA64; +#else +#error this architecture is not supported by shim +#endif /* * Once the image has been loaded it needs to be validated and relocated @@ -971,6 +985,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, return efi_status; } + if (context.PEHdr->Pe32.FileHeader.Machine != machine_type) { + perror(L"Image is for a different architecture\n"); + return EFI_UNSUPPORTED; + } + /* * We only need to verify the binary if we're in secure mode */ From 486bf03e54e0db164e3150dfa7f607811bdaefec Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 19 Sep 2014 09:30:26 -0400 Subject: [PATCH 55/75] Actually refer to the base relocation table of our loaded image. Currently when we process base relocations, we get the correct Data Directory pointer from the headers (context->RelocDir), and that header has been copied into our pristine allocated image when we copied up to SizeOfHeaders. But the data it points to has not been mirrored in to the new image, so it is whatever data AllocPool() gave us. This patch changes relocate_coff() to refer to the base relocation table from the image we loaded from disk, but apply the fixups to the new copy. I have no idea how x86_64 worked without this, but I can't make aarch64 work without it. I also don't know how Ard or Leif have seen aarch64 work. Maybe they haven't? Leif indicated on irc that they may have only tested shim with simple "hello world" applications from gnu-efi; they are certainly much less complex than grub.efi, and are generated through a different linking process. My only theory is that we're getting recycled data there pretty reliably that just makes us /not/ process any relocations, but since our ImageBase is 0, and I don't think we ever load grub with 0 as its base virtual address, that doesn't follow. I'm open to any other ideas anybody has. I do know that on x86_64 (and presumably aarch64 as well), we don't actually start seeing *symptoms* of this bug until the first chunk[0] of 94c9a77f is applied[1]. Once that is applied, relocate_coff() starts seeing zero[2] for both RelocBase->VirtualAddress and RelocBase->SizeOfBlock, because RelocBase is a (generated, relative) pointer that only makes sense in the context of the original binary, not our partial copy. Since RelocBase->SizeOfBlock is tested first, relocate_base() gives us "Reloc block size is invalid"[3] and returns EFI_UNSUPPORTED. At that point shim exits with an error. [0] The second chunk of 94c9a77f patch makes no difference on this issue. [1] I don't see why at all. [2] Which could really be any value since it's AllocatePool() and not AllocateZeroPool() results, but 0 is all I've observed; I think AllocatePool() has simply never recycled any memory in my test cases. [3] which is silent because perror() tries to avoid talking because that has caused much crashing in the past; work needs to go in to 0.9 for this. Signed-off-by: Peter Jones --- shim.c | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/shim.c b/shim.c index 1ec1e11..4b4d31a 100644 --- a/shim.c +++ b/shim.c @@ -122,7 +122,7 @@ static void *ImageAddress (void *image, unsigned int size, unsigned int address) * Perform the actual relocation */ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, - void *data) + void *orig, void *data) { EFI_IMAGE_BASE_RELOCATION *RelocBase, *RelocBaseEnd; UINT64 Adjust; @@ -132,7 +132,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, UINT32 *Fixup32; UINT64 *Fixup64; int size = context->ImageSize; - void *ImageEnd = (char *)data + size; + void *ImageEnd = (char *)orig + size; #if __LP64__ context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data; @@ -140,16 +140,8 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)data; #endif - if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { - perror(L"Image has no relocation entry\n"); - return EFI_UNSUPPORTED; - } - - if (!context->RelocDir->Size) - return EFI_SUCCESS; - - RelocBase = ImageAddress(data, size, context->RelocDir->VirtualAddress); - RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); + RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress); + RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); if (!RelocBase || !RelocBaseEnd) { perror(L"Reloc table overflows binary\n"); @@ -170,7 +162,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, } RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock); - if ((void *)RelocEnd < data || (void *)RelocEnd > ImageEnd) { + if ((void *)RelocEnd < orig || (void *)RelocEnd > ImageEnd) { perror(L"Reloc entry overflows binary\n"); return EFI_UNSUPPORTED; } @@ -1049,15 +1041,23 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, ZeroMem (base + size, Section->Misc.VirtualSize - size); } - /* - * Run the relocation fixups - */ - efi_status = relocate_coff(&context, buffer); - - if (efi_status != EFI_SUCCESS) { - perror(L"Relocation failed: %r\n", efi_status); + if (context.NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { + perror(L"Image has no relocation entry\n"); FreePool(buffer); - return efi_status; + return EFI_UNSUPPORTED; + } + + if (context.RelocDir->Size) { + /* + * Run the relocation fixups + */ + efi_status = relocate_coff(&context, data, buffer); + + if (efi_status != EFI_SUCCESS) { + perror(L"Relocation failed: %r\n", efi_status); + FreePool(buffer); + return efi_status; + } } entry_point = ImageAddress(buffer, context.ImageSize, context.EntryPoint); From afec82ac7e9ef1c048e08d02f2bbdbd5d5be56a9 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Sun, 21 Sep 2014 13:12:03 -0400 Subject: [PATCH 56/75] Make 64-on-32 maybe work on x86_64. This is mostly based on a patch (https://github.com/mjg59/shim/issues/30) from https://github.com/TBOpen , which refactors our __LP64__ tests to be tests of the header magic instead. I've simplified things by using what we've pre-loaded into "context" and making some helper functions so the conditionals in most of the code say what they do, instead of how they work. Note that we're only allowing that from in_protocol's loader - that is, we'll let 64-bit grub load a 32-bit kernel or 32-bit grub load a 64-bit kernel, but 32-bit shim isn't loading a 64-bit grub. Signed-off-by: Peter Jones --- shim.c | 220 ++++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 148 insertions(+), 72 deletions(-) diff --git a/shim.c b/shim.c index 4b4d31a..c1b5c17 100644 --- a/shim.c +++ b/shim.c @@ -118,6 +118,106 @@ static void *ImageAddress (void *image, unsigned int size, unsigned int address) return image + address; } +/* here's a chart: + * i686 x86_64 aarch64 + * 64-on-64: nyet yes yes + * 64-on-32: nyet yes nyet + * 32-on-32: yes yes no + */ +static int +allow_64_bit(void) +{ +#if defined(__x86_64__) || defined(__aarch64__) + return 1; +#elif defined(__i386__) || defined(__i686__) + /* Right now blindly assuming the kernel will correctly detect this + * and /halt the system/ if you're not really on a 64-bit cpu */ + if (in_protocol) + return 1; + return 0; +#else /* assuming everything else is 32-bit... */ + return 0; +#endif +} + +static int +allow_32_bit(void) +{ +#if defined(__x86_64__) +#if defined(ALLOW_32BIT_KERNEL_ON_X64) + if (in_protocol) + return 1; + return 0; +#else + return 0; +#endif +#elif defined(__i386__) || defined(__i686__) + return 1; +#elif defined(__arch64__) + return 0; +#else /* assuming everything else is 32-bit... */ + return 1; +#endif +} + +static int +image_is_64_bit(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr) +{ + /* .Magic is the same offset in all cases */ + if (PEHdr->Pe32Plus.OptionalHeader.Magic + == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) + return 1; + return 0; +} + +static const UINT16 machine_type = +#if defined(__x86_64__) + IMAGE_FILE_MACHINE_X64; +#elif defined(__aarch64__) + IMAGE_FILE_MACHINE_ARM64; +#elif defined(__arm__) + IMAGE_FILE_MACHINE_ARMTHUMB_MIXED; +#elif defined(__i386__) || defined(__i486__) || defined(__i686__) + IMAGE_FILE_MACHINE_I386; +#elif defined(__ia64__) + IMAGE_FILE_MACHINE_IA64; +#else +#error this architecture is not supported by shim +#endif + +static int +image_is_loadable(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr) +{ + /* If the machine type doesn't match the binary, bail, unless + * we're in an allowed 64-on-32 scenario */ + if (PEHdr->Pe32.FileHeader.Machine != machine_type) { + if (!(machine_type == IMAGE_FILE_MACHINE_I386 && + PEHdr->Pe32.FileHeader.Machine == IMAGE_FILE_MACHINE_X64 && + allow_64_bit())) { + return 0; + } + } + + /* If it's not a header type we recognize at all, bail */ + switch (PEHdr->Pe32Plus.OptionalHeader.Magic) { + case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC: + case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC: + break; + default: + return 0; + } + + /* and now just check for general 64-vs-32 compatibility */ + if (image_is_64_bit(PEHdr)) { + if (allow_64_bit()) + return 1; + } else { + if (allow_32_bit()) + return 1; + } + return 0; +} + /* * Perform the actual relocation */ @@ -134,11 +234,10 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, int size = context->ImageSize; void *ImageEnd = (char *)orig + size; -#if __LP64__ - context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data; -#else - context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)data; -#endif + if (image_is_64_bit(context->PEHdr)) + context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)(unsigned long)data; + else + context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)(unsigned long)data; RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress); RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); @@ -157,7 +256,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION)); if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) { - perror(L"Reloc block size is invalid\n"); + perror(L"Reloc block size %d is invalid\n", RelocBase->SizeOfBlock); return EFI_UNSUPPORTED; } @@ -498,7 +597,7 @@ static BOOLEAN secure_mode (void) * Calculate the SHA1 and SHA256 hashes of a binary */ -static EFI_STATUS generate_hash (char *data, int datasize_in, +static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, PE_COFF_LOADER_IMAGE_CONTEXT *context, UINT8 *sha256hash, UINT8 *sha1hash) @@ -572,15 +671,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, } /* Hash end of certificate table to end of image header */ -#if __LP64__ - hashbase = (char *) &context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - hashsize = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders - - (int) ((char *) (&context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data); -#else - hashbase = (char *) &context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - hashsize = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders - - (int) ((char *) (&context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - data); -#endif + EFI_IMAGE_DATA_DIRECTORY *dd = context->SecDir + 1; + hashbase = (char *)dd; + hashsize = context->SizeOfHeaders - (unsigned long)((char *)dd - data); + if (hashsize > datasize_in) { + perror(L"Data Directory size %d is invalid\n", hashsize); + status = EFI_INVALID_PARAMETER; + goto done; + } if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { @@ -590,11 +688,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, } /* Sort sections */ -#if __LP64__ - SumOfBytesHashed = context->PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; -#else - SumOfBytesHashed = context->PEHdr->Pe32.OptionalHeader.SizeOfHeaders; -#endif + SumOfBytesHashed = context->SizeOfHeaders; /* Validate section locations and sizes */ for (index = 0, SumOfSectionBytes = 0; index < context->PEHdr->Pe32.FileHeader.NumberOfSections; index++) { @@ -682,14 +776,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in, /* Hash all remaining data */ if (datasize > SumOfBytesHashed) { hashbase = data + SumOfBytesHashed; - hashsize = (unsigned int)( - datasize - -#if __LP64__ - context->PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - -#else - context->PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - -#endif - SumOfBytesHashed); + hashsize = datasize - context->SecDir->Size - SumOfBytesHashed; if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { @@ -843,24 +930,31 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr = data; unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize; - if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) { + if (datasize < sizeof (PEHdr->Pe32)) { perror(L"Invalid image\n"); return EFI_UNSUPPORTED; } if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) PEHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)((char *)data + DosHdr->e_lfanew); -#if __LP64__ - context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; - context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; - context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; - OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64); -#else - context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes; - context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders; - context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage; - OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32); -#endif + + if (!image_is_loadable(PEHdr)) { + perror(L"Platform does not support this image\n"); + return EFI_UNSUPPORTED; + } + + if (image_is_64_bit(PEHdr)) { + context->NumberOfRvaAndSizes = PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes; + context->SizeOfHeaders = PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders; + context->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage; + OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64); + } else { + context->NumberOfRvaAndSizes = PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes; + context->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders; + context->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage; + OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32); + } + context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections; if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) { @@ -908,17 +1002,19 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, } context->PEHdr = PEHdr; -#if __LP64__ - context->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase; - context->EntryPoint = PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint; - context->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; - context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; -#else - context->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase; - context->EntryPoint = PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint; - context->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; - context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; -#endif + + if (image_is_64_bit(PEHdr)) { + context->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase; + context->EntryPoint = PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint; + context->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; + context->SecDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; + } else { + context->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase; + context->EntryPoint = PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint; + context->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC]; + context->SecDir = &PEHdr->Pe32.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; + } + context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER)); if (context->ImageSize < context->SizeOfHeaders) { @@ -939,21 +1035,6 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, return EFI_SUCCESS; } -static const UINT16 machine_type = -#if defined(__x86_64__) - IMAGE_FILE_MACHINE_X64; -#elif defined(__aarch64__) - IMAGE_FILE_MACHINE_ARM64; -#elif defined(__arm__) - IMAGE_FILE_MACHINE_ARMTHUMB_MIXED; -#elif defined(__i386__) || defined(__i486__) || defined(__i686__) - IMAGE_FILE_MACHINE_I386; -#elif defined(__ia64__) - IMAGE_FILE_MACHINE_IA64; -#else -#error this architecture is not supported by shim -#endif - /* * Once the image has been loaded it needs to be validated and relocated */ @@ -977,11 +1058,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, return efi_status; } - if (context.PEHdr->Pe32.FileHeader.Machine != machine_type) { - perror(L"Image is for a different architecture\n"); - return EFI_UNSUPPORTED; - } - /* * We only need to verify the binary if we're in secure mode */ From 0dcd5a8e90245e34c941eaf81342c560935a8082 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Sun, 21 Sep 2014 16:25:20 -0400 Subject: [PATCH 57/75] Validate computed hash bases/hash sizes more thoroughly. I screwed one of these up when working on 750584c, and it's a real pain to figure out, so that means we should be validating them. Signed-off-by: Peter Jones --- shim.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/shim.c b/shim.c index c1b5c17..cfa90d1 100644 --- a/shim.c +++ b/shim.c @@ -593,6 +593,22 @@ static BOOLEAN secure_mode (void) return TRUE; } +#define check_size_line(data, datasize_in, hashbase, hashsize, l) ({ \ + if ((unsigned long)hashbase > \ + (unsigned long)data + datasize_in) { \ + perror(L"shim.c:%d Invalid hash base 0x%016x\n", l, \ + hashbase); \ + goto done; \ + } \ + if ((unsigned long)hashbase + hashsize > \ + (unsigned long)data + datasize_in) { \ + perror(L"shim.c:%d Invalid hash size 0x%016x\n", l, \ + hashsize); \ + goto done; \ + } \ +}) +#define check_size(d,ds,h,hs) check_size_line(d,ds,h,hs,__LINE__) + /* * Calculate the SHA1 and SHA256 hashes of a binary */ @@ -650,6 +666,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, hashbase = data; hashsize = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum - hashbase; + check_size(data, datasize_in, hashbase, hashsize); if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { @@ -662,6 +679,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, hashbase = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum + sizeof (int); hashsize = (char *)context->SecDir - hashbase; + check_size(data, datasize_in, hashbase, hashsize); if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { @@ -679,6 +697,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, status = EFI_INVALID_PARAMETER; goto done; } + check_size(data, datasize_in, hashbase, hashsize); if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { @@ -763,6 +782,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, goto done; } hashsize = (unsigned int) Section->SizeOfRawData; + check_size(data, datasize_in, hashbase, hashsize); if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { @@ -777,6 +797,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, if (datasize > SumOfBytesHashed) { hashbase = data + SumOfBytesHashed; hashsize = datasize - context->SecDir->Size - SumOfBytesHashed; + check_size(data, datasize_in, hashbase, hashsize); if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { From 213e29e25b771fea7146c7db2203759bc8c75e5a Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Sun, 21 Sep 2014 16:25:27 -0400 Subject: [PATCH 58/75] Don't call AuthenticodeVerify if vendor_cert_size is 0. Actually check the size of our vendor cert quite early, so that there's no confusion as to what's going on. This isn't strictly necessary, in that in all cases if vendor_cert_size is 0, then AuthenticodeVerify -> Pkcs7Verify() -> d2i_X509() will result in a NULL "Cert", and it will return FALSE, and we'll reject the signature, but better to avoid all that code in the first place. Belt and suspenders and whatnot. Based on a patch from https://github.com/TBOpen . Signed-off-by: Peter Jones --- shim.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/shim.c b/shim.c index cfa90d1..caa05d8 100644 --- a/shim.c +++ b/shim.c @@ -923,14 +923,13 @@ static EFI_STATUS verify_buffer (char *data, int datasize, return status; } - /* * And finally, check against shim's built-in key */ - if (AuthenticodeVerify(cert->CertData, - context->SecDir->Size - sizeof(cert->Hdr), - vendor_cert, vendor_cert_size, sha256hash, - SHA256_DIGEST_SIZE)) { + if (vendor_cert_size && AuthenticodeVerify(cert->CertData, + context->SecDir->Size - sizeof(cert->Hdr), + vendor_cert, vendor_cert_size, sha256hash, + SHA256_DIGEST_SIZE)) { status = EFI_SUCCESS; return status; } From 631225fb3319c7011a840986a73bcc2afef5adc0 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Sun, 21 Sep 2014 16:25:27 -0400 Subject: [PATCH 59/75] Fix our "in_protocol" printing. When I merged 4bfb13d and fixed the conflicts, I managed to make the in_protocol test exactly backwards, so that's why we don't currently see error messages. Signed-off-by: Peter Jones --- shim.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shim.c b/shim.c index caa05d8..7cd4182 100644 --- a/shim.c +++ b/shim.c @@ -63,7 +63,7 @@ static UINT8 in_protocol; #define perror(fmt, ...) ({ \ UINTN __perror_ret = 0; \ - if (in_protocol) \ + if (!in_protocol) \ __perror_ret = Print((fmt), ##__VA_ARGS__); \ __perror_ret; \ }) From 2c59a1a03a3be3fcb916c2b1d761a7437ba965a4 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Sun, 21 Sep 2014 16:25:27 -0400 Subject: [PATCH 60/75] Generate a sane PE header on shim, fallback, and MokManager. It turns out a7249a65 was masking a second problem - on some binaries, when we actually don't have any base relocations at all, binutils' "objcopy --target efi-app-x86_64" is generating a PE header with a base relocations pointer that happily points into the middle of our text section. So with shim processing base relocations correctly, it refuses to load those binaries. For example, on one binary I just built: 00000130 00 a0 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 |................| which says there's a Base Relocation Table at 0xa000 that's 0xa bytes long. That's here: 0000a000 58 00 29 00 00 00 00 00 48 00 44 00 28 00 50 00 |X.).....H.D.(.P.| 0000a010 61 00 72 00 74 00 25 00 64 00 2c 00 53 00 69 00 |a.r.t.%.d.,.S.i.| 0000a020 67 00 25 00 67 00 29 00 00 00 00 00 00 00 00 00 |g.%.g.).........| 0000a030 48 00 44 00 28 00 50 00 61 00 72 00 74 00 25 00 |H.D.(.P.a.r.t.%.| So the table is: 0000a000 58 00 29 00 00 00 00 00 48 00 |X.).....H. | That wouldn't be so bad, except those binaries are MokManager.efi, fallback.efi, and shim.efi, and sometimes they're .reloc, which we're actually trying to handle correctly now because grub builds with a real and valid .reloc table. So though I didn't think there was any hair left on this yak, more shaving ensues. With this change, instead of letting objcopy do whatever it likes, we switch to "-O binary" and merely link in a header that's appropriate for our binaries. This is the same method Ard wrote for aarch64, and it seems to work fine in either place (modulo some minor changes.) At some point this should be merged into gnu-efi instead of carrying our own crt0-efi-x86_64.S, but that's a less immediate problem. I did not need this problem. Signed-off-by: Peter Jones --- Makefile | 24 ++++-- crt0-efi-x86_64.S | 177 +++++++++++++++++++++++++++++++++++++++++++++ elf_x86_64_efi.lds | 89 +++++++++++------------ 3 files changed, 238 insertions(+), 52 deletions(-) create mode 100644 crt0-efi-x86_64.S diff --git a/Makefile b/Makefile index 5bc513c..d5fd55b 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,10 @@ EFI_PATH := /usr/lib64/gnuefi LIB_GCC = $(shell $(CC) -print-libgcc-file-name) EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) -EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o +ifeq ($(ARCH),x86_64) +EFI_CRT_OBJS := crt0-efi-$(ARCH).o +endif +EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o EFI_LDS = elf_$(ARCH)_efi.lds DEFAULT_LOADER := \\\\grub.efi @@ -52,11 +55,11 @@ ifneq ($(origin VENDOR_DBX_FILE), undefined) CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" endif -LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) +LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL VERSION = 0.7 -TARGET = shim.efi MokManager.efi.signed fallback.efi.signed +TARGET += shim.efi MokManager.efi.signed fallback.efi.signed OBJS = shim.o netboot.o cert.o replacements.o version.o KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h @@ -94,17 +97,17 @@ shim.o: $(SOURCES) shim_cert.h cert.o : cert.S $(CC) $(CFLAGS) -c -o $@ $< -shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a +shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) fallback.o: $(FALLBACK_SRCS) -fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a +fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) MokManager.o: $(MOK_SOURCES) -MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a +MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a Cryptlib/libcryptlib.a: @@ -128,8 +131,17 @@ SUBSYSTEM := 0xa LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) endif +ifeq ($(ARCH),x86_64) +FORMAT := -O binary +SUBSYSTEM := 0xa +LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) +endif + FORMAT ?= --target efi-app-$(ARCH) +crt0-efi-x86_64.o : crt0-efi-x86_64.S + $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $< + %.efi: %.so $(OBJCOPY) -j .text -j .sdata -j .data \ -j .dynamic -j .dynsym -j .rel* \ diff --git a/crt0-efi-x86_64.S b/crt0-efi-x86_64.S new file mode 100644 index 0000000..f334a63 --- /dev/null +++ b/crt0-efi-x86_64.S @@ -0,0 +1,177 @@ +/* crt0-efi-x86_64.S - x86_64 EFI startup code. + * + * Copyright 2014 Red Hat, Inc. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + .section .text.head + + /* + * Magic "MZ" signature for PE/COFF + */ + .globl ImageBase +ImageBase: + .ascii "MZ" + .skip 58 // 'MZ' + pad + offset == 64 + .long pe_header - ImageBase // Offset to the PE header. + .long 0x0eba1f0e /* terrifying code */ + .long 0xcd09b400 /* terrifying code */ + .long 0x4c01b821 /* terrifying code */ + .short 0x21cd /* terrfiying code */ + .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ + .skip 9 +pe_header: + .ascii "PE" + .short 0 +coff_header: + .short 0x8664 // x86_64 + .short 1 // nr_sections + .long 0 // TimeDateStamp + .long 0 // PointerToSymbolTable + .long 0 // NumberOfSymbols + .short section_table - optional_header // SizeOfOptionalHeader + .short 0x206 // Characteristics. + // IMAGE_FILE_DEBUG_STRIPPED | + // IMAGE_FILE_EXECUTABLE_IMAGE | + // IMAGE_FILE_LINE_NUMS_STRIPPED +optional_header: + .short 0x20b // PE32+ format + .byte 0x02 // MajorLinkerVersion + .byte 0x18 // MinorLinkerVersion + .long _edata - _start // SizeOfCode + .long 0 // SizeOfInitializedData + .long 0 // SizeOfUninitializedData + .long _start - ImageBase // AddressOfEntryPoint + .long _start - ImageBase // BaseOfCode + +extra_header_fields: + .quad 0 // ImageBase + .long 0x20 // SectionAlignment + .long 0x8 // FileAlignment + .short 0 // MajorOperatingSystemVersion + .short 0 // MinorOperatingSystemVersion + .short 0 // MajorImageVersion + .short 0 // MinorImageVersion + .short 0 // MajorSubsystemVersion + .short 0 // MinorSubsystemVersion + .long 0 // Win32VersionValue + + .long _edata - ImageBase // SizeOfImage + + // Everything before the kernel image is considered part of the header + .long _start - ImageBase // SizeOfHeaders + .long 0 // CheckSum + .short EFI_SUBSYSTEM // Subsystem + .short 0 // DllCharacteristics + .quad 0 // SizeOfStackReserve + .quad 0 // SizeOfStackCommit + .quad 0 // SizeOfHeapReserve + .quad 0 // SizeOfHeapCommit + .long 0 // LoaderFlags + .long 0x10 // NumberOfRvaAndSizes + + .quad 0 // ExportTable + .quad 0 // ImportTable + .quad 0 // ResourceTable + .quad 0 // ExceptionTable + .quad 0 // CertificationTable + .quad 0 // BaseRelocationTable + .quad 0 // DebugTable + .quad 0 // ArchTable + .quad 0 // GlobalPointerTable + .quad 0 // .tls + .quad 0 // LoadConfigTable + .quad 0 // BoundImportsTable + .quad 0 // ImportAddressTable + .quad 0 // DelayLoadImportTable + .quad 0 // ClrRuntimeHeader (.cor) + .quad 0 // Reserved + + // Section table +section_table: + .ascii ".text" + .byte 0 + .byte 0 + .byte 0 // end of 0 padding of section name + + .long _edata - _start // VirtualSize + .long _start - ImageBase // VirtualAddress + .long _edata - _start // SizeOfRawData + .long _start - ImageBase // PointerToRawData + .long 0 // PointerToRelocations (0 for executables) + .long 0 // PointerToLineNumbers (0 for executables) + .short 0 // NumberOfRelocations (0 for executables) + .short 0 // NumberOfLineNumbers (0 for executables) + .long 0x60500020 // Characteristics (section flags) + + /* + * The EFI application loader requires a relocation section + * because EFI applications must be relocatable. This is a + * dummy section as far as we are concerned. + */ + .ascii ".reloc" + .byte 0 + .byte 0 // end of 0 padding of section name + + .long 0 // VirtualSize + .long 0 // VirtualAddress + .long 0 // SizeOfRawData + .long 0 // PointerToRawData + .long 0 // PointerToRelocations + .long 0 // PointerToLineNumbers + .short 0 // NumberOfRelocations + .short 0 // NumberOfLineNumbers + .long 0x42100040 // Characteristics (section flags) + + /* x86-64 needs this padding here; without it, some machines simply + * refuse to admit this is an EFI binary. I'm not really sure why; + * reading the spec, it's unclear, but you'd expect it would need to + * be aligned to (1 << FileAlignment), which would mean not having + * the spacing. + */ + .quad 0 +_start: + subq $8, %rsp + pushq %rcx + pushq %rdx + +0: + lea ImageBase(%rip), %rdi + lea _DYNAMIC(%rip), %rsi + + popq %rcx + popq %rdx + pushq %rcx + pushq %rdx + call _relocate + + popq %rdi + popq %rsi + + call efi_main + addq $8, %rsp + +.exit: + ret diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds index f981102..091187b 100644 --- a/elf_x86_64_efi.lds +++ b/elf_x86_64_efi.lds @@ -4,63 +4,60 @@ OUTPUT_ARCH(i386:x86-64) ENTRY(_start) SECTIONS { - . = 0; - ImageBase = .; - .hash : { *(.hash) } /* this MUST come first! */ - . = ALIGN(4096); - .eh_frame : - { - *(.eh_frame) + .text 0x0 : { + *(.text.head) + *(.text) + *(.text.*) + *(.gnu.linkonce.t.*) + *(.srodata) + *(.rodata*) + . = ALIGN(16); + _etext = .; } - . = ALIGN(4096); - .text : - { - *(.text) - } - . = ALIGN(4096); - .reloc : - { - *(.reloc) - } - . = ALIGN(4096); + .dynamic : { *(.dynamic) } .data : { - *(.rodata*) - *(.got.plt) - *(.got) - *(.data*) - *(.sdata) - /* the EFI loader doesn't seem to like a .bss section, so we stick - it all into .data: */ - *(.sbss) - *(.scommon) - *(.dynbss) - *(.bss) - *(COMMON) - *(.rel.local) + *(.sdata) + *(.data) + *(.data1) + *(.data.*) + *(.got.plt) + *(.got) + + /* the EFI loader doesn't seem to like a .bss section, so we stick + * it all into .data: */ + . = ALIGN(16); + _bss = .; + *(.sbss) + *(.scommon) + *(.dynbss) + *(.bss) + *(COMMON) + . = ALIGN(16); + _bss_end = .; } . = ALIGN(4096); .vendor_cert : { - *(.vendor_cert) + *(.vendor_cert) } + . = ALIGN(4096); - .dynamic : { *(.dynamic) } + .rela.dyn : { *(.rela.dyn) } + .rela.plt : { *(.rela.plt) } + .rela.got : { *(.rela.got) } + .rela.data : { *(.rela.data) *(.rela.data*) } + _edata = .; + _data_size = . - _etext; + . = ALIGN(4096); - .rela : + .dynsym : { *(.dynsym) } + . = ALIGN(4096); + .dynstr : { *(.dynstr) } + . = ALIGN(4096); + /DISCARD/ : { - *(.rela.data*) - *(.rela.got) - *(.rela.stab) - } - . = ALIGN(4096); - .dynsym : { *(.dynsym) } - . = ALIGN(4096); - .dynstr : { *(.dynstr) } - . = ALIGN(4096); - .ignored.reloc : - { - *(.rela.reloc) + *(.rel.reloc) *(.eh_frame) *(.note.GNU-stack) } From f9d825b242d54a4f22de3720781629873ea47736 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Sun, 21 Sep 2014 16:25:27 -0400 Subject: [PATCH 61/75] Do the same for ia32... Once again, on ia32 this time, we see: 00000120 47 84 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 |G...............| Which is where the pointer on ia32 for the Base Relocation Table should be. It points to 0x8447, which isn't a particularly reasonable address as numbers go, and happens to have this data there: 00008440 6f 00 6e 00 66 00 69 00 67 00 75 00 72 00 65 00 |o.n.f.i.g.u.r.e.| 00008450 00 00 49 00 50 00 76 00 36 00 28 00 00 00 2c 00 |..I.P.v.6.(...,.| 00008460 25 00 73 00 2c 00 00 00 29 00 00 00 25 00 64 00 |%.s.,...)...%.d.| 00008470 2e 00 25 00 64 00 2e 00 25 00 64 00 2e 00 25 00 |..%.d...%.d...%.| 00008480 64 00 00 00 44 00 48 00 43 00 50 00 00 00 49 00 |d...D.H.C.P...I.| 00008490 50 00 76 00 34 00 28 00 00 00 2c 00 25 00 73 00 |P.v.4.(...,.%.s.| And so that table is, in theory, this part: 00008447 00 67 00 75 00 72 00 65 00 | .g.u.r.e.| 00008450 00 |. | Which is pretty clearly not a pointer table of any kind. So give ia32 the same treatment as x86_64, and now all arches work basically the same. Signed-off-by: Peter Jones --- Makefile | 22 ++++-- crt0-efi-ia32.S | 180 +++++++++++++++++++++++++++++++++++++++++++++++ elf_ia32_efi.lds | 83 ++++++++++------------ 3 files changed, 236 insertions(+), 49 deletions(-) create mode 100644 crt0-efi-ia32.S diff --git a/Makefile b/Makefile index d5fd55b..a52984f 100644 --- a/Makefile +++ b/Makefile @@ -6,19 +6,25 @@ ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) SUBDIRS = Cryptlib lib -LIB_PATH = /usr/lib64 - EFI_INCLUDE := /usr/include/efi EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude -EFI_PATH := /usr/lib64/gnuefi +ifeq ($(ARCH),ia32) +LIB_PATH := /usr/lib +EFI_PATH := /usr/lib/gnuefi +endif +LIB_PATH ?= /usr/lib64 +EFI_PATH ?= /usr/lib64/gnuefi LIB_GCC = $(shell $(CC) -print-libgcc-file-name) EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) ifeq ($(ARCH),x86_64) EFI_CRT_OBJS := crt0-efi-$(ARCH).o -endif +else ifeq ($(ARCH),ia32) +EFI_CRT_OBJS := crt0-efi-$(ARCH).o +else EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o +endif EFI_LDS = elf_$(ARCH)_efi.lds DEFAULT_LOADER := \\\\grub.efi @@ -137,9 +143,15 @@ SUBSYSTEM := 0xa LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) endif +ifeq ($(ARCH),ia32) +FORMAT := -O binary +SUBSYSTEM := 0xa +LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) +endif + FORMAT ?= --target efi-app-$(ARCH) -crt0-efi-x86_64.o : crt0-efi-x86_64.S +crt0-efi-$(ARCH).o : crt0-efi-$(ARCH).S $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $< %.efi: %.so diff --git a/crt0-efi-ia32.S b/crt0-efi-ia32.S new file mode 100644 index 0000000..70b5b44 --- /dev/null +++ b/crt0-efi-ia32.S @@ -0,0 +1,180 @@ +/* crt0-efi-x86_64.S - x86_64 EFI startup code. + * + * Copyright 2014 Red Hat, Inc. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + .section .text.head + + /* + * Magic "MZ" signature for PE/COFF + */ + .globl ImageBase +ImageBase: + .ascii "MZ" + .skip 58 // 'MZ' + pad + offset == 64 + .long pe_header - ImageBase // Offset to the PE header. + .long 0x0eba1f0e /* terrifying code */ + .long 0xcd09b400 /* terrifying code */ + .long 0x4c01b821 /* terrifying code */ + .short 0x21cd /* terrfiying code */ + .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ + .skip 9 +pe_header: + .ascii "PE" + .short 0 +coff_header: + .short 0x014c // i386 + .short 1 // nr_sections + .long 0 // TimeDateStamp + .long 0 // PointerToSymbolTable + .long 0 // NumberOfSymbols + .short section_table - optional_header // SizeOfOptionalHeader + .short 0x306 // Characteristics. + // IMAGE_FILE_DEBUG_STRIPPED | + // IMAGE_FILE_EXECUTABLE_IMAGE | + // IMAGE_FILE_LINE_NUMS_STRIPPED + // | IMAGE_FILE_32BIT_MACHINE +optional_header: + .short 0x10b // PE32+ format + .byte 0x02 // MajorLinkerVersion + .byte 0x18 // MinorLinkerVersion + .long _edata - _start // SizeOfCode + .long 0 // SizeOfInitializedData + .long 0 // SizeOfUninitializedData + .long _start - ImageBase // AddressOfEntryPoint + .long _start - ImageBase // BaseOfCode + .long 0 // BaseOfData + +extra_header_fields: + .long 0 // ImageBase + .long 0x20 // SectionAlignment + .long 0x8 // FileAlignment + .short 0 // MajorOperatingSystemVersion + .short 0 // MinorOperatingSystemVersion + .short 0 // MajorImageVersion + .short 0 // MinorImageVersion + .short 0 // MajorSubsystemVersion + .short 0 // MinorSubsystemVersion + .long 0 // Win32VersionValue + + .long _edata - ImageBase // SizeOfImage + + // Everything before the kernel image is considered part of the header + .long _start - ImageBase // SizeOfHeaders + .long 0 // CheckSum + .short EFI_SUBSYSTEM // Subsystem + .short 0 // DllCharacteristics + .long 0 // SizeOfStackReserve + .long 0 // SizeOfStackCommit + .long 0 // SizeOfHeapReserve + .long 0 // SizeOfHeapCommit + .long 0 // LoaderFlags + .long 0x10 // NumberOfRvaAndSizes + + .quad 0 // ExportTable + .quad 0 // ImportTable + .quad 0 // ResourceTable + .quad 0 // ExceptionTable + .quad 0 // CertificationTable + .quad 0 // BaseRelocationTable + .quad 0 // DebugTable + .quad 0 // ArchTable + .quad 0 // GlobalPointerTable + .quad 0 // .tls + .quad 0 // LoadConfigTable + .quad 0 // BoundImportsTable + .quad 0 // ImportAddressTable + .quad 0 // DelayLoadImportTable + .quad 0 // ClrRuntimeHeader (.cor) + .quad 0 // Reserved + + // Section table +section_table: + .ascii ".text" + .byte 0 + .byte 0 + .byte 0 // end of 0 padding of section name + + .long _edata - _start // VirtualSize + .long _start - ImageBase // VirtualAddress + .long _edata - _start // SizeOfRawData + .long _start - ImageBase // PointerToRawData + .long 0 // PointerToRelocations (0 for executables) + .long 0 // PointerToLineNumbers (0 for executables) + .short 0 // NumberOfRelocations (0 for executables) + .short 0 // NumberOfLineNumbers (0 for executables) + .long 0x60500020 // Characteristics (section flags) + + /* + * The EFI application loader requires a relocation section + * because EFI applications must be relocatable. This is a + * dummy section as far as we are concerned. + */ + .ascii ".reloc" + .byte 0 + .byte 0 // end of 0 padding of section name + + .long 0 // VirtualSize + .long 0 // VirtualAddress + .long 0 // SizeOfRawData + .long 0 // PointerToRawData + .long 0 // PointerToRelocations + .long 0 // PointerToLineNumbers + .short 0 // NumberOfRelocations + .short 0 // NumberOfLineNumbers + .long 0x42100040 // Characteristics (section flags) + + /* most if not all ia32 binaries binutils makes seem to have .text + * starting at 0x400; no reason to assume that's a bad idea. */ + .align 1024 + +_start: + pushl %ebp + movl %esp,%ebp + + pushl 12(%ebp) # copy "image" argument + pushl 8(%ebp) # copy "systab" argument + + call 0f +0: popl %eax + movl %eax,%ebx + + addl $ImageBase-0b,%eax # %eax = ldbase + addl $_DYNAMIC-0b,%ebx # %ebx = _DYNAMIC + + pushl %ebx # pass _DYNAMIC as second argument + pushl %eax # pass ldbase as first argument + call _relocate + popl %ebx + popl %ebx + testl %eax,%eax + jne .exit + + call efi_main # call app with "image" and "systab" argument + +.exit: + leave + ret diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds index 12d4085..b649e15 100644 --- a/elf_ia32_efi.lds +++ b/elf_ia32_efi.lds @@ -3,61 +3,56 @@ OUTPUT_ARCH(i386) ENTRY(_start) SECTIONS { - . = 0; - ImageBase = .; - .hash : { *(.hash) } /* this MUST come first! */ - . = ALIGN(4096); - .text : - { - *(.text) - *(.text.*) - *(.gnu.linkonce.t.*) + .text 0x0 : { + *(.text.head) + *(.text) + *(.text.*) + *(.gnu.linkonce.t.*) + *(.srodata) + *(.rodata*) + . = ALIGN(16); + _etext = .; } - .reloc : - { - *(.reloc) - } - . = ALIGN(4096); + .dynamic : { *(.dynamic) } .data : { - *(.rodata*) - *(.data) - *(.data1) - *(.data.*) - *(.sdata) - *(.got.plt) - *(.got) - /* the EFI loader doesn't seem to like a .bss section, so we stick - it all into .data: */ - *(.sbss) - *(.scommon) - *(.dynbss) - *(.bss) - *(COMMON) + *(.sdata) + *(.data) + *(.data1) + *(.data.*) + *(.got.plt) + *(.got) + + /* the EFI loader doesn't seem to like a .bss section, so we stick + * it all into .data: */ + . = ALIGN(16); + _bss = .; + *(.sbss) + *(.scommon) + *(.dynbss) + *(.bss) + *(COMMON) + . = ALIGN(16); + _bss_end = .; } . = ALIGN(4096); .vendor_cert : { - *(.vendor_cert) + *(.vendor_cert) } + . = ALIGN(4096); - .dynamic : { *(.dynamic) } + .rel.dyn : { *(.rel.dyn) } + .rel.plt : { *(.rel.plt) } + .rel.got : { *(.rel.got) } + .rel.data : { *(.rel.data) *(.rel.data*) } + _edata = .; + _data_size = . - _etext; + . = ALIGN(4096); - .rel : - { - *(.rel.data) - *(.rel.data.*) - *(.rel.got) - *(.rel.stab) - *(.data.rel.ro.local) - *(.data.rel.local) - *(.data.rel.ro) - *(.data.rel*) - } + .dynsym : { *(.dynsym) } . = ALIGN(4096); - .dynsym : { *(.dynsym) } - . = ALIGN(4096); - .dynstr : { *(.dynstr) } + .dynstr : { *(.dynstr) } . = ALIGN(4096); /DISCARD/ : { From 9ac3f69597b1460a59ed6ca8c752acc8a8577c6d Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Sun, 21 Sep 2014 16:25:28 -0400 Subject: [PATCH 62/75] Make list_keys() index variables all be signed. We build with -Werror=signed-compare in fedora/rhel rpms, and this showed up. Signed-off-by: Peter Jones --- MokManager.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MokManager.c b/MokManager.c index 50cb9d7..ecbcdd3 100644 --- a/MokManager.c +++ b/MokManager.c @@ -436,11 +436,11 @@ static void show_mok_info (void *Mok, UINTN MokSize) static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) { - UINT32 MokNum = 0; + INTN MokNum = 0; MokListNode *keys = NULL; INTN key_num = 0; CHAR16 **menu_strings; - unsigned int i; + int i; if (KeyListSize < (sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA))) { From 05b61752dbc651d51956263aa78681cf6bbcaa63 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 30 Sep 2014 22:49:21 -0400 Subject: [PATCH 63/75] Revert header changes Revert "Do the same for ia32..." and "Generate a sane PE header on shim, fallback, and MokManager." This reverts commit 6744a7ef8eca44948565c3d1244ec931ed3f6fee. and commit 0e7ba5947eb38b79de2051ecf3b95055e620475c. These are premature and I can do this without such drastic measures. Signed-off-by: Peter Jones --- Makefile | 42 +++-------- crt0-efi-ia32.S | 180 --------------------------------------------- crt0-efi-x86_64.S | 177 -------------------------------------------- elf_ia32_efi.lds | 83 +++++++++++---------- elf_x86_64_efi.lds | 89 +++++++++++----------- 5 files changed, 99 insertions(+), 472 deletions(-) delete mode 100644 crt0-efi-ia32.S delete mode 100644 crt0-efi-x86_64.S diff --git a/Makefile b/Makefile index a52984f..5bc513c 100644 --- a/Makefile +++ b/Makefile @@ -6,25 +6,16 @@ ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) SUBDIRS = Cryptlib lib +LIB_PATH = /usr/lib64 + EFI_INCLUDE := /usr/include/efi EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude -ifeq ($(ARCH),ia32) -LIB_PATH := /usr/lib -EFI_PATH := /usr/lib/gnuefi -endif -LIB_PATH ?= /usr/lib64 -EFI_PATH ?= /usr/lib64/gnuefi +EFI_PATH := /usr/lib64/gnuefi LIB_GCC = $(shell $(CC) -print-libgcc-file-name) EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) -ifeq ($(ARCH),x86_64) -EFI_CRT_OBJS := crt0-efi-$(ARCH).o -else ifeq ($(ARCH),ia32) -EFI_CRT_OBJS := crt0-efi-$(ARCH).o -else -EFI_CRT_OBJS ?= $(EFI_PATH)/crt0-efi-$(ARCH).o -endif +EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o EFI_LDS = elf_$(ARCH)_efi.lds DEFAULT_LOADER := \\\\grub.efi @@ -61,11 +52,11 @@ ifneq ($(origin VENDOR_DBX_FILE), undefined) CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" endif -LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL +LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) VERSION = 0.7 -TARGET += shim.efi MokManager.efi.signed fallback.efi.signed +TARGET = shim.efi MokManager.efi.signed fallback.efi.signed OBJS = shim.o netboot.o cert.o replacements.o version.o KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h @@ -103,17 +94,17 @@ shim.o: $(SOURCES) shim_cert.h cert.o : cert.S $(CC) $(CFLAGS) -c -o $@ $< -shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) +shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) fallback.o: $(FALLBACK_SRCS) -fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) +fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) MokManager.o: $(MOK_SOURCES) -MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(EFI_CRT_OBJS) +MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a Cryptlib/libcryptlib.a: @@ -137,23 +128,8 @@ SUBSYSTEM := 0xa LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) endif -ifeq ($(ARCH),x86_64) -FORMAT := -O binary -SUBSYSTEM := 0xa -LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) -endif - -ifeq ($(ARCH),ia32) -FORMAT := -O binary -SUBSYSTEM := 0xa -LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) -endif - FORMAT ?= --target efi-app-$(ARCH) -crt0-efi-$(ARCH).o : crt0-efi-$(ARCH).S - $(CC) $(CFLAGS) -DEFI_SUBSYSTEM=$(SUBSYSTEM) -c -o $@ $< - %.efi: %.so $(OBJCOPY) -j .text -j .sdata -j .data \ -j .dynamic -j .dynsym -j .rel* \ diff --git a/crt0-efi-ia32.S b/crt0-efi-ia32.S deleted file mode 100644 index 70b5b44..0000000 --- a/crt0-efi-ia32.S +++ /dev/null @@ -1,180 +0,0 @@ -/* crt0-efi-x86_64.S - x86_64 EFI startup code. - * - * Copyright 2014 Red Hat, Inc. - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the - * distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - .section .text.head - - /* - * Magic "MZ" signature for PE/COFF - */ - .globl ImageBase -ImageBase: - .ascii "MZ" - .skip 58 // 'MZ' + pad + offset == 64 - .long pe_header - ImageBase // Offset to the PE header. - .long 0x0eba1f0e /* terrifying code */ - .long 0xcd09b400 /* terrifying code */ - .long 0x4c01b821 /* terrifying code */ - .short 0x21cd /* terrfiying code */ - .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ - .skip 9 -pe_header: - .ascii "PE" - .short 0 -coff_header: - .short 0x014c // i386 - .short 1 // nr_sections - .long 0 // TimeDateStamp - .long 0 // PointerToSymbolTable - .long 0 // NumberOfSymbols - .short section_table - optional_header // SizeOfOptionalHeader - .short 0x306 // Characteristics. - // IMAGE_FILE_DEBUG_STRIPPED | - // IMAGE_FILE_EXECUTABLE_IMAGE | - // IMAGE_FILE_LINE_NUMS_STRIPPED - // | IMAGE_FILE_32BIT_MACHINE -optional_header: - .short 0x10b // PE32+ format - .byte 0x02 // MajorLinkerVersion - .byte 0x18 // MinorLinkerVersion - .long _edata - _start // SizeOfCode - .long 0 // SizeOfInitializedData - .long 0 // SizeOfUninitializedData - .long _start - ImageBase // AddressOfEntryPoint - .long _start - ImageBase // BaseOfCode - .long 0 // BaseOfData - -extra_header_fields: - .long 0 // ImageBase - .long 0x20 // SectionAlignment - .long 0x8 // FileAlignment - .short 0 // MajorOperatingSystemVersion - .short 0 // MinorOperatingSystemVersion - .short 0 // MajorImageVersion - .short 0 // MinorImageVersion - .short 0 // MajorSubsystemVersion - .short 0 // MinorSubsystemVersion - .long 0 // Win32VersionValue - - .long _edata - ImageBase // SizeOfImage - - // Everything before the kernel image is considered part of the header - .long _start - ImageBase // SizeOfHeaders - .long 0 // CheckSum - .short EFI_SUBSYSTEM // Subsystem - .short 0 // DllCharacteristics - .long 0 // SizeOfStackReserve - .long 0 // SizeOfStackCommit - .long 0 // SizeOfHeapReserve - .long 0 // SizeOfHeapCommit - .long 0 // LoaderFlags - .long 0x10 // NumberOfRvaAndSizes - - .quad 0 // ExportTable - .quad 0 // ImportTable - .quad 0 // ResourceTable - .quad 0 // ExceptionTable - .quad 0 // CertificationTable - .quad 0 // BaseRelocationTable - .quad 0 // DebugTable - .quad 0 // ArchTable - .quad 0 // GlobalPointerTable - .quad 0 // .tls - .quad 0 // LoadConfigTable - .quad 0 // BoundImportsTable - .quad 0 // ImportAddressTable - .quad 0 // DelayLoadImportTable - .quad 0 // ClrRuntimeHeader (.cor) - .quad 0 // Reserved - - // Section table -section_table: - .ascii ".text" - .byte 0 - .byte 0 - .byte 0 // end of 0 padding of section name - - .long _edata - _start // VirtualSize - .long _start - ImageBase // VirtualAddress - .long _edata - _start // SizeOfRawData - .long _start - ImageBase // PointerToRawData - .long 0 // PointerToRelocations (0 for executables) - .long 0 // PointerToLineNumbers (0 for executables) - .short 0 // NumberOfRelocations (0 for executables) - .short 0 // NumberOfLineNumbers (0 for executables) - .long 0x60500020 // Characteristics (section flags) - - /* - * The EFI application loader requires a relocation section - * because EFI applications must be relocatable. This is a - * dummy section as far as we are concerned. - */ - .ascii ".reloc" - .byte 0 - .byte 0 // end of 0 padding of section name - - .long 0 // VirtualSize - .long 0 // VirtualAddress - .long 0 // SizeOfRawData - .long 0 // PointerToRawData - .long 0 // PointerToRelocations - .long 0 // PointerToLineNumbers - .short 0 // NumberOfRelocations - .short 0 // NumberOfLineNumbers - .long 0x42100040 // Characteristics (section flags) - - /* most if not all ia32 binaries binutils makes seem to have .text - * starting at 0x400; no reason to assume that's a bad idea. */ - .align 1024 - -_start: - pushl %ebp - movl %esp,%ebp - - pushl 12(%ebp) # copy "image" argument - pushl 8(%ebp) # copy "systab" argument - - call 0f -0: popl %eax - movl %eax,%ebx - - addl $ImageBase-0b,%eax # %eax = ldbase - addl $_DYNAMIC-0b,%ebx # %ebx = _DYNAMIC - - pushl %ebx # pass _DYNAMIC as second argument - pushl %eax # pass ldbase as first argument - call _relocate - popl %ebx - popl %ebx - testl %eax,%eax - jne .exit - - call efi_main # call app with "image" and "systab" argument - -.exit: - leave - ret diff --git a/crt0-efi-x86_64.S b/crt0-efi-x86_64.S deleted file mode 100644 index f334a63..0000000 --- a/crt0-efi-x86_64.S +++ /dev/null @@ -1,177 +0,0 @@ -/* crt0-efi-x86_64.S - x86_64 EFI startup code. - * - * Copyright 2014 Red Hat, Inc. - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the - * distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - .section .text.head - - /* - * Magic "MZ" signature for PE/COFF - */ - .globl ImageBase -ImageBase: - .ascii "MZ" - .skip 58 // 'MZ' + pad + offset == 64 - .long pe_header - ImageBase // Offset to the PE header. - .long 0x0eba1f0e /* terrifying code */ - .long 0xcd09b400 /* terrifying code */ - .long 0x4c01b821 /* terrifying code */ - .short 0x21cd /* terrfiying code */ - .ascii "The only winning move is not to play.\r\r\n$" /* DOS text */ - .skip 9 -pe_header: - .ascii "PE" - .short 0 -coff_header: - .short 0x8664 // x86_64 - .short 1 // nr_sections - .long 0 // TimeDateStamp - .long 0 // PointerToSymbolTable - .long 0 // NumberOfSymbols - .short section_table - optional_header // SizeOfOptionalHeader - .short 0x206 // Characteristics. - // IMAGE_FILE_DEBUG_STRIPPED | - // IMAGE_FILE_EXECUTABLE_IMAGE | - // IMAGE_FILE_LINE_NUMS_STRIPPED -optional_header: - .short 0x20b // PE32+ format - .byte 0x02 // MajorLinkerVersion - .byte 0x18 // MinorLinkerVersion - .long _edata - _start // SizeOfCode - .long 0 // SizeOfInitializedData - .long 0 // SizeOfUninitializedData - .long _start - ImageBase // AddressOfEntryPoint - .long _start - ImageBase // BaseOfCode - -extra_header_fields: - .quad 0 // ImageBase - .long 0x20 // SectionAlignment - .long 0x8 // FileAlignment - .short 0 // MajorOperatingSystemVersion - .short 0 // MinorOperatingSystemVersion - .short 0 // MajorImageVersion - .short 0 // MinorImageVersion - .short 0 // MajorSubsystemVersion - .short 0 // MinorSubsystemVersion - .long 0 // Win32VersionValue - - .long _edata - ImageBase // SizeOfImage - - // Everything before the kernel image is considered part of the header - .long _start - ImageBase // SizeOfHeaders - .long 0 // CheckSum - .short EFI_SUBSYSTEM // Subsystem - .short 0 // DllCharacteristics - .quad 0 // SizeOfStackReserve - .quad 0 // SizeOfStackCommit - .quad 0 // SizeOfHeapReserve - .quad 0 // SizeOfHeapCommit - .long 0 // LoaderFlags - .long 0x10 // NumberOfRvaAndSizes - - .quad 0 // ExportTable - .quad 0 // ImportTable - .quad 0 // ResourceTable - .quad 0 // ExceptionTable - .quad 0 // CertificationTable - .quad 0 // BaseRelocationTable - .quad 0 // DebugTable - .quad 0 // ArchTable - .quad 0 // GlobalPointerTable - .quad 0 // .tls - .quad 0 // LoadConfigTable - .quad 0 // BoundImportsTable - .quad 0 // ImportAddressTable - .quad 0 // DelayLoadImportTable - .quad 0 // ClrRuntimeHeader (.cor) - .quad 0 // Reserved - - // Section table -section_table: - .ascii ".text" - .byte 0 - .byte 0 - .byte 0 // end of 0 padding of section name - - .long _edata - _start // VirtualSize - .long _start - ImageBase // VirtualAddress - .long _edata - _start // SizeOfRawData - .long _start - ImageBase // PointerToRawData - .long 0 // PointerToRelocations (0 for executables) - .long 0 // PointerToLineNumbers (0 for executables) - .short 0 // NumberOfRelocations (0 for executables) - .short 0 // NumberOfLineNumbers (0 for executables) - .long 0x60500020 // Characteristics (section flags) - - /* - * The EFI application loader requires a relocation section - * because EFI applications must be relocatable. This is a - * dummy section as far as we are concerned. - */ - .ascii ".reloc" - .byte 0 - .byte 0 // end of 0 padding of section name - - .long 0 // VirtualSize - .long 0 // VirtualAddress - .long 0 // SizeOfRawData - .long 0 // PointerToRawData - .long 0 // PointerToRelocations - .long 0 // PointerToLineNumbers - .short 0 // NumberOfRelocations - .short 0 // NumberOfLineNumbers - .long 0x42100040 // Characteristics (section flags) - - /* x86-64 needs this padding here; without it, some machines simply - * refuse to admit this is an EFI binary. I'm not really sure why; - * reading the spec, it's unclear, but you'd expect it would need to - * be aligned to (1 << FileAlignment), which would mean not having - * the spacing. - */ - .quad 0 -_start: - subq $8, %rsp - pushq %rcx - pushq %rdx - -0: - lea ImageBase(%rip), %rdi - lea _DYNAMIC(%rip), %rsi - - popq %rcx - popq %rdx - pushq %rcx - pushq %rdx - call _relocate - - popq %rdi - popq %rsi - - call efi_main - addq $8, %rsp - -.exit: - ret diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds index b649e15..12d4085 100644 --- a/elf_ia32_efi.lds +++ b/elf_ia32_efi.lds @@ -3,56 +3,61 @@ OUTPUT_ARCH(i386) ENTRY(_start) SECTIONS { - .text 0x0 : { - *(.text.head) - *(.text) - *(.text.*) - *(.gnu.linkonce.t.*) - *(.srodata) - *(.rodata*) - . = ALIGN(16); - _etext = .; + . = 0; + ImageBase = .; + .hash : { *(.hash) } /* this MUST come first! */ + . = ALIGN(4096); + .text : + { + *(.text) + *(.text.*) + *(.gnu.linkonce.t.*) } - .dynamic : { *(.dynamic) } + .reloc : + { + *(.reloc) + } + . = ALIGN(4096); .data : { - *(.sdata) - *(.data) - *(.data1) - *(.data.*) - *(.got.plt) - *(.got) - - /* the EFI loader doesn't seem to like a .bss section, so we stick - * it all into .data: */ - . = ALIGN(16); - _bss = .; - *(.sbss) - *(.scommon) - *(.dynbss) - *(.bss) - *(COMMON) - . = ALIGN(16); - _bss_end = .; + *(.rodata*) + *(.data) + *(.data1) + *(.data.*) + *(.sdata) + *(.got.plt) + *(.got) + /* the EFI loader doesn't seem to like a .bss section, so we stick + it all into .data: */ + *(.sbss) + *(.scommon) + *(.dynbss) + *(.bss) + *(COMMON) } . = ALIGN(4096); .vendor_cert : { - *(.vendor_cert) + *(.vendor_cert) } - . = ALIGN(4096); - .rel.dyn : { *(.rel.dyn) } - .rel.plt : { *(.rel.plt) } - .rel.got : { *(.rel.got) } - .rel.data : { *(.rel.data) *(.rel.data*) } - _edata = .; - _data_size = . - _etext; - + .dynamic : { *(.dynamic) } . = ALIGN(4096); - .dynsym : { *(.dynsym) } + .rel : + { + *(.rel.data) + *(.rel.data.*) + *(.rel.got) + *(.rel.stab) + *(.data.rel.ro.local) + *(.data.rel.local) + *(.data.rel.ro) + *(.data.rel*) + } . = ALIGN(4096); - .dynstr : { *(.dynstr) } + .dynsym : { *(.dynsym) } + . = ALIGN(4096); + .dynstr : { *(.dynstr) } . = ALIGN(4096); /DISCARD/ : { diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds index 091187b..f981102 100644 --- a/elf_x86_64_efi.lds +++ b/elf_x86_64_efi.lds @@ -4,60 +4,63 @@ OUTPUT_ARCH(i386:x86-64) ENTRY(_start) SECTIONS { - .text 0x0 : { - *(.text.head) - *(.text) - *(.text.*) - *(.gnu.linkonce.t.*) - *(.srodata) - *(.rodata*) - . = ALIGN(16); - _etext = .; + . = 0; + ImageBase = .; + .hash : { *(.hash) } /* this MUST come first! */ + . = ALIGN(4096); + .eh_frame : + { + *(.eh_frame) } - .dynamic : { *(.dynamic) } + . = ALIGN(4096); + .text : + { + *(.text) + } + . = ALIGN(4096); + .reloc : + { + *(.reloc) + } + . = ALIGN(4096); .data : { - *(.sdata) - *(.data) - *(.data1) - *(.data.*) - *(.got.plt) - *(.got) - - /* the EFI loader doesn't seem to like a .bss section, so we stick - * it all into .data: */ - . = ALIGN(16); - _bss = .; - *(.sbss) - *(.scommon) - *(.dynbss) - *(.bss) - *(COMMON) - . = ALIGN(16); - _bss_end = .; + *(.rodata*) + *(.got.plt) + *(.got) + *(.data*) + *(.sdata) + /* the EFI loader doesn't seem to like a .bss section, so we stick + it all into .data: */ + *(.sbss) + *(.scommon) + *(.dynbss) + *(.bss) + *(COMMON) + *(.rel.local) } . = ALIGN(4096); .vendor_cert : { - *(.vendor_cert) + *(.vendor_cert) } - . = ALIGN(4096); - .rela.dyn : { *(.rela.dyn) } - .rela.plt : { *(.rela.plt) } - .rela.got : { *(.rela.got) } - .rela.data : { *(.rela.data) *(.rela.data*) } - _edata = .; - _data_size = . - _etext; - + .dynamic : { *(.dynamic) } . = ALIGN(4096); - .dynsym : { *(.dynsym) } - . = ALIGN(4096); - .dynstr : { *(.dynstr) } - . = ALIGN(4096); - /DISCARD/ : + .rela : { - *(.rel.reloc) + *(.rela.data*) + *(.rela.got) + *(.rela.stab) + } + . = ALIGN(4096); + .dynsym : { *(.dynsym) } + . = ALIGN(4096); + .dynstr : { *(.dynstr) } + . = ALIGN(4096); + .ignored.reloc : + { + *(.rela.reloc) *(.eh_frame) *(.note.GNU-stack) } From a16340e3f79d32b7454426db53b94e611802c6e3 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 30 Sep 2014 22:51:32 -0400 Subject: [PATCH 64/75] Actually find the relocations correctly and process them that way. Find the relocations based on the *file* address in the old binary, because it's only the same as the virtual address some of the time. Also perform some extra validation before processing it, and don't bail out in /error/ if both ReloceBase and RelocEnd are null - that condition is fine. Signed-off-by: Peter Jones --- shim.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 77 insertions(+), 13 deletions(-) diff --git a/shim.c b/shim.c index 7cd4182..4baf8b1 100644 --- a/shim.c +++ b/shim.c @@ -222,6 +222,7 @@ image_is_loadable(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr) * Perform the actual relocation */ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, + EFI_IMAGE_SECTION_HEADER *Section, void *orig, void *data) { EFI_IMAGE_BASE_RELOCATION *RelocBase, *RelocBaseEnd; @@ -233,14 +234,46 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, UINT64 *Fixup64; int size = context->ImageSize; void *ImageEnd = (char *)orig + size; + int n = 0; if (image_is_64_bit(context->PEHdr)) context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)(unsigned long)data; else context->PEHdr->Pe32.OptionalHeader.ImageBase = (UINT32)(unsigned long)data; - RelocBase = ImageAddress(orig, size, context->RelocDir->VirtualAddress); - RelocBaseEnd = ImageAddress(orig, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1); + /* Alright, so here's how this works: + * + * context->RelocDir gives us two things: + * - the VA the table of base relocation blocks are (maybe) to be + * mapped at (RelocDir->VirtualAddress) + * - the virtual size (RelocDir->Size) + * + * The .reloc section (Section here) gives us some other things: + * - the name! kind of. (Section->Name) + * - the virtual size (Section->VirtualSize), which should be the same + * as RelocDir->Size + * - the virtual address (Section->VirtualAddress) + * - the file section size (Section->SizeOfRawData), which is + * a multiple of OptHdr->FileAlignment. Only useful for image + * validation, not really useful for iteration bounds. + * - the file address (Section->PointerToRawData) + * - a bunch of stuff we don't use that's 0 in our binaries usually + * - Flags (Section->Characteristics) + * + * and then the thing that's actually at the file address is an array + * of EFI_IMAGE_BASE_RELOCATION structs with some values packed behind + * them. The SizeOfBlock field of this structure includes the + * structure itself, and adding it to that structure's address will + * yield the next entry in the array. + */ + RelocBase = ImageAddress(orig, size, Section->PointerToRawData); + /* RelocBaseEnd here is the address of the first entry /past/ the + * table. */ + RelocBaseEnd = ImageAddress(orig, size, Section->PointerToRawData + + Section->Misc.VirtualSize); + + if (!RelocBase && !RelocBaseEnd) + return EFI_SUCCESS; if (!RelocBase || !RelocBaseEnd) { perror(L"Reloc table overflows binary\n"); @@ -256,19 +289,19 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION)); if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) { - perror(L"Reloc block size %d is invalid\n", RelocBase->SizeOfBlock); + perror(L"Reloc %d block size %d is invalid\n", n, RelocBase->SizeOfBlock); return EFI_UNSUPPORTED; } RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock); if ((void *)RelocEnd < orig || (void *)RelocEnd > ImageEnd) { - perror(L"Reloc entry overflows binary\n"); + perror(L"Reloc %d entry overflows binary\n", n); return EFI_UNSUPPORTED; } FixupBase = ImageAddress(data, size, RelocBase->VirtualAddress); if (!FixupBase) { - perror(L"Invalid fixupbase\n"); + perror(L"Reloc %d Invalid fixupbase\n", n); return EFI_UNSUPPORTED; } @@ -317,12 +350,13 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, break; default: - perror(L"Unknown relocation\n"); + perror(L"Reloc %d Unknown relocation\n", n); return EFI_UNSUPPORTED; } Reloc += 1; } RelocBase = (EFI_IMAGE_BASE_RELOCATION *) RelocEnd; + n++; } return EFI_SUCCESS; @@ -1102,15 +1136,21 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, CopyMem(buffer, data, context.SizeOfHeaders); + char *RelocBase, *RelocBaseEnd; + RelocBase = ImageAddress(buffer, datasize, + context.RelocDir->VirtualAddress); + /* RelocBaseEnd here is the address of the last byte of the table */ + RelocBaseEnd = ImageAddress(buffer, datasize, + context.RelocDir->VirtualAddress + + context.RelocDir->Size - 1); + + EFI_IMAGE_SECTION_HEADER *RelocSection = NULL; + /* * Copy the executable's sections to their desired offsets */ Section = context.FirstSection; for (i = 0; i < context.NumberOfSections; i++, Section++) { - if (Section->Characteristics & 0x02000000) - /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */ - continue; - size = Section->Misc.VirtualSize; if (size > Section->SizeOfRawData) @@ -1118,7 +1158,6 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, base = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress); end = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress + size - 1); - if (!base || !end) { perror(L"Invalid section size\n"); return EFI_UNSUPPORTED; @@ -1130,6 +1169,30 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, return EFI_UNSUPPORTED; } + /* We do want to process .reloc, but it's often marked + * discardable, so we don't want to memcpy it. */ + if (CompareMem(Section->Name, ".reloc\0\0", 8) == 0) { + if (RelocSection) { + perror(L"Image has multiple relocation sections\n"); + return EFI_UNSUPPORTED; + } + /* If it has nonzero sizes, and our bounds check + * made sense, and the VA and size match RelocDir's + * versions, then we believe in this section table. */ + if (Section->SizeOfRawData && + Section->Misc.VirtualSize && + base && end && + RelocBase == base && + RelocBaseEnd == end) { + RelocSection = Section; + } + } + + if (Section->Characteristics & 0x02000000) { + /* section has EFI_IMAGE_SCN_MEM_DISCARDABLE attr set */ + continue; + } + if (Section->SizeOfRawData > 0) CopyMem(base, data + Section->PointerToRawData, size); @@ -1143,11 +1206,12 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, return EFI_UNSUPPORTED; } - if (context.RelocDir->Size) { + if (context.RelocDir->Size && RelocSection) { /* * Run the relocation fixups */ - efi_status = relocate_coff(&context, data, buffer); + efi_status = relocate_coff(&context, RelocSection, data, + buffer); if (efi_status != EFI_SUCCESS) { perror(L"Relocation failed: %r\n", efi_status); From ada75ade4ca906737bda7741c49b427da9b5763f Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 2 Oct 2014 00:02:43 -0400 Subject: [PATCH 65/75] Don't append an empty cert list to MokListRT if vendor_cert_size is 0. Signed-off-by: Peter Jones --- shim.c | 65 +++++++++++++++++++++++++++++++--------------------------- 1 file changed, 35 insertions(+), 30 deletions(-) diff --git a/shim.c b/shim.c index 4baf8b1..a282ee3 100644 --- a/shim.c +++ b/shim.c @@ -1698,37 +1698,42 @@ EFI_STATUS mirror_mok_list() if (efi_status != EFI_SUCCESS) DataSize = 0; - FullDataSize = DataSize - + sizeof (*CertList) - + sizeof (EFI_GUID) - + vendor_cert_size - ; - FullData = AllocatePool(FullDataSize); - if (!FullData) { - perror(L"Failed to allocate space for MokListRT\n"); - return EFI_OUT_OF_RESOURCES; + if (vendor_cert_size) { + FullDataSize = DataSize + + sizeof (*CertList) + + sizeof (EFI_GUID) + + vendor_cert_size + ; + FullData = AllocatePool(FullDataSize); + if (!FullData) { + perror(L"Failed to allocate space for MokListRT\n"); + return EFI_OUT_OF_RESOURCES; + } + p = FullData; + + if (efi_status == EFI_SUCCESS && DataSize > 0) { + CopyMem(p, Data, DataSize); + p += DataSize; + } + CertList = (EFI_SIGNATURE_LIST *)p; + p += sizeof (*CertList); + CertData = (EFI_SIGNATURE_DATA *)p; + p += sizeof (EFI_GUID); + + CertList->SignatureType = EFI_CERT_X509_GUID; + CertList->SignatureListSize = vendor_cert_size + + sizeof (*CertList) + + sizeof (*CertData) + -1; + CertList->SignatureHeaderSize = 0; + CertList->SignatureSize = vendor_cert_size + sizeof (EFI_GUID); + + CertData->SignatureOwner = SHIM_LOCK_GUID; + CopyMem(p, vendor_cert, vendor_cert_size); + } else { + FullDataSize = DataSize; + FullData = Data; } - p = FullData; - - if (efi_status == EFI_SUCCESS && DataSize > 0) { - CopyMem(p, Data, DataSize); - p += DataSize; - } - CertList = (EFI_SIGNATURE_LIST *)p; - p += sizeof (*CertList); - CertData = (EFI_SIGNATURE_DATA *)p; - p += sizeof (EFI_GUID); - - CertList->SignatureType = EFI_CERT_X509_GUID; - CertList->SignatureListSize = vendor_cert_size - + sizeof (*CertList) - + sizeof (*CertData) - -1; - CertList->SignatureHeaderSize = 0; - CertList->SignatureSize = vendor_cert_size + sizeof (EFI_GUID); - - CertData->SignatureOwner = SHIM_LOCK_GUID; - CopyMem(p, vendor_cert, vendor_cert_size); efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokListRT", &shim_lock_guid, From e258243e43ca2c9f6ac177ed4153fe92af64fcd8 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 2 Oct 2014 00:02:43 -0400 Subject: [PATCH 66/75] Fix some minor testplan errors. Signed-off-by: Peter Jones --- testplan.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/testplan.txt b/testplan.txt index 2fbf238..ab88781 100644 --- a/testplan.txt +++ b/testplan.txt @@ -12,7 +12,7 @@ How to test a new shim build for RHEL/fedora: -s -c "Red Hat Test Certificate" 6) put pesign-test-app-signed.efi in \EFI\test as grubx64.efi cp /usr/share/pesign-test-app-0.4/pesign-test-app-signed.efi \ - /boot/efi/EFI/test/test.efi + /boot/efi/EFI/test/grubx64.efi 7) sign a copy of grubx64.efi with RHTC and iput it in \EFI\test\ . Also leave an unsigned copy there: pesign -i /boot/efi/EFI/redhat/grubx64.efi \ @@ -38,7 +38,9 @@ How to test a new shim build for RHEL/fedora: 12) put shim.efi there as well cp /boot/efi/EFI/test/shim.efi /boot/efi/EFI/BOOT/BOOTX64.EFI 13) enroll the current kernel's certificate with mokutil: - mokutil --import ~/redhatsecurebootca2.cer + # this should be a /different/ cert than the one signing pesign-test-app. + # for instance use a RHEL cert for p-t-a and a fedora cert+kernel here. + mokutil --import ~/fedora-ca.cer 14) put machine in setup mode 15) boot to the UEFI shell 16) run lockdown.efi from #4: From f852734c5a15f2fe6a76424ce23daaee870c6c4e Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 2 Oct 2014 00:08:50 -0400 Subject: [PATCH 67/75] Don't verify images with the empty build key We replaced the build key with an empty file while compiling shim for our distro. Skip the verification with the empty build key since this makes no sense. Signed-off-by: Gary Ching-Pang Lin --- shim.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/shim.c b/shim.c index a282ee3..8076caa 100644 --- a/shim.c +++ b/shim.c @@ -949,7 +949,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize, /* * Check against the shim build key */ - if (AuthenticodeVerify(cert->CertData, + if (sizeof(shim_cert) && + AuthenticodeVerify(cert->CertData, context->SecDir->Size - sizeof(cert->Hdr), shim_cert, sizeof(shim_cert), sha256hash, SHA256_DIGEST_SIZE)) { From e83cd86c6734e8368429482945855ab9c60b3da5 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 2 Oct 2014 00:10:47 -0400 Subject: [PATCH 68/75] Cryptlib: remove the unused files I mistakenly added CryptPkcs7VerifyNull.c which may make Pkcs7Verify always return FALSE. Besides CryptPkcs7VerifyNull.c, there are some functions we would never use. This commit removes those files to avoid any potential trouble. Signed-off-by: Gary Ching-Pang Lin --- Cryptlib/Makefile | 5 +- Cryptlib/Pk/CryptDh.c | 328 ------------------------- Cryptlib/Pk/CryptDhNull.c | 156 ++++++++++++ Cryptlib/Pk/CryptPkcs7Sign.c | 207 ---------------- Cryptlib/Pk/CryptPkcs7VerifyNull.c | 100 -------- Cryptlib/Pk/CryptRsaExt.c | 377 ----------------------------- Cryptlib/update.sh | 5 +- 7 files changed, 158 insertions(+), 1020 deletions(-) delete mode 100644 Cryptlib/Pk/CryptDh.c create mode 100644 Cryptlib/Pk/CryptDhNull.c delete mode 100644 Cryptlib/Pk/CryptPkcs7Sign.c delete mode 100644 Cryptlib/Pk/CryptPkcs7VerifyNull.c delete mode 100644 Cryptlib/Pk/CryptRsaExt.c diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 73a1e2b..9719a27 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -25,13 +25,10 @@ OBJS = Hash/CryptMd4.o \ Cipher/CryptArc4.o \ Rand/CryptRand.o \ Pk/CryptRsaBasic.o \ - Pk/CryptRsaExt.o \ Pk/CryptRsaExtNull.o \ - Pk/CryptPkcs7Sign.o \ Pk/CryptPkcs7SignNull.o \ Pk/CryptPkcs7Verify.o \ - Pk/CryptPkcs7VerifyNull.o \ - Pk/CryptDh.o \ + Pk/CryptDhNull.o \ Pk/CryptX509.o \ Pk/CryptAuthenticode.o \ Pem/CryptPem.o \ diff --git a/Cryptlib/Pk/CryptDh.c b/Cryptlib/Pk/CryptDh.c deleted file mode 100644 index 942b3d1..0000000 --- a/Cryptlib/Pk/CryptDh.c +++ /dev/null @@ -1,328 +0,0 @@ -/** @file - Diffie-Hellman Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "InternalCryptLib.h" -#include - - -/** - Allocates and Initializes one Diffie-Hellman Context for subsequent use. - - @return Pointer to the Diffie-Hellman Context that has been initialized. - If the allocations fails, DhNew() returns NULL. - -**/ -VOID * -EFIAPI -DhNew ( - VOID - ) -{ - // - // Allocates & Initializes DH Context by OpenSSL DH_new() - // - return (VOID *) DH_new (); -} - -/** - Release the specified DH context. - - If DhContext is NULL, then return FALSE. - - @param[in] DhContext Pointer to the DH context to be released. - -**/ -VOID -EFIAPI -DhFree ( - IN VOID *DhContext - ) -{ - // - // Free OpenSSL DH Context - // - DH_free ((DH *) DhContext); -} - -/** - Generates DH parameter. - - Given generator g, and length of prime number p in bits, this function generates p, - and sets DH context according to value of g and p. - - Before this function can be invoked, pseudorandom number generator must be correctly - initialized by RandomSeed(). - - If DhContext is NULL, then return FALSE. - If Prime is NULL, then return FALSE. - - @param[in, out] DhContext Pointer to the DH context. - @param[in] Generator Value of generator. - @param[in] PrimeLength Length in bits of prime to be generated. - @param[out] Prime Pointer to the buffer to receive the generated prime number. - - @retval TRUE DH pamameter generation succeeded. - @retval FALSE Value of Generator is not supported. - @retval FALSE PRNG fails to generate random prime number with PrimeLength. - -**/ -BOOLEAN -EFIAPI -DhGenerateParameter ( - IN OUT VOID *DhContext, - IN UINTN Generator, - IN UINTN PrimeLength, - OUT UINT8 *Prime - ) -{ - BOOLEAN RetVal; - - // - // Check input parameters. - // - if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) { - return FALSE; - } - - if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) { - return FALSE; - } - - RetVal = (BOOLEAN) DH_generate_parameters_ex (DhContext, (UINT32) PrimeLength, (UINT32) Generator, NULL); - if (!RetVal) { - return FALSE; - } - - BN_bn2bin (((DH *) DhContext)->p, Prime); - - return TRUE; -} - -/** - Sets generator and prime parameters for DH. - - Given generator g, and prime number p, this function and sets DH - context accordingly. - - If DhContext is NULL, then return FALSE. - If Prime is NULL, then return FALSE. - - @param[in, out] DhContext Pointer to the DH context. - @param[in] Generator Value of generator. - @param[in] PrimeLength Length in bits of prime to be generated. - @param[in] Prime Pointer to the prime number. - - @retval TRUE DH pamameter setting succeeded. - @retval FALSE Value of Generator is not supported. - @retval FALSE Value of Generator is not suitable for the Prime. - @retval FALSE Value of Prime is not a prime number. - @retval FALSE Value of Prime is not a safe prime number. - -**/ -BOOLEAN -EFIAPI -DhSetParameter ( - IN OUT VOID *DhContext, - IN UINTN Generator, - IN UINTN PrimeLength, - IN CONST UINT8 *Prime - ) -{ - DH *Dh; - BIGNUM *Bn; - - // - // Check input parameters. - // - if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) { - return FALSE; - } - - if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) { - return FALSE; - } - - Bn = NULL; - - Dh = (DH *) DhContext; - Dh->g = NULL; - Dh->p = BN_new (); - if (Dh->p == NULL) { - goto Error; - } - - Dh->g = BN_new (); - if (Dh->g == NULL) { - goto Error; - } - - Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p); - if (Bn == NULL) { - goto Error; - } - - if (BN_set_word (Dh->g, (UINT32) Generator) == 0) { - goto Error; - } - - return TRUE; - -Error: - - if (Dh->p != NULL) { - BN_free (Dh->p); - } - - if (Dh->g != NULL) { - BN_free (Dh->g); - } - - if (Bn != NULL) { - BN_free (Bn); - } - - return FALSE; -} - -/** - Generates DH public key. - - This function generates random secret exponent, and computes the public key, which is - returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly. - If the PublicKey buffer is too small to hold the public key, FALSE is returned and - PublicKeySize is set to the required buffer size to obtain the public key. - - If DhContext is NULL, then return FALSE. - If PublicKeySize is NULL, then return FALSE. - If PublicKeySize is large enough but PublicKey is NULL, then return FALSE. - - @param[in, out] DhContext Pointer to the DH context. - @param[out] PublicKey Pointer to the buffer to receive generated public key. - @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes. - On output, the size of data returned in PublicKey buffer in bytes. - - @retval TRUE DH public key generation succeeded. - @retval FALSE DH public key generation failed. - @retval FALSE PublicKeySize is not large enough. - -**/ -BOOLEAN -EFIAPI -DhGenerateKey ( - IN OUT VOID *DhContext, - OUT UINT8 *PublicKey, - IN OUT UINTN *PublicKeySize - ) -{ - BOOLEAN RetVal; - DH *Dh; - INTN Size; - - // - // Check input parameters. - // - if (DhContext == NULL || PublicKeySize == NULL) { - return FALSE; - } - - if (PublicKey == NULL && *PublicKeySize != 0) { - return FALSE; - } - - Dh = (DH *) DhContext; - - RetVal = (BOOLEAN) DH_generate_key (DhContext); - if (RetVal) { - Size = BN_num_bytes (Dh->pub_key); - if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) { - *PublicKeySize = Size; - return FALSE; - } - - BN_bn2bin (Dh->pub_key, PublicKey); - *PublicKeySize = Size; - } - - return RetVal; -} - -/** - Computes exchanged common key. - - Given peer's public key, this function computes the exchanged common key, based on its own - context including value of prime modulus and random secret exponent. - - If DhContext is NULL, then return FALSE. - If PeerPublicKey is NULL, then return FALSE. - If KeySize is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize is not large enough, then return FALSE. - - @param[in, out] DhContext Pointer to the DH context. - @param[in] PeerPublicKey Pointer to the peer's public key. - @param[in] PeerPublicKeySize Size of peer's public key in bytes. - @param[out] Key Pointer to the buffer to receive generated key. - @param[in, out] KeySize On input, the size of Key buffer in bytes. - On output, the size of data returned in Key buffer in bytes. - - @retval TRUE DH exchanged key generation succeeded. - @retval FALSE DH exchanged key generation failed. - @retval FALSE KeySize is not large enough. - -**/ -BOOLEAN -EFIAPI -DhComputeKey ( - IN OUT VOID *DhContext, - IN CONST UINT8 *PeerPublicKey, - IN UINTN PeerPublicKeySize, - OUT UINT8 *Key, - IN OUT UINTN *KeySize - ) -{ - BIGNUM *Bn; - INTN Size; - - // - // Check input parameters. - // - if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) { - return FALSE; - } - - if (PeerPublicKeySize > INT_MAX) { - return FALSE; - } - - Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL); - if (Bn == NULL) { - return FALSE; - } - - Size = DH_compute_key (Key, Bn, DhContext); - if (Size < 0) { - BN_free (Bn); - return FALSE; - } - - if (*KeySize < (UINTN) Size) { - *KeySize = Size; - BN_free (Bn); - return FALSE; - } - - *KeySize = Size; - BN_free (Bn); - return TRUE; -} diff --git a/Cryptlib/Pk/CryptDhNull.c b/Cryptlib/Pk/CryptDhNull.c new file mode 100644 index 0000000..35045db --- /dev/null +++ b/Cryptlib/Pk/CryptDhNull.c @@ -0,0 +1,156 @@ +/** @file + Diffie-Hellman Wrapper Implementation which does not provide + real capabilities. + +Copyright (c) 2012, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" + +/** + Allocates and Initializes one Diffie-Hellman Context for subsequent use. + + @return Pointer to the Diffie-Hellman Context that has been initialized. + If the interface is not supported, DhNew() returns NULL. + +**/ +VOID * +EFIAPI +DhNew ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified DH context. + + If the interface is not supported, then ASSERT(). + + @param[in] DhContext Pointer to the DH context to be released. + +**/ +VOID +EFIAPI +DhFree ( + IN VOID *DhContext + ) +{ + ASSERT (FALSE); +} + +/** + Generates DH parameter. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] DhContext Pointer to the DH context. + @param[in] Generator Value of generator. + @param[in] PrimeLength Length in bits of prime to be generated. + @param[out] Prime Pointer to the buffer to receive the generated prime number. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DhGenerateParameter ( + IN OUT VOID *DhContext, + IN UINTN Generator, + IN UINTN PrimeLength, + OUT UINT8 *Prime + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Sets generator and prime parameters for DH. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] DhContext Pointer to the DH context. + @param[in] Generator Value of generator. + @param[in] PrimeLength Length in bits of prime to be generated. + @param[in] Prime Pointer to the prime number. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DhSetParameter ( + IN OUT VOID *DhContext, + IN UINTN Generator, + IN UINTN PrimeLength, + IN CONST UINT8 *Prime + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Generates DH public key. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] DhContext Pointer to the DH context. + @param[out] PublicKey Pointer to the buffer to receive generated public key. + @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes. + On output, the size of data returned in PublicKey buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DhGenerateKey ( + IN OUT VOID *DhContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes exchanged common key. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] DhContext Pointer to the DH context. + @param[in] PeerPublicKey Pointer to the peer's public key. + @param[in] PeerPublicKeySize Size of peer's public key in bytes. + @param[out] Key Pointer to the buffer to receive generated key. + @param[in, out] KeySize On input, the size of Key buffer in bytes. + On output, the size of data returned in Key buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DhComputeKey ( + IN OUT VOID *DhContext, + IN CONST UINT8 *PeerPublicKey, + IN UINTN PeerPublicKeySize, + OUT UINT8 *Key, + IN OUT UINTN *KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/Cryptlib/Pk/CryptPkcs7Sign.c b/Cryptlib/Pk/CryptPkcs7Sign.c deleted file mode 100644 index 63fe78f..0000000 --- a/Cryptlib/Pk/CryptPkcs7Sign.c +++ /dev/null @@ -1,207 +0,0 @@ -/** @file - PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL. - -Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "InternalCryptLib.h" - -#include -#include -#include - - -/** - Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message - Syntax Standard, version 1.5". This interface is only intended to be used for - application to perform PKCS#7 functionality validation. - - @param[in] PrivateKey Pointer to the PEM-formatted private key data for - data signing. - @param[in] PrivateKeySize Size of the PEM private key data in bytes. - @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM - key data. - @param[in] InData Pointer to the content to be signed. - @param[in] InDataSize Size of InData in bytes. - @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. - @param[in] OtherCerts Pointer to an optional additional set of certificates to - include in the PKCS#7 signedData (e.g. any intermediate - CAs in the chain). - @param[out] SignedData Pointer to output PKCS#7 signedData. - @param[out] SignedDataSize Size of SignedData in bytes. - - @retval TRUE PKCS#7 data signing succeeded. - @retval FALSE PKCS#7 data signing failed. - -**/ -BOOLEAN -EFIAPI -Pkcs7Sign ( - IN CONST UINT8 *PrivateKey, - IN UINTN PrivateKeySize, - IN CONST UINT8 *KeyPassword, - IN UINT8 *InData, - IN UINTN InDataSize, - IN UINT8 *SignCert, - IN UINT8 *OtherCerts OPTIONAL, - OUT UINT8 **SignedData, - OUT UINTN *SignedDataSize - ) -{ - BOOLEAN Status; - EVP_PKEY *Key; - BIO *DataBio; - PKCS7 *Pkcs7; - UINT8 *RsaContext; - UINT8 *P7Data; - UINTN P7DataSize; - UINT8 *Tmp; - - // - // Check input parameters. - // - if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL || - SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) { - return FALSE; - } - - RsaContext = NULL; - Key = NULL; - Pkcs7 = NULL; - DataBio = NULL; - Status = FALSE; - - // - // Retrieve RSA private key from PEM data. - // - Status = RsaGetPrivateKeyFromPem ( - PrivateKey, - PrivateKeySize, - (CONST CHAR8 *) KeyPassword, - (VOID **) &RsaContext - ); - if (!Status) { - return Status; - } - - Status = FALSE; - - // - // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling - // - if (EVP_add_digest (EVP_md5 ()) == 0) { - goto _Exit; - } - if (EVP_add_digest (EVP_sha1 ()) == 0) { - goto _Exit; - } - if (EVP_add_digest (EVP_sha256 ()) == 0) { - goto _Exit; - } - - RandomSeed (NULL, 0); - - // - // Construct OpenSSL EVP_PKEY for private key. - // - Key = EVP_PKEY_new (); - if (Key == NULL) { - goto _Exit; - } - Key->save_type = EVP_PKEY_RSA; - Key->type = EVP_PKEY_type (EVP_PKEY_RSA); - Key->pkey.rsa = (RSA *) RsaContext; - - // - // Convert the data to be signed to BIO format. - // - DataBio = BIO_new (BIO_s_mem ()); - if (DataBio == NULL) { - goto _Exit; - } - - if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) { - goto _Exit; - } - - // - // Create the PKCS#7 signedData structure. - // - Pkcs7 = PKCS7_sign ( - (X509 *) SignCert, - Key, - (STACK_OF(X509) *) OtherCerts, - DataBio, - PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED - ); - if (Pkcs7 == NULL) { - goto _Exit; - } - - // - // Convert PKCS#7 signedData structure into DER-encoded buffer. - // - P7DataSize = i2d_PKCS7 (Pkcs7, NULL); - if (P7DataSize <= 19) { - goto _Exit; - } - - P7Data = malloc (P7DataSize); - if (P7Data == NULL) { - goto _Exit; - } - - Tmp = P7Data; - P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp); - ASSERT (P7DataSize > 19); - - // - // Strip ContentInfo to content only for signeddata. The data be trimmed off - // is totally 19 bytes. - // - *SignedDataSize = P7DataSize - 19; - *SignedData = malloc (*SignedDataSize); - if (*SignedData == NULL) { - OPENSSL_free (P7Data); - goto _Exit; - } - - CopyMem (*SignedData, P7Data + 19, *SignedDataSize); - - OPENSSL_free (P7Data); - - Status = TRUE; - -_Exit: - // - // Release Resources - // - if (RsaContext != NULL) { - RsaFree (RsaContext); - if (Key != NULL) { - Key->pkey.rsa = NULL; - } - } - - if (Key != NULL) { - EVP_PKEY_free (Key); - } - - if (DataBio != NULL) { - BIO_free (DataBio); - } - - if (Pkcs7 != NULL) { - PKCS7_free (Pkcs7); - } - - return Status; -} diff --git a/Cryptlib/Pk/CryptPkcs7VerifyNull.c b/Cryptlib/Pk/CryptPkcs7VerifyNull.c deleted file mode 100644 index 9a4c77a..0000000 --- a/Cryptlib/Pk/CryptPkcs7VerifyNull.c +++ /dev/null @@ -1,100 +0,0 @@ -/** @file - PKCS#7 SignedData Verification Wrapper Implementation which does not provide - real capabilities. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "InternalCryptLib.h" - -/** - Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: - Cryptographic Message Syntax Standard". The input signed data could be wrapped - in a ContentInfo structure. - - Return FALSE to indicate this interface is not supported. - - @param[in] P7Data Pointer to the PKCS#7 message to verify. - @param[in] P7Length Length of the PKCS#7 message in bytes. - @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. - It's caller's responsiblity to free the buffer. - @param[out] StackLength Length of signer's certificates in bytes. - @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. - It's caller's responsiblity to free the buffer. - @param[out] CertLength Length of the trusted certificate in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Pkcs7GetSigners ( - IN CONST UINT8 *P7Data, - IN UINTN P7Length, - OUT UINT8 **CertStack, - OUT UINTN *StackLength, - OUT UINT8 **TrustedCert, - OUT UINTN *CertLength - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Wrap function to use free() to free allocated memory for certificates. - - If the interface is not supported, then ASSERT(). - - @param[in] Certs Pointer to the certificates to be freed. - -**/ -VOID -EFIAPI -Pkcs7FreeSigners ( - IN UINT8 *Certs - ) -{ - ASSERT (FALSE); -} - -/** - Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: - Cryptographic Message Syntax Standard". The input signed data could be wrapped - in a ContentInfo structure. - - Return FALSE to indicate this interface is not supported. - - @param[in] P7Data Pointer to the PKCS#7 message to verify. - @param[in] P7Length Length of the PKCS#7 message in bytes. - @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which - is used for certificate chain verification. - @param[in] CertLength Length of the trusted certificate in bytes. - @param[in] InData Pointer to the content to be verified. - @param[in] DataLength Length of InData in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Pkcs7Verify ( - IN CONST UINT8 *P7Data, - IN UINTN P7Length, - IN CONST UINT8 *TrustedCert, - IN UINTN CertLength, - IN CONST UINT8 *InData, - IN UINTN DataLength - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/Cryptlib/Pk/CryptRsaExt.c b/Cryptlib/Pk/CryptRsaExt.c deleted file mode 100644 index 5c21d12..0000000 --- a/Cryptlib/Pk/CryptRsaExt.c +++ /dev/null @@ -1,377 +0,0 @@ -/** @file - RSA Asymmetric Cipher Wrapper Implementation over OpenSSL. - - This file implements following APIs which provide more capabilities for RSA: - 1) RsaGetKey - 2) RsaGenerateKey - 3) RsaCheckKey - 4) RsaPkcs1Sign - -Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "InternalCryptLib.h" - -#include -#include -#include - -/** - Gets the tag-designated RSA key component from the established RSA context. - - This function retrieves the tag-designated RSA key component from the - established RSA context as a non-negative integer (octet string format - represented in RSA PKCS#1). - If specified key component has not been set or has been cleared, then returned - BnSize is set to 0. - If the BigNumber buffer is too small to hold the contents of the key, FALSE - is returned and BnSize is set to the required buffer size to obtain the key. - - If RsaContext is NULL, then return FALSE. - If BnSize is NULL, then return FALSE. - If BnSize is large enough but BigNumber is NULL, then return FALSE. - - @param[in, out] RsaContext Pointer to RSA context being set. - @param[in] KeyTag Tag of RSA key component being set. - @param[out] BigNumber Pointer to octet integer buffer. - @param[in, out] BnSize On input, the size of big number buffer in bytes. - On output, the size of data returned in big number buffer in bytes. - - @retval TRUE RSA key component was retrieved successfully. - @retval FALSE Invalid RSA key component tag. - @retval FALSE BnSize is too small. - -**/ -BOOLEAN -EFIAPI -RsaGetKey ( - IN OUT VOID *RsaContext, - IN RSA_KEY_TAG KeyTag, - OUT UINT8 *BigNumber, - IN OUT UINTN *BnSize - ) -{ - RSA *RsaKey; - BIGNUM *BnKey; - UINTN Size; - - // - // Check input parameters. - // - if (RsaContext == NULL || BnSize == NULL) { - return FALSE; - } - - RsaKey = (RSA *) RsaContext; - Size = *BnSize; - *BnSize = 0; - - switch (KeyTag) { - - // - // RSA Public Modulus (N) - // - case RsaKeyN: - if (RsaKey->n == NULL) { - return TRUE; - } - BnKey = RsaKey->n; - break; - - // - // RSA Public Exponent (e) - // - case RsaKeyE: - if (RsaKey->e == NULL) { - return TRUE; - } - BnKey = RsaKey->e; - break; - - // - // RSA Private Exponent (d) - // - case RsaKeyD: - if (RsaKey->d == NULL) { - return TRUE; - } - BnKey = RsaKey->d; - break; - - // - // RSA Secret Prime Factor of Modulus (p) - // - case RsaKeyP: - if (RsaKey->p == NULL) { - return TRUE; - } - BnKey = RsaKey->p; - break; - - // - // RSA Secret Prime Factor of Modules (q) - // - case RsaKeyQ: - if (RsaKey->q == NULL) { - return TRUE; - } - BnKey = RsaKey->q; - break; - - // - // p's CRT Exponent (== d mod (p - 1)) - // - case RsaKeyDp: - if (RsaKey->dmp1 == NULL) { - return TRUE; - } - BnKey = RsaKey->dmp1; - break; - - // - // q's CRT Exponent (== d mod (q - 1)) - // - case RsaKeyDq: - if (RsaKey->dmq1 == NULL) { - return TRUE; - } - BnKey = RsaKey->dmq1; - break; - - // - // The CRT Coefficient (== 1/q mod p) - // - case RsaKeyQInv: - if (RsaKey->iqmp == NULL) { - return TRUE; - } - BnKey = RsaKey->iqmp; - break; - - default: - return FALSE; - } - - *BnSize = Size; - Size = BN_num_bytes (BnKey); - - if (*BnSize < Size) { - *BnSize = Size; - return FALSE; - } - - if (BigNumber == NULL) { - return FALSE; - } - *BnSize = BN_bn2bin (BnKey, BigNumber) ; - - return TRUE; -} - -/** - Generates RSA key components. - - This function generates RSA key components. It takes RSA public exponent E and - length in bits of RSA modulus N as input, and generates all key components. - If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used. - - Before this function can be invoked, pseudorandom number generator must be correctly - initialized by RandomSeed(). - - If RsaContext is NULL, then return FALSE. - - @param[in, out] RsaContext Pointer to RSA context being set. - @param[in] ModulusLength Length of RSA modulus N in bits. - @param[in] PublicExponent Pointer to RSA public exponent. - @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. - - @retval TRUE RSA key component was generated successfully. - @retval FALSE Invalid RSA key component tag. - -**/ -BOOLEAN -EFIAPI -RsaGenerateKey ( - IN OUT VOID *RsaContext, - IN UINTN ModulusLength, - IN CONST UINT8 *PublicExponent, - IN UINTN PublicExponentSize - ) -{ - BIGNUM *KeyE; - BOOLEAN RetVal; - - // - // Check input parameters. - // - if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) { - return FALSE; - } - - KeyE = BN_new (); - if (KeyE == NULL) { - return FALSE; - } - - RetVal = FALSE; - - if (PublicExponent == NULL) { - if (BN_set_word (KeyE, 0x10001) == 0) { - goto _Exit; - } - } else { - if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) { - goto _Exit; - } - } - - if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) { - RetVal = TRUE; - } - -_Exit: - BN_free (KeyE); - return RetVal; -} - -/** - Validates key components of RSA context. - - This function validates key compoents of RSA context in following aspects: - - Whether p is a prime - - Whether q is a prime - - Whether n = p * q - - Whether d*e = 1 mod lcm(p-1,q-1) - - If RsaContext is NULL, then return FALSE. - - @param[in] RsaContext Pointer to RSA context to check. - - @retval TRUE RSA key components are valid. - @retval FALSE RSA key components are not valid. - -**/ -BOOLEAN -EFIAPI -RsaCheckKey ( - IN VOID *RsaContext - ) -{ - UINTN Reason; - - // - // Check input parameters. - // - if (RsaContext == NULL) { - return FALSE; - } - - if (RSA_check_key ((RSA *) RsaContext) != 1) { - Reason = ERR_GET_REASON (ERR_peek_last_error ()); - if (Reason == RSA_R_P_NOT_PRIME || - Reason == RSA_R_Q_NOT_PRIME || - Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q || - Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) { - return FALSE; - } - } - - return TRUE; -} - -/** - Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme. - - This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in - RSA PKCS#1. - If the Signature buffer is too small to hold the contents of signature, FALSE - is returned and SigSize is set to the required buffer size to obtain the signature. - - If RsaContext is NULL, then return FALSE. - If MessageHash is NULL, then return FALSE. - If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. - If SigSize is large enough but Signature is NULL, then return FALSE. - - @param[in] RsaContext Pointer to RSA context for signature generation. - @param[in] MessageHash Pointer to octet message hash to be signed. - @param[in] HashSize Size of the message hash in bytes. - @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature. - @param[in, out] SigSize On input, the size of Signature buffer in bytes. - On output, the size of data returned in Signature buffer in bytes. - - @retval TRUE Signature successfully generated in PKCS1-v1_5. - @retval FALSE Signature generation failed. - @retval FALSE SigSize is too small. - -**/ -BOOLEAN -EFIAPI -RsaPkcs1Sign ( - IN VOID *RsaContext, - IN CONST UINT8 *MessageHash, - IN UINTN HashSize, - OUT UINT8 *Signature, - IN OUT UINTN *SigSize - ) -{ - RSA *Rsa; - UINTN Size; - INT32 DigestType; - - // - // Check input parameters. - // - if (RsaContext == NULL || MessageHash == NULL) { - return FALSE; - } - - Rsa = (RSA *) RsaContext; - Size = BN_num_bytes (Rsa->n); - - if (*SigSize < Size) { - *SigSize = Size; - return FALSE; - } - - if (Signature == NULL) { - return FALSE; - } - - // - // Determine the message digest algorithm according to digest size. - // Only MD5, SHA-1 or SHA-256 algorithm is supported. - // - switch (HashSize) { - case MD5_DIGEST_SIZE: - DigestType = NID_md5; - break; - - case SHA1_DIGEST_SIZE: - DigestType = NID_sha1; - break; - - case SHA256_DIGEST_SIZE: - DigestType = NID_sha256; - break; - - default: - return FALSE; - } - - return (BOOLEAN) RSA_sign ( - DigestType, - MessageHash, - (UINT32) HashSize, - Signature, - (UINT32 *) SigSize, - (RSA *) RsaContext - ); -} diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh index 57b6631..0e34db9 100755 --- a/Cryptlib/update.sh +++ b/Cryptlib/update.sh @@ -14,13 +14,10 @@ cp $DIR/Cipher/CryptTdes.c Cipher/CryptTdes.c cp $DIR/Cipher/CryptArc4.c Cipher/CryptArc4.c cp $DIR/Rand/CryptRand.c Rand/CryptRand.c cp $DIR/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c -cp $DIR/Pk/CryptRsaExt.c Pk/CryptRsaExt.c cp $DIR/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c -cp $DIR/Pk/CryptPkcs7Sign.c Pk/CryptPkcs7Sign.c cp $DIR/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c cp $DIR/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c -cp $DIR/Pk/CryptPkcs7VerifyNull.c Pk/CryptPkcs7VerifyNull.c -cp $DIR/Pk/CryptDh.c Pk/CryptDh.c +cp $DIR/Pk/CryptDhNull.c Pk/CryptDhNull.c cp $DIR/Pk/CryptX509.c Pk/CryptX509.c cp $DIR/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c cp $DIR/Pem/CryptPem.c Pem/CryptPem.c From 597dd8393bf0ce193cb012dd928bca0a2529ba69 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 2 Oct 2014 01:01:46 -0400 Subject: [PATCH 69/75] Another testplan error. Signed-off-by: Peter Jones --- testplan.txt | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/testplan.txt b/testplan.txt index ab88781..0b0569e 100644 --- a/testplan.txt +++ b/testplan.txt @@ -47,27 +47,25 @@ How to test a new shim build for RHEL/fedora: fs0:\EFI\test\lockdown.efi 17) enable secure boot verification 18) verify it can't run other binaries: - fs0:\EFI\redhat\grubx64.efi + fs0:\EFI\test\grubx64.efi result should be an error, probably similar to: "fs0:\...\grubx64.efi is not recognized as an internal or external command" -19) copy test.efi to grubx64.efi: - cp \EFI\test\test.efi \EFI\test\grubx64.efi -20) in the EFI shell, run fs0:\EFI\test\shim.efi -21) you should see MokManager. Enroll the certificate you added in #13, and +19) in the EFI shell, run fs0:\EFI\test\shim.efi +20) you should see MokManager. Enroll the certificate you added in #13, and the system will reboot. -22) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi +21) reboot to the UEFI shell and run fs0:\EFI\test\shim.efi result: "This is a test application that should be completely safe." If you get the expected result, shim can run things signed by its internal key ring. Check a box someplace that says it can do that. -23) from the EFI shell, copy grub to grubx64.efi: +22) from the EFI shell, copy grub to grubx64.efi: cp \EFI\test\grub.efi \EFI\test\grubx64.efi -24) in the EFI shell, run fs0:\EFI\test\shim.efi +23) in the EFI shell, run fs0:\EFI\test\shim.efi result: this should start grub, which will let you boot a kernel If grub starts, it means shim can run things signed by a key in the system's db. Check a box someplace that says it can do that. If the kernel boots, it means shim can run things from Mok. Check a box someplace that says it can do that. -25) remove all boot entries and the BootOrder variable: +24) remove all boot entries and the BootOrder variable: [root@uefi ~]# cd /sys/firmware/efi/efivars/ [root@uefi efivars]# rm -vf Boot[0123456789]* BootOrder-* removed ‘Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c’ @@ -76,14 +74,14 @@ How to test a new shim build for RHEL/fedora: removed ‘Boot2001-8be4df61-93ca-11d2-aa0d-00e098032b8c’ removed ‘BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c’ [root@uefi efivars]# -27) reboot -28) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just +25) reboot +26) the system should run \EFI\BOOT\BOOTX64.EFI . If it doesn't, you may just have an old machine. In that case, go to the EFI shell and run: fs0:\EFI\BOOT\BOOTX64.EFI If this works, you should see a bit of output very quickly and then the same thing as #24. This means shim recognized it was in \EFI\BOOT and ran fallback.efi, which worked. -29) copy the unsigned grub into place and reboot: +27) copy the unsigned grub into place and reboot: cp /boot/efi/EFI/test/grubx64-unsigned.efi /boot/efi/EFI/test/grubx64.efi -30) reboot again. +28) reboot again. result: shim should refuse to load grub. From f6bff34f51cc0ed024ba5262e36a141cd220d4d4 Mon Sep 17 00:00:00 2001 From: Sebastian Krahmer Date: Thu, 2 Oct 2014 01:01:54 -0400 Subject: [PATCH 70/75] shim buffer overflow on ipv6 option parsing --- netboot.c | 102 +++++++++++++++++++++++++++++++++--------------------- 1 file changed, 62 insertions(+), 40 deletions(-) diff --git a/netboot.c b/netboot.c index 238937d..f884cba 100644 --- a/netboot.c +++ b/netboot.c @@ -108,29 +108,34 @@ BOOLEAN findNetboot(EFI_HANDLE device) static CHAR8 *get_v6_bootfile_url(EFI_PXE_BASE_CODE_DHCPV6_PACKET *pkt) { - void *optr; - EFI_DHCP6_PACKET_OPTION *option; - CHAR8 *url; - UINT32 urllen; + void *optr = NULL, *end = NULL; + EFI_DHCP6_PACKET_OPTION *option = NULL; + CHAR8 *url = NULL; + UINT32 urllen = 0; optr = pkt->DhcpOptions; + end = optr + sizeof(pkt->DhcpOptions); - for(;;) { + for (;;) { option = (EFI_DHCP6_PACKET_OPTION *)optr; if (ntohs(option->OpCode) == 0) - return NULL; + break; if (ntohs(option->OpCode) == 59) { /* This is the bootfile url option */ urllen = ntohs(option->Length); - url = AllocateZeroPool(urllen+1); + if ((void *)(option->Data + urllen) > end) + break; + url = AllocateZeroPool(urllen + 1); if (!url) - return NULL; + break; memcpy(url, option->Data, urllen); return url; } optr += 4 + ntohs(option->Length); + if (optr + sizeof(EFI_DHCP6_PACKET_OPTION) > end) + break; } return NULL; @@ -156,45 +161,60 @@ static CHAR16 str2ns(CHAR8 *str) static CHAR8 *str2ip6(CHAR8 *str) { - UINT8 i, j, p; - size_t len; - CHAR8 *a, *b, t; - static UINT16 ip[8]; + UINT8 i = 0, j = 0, p = 0; + size_t len = 0, dotcount = 0; + enum { MAX_IP6_DOTS = 7 }; + CHAR8 *a = NULL, *b = NULL, t = 0; + static UINT16 ip[8]; - for(i=0; i < 8; i++) { - ip[i] = 0; - } - len = strlen(str); - a = b = str; - for(i=p=0; i < len; i++, b++) { - if (*b != ':') - continue; - *b = '\0'; - ip[p++] = str2ns(a); - *b = ':'; - a = b + 1; - if ( *(b+1) == ':' ) - break; - } - a = b = (str + len); - for(j=len, p=7; j > i; j--, a--) { - if (*a != ':') - continue; - t = *b; - *b = '\0'; - ip[p--] = str2ns(a+1); - *b = t; - b = a; - } - return (CHAR8 *)ip; + memset(ip, 0, sizeof(ip)); + + /* Count amount of ':' to prevent overflows. + * max. count = 7. Returns an invalid ip6 that + * can be checked against + */ + for (a = str; *a != 0; ++a) { + if (*a == ':') + ++dotcount; + } + if (dotcount > MAX_IP6_DOTS) + return (CHAR8 *)ip; + + len = strlen(str); + a = b = str; + for (i = p = 0; i < len; i++, b++) { + if (*b != ':') + continue; + *b = '\0'; + ip[p++] = str2ns(a); + *b = ':'; + a = b + 1; + if (b[1] == ':' ) + break; + } + a = b = (str + len); + for (j = len, p = 7; j > i; j--, a--) { + if (*a != ':') + continue; + t = *b; + *b = '\0'; + ip[p--] = str2ns(a+1); + *b = t; + b = a; + } + return (CHAR8 *)ip; } static BOOLEAN extract_tftp_info(CHAR8 *url) { CHAR8 *start, *end; CHAR8 ip6str[40]; + CHAR8 ip6inv[16]; CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR); + // to check against str2ip6() errors + memset(ip6inv, 0, sizeof(ip6inv)); + if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) { Print(L"URLS MUST START WITH tftp://\n"); return FALSE; @@ -209,7 +229,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url) end = start; while ((*end != '\0') && (*end != ']')) { end++; - if (end - start > 39) { + if (end - start >= (int)sizeof(ip6str)) { Print(L"TFTP URL includes malformed IPv6 address\n"); return FALSE; } @@ -218,10 +238,12 @@ static BOOLEAN extract_tftp_info(CHAR8 *url) Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n"); return FALSE; } - memset(ip6str, 0, 40); + memset(ip6str, 0, sizeof(ip6str)); memcpy(ip6str, start, end - start); end++; memcpy(&tftp_addr.v6, str2ip6(ip6str), 16); + if (memcmp(&tftp_addr.v6, ip6inv, sizeof(ip6inv)) == 0) + return FALSE; full_path = AllocateZeroPool(strlen(end)+strlen(template)+1); if (!full_path) return FALSE; From 0dbc0e7f427c77aa12a58810c3f30f59e203bd5a Mon Sep 17 00:00:00 2001 From: Sebastian Krahmer Date: Thu, 2 Oct 2014 01:01:54 -0400 Subject: [PATCH 71/75] OOB access when parsing MOK List/Certificates on MOK enrollment --- MokManager.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/MokManager.c b/MokManager.c index ecbcdd3..4a9b102 100644 --- a/MokManager.c +++ b/MokManager.c @@ -100,8 +100,18 @@ static UINT32 count_keys(void *Data, UINTN DataSize) EFI_GUID HashType = EFI_CERT_SHA256_GUID; UINTN dbsize = DataSize; UINT32 MokNum = 0; + void *end = Data + DataSize; while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { + + /* Use ptr arithmetics to ensure bounded access. Do not allow 0 + * SignatureListSize that will cause endless loop. + */ + if ((void *)(CertList + 1) > end || CertList->SignatureListSize == 0) { + console_notify(L"Invalid MOK detected! Ignoring MOK List."); + return 0; + } + if ((CompareGuid (&CertList->SignatureType, &CertType) != 0) && (CompareGuid (&CertList->SignatureType, &HashType) != 0)) { console_notify(L"Doesn't look like a key or hash"); @@ -137,6 +147,7 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { EFI_GUID HashType = EFI_CERT_SHA256_GUID; UINTN dbsize = DataSize; UINTN count = 0; + void *end = Data + DataSize; list = AllocatePool(sizeof(MokListNode) * num); @@ -146,6 +157,11 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { } while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { + /* CertList out of bounds? */ + if ((void *)(CertList + 1) > end || CertList->SignatureListSize == 0) { + FreePool(list); + return NULL; + } if ((CompareGuid (&CertList->SignatureType, &CertType) != 0) && (CompareGuid (&CertList->SignatureType, &HashType) != 0)) { dbsize -= CertList->SignatureListSize; @@ -165,10 +181,22 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { Cert = (EFI_SIGNATURE_DATA *) (((UINT8 *) CertList) + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + /* Cert out of bounds? */ + if ((void *)(Cert + 1) > end || CertList->SignatureSize <= sizeof(EFI_GUID)) { + FreePool(list); + return NULL; + } + list[count].MokSize = CertList->SignatureSize - sizeof(EFI_GUID); list[count].Mok = (void *)Cert->SignatureData; list[count].Type = CertList->SignatureType; + /* MOK out of bounds? */ + if (list[count].MokSize > end - (void *)list[count].Mok) { + FreePool(list); + return NULL; + } + count++; dbsize -= CertList->SignatureListSize; CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + @@ -449,6 +477,8 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) } MokNum = count_keys(KeyList, KeyListSize); + if (MokNum == 0) + return 0; keys = build_mok_list(MokNum, KeyList, KeyListSize); if (!keys) { From a6dfd3e426540b0eafc85f2e6bb3768fe190d3f2 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 2 Oct 2014 01:01:54 -0400 Subject: [PATCH 72/75] Make another integer compare be signed/unsigned safe as well. Signed-off-by: Peter Jones --- MokManager.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/MokManager.c b/MokManager.c index 4a9b102..ee29051 100644 --- a/MokManager.c +++ b/MokManager.c @@ -192,7 +192,8 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { list[count].Type = CertList->SignatureType; /* MOK out of bounds? */ - if (list[count].MokSize > end - (void *)list[count].Mok) { + if (list[count].MokSize > (unsigned long)end - + (unsigned long)list[count].Mok) { FreePool(list); return NULL; } From 7d953d6722ee9d2d1e21104bae41d60629332140 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 2 Oct 2014 01:01:54 -0400 Subject: [PATCH 73/75] Use -Werror=sign-compare . I'm going to have to fix any errors that have this anyway, so may as well do it here properly. Signed-off-by: Peter Jones --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 5bc513c..694480b 100644 --- a/Makefile +++ b/Makefile @@ -21,6 +21,7 @@ EFI_LDS = elf_$(ARCH)_efi.lds DEFAULT_LOADER := \\\\grub.efi CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ + -Werror=sign-compare \ "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ $(EFI_INCLUDES) From 159609ee4eab766673606f5a4e122c78dea390b3 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 2 Oct 2014 01:01:54 -0400 Subject: [PATCH 74/75] Correctly reject bad tftp addresses earlier, rather than later. This check is for end == NULL but was meant to be *end == '\0'. Without this change, we'll pass a plausibly bad address (i.e. one with no ']' at the end) to Mtftp(... READ_FILE ...), which should fail correctly, but our error messaging will be inconsistent. Signed-off-by: Peter Jones --- netboot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netboot.c b/netboot.c index f884cba..ad5d37e 100644 --- a/netboot.c +++ b/netboot.c @@ -234,7 +234,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url) return FALSE; } } - if (end == '\0') { + if (*end == '\0') { Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n"); return FALSE; } From 7361f67dbd7f7fe98a807d3d12f90a87262124d6 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 13 Oct 2014 16:41:51 -0400 Subject: [PATCH 75/75] Bump version to 0.8 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 694480b..332a29b 100644 --- a/Makefile +++ b/Makefile @@ -55,7 +55,7 @@ endif LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) -VERSION = 0.7 +VERSION = 0.8 TARGET = shim.efi MokManager.efi.signed fallback.efi.signed OBJS = shim.o netboot.o cert.o replacements.o version.o