From ef9b7e736d8c42b5e36b5ecade8dc2691009317e Mon Sep 17 00:00:00 2001
From: Nicolas Vigier <>
Date: Mon, 17 Jan 2022 11:40:29 +0100
Subject: [PATCH] Bug 40414: Add osslsigncode project

 ...0001-Make-code-work-with-OpenSSL-1.1.patch | 324 ++++++++++++++++++
 projects/osslsigncode/build                   |  19 +
 projects/osslsigncode/config                  |  17 +
 projects/osslsigncode/timestamping.patch      |  56 +++
 4 files changed, 416 insertions(+)
 create mode 100644 projects/osslsigncode/0001-Make-code-work-with-OpenSSL-1.1.patch
 create mode 100644 projects/osslsigncode/build
 create mode 100644 projects/osslsigncode/config
 create mode 100644 projects/osslsigncode/timestamping.patch

diff --git a/projects/osslsigncode/0001-Make-code-work-with-OpenSSL-1.1.patch b/projects/osslsigncode/0001-Make-code-work-with-OpenSSL-1.1.patch
new file mode 100644
index 000000000..e290ab0a5
--- /dev/null
+++ b/projects/osslsigncode/0001-Make-code-work-with-OpenSSL-1.1.patch
@@ -0,0 +1,324 @@
+From 86931f9d7c3d73b97010e598a5ad41ea4fab2b63 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= <>
+Date: Sun, 12 Mar 2017 23:00:12 +0100
+Subject: [PATCH] Make code work with OpenSSL 1.1.
+Changes in consist of:
+- Use EVP_MD_CTX_new/free API instead of on-stack allocation
+- Remove some M_ prefixes like for ASN1_IA5STRING_new
+- Remove pagehash functionality because it is useless to me and
+  fixing it would be a pain. Would require declaring a few
+  ASN_SEQUENCES and use that to get the required i2d functions
+  from what I could find out.
+- Remove OBJ_create calls that seem to serve no purpose,
+  now crash because NULL pointers are no longer handled
+  (who changes API that way?!) and even if that was fixed
+  lead to errors when these objects are later created
+  again/"for real" by OBJ_txt2nid or OBJ_txt2obj (I think,
+  did not investigate further).
+diff --git a/osslsigncode.c b/osslsigncode.c
+index 2978c02..3797458 100644
+--- a/osslsigncode.c
++++ b/osslsigncode.c
+@@ -450,16 +450,16 @@ static SpcSpOpusInfo* createOpus(const char *desc, const char *url)
+ 	if (desc) {
+ 		info->programName = SpcString_new();
+ 		info->programName->type = 1;
+-		info->programName->value.ascii = M_ASN1_IA5STRING_new();
+-		ASN1_STRING_set((ASN1_STRING *)info->programName->value.ascii,
++		info->programName->value.ascii = ASN1_IA5STRING_new();
++		ASN1_STRING_set(info->programName->value.ascii,
+ 						(const unsigned char*)desc, strlen(desc));
+ 	}
+ 	if (url) {
+ 		info->moreInfo = SpcLink_new();
+ 		info->moreInfo->type = 0;
+-		info->moreInfo->value.url = M_ASN1_IA5STRING_new();
+-		ASN1_STRING_set((ASN1_STRING *)info->moreInfo->value.url,
++		info->moreInfo->value.url = ASN1_IA5STRING_new();
++		ASN1_STRING_set(info->moreInfo->value.url,
+ 						(const unsigned char*)url, strlen(url));
+ 	}
+@@ -609,19 +609,20 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, const
+ 	if (rfc3161) {
+ 		unsigned char mdbuf[EVP_MAX_MD_SIZE];
+-		EVP_MD_CTX mdctx;
++		EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+-		EVP_MD_CTX_init(&mdctx);
+-		EVP_DigestInit(&mdctx, md);
+-		EVP_DigestUpdate(&mdctx, si->enc_digest->data, si->enc_digest->length);
+-		EVP_DigestFinal(&mdctx, mdbuf, NULL);
++		EVP_DigestInit(mdctx, md);
++		EVP_DigestUpdate(mdctx, si->enc_digest->data, si->enc_digest->length);
++		EVP_DigestFinal(mdctx, mdbuf, NULL);
++		EVP_MD_CTX_free(mdctx);
++		mdctx = NULL;
+ 		TimeStampReq *req = TimeStampReq_new();
+ 		ASN1_INTEGER_set(req->version, 1);
+ 		req->messageImprint->digestAlgorithm->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
+ 		req->messageImprint->digestAlgorithm->parameters = ASN1_TYPE_new();
+ 		req->messageImprint->digestAlgorithm->parameters->type = V_ASN1_NULL;
+-		M_ASN1_OCTET_STRING_set(req->messageImprint->digest, mdbuf, EVP_MD_size(md));
++		ASN1_OCTET_STRING_set(req->messageImprint->digest, mdbuf, EVP_MD_size(md));
+ 		req->certReq = (void*)0x1;
+ 		len = i2d_TimeStampReq(req, NULL);
+@@ -921,83 +922,8 @@ static const unsigned char classid_page_hash[] = {
+ 	0xAE, 0x05, 0xA2, 0x17, 0xDA, 0x8E, 0x60, 0xD6
+ };
+-static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe32plus,
+-									 unsigned int sigpos, int phtype, unsigned int *phlen);
+-#ifndef sk_ASN1_OCTET_STRING_new_null
+-#define sk_ASN1_OCTET_STRING_new_null() SKM_sk_new_null(ASN1_OCTET_STRING)
+-#define sk_ASN1_OCTET_STRING_free(st) SKM_sk_free(ASN1_OCTET_STRING, (st))
+-#define sk_ASN1_OCTET_STRING_push(st, val) SKM_sk_push(ASN1_OCTET_STRING, (st), (val))
+-#define i2d_ASN1_SET_OF_ASN1_OCTET_STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+-	SKM_ASN1_SET_OF_i2d(ASN1_OCTET_STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+-#ifndef sk_SpcAttributeTypeAndOptionalValue_new_null
+-#define sk_SpcAttributeTypeAndOptionalValue_new_null() SKM_sk_new_null(SpcAttributeTypeAndOptionalValue)
+-#define sk_SpcAttributeTypeAndOptionalValue_free(st) SKM_sk_free(SpcAttributeTypeAndOptionalValue, (st))
+-#define sk_SpcAttributeTypeAndOptionalValue_push(st, val) SKM_sk_push(SpcAttributeTypeAndOptionalValue, (st), (val))
+-#define i2d_SpcAttributeTypeAndOptionalValue(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+-	SKM_ASN1_SET_OF_i2d(SpcAttributeTypeAndOptionalValue, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+-static SpcLink *get_page_hash_link(int phtype, char *indata, unsigned int peheader, int pe32plus, unsigned int sigpos)
+-	unsigned int phlen;
+-	unsigned char *ph = calc_page_hash(indata, peheader, pe32plus, sigpos, phtype, &phlen);
+-	if (!ph) {
+-		fprintf(stderr, "Failed to calculate page hash\n");
+-		exit(-1);
+-	}
+-	M_ASN1_OCTET_STRING_set(ostr, ph, phlen);
+-	free(ph);
+-	STACK_OF(ASN1_OCTET_STRING) *oset = sk_ASN1_OCTET_STRING_new_null();
+-	sk_ASN1_OCTET_STRING_push(oset, ostr);
+-	unsigned char *p, *tmp;
+-	unsigned int l;
+-										  V_ASN1_SET, V_ASN1_UNIVERSAL, IS_SET);
+-	tmp = p = OPENSSL_malloc(l);
+-									  V_ASN1_SET, V_ASN1_UNIVERSAL, IS_SET);
+-	ASN1_OCTET_STRING_free(ostr);
+-	sk_ASN1_OCTET_STRING_free(oset);
+-	SpcAttributeTypeAndOptionalValue *aval = SpcAttributeTypeAndOptionalValue_new();
+-	aval->type = OBJ_txt2obj((phtype == NID_sha1) ? SPC_PE_IMAGE_PAGE_HASHES_V1 : SPC_PE_IMAGE_PAGE_HASHES_V2, 1);
+-	aval->value = ASN1_TYPE_new();
+-	aval->value->type = V_ASN1_SET;
+-	aval->value->value.set = ASN1_STRING_new();
+-	ASN1_STRING_set(aval->value->value.set, p, l);
+-	OPENSSL_free(p);
+-	STACK_OF(SpcAttributeTypeAndOptionalValue) *aset = sk_SpcAttributeTypeAndOptionalValue_new_null();
+-	sk_SpcAttributeTypeAndOptionalValue_push(aset, aval);
+-	l = i2d_SpcAttributeTypeAndOptionalValue(aset, NULL, i2d_SpcAttributeTypeAndOptionalValue,
+-											 V_ASN1_SET, V_ASN1_UNIVERSAL, IS_SET);
+-	tmp = p = OPENSSL_malloc(l);
+-	l = i2d_SpcAttributeTypeAndOptionalValue(aset, &tmp, i2d_SpcAttributeTypeAndOptionalValue,
+-											 V_ASN1_SET, V_ASN1_UNIVERSAL, IS_SET);
+-	sk_SpcAttributeTypeAndOptionalValue_free(aset);
+-	SpcAttributeTypeAndOptionalValue_free(aval);
+-	SpcSerializedObject *so = SpcSerializedObject_new();
+-	M_ASN1_OCTET_STRING_set(so->classId, classid_page_hash, sizeof(classid_page_hash));
+-	M_ASN1_OCTET_STRING_set(so->serializedData, p, l);
+-	OPENSSL_free(p);
+-	SpcLink *link = SpcLink_new();
+-	link->type = 1;
+-	link->value.moniker = so;
+-	return link;
+ static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, file_type_t type,
+-								   int pagehash, char *indata, unsigned int peheader, int pe32plus,
++								   char *indata, unsigned int peheader, int pe32plus,
+ 								   unsigned int sigpos)
+ {
+ 	static const unsigned char msistr[] = {
+@@ -1024,14 +950,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, fi
+ 	} else if (type == FILE_TYPE_PE) {
+ 		SpcPeImageData *pid = SpcPeImageData_new();
+ 		ASN1_BIT_STRING_set(pid->flags, (unsigned char*)"0", 0);
+-		if (pagehash) {
+-			int phtype = NID_sha1;
+-			if (EVP_MD_size(md) > EVP_MD_size(EVP_sha1()))
+-				phtype = NID_sha256;
+-			pid->file = get_page_hash_link(phtype, indata, peheader, pe32plus, sigpos);
+-		} else {
+-			pid->file = get_obsolete_link();
+-		}
++		pid->file = get_obsolete_link();
+ 		l = i2d_SpcPeImageData(pid, NULL);
+ 		p = OPENSSL_malloc(l);
+ 		i2d_SpcPeImageData(pid, &p);
+@@ -1046,7 +965,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, fi
+ 		ASN1_INTEGER_set(si->d, 0);
+ 		ASN1_INTEGER_set(si->e, 0);
+ 		ASN1_INTEGER_set(si->f, 0);
+-		M_ASN1_OCTET_STRING_set(si->string, msistr, sizeof(msistr));
++		ASN1_OCTET_STRING_set(si->string, msistr, sizeof(msistr));
+ 		l = i2d_SpcSipInfo(si, NULL);
+ 		p = OPENSSL_malloc(l);
+ 		i2d_SpcSipInfo(si, &p);
+@@ -1068,7 +987,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, fi
+ 	hashlen = EVP_MD_size(md);
+ 	hash = OPENSSL_malloc(hashlen);
+ 	memset(hash, 0, hashlen);
+-	M_ASN1_OCTET_STRING_set(idc->messageDigest->digest, hash, hashlen);
++	ASN1_OCTET_STRING_set(idc->messageDigest->digest, hash, hashlen);
+ 	OPENSSL_free(hash);
+ 	*len  = i2d_SpcIndirectDataContent(idc, NULL);
+@@ -1923,19 +1842,18 @@ static void calc_pe_digest(BIO *bio, const EVP_MD *md, unsigned char *mdbuf,
+ 						   unsigned int peheader, int pe32plus, unsigned int fileend)
+ {
+ 	static unsigned char bfb[16*1024*1024];
+-	EVP_MD_CTX mdctx;
++	EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+-	EVP_MD_CTX_init(&mdctx);
+-	EVP_DigestInit(&mdctx, md);
++	EVP_DigestInit(mdctx, md);
+ 	memset(mdbuf, 0, EVP_MAX_MD_SIZE);
+ 	(void)BIO_seek(bio, 0);
+ 	BIO_read(bio, bfb, peheader + 88);
+-	EVP_DigestUpdate(&mdctx, bfb, peheader + 88);
++	EVP_DigestUpdate(mdctx, bfb, peheader + 88);
+ 	BIO_read(bio, bfb, 4);
+ 	BIO_read(bio, bfb, 60+pe32plus*16);
+-	EVP_DigestUpdate(&mdctx, bfb, 60+pe32plus*16);
++	EVP_DigestUpdate(mdctx, bfb, 60+pe32plus*16);
+ 	BIO_read(bio, bfb, 8);
+ 	unsigned int n = peheader + 88 + 4 + 60+pe32plus*16 + 8;
+@@ -1946,11 +1864,12 @@ static void calc_pe_digest(BIO *bio, const EVP_MD *md, unsigned char *mdbuf,
+ 		int l = BIO_read(bio, bfb, want);
+ 		if (l <= 0)
+ 			break;
+-		EVP_DigestUpdate(&mdctx, bfb, l);
++		EVP_DigestUpdate(mdctx, bfb, l);
+ 		n += l;
+ 	}
+-	EVP_DigestFinal(&mdctx, mdbuf, NULL);
++	EVP_DigestFinal(mdctx, mdbuf, NULL);
++	EVP_MD_CTX_free(mdctx);
+ }
+@@ -2019,16 +1938,15 @@ static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe
+ 	int phlen = pphlen * (3 + nsections + sigpos / pagesize);
+ 	unsigned char *res = malloc(phlen);
+ 	unsigned char *zeroes = calloc(pagesize, 1);
+-	EVP_MD_CTX mdctx;
+-	EVP_MD_CTX_init(&mdctx);
+-	EVP_DigestInit(&mdctx, md);
+-	EVP_DigestUpdate(&mdctx, indata, peheader + 88);
+-	EVP_DigestUpdate(&mdctx, indata + peheader + 92, 60 + pe32plus*16);
+-	EVP_DigestUpdate(&mdctx, indata + peheader + 160 + pe32plus*16, hdrsize - (peheader + 160 + pe32plus*16));
+-	EVP_DigestUpdate(&mdctx, zeroes, pagesize - hdrsize);
++	EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
++	EVP_DigestInit(mdctx, md);
++	EVP_DigestUpdate(mdctx, indata, peheader + 88);
++	EVP_DigestUpdate(mdctx, indata + peheader + 92, 60 + pe32plus*16);
++	EVP_DigestUpdate(mdctx, indata + peheader + 160 + pe32plus*16, hdrsize - (peheader + 160 + pe32plus*16));
++	EVP_DigestUpdate(mdctx, zeroes, pagesize - hdrsize);
+ 	memset(res, 0, 4);
+-	EVP_DigestFinal(&mdctx, res + 4, NULL);
++	EVP_DigestFinal(mdctx, res + 4, NULL);
+ 	unsigned short sizeofopthdr = GET_UINT16_LE(indata + peheader + 20);
+ 	char *sections = indata + peheader + 24 + sizeofopthdr;
+@@ -2040,18 +1958,20 @@ static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe
+ 		unsigned int l;
+ 		for (l=0; l < rs; l+=pagesize, pi++) {
+ 			PUT_UINT32_LE(ro + l, res + pi*pphlen);
+-			EVP_DigestInit(&mdctx, md);
++			EVP_DigestInit(mdctx, md);
+ 			if (rs - l < pagesize) {
+-				EVP_DigestUpdate(&mdctx, indata + ro + l, rs - l);
+-				EVP_DigestUpdate(&mdctx, zeroes, pagesize - (rs - l));
++				EVP_DigestUpdate(mdctx, indata + ro + l, rs - l);
++				EVP_DigestUpdate(mdctx, zeroes, pagesize - (rs - l));
+ 			} else {
+-				EVP_DigestUpdate(&mdctx, indata + ro + l, pagesize);
++				EVP_DigestUpdate(mdctx, indata + ro + l, pagesize);
+ 			}
+-			EVP_DigestFinal(&mdctx, res + pi*pphlen + 4, NULL);
++			EVP_DigestFinal(mdctx, res + pi*pphlen + 4, NULL);
+ 		}
+ 		lastpos = ro + rs;
+ 		sections += 40;
+ 	}
++	EVP_MD_CTX_free(mdctx);
++	mdctx = NULL;
+ 	PUT_UINT32_LE(lastpos, res + pi*pphlen);
+ 	memset(res + pi*pphlen + 4, 0, EVP_MD_size(md));
+ 	pi++;
+@@ -2413,7 +2333,7 @@ int main(int argc, char **argv)
+ 	int nturl = 0, ntsurl = 0;
+ 	int addBlob = 0;
+ 	u_char *p = NULL;
+-	int ret = 0, i, len = 0, jp = -1, pe32plus = 0, comm = 0, pagehash = 0;
++	int ret = 0, i, len = 0, jp = -1, pe32plus = 0, comm = 0;
+ 	unsigned int tmp, peheader = 0, padlen = 0;
+ 	off_t filesize, fileend, sigfilesize, sigfileend, outdatasize;
+ 	file_type_t type;
+@@ -2448,13 +2368,6 @@ int main(int argc, char **argv)
+ 	ERR_load_crypto_strings();
+ 	OPENSSL_add_all_algorithms_conf();
+-	/* create some MS Authenticode OIDS we need later on */
+-		DO_EXIT_0("Failed to add objects\n");
+ 	md = EVP_sha1();
+ 	if (argc > 1) {
+@@ -2531,8 +2444,6 @@ int main(int argc, char **argv)
+ 			readpass = *(++argv);
+ 		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-comm")) {
+ 			comm = 1;
+-		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-ph")) {
+-			pagehash = 1;
+ 		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-n")) {
+ 			if (--argc < 1) usage(argv0);
+ 			desc = *(++argv);
+@@ -3243,7 +3154,7 @@ int main(int argc, char **argv)
+ 		p7x = NULL;
+ 	}
+-	get_indirect_data_blob(&p, &len, md, type, pagehash, indata, peheader, pe32plus, fileend);
++	get_indirect_data_blob(&p, &len, md, type, indata, peheader, pe32plus, fileend);
+ 	len -= EVP_MD_size(md);
+ 	memcpy(buf, p, len);
+ 	OPENSSL_free(p);
diff --git a/projects/osslsigncode/build b/projects/osslsigncode/build
new file mode 100644
index 000000000..0f7ae9be7
--- /dev/null
+++ b/projects/osslsigncode/build
@@ -0,0 +1,19 @@
+[% c("var/set_default_env") -%]
+mkdir -p $distdir/[% project %]
+tar xf [% project %]-[% c('version') %].tar.gz
+cd [% project %]-[% c('version') %]
+patch -p1 < ../0001-Make-code-work-with-OpenSSL-1.1.patch
+patch -p1 < ../timestamping.patch
+./configure --prefix=/[% project %]
+make DESTDIR=$distdir install
+cd $distdir
+[% c('tar', {
+        tar_src => [ project ],
+        tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
+        }) %]
diff --git a/projects/osslsigncode/config b/projects/osslsigncode/config
new file mode 100644
index 000000000..03dbcbad3
--- /dev/null
+++ b/projects/osslsigncode/config
@@ -0,0 +1,17 @@
+# vim: filetype=yaml sw=2
+version: '[% c("abbrev") %]'
+git_hash: e72a1937d1a13e87074e4584f012f13e03fc1d64
+filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
+  container:
+    use_container: 0
+  deps:
+    - autoconf
+    - libtool
+    - pkg-config
+    - libssl-dev
+    - libcurl4-openssl-dev
+  - filename: 0001-Make-code-work-with-OpenSSL-1.1.patch
+  - filename: timestamping.patch
diff --git a/projects/osslsigncode/timestamping.patch b/projects/osslsigncode/timestamping.patch
new file mode 100644
index 000000000..94b52614a
--- /dev/null
+++ b/projects/osslsigncode/timestamping.patch
@@ -0,0 +1,56 @@
+From 28b384e77fa0d4dd38751a0c72ab5976d2e38f75 Mon Sep 17 00:00:00 2001
+From: Georg Koppen <>
+Date: Fri, 5 Feb 2016 09:23:10 +0000
+Subject: [PATCH] Allow timestamping with the 'add' command
+diff --git a/osslsigncode.c b/osslsigncode.c
+index 32e37c8..2978c02 100644
+--- a/osslsigncode.c
++++ b/osslsigncode.c
+@@ -2556,16 +2556,16 @@ int main(int argc, char **argv)
+ 			if (--argc < 1) usage(argv0);
+ 			url = *(++argv);
+ #ifdef ENABLE_CURL
+-		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-t")) {
++		} else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-t")) {
+ 			if (--argc < 1) usage(argv0);
+ 			turl[nturl++] = *(++argv);
+-		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-ts")) {
++		} else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-ts")) {
+ 			if (--argc < 1) usage(argv0);
+ 			tsurl[ntsurl++] = *(++argv);
+-		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-p")) {
++		} else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-p")) {
+ 			if (--argc < 1) usage(argv0);
+ 			proxy = *(++argv);
+-		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-noverifypeer")) {
++		} else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-noverifypeer")) {
+ 			noverifypeer = 1;
+ #endif
+ 		} else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-addUnauthenticatedBlob")) {
+From 8159546dfa270da0e3512dcba983ce15029111d0 Mon Sep 17 00:00:00 2001
+From: Georg Koppen <>
+Date: Sat, 11 Apr 2020 05:50:36 +0000
+Subject: [PATCH] fixup! Allow timestamping with the 'add' command
+diff --git a/osslsigncode.c b/osslsigncode.c
+index 3797458..4f4b897 100644
+--- a/osslsigncode.c
++++ b/osslsigncode.c
+@@ -2447,7 +2447,7 @@ int main(int argc, char **argv)
+ 		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-n")) {
+ 			if (--argc < 1) usage(argv0);
+ 			desc = *(++argv);
+-		} else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-h")) {
++		} else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-h")) {
+ 			if (--argc < 1) usage(argv0);
+ 			++argv;
+ 			if (!strcmp(*argv, "md5")) {