proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-07-27 17:43:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Reapplying all patches

Browse Source
This commit is contained in:
Mathieu Trudel-Lapierre 2015-05-10 10:03:20 -04:00
parent 37358ddb1c
commit 86a08c30b4
23 changed files with 2791 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.pc/.quilt_patches Normal file
View File

@ -0,0 +1 @@
debian/patches

1
.pc/.quilt_series Normal file
View File

@ -0,0 +1 @@
series

3
.pc/applied-patches Normal file
View File

@ -0,0 +1,3 @@
prototypes
second-stage-path
sbsigntool-not-pesign

0
.pc/prototypes/.timestamp Normal file
View File

0
.pc/prototypes/Cryptlib/Library/BaseMemoryLib.h Normal file
View File

747
.pc/prototypes/Cryptlib/OpenSSL/crypto/conf/conf_def.c Normal file
View File

@ -0,0 +1,747 @@
/* crypto/conf/conf.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* Part of the code in here was originally in conf.c, which is now removed */
#include <stdio.h>
#include <string.h>
#include "cryptlib.h"
#include <openssl/stack.h>
#include <openssl/lhash.h>
#include <openssl/conf.h>
#include <openssl/conf_api.h>
#include "conf_def.h"
#include <openssl/buffer.h>
#include <openssl/err.h>
static char *eat_ws(CONF *conf, char *p);
static char *eat_alpha_numeric(CONF *conf, char *p);
static void clear_comments(CONF *conf, char *p);
static int str_copy(CONF *conf,char *section,char **to, char *from);
static char *scan_quote(CONF *conf, char *p);
static char *scan_dquote(CONF *conf, char *p);
#define scan_esc(conf,p) (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
static CONF *def_create(CONF_METHOD *meth);
static int def_init_default(CONF *conf);
static int def_init_WIN32(CONF *conf);
static int def_destroy(CONF *conf);
static int def_destroy_data(CONF *conf);
static int def_load(CONF *conf, const char *name, long *eline);
static int def_load_bio(CONF *conf, BIO *bp, long *eline);
static int def_dump(const CONF *conf, BIO *bp);
static int def_is_number(const CONF *conf, char c);
static int def_to_int(const CONF *conf, char c);
const char CONF_def_version[]="CONF_def" OPENSSL_VERSION_PTEXT;
static CONF_METHOD default_method = {
"OpenSSL default",
def_create,
def_init_default,
def_destroy,
def_destroy_data,
def_load_bio,
def_dump,
def_is_number,
def_to_int,
def_load
};
static CONF_METHOD WIN32_method = {
"WIN32",
def_create,
def_init_WIN32,
def_destroy,
def_destroy_data,
def_load_bio,
def_dump,
def_is_number,
def_to_int,
def_load
};
CONF_METHOD *NCONF_default()
{
return &default_method;
}
CONF_METHOD *NCONF_WIN32()
{
return &WIN32_method;
}
static CONF *def_create(CONF_METHOD *meth)
{
CONF *ret;
ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
if (ret)
if (meth->init(ret) == 0)
{
OPENSSL_free(ret);
ret = NULL;
}
return ret;
}
static int def_init_default(CONF *conf)
{
if (conf == NULL)
return 0;
conf->meth = &default_method;
conf->meth_data = (void *)CONF_type_default;
conf->data = NULL;
return 1;
}
static int def_init_WIN32(CONF *conf)
{
if (conf == NULL)
return 0;
conf->meth = &WIN32_method;
conf->meth_data = (void *)CONF_type_win32;
conf->data = NULL;
return 1;
}
static int def_destroy(CONF *conf)
{
if (def_destroy_data(conf))
{
OPENSSL_free(conf);
return 1;
}
return 0;
}
static int def_destroy_data(CONF *conf)
{
if (conf == NULL)
return 0;
_CONF_free_data(conf);
return 1;
}
static int def_load(CONF *conf, const char *name, long *line)
{
int ret;
BIO *in=NULL;
#ifdef OPENSSL_SYS_VMS
in=BIO_new_file(name, "r");
#else
in=BIO_new_file(name, "rb");
#endif
if (in == NULL)
{
if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
CONFerr(CONF_F_DEF_LOAD,CONF_R_NO_SUCH_FILE);
else
CONFerr(CONF_F_DEF_LOAD,ERR_R_SYS_LIB);
return 0;
}
ret = def_load_bio(conf, in, line);
BIO_free(in);
return ret;
}
static int def_load_bio(CONF *conf, BIO *in, long *line)
{
/* The macro BUFSIZE conflicts with a system macro in VxWorks */
#define CONFBUFSIZE 512
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
int again;
long eline=0;
char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf;
/* STACK_OF(CONF_VALUE) *section_sk=NULL;*/
/* STACK_OF(CONF_VALUE) *ts=NULL;*/
char *start,*psection,*pname;
void *h = (void *)(conf->data);
if ((buff=BUF_MEM_new()) == NULL)
{
CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);
goto err;
}
section=(char *)OPENSSL_malloc(10);
if (section == NULL)
{
CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
BUF_strlcpy(section,"default",10);
if (_CONF_new_data(conf) == 0)
{
CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
sv=_CONF_new_section(conf,section);
if (sv == NULL)
{
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
bufnum=0;
again=0;
for (;;)
{
if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE))
{
CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);
goto err;
}
p= &(buff->data[bufnum]);
*p='\0';
BIO_gets(in, p, CONFBUFSIZE-1);
p[CONFBUFSIZE-1]='\0';
ii=i=strlen(p);
if (i == 0 && !again) break;
again=0;
while (i > 0)
{
if ((p[i-1] != '\r') && (p[i-1] != '\n'))
break;
else
i--;
}
/* we removed some trailing stuff so there is a new
* line on the end. */
if (ii && i == ii)
again=1; /* long line */
else
{
p[i]='\0';
eline++; /* another input line */
}
/* we now have a line with trailing \r\n removed */
/* i is the number of bytes */
bufnum+=i;
v=NULL;
/* check for line continuation */
if (bufnum >= 1)
{
/* If we have bytes and the last char '\\' and
* second last char is not '\\' */
p= &(buff->data[bufnum-1]);
if (IS_ESC(conf,p[0]) &&
((bufnum <= 1) || !IS_ESC(conf,p[-1])))
{
bufnum--;
again=1;
}
}
if (again) continue;
bufnum=0;
buf=buff->data;
clear_comments(conf, buf);
s=eat_ws(conf, buf);
if (IS_EOF(conf,*s)) continue; /* blank line */
if (*s == '[')
{
char *ss;
s++;
start=eat_ws(conf, s);
ss=start;
again:
end=eat_alpha_numeric(conf, ss);
p=eat_ws(conf, end);
if (*p != ']')
{
if (*p != '\0' && ss != p)
{
ss=p;
goto again;
}
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
goto err;
}
*end='\0';
if (!str_copy(conf,NULL,&section,start)) goto err;
if ((sv=_CONF_get_section(conf,section)) == NULL)
sv=_CONF_new_section(conf,section);
if (sv == NULL)
{
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
continue;
}
else
{
pname=s;
psection=NULL;
end=eat_alpha_numeric(conf, s);
if ((end[0] == ':') && (end[1] == ':'))
{
*end='\0';
end+=2;
psection=pname;
pname=end;
end=eat_alpha_numeric(conf, end);
}
p=eat_ws(conf, end);
if (*p != '=')
{
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_MISSING_EQUAL_SIGN);
goto err;
}
*end='\0';
p++;
start=eat_ws(conf, p);
while (!IS_EOF(conf,*p))
p++;
p--;
while ((p != start) && (IS_WS(conf,*p)))
p--;
p++;
*p='\0';
if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))))
{
CONFerr(CONF_F_DEF_LOAD_BIO,
ERR_R_MALLOC_FAILURE);
goto err;
}
if (psection == NULL) psection=section;
v->name=(char *)OPENSSL_malloc(strlen(pname)+1);
v->value=NULL;
if (v->name == NULL)
{
CONFerr(CONF_F_DEF_LOAD_BIO,
ERR_R_MALLOC_FAILURE);
goto err;
}
BUF_strlcpy(v->name,pname,strlen(pname)+1);
if (!str_copy(conf,psection,&(v->value),start)) goto err;
if (strcmp(psection,section) != 0)
{
if ((tv=_CONF_get_section(conf,psection))
== NULL)
tv=_CONF_new_section(conf,psection);
if (tv == NULL)
{
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
/* ts=(STACK_OF(CONF_VALUE) *)tv->value;*/
}
else
{
tv=sv;
/* ts=section_sk;*/
}
#if 1
if (_CONF_add_string(conf, tv, v) == 0)
{
CONFerr(CONF_F_DEF_LOAD_BIO,
ERR_R_MALLOC_FAILURE);
goto err;
}
#else
v->section=tv->section;
if (!sk_CONF_VALUE_push(ts,v))
{
CONFerr(CONF_F_DEF_LOAD_BIO,
ERR_R_MALLOC_FAILURE);
goto err;
}
vv=(CONF_VALUE *)lh_insert(conf->data,v);
if (vv != NULL)
{
sk_CONF_VALUE_delete_ptr(ts,vv);
OPENSSL_free(vv->name);
OPENSSL_free(vv->value);
OPENSSL_free(vv);
}
#endif
v=NULL;
}
}
if (buff != NULL) BUF_MEM_free(buff);
if (section != NULL) OPENSSL_free(section);
return(1);
err:
if (buff != NULL) BUF_MEM_free(buff);
if (section != NULL) OPENSSL_free(section);
if (line != NULL) *line=eline;
BIO_snprintf(btmp,sizeof btmp,"%ld",eline);
ERR_add_error_data(2,"line ",btmp);
if ((h != conf->data) && (conf->data != NULL))
{
CONF_free(conf->data);
conf->data=NULL;
}
if (v != NULL)
{
if (v->name != NULL) OPENSSL_free(v->name);
if (v->value != NULL) OPENSSL_free(v->value);
if (v != NULL) OPENSSL_free(v);
}
return(0);
}
static void clear_comments(CONF *conf, char *p)
{
for (;;)
{
if (IS_FCOMMENT(conf,*p))
{
*p='\0';
return;
}
if (!IS_WS(conf,*p))
{
break;
}
p++;
}
for (;;)
{
if (IS_COMMENT(conf,*p))
{
*p='\0';
return;
}
if (IS_DQUOTE(conf,*p))
{
p=scan_dquote(conf, p);
continue;
}
if (IS_QUOTE(conf,*p))
{
p=scan_quote(conf, p);
continue;
}
if (IS_ESC(conf,*p))
{
p=scan_esc(conf,p);
continue;
}
if (IS_EOF(conf,*p))
return;
else
p++;
}
}
static int str_copy(CONF *conf, char *section, char **pto, char *from)
{
int q,r,rr=0,to=0,len=0;
char *s,*e,*rp,*p,*rrp,*np,*cp,v;
BUF_MEM *buf;
if ((buf=BUF_MEM_new()) == NULL) return(0);
len=strlen(from)+1;
if (!BUF_MEM_grow(buf,len)) goto err;
for (;;)
{
if (IS_QUOTE(conf,*from))
{
q= *from;
from++;
while (!IS_EOF(conf,*from) && (*from != q))
{
if (IS_ESC(conf,*from))
{
from++;
if (IS_EOF(conf,*from)) break;
}
buf->data[to++]= *(from++);
}
if (*from == q) from++;
}
else if (IS_DQUOTE(conf,*from))
{
q= *from;
from++;
while (!IS_EOF(conf,*from))
{
if (*from == q)
{
if (*(from+1) == q)
{
from++;
}
else
{
break;
}
}
buf->data[to++]= *(from++);
}
if (*from == q) from++;
}
else if (IS_ESC(conf,*from))
{
from++;
v= *(from++);
if (IS_EOF(conf,v)) break;
else if (v == 'r') v='\r';
else if (v == 'n') v='\n';
else if (v == 'b') v='\b';
else if (v == 't') v='\t';
buf->data[to++]= v;
}
else if (IS_EOF(conf,*from))
break;
else if (*from == '$')
{
/* try to expand it */
rrp=NULL;
s= &(from[1]);
if (*s == '{')
q='}';
else if (*s == '(')
q=')';
else q=0;
if (q) s++;
cp=section;
e=np=s;
while (IS_ALPHA_NUMERIC(conf,*e))
e++;
if ((e[0] == ':') && (e[1] == ':'))
{
cp=np;
rrp=e;
rr= *e;
*rrp='\0';
e+=2;
np=e;
while (IS_ALPHA_NUMERIC(conf,*e))
e++;
}
r= *e;
*e='\0';
rp=e;
if (q)
{
if (r != q)
{
CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);
goto err;
}
e++;
}
/* So at this point we have
* np which is the start of the name string which is
* '\0' terminated.
* cp which is the start of the section string which is
* '\0' terminated.
* e is the 'next point after'.
* r and rr are the chars replaced by the '\0'
* rp and rrp is where 'r' and 'rr' came from.
*/
p=_CONF_get_string(conf,cp,np);
if (rrp != NULL) *rrp=rr;
*rp=r;
if (p == NULL)
{
CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
goto err;
}
BUF_MEM_grow_clean(buf,(strlen(p)+buf->length-(e-from)));
while (*p)
buf->data[to++]= *(p++);
/* Since we change the pointer 'from', we also have
to change the perceived length of the string it
points at. /RL */
len -= e-from;
from=e;
/* In case there were no braces or parenthesis around
the variable reference, we have to put back the
character that was replaced with a '\0'. /RL */
*rp = r;
}
else
buf->data[to++]= *(from++);
}
buf->data[to]='\0';
if (*pto != NULL) OPENSSL_free(*pto);
*pto=buf->data;
OPENSSL_free(buf);
return(1);
err:
if (buf != NULL) BUF_MEM_free(buf);
return(0);
}
static char *eat_ws(CONF *conf, char *p)
{
while (IS_WS(conf,*p) && (!IS_EOF(conf,*p)))
p++;
return(p);
}
static char *eat_alpha_numeric(CONF *conf, char *p)
{
for (;;)
{
if (IS_ESC(conf,*p))
{
p=scan_esc(conf,p);
continue;
}
if (!IS_ALPHA_NUMERIC_PUNCT(conf,*p))
return(p);
p++;
}
}
static char *scan_quote(CONF *conf, char *p)
{
int q= *p;
p++;
while (!(IS_EOF(conf,*p)) && (*p != q))
{
if (IS_ESC(conf,*p))
{
p++;
if (IS_EOF(conf,*p)) return(p);
}
p++;
}
if (*p == q) p++;
return(p);
}
static char *scan_dquote(CONF *conf, char *p)
{
int q= *p;
p++;
while (!(IS_EOF(conf,*p)))
{
if (*p == q)
{
if (*(p+1) == q)
{
p++;
}
else
{
break;
}
}
p++;
}
if (*p == q) p++;
return(p);
}
static void dump_value(CONF_VALUE *a, BIO *out)
{
if (a->name)
BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
else
BIO_printf(out, "[[%s]]\n", a->section);
}
static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *)
static int def_dump(const CONF *conf, BIO *out)
{
lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out);
return 1;
}
static int def_is_number(const CONF *conf, char c)
{
return IS_NUMBER(conf,c);
}
static int def_to_int(const CONF *conf, char c)
{
return c - '0';
}

401
.pc/prototypes/Cryptlib/OpenSSL/crypto/conf/conf_lib.c Normal file
View File

@ -0,0 +1,401 @@
/* conf_lib.c */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/conf.h>
#include <openssl/conf_api.h>
#include <openssl/lhash.h>
const char CONF_version[]="CONF" OPENSSL_VERSION_PTEXT;
static CONF_METHOD *default_CONF_method=NULL;
/* Init a 'CONF' structure from an old LHASH */
void CONF_set_nconf(CONF *conf, LHASH *hash)
{
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(conf);
conf->data = hash;
}
/* The following section contains the "CONF classic" functions,
rewritten in terms of the new CONF interface. */
int CONF_set_default_method(CONF_METHOD *meth)
{
default_CONF_method = meth;
return 1;
}
LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
{
LHASH *ltmp;
BIO *in=NULL;
#ifdef OPENSSL_SYS_VMS
in=BIO_new_file(file, "r");
#else
in=BIO_new_file(file, "rb");
#endif
if (in == NULL)
{
CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
return NULL;
}
ltmp = CONF_load_bio(conf, in, eline);
BIO_free(in);
return ltmp;
}
#ifndef OPENSSL_NO_FP_API
LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline)
{
BIO *btmp;
LHASH *ltmp;
if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
return NULL;
}
ltmp = CONF_load_bio(conf, btmp, eline);
BIO_free(btmp);
return ltmp;
}
#endif
LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
{
CONF ctmp;
int ret;
CONF_set_nconf(&ctmp, conf);
ret = NCONF_load_bio(&ctmp, bp, eline);
if (ret)
return ctmp.data;
return NULL;
}
STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section)
{
if (conf == NULL)
{
return NULL;
}
else
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
return NCONF_get_section(&ctmp, section);
}
}
char *CONF_get_string(LHASH *conf,const char *group,const char *name)
{
if (conf == NULL)
{
return NCONF_get_string(NULL, group, name);
}
else
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
return NCONF_get_string(&ctmp, group, name);
}
}
long CONF_get_number(LHASH *conf,const char *group,const char *name)
{
int status;
long result = 0;
if (conf == NULL)
{
status = NCONF_get_number_e(NULL, group, name, &result);
}
else
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
status = NCONF_get_number_e(&ctmp, group, name, &result);
}
if (status == 0)
{
/* This function does not believe in errors... */
ERR_clear_error();
}
return result;
}
void CONF_free(LHASH *conf)
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
NCONF_free_data(&ctmp);
}
#ifndef OPENSSL_NO_FP_API
int CONF_dump_fp(LHASH *conf, FILE *out)
{
BIO *btmp;
int ret;
if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
CONFerr(CONF_F_CONF_DUMP_FP,ERR_R_BUF_LIB);
return 0;
}
ret = CONF_dump_bio(conf, btmp);
BIO_free(btmp);
return ret;
}
#endif
int CONF_dump_bio(LHASH *conf, BIO *out)
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
return NCONF_dump_bio(&ctmp, out);
}
/* The following section contains the "New CONF" functions. They are
completely centralised around a new CONF structure that may contain
basically anything, but at least a method pointer and a table of data.
These functions are also written in terms of the bridge functions used
by the "CONF classic" functions, for consistency. */
CONF *NCONF_new(CONF_METHOD *meth)
{
CONF *ret;
if (meth == NULL)
meth = NCONF_default();
ret = meth->create(meth);
if (ret == NULL)
{
CONFerr(CONF_F_NCONF_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
return ret;
}
void NCONF_free(CONF *conf)
{
if (conf == NULL)
return;
conf->meth->destroy(conf);
}
void NCONF_free_data(CONF *conf)
{
if (conf == NULL)
return;
conf->meth->destroy_data(conf);
}
int NCONF_load(CONF *conf, const char *file, long *eline)
{
if (conf == NULL)
{
CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF);
return 0;
}
return conf->meth->load(conf, file, eline);
}
#ifndef OPENSSL_NO_FP_API
int NCONF_load_fp(CONF *conf, FILE *fp,long *eline)
{
BIO *btmp;
int ret;
if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE)))
{
CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB);
return 0;
}
ret = NCONF_load_bio(conf, btmp, eline);
BIO_free(btmp);
return ret;
}
#endif
int NCONF_load_bio(CONF *conf, BIO *bp,long *eline)
{
if (conf == NULL)
{
CONFerr(CONF_F_NCONF_LOAD_BIO,CONF_R_NO_CONF);
return 0;
}
return conf->meth->load_bio(conf, bp, eline);
}
STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section)
{
if (conf == NULL)
{
CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_CONF);
return NULL;
}
if (section == NULL)
{
CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);
return NULL;
}
return _CONF_get_section_values(conf, section);
}
char *NCONF_get_string(const CONF *conf,const char *group,const char *name)
{
char *s = _CONF_get_string(conf, group, name);
/* Since we may get a value from an environment variable even
if conf is NULL, let's check the value first */
if (s) return s;
if (conf == NULL)
{
CONFerr(CONF_F_NCONF_GET_STRING,
CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
return NULL;
}
CONFerr(CONF_F_NCONF_GET_STRING,
CONF_R_NO_VALUE);
ERR_add_error_data(4,"group=",group," name=",name);
return NULL;
}
int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
long *result)
{
char *str;
if (result == NULL)
{
CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
str = NCONF_get_string(conf,group,name);
if (str == NULL)
return 0;
for (*result = 0;conf->meth->is_number(conf, *str);)
{
*result = (*result)*10 + conf->meth->to_int(conf, *str);
str++;
}
return 1;
}
#ifndef OPENSSL_NO_FP_API
int NCONF_dump_fp(const CONF *conf, FILE *out)
{
BIO *btmp;
int ret;
if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
CONFerr(CONF_F_NCONF_DUMP_FP,ERR_R_BUF_LIB);
return 0;
}
ret = NCONF_dump_bio(conf, btmp);
BIO_free(btmp);
return ret;
}
#endif
int NCONF_dump_bio(const CONF *conf, BIO *out)
{
if (conf == NULL)
{
CONFerr(CONF_F_NCONF_DUMP_BIO,CONF_R_NO_CONF);
return 0;
}
return conf->meth->dump(conf, out);
}
/* This function should be avoided */
#if 0
long NCONF_get_number(CONF *conf,char *group,char *name)
{
int status;
long ret=0;
status = NCONF_get_number_e(conf, group, name, &ret);
if (status == 0)
{
/* This function does not believe in errors... */
ERR_get_error();
}
return ret;
}
#endif

111
.pc/prototypes/Cryptlib/OpenSSL/crypto/conf/conf_sap.c Normal file
View File

@ -0,0 +1,111 @@
/* conf_sap.c */
/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/crypto.h>
#include "cryptlib.h"
#include <openssl/conf.h>
#include <openssl/dso.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
/* This is the automatic configuration loader: it is called automatically by
* OpenSSL when any of a number of standard initialisation functions are called,
* unless this is overridden by calling OPENSSL_no_config()
*/
static int openssl_configured = 0;
void OPENSSL_config(const char *config_name)
{
if (openssl_configured)
return;
OPENSSL_load_builtin_modules();
#ifndef OPENSSL_NO_ENGINE
/* Need to load ENGINEs */
ENGINE_load_builtin_engines();
#endif
/* Add others here? */
ERR_clear_error();
if (CONF_modules_load_file(NULL, config_name,
CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
{
BIO *bio_err;
ERR_load_crypto_strings();
if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL)
{
BIO_printf(bio_err,"Auto configuration failed\n");
ERR_print_errors(bio_err);
BIO_free(bio_err);
}
exit(1);
}
return;
}
void OPENSSL_no_config()
{
openssl_configured = 1;
}

384
.pc/prototypes/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c Normal file
View File

@ -0,0 +1,384 @@
/* crypto/engine/eng_openssl.c */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#include <stdio.h>
#include <openssl/crypto.h>
#include "cryptlib.h"
#include <openssl/engine.h>
#include <openssl/dso.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
/* This testing gunk is implemented (and explained) lower down. It also assumes
* the application explicitly calls "ENGINE_load_openssl()" because this is no
* longer automatic in ENGINE_load_builtin_engines(). */
#define TEST_ENG_OPENSSL_RC4
#define TEST_ENG_OPENSSL_PKEY
/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
#define TEST_ENG_OPENSSL_RC4_P_INIT
/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
#define TEST_ENG_OPENSSL_SHA
/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
/* Now check what of those algorithms are actually enabled */
#ifdef OPENSSL_NO_RC4
#undef TEST_ENG_OPENSSL_RC4
#undef TEST_ENG_OPENSSL_RC4_OTHERS
#undef TEST_ENG_OPENSSL_RC4_P_INIT
#undef TEST_ENG_OPENSSL_RC4_P_CIPHER
#endif
#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
#undef TEST_ENG_OPENSSL_SHA
#undef TEST_ENG_OPENSSL_SHA_OTHERS
#undef TEST_ENG_OPENSSL_SHA_P_INIT
#undef TEST_ENG_OPENSSL_SHA_P_UPDATE
#undef TEST_ENG_OPENSSL_SHA_P_FINAL
#endif
#ifdef TEST_ENG_OPENSSL_RC4
static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid);
#endif
#ifdef TEST_ENG_OPENSSL_SHA
static int openssl_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid);
#endif
#ifdef TEST_ENG_OPENSSL_PKEY
static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
#endif
/* The constants used when creating the ENGINE */
static const char *engine_openssl_id = "openssl";
static const char *engine_openssl_name = "Software engine support";
/* This internal function is used by ENGINE_openssl() and possibly by the
* "dynamic" ENGINE support too */
static int bind_helper(ENGINE *e)
{
if(!ENGINE_set_id(e, engine_openssl_id)
|| !ENGINE_set_name(e, engine_openssl_name)
#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
#ifndef OPENSSL_NO_RSA
|| !ENGINE_set_RSA(e, RSA_get_default_method())
#endif
#ifndef OPENSSL_NO_DSA
|| !ENGINE_set_DSA(e, DSA_get_default_method())
#endif
#ifndef OPENSSL_NO_ECDH
|| !ENGINE_set_ECDH(e, ECDH_OpenSSL())
#endif
#ifndef OPENSSL_NO_ECDSA
|| !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
#endif
#ifndef OPENSSL_NO_DH
|| !ENGINE_set_DH(e, DH_get_default_method())
#endif
|| !ENGINE_set_RAND(e, RAND_SSLeay())
#ifdef TEST_ENG_OPENSSL_RC4
|| !ENGINE_set_ciphers(e, openssl_ciphers)
#endif
#ifdef TEST_ENG_OPENSSL_SHA
|| !ENGINE_set_digests(e, openssl_digests)
#endif
#endif
#ifdef TEST_ENG_OPENSSL_PKEY
|| !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
#endif
)
return 0;
/* If we add errors to this ENGINE, ensure the error handling is setup here */
/* openssl_load_error_strings(); */
return 1;
}
static ENGINE *engine_openssl(void)
{
ENGINE *ret = ENGINE_new();
if(!ret)
return NULL;
if(!bind_helper(ret))
{
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_openssl(void)
{
ENGINE *toadd = engine_openssl();
if(!toadd) return;
ENGINE_add(toadd);
/* If the "add" worked, it gets a structural reference. So either way,
* we release our just-created reference. */
ENGINE_free(toadd);
ERR_clear_error();
}
/* This stuff is needed if this ENGINE is being compiled into a self-contained
* shared-library. */
#ifdef ENGINE_DYNAMIC_SUPPORT
static int bind_fn(ENGINE *e, const char *id)
{
if(id && (strcmp(id, engine_openssl_id) != 0))
return 0;
if(!bind_helper(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
#endif /* ENGINE_DYNAMIC_SUPPORT */
#ifdef TEST_ENG_OPENSSL_RC4
/* This section of code compiles an "alternative implementation" of two modes of
* RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
* should under normal circumstances go via this support rather than the default
* EVP support. There are other symbols to tweak the testing;
* TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
* we're asked for a cipher we don't support (should not happen).
* TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
* the "init_key" handler is called.
* TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
*/
#include <openssl/rc4.h>
#define TEST_RC4_KEY_SIZE 16
static int test_cipher_nids[] = {NID_rc4,NID_rc4_40};
static int test_cipher_nids_number = 2;
typedef struct {
unsigned char key[TEST_RC4_KEY_SIZE];
RC4_KEY ks;
} TEST_RC4_KEY;
#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
#ifdef TEST_ENG_OPENSSL_RC4_P_INIT
fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
#endif
memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
test(ctx)->key);
return 1;
}
static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
{
#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
#endif
RC4(&test(ctx)->ks,inl,in,out);
return 1;
}
static const EVP_CIPHER test_r4_cipher=
{
NID_rc4,
1,TEST_RC4_KEY_SIZE,0,
EVP_CIPH_VARIABLE_LENGTH,
test_rc4_init_key,
test_rc4_cipher,
NULL,
sizeof(TEST_RC4_KEY),
NULL,
NULL,
NULL,
NULL
};
static const EVP_CIPHER test_r4_40_cipher=
{
NID_rc4_40,
1,5 /* 40 bit */,0,
EVP_CIPH_VARIABLE_LENGTH,
test_rc4_init_key,
test_rc4_cipher,
NULL,
sizeof(TEST_RC4_KEY),
NULL,
NULL,
NULL,
NULL
};
static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid)
{
if(!cipher)
{
/* We are returning a list of supported nids */
*nids = test_cipher_nids;
return test_cipher_nids_number;
}
/* We are being asked for a specific cipher */
if(nid == NID_rc4)
*cipher = &test_r4_cipher;
else if(nid == NID_rc4_40)
*cipher = &test_r4_40_cipher;
else
{
#ifdef TEST_ENG_OPENSSL_RC4_OTHERS
fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
"nid %d\n", nid);
#endif
*cipher = NULL;
return 0;
}
return 1;
}
#endif
#ifdef TEST_ENG_OPENSSL_SHA
/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
#include <openssl/sha.h>
static int test_digest_nids[] = {NID_sha1};
static int test_digest_nids_number = 1;
static int test_sha1_init(EVP_MD_CTX *ctx)
{
#ifdef TEST_ENG_OPENSSL_SHA_P_INIT
fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
#endif
return SHA1_Init(ctx->md_data);
}
static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,size_t count)
{
#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
#endif
return SHA1_Update(ctx->md_data,data,count);
}
static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md)
{
#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
#endif
return SHA1_Final(md,ctx->md_data);
}
static const EVP_MD test_sha_md=
{
NID_sha1,
NID_sha1WithRSAEncryption,
SHA_DIGEST_LENGTH,
0,
test_sha1_init,
test_sha1_update,
test_sha1_final,
NULL,
NULL,
EVP_PKEY_RSA_method,
SHA_CBLOCK,
sizeof(EVP_MD *)+sizeof(SHA_CTX),
};
static int openssl_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid)
{
if(!digest)
{
/* We are returning a list of supported nids */
*nids = test_digest_nids;
return test_digest_nids_number;
}
/* We are being asked for a specific digest */
if(nid == NID_sha1)
*digest = &test_sha_md;
else
{
#ifdef TEST_ENG_OPENSSL_SHA_OTHERS
fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
"nid %d\n", nid);
#endif
*digest = NULL;
return 0;
}
return 1;
}
#endif
#ifdef TEST_ENG_OPENSSL_PKEY
static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
UI_METHOD *ui_method, void *callback_data)
{
BIO *in;
EVP_PKEY *key;
fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id);
in = BIO_new_file(key_id, "r");
if (!in)
return NULL;
key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
BIO_free(in);
return key;
}
#endif

385
.pc/prototypes/Cryptlib/OpenSSL/crypto/x509/by_dir.c Normal file
View File

@ -0,0 +1,385 @@
/* crypto/x509/by_dir.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <time.h>
#include <errno.h>
#include "cryptlib.h"
#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif
#ifdef MAC_OS_pre_X
# include <stat.h>
#else
# include <sys/stat.h>
#endif
#include <openssl/lhash.h>
#include <openssl/x509.h>
#ifdef _WIN32
#define stat _stat
#endif
typedef struct lookup_dir_st
{
BUF_MEM *buffer;
int num_dirs;
char **dirs;
int *dirs_type;
int num_dirs_alloced;
} BY_DIR;
static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
char **ret);
static int new_dir(X509_LOOKUP *lu);
static void free_dir(X509_LOOKUP *lu);
static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
X509_OBJECT *ret);
X509_LOOKUP_METHOD x509_dir_lookup=
{
"Load certs from files in a directory",
new_dir, /* new */
free_dir, /* free */
NULL, /* init */
NULL, /* shutdown */
dir_ctrl, /* ctrl */
get_cert_by_subject, /* get_by_subject */
NULL, /* get_by_issuer_serial */
NULL, /* get_by_fingerprint */
NULL, /* get_by_alias */
};
X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
{
return(&x509_dir_lookup);
}
static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
char **retp)
{
int ret=0;
BY_DIR *ld;
char *dir = NULL;
ld=(BY_DIR *)ctx->method_data;
switch (cmd)
{
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT)
{
dir=(char *)Getenv(X509_get_default_cert_dir_env());
if (dir)
ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
else
ret=add_cert_dir(ld,X509_get_default_cert_dir(),
X509_FILETYPE_PEM);
if (!ret)
{
X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
}
}
else
ret=add_cert_dir(ld,argp,(int)argl);
break;
}
return(ret);
}
static int new_dir(X509_LOOKUP *lu)
{
BY_DIR *a;
if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
return(0);
if ((a->buffer=BUF_MEM_new()) == NULL)
{
OPENSSL_free(a);
return(0);
}
a->num_dirs=0;
a->dirs=NULL;
a->dirs_type=NULL;
a->num_dirs_alloced=0;
lu->method_data=(char *)a;
return(1);
}
static void free_dir(X509_LOOKUP *lu)
{
BY_DIR *a;
int i;
a=(BY_DIR *)lu->method_data;
for (i=0; i<a->num_dirs; i++)
if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
if (a->dirs != NULL) OPENSSL_free(a->dirs);
if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
if (a->buffer != NULL) BUF_MEM_free(a->buffer);
OPENSSL_free(a);
}
static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
{
int j,len;
int *ip;
const char *s,*ss,*p;
char **pp;
if (dir == NULL || !*dir)
{
X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
return 0;
}
s=dir;
p=s;
for (;;p++)
{
if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
{
ss=s;
s=p+1;
len=(int)(p-ss);
if (len == 0) continue;
for (j=0; j<ctx->num_dirs; j++)
if (strlen(ctx->dirs[j]) == (size_t)len &&
strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
break;
if (j<ctx->num_dirs)
continue;
if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
{
ctx->num_dirs_alloced+=10;
pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
sizeof(char *));
ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
sizeof(int));
if ((pp == NULL) || (ip == NULL))
{
X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
return(0);
}
memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
sizeof(char *));
memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
sizeof(int));
if (ctx->dirs != NULL)
OPENSSL_free(ctx->dirs);
if (ctx->dirs_type != NULL)
OPENSSL_free(ctx->dirs_type);
ctx->dirs=pp;
ctx->dirs_type=ip;
}
ctx->dirs_type[ctx->num_dirs]=type;
ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
ctx->dirs[ctx->num_dirs][len]='\0';
ctx->num_dirs++;
}
if (*p == '\0') break;
}
return(1);
}
static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
X509_OBJECT *ret)
{
BY_DIR *ctx;
union {
struct {
X509 st_x509;
X509_CINF st_x509_cinf;
} x509;
struct {
X509_CRL st_crl;
X509_CRL_INFO st_crl_info;
} crl;
} data;
int ok=0;
int i,j,k;
unsigned long h;
BUF_MEM *b=NULL;
struct stat st;
X509_OBJECT stmp,*tmp;
const char *postfix="";
if (name == NULL) return(0);
stmp.type=type;
if (type == X509_LU_X509)
{
data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
data.x509.st_x509_cinf.subject=name;
stmp.data.x509= &data.x509.st_x509;
postfix="";
}
else if (type == X509_LU_CRL)
{
data.crl.st_crl.crl= &data.crl.st_crl_info;
data.crl.st_crl_info.issuer=name;
stmp.data.crl= &data.crl.st_crl;
postfix="r";
}
else
{
X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
goto finish;
}
if ((b=BUF_MEM_new()) == NULL)
{
X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
goto finish;
}
ctx=(BY_DIR *)xl->method_data;
h=X509_NAME_hash(name);
for (i=0; i<ctx->num_dirs; i++)
{
j=strlen(ctx->dirs[i])+1+8+6+1+1;
if (!BUF_MEM_grow(b,j))
{
X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
goto finish;
}
k=0;
for (;;)
{
char c = '/';
#ifdef OPENSSL_SYS_VMS
c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
if (c != ':' && c != '>' && c != ']')
{
/* If no separator is present, we assume the
directory specifier is a logical name, and
add a colon. We really should use better
VMS routines for merging things like this,
but this will do for now...
-- Richard Levitte */
c = ':';
}
else
{
c = '\0';
}
#endif
if (c == '\0')
{
/* This is special. When c == '\0', no
directory separator should be added. */
BIO_snprintf(b->data,b->max,
"%s%08lx.%s%d",ctx->dirs[i],h,
postfix,k);
}
else
{
BIO_snprintf(b->data,b->max,
"%s%c%08lx.%s%d",ctx->dirs[i],c,h,
postfix,k);
}
k++;
if (stat(b->data,&st) < 0)
break;
/* found one. */
if (type == X509_LU_X509)
{
if ((X509_load_cert_file(xl,b->data,
ctx->dirs_type[i])) == 0)
break;
}
else if (type == X509_LU_CRL)
{
if ((X509_load_crl_file(xl,b->data,
ctx->dirs_type[i])) == 0)
break;
}
/* else case will caught higher up */
}
/* we have added it to the cache so now pull
* it out again */
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
else tmp = NULL;
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
if (tmp != NULL)
{
ok=1;
ret->type=tmp->type;
memcpy(&ret->data,&tmp->data,sizeof(ret->data));
/* If we were going to up the reference count,
* we would need to do it on a perl 'type'
* basis */
/* CRYPTO_add(&tmp->data.x509->references,1,
CRYPTO_LOCK_X509);*/
goto finish;
}
}
finish:
if (b != NULL) BUF_MEM_free(b);
return(ok);
}

328
.pc/prototypes/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c Normal file
View File

@ -0,0 +1,328 @@
/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
/* Contributed to the OpenSSL Project 2004
* by Richard Levitte (richard@levitte.org)
*/
/* Copyright (c) 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/conf.h>
#include <openssl/x509v3.h>
static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
BIO *out, int indent);
static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, char *str);
const X509V3_EXT_METHOD v3_pci =
{ NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
0,0,0,0,
0,0,
NULL, NULL,
(X509V3_EXT_I2R)i2r_pci,
(X509V3_EXT_R2I)r2i_pci,
NULL,
};
static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
BIO *out, int indent)
{
BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
if (pci->pcPathLengthConstraint)
i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
else
BIO_printf(out, "infinite");
BIO_puts(out, "\n");
BIO_printf(out, "%*sPolicy Language: ", indent, "");
i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
BIO_puts(out, "\n");
if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
pci->proxyPolicy->policy->data);
return 1;
}
static int process_pci_value(CONF_VALUE *val,
ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
ASN1_OCTET_STRING **policy)
{
int free_policy = 0;
if (strcmp(val->name, "language") == 0)
{
if (*language)
{
X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
X509V3_conf_err(val);
return 0;
}
if (!(*language = OBJ_txt2obj(val->value, 0)))
{
X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
X509V3_conf_err(val);
return 0;
}
}
else if (strcmp(val->name, "pathlen") == 0)
{
if (*pathlen)
{
X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
X509V3_conf_err(val);
return 0;
}
if (!X509V3_get_value_int(val, pathlen))
{
X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH);
X509V3_conf_err(val);
return 0;
}
}
else if (strcmp(val->name, "policy") == 0)
{
unsigned char *tmp_data = NULL;
long val_len;
if (!*policy)
{
*policy = ASN1_OCTET_STRING_new();
if (!*policy)
{
X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
X509V3_conf_err(val);
return 0;
}
free_policy = 1;
}
if (strncmp(val->value, "hex:", 4) == 0)
{
unsigned char *tmp_data2 =
string_to_hex(val->value + 4, &val_len);
if (!tmp_data2)
{
X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);
X509V3_conf_err(val);
goto err;
}
tmp_data = OPENSSL_realloc((*policy)->data,
(*policy)->length + val_len + 1);
if (tmp_data)
{
(*policy)->data = tmp_data;
memcpy(&(*policy)->data[(*policy)->length],
tmp_data2, val_len);
(*policy)->length += val_len;
(*policy)->data[(*policy)->length] = '\0';
}
else
{
OPENSSL_free(tmp_data2);
/* realloc failure implies the original data space is b0rked too! */
(*policy)->data = NULL;
(*policy)->length = 0;
X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
X509V3_conf_err(val);
goto err;
}
OPENSSL_free(tmp_data2);
}
else if (strncmp(val->value, "file:", 5) == 0)
{
unsigned char buf[2048];
int n;
BIO *b = BIO_new_file(val->value + 5, "r");
if (!b)
{
X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
X509V3_conf_err(val);
goto err;
}
while((n = BIO_read(b, buf, sizeof(buf))) > 0
|| (n == 0 && BIO_should_retry(b)))
{
if (!n) continue;
tmp_data = OPENSSL_realloc((*policy)->data,
(*policy)->length + n + 1);
if (!tmp_data)
break;
(*policy)->data = tmp_data;
memcpy(&(*policy)->data[(*policy)->length],
buf, n);
(*policy)->length += n;
(*policy)->data[(*policy)->length] = '\0';
}
BIO_free_all(b);
if (n < 0)
{
X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
X509V3_conf_err(val);
goto err;
}
}
else if (strncmp(val->value, "text:", 5) == 0)
{
val_len = strlen(val->value + 5);
tmp_data = OPENSSL_realloc((*policy)->data,
(*policy)->length + val_len + 1);
if (tmp_data)
{
(*policy)->data = tmp_data;
memcpy(&(*policy)->data[(*policy)->length],
val->value + 5, val_len);
(*policy)->length += val_len;
(*policy)->data[(*policy)->length] = '\0';
}
else
{
/* realloc failure implies the original data space is b0rked too! */
(*policy)->data = NULL;
(*policy)->length = 0;
X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
X509V3_conf_err(val);
goto err;
}
}
else
{
X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
X509V3_conf_err(val);
goto err;
}
if (!tmp_data)
{
X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
X509V3_conf_err(val);
goto err;
}
}
return 1;
err:
if (free_policy)
{
ASN1_OCTET_STRING_free(*policy);
*policy = NULL;
}
return 0;
}
static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, char *value)
{
PROXY_CERT_INFO_EXTENSION *pci = NULL;
STACK_OF(CONF_VALUE) *vals;
ASN1_OBJECT *language = NULL;
ASN1_INTEGER *pathlen = NULL;
ASN1_OCTET_STRING *policy = NULL;
int i, j;
vals = X509V3_parse_list(value);
for (i = 0; i < sk_CONF_VALUE_num(vals); i++)
{
CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
if (!cnf->name || (*cnf->name != '@' && !cnf->value))
{
X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING);
X509V3_conf_err(cnf);
goto err;
}
if (*cnf->name == '@')
{
STACK_OF(CONF_VALUE) *sect;
int success_p = 1;
sect = X509V3_get_section(ctx, cnf->name + 1);
if (!sect)
{
X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION);
X509V3_conf_err(cnf);
goto err;
}
for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++)
{
success_p =
process_pci_value(sk_CONF_VALUE_value(sect, j),
&language, &pathlen, &policy);
}
X509V3_section_free(ctx, sect);
if (!success_p)
goto err;
}
else
{
if (!process_pci_value(cnf,
&language, &pathlen, &policy))
{
X509V3_conf_err(cnf);
goto err;
}
}
}
/* Language is mandatory */
if (!language)
{
X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
goto err;
}
i = OBJ_obj2nid(language);
if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy)
{
X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
goto err;
}
pci = PROXY_CERT_INFO_EXTENSION_new();
if (!pci)
{
X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
goto err;
}
pci->proxyPolicy->policyLanguage = language; language = NULL;
pci->proxyPolicy->policy = policy; policy = NULL;
pci->pcPathLengthConstraint = pathlen; pathlen = NULL;
goto end;
err:
if (language) { ASN1_OBJECT_free(language); language = NULL; }
if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }
end:
sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
return pci;
}

0
.pc/sbsigntool-not-pesign/.timestamp Normal file
View File

183
.pc/sbsigntool-not-pesign/Makefile Normal file
View File

@ -0,0 +1,183 @@
CC = $(CROSS_COMPILE)gcc
LD = $(CROSS_COMPILE)ld
OBJCOPY = $(CROSS_COMPILE)objcopy
ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,)
SUBDIRS = Cryptlib lib
LIB_PATH = /usr/lib64
EFI_INCLUDE := /usr/include/efi
EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude
EFI_PATH := /usr/lib64/gnuefi
LIB_GCC = $(shell $(CC) -print-libgcc-file-name)
EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o
EFI_LDS = elf_$(ARCH)_efi.lds
DEFAULT_LOADER := \\\\grubx64.efi
CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
-fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
-Werror=sign-compare \
"-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
"-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
$(EFI_INCLUDES)
ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
CFLAGS += -DOVERRIDE_SECURITY_POLICY
endif
ifeq ($(ARCH),x86_64)
CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \
-DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
endif
ifeq ($(ARCH),ia32)
CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32
endif
ifeq ($(ARCH),aarch64)
CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include)
endif
ifeq ($(ARCH),arm)
CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include)
endif
ifneq ($(origin VENDOR_CERT_FILE), undefined)
CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
endif
ifneq ($(origin VENDOR_DBX_FILE), undefined)
CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\"
endif
LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS)
VERSION = 0.8
TARGET = shim.efi MokManager.efi.signed fallback.efi.signed
OBJS = shim.o netboot.o cert.o replacements.o version.o
KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h
MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o
MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
FALLBACK_OBJS = fallback.o
FALLBACK_SRCS = fallback.c
all: $(TARGET)
shim.crt:
./make-certs shim shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null
shim.cer: shim.crt
openssl x509 -outform der -in $< -out $@
shim_cert.h: shim.cer
echo "static UINT8 shim_cert[] = {" > $@
hexdump -v -e '1/1 "0x%02x, "' $< >> $@
echo "};" >> $@
version.c : version.c.in
sed -e "s,@@VERSION@@,$(VERSION)," \
-e "s,@@UNAME@@,$(shell uname -a)," \
-e "s,@@COMMIT@@,$(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)," \
< version.c.in > version.c
certdb/secmod.db: shim.crt
-mkdir certdb
pk12util -d certdb/ -i shim.p12 -W "" -K ""
certutil -d certdb/ -A -i shim.crt -n shim -t u
shim.o: $(SOURCES) shim_cert.h
cert.o : cert.S
$(CC) $(CFLAGS) -c -o $@ $<
shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
fallback.o: $(FALLBACK_SRCS)
fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
MokManager.o: $(MOK_SOURCES)
MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
Cryptlib/libcryptlib.a:
$(MAKE) -C Cryptlib
Cryptlib/OpenSSL/libopenssl.a:
$(MAKE) -C Cryptlib/OpenSSL
lib/lib.a:
$(MAKE) -C lib
ifeq ($(ARCH),aarch64)
FORMAT := -O binary
SUBSYSTEM := 0xa
LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
endif
ifeq ($(ARCH),arm)
FORMAT := -O binary
SUBSYSTEM := 0xa
LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
endif
FORMAT ?= --target efi-app-$(ARCH)
%.efi: %.so
$(OBJCOPY) -j .text -j .sdata -j .data \
-j .dynamic -j .dynsym -j .rel* \
-j .rela* -j .reloc -j .eh_frame \
-j .vendor_cert \
$(FORMAT) $^ $@
$(OBJCOPY) -j .text -j .sdata -j .data \
-j .dynamic -j .dynsym -j .rel* \
-j .rela* -j .reloc -j .eh_frame \
-j .debug_info -j .debug_abbrev -j .debug_aranges \
-j .debug_line -j .debug_str -j .debug_ranges \
$(FORMAT) $^ $@.debug
%.efi.signed: %.efi certdb/secmod.db
pesign -n certdb -i $< -c "shim" -s -o $@ -f
clean:
$(MAKE) -C Cryptlib clean
$(MAKE) -C Cryptlib/OpenSSL clean
$(MAKE) -C lib clean
rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb
rm -f *.debug *.so *.efi *.tar.* version.c
GITTAG = $(VERSION)
test-archive:
@rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp
@mkdir -p /tmp/shim-$(VERSION)-tmp
@git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
@git diff | ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff )
@mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
@git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit
@dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
@rm -rf /tmp/shim-$(VERSION)
@echo "The archive is in shim-$(VERSION).tar.bz2"
tag:
git tag --sign $(GITTAG) refs/heads/master
archive: tag
@rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp
@mkdir -p /tmp/shim-$(VERSION)-tmp
@git archive --format=tar $(GITTAG) | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
@mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
@git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit
@dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
@rm -rf /tmp/shim-$(VERSION)
@echo "The archive is in shim-$(VERSION).tar.bz2"
export ARCH CC LD OBJCOPY EFI_INCLUDE

0
.pc/second-stage-path/.timestamp Normal file
View File

183
.pc/second-stage-path/Makefile Normal file
View File

@ -0,0 +1,183 @@
CC = $(CROSS_COMPILE)gcc
LD = $(CROSS_COMPILE)ld
OBJCOPY = $(CROSS_COMPILE)objcopy
ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,)
SUBDIRS = Cryptlib lib
LIB_PATH = /usr/lib64
EFI_INCLUDE := /usr/include/efi
EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude
EFI_PATH := /usr/lib64/gnuefi
LIB_GCC = $(shell $(CC) -print-libgcc-file-name)
EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o
EFI_LDS = elf_$(ARCH)_efi.lds
DEFAULT_LOADER := \\\\grub.efi
CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
-fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
-Werror=sign-compare \
"-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
"-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
$(EFI_INCLUDES)
ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
CFLAGS += -DOVERRIDE_SECURITY_POLICY
endif
ifeq ($(ARCH),x86_64)
CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \
-DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
endif
ifeq ($(ARCH),ia32)
CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32
endif
ifeq ($(ARCH),aarch64)
CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include)
endif
ifeq ($(ARCH),arm)
CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include)
endif
ifneq ($(origin VENDOR_CERT_FILE), undefined)
CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
endif
ifneq ($(origin VENDOR_DBX_FILE), undefined)
CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\"
endif
LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS)
VERSION = 0.8
TARGET = shim.efi MokManager.efi.signed fallback.efi.signed
OBJS = shim.o netboot.o cert.o replacements.o version.o
KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h
MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o
MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
FALLBACK_OBJS = fallback.o
FALLBACK_SRCS = fallback.c
all: $(TARGET)
shim.crt:
./make-certs shim shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null
shim.cer: shim.crt
openssl x509 -outform der -in $< -out $@
shim_cert.h: shim.cer
echo "static UINT8 shim_cert[] = {" > $@
hexdump -v -e '1/1 "0x%02x, "' $< >> $@
echo "};" >> $@
version.c : version.c.in
sed -e "s,@@VERSION@@,$(VERSION)," \
-e "s,@@UNAME@@,$(shell uname -a)," \
-e "s,@@COMMIT@@,$(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)," \
< version.c.in > version.c
certdb/secmod.db: shim.crt
-mkdir certdb
pk12util -d certdb/ -i shim.p12 -W "" -K ""
certutil -d certdb/ -A -i shim.crt -n shim -t u
shim.o: $(SOURCES) shim_cert.h
cert.o : cert.S
$(CC) $(CFLAGS) -c -o $@ $<
shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
fallback.o: $(FALLBACK_SRCS)
fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
MokManager.o: $(MOK_SOURCES)
MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
Cryptlib/libcryptlib.a:
$(MAKE) -C Cryptlib
Cryptlib/OpenSSL/libopenssl.a:
$(MAKE) -C Cryptlib/OpenSSL
lib/lib.a:
$(MAKE) -C lib
ifeq ($(ARCH),aarch64)
FORMAT := -O binary
SUBSYSTEM := 0xa
LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
endif
ifeq ($(ARCH),arm)
FORMAT := -O binary
SUBSYSTEM := 0xa
LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
endif
FORMAT ?= --target efi-app-$(ARCH)
%.efi: %.so
$(OBJCOPY) -j .text -j .sdata -j .data \
-j .dynamic -j .dynsym -j .rel* \
-j .rela* -j .reloc -j .eh_frame \
-j .vendor_cert \
$(FORMAT) $^ $@
$(OBJCOPY) -j .text -j .sdata -j .data \
-j .dynamic -j .dynsym -j .rel* \
-j .rela* -j .reloc -j .eh_frame \
-j .debug_info -j .debug_abbrev -j .debug_aranges \
-j .debug_line -j .debug_str -j .debug_ranges \
$(FORMAT) $^ $@.debug
%.efi.signed: %.efi certdb/secmod.db
pesign -n certdb -i $< -c "shim" -s -o $@ -f
clean:
$(MAKE) -C Cryptlib clean
$(MAKE) -C Cryptlib/OpenSSL clean
$(MAKE) -C lib clean
rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb
rm -f *.debug *.so *.efi *.tar.* version.c
GITTAG = $(VERSION)
test-archive:
@rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp
@mkdir -p /tmp/shim-$(VERSION)-tmp
@git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
@git diff | ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff )
@mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
@git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit
@dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
@rm -rf /tmp/shim-$(VERSION)
@echo "The archive is in shim-$(VERSION).tar.bz2"
tag:
git tag --sign $(GITTAG) refs/heads/master
archive: tag
@rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp
@mkdir -p /tmp/shim-$(VERSION)-tmp
@git archive --format=tar $(GITTAG) | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
@mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
@git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit
@dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
@rm -rf /tmp/shim-$(VERSION)
@echo "The archive is in shim-$(VERSION).tar.bz2"
export ARCH CC LD OBJCOPY EFI_INCLUDE

41
Cryptlib/Library/BaseMemoryLib.h Normal file
View File

@ -0,0 +1,41 @@
#ifndef __BASE_MEMORY_LIB__
#define __BASE_MEMORY_LIB__
CHAR8 *
ScanMem8 (
IN CHAR8 *Buffer,
IN UINTN Size,
IN CHAR8 Value
);
UINT32
WriteUnaligned32(
UINT32 *Buffer,
UINT32 Value
);
CHAR8 *
AsciiStrCat(
CHAR8 *Destination,
CHAR8 *Source
);
CHAR8 *
AsciiStrCpy(
CHAR8 *Destination,
CHAR8 *Source
);
CHAR8 *
AsciiStrnCpy(
CHAR8 *Destination,
CHAR8 *Source,
UINTN count
);
UINTN
AsciiStrSize(
CHAR8 *string
);
#endif

2
Cryptlib/OpenSSL/crypto/conf/conf_def.c
View File

@ -186,10 +186,12 @@ static int def_load(CONF *conf, const char *name, long *line)
int ret; int ret;
BIO *in=NULL; BIO *in=NULL;
#ifndef OPENSSL_NO_STDIO
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
in=BIO_new_file(name, "r"); in=BIO_new_file(name, "r");
#else #else
in=BIO_new_file(name, "rb"); in=BIO_new_file(name, "rb");
#endif
#endif #endif
if (in == NULL) if (in == NULL)
{ {

2
Cryptlib/OpenSSL/crypto/conf/conf_lib.c
View File

@ -92,10 +92,12 @@ LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
LHASH *ltmp; LHASH *ltmp;
BIO *in=NULL; BIO *in=NULL;
#ifndef OPENSSL_NO_STDIO
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
in=BIO_new_file(file, "r"); in=BIO_new_file(file, "r");
#else #else
in=BIO_new_file(file, "rb"); in=BIO_new_file(file, "rb");
#endif
#endif #endif
if (in == NULL) if (in == NULL)
{ {

2
Cryptlib/OpenSSL/crypto/conf/conf_sap.c
View File

@ -93,12 +93,14 @@ void OPENSSL_config(const char *config_name)
{ {
BIO *bio_err; BIO *bio_err;
ERR_load_crypto_strings(); ERR_load_crypto_strings();
#ifndef OPENSSL_NO_STDIO
if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL)
{ {
BIO_printf(bio_err,"Auto configuration failed\n"); BIO_printf(bio_err,"Auto configuration failed\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
BIO_free(bio_err); BIO_free(bio_err);
} }
#endif
exit(1); exit(1);
} }

4
Cryptlib/OpenSSL/crypto/engine/eng_openssl.c
View File

@ -374,11 +374,15 @@ static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
BIO *in; BIO *in;
EVP_PKEY *key; EVP_PKEY *key;
fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id); fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id);
#ifndef OPENSSL_NO_STDIO
in = BIO_new_file(key_id, "r"); in = BIO_new_file(key_id, "r");
if (!in) if (!in)
return NULL; return NULL;
key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
BIO_free(in); BIO_free(in);
#else
return NULL;
#endif
return key; return key;
} }
#endif #endif

8
Cryptlib/OpenSSL/crypto/x509/by_dir.c
View File

@ -92,8 +92,10 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
static int new_dir(X509_LOOKUP *lu); static int new_dir(X509_LOOKUP *lu);
static void free_dir(X509_LOOKUP *lu); static void free_dir(X509_LOOKUP *lu);
static int add_cert_dir(BY_DIR *ctx,const char *dir,int type); static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
#ifndef OPENSSL_NO_STDIO
static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name, static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
X509_OBJECT *ret); X509_OBJECT *ret);
#endif
X509_LOOKUP_METHOD x509_dir_lookup= X509_LOOKUP_METHOD x509_dir_lookup=
{ {
"Load certs from files in a directory", "Load certs from files in a directory",
@ -102,7 +104,11 @@ X509_LOOKUP_METHOD x509_dir_lookup=
NULL, /* init */ NULL, /* init */
NULL, /* shutdown */ NULL, /* shutdown */
dir_ctrl, /* ctrl */ dir_ctrl, /* ctrl */
#ifdef OPENSSL_NO_STDIO
NULL, /* get_by_subject */
#else
get_cert_by_subject, /* get_by_subject */ get_cert_by_subject, /* get_by_subject */
#endif
NULL, /* get_by_issuer_serial */ NULL, /* get_by_issuer_serial */
NULL, /* get_by_fingerprint */ NULL, /* get_by_fingerprint */
NULL, /* get_by_alias */ NULL, /* get_by_alias */
@ -242,6 +248,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
return(1); return(1);
} }
#ifndef OPENSSL_NO_STDIO
static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
X509_OBJECT *ret) X509_OBJECT *ret)
{ {
@ -383,3 +390,4 @@ finish:
if (b != NULL) BUF_MEM_free(b); if (b != NULL) BUF_MEM_free(b);
return(ok); return(ok);
} }
#endif

2
Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c
View File

@ -157,6 +157,7 @@ static int process_pci_value(CONF_VALUE *val,
} }
OPENSSL_free(tmp_data2); OPENSSL_free(tmp_data2);
} }
#ifndef OPENSSL_NO_STDIO
else if (strncmp(val->value, "file:", 5) == 0) else if (strncmp(val->value, "file:", 5) == 0)
{ {
unsigned char buf[2048]; unsigned char buf[2048];
@ -194,6 +195,7 @@ static int process_pci_value(CONF_VALUE *val,
goto err; goto err;
} }
} }
#endif
else if (strncmp(val->value, "text:", 5) == 0) else if (strncmp(val->value, "text:", 5) == 0)
{ {
val_len = strlen(val->value + 5); val_len = strlen(val->value + 5);

6
Makefile
View File

@ -18,7 +18,7 @@ EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/
EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o
EFI_LDS = elf_$(ARCH)_efi.lds EFI_LDS = elf_$(ARCH)_efi.lds
DEFAULT_LOADER := \\\\grub.efi DEFAULT_LOADER := \\\\grubx64.efi
CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
-fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
-Werror=sign-compare \ -Werror=sign-compare \
@ -144,8 +144,8 @@ FORMAT ?= --target efi-app-$(ARCH)
-j .debug_line -j .debug_str -j .debug_ranges \ -j .debug_line -j .debug_str -j .debug_ranges \
$(FORMAT) $^ $@.debug $(FORMAT) $^ $@.debug
%.efi.signed: %.efi certdb/secmod.db %.efi.signed: %.efi shim.crt
pesign -n certdb -i $< -c "shim" -s -o $@ -f sbsign --key shim.key --cert shim.crt $<
clean: clean:
$(MAKE) -C Cryptlib clean $(MAKE) -C Cryptlib clean