summaryrefslogtreecommitdiff
path: root/CryptoPkg
AgeCommit message (Collapse)AuthorFilesLines
2017-03-29CryptoPkg: Update PK Cipher Wrappers work with opaque objects.Qin Long7-249/+218
OpenSSL-1.1.xx makes most data structures opaque. This patch updates Public Key Cipher Wrapper implementations in BaseCryptLib to use the accessor APIs for opaque object access. The impacted interfaces includes RSA, DH, X509, PKCS7, etc. Cc: Ting Ye <ting.ye@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Ronald Cron <ronald.cron@arm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Gary Lin <glin@suse.com>
2017-03-29CryptoPkg: Update HMAC Wrapper with opaque HMAC_CTX object.Qin Long7-29/+411
OpenSSL-1.1.xx makes most data structures opaque. This patch updated HMAC Wrapper implementation with opaque HMAC_CTX object. The HmacXXGetContextSize() is marked as deprecated, and updated to use the fixed HMAC_CTX size, which is just kept for compatibility. New APIs (HmacXXNew(), HmacXXFree()) were added as the recommended HMAC_CTX usage interfaces for HMAC-XXXX operations. Cc: Ting Ye <ting.ye@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Ronald Cron <ronald.cron@arm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com>
2017-03-29CryptoPkg: Add extra build option to disable VS build warningQin Long6-8/+38
openssl/include/openssl/lhash.h will bring C4090 build warning issue, which is one known issue for OpenSSL under Visual Studio toolchain. Refer to https://github.com/openssl/openssl/issues/2214 for more discussions against this. Use /wd4090 to silence this build warning until OpenSSL fix this. Cc: Ting Ye <ting.ye@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Ronald Cron <ronald.cron@arm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
2017-03-29CryptoPkg: Clean-up CRT Library Wrapper.Qin Long39-731/+346
Cleaning-up CRT Library Wrapper for the third-party cryptography library building. The changes includes 1. Rename OpenSslSupport.h to CrtLibSupport.h for future alternative crypto provider support. 2. Remove all un-referenced CRT APIs and headers. (NOTE: More cleans-up could be possible after OpenSSL integrate the extra PR request: https://github.com/openssl/openssl/pull/2961) Cc: Ting Ye <ting.ye@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Ronald Cron <ronald.cron@arm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Gary Lin <glin@suse.com>
2017-03-29CryptoPkg: Fix handling of &strcmp function pointersQin Long2-3/+8
In a couple of places, OpenSSL code uses the address of the strcmp() function, and assigns it to another comparator function pointer. Unfortunately, this falls foul of the inconsistent function ABI that we use in EDKII. We '#define strcmp AsciiStrCmp' but AsciiStrCmp is an EFIAPI function with the Microsoft ABI. And we're assigning its address to a non-EFIAPI function, which may well have a different ABI. Fix this by providing an actual strcmp() function in the default ABI. We already *had* a prototype for it in OpenSslSupport.h, which was then superseded by the #define strcmp AsciiStrCmp. Now, OpenSSL code *can* use &strcmp without problems. Cc: Ting Ye <ting.ye@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Ronald Cron <ronald.cron@arm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Gary Lin <glin@suse.com>
2017-03-29CryptoPkg/OpensslLib: Add new OpenSSL-HOWTO document.Qin Long2-1/+54
Add one new OpenSSL-HOWTO.txt to introduce how to clone / download the latest OpenSSL release source for build. ALso update buildinf.h to reflect the latest update time. Cc: Ting Ye <ting.ye@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Ronald Cron <ronald.cron@arm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Gary Lin <glin@suse.com> Tested-by: Gary Lin <glin@suse.com>
2017-03-29CryptoPkg/OpensslLib: Add new Perl script for file list generation.Qin Long2-110/+223
OpenSSL-1.1.0xx configure mechanism was updated with new configdata. This patch update process_file.sh script to new Perl-based script for auto generation of file list and openssl config file (opensslconf.h). This only needs to be done once by a developer when updating to a new version of OpenSSL (or changing options, etc.). Normal users do not need to do this, since the results are already stored in the EDK2 git repository. Cc: Ting Ye <ting.ye@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Ronald Cron <ronald.cron@arm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com>
2017-03-29CryptoPkg/OpensslLib: Remove patch file and installation scripts.Qin Long4-2317/+0
This patch removes the EDKII-openssl-xxxx.patch, installation scripts, and Patch-HOWTO.txt which were used for old OpenSSL-1.0.2xx enabling. Cc: Ting Ye <ting.ye@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Ronald Cron <ronald.cron@arm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com>
2017-03-29CryptoPkg: Update .gitignore for OpenSSL source maskingQin Long1-2/+1
Updates .gitignore that masks the OpenSSL source: 1. Remove "Include/openssl" from .gitignore since we needn't duplicate openssl headers now 2. Update "openssl-*" to "openssl*", since we use "openssl" instead of "openssl-x.x.xx" as main source directory. Cc: Ting Ye <ting.ye@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Ronald Cron <ronald.cron@arm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com>
2017-03-29CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0x buildQin Long7-1337/+1142
Update OpensslLib INF files to support OpenSSL-1.1.0x source build. The file list was generated from the latest OpenSSL-1.1.0e release. Main changes to support OpensslLib build in this patch include: 1. Use "openssl" instead of "openssl-x.x.xx" as main source directory, Also update include path in CryptoPkg.dec 2. Enable warnings in GCC builds; 3. Update Visual Studio build options to silence current possible build warnings. 4. Move the default opensslconf.h to Include/openssl, and add one dummy dso_conf.h for native UEFI build. The OpensslLib module build was validated as build -t VSXXXX -a XX -p CryptoPkg/CryptoPkg.dsc -m CryptoPkg/Library/OpensslLib/OpensslLib.inf (NOTE: The extra build options for ARM/RVCT/XCODE were kept, which expect further optimizations from community) Cc: Ting Ye <ting.ye@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Ronald Cron <ronald.cron@arm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Gary Lin <glin@suse.com>
2017-03-15CryptoPkg:SmmCryptLib: Add real Pkcs5Pbkdf2.c.Jiewen Yao1-2/+2
Cc: Qin Long <qin.long@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
2017-03-06CryptoPkg: Refine type cast for pointer subtractionHao Wu1-3/+3
For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the <stddef.h> header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff = (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
2017-02-28CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2kQin Long7-36/+36
v2: Re-generate the patch after the new OpensslLibCrypto instance. OpenSSL 1.0.2k was released with several severity fixes at 26-Jan-2017 (https://www.openssl.org/news/secadv/20170126.txt). This patch is to upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to catch the latest release 1.0.2k. Cc: Ye Ting <ting.ye@intel.com> Cc: Wu Jiaxin <jiaxin.wu@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com>
2017-02-25CryptoPkg/OpensslLib: introduce OpensslLibCrypto instanceLaszlo Ersek3-6/+582
Commit 32387e0081db ("CryptoPkg: Enable ssl build in OpensslLib directly", 2016-12-14) pulls OpenSSL's libssl files into the "OpensslLib.inf" library instance unconditionally. If a platform doesn't include the TLS modules, such as - CryptoPkg/Library/TlsLib/TlsLib.inf - NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf - NetworkPkg/TlsDxe/TlsDxe.inf then the platform never actually uses the libssl functionality that gets built into "OpensslLib.inf". Tomas Hoger from Red Hat Product Security tells me that security evaluation is less demanding if we can actually *exclude* the libssl files from such OVMF builds that don't specify -D TLS_ENABLE (rather than just trust modules not to call libssl functions if we don't specify -D TLS_ENABLE). This patch introduces a parallel OpensslLib instance called "OpensslLibCrypto" that is appropriate for platform builds without TLS enablement. It does not build C source files in vain, and it eases security review -- all libssl vulnerabilities can be excluded at once. "OpensslLibCrypto.inf" is created as a copy of "OpensslLib.inf", modifying the BASE_NAME, MODULE_UNI_FILE and FILE_GUID defines. "process_files.sh" is extended to auto-generate the list of OpenSSL files for both library instances accordingly. This list is updated in "OpensslLibCrypto.inf" at once. "OpensslLibCrypto.uni" is introduced as a copy of "OpensslLib.uni", highlighting the difference. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Qin Long <qin.long@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Ting Ye <ting.ye@intel.com> Cc: Tomas Hoger <thoger@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
2017-02-25CryptoPkg/OpensslLib: refresh OpensslLib.inf, opensslconf.h after 32387e00Laszlo Ersek2-6/+1
Commit 32387e0081db ("CryptoPkg: Enable ssl build in OpensslLib directly", 2016-12-14) removed the "no-queue" configuration option in "process_files.sh", plus it enabled "process_files.sh" to place all libssl source files into "OpensslLib.inf". However, the patch apparently failed to capture two changes originating from the above actions: - the definitions of the OPENSSL_NO_PQUEUE and NO_PQUEUE macros were not removed from "opensslconf.h", - "ssl/ssl_conf.c" was not added to "OpensslLib.inf". Refresh these files, completing commit 32387e0081db. I built OVMF with -D SECURE_BOOT_ENABLE -D TLS_ENABLE, and ArmVirtQemu with -D SECURE_BOOT_ENABLE, after this fix, and experienced no regression. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Lin <glin@suse.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Qin Long <qin.long@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Ting Ye <ting.ye@intel.com> Cc: Tomas Hoger <thoger@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
2017-01-06CryptoPkg/TlsLib: Refine the coding style.Jiaxin Wu2-4/+4
Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Long Qin <qin.long@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-12-22CryptoPkg: Add new TlsLib libraryJiaxin Wu9-0/+2706
v2: * Code refine and Typo fix: TlsHandeAlert -> TlsHandleAlert This patch is used to add new TlsLib library, which is wrapped over OpenSSL. The implementation provides TLS library functions for EFI TLS protocol and EFI TLS Configuration Protocol. Cc: Ye Ting <ting.ye@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Zhang Lubo <lubo.zhang@intel.com> Cc: Thomas Palmer <thomas.palmer@hpe.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-12-22CryptoPkg: Enable ssl build in OpensslLib directlyJiaxin Wu6-7/+75
This patch is used to enable ssl build in OpensslLib module directly. Cc: Wu Jiaxin <jiaxin.wu@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Zhang Lubo <lubo.zhang@intel.com> Cc: Thomas Palmer <thomas.palmer@hpe.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.long@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Tested-by: Wu Jiaxin <jiaxin.wu@intel.com>
2016-11-11CryptoPkg/BaseCryptLib: Make comments consistent with the functionDandan Bi3-9/+9
Correct the unaligned parameter names in comments (BaseCryptLib.h and HMAC-SHA256 wrapper implementation) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-11-07CryptoPkg: Fix typos in commentsGary Lin26-84/+84
- intialized -> initialized - componenet -> component - compoents -> components - FAlSE -> FALSE - responsiblity -> responsibility - validility -> validity - procudure -> procedure - pamameter -> parameter - randome -> random - buiild -> build Cc: Ting Ye <ting.ye@intel.com> Cc: Qin Long <qin.long@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Gary Lin <glin@suse.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-11-02CryptoPkg: Add PKCS5 PBKDF2 interface for password derivation.Qin Long11-6/+319
Add one new API (Pkcs5HashPassword) to provide PKCS#5 v2.0 PBKDF2 support (Password based encryption key derivation function, specified in RFC 2898). Also update the Cryptest utility to include the new API testing (with the test vector from RFC6070). Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-11-02CryptoPkg: Add HMAC-SHA256 cipher supportQin Long8-9/+510
Add new HMAC-SHA256 cipher support in CryptoPkg to meet more security and industry requirements, and update Cryptest utility to include new HMAC-SHA256 test case. Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-11-02CryptoPkg: Add xxxxHashAll APIs to facilitate the digest computationQin Long9-10/+589
Add new xxxxHashAll APIs to facilitate the digest computation of blob data. New APIs include: Md4HashAll(), Md5HashAll(), Sha1HashAll(), Sha256HashAll(), Sha384HashAll(), and Sha512HashAll(). The corresponding test cases were added in Cryptest utility. Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-09-30CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2jQin Long6-143/+62
Two official releases (OpenSSL 1.0.2i and 1.0.2j) were available with several severity fixes at 22-Sep-2016 and 26-Sep-2016. Refer to https://www.openssl.org/news/secadv/20160922.txt and https://www.openssl.org/news/secadv/20160926.txt. This patch is to upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to catch the latest release 1.0.2j. Cc: Ting Ye <ting.ye@intel.com> Cc: David Woodhouse <David.Woodhouse@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com>
2016-09-21CryptoPkg: Clean up unreferenced symbol in Cryptest utility.Qin Long1-137/+0
Remove "TSCounterSignature" from TSVerify.c, which is not being used by anyone. Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-08-11CryptoPkg: Fix "responsiblity" typosThomas Huth3-15/+15
It's "responsibility", not "responsiblity". Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>
2016-08-11CryptoPkg: Fix capitalization of path name in Patch-HOWTO.txtThomas Huth1-1/+1
It's "OpensslLib", not "OpenSslLib" - not a big issue, but the typo is annoying when trying to copy-n-paste the path name to use it on the command line on Linux. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>
2016-08-11CryptoPkg IntrinsicLib: Add the missing nasm source fileLiming Gao3-1/+100
Add two name files IntrinsicLib Ia32 MathLShiftS64.nasm and MathRShiftU64.nasm Cc: Qin Long <qin.long@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-08-08CryptoPkg DSC: Add build option to disable deprecated APIsHao Wu1-0/+3
Add the following definition in the [BuildOptions] section in package DSC files to disable APIs that are deprecated: [BuildOptions] *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES Cc: Qin Long <qin.long@intel.com> Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-07-21MdePkg CryptoPkg EdkCompatibilityPkg: retire NO_BUILTIN_VA_FUNCS defineArd Biesheuvel1-1/+1
This is never set anymore, so unsetting it or testing whether it is unset no longer makes any sense. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Tested-By: Liming Gao <liming.gao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-07-21CryptoPkg: set new define to avoid MS ABI VA_LIST on GCC/X64Ard Biesheuvel1-1/+1
Set the #define NO_MSABI_VA_FUNCS that will be introduced in a subsequent patch to avoid the use of the MS ABI in variadic functions. In EDK2, such functions normally require the EFIAPI modifier to be used, but for external libraries such as OpenSSL, which lack these annotations, it is easier to simply revert to the default SysV style VA_LIST ABI. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Tested-By: Liming Gao <liming.gao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-07-20CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2hQin Long6-69/+62
OpenSSL 1.0.2h was released with several severity fixes at 03-May-2016 (https://www.openssl.org/news/secadv/20160503.txt). Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to catch the latest release 1.0.2h. Cc: Ting Ye <ting.ye@intel.com> Cc: David Woodhouse <David.Woodhouse@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com>
2016-07-12CryptoPkg BaseCryptLib: Init the content of struct 'CertCtx' before useHao Wu1-1/+3
Some fields in structure 'CertCtx' might be used uninitialized in function Pkcs7GetCertificatesList(). This commit makes sure that 'CertCtx' gets initialized before being used. Cc: Long Qin <qin.long@intel.com> Cc: Ye Ting <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-07-12CryptoPkg BaseCryptLib: Avoid passing NULL ptr to function BN_bn2bin()Hao Wu1-2/+6
This commit modifies the code logic to avoid passing NULL pointer to function BN_bn2bin(). Cc: Long Qin <qin.long@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-07-11CryptoPkg: Fix typos in commentsGiri P Mudusuru1-2/+2
- availabe to available Cc: Qin Long <qin.long@intel.com> Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Giri P Mudusuru <giri.p.mudusuru@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-07-08CryptoPkg: update openssl to ignore RVCT 3079Eugene Cohen1-1/+3
Getting openssl 1.0.2g building with ARM RVCT requires a change to ignore an unset variable used before set was necessary. (NOTE: This was fixed in OpenSSL 1.1 HEAD with commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.) corrects x509_vfy.c(875): error C3017: ok may be used before being set Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eugene Cohen <eugene@hp.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-05-16CryptoPkg/SmmCryptLib: Enable AES support for SMM.Qin Long1-3/+3
Enable AES cipher support for SmmCryptLib instance. Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-03-15CryptoPkg: Fix the potential system hang issueJiaxin Wu1-12/+17
This patch is used to fix the potential system hang caused by the NULL 'time' parameter usage. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Long Qin <qin.long@intel.com> Cc: Ye Ting <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
2016-03-11CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2gQin Long7-79/+56
OpenSSL 1.0.2g was released with several severity fixes at 01-Mar-2016(https://www.openssl.org/news/secadv/20160301.txt). Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to catch the latest release 1.0.2g. (NOTE: RT4175 from David Woodhouse was included in 1.0.2g. The new-generated patch will remove this part. And the line endings were still kept as before in this version for consistency) CC: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
2016-03-11CryptoPkg/OpensslLib: Convert saved opensslconf.h to DOS line endingsDavid Woodhouse1-2/+3
Until we fix the git repository to store line endings properly and then just check them out in the appropriate form for the platform, let's make process_files.sh convert the opensslconf.h to DOS line endings when it creates it. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Fix CRLF breakage in process_files.shDavid Woodhouse1-97/+97
This got broken in committing, due to a catalogue of broken practices. Firstly, we should *pull* git submissions, never recommit them. You preserve the correct history then, and don't risk rebasing to result in a history which *never* worked in the form that gets preserved. That would have kept the authorship attrbution correct too. Secondly, we shouldn't be storing CRLF line endings in the objects that git stores in its database. It is designed to store simple LF line endings, and then check that out as appropriate for the system (resulting in CRLF in the working tree for Windows users, as they expect). That would avoid this problem, and all the other problems we have with patches being exchanged. Make it executable too, which also got lost in the commit mess. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
2016-03-05CryptoPkg/OpensslLib: Automatically configure OpenSSL and generate file listQin Long3-378/+120
OpenSSL 1.1 (as well as our backport to 1.0.2) now allows us to run its standard Configure script and import the result into the EDK II source repository for others to build natively. The opensslconf.h file and the list of files in OpensslLib.inf don't need to be managed manually. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Fix OpenSSL link failures on Windows (RT#4310)Qin Long1-0/+80
This is pull request #755 for OpenSSL 1.1, along with a little extra fix in the RSA_NET code which has been removed from 1.1 so we can't fix it there. https://github.com/openssl/openssl/pull/755 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3969Qin Long1-3/+35
Support for the UEFI target has been added to OpenSSL in commit 4d60c7e10. Drop our partial implementation and use a backported version of what's upstream. This includes a couple of fixes which will be needed when we automatically generate the file list and opensslconf.h instead of manually maintaining those. This includes the subsequent fix in commit fb4844bbc. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3992Qin Long1-2/+69
Instead of commenting out the Signed Certificate Timestamps purely based on the OPENSSL_SYS_UEFI flag, OpenSSL 1.1 supports a no-sct configuration option, added in commit 05d7bf6c5. Drop our own hack and use that. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3951Qin Long1-0/+28
A more complete implementation of the X509_V_FLAG_NO_CHECK_TIME flag was added to OpenSSL 1.1 as commit d35ff2c0a. Drop our own version and use a backport of what was committed upstream. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3674Qin Long1-26/+147
A more complete fix for the no-cms configuration has been added to OpenSSL 1.1 as commit e968561d5. Drop our own version and use a backport of what was committed upstream. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3955Qin Long1-19/+137
A different fix for the excessive stack usage has been merged into OpenSSL 1.1 as commit 8e704858f. Drop our own version and use a backport of what was committed upstream. Note: This requires the free() function to work correctly when passed a NULL argument (qv). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3628Qin Long2-17/+652
A complete implementation of the no-filenames configuration option was added to OpenSSL 1.1 in commit 02f7114a7. Drop our own version and use a backport of what was committed upstream. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3964Qin Long1-42/+768
Extensive fixes for the no-stdio configuration have been merged into OpenSSL 1.1, primarily in commit 984d6c605. The backport to 1.0.2 is slightly different because we still have a mixture of no-fp-api and no-stdio in 1.0.2, although they are hopelessly intertwined. Nevertheless, drop our own original version and switch to a backported version of what went into 1.1. This includes subsequent fixes in commit c0cf5b84d for the TS code. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>