summaryrefslogtreecommitdiff
path: root/CryptoPkg/Library
AgeCommit message (Collapse)AuthorFilesLines
2020-05-15CryptoPkg/opensslconf.h: Covert the file ending to dos formatZhichao Gao1-340/+340
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 Convert file ending of the crypto created openssl config file - opensslconf.h from '\n' to '\r\n' to make align the line ending and pass the patch check. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Liming Gao <liming.gao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
2020-05-15CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithmZhichao Gao12-660/+9
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 HMAC SHA1 is not secure any longer. Remove the HMAC SHA1 support from edk2. Change the HMAC SHA1 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
2020-05-15CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithmZhichao Gao12-659/+9
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 HMAC MD5 is not secure any longer. Remove the HMAC MD5 support from edk2. Change the HMAC MD5 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
2020-05-15CryptoPkg/OpensslLib: Remove the Aes Ecb file in the OpensslLibZhichao Gao3-2/+1
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 Add the unrequired aes_ecb files in process_files.pl and run it thru perl. It would remove the unrequired aes_ecb files from OpensslLib inf. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
2020-05-15CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithmZhichao Gao4-294/+0
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 Aes Ecb mode is not secure any longer. Remove the Aes Ecb mode support from edk2. Change the Aes Ecb mode field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
2020-05-15CryptoPkg/OpensslLib: Set TDES disable in OpensslLibZhichao Gao4-42/+4
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 This patch is create by adding the setting "no_des" of process_files.pl and running it thru perl. It would remove the TDES from OpensslLib. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
2020-05-15CryptoPkg/BaseCryptLib: Retire the TDES algorithmZhichao Gao13-920/+14
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 TDES is not secure any longer. Remove the Tdes support from edk2. Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
2020-05-15CryptoPkg/OpensslLib: Set ARC4 disable in OpensslLibZhichao Gao4-6/+4
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 This patch is create by adding the setting "no_rc4" of process_files.pl and running it thru perl. It would remove the ARC4 from OpensslLib. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
2020-05-15CryptoPkg/BaseCryptLib: Retire ARC4 algorithmZhichao Gao12-614/+9
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 ARC4 is not secure any longer. Remove the ARC4 support from edk2. Change the ARC4 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
2020-05-15CryptoPkg/OpensslLib: Set MD4 disable in OpensslLibZhichao Gao4-6/+4
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 This patch is create by adding the setting "no_md4" of process_files.pl and running it thru perl. It would remove the MD4 from OpensslLib. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
2020-05-15CryptoPkg/BaseCrpytLib: Retire MD4 algorithmZhichao Gao12-688/+16
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 MD4 is not secure any longer. Remove the MD4 support from edk2. Change the MD4 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
2020-05-06CryptoPkg/Pkcs7: Extend support for other OID typesGuomin Jiang1-1/+66
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2539 Microsoft signtool supports creation of attached P7's with any OID payload via the "/p7co" parameter. It is necessary to check the data before get the string. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-04-08CryptoPkg/BaseHashApiLib: Rename BaseHashApiLib by HashApiLibGuoMinJ1-1/+1
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2552 According to CryptoPkg.dsc, the library class only have HashApiLib, so i think the BaseHashApiLib should be considered as base name rather than library class. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
2020-04-08CryptoPkg/BaseCryptLibOnProtocolPpi: Add missing commentsGuoMinJ1-0/+9
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2552 DxeCryptLibConstructor have no comments for it, add comments for it. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
2020-04-03CryptoPkg: Add RISC-V architecture for EDK2 CI.Abner Chang10-9/+25
Add RISC-V architecture for EDK2 CI testing. BZ:2562: https://bugzilla.tianocore.org/show_bug.cgi?id=2562 Signed-off-by: Abner Chang <abner.chang@hpe.com> Co-authored-by: Daniel Schaefer <daniel.schaefer@hpe.com> Reviewed-by: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Gilbert Chen <gilbert.chen@hpe.com>
2020-03-10CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL buildZurcher, Christopher J2-4/+0
This is enabling a future EVP implementation to utilize the EVP_get_digestbyname() function. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Christopher J Zurcher <christopher.j.zurcher@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2020-03-10CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing loopZurcher, Christopher J3-66/+66
This prevents the .inf files from being randomized after every run of process_files.pl. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Christopher J Zurcher <christopher.j.zurcher@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2020-02-19CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with TPM 2.0 ImplementationAmol N Sukerkar1-84/+37
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2511 This commit aligns the baseHashApiLib with TPM 2.0 Implementation as follows: - Remove reference to MD4 and MD5 algorithms as they are deprecated - Align the enumerations for hashing algoerithms with the one used in TPM 2.0 implementation defined in IndustryStandard/Tpm20.h. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Amol N Sukerkar <amol.n.sukerkar@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-02-10CryptoPkg/OpensslLib: Fix few typosAntoine Coeur2-5/+5
Fix few typos in comments. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Antoine Coeur <coeur@gmx.fr> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <20200207010831.9046-2-philmd@redhat.com>
2020-02-07CryptoPkg/Library: Add BaseCryptLibOnProtocolPpi instancesMichael D Kinney8-0/+4741
https://bugzilla.tianocore.org/show_bug.cgi?id=2420 Based on the following package with changes to merge into CryptoPkg. https://github.com/microsoft/mu_plus/tree/dev/201908/SharedCryptoPkg Add the PeiCryptLib, DxeCryptLib, and SmmCryptLib instances of the BaseCryptLib library classes that are implemented using the services of EDK II Crypto Protocols/PPIs. These library instances all set a dependency expression on the EDK II Crypto Protocols/PPIs, so any modules that use these library instances are not dispatched until the modules that produce the EDK II Crypto Protocols/PPIs are dispatched. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-02-07CryptoPkg/BaseCryptLib: Add X509ConstructCertificateStackV().Michael D Kinney3-12/+102
https://bugzilla.tianocore.org/show_bug.cgi?id=2420 Add X509ConstructCertificateStackV() to BaseCryptLib that is identical in behavior to X509ConstructCertificateStack(), but it takes a VA_LIST parameter for the variable argument list. The VA_LIST form of this function is required for BaseCryptLib functions to be wrapped in a Protocol/PPI. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-02-04CryptoPkg/BaseCryptLibNull: Add missing HkdfSha256ExtractAndExpand()Michael D Kinney2-1/+45
https://bugzilla.tianocore.org/show_bug.cgi?id=2493 The BaseCryptLib was expanded to add the HkdfSha256ExtractAndExpand() service in the following commit: https://github.com/tianocore/edk2/commit/4b1b7c1913092d73d689d8086dcfa579c0217dc8 When BaseCryptLibNull was added in the commit below, this new service was not included. https://github.com/tianocore/edk2/commit/d95de082da01f4a4cb3ebf87e15972a12d0f8d53 Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-02-03CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation APIAmol N Sukerkar3-0/+391
https://bugzilla.tianocore.org/show_bug.cgi?id=2151 This commit introduces a Unified Hash API to calculate hash using a hashing algorithm specified by the PCD, PcdHashApiLibPolicy. This library interfaces with the various hashing API, such as, MD4, MD5, SHA1, SHA256, SHA512 and SM3_256 implemented in BaseCryptLib. The user can calculate the desired hash by setting PcdHashApiLibPolicy to appropriate value. This feature is documented in the Bugzilla, https://bugzilla.tianocore.org/show_bug.cgi?id=2151. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Amol N Sukerkar <amol.n.sukerkar@intel.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
2020-01-20CryptoPkg/BaseCryptLib: remove HmacXxxGetContextSize interfaceJian J Wang9-223/+9
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1792 Hmac(Md5|Sha1|Sha256)GetContextSize() use a deprecated macro HMAC_MAX_MD_CBLOCK defined in openssl. They should be dropped to avoid misuses in the future. For context allocation and release, use HmacXxxNew() and HmacXxxFree() instead. Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
2020-01-20CryptoPkg/BaseCryptLib: replace HmacXxxInit API with HmacXxxSetKeyJian J Wang9-75/+54
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1792 HmacXxxInit() is supposed to be initialize user supplied buffer as HMAC context, as well as user supplied key. Currently it has no real use cases. Due to BZ1792, the user has no way to get correct size of context buffer after it's fixed, and then cannot make use of HmacXxxInit to initialize it. So it's decided to replace it with HmacXxxSetKey to keep the functionality of supplying a key to HMAC, but drop all other initialization works. The user can still get HMAC context via HmacXxxNew interface, which hides the details about the context. Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
2020-01-08CryptoPkg: Support for SHA384 & SHA512 RSA signing schemesPavana.K2-6/+22
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2389 Currently RSA signing scheme support is available for MD5, SHA-1 or SHA-256 algorithms.The fix is to extend this support for SHA384 and SHA512. Cc: Liming Gao <liming.gao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Bob Feng <bob.c.feng@intel.com> Signed-off-by: Pavana.K <pavana.k@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-12-02CryptoPkg/OpensslLib.inf: list OpenSSL local header "ms/uplink.h"Laszlo Ersek1-0/+1
Commit 8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF file", 2019-08-16) incorrectly placed "ms/uplink.h" in the auto-generated part of [Sources], in "OpensslLib.inf". ("ms/uplink.h" was added in the right spot in "OpensslLibCrypto.inf".) Subsequently, when commit 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update process_files.pl to generate .h files", 2019-10-30) re-generated that part of "OpensslLib.inf", the "ms/uplink.h" file reference was lost. This triggers a warning from the "build" utility now. Name the header file in the right spot in [Sources]. This change makes "OpensslLib.inf" consistent with "OpensslLibCrypto.inf". Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Leif Lindholm <leif.lindholm@linaro.org> Cc: Shenglei Zhang <shenglei.zhang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Fixes: 8906f076de35b222a7d62bcf6ed1a4a2498a5791 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2019-12-02CryptoPkg/OpensslLib: improve INF file consistencyLaszlo Ersek1-3/+2
When diffing "OpensslLib.inf" against "OpensslLibCrypto.inf", the *only* differences should be: - BASE_NAME, MODULE_UNI_FILE, and FILE_GUID are expected to differ, in [Defines]; - "OpensslLib.inf" is expected to list "$(OPENSSL_PATH)/ssl/..." source files in the auto-generated part of the [Sources] section. Commit 8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF file", 2019-08-16) broke that invariant, by adding "buildinf.h" and "rand_pool_noise.h" in different order to both INF files. Fix that order in "OpensslLib.inf" now. (Note that this does not re-establish full consistency between both INF files -- it just highlights another problem, which we'll fix in the next patch.) Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Leif Lindholm <leif.lindholm@linaro.org> Cc: Shenglei Zhang <shenglei.zhang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Fixes: 8906f076de35b222a7d62bcf6ed1a4a2498a5791 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2019-11-15CryptoPkg CryptoLib: Update tool chain name to CLANGPDBLiming Gao6-6/+6
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2341 Signed-off-by: Liming Gao <liming.gao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-11-05CryptoPkg: Upgrade OpenSSL to 1.1.1dShenglei Zhang5-2/+49
Upgrade openssl from 1.1.1b to 1.1.1d. Something needs to be noticed is that, there is a bug existing in the released 1_1_1d version(894da2fb7ed5d314ee5c2fc9fd2d9b8b74111596), which causes build failure. So we switch the code base to a usable version, which is 2 commits later than the stable tag. Now we use the version c3656cc594daac8167721dde7220f0e59ae146fc. This log is to fix the build failure. https://bugzilla.tianocore.org/show_bug.cgi?id=2226 Besides, the absense of "DSO_NONE" in dso_conf.h causes build failure in OvmfPkg. So update process_files.pl to generate information from "crypto/include/internal/dso_conf.h.in". shm.h and utsname.h are added to avoid GCC build failure. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Liming Gao <liming.gao@intel.com> Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com>
2019-11-02CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address literals as such ↵Laszlo Ersek1-4/+24
(CVE-2019-14553) Using the inet_pton() function that we imported in the previous patches, recognize if "HostName" is an IP address literal, and then parse it into binary representation. Passing the latter to OpenSSL for server certificate validation is important, per RFC-2818 <https://tools.ietf.org/html/rfc2818#section-3.1>: > In some cases, the URI is specified as an IP address rather than a > hostname. In this case, the iPAddress subjectAltName must be present in > the certificate and must exactly match the IP in the URI. Note: we cannot use X509_VERIFY_PARAM_set1_ip_asc() because in the OpenSSL version that is currently consumed by edk2, said function depends on sscanf() for parsing IPv4 literals. In "CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c", we only provide an empty -- always failing -- stub for sscanf(), however. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Sivaraman Nainar <sivaramann@amiindia.co.in> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960 CVE: CVE-2019-14553 Suggested-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2019-11-02CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553)Laszlo Ersek3-0/+259
For TianoCore BZ#1734, StdLib has been moved from the edk2 project to the edk2-libc project, in commit 964f432b9b0a ("edk2: Remove AppPkg, StdLib, StdLibPrivateInternalFiles", 2019-04-29). We'd like to use the inet_pton() function in CryptoPkg. Resurrect the "inet_pton.c" file from just before the StdLib removal, as follows: $ git show \ 964f432b9b0a^:StdLib/BsdSocketLib/inet_pton.c \ > CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c The inet_pton() function is only intended for the DXE phase at this time, therefore only the "BaseCryptLib" instance INF file receives the new file. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Sivaraman Nainar <sivaramann@amiindia.co.in> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960 CVE: CVE-2019-14553 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2019-11-02CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553)Laszlo Ersek6-0/+61
In a later patch in this series, we're going to resurrect "inet_pton.c" (originally from the StdLib package). That source file has a number of standard C and BSD socket dependencies. Provide those dependencies here: - The header files below will simply #include <CrtLibSupport.h>: - arpa/inet.h - arpa/nameser.h - netinet/in.h - sys/param.h - sys/socket.h - EAFNOSUPPORT comes from "StdLib/Include/errno.h", at commit e2d3a25f1a31; which is the commit immediately preceding the removal of StdLib from edk2 (964f432b9b0a). Note that the other error macro, which we alread #define, namely EINVAL, has a value (22) that also matches "StdLib/Include/errno.h". - The AF_INET and AF_INET6 address family macros come from "StdLib/Include/sys/socket.h". - The NS_INT16SZ, NS_INADDRSZ and NS_IN6ADDRSZ macros come from "StdLib/Include/arpa/nameser.h". - The "u_int" and "u_char" types come from "StdLib/Include/sys/types.h". Cc: David Woodhouse <dwmw2@infradead.org> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Sivaraman Nainar <sivaramann@amiindia.co.in> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960 CVE: CVE-2019-14553 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2019-11-02CryptoPkg/Crt: turn strchr() into a function (CVE-2019-14553)Laszlo Ersek2-1/+6
According to the ISO C standard, strchr() is a function. We #define it as a macro. Unfortunately, our macro evaluates the first argument ("str") twice. If the expression passed for "str" has side effects, the behavior may be undefined. In a later patch in this series, we're going to resurrect "inet_pton.c" (originally from the StdLib package), which calls strchr() just like that: strchr((xdigits = xdigits_l), ch) strchr((xdigits = xdigits_u), ch) To enable this kind of function call, turn strchr() into a function. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Sivaraman Nainar <sivaramann@amiindia.co.in> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960 CVE: CVE-2019-14553 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2019-11-02CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost" (CVE-2019-14553)Wu, Jiaxin1-1/+37
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960 CVE: CVE-2019-14553 In the patch, we add the new API "TlsSetVerifyHost" for the TLS protocol to set the specified host name that need to be verified. Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20190927034441.3096-3-Jiaxin.wu@intel.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Sivaraman Nainar <sivaramann@amiindia.co.in> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-10-30CryptoPkg/OpensslLib: Update process_files.pl to generate .h filesShenglei Zhang3-98/+129
There are missing headers added into INF files at 8906f076de35b222a.. They are now manually added but not auto-generated. So we update the perl script to enable this feature. Meanwhile, update the order of the .h files in INF files, which are auto-generated now. https://bugzilla.tianocore.org/show_bug.cgi?id=2085 Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
2019-10-24CryptoPkg IntrinsicLib: Make _fltused always be usedLiming Gao1-2/+8
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1603 With this change, global variable _fltused will not be removed by LTO Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
2019-10-24CryptoPkg: Append options to make CLANG9 tool chain pass buildLiming Gao6-0/+6
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1603 Disable warning reported from CLANG9. Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-10-23CryptoPkg: Add Null instance of the BaseCryptLib classSean Brogan28-0/+3400
https://bugzilla.tianocore.org/show_bug.cgi?id=2257 Add a Null instance of the BaseCryptLib class. This lib instance can be used as a template for new implementations of the BaseCryptLib class and can also be used to reduce CI build times for build checks that depend on the BaseCryptLib class. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-10-23CryptoPkg: Add Null instance of the TlsLib classSean Brogan6-0/+1047
https://bugzilla.tianocore.org/show_bug.cgi?id=2258 Add a Null instance of the TlsLib class. This lib instance can be used as a template for new implementations of the TlsLib class and can also be used to reduce CI build times for build checks that depend on the TlsLib class. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-08-19CryptoPkg: Fix coding styleShenglei Zhang2-2/+2
Update attribute "Out" to "out". The original "Out" can not pass ECC check. Cc: Jian Wang <jian.j.wang@intel.com> Cc: Ting Ye <ting.ye@intel.com> Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-08-16CryptoPkg/OpensslLib: Add missing header files in INF fileShenglei Zhang2-1/+111
The header files are used but missing in INF,which causes warning message when building them. https://bugzilla.tianocore.org/show_bug.cgi?id=2036 Cc: Jian Wang <jian.j.wang@intel.com> Cc: Ting Ye <ting.ye@intel.com> Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-08-15CryptoPkg/OpensslLib: remove clone commandsJian J Wang1-16/+2
https://bugzilla.tianocore.org/show_bug.cgi?id=1910 edk2/Readme.md has added a section to explain the correct clone commands for submodules. Detailed steps in the OpenSSL-HOWTO.txt are removed to avoid any inconsistency. Cc: Leif Lindholm <leif.lindholm@linaro.org> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <liming.gao@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> Reviewed-by: Liming Gao <liming.gao@intel.com>
2019-08-09CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithmGary West6-3/+122
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1928 1. Implement OpenSSL HKDF wrapped function in CryptHkdf.c file. 2. Implement stub implementation function in CryptHkdfNull.c file. 3. Add wrapped HKDF function declaration to BaseCryptLib.h file. 4. Add CryptHkdf.c to module information BaseCryptLib.inf file. 5. Add CryptHkdfNull.c to module information PeiCryptLib.inf, RuntimeCryptLib.inf and SmmCryptLib.inf Signed-off-by: Gary West <Gary.West@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Cc: Ting Ye <ting.ye@intel.com> Reviewed-by: Jian Wang <jian.j.wang@intel.com>
2019-07-31CryptoPkg/BaseCryptLib: Use cmp-operator for non-Boolean comparisonsZhichao Gao1-8/+8
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2027 Refer to CSS_2_1 5.7.2.1 "Non-Boolean comparisons must use a compare operator (==, !=, >, < >=, <=).", use compare operator for the non-boolean comparisons. Cc: Jian Wang <jian.j.wang@intel.com> Cc: Ting Ye <ting.ye@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-07-23CryptoPkg/BaseCryptLib: list module-internal header files in INF [Sources]Laszlo Ersek3-0/+3
The BaseTools build feature introduced for TianoCore#1804 / in commit 1fa6699e6cd4 ("BaseTools: Add a checking for Sources section in INF file", 2019-06-10) logs some (non-fatal) warnings about unlisted internal header files. List those files explicitly. Note: header files are added in lexicographical order only if the underlying INF file already keeps the [Sources] and [LibraryClasses] sections in lexicographical order. Otherwise, header files are added in rough "logical" order. Cc: Jian Wang <jian.j.wang@intel.com> Cc: Ting Ye <ting.ye@intel.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-25CryptoPkg/OpensslLib: Exclude err_all.c in process_files.plXiaoyu Lu1-0/+1
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1881 Commit(0a1b13fd4d2210e2c3) fix VS2017 build failure remove useless file in OpensslLib[Crypto].inf, but we use process_files.pl to generate files. So exclude err_all.c file in process_files.pl Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Ting Ye <ting.ye@intel.com> Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-21CryptoPkg/OpensslLib: disable autoload-config for OpenSSLXiaoyu Lu2-0/+4
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1926 This problem was found by Rebecca Cran <rebecca@bluestop.org>. REF: https://edk2.groups.io/g/devel/topic/32100684 OpenSSL will automatically load a system config file which configures default ssl options. In UEFI, It will cause TlsInitialize failed without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature, So disable it. Re-run process_files.py to generate OpensslLib[Crypto].inf files. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com> Reviewed-by: Rebecca Cran <rebecca@bluestop.org> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-21CryptoPkg/OpensslLib: Fix CR/LF issueLu, XiaoyuX1-40/+40
Re-run process_files.py to generate OpensslLib[Crypto].inf. CryptoPkg/Library/Include/openssl/opensslconf.h is coped from OpenSSL, So keep the CR/LF style like OpenSSL source file. Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-08CryptoPkg/BaseCryptLib: Wrap OpenSSL SM3 algorithmLu, XiaoyuX5-0/+238
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1861 1. Implement OpenSSL SM3 wrapped functions in CryptSm3.c file. 2. Add wrapped SM3 functions declaration to BaseCryptLib.h file. 3. Add CryptSm3.c to each module information file. Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>