diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6f3f31f19d55e8368f76603adb561575884642ce..29b0bb8b4b3895fa7b07f67e8b5068e3dbb9a532 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,7 +1,6 @@
cmake_minimum_required(VERSION 3.22)
project (SyncTERM C)
include("FetchContent")
-add_subdirectory(cryptlib)
FetchContent_Declare(
XPDevPlus
@@ -10,6 +9,13 @@ FetchContent_Declare(
)
FetchContent_MakeAvailable(XPDevPlus)
+FetchContent_Declare(
+ CryptlibBuild
+ GIT_REPOSITORY https://gitlab.synchro.net/Deuce/cryptlib.git
+ CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR}/cryptlib
+)
+FetchContent_MakeAvailable(CryptlibBuild)
+
# CPack stuff...
set(CPACK_PACKAGE_NAME SyncTERM)
set(CPACK_PACKAGE_VENDOR Deuce)
@@ -58,7 +64,6 @@ set(SOURCE
add_executable(syncterm ${SOURCE})
target_link_libraries(syncterm cryptlib xpdevplus)
-add_dependencies(syncterm CryptlibBuild)
target_include_directories(syncterm PRIVATE ${CMAKE_BINARY_DIR})
if(CMAKE_SYSTEM_NAME STREQUAL "NetBSD")
diff --git a/cryptlib/CMakeLists.txt b/cryptlib/CMakeLists.txt
deleted file mode 100644
index bd450b4faa91f8ebda0d3b1fa816f1de7095c4c8..0000000000000000000000000000000000000000
--- a/cryptlib/CMakeLists.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-cmake_minimum_required(VERSION 3.15)
-project (Cryptlib C)
-include("ExternalProject")
-
-ExternalProject_Add(
- CryptlibBuild
- SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/dist
- UPDATE_COMMAND ""
- CONFIGURE_COMMAND ""
- BUILD_COMMAND ""
- INSTALL_COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/build.sh ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_BINARY_DIR}
-)
-
-add_library(cryptlib STATIC IMPORTED GLOBAL)
-set_target_properties(cryptlib PROPERTIES IMPORTED_LOCATION ${CMAKE_BINARY_DIR}/libcl.a)
-add_dependencies(cryptlib CryptlibBuild)
-#target_link_libraries(cryptlib INTERFACE ${CMAKE_BINARY_DIR}/libcl.a)
-#target_include_directories(cryptlib INTERFACE ${CMAKE_BINARY_DIR})
diff --git a/cryptlib/build.sh b/cryptlib/build.sh
deleted file mode 100755
index 7f56eea010d4a4fa914905dc7b07a88e1c93e95f..0000000000000000000000000000000000000000
--- a/cryptlib/build.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-rm -rf "$1/tmp"
-mkdir "$1/tmp"
-echo "Extracting Cryptlib"
-unzip -oa -d "$1/tmp" "$1/dist/cryptlib.zip"
-echo "Patching..."
-for patch in `find "$1/patches" -type f`
-do
- patch -t -d "$1/tmp" < $patch
-done
-echo "Building..."
-make -C "$1/tmp"
-cp "$1/tmp/libcl.a" "$1/tmp/cryptlib.h" $2
-rm -rf "$1/tmp"
diff --git a/cryptlib/dist/cryptlib.zip b/cryptlib/dist/cryptlib.zip
deleted file mode 100644
index e4e5b02a8c33694a1a0b96748aaed01c1049ec76..0000000000000000000000000000000000000000
Binary files a/cryptlib/dist/cryptlib.zip and /dev/null differ
diff --git a/cryptlib/patches/Dynamic-linked-static-lib.patch b/cryptlib/patches/Dynamic-linked-static-lib.patch
deleted file mode 100644
index 1b267f6c9b982bb3e281431aefa36a43baee5219..0000000000000000000000000000000000000000
--- a/cryptlib/patches/Dynamic-linked-static-lib.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- ../tmp2/tools/ccopts.sh 2019-03-04 16:32:32.000000000 -0500
-+++ tools/ccopts.sh 2019-06-03 16:56:55.005703000 -0400
-@@ -393,7 +393,6 @@
- # of large-displacement jumps, so if you're tuning the code for size/speed
- # you can try -fpic to see if you get any improvement.
-
--if [ $SHARED -gt 0 ] ; then
- case $OSNAME in
- 'Darwin')
- CCARGS="$CCARGS -fPIC -fno-common" ;;
-@@ -420,7 +419,6 @@
- *)
- CCARGS="$CCARGS -fPIC" ;;
- esac ;
--fi
-
- # Conversely, if we're building a static lib and the system requires it, set
- # up static lib-specific options.
diff --git a/cryptlib/patches/SSL-fix.patch b/cryptlib/patches/SSL-fix.patch
deleted file mode 100644
index 8c5e319f1f31b05e39fcd536b0d514273443470c..0000000000000000000000000000000000000000
--- a/cryptlib/patches/SSL-fix.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- ../tmp2/session/sess_attr.c 2019-02-05 18:18:28.000000000 -0500
-+++ session/sess_attr.c 2019-06-03 17:06:34.378151000 -0400
-@@ -102,11 +102,13 @@
-
- /* If there's already a network socket specified then we can't set a
- server name as well */
-+/*
- if( sessionInfoPtr->networkSocket != CRYPT_ERROR )
- {
- return( exitErrorInited( sessionInfoPtr,
- CRYPT_SESSINFO_NETWORKSOCKET ) );
- }
-+*/
-
- /* Parse the server name. The PKI protocols all use HTTP as their
- substrate so if it's not SSH or SSL/TLS we require HTTP */
diff --git a/cryptlib/patches/cl-DH-key-init.patch b/cryptlib/patches/cl-DH-key-init.patch
deleted file mode 100644
index 08e3084e0511234f79f58a0138b7edeff40e74dc..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-DH-key-init.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- session/ssl_kmgmt.c.orig 2019-01-11 01:54:56.000000000 -0500
-+++ session/ssl_kmgmt.c 2020-01-23 18:18:40.754040000 -0500
-@@ -448,7 +448,7 @@
- status = krnlSendMessage( createInfo.cryptHandle,
- IMESSAGE_SETATTRIBUTE,
- ( MESSAGE_CAST ) &eccParams,
-- CRYPT_IATTRIBUTE_KEY_DLPPARAM );
-+ CRYPT_IATTRIBUTE_KEY_ECCPARAM );
- }
- else
- #endif /* USE_ECDH */
diff --git a/cryptlib/patches/cl-PAM-noprompts.patch b/cryptlib/patches/cl-PAM-noprompts.patch
deleted file mode 100644
index e99ed54aec03255c2cc5563e2aabed9440ba32c2..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-PAM-noprompts.patch
+++ /dev/null
@@ -1,102 +0,0 @@
---- ../tmp2/session/ssh2_authc.c 2018-12-14 17:31:34.000000000 -0500
-+++ session/ssh2_authc.c 2019-06-03 16:41:49.956986000 -0400
-@@ -868,7 +868,7 @@
- if( !cryptStatusError( status ) )
- {
- status = CRYPT_OK; /* readUint32() returns a count value */
-- if( noPrompts <= 0 || noPrompts > 4 )
-+ if( noPrompts < 0 || noPrompts > 4 )
- {
- /* Requesting zero or more than a small number of prompts is
- suspicious */
-@@ -876,49 +876,52 @@
- }
- }
- }
-- if( cryptStatusOK( status ) )
-+ if( noPrompts > 0 )
- {
-- status = readString32( &stream, promptBuffer,
-+ if( cryptStatusOK( status ) )
-+ {
-+ status = readString32( &stream, promptBuffer,
- CRYPT_MAX_TEXTSIZE, &promptLength );
-- if( cryptStatusOK( status ) && promptLength <= 0 )
-+ if( cryptStatusOK( status ) && promptLength <= 0 )
-+ {
-+ /* We must have at least some sort of prompt given that we
-+ require num_prompts to be nonzero */
-+ status = CRYPT_ERROR_BADDATA;
-+ }
-+ }
-+ sMemDisconnect( &stream );
-+ if( cryptStatusError( status ) )
- {
-- /* We must have at least some sort of prompt given that we
-- require num_prompts to be nonzero */
-- status = CRYPT_ERROR_BADDATA;
-+ retExt( status,
-+ ( status, SESSION_ERRINFO,
-+ "Invalid PAM authentication request packet" ) );
- }
-- }
-- sMemDisconnect( &stream );
-- if( cryptStatusError( status ) )
-- {
-- retExt( status,
-- ( status, SESSION_ERRINFO,
-- "Invalid PAM authentication request packet" ) );
-- }
-- REQUIRES( nameLength >= 0 && nameLength <= CRYPT_MAX_TEXTSIZE );
-- REQUIRES( promptLength >= 1 && promptLength <= CRYPT_MAX_TEXTSIZE );
-+ REQUIRES( nameLength >= 0 && nameLength <= CRYPT_MAX_TEXTSIZE );
-+ REQUIRES( promptLength >= 1 && promptLength <= CRYPT_MAX_TEXTSIZE );
-
-- /* Make sure that we're being asked for some form of password
-- authentication. This assumes that the prompt string begins with the
-- word "password" (which always seems to be the case), if it isn't then
-- it may be necessary to do a substring search */
-- if( promptLength < 8 || \
-- !strIsPrintable( promptBuffer, promptLength ) || \
-- strCompare( promptBuffer, "Password", 8 ) )
-- {
-- /* The following may produce somewhat inconsistent results in terms
-- of what it reports because it's unclear what 'name' actually is,
-- on the off chance that something fills this in it could produce
-- a less appropriate error message than the prompt, but we
-- opportunistically try it in case it contains something useful */
-- retExt( CRYPT_ERROR_BADDATA,
-- ( CRYPT_ERROR_BADDATA, SESSION_ERRINFO,
-- "Server requested unknown PAM authentication type '%s'",
-- ( nameLength > 0 ) ? \
-- sanitiseString( nameBuffer, CRYPT_MAX_TEXTSIZE, \
-- nameLength ) : \
-- sanitiseString( promptBuffer, CRYPT_MAX_TEXTSIZE, \
-- promptLength ) ) );
-- }
-+ /* Make sure that we're being asked for some form of password
-+ authentication. This assumes that the prompt string begins with the
-+ word "password" (which always seems to be the case), if it isn't then
-+ it may be necessary to do a substring search */
-+ if( promptLength < 8 || \
-+ !strIsPrintable( promptBuffer, promptLength ) || \
-+ strCompare( promptBuffer, "Password", 8 ) )
-+ {
-+ /* The following may produce somewhat inconsistent results in terms
-+ of what it reports because it's unclear what 'name' actually is,
-+ on the off chance that something fills this in it could produce
-+ a less appropriate error message than the prompt, but we
-+ opportunistically try it in case it contains something useful */
-+ retExt( CRYPT_ERROR_BADDATA,
-+ ( CRYPT_ERROR_BADDATA, SESSION_ERRINFO,
-+ "Server requested unknown PAM authentication type '%s'",
-+ ( nameLength > 0 ) ? \
-+ sanitiseString( nameBuffer, CRYPT_MAX_TEXTSIZE, \
-+ nameLength ) : \
-+ sanitiseString( promptBuffer, CRYPT_MAX_TEXTSIZE, \
-+ promptLength ) ) );
-+ }
-+ }
-
- REQUIRES( passwordPtr != NULL && \
- passwordPtr->valueLength > 0 && \
diff --git a/cryptlib/patches/cl-algorithms.patch b/cryptlib/patches/cl-algorithms.patch
deleted file mode 100644
index 95371ce30e69f9e546fa59f98793e4185b470ab3..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-algorithms.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- misc/config.h.orig 2018-02-15 02:26:59.017103000 -0500
-+++ misc/config.h 2018-02-15 02:27:50.400787000 -0500
-@@ -9,6 +9,9 @@
-
- #define _CONFIG_DEFINED
-
-+#define USE_PROBLEMATIC_ALGORITHMS
-+#define USE_SSH_EXTENDED
-+#define USE_CERTLEVEL_STANDARD
- /****************************************************************************
- * *
- * Custom Configuration Profiles *
diff --git a/cryptlib/patches/cl-allow-duplicate-ext.patch b/cryptlib/patches/cl-allow-duplicate-ext.patch
deleted file mode 100644
index 7a64a0cdb31d442b0537633edc13178c59f3e52c..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-allow-duplicate-ext.patch
+++ /dev/null
@@ -1,14 +0,0 @@
---- cert/ext_add.c.orig 2018-02-24 01:38:55.995138000 -0500
-+++ cert/ext_add.c 2018-02-24 01:39:08.783152000 -0500
-@@ -451,9 +451,11 @@
- a non-blob. In addition it forces the caller to use the (recommended)
- normal attribute handling mechanism, which allows for proper type
- checking */
-+#if 0
- if( !( flags & ATTR_FLAG_BLOB ) && \
- oidToAttribute( attributeType, oid, oidLength ) != NULL )
- return( CRYPT_ERROR_PERMISSION );
-+#endif
-
- /* Find the correct place in the list to insert the new element */
- if( DATAPTR_ISSET( listHead ) )
diff --git a/cryptlib/patches/cl-allow-none-auth.patch b/cryptlib/patches/cl-allow-none-auth.patch
deleted file mode 100644
index 95ab0fd6985c068f9bd2092abf2aaee3b541be31..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-allow-none-auth.patch
+++ /dev/null
@@ -1,158 +0,0 @@
---- ../cl-old/cryptlib.h 2021-03-16 04:15:50.265534000 -0400
-+++ ./cryptlib.h 2021-03-16 06:53:47.582168000 -0400
-@@ -1215,6 +1215,7 @@
- CRYPT_SESSINFO_SSH_CHANNEL_ARG1,/* SSH channel argument 1 */
- CRYPT_SESSINFO_SSH_CHANNEL_ARG2,/* SSH channel argument 2 */
- CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE,/* SSH channel active */
-+ CRYPT_SESSINFO_SSH_OPTIONS, /* SSH protocol options */
- CRYPT_SESSINFO_SSL_OPTIONS, /* SSL/TLS protocol options */
- CRYPT_SESSINFO_SSL_SUBPROTOCOL, /* SSL/TLS additional sub-protocol */
- CRYPT_SESSINFO_SSL_WSPROTOCOL, /* SSL/TLS WebSockets sub-protocol */
-@@ -1680,6 +1681,14 @@
- #define CRYPT_SSLOPTION_SUITEB_256 0x200 /* vanish in future releases) */
- #ifdef _CRYPT_DEFINED
- #define CRYPT_SSLOPTION_MAX 0x7F /* Defines for range checking */
-+#endif /* _CRYPT_DEFINED */
-+
-+/* SSH protocol options. */
-+
-+#define CRYPT_SSHOPTION_NONE 0x000
-+#define CRYPT_SSHOPTION_NONE_AUTH 0x001 /* Try none authentication */
-+#ifdef _CRYPT_DEFINED
-+#define CRYPT_SSHOPTION_MAX 0x01 /* Defines for range checking */
- #endif /* _CRYPT_DEFINED */
-
- /****************************************************************************
-diff -ur ../cl-old/kernel/attr_acl.c ./kernel/attr_acl.c
---- ../cl-old/kernel/attr_acl.c 2021-03-16 04:15:50.398060000 -0400
-+++ ./kernel/attr_acl.c 2021-03-16 06:53:47.606473000 -0400
-@@ -3731,6 +3731,12 @@
- ST_NONE, ST_NONE, ST_SESS_SSH | ST_SESS_SSH_SVR,
- MKPERM_SSH_EXT( RWx_xxx ),
- ROUTE( OBJECT_TYPE_SESSION ) ),
-+ MKACL_N( /* SSH protocol options */
-+ CRYPT_SESSINFO_SSH_OPTIONS,
-+ ST_NONE, ST_NONE, ST_SESS_SSH,
-+ MKPERM_SSH_EXT( Rxx_RWx ),
-+ ROUTE( OBJECT_TYPE_SESSION ),
-+ RANGE( CRYPT_SSHOPTION_NONE, CRYPT_SSHOPTION_MAX ) ),
-
- MKACL_N( /* SSL/TLS protocol options */
- CRYPT_SESSINFO_SSL_OPTIONS,
-@@ -4653,7 +4659,7 @@
- static_assert( CRYPT_CERTINFO_FIRST_EXTENSION == 2200, "Attribute value" );
- static_assert( CRYPT_CERTINFO_FIRST_CMS == 2500, "Attribute value" );
- static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6016, "Attribute value" );
-- static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6031, "Attribute value" );
-+ static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6032, "Attribute value" );
- static_assert( CRYPT_CERTFORMAT_LAST == 12, "Attribute value" );
-
- /* Perform a consistency check on the attribute ACLs. The ACLs are
-diff -ur ../cl-old/session/ssh.c ./session/ssh.c
---- ../cl-old/session/ssh.c 2021-03-16 04:15:50.257467000 -0400
-+++ ./session/ssh.c 2021-03-16 06:53:47.638940000 -0400
-@@ -980,6 +980,18 @@
- type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
- type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE );
-
-+ if( type == CRYPT_SESSINFO_SSH_OPTIONS )
-+ {
-+ int *valuePtr = ( int * ) data;
-+
-+ *valuePtr = CRYPT_SSHOPTION_NONE;
-+ if( TEST_FLAG( sessionInfoPtr->protocolFlags,
-+ SSH_PFLAG_DUMMYUSERAUTH ) )
-+ *valuePtr |= CRYPT_SSHOPTION_NONE_AUTH;
-+
-+ return( CRYPT_OK );
-+ }
-+
- if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
- type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE )
- {
-@@ -1010,11 +1022,13 @@
- type == CRYPT_SESSINFO_SSH_CHANNEL_TYPE || \
- type == CRYPT_SESSINFO_SSH_CHANNEL_ARG1 || \
- type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
-+ type == CRYPT_SESSINFO_SSH_OPTIONS || \
- type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE );
-
- /* Get the data value if it's an integer parameter */
- if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
-- type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE )
-+ type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
-+ type == CRYPT_SESSINFO_SSH_OPTIONS)
- value = *( ( int * ) data );
-
- /* If we're selecting a channel and there's unwritten data from a
-@@ -1038,6 +1052,13 @@
- return( createChannel( sessionInfoPtr ) );
- }
-
-+ if( type == CRYPT_SESSINFO_SSH_OPTIONS )
-+ {
-+ if (value & CRYPT_SSHOPTION_NONE_AUTH)
-+ SET_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH );
-+ return( CRYPT_OK );
-+ }
-+
- /* If we 're setting the channel-active attribute, this implicitly
- activates or deactivates the channel rather than setting any
- attribute value */
-@@ -1165,8 +1186,6 @@
- SESSION_FLAG_NONE, /* Flags */
- SSH_PORT, /* SSH port */
- SESSION_NEEDS_USERID | /* Client attributes */
-- SESSION_NEEDS_PASSWORD | \
-- SESSION_NEEDS_KEYORPASSWORD | \
- SESSION_NEEDS_PRIVKEYSIGN,
- /* The client private key is optional, but if present it has
- to be signature-capable */
-diff -ur ../cl-old/session/ssh2_authc.c ./session/ssh2_authc.c
---- ../cl-old/session/ssh2_authc.c 2021-03-16 04:15:50.264206000 -0400
-+++ ./session/ssh2_authc.c 2021-03-16 07:46:47.873769000 -0400
-@@ -315,13 +315,22 @@
- assert( isWritePtr( authAlgo, sizeof( CRYPT_ALGO_TYPE ) ) );
- assert( isWritePtr( furtherAuthRequired, sizeof( BOOLEAN ) ) );
-
-- REQUIRES( isShortIntegerRangeNZ( length ) );
- REQUIRES( usedPasswordAuth == TRUE || usedPasswordAuth == FALSE );
-
- /* Clear return values */
- *authAlgo = CRYPT_ALGO_NONE;
- *furtherAuthRequired = FALSE;
-
-+ if (length == 0 && GET_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH ) && !usedPasswordAuth)
-+ {
-+ CLEAR_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH );
-+ *furtherAuthRequired = TRUE;
-+ *authAlgo = CRYPT_PSEUDOALGO_PASSWORD;
-+ return( CRYPT_OK );
-+ }
-+
-+ REQUIRES( isShortIntegerRangeNZ( length ) );
-+
- /* Before we can try and interpret the response, we have to check for an
- empty response */
- if( length >= LENGTH_SIZE && \
-@@ -647,6 +656,8 @@
- SSH_MSG_USERAUTH_REQUEST );
- if( cryptStatusError( status ) )
- return( status );
-+ if (passwordPtr == NULL && GET_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH ))
-+ return( OK_SPECIAL );
- if( usePasswordAuth )
- {
- /* byte type = SSH_MSG_USERAUTH_REQUEST
-@@ -1220,6 +1231,11 @@
- auth required */
- if( !hasPassword )
- {
-+ if (length == 0)
-+ {
-+ return( reportAuthFailure( sessionInfoPtr, CRYPT_PSEUDOALGO_PASSWORD,
-+ requiredAuthAlgo, TRUE ) );
-+ }
- return( reportAuthFailure( sessionInfoPtr, CRYPT_ALGO_RSA,
- requiredAuthAlgo, TRUE ) );
- }
diff --git a/cryptlib/patches/cl-allow-pkcs12.patch b/cryptlib/patches/cl-allow-pkcs12.patch
deleted file mode 100644
index 8d0bfdd1796ee50b4c9070c45d8b538f7093ba56..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-allow-pkcs12.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- misc/config.h.orig 2021-01-25 23:06:22.266896000 -0500
-+++ misc/config.h 2021-01-25 23:31:45.451504000 -0500
-@@ -494,7 +494,7 @@
- indirectly as a result of any use of cryptlib with this change made. If
- you receive the code with the safety features already disabled, you must
- immediately obtain and use an original, unmodified version */
--/* #define USE_PKCS12 */
-+#define USE_PKCS12
- /* Going beyond the PKCS #12 read capability which exists solely to allow
- the import of keys supplied in that format by third parties, cryptlib has
- a PKCS #12 write capability. This exists purely to allow the export of
-@@ -509,7 +509,7 @@
- PKCS #12 read capability, as well as the fact that PKCS #12 write is an
- unsupported facility with special-case usage restrictions that doesn't
- work like any normal keyset */
--/* #define USE_PKCS12_WRITE */
-+#define USE_PKCS12_WRITE
-
- #define USE_PKCS15
- #define USE_PGPKEYS
diff --git a/cryptlib/patches/cl-bigger-maxattribute.patch b/cryptlib/patches/cl-bigger-maxattribute.patch
deleted file mode 100644
index ff819cbe0f8cb3a4121098a38fcde5af1133ceba..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-bigger-maxattribute.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- ../tmp2/misc/consts.h 2019-02-22 19:36:36.000000000 -0500
-+++ misc/consts.h 2019-06-03 18:05:43.345982000 -0400
-@@ -226,7 +226,7 @@
- creating things like certs containing MPEGs of themselves playing with
- their cat */
-
--#define MAX_ATTRIBUTE_SIZE 1024
-+#define MAX_ATTRIBUTE_SIZE 4096
-
- /* Some objects contain internal buffers used to process data whose size can
- be specified by the user, the following is the minimum and maximum size
diff --git a/cryptlib/patches/cl-bn-noasm64-fix.patch b/cryptlib/patches/cl-bn-noasm64-fix.patch
deleted file mode 100644
index 60b1eab7696e1cd8a579999988ffe26cd118dcfd..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-bn-noasm64-fix.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- bn/bn_asm.c.orig 2019-07-15 17:03:25.346831000 -0400
-+++ bn/bn_asm.c 2019-07-15 17:03:40.227005000 -0400
-@@ -81,7 +81,7 @@
-
- #ifndef BN_ASM /* pcg */
-
--#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
-+#if defined(BN_LLONG) || defined(BN_UMULT_HIGH) || defined(BN_UMULT_LOHI)
-
- BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
- BN_ULONG w)
diff --git a/cryptlib/patches/cl-check-before-use.patch b/cryptlib/patches/cl-check-before-use.patch
deleted file mode 100644
index 56843b7f3040716c33af9def6eb6132a8d25b7cc..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-check-before-use.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff -ur ../cl-old/random/unix.c ./random/unix.c
---- ../cl-old/random/unix.c 2021-03-29 22:36:37.000000000 -0700
-+++ ./random/unix.c 2021-03-29 22:38:03.000000000 -0700
-@@ -505,7 +505,9 @@
- amount of output so typically gets
- truncated at SYSCTL_BUFFER_SIZE */
- #endif /* KERN_PROC2 */
-+#ifdef GPROF_COUNT
- { 3, { CTL_KERN, KERN_PROF, GPROF_COUNT }, 10 },
-+#endif
- /* If kernel is compiled for profiling,
- an array of statistical program
- counter counts. This typically isn't
diff --git a/cryptlib/patches/cl-clear-GCM-flag.patch b/cryptlib/patches/cl-clear-GCM-flag.patch
deleted file mode 100644
index 23f3a79ddef17ec05b19eb125997d648d1a1b2df..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-clear-GCM-flag.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- ./session/ssl_hs.c.orig 2020-01-24 18:02:09.710811000 -0500
-+++ ./session/ssl_hs.c 2020-01-24 18:02:24.220573000 -0500
-@@ -223,6 +223,7 @@
- if( cryptStatusError( status ) )
- return( status );
- sessionInfoPtr->cryptBlocksize = queryInfo.blockSize;
-+ CLEAR_FLAG( sessionInfoPtr->protocolFlags, SSL_PFLAG_GCM );
- }
-
- return( CRYPT_OK );
diff --git a/cryptlib/patches/cl-cryptodev.patch b/cryptlib/patches/cl-cryptodev.patch
deleted file mode 100644
index ed489d04ee9bf952eadfeac3e9215fb6f0d87ead..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-cryptodev.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- ../tmp2/tools/ccopts.sh 2019-03-04 16:32:32.000000000 -0500
-+++ tools/ccopts.sh 2019-06-03 16:22:10.631518000 -0400
-@@ -250,13 +250,13 @@
- done
-
- # /dev/crypto support
-- for includepath in $DEVCRYPTOPATHS ; do
-- if [ -f $includepath ] ; then
-- echo "/dev/crypto interface detected, enabling crypto hardware support." >&2 ;
-- CCARGS="$CCARGS -DHAS_DEVCRYPTO -I"$(dirname $includepath)"" ;
-- break ;
-- fi
-- done
-+ #for includepath in $DEVCRYPTOPATHS ; do
-+ # if [ -f $includepath ] ; then
-+ # echo "/dev/crypto interface detected, enabling crypto hardware support." >&2 ;
-+ # CCARGS="$CCARGS -DHAS_DEVCRYPTO -I"$(dirname $includepath)"" ;
-+ # break ;
-+ # fi
-+ #done
-
- fi
- if [ -f /usr/include/zlib.h ] ; then
diff --git a/cryptlib/patches/cl-endian.patch b/cryptlib/patches/cl-endian.patch
deleted file mode 100644
index 50d6dcec2e387b7848b8424eff7158e8efbc06d3..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-endian.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- ../tmp2/misc/os_detect.h 2019-01-31 14:57:46.000000000 -0500
-+++ misc/os_detect.h 2019-06-03 18:26:42.394038000 -0400
-@@ -566,6 +566,9 @@
- #include <machine/endian.h>
- #elif defined( __NetBSD__ )
- #include <sys/endian.h>
-+ #elif defined( __FreeBSD__ )
-+ #include <sys/endian.h>
-+ #elif defined(__MINGW32__)
- #else
- #include <endian.h>
- #endif /* Apple vs. everyone else */
diff --git a/cryptlib/patches/cl-fix-ECC-RSA.patch b/cryptlib/patches/cl-fix-ECC-RSA.patch
deleted file mode 100644
index b6c72d612190a551cf567f9ca05450fafc8181e5..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-fix-ECC-RSA.patch
+++ /dev/null
@@ -1,70 +0,0 @@
---- session/ssl_hs.c.orig 2018-11-14 23:22:26.000000000 -0500
-+++ session/ssl_hs.c 2020-01-23 18:23:41.236235000 -0500
-@@ -240,6 +240,7 @@
- const CIPHERSUITE_INFO **cipherSuiteInfo;
- const BOOLEAN isServer = isServer( sessionInfoPtr ) ? TRUE : FALSE;
- BOOLEAN allowDH = algoAvailable( CRYPT_ALGO_DH ) ? TRUE : FALSE;
-+ BOOLEAN allowECCAuth = TRUE;
- BOOLEAN allowECC = ( algoAvailable( CRYPT_ALGO_ECDH ) && \
- algoAvailable( CRYPT_ALGO_ECDSA ) ) ? TRUE : FALSE;
- BOOLEAN allowRSA = algoAvailable( CRYPT_ALGO_RSA ) ? TRUE : FALSE;
-@@ -268,7 +269,7 @@
- {
- /* There's no server private key present, we're limited to PSK
- suites */
-- allowECC = allowRSA = FALSE;
-+ allowECC = allowRSA = allowECCAuth = FALSE;
- }
- else
- {
-@@ -278,7 +279,7 @@
- capable */
- if( !checkContextCapability( sessionInfoPtr->privateKey,
- MESSAGE_CHECK_PKC_SIGN ) )
-- allowDH = allowECC = FALSE;
-+ allowDH = allowECC = allowECCAuth = FALSE;
-
- /* To be usable for ECC or RSA the server key has to itself be
- an ECC or RSA key */
-@@ -286,13 +287,16 @@
- IMESSAGE_GETATTRIBUTE, &pkcAlgo,
- CRYPT_CTXINFO_ALGO );
- if( cryptStatusError( status ) )
-- allowECC = allowRSA = FALSE;
-+ allowECC = allowRSA = allowECCAuth = FALSE;
- else
- {
- if( !isEccAlgo( pkcAlgo ) )
- allowECC = FALSE;
- if( pkcAlgo != CRYPT_ALGO_RSA )
-+ {
- allowRSA = FALSE;
-+ allowECCAuth = FALSE;
-+ }
- }
- }
- }
-@@ -443,8 +447,13 @@
- ( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_DH ) )
- continue;
- if( !allowECC && \
-- ( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_ECC ) )
-+ ( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_ECC ) && \
-+ ( cipherSuiteInfoPtr->authAlgo != CRYPT_ALGO_RSA) )
- continue;
-+ if( !allowECCAuth && \
-+ ( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_ECC ) && \
-+ ( cipherSuiteInfoPtr->authAlgo == CRYPT_ALGO_RSA) )
-+ continue;
- if( !allowTLS12 && \
- ( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_TLS12 ) )
- continue;
-@@ -521,7 +530,7 @@
- find out that we can use it */
- if( altSuiteIndex < cipherSuiteInfoSize )
- {
-- REQUIRES( allowECC );
-+ REQUIRES( allowECCAuth );
-
- handshakeInfo->eccSuiteInfoPtr = cipherSuiteInfo[ altSuiteIndex ];
- }
diff --git a/cryptlib/patches/cl-fix-ssh-ecc-ephemeral.patch b/cryptlib/patches/cl-fix-ssh-ecc-ephemeral.patch
deleted file mode 100644
index 67089436284b5a3742e80cfe22ac712f0961d99f..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-fix-ssh-ecc-ephemeral.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- session/ssh2_crypt.c.orig 2020-04-29 14:08:11.580413000 -0400
-+++ session/ssh2_crypt.c 2020-04-29 14:08:27.391588000 -0400
-@@ -265,7 +265,7 @@
- /* Load the appropriate static ECDH key parameters */
- status = krnlSendMessage( iECDHContext, IMESSAGE_SETATTRIBUTE,
- ( MESSAGE_CAST ) &eccKeySize,
-- CRYPT_IATTRIBUTE_KEY_DLPPARAM );
-+ CRYPT_IATTRIBUTE_KEY_ECCPARAM );
- if( cryptStatusError( status ) )
- {
- krnlSendNotifier( iECDHContext, IMESSAGE_DECREFCOUNT );
diff --git a/cryptlib/patches/cl-gcc-non-const-time-val.patch b/cryptlib/patches/cl-gcc-non-const-time-val.patch
deleted file mode 100644
index 81bd85639a53bdfe5d2693551b32286971c9d862..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-gcc-non-const-time-val.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- misc/consts.h.orig 2019-06-20 12:44:22.683319000 -0400
-+++ misc/consts.h 2019-06-20 12:44:53.191660000 -0400
-@@ -346,7 +346,7 @@
- #define MAX_TIME_VALUE ( YEARS_TO_SECONDS( 2036 - 1970 ) )
-
- #if ( defined( __clang__ ) && ( __clang_major__ > 5 ) ) || \
-- ( defined( __GNUC__ ) && ( __GNUC__ > 6 ) ) || \
-+ ( defined( __GNUC__ ) && ( __GNUC__ > 11 ) ) || \
- ( defined( _MSC_VER ) && VC_GE_2017( _MSC_VER ) )
- #define CURRENT_TIME_VALUE ( ( DATE_YEAR + DATE_MONTH + DATE_DAY - 30 ) * 86400 )
- #else
diff --git a/cryptlib/patches/cl-just-use-cc.patch b/cryptlib/patches/cl-just-use-cc.patch
deleted file mode 100644
index 75203e83cdf26b2c384a543858001a990c4bbef5..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-just-use-cc.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- tools/getcompiler.sh.orig 2019-03-04 16:32:44.000000000 -0500
-+++ tools/getcompiler.sh 2020-05-01 03:29:13.645161000 -0400
-@@ -13,6 +13,8 @@
- # Juggle the args around to get them the way that we want them.
-
- CC=$1
-+echo "$CC"
-+exit
- OSNAME=$2
- shift 2
-
diff --git a/cryptlib/patches/cl-learn-numbers.patch b/cryptlib/patches/cl-learn-numbers.patch
deleted file mode 100644
index 5706d5631dfbd6b24e9c4df723270eb422ff0837..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-learn-numbers.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- ./tools/ccopts.sh.orig 2020-05-02 04:05:14.767613000 -0400
-+++ ./tools/ccopts.sh 2020-05-02 04:15:51.301386000 -0400
-@@ -357,7 +357,7 @@
- # tools/getlibs.sh also for clang 4.7 or newer.
-
- if [ $ISCLANG -gt 0 ] && [ $ISSPECIAL -eq 0 ] ; then
-- CLANG_VER="$($CC -dumpversion | tr -d '.' | cut -c 1-2)" ;
-+ CLANG_VER="$($CC -dumpversion | sed -E 's/^([0-9]+)$/\1.0/' | sed -E 's/^([0-9]+)\.([0-9]).*$/\1\2/')" ;
- if [ $CLANG_VER -gt 42 ] ; then
- CCARGS="$CCARGS -fsanitize=safe-stack" ;
- fi ;
-@@ -509,7 +509,7 @@
- # apparent version less than 10 we add a trailing zero to the string to make
- # the checks that follow work.
-
--GCC_VER="$($CC -dumpversion | tr -d '.' | cut -c 1-2)"
-+GCC_VER="$($CC -dumpversion | sed -E 's/^([0-9]+)$/\1.0/' | sed -E 's/^([0-9]+)\.([0-9]).*$/\1\2/')"
- if [ "$GCC_VER" -lt 10 ] ; then
- GCC_VER="${GCC_VER}0" ;
- fi
diff --git a/cryptlib/patches/cl-macosx-minver.patch b/cryptlib/patches/cl-macosx-minver.patch
deleted file mode 100644
index c35e8610644710c8e2faf304325599d5dcd09898..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-macosx-minver.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- tools/ccopts.sh.orig2 2019-05-31 12:45:50.749075000 -0400
-+++ tools/ccopts.sh 2019-05-31 12:46:06.954741000 -0400
-@@ -305,7 +305,7 @@
-
- case $OSNAME in
- 'Darwin')
-- CCARGS="$CCARGS -fPIC -fno-common" ;;
-+ CCARGS="$CCARGS -fPIC -fno-common -mmacosx-version-min=10.5" ;;
-
- 'CYGWIN_NT-5.0'|'CYGWIN_NT-5.1'|'CYGWIN_NT-6.1')
- ;;
diff --git a/cryptlib/patches/cl-mingw-add-m32.patch b/cryptlib/patches/cl-mingw-add-m32.patch
deleted file mode 100644
index 587084ab20e685f6f0882665a3a80bd9f505e750..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-mingw-add-m32.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- makefile.orig 2021-03-20 14:58:39.488459000 -0400
-+++ makefile 2021-03-20 14:58:52.381979000 -0400
-@@ -1963,12 +1963,12 @@
-
- MINGW32_NT-5.1:
- $(MAKE) OSNAME=win32 target-init
-- $(MAKE) $(DEFINES) CFLAGS="$(XCFLAGS) -O2"
-+ $(MAKE) $(DEFINES) CFLAGS="$(XCFLAGS) -O2 -m32"
-
- MINGW32_NT-6.1:
- $(MAKE) OSNAME=win32 target-init
-- $(MAKE) $(DEFINES) EXTRAOBJS="$(WIN32ASMOBJS)" \
-- CFLAGS="$(XCFLAGS) -O2 -Wl,--subsystem,windows,--output-def,cl32.def"
-+ $(MAKE) OSNAME=win32 $(DEFINES) EXTRAOBJS="$(WIN32ASMOBJS)" \
-+ CFLAGS="$(XCFLAGS) -O2 -m32 -Wl,--subsystem,windows,--output-def,cl32.def -DSTATIC_LIB"
-
- # NCR MP-RAS: Use the NCR cc. The "-DNCR_UST" is needed to enable threading
- # (User-Space Threads).
diff --git a/cryptlib/patches/cl-mingw-vcver.patch b/cryptlib/patches/cl-mingw-vcver.patch
deleted file mode 100644
index 88cf9f2dfc6554ec9c31e3f88ec66f134f441e9b..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-mingw-vcver.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- ../tmp2/misc/os_detect.h 2019-01-31 14:57:46.000000000 -0500
-+++ misc/os_detect.h 2019-06-03 18:35:55.358499000 -0400
-@@ -241,10 +241,11 @@
- preprocessors get confused if they aren't defined */
- #define VC_16BIT( version ) 0
- #define VC_LE_VC6( version ) 0
-- #define VC_GE_2002( version ) 0
-- #define VC_LT_2005( version ) 0
-+ #define VC_GE_2002( version ) 1
-+ #define VC_LT_2005( version ) 1
- #define VC_GE_2005( version ) 0
- #define VC_GE_2008( version ) 0
-+ #define VC_LT_2010( version ) 1
- #define VC_GE_2010( version ) 0
- #define VC_GE_2012( version ) 0
- #define VC_GE_2013( version ) 0
diff --git a/cryptlib/patches/cl-more-RSA-ECC-fixes.patch b/cryptlib/patches/cl-more-RSA-ECC-fixes.patch
deleted file mode 100644
index c69b1b2534451cf6bc5c017b7f25dd9ffdf2b770..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-more-RSA-ECC-fixes.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- session/ssl_ext.c.orig 2020-01-23 15:25:30.640683000 -0500
-+++ session/ssl_ext.c 2020-01-23 15:25:40.141297000 -0500
-@@ -607,8 +607,8 @@
- #endif /* CONFIG_SUITEB */
-
- /* Make sure that the curve matches the server's signing key */
-- if( curveSize != keySize )
-- continue;
-+ //if( curveSize != keySize )
-+ // continue;
-
- /* We've got a matching curve, remember it. In theory we could exit
- at this point but we continue anyway to clear the remainder of
diff --git a/cryptlib/patches/cl-no-RSA-suites.patch b/cryptlib/patches/cl-no-RSA-suites.patch
deleted file mode 100644
index 1506fe47a9d21dd90198240c7a9da4832b144682..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-no-RSA-suites.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- misc/config.h.orig 2020-01-23 12:03:27.741075000 -0500
-+++ misc/config.h 2020-01-23 12:03:27.806947000 -0500
-@@ -684,7 +684,7 @@
- 64-bit systems, which by definition are going to be fairly recent */
-
- #ifndef SYSTEM_64BIT
-- #define USE_RSA_SUITES
-+// #define USE_RSA_SUITES
- #endif /* SYSTEM_64BIT */
-
- /* This now leads to a second problem, as of 2018 many public web servers
diff --git a/cryptlib/patches/cl-no-odbc.patch b/cryptlib/patches/cl-no-odbc.patch
deleted file mode 100644
index 8ef855c07d4f60cd7ba5e20c8e15b6da54439c87..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-no-odbc.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- tools/ccopts.sh.orig 2019-06-20 12:51:38.118150000 -0400
-+++ tools/ccopts.sh 2019-06-20 12:52:34.479052000 -0400
-@@ -210,7 +210,8 @@
- for includepath in $ODBCPATHS ; do
- if [ -f $includepath ] ; then
- echo "ODBC interface detected, enabling ODBC support." >&2 ;
-- CCARGS="$CCARGS -DHAS_ODBC -I"$(dirname $includepath)"" ;
-+ #CCARGS="$CCARGS -DHAS_ODBC -I"$(dirname $includepath)"" ;
-+ echo "Hah ha ha, no. fuck off." >&2 ;
- break ;
- fi
- done
diff --git a/cryptlib/patches/cl-no-safe-stack.patch b/cryptlib/patches/cl-no-safe-stack.patch
deleted file mode 100644
index bbeb3cb1cda1d2d267abef8b1043718a859e4c37..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-no-safe-stack.patch
+++ /dev/null
@@ -1,31 +0,0 @@
---- tools/getlibs.sh.orig 2021-01-24 07:40:21.569115000 -0500
-+++ tools/getlibs.sh 2021-01-24 07:40:42.823333000 -0500
-@@ -59,9 +59,9 @@
-
- if hasSubstring "$BUILDOPTS" "sanitize=safe-stack" ; then
- CLANG_VER="$(clang -dumpversion | tr -d '.' | cut -c 1-2)" ;
-- if [ $CLANG_VER -gt 47 ] ; then
-- LDARGS="$LDARGS -fsanitize=safe-stack" ;
-- fi ;
-+ #if [ $CLANG_VER -gt 47 ] ; then
-+ # LDARGS="$LDARGS -fsanitize=safe-stack" ;
-+ #fi ;
- fi
-
- # Add any libraries needed by optional components. In the case of zlib use
---- tools/ccopts.sh.orig 2020-11-26 02:40:05.222021000 -0500
-+++ tools/ccopts.sh 2021-01-24 07:41:02.126230000 -0500
-@@ -358,9 +358,9 @@
- # tools/getlibs.sh also for clang 4.7 or newer.
-
- if [ $ISCLANG -gt 0 ] && [ $ISSPECIAL -eq 0 ] ; then
- CLANG_VER="$($CC -dumpversion | sed -E 's/^([0-9]+)$/\1.0/' | sed -E 's/^([0-9]+)\.([0-9]).*$/\1\2/')" ;
-- if [ $CLANG_VER -gt 42 ] ; then
-- CCARGS="$CCARGS -fsanitize=safe-stack" ;
-- fi ;
-+ #if [ $CLANG_VER -gt 42 ] ; then
-+ # CCARGS="$CCARGS -fsanitize=safe-stack" ;
-+ #fi ;
- fi
-
- # The Sun compiler has its own set of problems, the biggest of which is
diff --git a/cryptlib/patches/cl-no-tpm.patch b/cryptlib/patches/cl-no-tpm.patch
deleted file mode 100644
index b77d660a7dd0e66d1c7eba0e46385d7fb3948a6a..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-no-tpm.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-diff -ru ../orig/tools/ccopts.sh ./tools/ccopts.sh
---- ../orig/tools/ccopts.sh 2019-03-04 16:32:32.000000000 -0500
-+++ ./tools/ccopts.sh 2022-02-08 18:20:14.840013000 -0500
-@@ -241,13 +241,15 @@
- done
-
- # TPM support
-- for includepath in $TPMPATHS ; do
-- if [ -f $includepath ] ; then
-- echo "TPM interface detected, enabling TPM support." >&2 ;
-- CCARGS="$CCARGS -DHAS_TPM -I"$(dirname $includepath)"" ;
-- break ;
-- fi
-- done
-+ #if [ "$(uname -s)" = "Linux" ] ; then
-+ # for includepath in $TPMPATHS ; do
-+ # if [ -f $includepath ] ; then
-+ # echo "TPM interface detected, enabling TPM support." >&2 ;
-+ # CCARGS="$CCARGS -DHAS_TPM -I"$(dirname $includepath)"" ;
-+ # break ;
-+ # fi
-+ # done
-+ #fi
-
- # /dev/crypto support
- for includepath in $DEVCRYPTOPATHS ; do
-Only in ./tools: ccopts.sh.orig
diff --git a/cryptlib/patches/cl-no-via-aes.patch b/cryptlib/patches/cl-no-via-aes.patch
deleted file mode 100644
index 6f42852034d3f746d64012753e7d97331575a5ab..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-no-via-aes.patch
+++ /dev/null
@@ -1,38 +0,0 @@
---- crypt/aesopt.h.orig 2020-04-14 09:11:58.722175000 -0400
-+++ crypt/aesopt.h 2020-04-14 09:13:30.401074000 -0400
-@@ -102,7 +102,7 @@
- defined( _M_IX86 ) && \
- !( defined( _WIN32_WCE ) || defined( NO_ASM ) )
- #ifndef USE_VIA_ACE_IF_PRESENT
-- #define USE_VIA_ACE_IF_PRESENT
-+// #define USE_VIA_ACE_IF_PRESENT
- #endif
- #endif /* VC++ on x86 under Win32 - pcg */
-
-@@ -212,7 +212,7 @@
- #if defined( __GNUC__ ) && defined( __i386__ ) \
- || defined( _WIN32 ) && defined( _M_IX86 ) && !(defined( _WIN64 ) \
- || defined( _WIN32_WCE ) || defined( _MSC_VER ) && ( _MSC_VER <= 800 ))
--# define VIA_ACE_POSSIBLE
-+//# define VIA_ACE_POSSIBLE
- #endif
-
- /* AES is supported out of the box by Windows x64 compilers, but by gcc only
-@@ -263,7 +263,7 @@
- AES_REV_DKS must be set for assembler code used with a VIA ACE build
- */
-
--#if 1 && defined( VIA_ACE_POSSIBLE ) && !defined( USE_VIA_ACE_IF_PRESENT )
-+#if 0 && defined( VIA_ACE_POSSIBLE ) && !defined( USE_VIA_ACE_IF_PRESENT )
- # define USE_VIA_ACE_IF_PRESENT
- #endif
-
-@@ -508,7 +508,7 @@
- #endif
-
- #if defined( ASSUME_VIA_ACE_PRESENT ) && !defined( USE_VIA_ACE_IF_PRESENT )
--# define USE_VIA_ACE_IF_PRESENT
-+//# define USE_VIA_ACE_IF_PRESENT
- #endif
-
- #if defined( __APPLE__ ) && TARGET_OS_SIMULATOR
diff --git a/cryptlib/patches/cl-noasm-defines.patch b/cryptlib/patches/cl-noasm-defines.patch
deleted file mode 100644
index d0849f461f3628b4f9b3bd30e91cdbd1ca3cdfb1..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-noasm-defines.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- crypt.h.orig 2019-07-15 16:20:43.204006000 -0400
-+++ crypt.h 2019-07-15 16:21:06.812752000 -0400
-@@ -9,6 +9,10 @@
-
- #define _CRYPT_DEFINED
-
-+#define OPENSSL_NO_ASM
-+#define OPENSSL_NO_INLINE_ASM
-+#define NO_ASM
-+
- /* Various compilers handle includes in subdirectories differently. Most
- will work with paths from a root directory. Non-OS X Macintoshes don't
- recognise '/'s as path delimiters, but work around it by scanning all
diff --git a/cryptlib/patches/cl-openbsd-threads.patch b/cryptlib/patches/cl-openbsd-threads.patch
deleted file mode 100644
index 81f566ecf791e4ef3301404d93887b442d2e4678..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-openbsd-threads.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- test/test.h.orig 2021-03-15 18:15:00.758832000 -0400
-+++ test/test.h 2021-03-15 18:15:18.354887000 -0400
-@@ -278,7 +278,7 @@
- operations like sleep calls */
-
- #if( ( defined( _AIX ) || defined( __APPLE__ ) || defined( __FreeBSD__ ) || \
-- defined( __NetBSD__ ) || defined( __linux__ ) || \
-+ defined( __NetBSD__ ) || defined( __OpenBSD__ ) || defined( __linux__ ) || \
- ( defined( sun ) && ( OSVERSION > 4 ) ) ) && !defined( NO_THREADS ) )
- #define UNIX_THREADS
-
diff --git a/cryptlib/patches/cl-poll-not-select.patch b/cryptlib/patches/cl-poll-not-select.patch
deleted file mode 100644
index 308a336b6d833a3a68bc9069a9846d304061a68b..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-poll-not-select.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-diff -ur ../cl-old/io/tcp_rw.c ./io/tcp_rw.c
---- ../cl-old/io/tcp_rw.c 2021-03-21 07:25:22.336553000 -0400
-+++ ./io/tcp_rw.c 2021-03-21 08:02:40.609845000 -0400
-@@ -20,6 +20,10 @@
-
- #ifdef USE_TCP
-
-+#ifndef __WINDOWS__
-+#include <poll.h>
-+#endif
-+
- /****************************************************************************
- * *
- * Network I/O Wait Management *
-@@ -74,6 +78,7 @@
- { CRYPT_ERROR_OPEN, "unknown" }, { CRYPT_ERROR_OPEN, "unknown" }
- };
- MONOTIMER_INFO timerInfo;
-+#ifdef __WINDOWS__
- struct timeval tv;
- fd_set readfds, writefds, exceptfds;
- fd_set *readFDPtr = ( type == IOWAIT_READ || \
-@@ -81,6 +86,10 @@
- type == IOWAIT_ACCEPT ) ? &readfds : NULL;
- fd_set *writeFDPtr = ( type == IOWAIT_WRITE || \
- type == IOWAIT_CONNECT ) ? &writefds : NULL;
-+#else
-+ struct pollfd fds;
-+ int ptimeout;
-+#endif
- int selectIterations, status, LOOP_ITERATOR;
-
- assert( isWritePtr( netStream, sizeof( NET_STREAM_INFO ) ) );
-@@ -152,6 +161,20 @@
- status = setMonoTimer( &timerInfo, timeout );
- if( cryptStatusError( status ) )
- return( status );
-+
-+#ifndef __WINDOWS__
-+ fds.fd = netStream->netSocket;
-+ fds.events = 0;
-+ if (type == IOWAIT_READ || type == IOWAIT_CONNECT || type == IOWAIT_ACCEPT )
-+ fds.events |= POLLIN;
-+ if (type == IOWAIT_WRITE || type == IOWAIT_CONNECT )
-+ fds.events |= POLLOUT;
-+ if (timeout <= 0)
-+ ptimeout = 5;
-+ else
-+ ptimeout = timeout * 1000;
-+#endif
-+
- LOOP_MED( ( selectIterations = 0, status = SOCKET_ERROR ), \
- isSocketError( status ) && \
- ( selectIterations <= 0 || \
-@@ -159,6 +182,7 @@
- selectIterations < 20,
- selectIterations++ )
- {
-+#ifdef __WINDOWS__
- if( readFDPtr != NULL )
- {
- FD_ZERO( readFDPtr );
-@@ -186,6 +210,10 @@
- clearErrorState();
- status = select( ( int ) netStream->netSocket + 1, readFDPtr,
- writeFDPtr, &exceptfds, &tv );
-+#else
-+ fds.revents = 0;
-+ status = poll(&fds, 1, ptimeout);
-+#endif
-
- /* If there's a problem and it's not something transient like an
- interrupted system call, exit. For a transient problem, we just
-@@ -269,7 +297,11 @@
- false and an indicator to receive SIGURG's not set, the OOB data byte
- just languishes in a side-buffer), however we shouldn't be receiving
- OOB data so we treat that as an error too */
-+#ifdef __WINDOWS__
- if( FD_ISSET( netStream->netSocket, &exceptfds ) )
-+#else
-+ if (fds.revents & (POLLERR | POLLNVAL))
-+#endif
- {
- int socketErrorCode;
-
-@@ -323,6 +355,7 @@
-
- /* The socket is read for reading or writing */
- ENSURES( status > 0 );
-+#ifdef __WINDOWS__
- ENSURES( ( type == IOWAIT_READ && \
- FD_ISSET( netStream->netSocket, &readfds ) ) || \
- ( type == IOWAIT_WRITE && \
-@@ -331,6 +364,13 @@
- ( FD_ISSET( netStream->netSocket, &readfds ) || \
- FD_ISSET( netStream->netSocket, &writefds ) ) ) || \
- ( type == IOWAIT_ACCEPT ) );
-+#else
-+ ENSURES( \
-+ ( type == IOWAIT_READ && (fds.revents & POLLIN) ) || \
-+ ( type == IOWAIT_WRITE && (fds.revents & POLLOUT) ) || \
-+ ( type == IOWAIT_CONNECT && (fds.revents & (POLLIN | POLLOUT) ) ) || \
-+ ( type == IOWAIT_ACCEPT ) );
-+#endif
- return( CRYPT_OK );
- }
-
diff --git a/cryptlib/patches/cl-posix-me-gently.patch b/cryptlib/patches/cl-posix-me-gently.patch
deleted file mode 100644
index 3e9441f914555d9a7eed870acd6964c581ed889e..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-posix-me-gently.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- ../tmp2/crypt.h 2019-01-31 14:52:00.000000000 -0500
-+++ crypt.h 2019-06-03 16:26:35.672044000 -0400
-@@ -79,7 +79,7 @@
- #ifndef _POSIX_C_SOURCE
- #if defined( __xlc__ ) || defined( __IBMC__ )
- #define _POSIX_C_SOURCE 200112L /* Posix 2001 */
-- #elif defined( __GNUC__ )
-+ #elif defined( __GNUC__ ) && defined( __linux__ )
- #define _POSIX_C_SOURCE 200809L /* Posix 2008 */
- #define _DEFAULT_SOURCE 1 /* See note above */
- #define _BSD_SOURCE 1 /* Undo breakage */
diff --git a/cryptlib/patches/cl-prefer-ECC-harder.patch b/cryptlib/patches/cl-prefer-ECC-harder.patch
deleted file mode 100644
index 4d44f5e439618aa39f390b7fb5fcc84b954a68b5..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-prefer-ECC-harder.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- session/ssl_suites.c.orig 2020-01-23 14:12:41.131472000 -0500
-+++ session/ssl_suites.c 2020-01-23 14:12:59.980267000 -0500
-@@ -357,12 +357,12 @@
- static const CIPHERSUITES_LIST cipherSuitesList[] = {
- { cipherSuitePSK, FAILSAFE_ARRAYSIZE( cipherSuitePSK, CIPHERSUITE_INFO ) },
- #ifdef PREFER_ECC
-- #ifdef USE_GCM
-- { cipherSuiteGCM, FAILSAFE_ARRAYSIZE( cipherSuiteGCM, CIPHERSUITE_INFO ) },
-- #endif /* USE_GCM */
- #if defined( USE_ECDH )
- { cipherSuiteECC, FAILSAFE_ARRAYSIZE( cipherSuiteECC, CIPHERSUITE_INFO ) },
- #endif /* USE_ECDH */
-+ #ifdef USE_GCM
-+ { cipherSuiteGCM, FAILSAFE_ARRAYSIZE( cipherSuiteGCM, CIPHERSUITE_INFO ) },
-+ #endif /* USE_GCM */
- #endif /* PREFER_ECC */
- { cipherSuiteDH, FAILSAFE_ARRAYSIZE( cipherSuiteDH, CIPHERSUITE_INFO ) },
- #ifdef USE_RSA_SUITES
diff --git a/cryptlib/patches/cl-prefer-ECC.patch b/cryptlib/patches/cl-prefer-ECC.patch
deleted file mode 100644
index dcd2de41418bf7ed498f559836e2b69fd7a44e2b..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-prefer-ECC.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- misc/config.h.orig 2020-01-23 14:08:29.914160000 -0500
-+++ misc/config.h 2020-01-23 14:08:38.693115000 -0500
-@@ -12,6 +12,7 @@
- #define USE_PROBLEMATIC_ALGORITHMS
- #define USE_SSH_EXTENDED
- #define USE_CERTLEVEL_STANDARD
-+#define PREFER_ECC
- /****************************************************************************
- * *
- * Custom Configuration Profiles *
diff --git a/cryptlib/patches/cl-random-openbsd.patch b/cryptlib/patches/cl-random-openbsd.patch
deleted file mode 100644
index 05c0c97a2e80e2b4f8b150e633759bd71f97207c..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-random-openbsd.patch
+++ /dev/null
@@ -1,35 +0,0 @@
---- random/unix.c.orig 2021-03-15 18:02:42.743073000 -0400
-+++ random/unix.c 2021-03-15 18:04:17.393934000 -0400
-@@ -398,7 +398,7 @@
- #include <net/route.h> /* For CTL_NET:AF_ROUTE:0:AF_INET:\
- NET_RT_FLAGS idents */
- #include <sys/gmon.h> /* For CTL_KERN:KERN_PROF identifiers */
-- #if defined( __NetBSD__ )
-+ #if defined( __NetBSD__ ) || defined( __OpenBSD__ )
- #include <uvm/uvm_param.h> /* For CTL_VM identifiers */
- #else
- #include <vm/vm_param.h> /* For CTL_VM identifiers */
-@@ -414,7 +414,9 @@
- static const SYSCTL_INFO sysctlInfo[] = {
- /* Hardware info */
- { 2, { CTL_HW, HW_MACHINE } }, /* Machine class */
-+#ifdef HW_MACHINE_ARCH
- { 2, { CTL_HW, HW_MACHINE_ARCH } }, /* Machine architecture */
-+#endif
- { 2, { CTL_HW, HW_MODEL } }, /* Machine model */
- #ifdef HW_IOSTATS
- { 2, { CTL_HW, HW_IOSTATS } }, /* struct io_sysctl for each device
-@@ -517,11 +519,13 @@
- /* Terminal chars sent/received */
- #endif /* KERN_TKSTAT */
- { 2, { CTL_KERN, KERN_VERSION } }, /* System version string */
-+#ifdef KERN_VNODE
- { 2, { CTL_KERN, KERN_VNODE }, 15 },
- /* struct xvnode for each vnode, see
- /sys/sys/vnode.h. Produces a huge
- amount of output so typically gets
- truncated at SYSCTL_BUFFER_SIZE */
-+#endif
-
- /* Networking info */
- { 6, { CTL_NET, AF_ROUTE, 0, AF_INET, NET_RT_DUMP, 0 }, 5 },
diff --git a/cryptlib/patches/cl-ranlib.patch b/cryptlib/patches/cl-ranlib.patch
deleted file mode 100644
index 98f050f53f3d6cc2c63f0d0da92090fc9cb69706..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-ranlib.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -ru ../orig/tools/buildlib.sh ./tools/buildlib.sh
---- ../orig/tools/buildlib.sh 2019-03-04 16:32:02.000000000 -0500
-+++ ./tools/buildlib.sh 2022-02-08 18:22:03.599117000 -0500
-@@ -66,7 +66,9 @@
- echo "Need to set up ucLinux link command" ;;
-
- *)
-- $AR rcs "$LIBNAME" "$@" || \
-- ( $AR rc "$LIBNAME" "$@" && ranlib "$LIBNAME" )
-+ if [ "$RANLIB" = "" ] ; then
-+ RANLIB = ranlib
-+ fi
-+ ( $AR rc "$LIBNAME" "$@" && $RANLIB "$LIBNAME" )
-
- esac
-Only in ./tools: buildlib.sh.orig
diff --git a/cryptlib/patches/cl-ssh-incCtr.patch b/cryptlib/patches/cl-ssh-incCtr.patch
deleted file mode 100644
index 3c0d9b1490d05ad52e599bf6104a6e23a79c56d2..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-ssh-incCtr.patch
+++ /dev/null
@@ -1,26 +0,0 @@
---- session/ssh2_crypt.c.orig 2019-01-21 16:56:04.000000000 -0500
-+++ session/ssh2_crypt.c 2020-02-14 14:15:11.144585000 -0500
-@@ -55,12 +55,12 @@
- /* Walk along the counter incrementing each byte if required */
- LOOP_MED( i = blockSize - 1, i >= 0, i-- )
- {
-- if( ctrPtr[ i ]++ != 0 )
-+ if( ++ctrPtr[ i ] != 0 )
- break;
- }
- ENSURES( LOOP_BOUND_OK );
- ENSURES( ctrMSB != ctrPtr[ blockSize - 1 ] );
-- ENSURES( ctrMSB != 0 || ctrMSBnext != ctrPtr[ blockSize - 2 ] );
-+ ENSURES( (ctrPtr[ blockSize - 1 ] != 0 || ctrMSBnext != ctrPtr[ blockSize - 2 ]) );
-
- return( CRYPT_OK );
- }
-@@ -388,7 +388,7 @@
- memcpy( sshInfo->writeCTR, buffer, sessionInfoPtr->cryptBlocksize );
- else
- memcpy( sshInfo->readCTR, buffer, sessionInfoPtr->cryptBlocksize );
-- zeroise( buffer, CRYPT_MAX_KEYSIZE );
-+ zeroise( buffer, CRYPT_MAX_HASHSIZE );
-
- return( CRYPT_OK );
- }
diff --git a/cryptlib/patches/cl-ssh-list-ctr-modes.patch b/cryptlib/patches/cl-ssh-list-ctr-modes.patch
deleted file mode 100644
index 930b14d7c522a96869c7ba2957915cd9a131741c..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-ssh-list-ctr-modes.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- session/ssh2.c.orig 2019-01-26 20:39:00.000000000 -0500
-+++ session/ssh2.c 2020-02-14 02:31:35.785792000 -0500
-@@ -851,6 +851,7 @@
-
- /* Make sure that any required sub-algorithms are available */
- if( algoStringInfo->subAlgo != CRYPT_ALGO_NONE && \
-+ algoStringInfo->subAlgo != CRYPT_MODE_ECB && \
- !algoAvailable( algoStringInfo->subAlgo ) )
- continue;
-
diff --git a/cryptlib/patches/cl-ssl-suite-blocksizes.patch b/cryptlib/patches/cl-ssl-suite-blocksizes.patch
deleted file mode 100644
index 2c6599dc71b91ad385928687393080f4e2366f06..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-ssl-suite-blocksizes.patch
+++ /dev/null
@@ -1,47 +0,0 @@
---- session/ssl_suites.c.orig 2020-02-17 15:42:41.411268000 -0500
-+++ session/ssl_suites.c 2020-02-17 16:05:59.563026000 -0500
-@@ -135,7 +135,7 @@
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
- DESCRIPTION( "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" )
- CRYPT_ALGO_ECDH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
-- CRYPT_ALGO_HMAC_SHA2, 0, 32, SHA2MAC_SIZE,
-+ CRYPT_ALGO_HMAC_SHA2, 0, 16, SHA2MAC_SIZE,
- CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_TLS12 },
- /* { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
- DESCRIPTION( "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" )
-@@ -187,11 +187,11 @@
- CRYPT_ALGO_ECDH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
- CRYPT_ALGO_HMAC_SHA2, 0, 16, GCMICV_SIZE,
- CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },
-- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-+/* { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- DESCRIPTION( "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" )
- CRYPT_ALGO_ECDH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
-- CRYPT_ALGO_HMAC_SHA2, 48, 16, GCMICV_SIZE,
-- CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },
-+ CRYPT_ALGO_HMAC_SHA2, 48, 32, GCMICV_SIZE,
-+ CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },*/
-
- /* AES-GCM with DH */
- { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
-@@ -200,9 +200,9 @@
- CRYPT_ALGO_HMAC_SHA2, 0, 16, GCMICV_SIZE,
- CIPHERSUITE_FLAG_DH | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },
- /* { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
-- DESCRIPTION( "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" )
-+ DESCRIPTION( "TLS_DHE_RSA_WITH_AES_256_GCM_SHA256" )
- CRYPT_ALGO_DH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
-- CRYPT_ALGO_HMAC_SHA2, 0, 16, GCMICV_SIZE,
-+ CRYPT_ALGO_HMAC_SHA2, 0, 32, GCMICV_SIZE,
- CIPHERSUITE_FLAG_DH | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 }, */
-
- /* AES-GCM with RSA */
-@@ -214,7 +214,7 @@
- /* { TLS_RSA_WITH_AES_256_GCM_SHA384,
- DESCRIPTION( "TLS_RSA_WITH_AES_256_GCM_SHA384" )
- CRYPT_ALGO_RSA, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
-- CRYPT_ALGO_HMAC_SHA2, 48, 16, GCMICV_SIZE,
-+ CRYPT_ALGO_HMAC_SHA2, 48, 32, GCMICV_SIZE,
- CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 }, */
-
- /* End-of-list marker */
diff --git a/cryptlib/patches/cl-uint64_t-redefine.patch b/cryptlib/patches/cl-uint64_t-redefine.patch
deleted file mode 100644
index e9acb7380936225cb50dbe017ebedfb9a6cc3340..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-uint64_t-redefine.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- crypt/brg_types.h.orig 2021-03-15 17:59:00.031496000 -0400
-+++ crypt/brg_types.h 2021-03-15 17:59:49.685028000 -0400
-@@ -133,7 +133,7 @@
- # if ULONG_MAX == 18446744073709551615ul
- # define BRG_UI64
- # define li_64(h) 0x##h##ul
-- #ifndef _UINT64_T /* Apple define their own version - pcg */
-+ #if !defined(_UINT64_T) && !defined(_UINT64_T_DEFINED_) /* Apple define their own version - pcg */
- typedef unsigned long uint64_t; /* AES-GCM - pcg */
- #endif /* !_UINT64_T */
- # endif
diff --git a/cryptlib/patches/cl-use-ssh-ctr.patch b/cryptlib/patches/cl-use-ssh-ctr.patch
deleted file mode 100644
index 710f7b326c9ce338747171fbfd0ec3bca53c0880..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-use-ssh-ctr.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- misc/config.h.orig 2020-02-12 23:28:58.272135000 -0500
-+++ misc/config.h 2020-02-12 23:29:09.749355000 -0500
-@@ -13,6 +13,7 @@
- #define USE_SSH_EXTENDED
- #define USE_CERTLEVEL_STANDARD
- #define PREFER_ECC
-+#define USE_SSH_CTR
- /****************************************************************************
- * *
- * Custom Configuration Profiles *
diff --git a/cryptlib/patches/cl-vcxproj.patch b/cryptlib/patches/cl-vcxproj.patch
deleted file mode 100644
index 43066f19f8f697e6ba8c8e9722c8d4705c2da0cf..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-vcxproj.patch
+++ /dev/null
@@ -1,53 +0,0 @@
---- crypt32.vcxproj.orig 2018-01-03 01:05:54.648617000 -0500
-+++ crypt32.vcxproj 2018-01-03 01:14:08.964397000 -0500
-@@ -109,6 +109,8 @@
- <SmallerTypeCheck>false</SmallerTypeCheck>
- <AdditionalIncludeDirectories>.\</AdditionalIncludeDirectories>
- <ControlFlowGuard>false</ControlFlowGuard>
-+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-+ <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
- </ClCompile>
- <Link>
- <SubSystem>Windows</SubSystem>
-@@ -117,6 +119,7 @@
- <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
- <ManifestFile>$(IntDir)$(TargetName)$(TargetExt).intermediate.manifest</ManifestFile>
- <ModuleDefinitionFile>.\crypt32.def</ModuleDefinitionFile>
-+ <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
- <Profile>false</Profile>
- </Link>
- </ItemDefinitionGroup>
-@@ -131,6 +134,8 @@
- <SmallerTypeCheck>true</SmallerTypeCheck>
- <AdditionalIncludeDirectories>.\</AdditionalIncludeDirectories>
- <ControlFlowGuard>false</ControlFlowGuard>
-+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-+ <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
- </ClCompile>
- <Link>
- <SubSystem>Windows</SubSystem>
-@@ -160,6 +165,8 @@
- <ExceptionHandling>false</ExceptionHandling>
- <ControlFlowGuard>Guard</ControlFlowGuard>
- <WholeProgramOptimization>true</WholeProgramOptimization>
-+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-+ <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
- </ClCompile>
- <Link>
- <SubSystem>Windows</SubSystem>
-@@ -187,6 +194,8 @@
- <ExceptionHandling>false</ExceptionHandling>
- <StringPooling>true</StringPooling>
- <ControlFlowGuard>Guard</ControlFlowGuard>
-+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-+ <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
- </ClCompile>
- <Link>
- <SubSystem>Windows</SubSystem>
-@@ -607,4 +616,4 @@
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
- <ImportGroup Label="ExtensionTargets">
- </ImportGroup>
--</Project>
-\ No newline at end of file
-+</Project>
diff --git a/cryptlib/patches/cl-win32-build-fix.patch b/cryptlib/patches/cl-win32-build-fix.patch
deleted file mode 100644
index e58f9084f56622aabe90e0e169d84d6da7cf6e37..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-win32-build-fix.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ur ../tmp2/test/test.h ./test/test.h
---- ../tmp2/test/test.h 2019-03-05 01:02:18.000000000 -0500
-+++ ./test/test.h 2019-06-03 18:38:59.247777000 -0400
-@@ -308,7 +308,7 @@
- #define _OSSPEC_DEFINED
- #if !defined( __WIN32__ ) && ( defined( WIN32 ) || defined( _WIN32 ) )
- #define __WIN32__
-- #elif !defined( __WIN64__ ) defined( _M_X64 )
-+ #elif !defined( __WIN64__ ) && defined( _M_X64 )
- #define __WIN64__
- #endif /* Win32/Win64 */
- #define _OSSPEC_DEFINED
diff --git a/cryptlib/patches/cl-win32-noasm.patch b/cryptlib/patches/cl-win32-noasm.patch
deleted file mode 100644
index acbf4857ecadd9e7dd3120979a75c2b31b17e0ea..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-win32-noasm.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- crypt/osconfig.h.orig 2018-01-03 03:42:25.272822000 -0500
-+++ crypt/osconfig.h 2018-01-03 03:42:31.248117000 -0500
-@@ -23,7 +23,7 @@
- Any changes made here need to be reflected in os_spec.h */
- #if !( defined( _WIN32_WCE ) || defined( _M_X64 ) || \
- defined( __BORLANDC__ ) || defined( NO_ASM ) )
-- #define USE_ASM /* Always enabled for x86 Win32 */
-+ //#define USE_ASM /* Always enabled for x86 Win32 */
- #endif /* WinCE || x86-64 || Borland compilers */
- #endif /* OpenSSL Win32 not defined */
- #include <stdlib.h> /* For malloc() */
diff --git a/cryptlib/patches/cl-zlib.patch b/cryptlib/patches/cl-zlib.patch
deleted file mode 100644
index 65cdc98f91a90faa00f6375eee3d3510894c5287..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-zlib.patch
+++ /dev/null
@@ -1,17 +0,0 @@
---- ../tmp2/tools/ccopts.sh 2019-03-04 16:32:32.000000000 -0500
-+++ tools/ccopts.sh 2019-06-03 16:50:00.486529000 -0400
-@@ -259,10 +259,10 @@
- done
-
- fi
--if [ -f /usr/include/zlib.h ] ; then
-- echo " (Enabling use of system zlib)." >&2 ;
-- CCARGS="$CCARGS -DHAS_ZLIB" ;
--fi
-+#if [ -f /usr/include/zlib.h ] ; then
-+# echo " (Enabling use of system zlib)." >&2 ;
-+# CCARGS="$CCARGS -DHAS_ZLIB" ;
-+#fi
-
- # If we're building a development or analysis build, enable various unsafe
- # options that are normally disabled by default
diff --git a/cryptlib/patches/cl-zz-country.patch b/cryptlib/patches/cl-zz-country.patch
deleted file mode 100644
index 1449cc167a0f861432a643abc364f103d6e4a581..0000000000000000000000000000000000000000
--- a/cryptlib/patches/cl-zz-country.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- cert/dn.c.orig 2018-02-15 01:13:14.949502000 -0500
-+++ cert/dn.c 2018-02-15 01:13:55.474689000 -0500
-@@ -204,7 +204,7 @@
- /*W*/ xF| xS,
- /*X*/ 0,
- /*Y*/ xE| xT|xU,
-- /*Z*/ xA| xM| xW,
-+ /*Z*/ xA| xM| xW| xZ,
- 0, 0 /* Catch overflows */
- };
- const int cc0 = countryCode[ 0 ] - 'A';
diff --git a/cryptlib/patches/terminal-params.patch b/cryptlib/patches/terminal-params.patch
deleted file mode 100644
index 000fdebcd5a0155f9d7c2728cc10cd1bb4087a43..0000000000000000000000000000000000000000
--- a/cryptlib/patches/terminal-params.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-diff -ur ../tmp2/cryptlib.h ./cryptlib.h
---- ../tmp2/cryptlib.h 2021-03-13 02:55:28.589948000 -0500
-+++ ./cryptlib.h 2021-03-13 02:56:03.550287000 -0500
-@@ -1222,6 +1222,11 @@
- CRYPT_SESSINFO_SSL_EAPKEY, /* SSL/TLS EAP key */
- CRYPT_SESSINFO_TSP_MSGIMPRINT, /* TSP message imprint */
-
-+ /* Terminal attributes */
-+ CRYPT_SESSINFO_SSH_TERMINAL, /* TERM string sent to remote */
-+ CRYPT_SESSINFO_SSH_WIDTH, /* Terminal width */
-+ CRYPT_SESSINFO_SSH_HEIGHT, /* Terminal height */
-+
- /* Used internally */
- CRYPT_SESSINFO_LAST, CRYPT_USERINFO_FIRST = 7000,
-
-diff -ur ../tmp2/kernel/attr_acl.c ./kernel/attr_acl.c
---- ../tmp2/kernel/attr_acl.c 2021-03-13 02:55:42.258577000 -0500
-+++ ./kernel/attr_acl.c 2021-03-13 02:56:03.603279000 -0500
-@@ -3768,6 +3768,25 @@
- MKPERM_TSP( xWD_xWD ),
- ROUTE( OBJECT_TYPE_SESSION ), &objectCtxHash ),
-
-+ MKACL_S( /* SSH client: Read/write */
-+ CRYPT_SESSINFO_SSH_TERMINAL,
-+ ST_NONE, ST_NONE, ST_SESS_SSH,
-+ 0xffffffff /*MKPERM_SSH_EXT( RWD_RWD )*/,
-+ ROUTE( OBJECT_TYPE_SESSION ),
-+ RANGE( 1, CRYPT_MAX_TEXTSIZE ) ),
-+ MKACL_N( /* SSH client: Read/write */
-+ CRYPT_SESSINFO_SSH_WIDTH,
-+ ST_NONE, ST_NONE, ST_SESS_SSH,
-+ 0xffffffff /*MKPERM_SSH_EXT( RWD_RWD )*/,
-+ ROUTE( OBJECT_TYPE_SESSION ),
-+ RANGE( 1, 800 ) ),
-+ MKACL_N( /* SSH client: Read/write */
-+ CRYPT_SESSINFO_SSH_HEIGHT,
-+ ST_NONE, ST_NONE, ST_SESS_SSH,
-+ 0xffffffff /*MKPERM_SSH_EXT( RWD_RWD )*/,
-+ ROUTE( OBJECT_TYPE_SESSION ),
-+ RANGE( 1, 800 ) ),
-+
- MKACL_END(), MKACL_END()
- };
- #endif /* USE_SESSIONS */
-diff -ur ../tmp2/session/sess_attr.c ./session/sess_attr.c
---- ../tmp2/session/sess_attr.c 2021-03-13 02:55:28.307665000 -0500
-+++ ./session/sess_attr.c 2021-03-13 02:56:30.118602000 -0500
-@@ -565,6 +565,8 @@
- SESSION_FLAG_ISOPEN ) ? TRUE : FALSE;
- return( CRYPT_OK );
-
-+ case CRYPT_SESSINFO_SSH_HEIGHT:
-+ case CRYPT_SESSINFO_SSH_WIDTH:
- case CRYPT_SESSINFO_SERVER_PORT:
- case CRYPT_SESSINFO_CLIENT_PORT:
- {
-@@ -639,6 +641,7 @@
- return( CRYPT_ERROR_NOTFOUND );
- }
-
-+ case CRYPT_SESSINFO_SSH_TERMINAL:
- case CRYPT_SESSINFO_USERNAME:
- case CRYPT_SESSINFO_PASSWORD:
- /* If the session was resumed from cached information then the
-@@ -797,6 +800,13 @@
- return( status );
- }
-
-+ case CRYPT_SESSINFO_SSH_WIDTH:
-+ return( addSessionInfo( sessionInfoPtr,
-+ CRYPT_SESSINFO_SSH_WIDTH, value ) );
-+ case CRYPT_SESSINFO_SSH_HEIGHT:
-+ return( addSessionInfo( sessionInfoPtr,
-+ CRYPT_SESSINFO_SSH_HEIGHT, value ) );
-+
- case CRYPT_SESSINFO_SERVER_PORT:
- /* If there's already a network socket specified then we can't
- set a port as well */
-@@ -954,6 +964,9 @@
- return( addCredential( sessionInfoPtr, data, dataLength,
- attribute ) );
-
-+ case CRYPT_SESSINFO_SSH_TERMINAL:
-+ case CRYPT_SESSINFO_SSH_WIDTH:
-+ case CRYPT_SESSINFO_SSH_HEIGHT:
- case CRYPT_SESSINFO_SERVER_FINGERPRINT_SHA1:
- /* Remember the value */
- return( addSessionInfoS( sessionInfoPtr, attribute, data,
-@@ -1016,6 +1029,7 @@
- sessionInfoPtr->writeTimeout = CRYPT_ERROR;
- return( CRYPT_OK );
-
-+ case CRYPT_SESSINFO_SSH_TERMINAL:
- case CRYPT_SESSINFO_USERNAME:
- case CRYPT_SESSINFO_PASSWORD:
- case CRYPT_SESSINFO_SERVER_NAME:
-diff -ur ../tmp2/session/ssh2_msgc.c ./session/ssh2_msgc.c
---- ../tmp2/session/ssh2_msgc.c 2021-03-13 02:55:27.112993000 -0500
-+++ ./session/ssh2_msgc.c 2021-03-13 02:56:03.671662000 -0500
-@@ -448,6 +448,12 @@
- CHANNEL_WRITE );
- int packetOffset, status;
-
-+ MESSAGE_DATA term;
-+ BYTE termString[ CRYPT_MAX_TEXTSIZE + 8 ];
-+ int value;
-+
-+ term.data=termString;
-+ term.length=CRYPT_MAX_TEXTSIZE;
- assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) );
- assert( isWritePtr( stream, sizeof( STREAM ) ) );
-
-@@ -547,9 +553,18 @@
- writeUint32( stream, channelNo );
- writeString32( stream, "pty-req", 7 );
- sputc( stream, 0 ); /* No reply */
-- writeString32( stream, "xterm", 5 );/* Generic */
-- writeUint32( stream, 80 );
-- writeUint32( stream, 48 ); /* 48 x 80 (24 x 80 is so 1970s) */
-+ if( cryptStatusError( status = getSessionAttributeS( sessionInfoPtr, &term, CRYPT_SESSINFO_SSH_TERMINAL) ) )
-+ writeString32( stream, "xterm", 5 );/* Generic */
-+ else
-+ writeString32( stream, term.data, term.length );/* Generic */
-+ if( cryptStatusError( getSessionAttribute( sessionInfoPtr, &value, CRYPT_SESSINFO_SSH_WIDTH ) ) )
-+ writeUint32( stream, 80 );
-+ else
-+ writeUint32( stream, value);
-+ if( cryptStatusError( getSessionAttribute( sessionInfoPtr, &value, CRYPT_SESSINFO_SSH_HEIGHT ) ) )
-+ writeUint32( stream, 48 ); /* 48 x 80 (24 x 80 is so 1970s) */
-+ else
-+ writeUint32( stream, value);
- writeUint32( stream, 0 );
- writeUint32( stream, 0 ); /* No graphics capabilities */
- status = writeUint32( stream, 0 ); /* No special TTY modes */