Changes to get Security and Heimdal building

platform-include/ApplicationServices

@@ -1 +0,0 @@
-../src/ApplicationServices/include/ApplicationServices/

platform-include/CommonCrypto

@@ -0,0 +1 @@
+../src/CommonCrypto/CommonCrypto/

platform-include/CoreFoundation

@@ -1 +0,0 @@
-../src/external/corefoundation/

platform-include/corecrypto

@@ -0,0 +1 @@
+../src/external/corecrypto/include/corecrypto/

platform-include/dispatch

@@ -1 +1 @@
-../src/external/libdispatch/dispatch
+../src/external/libdispatch/include/dispatch/

platform-include/dns.h

@@ -0,0 +1 @@
+../src/libresolv/dns.h

platform-include/sqlite3_private.h

@@ -0,0 +1 @@
+../src/external/sqlite/include/sqlite3_private.h

platform-include/unicode

@@ -0,0 +1 @@
+../src/external/icu/icuSources/common/unicode/

src/CMakeLists.txt

@@ -74,6 +74,9 @@ include_directories(
 	${CMAKE_CURRENT_SOURCE_DIR}/libiconv/include
 	${CMAKE_CURRENT_SOURCE_DIR}/ncurses/include
 	${CMAKE_CURRENT_SOURCE_DIR}/libc/include/NetBSD
+	${CMAKE_CURRENT_SOURCE_DIR}/external/corefoundation/include
+	${CMAKE_CURRENT_SOURCE_DIR}/external/foundation/include
+	${CMAKE_CURRENT_SOURCE_DIR}/external/syslog/libsystem_asl.tproj/include
 )
 
 add_subdirectory(external/libkqueue)
@@ -132,8 +135,6 @@ add_subdirectory(CoreServices)
 #add_subdirectory(ApplicationServices)
 #add_subdirectory(VideoDecodeAcceleration)
 add_subdirectory(DiskArbitration)
-#add_subdirectory(DebugSymbols)
-add_subdirectory(external/Heimdal)
 add_subdirectory(xar)
 add_subdirectory(libedit)
 add_subdirectory(external/libclosure)
@@ -147,8 +148,8 @@ add_subdirectory(external/expat)
 #add_subdirectory(external/libauto)
 add_subdirectory(external/libarchive/libarchive)
 add_subdirectory(external/apr)
-#add_subdirectory(external/corecrypto)
-#add_subdirectory(external/security) # work in progress
+add_subdirectory(external/corecrypto)
+add_subdirectory(external/security)
 add_subdirectory(sandbox)
 add_subdirectory(xcselect)
 #add_subdirectory(Cocoa)
@@ -196,6 +197,7 @@ add_subdirectory(ImageIO)
 add_subdirectory(login)
 add_subdirectory(DebugSymbols)
 add_subdirectory(external/bsm)
+add_subdirectory(external/Heimdal)
 
 add_subdirectory(external/libcxxabi)
 add_subdirectory(external/libcxx)

src/CommonCrypto/CommonCrypto/CommonCryptorSPI.h

@@ -0,0 +1,196 @@
+/*
+ * Copyright (c) 2010 Apple Inc. All Rights Reserved.
+ * 
+ * @APPLE_LICENSE_HEADER_START@
+ * 
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ * 
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#ifndef	_CC_CryptorSPI_H_
+#define _CC_CryptorSPI_H_
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdint.h>
+
+#include <string.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <Availability.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+	This is an SPI header.  It includes some work in progress implementation notes that
+	will be removed when this is promoted to an API set.
+*/
+
+/*
+	Cipher Modes
+*/
+
+enum {
+	kCCModeECB		= 1,
+	kCCModeCBC		= 2,
+	kCCModeCFB		= 3,
+	kCCModeCTR		= 4,
+	kCCModeF8		= 5, // Unimplemented for now (not included)
+	kCCModeLRW		= 6, // Unimplemented for now (not included)
+	kCCModeOFB		= 7,
+	kCCModeXTS		= 8,
+	kCCModeRC4		= 9, // RC4 as a streaming cipher is handled internally as a mode.
+	kCCModeCFB8		= 10,
+};
+typedef uint32_t CCMode;
+
+/*
+	Padding for block ciphers
+*/
+
+enum {
+	ccDefaultPadding	= 0,
+	ccPKCS7Padding		= 1,
+	ccANSIx923Padding	= 2, // Unimplemented for now (not included)
+	ccISO10126Padding	= 3, // Unimplemented for now (not included)
+};
+typedef uint32_t CCPadding;
+
+/*
+	Mode options - so far only used for CTR mode
+*/
+
+enum {
+	kCCModeOptionCTR_LE	= 0x0001, // CTR Mode Little Endian
+	kCCModeOptionCTR_BE = 0x0002  // CTR Mode Big Endian
+};
+
+typedef uint32_t CCModeOptions;
+
+/*
+	Supports a mode call of 
+	int mode_setup(int cipher, const unsigned char *IV, const unsigned char *key, int keylen, 
+		const unsigned char *tweak, int tweaklen, int num_rounds, int options, mode_context *ctx);
+*/
+
+/* User supplied space for the CryptorRef */
+
+CCCryptorStatus CCCryptorCreateFromDataWithMode(
+	CCOperation 	op,				/* kCCEncrypt, kCCEncrypt, kCCBoth (default for BlockMode) */
+	CCMode			mode,
+	CCAlgorithm		alg,
+	CCPadding		padding,		
+	const void 		*iv,			/* optional initialization vector */
+	const void 		*key,			/* raw key material */
+	size_t 			keyLength,	
+	const void 		*tweak,			/* raw tweak material */
+	size_t 			tweakLength,	
+	int				numRounds,
+	CCModeOptions 	options,
+	const void		*data,			/* caller-supplied memory */
+	size_t			dataLength,		/* length of data in bytes */
+	CCCryptorRef	*cryptorRef,	/* RETURNED */
+	size_t			*dataUsed)		/* optional, RETURNED */
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+
+/* This version mallocs the CCCryptorRef */
+
+CCCryptorStatus CCCryptorCreateWithMode(
+	CCOperation 	op,				/* kCCEncrypt, kCCEncrypt, kCCBoth (default for BlockMode) */
+	CCMode			mode,
+	CCAlgorithm		alg,
+	CCPadding		padding,		
+	const void 		*iv,			/* optional initialization vector */
+	const void 		*key,			/* raw key material */
+	size_t 			keyLength,	
+	const void 		*tweak,			/* raw tweak material */
+	size_t 			tweakLength,	
+	int				numRounds,		/* 0 == default */
+	CCModeOptions 	options,
+	CCCryptorRef	*cryptorRef)	/* RETURNED */
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+
+/*
+	Assuming we can use existing CCCryptorCreateFromData for all modes serviced by these:
+	int mode_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, mode_context *ctx);
+	int mode_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, mode_context *ctx);
+*/
+
+/*
+	Block mode encrypt and decrypt interfaces for IV tweaked blocks (XTS and CBC)
+	
+	int mode_encrypt_tweaked(const unsigned char *pt, unsigned long len, unsigned char *ct, const unsigned char *tweak, mode_context *ctx);
+	int mode_decrypt_tweaked(const unsigned char *ct, unsigned long len, unsigned char *pt, const unsigned char *tweak, mode_context *ctx);
+*/
+
+CCCryptorStatus CCCryptorEncryptDataBlock(
+	CCCryptorRef cryptorRef,
+	const void *iv,
+	const void *dataIn,
+	size_t dataInLength,
+	void *dataOut)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+
+
+CCCryptorStatus CCCryptorDecryptDataBlock(
+	CCCryptorRef cryptorRef,
+	const void *iv,
+	const void *dataIn,
+	size_t dataInLength,
+	void *dataOut)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+
+/*
+	Assuming we can use the existing CCCryptorRelease() interface for 
+	int mode_done(mode_context *ctx);
+*/
+
+/*
+	Not surfacing these other than with CCCryptorReset()
+	
+	int mode_setiv(const unsigned char *IV, unsigned long len, mode_context *ctx);
+	int mode_getiv(const unsigned char *IV, unsigned long *len, mode_context *ctx);
+*/
+    
+/*
+    DES key utilities
+*/
+    
+CCCryptorStatus CCDesIsWeakKey(
+                               void *key,
+                               size_t Length)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+
+void CCDesSetOddParity(
+                       void *key,
+                       size_t Length)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+
+uint32_t CCDesCBCCksum(void *input, void *output,
+                       size_t length, void *key, size_t keylen,
+                       void *ivec)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+    
+    
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _CC_CryptorSPI_H_ */

src/CommonCrypto/CommonCrypto/CommonRandom.h

@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2014 Apple Inc. All Rights Reserved.
+ * 
+ * @APPLE_LICENSE_HEADER_START@
+ * 
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ * 
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+//
+//  CommonRandom.h
+//  CommonCrypto
+
+#ifndef CommonCrypto_CommonRandom_h
+#define CommonCrypto_CommonRandom_h
+
+#if defined(__cplusplus)
+extern "C" {
+#endif	
+
+typedef CCCryptorStatus CCRNGStatus;
+    
+/*!
+ @function      CCRandomGenerateBytes
+ 
+ @abstract      Return random bytes in a buffer allocated by the caller.
+ 
+ @discussion    The PRNG returns cryptographically strong random
+                bits suitable for use as cryptographic keys, IVs, nonces etc.
+ 
+ @param         bytes   Pointer to the return buffer.
+ @param         count   Number of random bytes to return.
+
+ @result        Return kCCSuccess on success.
+ */
+
+CCRNGStatus CCRandomGenerateBytes(void *bytes, size_t count)
+__OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0);
+    
+#if defined(__cplusplus)
+}
+#endif
+
+#endif

src/CommonCrypto/CommonCrypto/CommonRandomSPI.h

@@ -0,0 +1,234 @@
+#ifndef  COMMONRANDOM_H
+#define  COMMONRANDOM_H 1
+
+/*
+ *  CommonRandom.h
+ *
+ * Copyright © 2010-2011 by Apple, Inc. All rights reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ * 
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ * 
+ * @APPLE_LICENSE_HEADER_END@
+ *
+ */
+
+#include <dispatch/dispatch.h>
+#include <dispatch/queue.h>
+#include <Availability.h>
+#include <stdint.h>
+#include <sys/types.h>
+#include <CommonCrypto/CommonCryptor.h>
+
+/*!
+
+	@header     CommonRNG.h
+	@abstract   An interface to a system random number generator. This module
+	            provides a managed way either to get random numbers from a
+	            NIST-approved random number generator or /dev/random. The NIST
+	            random number generator gets its entropy from /dev/random, but
+	            operates 9x-10x faster than it.
+
+    @discussion It is inconvenient to call system random number generators
+				directly. In the simple case of calling /dev/random, the caller
+				has to open the device and close it in addition to managing it
+				while it's open. This module has as its immediate raison d'<EFBFBD>tre
+				the inconvenience of doing this. It manages a file descriptor to
+				/dev/random including the exception processing of what happens
+				in a fork() and exec(). Call CCRandomCopyBytes() and all the
+				fiddly bits are managed for you. Just get on with whatever you
+				were really trying to do.
+				
+				More importantly, though, it also manages a FIPS 140-compliant
+				way to get random numbers. NIST created in their document SP
+				800-90 a new type of AES-based "Deterministic Random Bit
+				Generator" (DRBG) (what is often called a PRNG) and guidelines
+				on how to use it. There are two reasons to prefer it over
+				directly calling /dev/random. It's a standard and immediately
+				compliant with FIPS 140, and it is dramatically faster per-byte.
+				For complete disclosure, this implements an AES-CTR DRBG with
+				derivation function using AES-128 as the cipher and prediction
+				resistance.
+
+				Thus, we provide two RNGs to call, kCCRandomDefault (the NIST
+				one) and kCCRandomDevRandom (a managed wrapper around
+				/dev/random). If you are doing anything involving security, call
+				the default one. You'll be glad you did, because it does much
+				security-related housekeeping for you and you don't have to
+				think about it. Really.
+
+				In implementation details, the first time you call
+				CCRandomCopyBytes(), it will open up /dev/random and seed the RNG
+				with 64 bytes. After each call, there is a reseed operation that
+				happens on an async GCD queue that reseeds with 32 bytes and a
+				nonce from mach_absolute_time(). All access to the internal DRBG
+				is serialized through a GCD queue and is therefore thread safe. 
+
+				Should you need to create your own RNG context or have a secondary
+				RNG context, CCRNGCreate() and CCRNGRelease() will let you create
+				an RNG yourself and then call CCRandomCopyBytes() with that 
+				context.
+ */
+
+#include <CommonCrypto/CommonRandom.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+    @typedef    CCRandomRef
+    @abstract   Abstract Reference to a random number generator.
+
+*/
+#ifndef  COMMONRANDOMPRIV_H // Check for the private header
+typedef struct __CCRandom *CCRandomRef;
+#endif
+
+/*!
+ @function      CCRandomCopyBytes
+ 
+ @abstract      Return random bytes in a buffer allocated by the caller.
+ 
+ @discussion    The default PRNG returns cryptographically strong random 
+                bits suitable for use as cryptographic keys, IVs, nonces etc.
+                
+ @param         rnd     The random number generator to use. Pre-defined values:
+                        kCCRandomDefault, the NIST AES-based one and
+                        kCCRandomDevRandom, /dev/random itself.
+ 
+						Alternately, you can create one with CCRNGCreate().
+ 
+ @param         bytes   Pointer to the return buffer.
+ @param         count   Number of random bytes to return.
+
+ @result        Return kCCSuccess on success.  Other values are ...
+ */
+
+int CCRandomCopyBytes(CCRandomRef rnd, void *bytes, size_t count)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
+	
+extern const CCRandomRef kCCRandomDefault
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
+	
+extern const CCRandomRef kCCRandomDevRandom
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
+
+/*!
+ @function      CCRNGCreate
+ 
+ @abstract      Create an RNG context.
+ 
+ @discussion    This creates a CCRandomRef that you can then pass into
+				CCRandomCopyBytes(). Only call this if you need to create
+				your own context. You can call CCRandomCopyBytes() with this
+				context. Remember to release it.
+ 
+ @param			options	Option flags. See below. Unless you have a very
+						good reason, just use kCCRNGOptionCryptoRNG.
+ 
+ @param			rngRef	A pointer to a CCRandomRef.
+ 
+ @result		Returns kCCSuccess on success.
+ 
+ 
+ */
+	
+CCRNGStatus
+CCRNGCreate(uint32_t options, CCRandomRef *rngRef)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
+
+/*!
+ @function      CCRNGRelease
+ 
+ @abstract      Release an RNG context.
+ 
+ @discussion    This releases and deallocates a context.
+ 
+ @param			rng		A CCRandomRef.
+ 
+ @result		Returns kCCSuccess on success.
+ 
+ 
+ */
+
+CCRNGStatus
+CCRNGRelease(CCRandomRef rng)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
+
+	
+/*
+ Options flags
+ 
+ The option flags are not exposed through the default use of CCRandomGetBytes(). 
+ They are only exposed through direct use of a CCRandomRef.
+
+ The polarity is reversed here for two reasons. One is that I want people to
+ think before they make a non-FIPS, predictable RNG. If you're doing any sort of
+ crypto, you want FIPS and you want prediction resistance. Prediction resistance
+ reseeds after every query which is slightly slower, but more secure. Non-FIPS
+ is about 20% faster for very large reads, where very large means well over a MB
+ per get, which you will probably never do. If you pull under 500 bytes from the
+ RNG, there is *NO* change in performance for non-FIPS.
+
+ Non-FIPS makes two changes. First, it increments the counter in machine-natural
+ order, which on little-endian machines makes a very small performance
+ improvement. It saves you two byte-swaps for every 32-bit increment of the
+ counter, for every int that has to be incremented, which is admittedly not
+ much. It is so much not much that this is a compile-time option in the DRBG,
+ and likely to be turned off.
+
+ But something that makes a difference is that it  reads from the DRBG in one
+ lump sum, instead of in 500 byte chunks, as FIPS demands. On a 50MB test, runs
+ about 20% faster, but obviously for 500 bytes would run the same.
+
+ Arguably, we should remove the non-FIPS thing because in most circumstances it
+ matters naught. Also, as we've said before, if you're interested in security,
+ you shouldn't be worrying about a small performance tweaks.
+
+ Prediction resistance re-seeds the DRBG after every request with 32 bytes from
+ /dev/random and a timestamp from mach_absolute_time(). This is a legitimate
+ thing you might want and a difference between a "random" and a "urandom"
+ variant.
+ 
+*/
+
+enum {
+	kCCRNGOptionIgnoreFIPS				= 0x00000001,
+	kCCRNGOptionNoPredictionResistance	= 0x00000002,
+	
+	kCCRNGOptionCryptoRNG				= 0x00000000,
+};
+    
+// Accessor functions to get the rng "states" for internal Security Framework
+// use.
+#include <corecrypto/ccdrbg.h>
+#include <corecrypto/ccrng_system.h>
+
+struct ccrng_state *ccDevRandomGetRngState(void)
+__OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0);
+
+struct ccrng_state *ccDRBGGetRngState(void)
+__OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0);
+
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* COMMONRANDOM_H */
+

src/CommonCrypto/Source/CommonCryptoSPI/CommonDigestSPI.h

@@ -24,16 +24,21 @@
 #ifndef	_CC_DigestSPI_H_
 #define _CC_DigestSPI_H_
 
+#include <stdint.h>
+#include <sys/types.h>
+
 #include <Availability.h>
+
 #ifdef __cplusplus
 extern "C" {
 #endif
     
 
 /*!
-    @enum       CCDigestAlg
+    @enum       CCDigestAlgorithm
     @abstract   Algorithms implemented in this module.
 
+    @constant 	kCCDigestNone		Digest Selector for "no digest"
     @constant 	kCCDigestMD2		MD2 digest
     @constant 	kCCDigestMD4		MD4 digest
     @constant 	kCCDigestMD5		MD5 digest
@@ -55,6 +60,7 @@ extern "C" {
  */
 
 enum {
+    kCCDigestNone               = 0,
 	kCCDigestMD2				= 1,
 	kCCDigestMD4				= 2,
 	kCCDigestMD5				= 3,
@@ -67,14 +73,18 @@ enum {
 	kCCDigestSHA256				= 10,
 	kCCDigestSHA384				= 11,
 	kCCDigestSHA512				= 12,
-	kCCDigestSkein128			= 13,
-	kCCDigestSkein160			= 14,
-	kCCDigestSkein224			= 16,
-	kCCDigestSkein256			= 17,
-	kCCDigestSkein384			= 18,
-	kCCDigestSkein512			= 19,
+	kCCDigestSkein128			= 13, // Deprecated in iPhoneOS 6.0 and MacOSX10.9
+	kCCDigestSkein160			= 14, // Deprecated in iPhoneOS 6.0 and MacOSX10.9
+	kCCDigestSkein224			= 16, // Deprecated in iPhoneOS 6.0 and MacOSX10.9
+	kCCDigestSkein256			= 17, // Deprecated in iPhoneOS 6.0 and MacOSX10.9
+	kCCDigestSkein384			= 18, // Deprecated in iPhoneOS 6.0 and MacOSX10.9
+	kCCDigestSkein512			= 19, // Deprecated in iPhoneOS 6.0 and MacOSX10.9
 };
-typedef uint32_t CCDigestAlg;
+typedef uint32_t CCDigestAlgorithm;
+
+// Hold this until Heimdal has changed.
+
+#define CCDigestAlg CCDigestAlgorithm
 
 /*!
     @typedef    CCDigestCtx
@@ -86,6 +96,22 @@ typedef struct CCDigestCtx_t {
     uint8_t context[CC_DIGEST_SIZE];
 } CCDigestCtx, *CCDigestRef;
 
+#define CC_RMD128_DIGEST_LENGTH   16          /* digest length in bytes */
+#define CC_RMD128_BLOCK_BYTES     64          /* block size in bytes */
+#define CC_RMD128_BLOCK_LONG      (CC_RMD128_BLOCK_BYTES / sizeof(CC_LONG))
+    
+#define CC_RMD160_DIGEST_LENGTH   20          /* digest length in bytes */
+#define CC_RMD160_BLOCK_BYTES     64          /* block size in bytes */
+#define CC_RMD160_BLOCK_LONG      (CC_RMD160_BLOCK_BYTES / sizeof(CC_LONG))
+    
+#define CC_RMD256_DIGEST_LENGTH   32          /* digest length in bytes */
+#define CC_RMD256_BLOCK_BYTES     64          /* block size in bytes */
+#define CC_RMD256_BLOCK_LONG      (CC_RMD256_BLOCK_BYTES / sizeof(CC_LONG))
+    
+#define CC_RMD320_DIGEST_LENGTH   40          /* digest length in bytes */
+#define CC_RMD320_BLOCK_BYTES     64          /* block size in bytes */
+#define CC_RMD320_BLOCK_LONG      (CC_RMD320_BLOCK_BYTES / sizeof(CC_LONG))
+    
 /**************************************************************************/
 /* SPI Only                                                               */
 /**************************************************************************/
@@ -108,8 +134,9 @@ typedef struct CCDigestCtx_t {
  */
 
 int 
-CCDigestInit(CCDigestAlg algorithm, CCDigestRef ctx)
-__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+CCDigestInit(CCDigestAlgorithm algorithm, CCDigestRef ctx)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
+
 
 
 /**************************************************************************/
@@ -134,9 +161,9 @@ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
  */
 
 int
-CCDigest(CCDigestAlg algorithm, 
+CCDigest(CCDigestAlgorithm algorithm, 
          const uint8_t *data, size_t length, uint8_t *output)
-__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
 
 /*!
     @function   CCDigestCreate
@@ -144,12 +171,12 @@ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
     
     @param      algorithm   Digest algorithm to setup. 
     
-    returns 0 on success.
+    returns a pointer to a digestRef on success.
  */
 
 CCDigestRef
-CCDigestCreate(CCDigestAlg alg)
-__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+CCDigestCreate(CCDigestAlgorithm alg)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
 
 /*!
     @function   CCDigestUpdate
@@ -164,7 +191,7 @@ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
  
 int
 CCDigestUpdate(CCDigestRef ctx, const void *data, size_t length)
-__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
 
 /*!
     @function   CCDigestFinal
@@ -178,7 +205,7 @@ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
 
 int
 CCDigestFinal(CCDigestRef ctx, uint8_t *output)
-__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
 /*!
     @function   CCDigestDestroy
     @abstract   Clear and free a CCDigestCtx
@@ -189,7 +216,7 @@ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
 
 void
 CCDigestDestroy(CCDigestRef ctx)
-__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
 
 /*!
     @function   CCDigestReset
@@ -200,10 +227,10 @@ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
  
 void
 CCDigestReset(CCDigestRef ctx)
-__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
 
 /*!
-    @function   CCDigestInterrimResult
+    @function   CCDigestRefGetDigest
     @abstract   Produce the digest output result for the bytes currently
                 processed.
     
@@ -214,11 +241,39 @@ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
  */
 
 int
-CCDigestInterrimResult(CCDigestRef ctx, uint8_t *output)
-__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+CCDigestGetDigest(CCDigestRef ctx, uint8_t *output)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
 
 /*!
- @function   CCDigestBlockSize
+ @function   CCDigestGetBlockSize
+ @abstract   Provides the block size of the digest algorithm
+ 
+ @param      algorithm         A digest algorithm selector.
+ 
+ returns 0 on failure or the block size on success.
+ */
+    
+size_t
+CCDigestGetBlockSize(CCDigestAlgorithm algorithm) 
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
+
+
+    
+/*!
+ @function   CCDigestGetOutputSize
+ @abstract   Provides the digest output size of the digest algorithm
+ 
+ @param      algorithm         A digest algorithm selector.
+ 
+ returns 0 on failure or the digest output size on success.
+ */
+
+size_t
+CCDigestGetOutputSize(CCDigestAlgorithm algorithm)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
+
+/*!
+ @function   CCDigestGetBlockSizeFromRef
  @abstract   Provides the block size of the digest algorithm
  
  @param      ctx         A digest context.
@@ -226,12 +281,18 @@ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
  returns 0 on failure or the block size on success.
  */
     
+size_t
+CCDigestGetBlockSizeFromRef(CCDigestRef ctx) 
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
+
+// Until Heimdal Changes
+// #define CCDigestBlockSize CCDigestGetBlockSizeFromRef
 size_t
 CCDigestBlockSize(CCDigestRef ctx) 
 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
-    
+
 /*!
- @function   CCDigestOutputSize
+ @function   CCDigestGetOutputSizeFromRef
  @abstract   Provides the digest output size of the digest algorithm
  
  @param      ctx         A digest context.
@@ -239,9 +300,31 @@ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
  returns 0 on failure or the digest output size on success.
  */
 
+size_t
+CCDigestGetOutputSizeFromRef(CCDigestRef ctx)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
+
+// Until Heimdal Changes
+// #define CCDigestOutputSize CCDigestGetOutputSizeFromRef
 size_t
 CCDigestOutputSize(CCDigestRef ctx)
-__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
+
+
+   
+uint8_t *
+CCDigestOID(CCDigestRef ctx)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
+
+size_t
+CCDigestOIDLen(CCDigestRef ctx)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
+
+CCDigestRef
+CCDigestCreateByOID(uint8_t *OID, size_t OIDlen)
+__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0);
+    
+
     
 #ifdef __cplusplus
 }

src/external/Heimdal

@@ -1 +1 @@
-Subproject commit 2a0216ef3851c9bd0b68de631e71f1db0dbb70af
+Subproject commit 41bba3ab7b0cd88b0a1547056838c29be2fa06d6

src/external/commoncrypto

@@ -1 +1 @@
-Subproject commit 2d5107079b0069a1a024d5215398247ffd73b090
+Subproject commit 3a8a31b2aad023a1eb1ae101e73db6dc126a9f1d

src/external/corecrypto

@@ -1 +1 @@
-Subproject commit 9af99efa56cb9638f452383c38e43a354ae2d667
+Subproject commit 6e1b1f7db2796d78410e30b621861cf1f32bdcfd

src/external/corefoundation

@@ -1 +1 @@
-Subproject commit 9f7c99bb2ba8d585b3eef72f322d39554b507c29
+Subproject commit 5a22df59f962368ab4668fc254191bd7c6144e4c

src/external/libdispatch

@@ -1 +1 @@
-Subproject commit 63577dd7f7f64876bf6f3de74c68f8e33c6af897
+Subproject commit a4006fbab58ba0e939331fbd25119fe3dde4147a

src/external/libxpc

@@ -1 +1 @@
-Subproject commit 1d45b0579297dfcd81b947165b08d6dbf20d094c
+Subproject commit f4d47e4b8becd36c9b7222bc32bf9eb780ca2e24

src/external/security

@@ -1 +1 @@
-Subproject commit 325bfab8d0d683112895c0869082278e0550e500
+Subproject commit 2843ffb03711d1467ea61101a08ab589528c5162

src/external/sqlite

@@ -1 +1 @@
-Subproject commit 6a4f1e51c1b074083372a04ccab61e433bbff1e6
+Subproject commit 0a795d118da04d9d86aa351530601dde3f43e6ee

src/kernel/emulation/linux/signal/sigaction.h

@@ -57,9 +57,15 @@ struct linux_siginfo
 typedef void (bsd_sig_handler)(int, struct bsd_siginfo*, void*);
 typedef void (linux_sig_handler)(int, struct linux_siginfo*, void*);
 
+#ifndef SIG_DFL
 #define SIG_DFL (bsd_sig_handler*)0
+#endif
+#ifndef SIG_IGN
 #define SIG_IGN (bsd_sig_handler*)1
+#endif
+#ifndef SIG_ERR
 #define SIG_ERR ((bsd_sig_handler*)-1l)
+#endif
 
 struct bsd_sigaction
 {

src/libc/os/activity.h

@@ -28,6 +28,7 @@
 #include <stdint.h>
 #include <stdbool.h>
 #include <mach-o/loader.h>
+#include <MacTypes.h>
 
 __BEGIN_DECLS
 

src/libsystem/CMakeLists.txt

@@ -44,7 +44,7 @@ add_circular(system FAT
 target_link_libraries(system PRIVATE system_malloc system_c system_kernel keymgr sandbox
 	system_m system_info system_notify system_quarantine libdispatch_shared launch compiler_rt
 	removefile system_copyfile unwind system_coreservices system_dyld macho CommonCrypto
-	system_pthread platform system_asl system_duct system_blocks xpc) # objc
+	system_pthread platform system_asl system_duct system_blocks xpc corecrypto) # objc
 set_target_properties(system PROPERTIES OUTPUT_NAME "System.B")
 set_property(TARGET system APPEND_STRING PROPERTY LINK_FLAGS
 	" -sub_library libsystem_malloc \
@@ -73,6 +73,7 @@ set_property(TARGET system APPEND_STRING PROPERTY LINK_FLAGS
 	-sub_library libsystem_asl \
 	-sub_library libdispatch \
 	-sub_library libxpc \
+	-sub_library libcorecrypto \
 	-Wl,-compatibility_version,1.0.0 \
 	-Wl,-current_version,1238.0.0")