CryptoPkg Updates to support RFC3161 timestamp signature verification.

The main changes includes: 1. Enabling SHA384 and SHA512 digest algorithm; (Sha512.c) 2. RFC 3161 timestamp signature verification support; (CryptTs.c) 3. Fixed one ASN.1 length encoding issue in Authenticode verification routine. (CryptAuthenticode.c) 4. Add the corresponding test cases in Cryptest utility (SHA384 & SHA512 & Timestamp verification) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16339 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-12 08:51:45 +00:00
parent bcbdc75535
commit 2ac68e8b54
29 changed files with 2369 additions and 687 deletions
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -1,15 +1,15 @@
 ## @file
 #  This module provides openSSL Library implementation.
-# 
+#
 #  Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
 #  http://opensource.org/licenses/bsd-license.php
-#  
+#
 #  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#  
+#
 ##

 [Defines]
@@ -22,35 +22,35 @@
  LIBRARY_CLASS                  = OpensslLib
  DEFINE OPENSSL_PATH            = openssl-0.9.8zb
  DEFINE OPENSSL_FLAGS           = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
-  DEFINE OPENSSL_EXFLAGS         = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_MD2 -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ENGINE
-  
+  DEFINE OPENSSL_EXFLAGS         = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_MD2 -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ENGINE
+
 #
-# OPENSSL_FLAGS is set to define the following flags to be compatible with 
-# EDK II build system and UEFI executiuon environment 
+# OPENSSL_FLAGS is set to define the following flags to be compatible with
+# EDK II build system and UEFI executiuon environment
 #
 #   OPENSSL_SYSNAME_UWIN
-#   OPENSSL_SYS_UEFI 
-#   L_ENDIAN 
-#   _CRT_SECURE_NO_DEPRECATE 
-#   _CRT_NONSTDC_NO_DEPRECATE 
-#   OPENSSL_NO_CAMELLIA 
-#   OPENSSL_NO_SEED 
-#   OPENSSL_NO_RC5 
-#   OPENSSL_NO_MDC2 
-#   OPENSSL_NO_SOCK 
-#   OPENSSL_NO_CMS 
-#   OPENSSL_NO_JPAKE 
-#   OPENSSL_NO_CAPIENG 
-#   OPENSSL_NO_ERR 
-#   OPENSSL_NO_KRB5 
-#   OPENSSL_NO_DYNAMIC_ENGINE 
-#   GETPID_IS_MEANINGLESS 
-#   OPENSSL_NO_STDIO 
-#   OPENSSL_NO_FP_API 
-#   OPENSSL_NO_DGRAM  
+#   OPENSSL_SYS_UEFI
+#   L_ENDIAN
+#   _CRT_SECURE_NO_DEPRECATE
+#   _CRT_NONSTDC_NO_DEPRECATE
+#   OPENSSL_NO_CAMELLIA
+#   OPENSSL_NO_SEED
+#   OPENSSL_NO_RC5
+#   OPENSSL_NO_MDC2
+#   OPENSSL_NO_SOCK
+#   OPENSSL_NO_CMS
+#   OPENSSL_NO_JPAKE
+#   OPENSSL_NO_CAPIENG
+#   OPENSSL_NO_ERR
+#   OPENSSL_NO_KRB5
+#   OPENSSL_NO_DYNAMIC_ENGINE
+#   GETPID_IS_MEANINGLESS
+#   OPENSSL_NO_STDIO
+#   OPENSSL_NO_FP_API
+#   OPENSSL_NO_DGRAM
 #   OPENSSL_NO_ASM
 #
-  
+
 #
 #  VALID_ARCHITECTURES           = IA32 X64 IPF ARM AARCH64
 #
@@ -306,7 +306,7 @@
  # Not required for UEFI.
  #
  # $(OPENSSL_PATH)/crypto/bio/b_print.c
-  
+
  $(OPENSSL_PATH)/crypto/bio/b_dump.c
  $(OPENSSL_PATH)/crypto/bio/bf_nbio.c
  $(OPENSSL_PATH)/crypto/bio/bss_log.c
@@ -674,4 +674,4 @@
   # 1296: Extended constant initialiser used
   RVCT:*_*_ARM_CC_FLAGS                  = $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) --library_interface=aeabi_clib99 --fpu=vfpv3 -DTHIRTY_TWO_BIT --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188
   XCODE:*_*_IA32_CC_FLAGS                = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DTHIRTY_TWO_BIT
-   XCODE:*_*_X64_CC_FLAGS                 = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG
+   XCODE:*_*_X64_CC_FLAGS                 = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_EXFLAGS) -w -DSIXTY_FOUR_BIT_LONG