sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CryptoPkg: Apply uncrustify changes

Browse Source 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737

Apply uncrustify changes to .c/.h files in the CryptoPkg package

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
Michael Kubacki
2021-12-05 14:53:54 -08:00
committed by mergify[bot]
parent 2b16a4fb91
commit 7c34237831
101 changed files with 4323 additions and 3711 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
CryptoPkg/Driver/Crypto.c
View File

@ -244,6 +244,7 @@ DeprecatedCryptoServiceMd4HashAll (
}
#ifndef ENABLE_MD5_DEPRECATED_INTERFACES
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
@ -390,7 +391,9 @@ DeprecatedCryptoServiceMd5HashAll (
{
return BaseCryptLibServiceDeprecated ("Md5HashAll"), FALSE;
}
#else
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
@ -548,9 +551,11 @@ CryptoServiceMd5HashAll (
{
return CALL_BASECRYPTLIB (Md5.Services.HashAll, Md5HashAll, (Data, DataSize, HashValue), FALSE);
}
#endif
#ifdef DISABLE_SHA1_DEPRECATED_INTERFACES
/**
Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
@ -699,7 +704,9 @@ DeprecatedCryptoServiceSha1HashAll (
{
return BaseCryptLibServiceDeprecated ("Sha1HashAll"), FALSE;
}
#else
/**
Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
@ -857,6 +864,7 @@ CryptoServiceSha1HashAll (
{
return CALL_BASECRYPTLIB (Sha1.Services.HashAll, Sha1HashAll, (Data, DataSize, HashValue), FALSE);
}
#endif
/**
@ -3172,7 +3180,6 @@ CryptoServiceVerifyEKUsInPkcs7Signature (
return CALL_BASECRYPTLIB (Pkcs.Services.VerifyEKUsInPkcs7Signature, VerifyEKUsInPkcs7Signature, (Pkcs7Signature, SignatureSize, RequiredEKUs, RequiredEKUsSize, RequireAllPresent), FALSE);
}
/**
Extracts the attached content from a PKCS#7 signed data if existed. The input signed
data could be wrapped in a ContentInfo structure.

4
CryptoPkg/Include/Library/BaseCryptLib.h
View File

@ -73,6 +73,7 @@ typedef enum {
// =====================================================================================
#ifdef ENABLE_MD5_DEPRECATED_INTERFACES
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
@ -212,9 +213,11 @@ Md5HashAll (
IN UINTN DataSize,
OUT UINT8 *HashValue
);
#endif
#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
/**
Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
@ -354,6 +357,7 @@ Sha1HashAll (
IN UINTN DataSize,
OUT UINT8 *HashValue
);
#endif
/**

12
CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
View File

@ -61,7 +61,7 @@ AesInit (
//
// Check input parameters.
//
if (AesContext == NULL || Key == NULL || (KeyLength != 128 && KeyLength != 192 && KeyLength != 256)) {
if ((AesContext == NULL) || (Key == NULL) || ((KeyLength != 128) && (KeyLength != 192) && (KeyLength != 256))) {
return FALSE;
}
@ -72,9 +72,11 @@ AesInit (
if (AES_set_encrypt_key (Key, (UINT32)KeyLength, AesKey) != 0) {
return FALSE;
}
if (AES_set_decrypt_key (Key, (UINT32)KeyLength, AesKey + 1) != 0) {
return FALSE;
}
return TRUE;
}
@ -121,11 +123,11 @@ AesCbcEncrypt (
//
// Check input parameters.
//
if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {
if ((AesContext == NULL) || (Input == NULL) || ((InputSize % AES_BLOCK_SIZE) != 0)) {
return FALSE;
}
if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
if ((Ivec == NULL) || (Output == NULL) || (InputSize > INT_MAX)) {
return FALSE;
}
@ -183,11 +185,11 @@ AesCbcDecrypt (
//
// Check input parameters.
//
if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {
if ((AesContext == NULL) || (Input == NULL) || ((InputSize % AES_BLOCK_SIZE) != 0)) {
return FALSE;
}
if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
if ((Ivec == NULL) || (Output == NULL) || (InputSize > INT_MAX)) {
return FALSE;
}

12
CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c
View File

@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <openssl/md5.h>
#ifdef ENABLE_MD5_DEPRECATED_INTERFACES
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
@ -28,7 +29,6 @@ Md5GetContextSize (
return (UINTN)(sizeof (MD5_CTX));
}
/**
Initializes user-supplied memory pointed by Md5Context as MD5 hash context for
subsequent use.
@ -83,7 +83,7 @@ Md5Duplicate (
//
// Check input parameters.
//
if (Md5Context == NULL || NewMd5Context == NULL) {
if ((Md5Context == NULL) || (NewMd5Context == NULL)) {
return FALSE;
}
@ -128,7 +128,7 @@ Md5Update (
//
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
//
if (Data == NULL && (DataSize != 0)) {
if ((Data == NULL) && (DataSize != 0)) {
return FALSE;
}
@ -168,7 +168,7 @@ Md5Final (
//
// Check input parameters.
//
if (Md5Context == NULL || HashValue == NULL) {
if ((Md5Context == NULL) || (HashValue == NULL)) {
return FALSE;
}
@ -210,7 +210,8 @@ Md5HashAll (
if (HashValue == NULL) {
return FALSE;
}
if (Data == NULL && (DataSize != 0)) {
if ((Data == NULL) && (DataSize != 0)) {
return FALSE;
}
@ -223,4 +224,5 @@ Md5HashAll (
return TRUE;
}
}
#endif

11
CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
View File

@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <openssl/sha.h>
#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
/**
Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
@ -82,7 +83,7 @@ Sha1Duplicate (
//
// Check input parameters.
//
if (Sha1Context == NULL || NewSha1Context == NULL) {
if ((Sha1Context == NULL) || (NewSha1Context == NULL)) {
return FALSE;
}
@ -127,7 +128,7 @@ Sha1Update (
//
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
//
if (Data == NULL && DataSize != 0) {
if ((Data == NULL) && (DataSize != 0)) {
return FALSE;
}
@ -167,7 +168,7 @@ Sha1Final (
//
// Check input parameters.
//
if (Sha1Context == NULL || HashValue == NULL) {
if ((Sha1Context == NULL) || (HashValue == NULL)) {
return FALSE;
}
@ -209,7 +210,8 @@ Sha1HashAll (
if (HashValue == NULL) {
return FALSE;
}
if (Data == NULL && DataSize != 0) {
if ((Data == NULL) && (DataSize != 0)) {
return FALSE;
}
@ -222,4 +224,5 @@ Sha1HashAll (
return TRUE;
}
}
#endif

9
CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c
View File

@ -81,7 +81,7 @@ Sha256Duplicate (
//
// Check input parameters.
//
if (Sha256Context == NULL || NewSha256Context == NULL) {
if ((Sha256Context == NULL) || (NewSha256Context == NULL)) {
return FALSE;
}
@ -126,7 +126,7 @@ Sha256Update (
//
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
//
if (Data == NULL && DataSize != 0) {
if ((Data == NULL) && (DataSize != 0)) {
return FALSE;
}
@ -166,7 +166,7 @@ Sha256Final (
//
// Check input parameters.
//
if (Sha256Context == NULL || HashValue == NULL) {
if ((Sha256Context == NULL) || (HashValue == NULL)) {
return FALSE;
}
@ -208,7 +208,8 @@ Sha256HashAll (
if (HashValue == NULL) {
return FALSE;
}
if (Data == NULL && DataSize != 0) {
if ((Data == NULL) && (DataSize != 0)) {
return FALSE;
}

18
CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512.c
View File

@ -83,7 +83,7 @@ Sha384Duplicate (
//
// Check input parameters.
//
if (Sha384Context == NULL || NewSha384Context == NULL) {
if ((Sha384Context == NULL) || (NewSha384Context == NULL)) {
return FALSE;
}
@ -128,7 +128,7 @@ Sha384Update (
//
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
//
if (Data == NULL && DataSize != 0) {
if ((Data == NULL) && (DataSize != 0)) {
return FALSE;
}
@ -168,7 +168,7 @@ Sha384Final (
//
// Check input parameters.
//
if (Sha384Context == NULL || HashValue == NULL) {
if ((Sha384Context == NULL) || (HashValue == NULL)) {
return FALSE;
}
@ -210,7 +210,8 @@ Sha384HashAll (
if (HashValue == NULL) {
return FALSE;
}
if (Data == NULL && DataSize != 0) {
if ((Data == NULL) && (DataSize != 0)) {
return FALSE;
}
@ -298,7 +299,7 @@ Sha512Duplicate (
//
// Check input parameters.
//
if (Sha512Context == NULL || NewSha512Context == NULL) {
if ((Sha512Context == NULL) || (NewSha512Context == NULL)) {
return FALSE;
}
@ -343,7 +344,7 @@ Sha512Update (
//
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
//
if (Data == NULL && DataSize != 0) {
if ((Data == NULL) && (DataSize != 0)) {
return FALSE;
}
@ -383,7 +384,7 @@ Sha512Final (
//
// Check input parameters.
//
if (Sha512Context == NULL || HashValue == NULL) {
if ((Sha512Context == NULL) || (HashValue == NULL)) {
return FALSE;
}
@ -425,7 +426,8 @@ Sha512HashAll (
if (HashValue == NULL) {
return FALSE;
}
if (Data == NULL && DataSize != 0) {
if ((Data == NULL) && (DataSize != 0)) {
return FALSE;
}

9
CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
View File

@ -84,7 +84,7 @@ Sm3Duplicate (
//
// Check input parameters.
//
if (Sm3Context == NULL || NewSm3Context == NULL) {
if ((Sm3Context == NULL) || (NewSm3Context == NULL)) {
return FALSE;
}
@ -129,7 +129,7 @@ Sm3Update (
//
// Check invalid parameters, in case that only DataLength was checked in Openssl
//
if (Data == NULL && DataSize != 0) {
if ((Data == NULL) && (DataSize != 0)) {
return FALSE;
}
@ -171,7 +171,7 @@ Sm3Final (
//
// Check input parameters.
//
if (Sm3Context == NULL || HashValue == NULL) {
if ((Sm3Context == NULL) || (HashValue == NULL)) {
return FALSE;
}
@ -217,7 +217,8 @@ Sm3HashAll (
if (HashValue == NULL) {
return FALSE;
}
if (Data == NULL && DataSize != 0) {
if ((Data == NULL) && (DataSize != 0)) {
return FALSE;
}

9
CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
View File

@ -71,7 +71,7 @@ HmacSha256SetKey (
//
// Check input parameters.
//
if (HmacSha256Context == NULL || KeySize > INT_MAX) {
if ((HmacSha256Context == NULL) || (KeySize > INT_MAX)) {
return FALSE;
}
@ -105,7 +105,7 @@ HmacSha256Duplicate (
//
// Check input parameters.
//
if (HmacSha256Context == NULL || NewHmacSha256Context == NULL) {
if ((HmacSha256Context == NULL) || (NewHmacSha256Context == NULL)) {
return FALSE;
}
@ -152,7 +152,7 @@ HmacSha256Update (
//
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
//
if (Data == NULL && DataSize != 0) {
if ((Data == NULL) && (DataSize != 0)) {
return FALSE;
}
@ -198,7 +198,7 @@ HmacSha256Final (
//
// Check input parameters.
//
if (HmacSha256Context == NULL || HmacValue == NULL) {
if ((HmacSha256Context == NULL) || (HmacValue == NULL)) {
return FALSE;
}
@ -208,6 +208,7 @@ HmacSha256Final (
if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) != 1) {
return FALSE;
}
if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
return FALSE;
}

9
CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
View File

@ -42,8 +42,9 @@ HkdfSha256ExtractAndExpand (
EVP_PKEY_CTX *pHkdfCtx;
BOOLEAN Result;
if (Key == NULL || Salt == NULL || Info == NULL || Out == NULL ||
KeySize > INT_MAX || SaltSize > INT_MAX || InfoSize > INT_MAX || OutSize > INT_MAX ) {
if ((Key == NULL) || (Salt == NULL) || (Info == NULL) || (Out == NULL) ||
(KeySize > INT_MAX) || (SaltSize > INT_MAX) || (InfoSize > INT_MAX) || (OutSize > INT_MAX))
{
return FALSE;
}
@ -56,15 +57,19 @@ HkdfSha256ExtractAndExpand (
if (Result) {
Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, EVP_sha256 ()) > 0;
}
if (Result) {
Result = EVP_PKEY_CTX_set1_hkdf_salt (pHkdfCtx, Salt, (UINT32)SaltSize) > 0;
}
if (Result) {
Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Key, (UINT32)KeySize) > 0;
}
if (Result) {
Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;
}
if (Result) {
Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;
}

4
CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
View File

@ -76,7 +76,7 @@ RsaGetPrivateKeyFromPem (
//
// Check input parameters.
//
if (PemData == NULL || RsaContext == NULL || PemSize > INT_MAX) {
if ((PemData == NULL) || (RsaContext == NULL) || (PemSize > INT_MAX)) {
return FALSE;
}
@ -87,9 +87,11 @@ RsaGetPrivateKeyFromPem (
if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {
return FALSE;
}
if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) {
return FALSE;
}
if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) {
return FALSE;
}

11
CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
View File

@ -110,19 +110,19 @@ AuthenticodeVerify (
// PKCS#7 ContentInfo here.
//
SpcIndirectDataOid = OBJ_get0_data (Pkcs7->d.sign->contents->type);
if (OBJ_length(Pkcs7->d.sign->contents->type) != sizeof(mSpcIndirectOidValue) ||
CompareMem (
if ((OBJ_length (Pkcs7->d.sign->contents->type) != sizeof (mSpcIndirectOidValue)) ||
(CompareMem (
SpcIndirectDataOid,
mSpcIndirectOidValue,
sizeof (mSpcIndirectOidValue)
) != 0) {
) != 0))
{
//
// Un-matched SPC_INDIRECT_DATA_OBJID.
//
goto _Exit;
}
SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data);
//
@ -139,7 +139,6 @@ AuthenticodeVerify (
// Skip the SEQUENCE Tag;
//
SpcIndirectDataContent += 2;
} else if ((Asn1Byte & 0x81) == 0x81) {
//
// Long Form of Length Encoding (128 <= Length < 255, Single Octet)
@ -149,7 +148,6 @@ AuthenticodeVerify (
// Skip the SEQUENCE Tag;
//
SpcIndirectDataContent += 3;
} else if ((Asn1Byte & 0x82) == 0x82) {
//
// Long Form of Length Encoding (Length > 255, Two Octet)
@ -160,7 +158,6 @@ AuthenticodeVerify (
// Skip the SEQUENCE Tag;
//
SpcIndirectDataContent += 4;
} else {
goto _Exit;
}

15
CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
View File

@ -86,11 +86,11 @@ DhGenerateParameter (
//
// Check input parameters.
//
if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
if ((DhContext == NULL) || (Prime == NULL) || (PrimeLength > INT_MAX)) {
return FALSE;
}
if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
if ((Generator != DH_GENERATOR_2) && (Generator != DH_GENERATOR_5)) {
return FALSE;
}
@ -142,11 +142,11 @@ DhSetParameter (
//
// Check input parameters.
//
if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
if ((DhContext == NULL) || (Prime == NULL) || (PrimeLength > INT_MAX)) {
return FALSE;
}
if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
if ((Generator != DH_GENERATOR_2) && (Generator != DH_GENERATOR_5)) {
return FALSE;
}
@ -207,11 +207,11 @@ DhGenerateKey (
//
// Check input parameters.
//
if (DhContext == NULL || PublicKeySize == NULL) {
if ((DhContext == NULL) || (PublicKeySize == NULL)) {
return FALSE;
}
if (PublicKey == NULL && *PublicKeySize != 0) {
if ((PublicKey == NULL) && (*PublicKeySize != 0)) {
return FALSE;
}
@ -229,6 +229,7 @@ DhGenerateKey (
if (PublicKey != NULL) {
BN_bn2bin (DhPubKey, PublicKey);
}
*PublicKeySize = Size;
}
@ -275,7 +276,7 @@ DhComputeKey (
//
// Check input parameters.
//
if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) {
if ((DhContext == NULL) || (PeerPublicKey == NULL) || (KeySize == NULL) || (Key == NULL)) {
return FALSE;
}

13
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c
View File

@ -67,8 +67,9 @@ Pkcs1v2Encrypt (
//
// Check input parameters.
//
if (PublicKey == NULL || InData == NULL ||
EncryptedData == NULL || EncryptedDataSize == NULL) {
if ((PublicKey == NULL) || (InData == NULL) ||
(EncryptedData == NULL) || (EncryptedDataSize == NULL))
{
return FALSE;
}
@ -137,11 +138,13 @@ Pkcs1v2Encrypt (
//
goto _Exit;
}
//
// Initialize the context and set the desired padding.
//
if (EVP_PKEY_encrypt_init (PkeyCtx) <= 0 ||
EVP_PKEY_CTX_set_rsa_padding (PkeyCtx, RSA_PKCS1_OAEP_PADDING) <= 0) {
if ((EVP_PKEY_encrypt_init (PkeyCtx) <= 0) ||
(EVP_PKEY_CTX_set_rsa_padding (PkeyCtx, RSA_PKCS1_OAEP_PADDING) <= 0))
{
//
// Fail to initialize the context.
//
@ -196,9 +199,11 @@ _Exit:
if (CertData != NULL) {
X509_free (CertData);
}
if (InternalPublicKey != NULL) {
EVP_PKEY_free (InternalPublicKey);
}
if (PkeyCtx != NULL) {
EVP_PKEY_CTX_free (PkeyCtx);
}

5
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c
View File

@ -58,12 +58,15 @@ Pkcs5HashPassword (
if ((Password == NULL) || (Salt == NULL) || (OutKey == NULL)) {
return FALSE;
}
if ((PasswordLength == 0) || (PasswordLength > INT_MAX) ||
(SaltLength == 0) || (SaltLength > INT_MAX) ||
(KeyLength == 0) || (KeyLength > INT_MAX) ||
(IterationCount < 1) || (IterationCount > INT_MAX)) {
(IterationCount < 1) || (IterationCount > INT_MAX))
{
return FALSE;
}
//
// Make sure the digest algorithm is supported.
//

8
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
View File

@ -62,8 +62,9 @@ Pkcs7Sign (
//
// Check input parameters.
//
if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||
SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {
if ((PrivateKey == NULL) || (KeyPassword == NULL) || (InData == NULL) ||
(SignCert == NULL) || (SignedData == NULL) || (SignedDataSize == NULL) || (InDataSize > INT_MAX))
{
return FALSE;
}
@ -94,9 +95,11 @@ Pkcs7Sign (
if (EVP_add_digest (EVP_md5 ()) == 0) {
goto _Exit;
}
if (EVP_add_digest (EVP_sha1 ()) == 0) {
goto _Exit;
}
if (EVP_add_digest (EVP_sha256 ()) == 0) {
goto _Exit;
}
@ -110,6 +113,7 @@ Pkcs7Sign (
if (Key == NULL) {
goto _Exit;
}
if (EVP_PKEY_assign_RSA (Key, (RSA *)RsaContext) == 0) {
goto _Exit;
}

1
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c
View File

@ -51,4 +51,3 @@ Pkcs7Sign (
ASSERT (FALSE);
return FALSE;
}

5
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c
View File

@ -67,7 +67,8 @@ Pkcs7GetOctetString (
}
if (Pkcs7TypeIsOther (P7) && (P7->d.other != NULL) &&
(P7->d.other->type == V_ASN1_OCTET_STRING)) {
(P7->d.other->type == V_ASN1_OCTET_STRING))
{
return P7->d.other->value.octet_string;
}
@ -171,9 +172,11 @@ Pkcs7GetAttachedContent (
*ContentSize = 0;
goto _Exit;
}
CopyMem (*Content, OctStr->data, *ContentSize);
}
}
Status = TRUE;
_Exit:

39
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
View File

@ -154,6 +154,7 @@ X509PopCertificate (
{
BIO *CertBio;
X509 *X509Cert;
STACK_OF (X509) *CertStack;
BOOLEAN Status;
INT32 Result;
@ -264,6 +265,7 @@ Pkcs7GetSigners (
CONST UINT8 *Temp;
UINTN SignedDataSize;
BOOLEAN Wrapped;
STACK_OF (X509) *Stack;
UINT8 Index;
UINT8 *CertBuf;
@ -274,7 +276,8 @@ Pkcs7GetSigners (
UINTN SingleCertSize;
if ((P7Data == NULL) || (CertStack == NULL) || (StackLength == NULL) ||
(TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX)) {
(TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX))
{
return FALSE;
}
@ -466,9 +469,11 @@ Pkcs7GetCertificatesList (
UINT8 Index;
PKCS7 *Pkcs7;
X509_STORE_CTX *CertCtx;
STACK_OF (X509) *CtxChain;
STACK_OF (X509) *CtxUntrusted;
X509 *CtxCert;
STACK_OF (X509) *Signers;
X509 *Signer;
X509 *Cert;
@ -503,7 +508,8 @@ Pkcs7GetCertificatesList (
// Parameter Checking
//
if ((P7Data == NULL) || (SignerChainCerts == NULL) || (ChainLength == NULL) ||
(UnchainCerts == NULL) || (UnchainLength == NULL) || (P7Length > INT_MAX)) {
(UnchainCerts == NULL) || (UnchainLength == NULL) || (P7Length > INT_MAX))
{
return Status;
}
@ -537,15 +543,18 @@ Pkcs7GetCertificatesList (
if ((Signers == NULL) || (sk_X509_num (Signers) != 1)) {
goto _Error;
}
Signer = sk_X509_value (Signers, 0);
CertCtx = X509_STORE_CTX_new ();
if (CertCtx == NULL) {
goto _Error;
}
if (!X509_STORE_CTX_init (CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) {
goto _Error;
}
//
// Initialize Chained & Untrusted stack
//
@ -553,10 +562,12 @@ Pkcs7GetCertificatesList (
CtxCert = X509_STORE_CTX_get0_cert (CertCtx);
if (CtxChain == NULL) {
if (((CtxChain = sk_X509_new_null ()) == NULL) ||
(!sk_X509_push (CtxChain, CtxCert))) {
(!sk_X509_push (CtxChain, CtxCert)))
{
goto _Error;
}
}
CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);
if (CtxUntrusted != NULL) {
(VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);
@ -588,6 +599,7 @@ Pkcs7GetCertificatesList (
if (!sk_X509_push (CtxChain, Issuer)) {
goto _Error;
}
(VOID)sk_X509_delete_ptr (CtxUntrusted, Issuer);
Cert = Issuer;
@ -629,6 +641,7 @@ Pkcs7GetCertificatesList (
Status = FALSE;
goto _Error;
}
if (OldBuf != NULL) {
CopyMem (CertBuf, OldBuf, OldSize);
free (OldBuf);
@ -672,6 +685,7 @@ Pkcs7GetCertificatesList (
Status = FALSE;
goto _Error;
}
if (OldBuf != NULL) {
CopyMem (CertBuf, OldBuf, OldSize);
free (OldBuf);
@ -709,6 +723,7 @@ _Error:
if (Pkcs7 != NULL) {
PKCS7_free (Pkcs7);
}
sk_X509_free (Signers);
if (CertCtx != NULL) {
@ -781,8 +796,9 @@ Pkcs7Verify (
//
// Check input parameters.
//
if (P7Data == NULL || TrustedCert == NULL || InData == NULL ||
P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) {
if ((P7Data == NULL) || (TrustedCert == NULL) || (InData == NULL) ||
(P7Length > INT_MAX) || (CertLength > INT_MAX) || (DataLength > INT_MAX))
{
return FALSE;
}
@ -797,18 +813,23 @@ Pkcs7Verify (
if (EVP_add_digest (EVP_md5 ()) == 0) {
return FALSE;
}
if (EVP_add_digest (EVP_sha1 ()) == 0) {
return FALSE;
}
if (EVP_add_digest (EVP_sha256 ()) == 0) {
return FALSE;
}
if (EVP_add_digest (EVP_sha384 ()) == 0) {
return FALSE;
}
if (EVP_add_digest (EVP_sha512 ()) == 0) {
return FALSE;
}
if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) {
return FALSE;
}
@ -856,6 +877,7 @@ Pkcs7Verify (
if (CertStore == NULL) {
goto _Exit;
}
if (!(X509_STORE_add_cert (CertStore, Cert))) {
goto _Exit;
}
@ -873,8 +895,10 @@ Pkcs7Verify (
// Allow partial certificate chains, terminated by a non-self-signed but
// still trusted intermediate certificate. Also disable time checks.
//
X509_STORE_set_flags (CertStore,
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
X509_STORE_set_flags (
CertStore,
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
);
//
// OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and
@ -903,4 +927,3 @@ _Exit:
return Status;
}

38
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
View File

@ -69,6 +69,7 @@ GetSignerCertificate (
)
{
EFI_STATUS Status;
STACK_OF (X509) *Signers;
INT32 NumberSigners;
@ -76,7 +77,7 @@ GetSignerCertificate (
Signers = NULL;
NumberSigners = 0;
if (CertChain == NULL || SignerCert == NULL) {
if ((CertChain == NULL) || (SignerCert == NULL)) {
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
@ -118,7 +119,6 @@ Exit:
return Status;
}
/**
Determines if the specified EKU represented in ASN1 form is present
in a given certificate.
@ -155,7 +155,7 @@ IsEkuInCertificate (
NumExtensions = 0;
Asn1InCert = NULL;
if (Cert == NULL || Asn1ToFind == NULL) {
if ((Cert == NULL) || (Asn1ToFind == NULL)) {
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
@ -215,8 +215,9 @@ IsEkuInCertificate (
goto Exit;
}
if (Asn1InCert->length == Asn1ToFind->length &&
CompareMem (Asn1InCert->data, Asn1ToFind->data, Asn1InCert->length) == 0) {
if ((Asn1InCert->length == Asn1ToFind->length) &&
(CompareMem (Asn1InCert->data, Asn1ToFind->data, Asn1InCert->length) == 0))
{
//
// Found Eku in certificate.
//
@ -241,7 +242,6 @@ Exit:
return Status;
}
/**
Determines if the specified EKUs are present in a signing certificate.
@ -272,7 +272,7 @@ CheckEKUs(
Asn1ToFind = NULL;
NumEkusFound = 0;
if (SignerCert == NULL || RequiredEKUs == NULL || RequiredEKUsSize == 0) {
if ((SignerCert == NULL) || (RequiredEKUs == NULL) || (RequiredEKUsSize == 0)) {
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
@ -318,7 +318,8 @@ Exit:
}
if (RequireAllPresent &&
NumEkusFound == RequiredEKUsSize) {
(NumEkusFound == RequiredEKUsSize))
{
//
// Found all required EKUs in certificate.
//
@ -370,6 +371,7 @@ VerifyEKUsInPkcs7Signature (
{
EFI_STATUS Status;
PKCS7 *Pkcs7;
STACK_OF (X509) *CertChain;
INT32 SignatureType;
INT32 NumberCertsInSignature;
@ -394,10 +396,11 @@ VerifyEKUsInPkcs7Signature (
//
// Validate the input parameters.
//
if (Pkcs7Signature == NULL ||
SignatureSize == 0 ||
RequiredEKUs == NULL ||
RequiredEKUsSize == 0) {
if ((Pkcs7Signature == NULL) ||
(SignatureSize == 0) ||
(RequiredEKUs == NULL) ||
(RequiredEKUsSize == 0))
{
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
@ -409,11 +412,13 @@ VerifyEKUsInPkcs7Signature (
//
// Wrap the PKCS7 data if needed.
//
Ok = WrapPkcs7Data (Pkcs7Signature,
Ok = WrapPkcs7Data (
Pkcs7Signature,
SignatureSize,
&IsWrapped,
&SignedData,
&SignedDataSize);
&SignedDataSize
);
if (!Ok) {
//
// Fail to Wrap the PKCS7 data.
@ -445,11 +450,13 @@ VerifyEKUsInPkcs7Signature (
if (Pkcs7->d.sign != NULL) {
CertChain = Pkcs7->d.sign->cert;
}
break;
case NID_pkcs7_signedAndEnveloped:
if (Pkcs7->d.signed_and_enveloped != NULL) {
CertChain = Pkcs7->d.signed_and_enveloped->cert;
}
break;
default:
break;
@ -483,7 +490,7 @@ VerifyEKUsInPkcs7Signature (
// Get the leaf signer.
//
Status = GetSignerCertificate (Pkcs7, &SignerCert);
if (Status != EFI_SUCCESS || SignerCert == NULL) {
if ((Status != EFI_SUCCESS) || (SignerCert == NULL)) {
//
// Fail to get the end-entity leaf signer certificate.
//
@ -514,4 +521,3 @@ Exit:
return Status;
}

1
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEkuRuntime.c
View File

@ -54,4 +54,3 @@ VerifyEKUsInPkcs7Signature (
ASSERT (FALSE);
return RETURN_UNSUPPORTED;
}

1
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyRuntime.c
View File

@ -36,4 +36,3 @@ Pkcs7GetAttachedContent (
ASSERT (FALSE);
return FALSE;
}

17
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
View File

@ -99,7 +99,7 @@ RsaSetKey (
//
// Check input parameters.
//
if (RsaContext == NULL || BnSize > INT_MAX) {
if ((RsaContext == NULL) || (BnSize > INT_MAX)) {
return FALSE;
}
@ -126,7 +126,6 @@ RsaSetKey (
// (N, e) are needed.
//
switch (KeyTag) {
//
// RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)
//
@ -136,9 +135,11 @@ RsaSetKey (
if (BnN == NULL) {
BnN = BN_new ();
}
if (BnE == NULL) {
BnE = BN_new ();
}
if (BnD == NULL) {
BnD = BN_new ();
}
@ -160,6 +161,7 @@ RsaSetKey (
default:
return FALSE;
}
if (RSA_set0_key (RsaKey, BN_dup (BnN), BN_dup (BnE), BN_dup (BnD)) == 0) {
return FALSE;
}
@ -174,9 +176,11 @@ RsaSetKey (
if (BnP == NULL) {
BnP = BN_new ();
}
if (BnQ == NULL) {
BnQ = BN_new ();
}
if ((BnP == NULL) || (BnQ == NULL)) {
return FALSE;
}
@ -191,6 +195,7 @@ RsaSetKey (
default:
return FALSE;
}
if (RSA_set0_factors (RsaKey, BN_dup (BnP), BN_dup (BnQ)) == 0) {
return FALSE;
}
@ -207,12 +212,15 @@ RsaSetKey (
if (BnDp == NULL) {
BnDp = BN_new ();
}
if (BnDq == NULL) {
BnDq = BN_new ();
}
if (BnQInv == NULL) {
BnQInv = BN_new ();
}
if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) {
return FALSE;
}
@ -230,6 +238,7 @@ RsaSetKey (
default:
return FALSE;
}
if (RSA_set0_crt_params (RsaKey, BN_dup (BnDp), BN_dup (BnDq), BN_dup (BnQInv)) == 0) {
return FALSE;
}
@ -278,11 +287,11 @@ RsaPkcs1Verify (
//
// Check input parameters.
//
if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
if ((RsaContext == NULL) || (MessageHash == NULL) || (Signature == NULL)) {
return FALSE;
}
if (SigSize > INT_MAX || SigSize == 0) {
if ((SigSize > INT_MAX) || (SigSize == 0)) {
return FALSE;
}

17
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
View File

@ -61,7 +61,7 @@ RsaGetKey (
//
// Check input parameters.
//
if (RsaContext == NULL || BnSize == NULL) {
if ((RsaContext == NULL) || (BnSize == NULL)) {
return FALSE;
}
@ -71,7 +71,6 @@ RsaGetKey (
BnKey = NULL;
switch (KeyTag) {
//
// RSA Public Modulus (N)
//
@ -148,6 +147,7 @@ RsaGetKey (
*BnSize = Size;
return TRUE;
}
*BnSize = BN_bn2bin (BnKey, BigNumber);
return TRUE;
@ -189,7 +189,7 @@ RsaGenerateKey (
//
// Check input parameters.
//
if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) {
if ((RsaContext == NULL) || (ModulusLength > INT_MAX) || (PublicExponentSize > INT_MAX)) {
return FALSE;
}
@ -255,10 +255,11 @@ RsaCheckKey (
if (RSA_check_key ((RSA *)RsaContext) != 1) {
Reason = ERR_GET_REASON (ERR_peek_last_error ());
if (Reason == RSA_R_P_NOT_PRIME ||
Reason == RSA_R_Q_NOT_PRIME ||
Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q ||
Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) {
if ((Reason == RSA_R_P_NOT_PRIME) ||
(Reason == RSA_R_Q_NOT_PRIME) ||
(Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q) ||
(Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1))
{
return FALSE;
}
}
@ -308,7 +309,7 @@ RsaPkcs1Sign (
//
// Check input parameters.
//
if (RsaContext == NULL || MessageHash == NULL) {
if ((RsaContext == NULL) || (MessageHash == NULL)) {
return FALSE;
}

2
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExtNull.c
View File

@ -115,5 +115,3 @@ RsaPkcs1Sign (
ASSERT (FALSE);
return FALSE;
}

14
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c
View File

@ -16,7 +16,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <openssl/objects.h>
#include <openssl/evp.h>
/**
Retrieve a pointer to EVP message digest object.
@ -45,7 +44,6 @@ GetEvpMD (
}
}
/**
Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.
Implementation determines salt length automatically from the signature encoding.
@ -91,12 +89,15 @@ RsaPssVerify (
if (RsaContext == NULL) {
return FALSE;
}
if (Message == NULL || MsgSize == 0 || MsgSize > INT_MAX) {
if ((Message == NULL) || (MsgSize == 0) || (MsgSize > INT_MAX)) {
return FALSE;
}
if (Signature == NULL || SigSize == 0 || SigSize > INT_MAX) {
if ((Signature == NULL) || (SigSize == 0) || (SigSize > INT_MAX)) {
return FALSE;
}
if (SaltLen != DigestLen) {
return FALSE;
}
@ -127,15 +128,19 @@ RsaPssVerify (
if (Result) {
Result = EVP_PKEY_CTX_set_rsa_padding (KeyCtx, RSA_PKCS1_PSS_PADDING) > 0;
}
if (Result) {
Result = EVP_PKEY_CTX_set_rsa_pss_saltlen (KeyCtx, SaltLen) > 0;
}
if (Result) {
Result = EVP_PKEY_CTX_set_rsa_mgf1_md (KeyCtx, HashAlg) > 0;
}
if (Result) {
Result = EVP_DigestVerifyUpdate (EvpVerifyCtx, Message, (UINT32)MsgSize) > 0;
}
if (Result) {
Result = EVP_DigestVerifyFinal (EvpVerifyCtx, Signature, (UINT32)SigSize) > 0;
}
@ -144,6 +149,7 @@ _Exit :
if (EvpRsaKey != NULL) {
EVP_PKEY_free (EvpRsaKey);
}
if (EvpVerifyCtx != NULL) {
EVP_MD_CTX_destroy (EvpVerifyCtx);
}

10
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c
View File

@ -16,7 +16,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <openssl/objects.h>
#include <openssl/evp.h>
/**
Retrieve a pointer to EVP message digest object.
@ -45,7 +44,6 @@ GetEvpMD (
}
}
/**
Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme.
@ -106,7 +104,8 @@ RsaPssSign (
if (RsaContext == NULL) {
return FALSE;
}
if (Message == NULL || MsgSize == 0 || MsgSize > INT_MAX) {
if ((Message == NULL) || (MsgSize == 0) || (MsgSize > INT_MAX)) {
return FALSE;
}
@ -150,15 +149,19 @@ RsaPssSign (
if (Result) {
Result = EVP_PKEY_CTX_set_rsa_padding (KeyCtx, RSA_PKCS1_PSS_PADDING) > 0;
}
if (Result) {
Result = EVP_PKEY_CTX_set_rsa_pss_saltlen (KeyCtx, SaltLen) > 0;
}
if (Result) {
Result = EVP_PKEY_CTX_set_rsa_mgf1_md (KeyCtx, HashAlg) > 0;
}
if (Result) {
Result = EVP_DigestSignUpdate (EvpVerifyCtx, Message, (UINT32)MsgSize) > 0;
}
if (Result) {
Result = EVP_DigestSignFinal (EvpVerifyCtx, Signature, SigSize) > 0;
}
@ -167,6 +170,7 @@ _Exit :
if (EvpRsaKey != NULL) {
EVP_PKEY_free (EvpRsaKey);
}
if (EvpVerifyCtx != NULL) {
EVP_MD_CTX_destroy (EvpVerifyCtx);
}

50
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
View File

@ -129,7 +129,6 @@ ASN1_SEQUENCE (TS_TST_INFO) = {
} ASN1_SEQUENCE_END (TS_TST_INFO)
IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO)
/**
Convert ASN.1 GeneralizedTime to EFI Time.
@ -158,13 +157,15 @@ ConvertAsn1TimeToEfiTime (
SetMem (EfiTime, sizeof (EFI_TIME), 0);
Index = 0;
if (Asn1Time->type == V_ASN1_UTCTIME) { /* two digit year */
if (Asn1Time->type == V_ASN1_UTCTIME) {
/* two digit year */
EfiTime->Year = (Str[Index++] - '0') * 10;
EfiTime->Year += (Str[Index++] - '0');
if (EfiTime->Year < 70) {
EfiTime->Year += 100;
}
} else if (Asn1Time->type == V_ASN1_GENERALIZEDTIME) { /* four digit year */
} else if (Asn1Time->type == V_ASN1_GENERALIZEDTIME) {
/* four digit year */
EfiTime->Year = (Str[Index++] - '0') * 1000;
EfiTime->Year += (Str[Index++] - '0') * 100;
EfiTime->Year += (Str[Index++] - '0') * 10;
@ -280,17 +281,22 @@ CheckTSTInfo (
if (HashedMsg == NULL) {
goto _Exit;
}
MdCtx = EVP_MD_CTX_new ();
if (MdCtx == NULL) {
goto _Exit;
}
if ((EVP_DigestInit_ex (MdCtx, Md, NULL) != 1) ||
(EVP_DigestUpdate (MdCtx, TimestampedData, DataSize) != 1) ||
(EVP_DigestFinal (MdCtx, HashedMsg, NULL) != 1)) {
(EVP_DigestFinal (MdCtx, HashedMsg, NULL) != 1))
{
goto _Exit;
}
if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) &&
(CompareMem (HashedMsg, ASN1_STRING_get0_data (Imprint->HashedMessage), MdSize) != 0)) {
(CompareMem (HashedMsg, ASN1_STRING_get0_data (Imprint->HashedMessage), MdSize) != 0))
{
goto _Exit;
}
@ -376,7 +382,8 @@ TimestampTokenVerify (
// Check input parameters
//
if ((TSToken == NULL) || (TsaCert == NULL) || (TimestampedData == NULL) ||
(TokenSize > INT_MAX) || (CertSize > INT_MAX) || (DataSize > INT_MAX)) {
(TokenSize > INT_MAX) || (CertSize > INT_MAX) || (DataSize > INT_MAX))
{
return FALSE;
}
@ -386,6 +393,7 @@ TimestampTokenVerify (
if (SigningTime != NULL) {
SetMem (SigningTime, sizeof (EFI_TIME), 0);
}
Pkcs7 = NULL;
Cert = NULL;
CertStore = NULL;
@ -430,8 +438,10 @@ TimestampTokenVerify (
// Allow partial certificate chains, terminated by a non-self-signed but
// still trusted intermediate certificate. Also disable time checks.
//
X509_STORE_set_flags (CertStore,
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
X509_STORE_set_flags (
CertStore,
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
);
X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY);
@ -442,6 +452,7 @@ TimestampTokenVerify (
if (OutBio == NULL) {
goto _Exit;
}
if (!PKCS7_verify (Pkcs7, NULL, CertStore, NULL, OutBio, PKCS7_BINARY)) {
goto _Exit;
}
@ -453,14 +464,18 @@ TimestampTokenVerify (
if (TstData == NULL) {
goto _Exit;
}
TstSize = BIO_read (OutBio, (void *)TstData, 2048);
//
// Construct TS_TST_INFO structure from the signed contents.
//
TstTemp = TstData;
TstInfo = d2i_TS_TST_INFO (NULL, (const unsigned char **) &TstTemp,
(int)TstSize);
TstInfo = d2i_TS_TST_INFO (
NULL,
(const unsigned char **)&TstTemp,
(int)TstSize
);
if (TstInfo == NULL) {
goto _Exit;
}
@ -530,9 +545,11 @@ ImageTimestampVerify (
BOOLEAN Status;
PKCS7 *Pkcs7;
CONST UINT8 *Temp;
STACK_OF (PKCS7_SIGNER_INFO) *SignerInfos;
PKCS7_SIGNER_INFO *SignInfo;
UINTN Index;
STACK_OF (X509_ATTRIBUTE) *Sk;
X509_ATTRIBUTE *Xa;
ASN1_OBJECT *XaObj;
@ -556,7 +573,8 @@ ImageTimestampVerify (
// Register & Initialize necessary digest algorithms for PKCS#7 Handling.
//
if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) == 0) ||
(EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0) {
(EVP_add_digest (EVP_sha256 ()) == 0) || ((EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
{
return FALSE;
}
@ -605,7 +623,8 @@ ImageTimestampVerify (
// of SignerInfo.
//
Sk = SignInfo->unauth_attr;
if (Sk == NULL) { // No timestamp counterSignature.
if (Sk == NULL) {
// No timestamp counterSignature.
goto _Exit;
}
@ -618,14 +637,18 @@ ImageTimestampVerify (
if (Xa == NULL) {
continue;
}
XaObj = X509_ATTRIBUTE_get0_object (Xa);
if (XaObj == NULL) {
continue;
}
if ((OBJ_length (XaObj) != sizeof (mSpcRFC3161OidValue)) ||
(CompareMem (OBJ_get0_data(XaObj), mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) {
(CompareMem (OBJ_get0_data (XaObj), mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0))
{
continue;
}
Asn1Type = X509_ATTRIBUTE_get0_type (Xa, 0);
}
@ -633,6 +656,7 @@ ImageTimestampVerify (
Status = FALSE;
goto _Exit;
}
TSToken = Asn1Type->value.octet_string->data;
TokenSize = Asn1Type->value.octet_string->length;

26
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
View File

@ -38,7 +38,7 @@ X509ConstructCertificate (
//
// Check input parameters.
//
if (Cert == NULL || SingleX509Cert == NULL || CertSize > INT_MAX) {
if ((Cert == NULL) || (SingleX509Cert == NULL) || (CertSize > INT_MAX)) {
return FALSE;
}
@ -85,6 +85,7 @@ X509ConstructCertificateStackV (
UINT8 *Cert;
UINTN CertSize;
X509 *X509Cert;
STACK_OF (X509) *CertStack;
BOOLEAN Status;
UINTN Index;
@ -136,6 +137,7 @@ X509ConstructCertificateStackV (
if (X509Cert != NULL) {
X509_free (X509Cert);
}
break;
}
@ -274,7 +276,7 @@ X509GetSubjectName (
//
// Check input parameters.
//
if (Cert == NULL || SubjectSize == NULL) {
if ((Cert == NULL) || (SubjectSize == NULL)) {
return FALSE;
}
@ -304,6 +306,7 @@ X509GetSubjectName (
*SubjectSize = X509NameSize;
goto _Exit;
}
*SubjectSize = X509NameSize;
if (CertSubject != NULL) {
i2d_X509_NAME (X509Name, &CertSubject);
@ -377,6 +380,7 @@ InternalX509GetNIDName (
if ((Cert == NULL) || (CertSize > INT_MAX) || (CommonNameSize == NULL)) {
return ReturnStatus;
}
if ((CommonName != NULL) && (*CommonNameSize == 0)) {
return ReturnStatus;
}
@ -458,6 +462,7 @@ _Exit:
if (X509Cert != NULL) {
X509_free (X509Cert);
}
if (UTF8Name != NULL) {
OPENSSL_free (UTF8Name);
}
@ -572,7 +577,7 @@ RsaGetPublicKeyFromX509 (
//
// Check input parameters.
//
if (Cert == NULL || RsaContext == NULL) {
if ((Cert == NULL) || (RsaContext == NULL)) {
return FALSE;
}
@ -654,7 +659,7 @@ X509VerifyCert (
//
// Check input parameters.
//
if (Cert == NULL || CACert == NULL) {
if ((Cert == NULL) || (CACert == NULL)) {
return FALSE;
}
@ -670,9 +675,11 @@ X509VerifyCert (
if (EVP_add_digest (EVP_md5 ()) == 0) {
goto _Exit;
}
if (EVP_add_digest (EVP_sha1 ()) == 0) {
goto _Exit;
}
if (EVP_add_digest (EVP_sha256 ()) == 0) {
goto _Exit;
}
@ -704,6 +711,7 @@ X509VerifyCert (
if (CertStore == NULL) {
goto _Exit;
}
if (!(X509_STORE_add_cert (CertStore, X509CACert))) {
goto _Exit;
}
@ -712,8 +720,10 @@ X509VerifyCert (
// Allow partial certificate chains, terminated by a non-self-signed but
// still trusted intermediate certificate. Also disable time checks.
//
X509_STORE_set_flags (CertStore,
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
X509_STORE_set_flags (
CertStore,
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
);
//
// Set up X509_STORE_CTX for the subsequent verification operation.
@ -722,6 +732,7 @@ X509VerifyCert (
if (CertCtx == NULL) {
goto _Exit;
}
if (!X509_STORE_CTX_init (CertCtx, CertStore, X509Cert, NULL)) {
goto _Exit;
}
@ -787,7 +798,8 @@ X509GetTBSCert (
// Check input parameters.
//
if ((Cert == NULL) || (TBSCert == NULL) ||
(TBSCertSize == NULL) || (CertSize > INT_MAX)) {
(TBSCertSize == NULL) || (CertSize > INT_MAX))
{
return FALSE;
}

2
CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c
View File

@ -89,7 +89,7 @@ RandomBytes (
//
// Check input parameters.
//
if (Output == NULL || Size > INT_MAX) {
if ((Output == NULL) || (Size > INT_MAX)) {
return FALSE;
}

1
CryptoPkg/Library/BaseCryptLib/Rand/CryptRandNull.c
View File

@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "InternalCryptLib.h"
/**
Sets up the seed value for the pseudorandom number generator.

2
CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c
View File

@ -97,7 +97,7 @@ RandomBytes (
//
// Check input parameters.
//
if (Output == NULL || Size > INT_MAX) {
if ((Output == NULL) || (Size > INT_MAX)) {
return FALSE;
}

16
CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c
View File

@ -27,7 +27,10 @@ typedef struct {
//
/* Allocates memory blocks */
void *malloc (size_t size)
void *
malloc (
size_t size
)
{
CRYPTMEM_HEAD *PoolHdr;
UINTN NewSize;
@ -57,7 +60,11 @@ void *malloc (size_t size)
}
/* Reallocate memory blocks */
void *realloc (void *ptr, size_t size)
void *
realloc (
void *ptr,
size_t size
)
{
CRYPTMEM_HEAD *OldPoolHdr;
CRYPTMEM_HEAD *NewPoolHdr;
@ -96,7 +103,10 @@ void *realloc (void *ptr, size_t size)
}
/* De-allocates or frees a memory block */
void free (void *ptr)
void
free (
void *ptr
)
{
CRYPTMEM_HEAD *PoolHdr;

11
CryptoPkg/Library/BaseCryptLib/SysCall/ConstantTimeClock.c
View File

@ -23,15 +23,22 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// -- Time Management Routines --
//
time_t time (time_t *timer)
time_t
time (
time_t *timer
)
{
if (timer != NULL) {
*timer = 0;
}
return 0;
}
struct tm * gmtime (const time_t *timer)
struct tm *
gmtime (
const time_t *timer
)
{
return NULL;
}

193
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
View File

@ -43,7 +43,7 @@ QuickSortWorker (
ASSERT (CompareFunction != NULL);
ASSERT (Buffer != NULL);
if (Count < 2 || ElementSize < 1) {
if ((Count < 2) || (ElementSize < 1)) {
return;
}
@ -58,8 +58,7 @@ QuickSortWorker (
// Now get the pivot such that all on "left" are below it
// and everything "right" are above it
//
for (LoopCount = 0; LoopCount < Count - 1; LoopCount++)
{
for (LoopCount = 0; LoopCount < Count - 1; LoopCount++) {
//
// If the element is less than the pivot
//
@ -77,6 +76,7 @@ QuickSortWorker (
NextSwapLocation++;
}
}
//
// Swap pivot to its final position (NextSwapLocation)
//
@ -115,13 +115,21 @@ QuickSortWorker (
// -- String Manipulation Routines --
//
char *strchr(const char *str, int ch)
char *
strchr (
const char *str,
int ch
)
{
return ScanMem8 (str, AsciiStrSize (str), (UINT8)ch);
}
/* Scan a string for the last occurrence of a character */
char *strrchr (const char *str, int c)
char *
strrchr (
const char *str,
int c
)
{
char *save;
@ -129,6 +137,7 @@ char *strrchr (const char *str, int c)
if (*str == c) {
save = (char *)str;
}
if (*str == 0) {
return (save);
}
@ -136,7 +145,12 @@ char *strrchr (const char *str, int c)
}
/* Compare first n bytes of string s1 with string s2, ignoring case */
int strncasecmp (const char *s1, const char *s2, size_t n)
int
strncasecmp (
const char *s1,
const char *s2,
size_t n
)
{
int Val;
@ -149,6 +163,7 @@ int strncasecmp (const char *s1, const char *s2, size_t n)
if (Val != 0) {
return Val;
}
++s1;
++s2;
if (*s1 == '\0') {
@ -156,11 +171,17 @@ int strncasecmp (const char *s1, const char *s2, size_t n)
}
} while (--n != 0);
}
return 0;
}
/* Read formatted data from a string */
int sscanf (const char *buffer, const char *format, ...)
int
sscanf (
const char *buffer,
const char *format,
...
)
{
//
// Null sscanf() function implementation to satisfy the linker, since
@ -170,14 +191,21 @@ int sscanf (const char *buffer, const char *format, ...)
}
/* Maps errnum to an error-message string */
char * strerror (int errnum)
char *
strerror (
int errnum
)
{
return NULL;
}
/* Computes the length of the maximum initial segment of the string pointed to by s1
which consists entirely of characters from the string pointed to by s2. */
size_t strspn (const char *s1 , const char *s2)
size_t
strspn (
const char *s1,
const char *s2
)
{
UINT8 Map[32];
UINT32 Index;
@ -207,7 +235,11 @@ size_t strspn (const char *s1 , const char *s2)
/* Computes the length of the maximum initial segment of the string pointed to by s1
which consists entirely of characters not from the string pointed to by s2. */
size_t strcspn (const char *s1, const char *s2)
size_t
strcspn (
const char *s1,
const char *s2
)
{
UINT8 Map[32];
UINT32 Index;
@ -238,7 +270,10 @@ size_t strcspn (const char *s1, const char *s2)
//
/* Determines if a particular character is a decimal-digit character */
int isdigit (int c)
int
isdigit (
int c
)
{
//
// <digit> ::= [0-9]
@ -247,7 +282,10 @@ int isdigit (int c)
}
/* Determine if an integer represents character that is a hex digit */
int isxdigit (int c)
int
isxdigit (
int c
)
{
//
// <hexdigit> ::= [0-9] | [a-f] | [A-F]
@ -258,7 +296,10 @@ int isxdigit (int c)
}
/* Determines if a particular character represents a space character */
int isspace (int c)
int
isspace (
int c
)
{
//
// <space> ::= [ ]
@ -267,7 +308,10 @@ int isspace (int c)
}
/* Determine if a particular character is an alphanumeric character */
int isalnum (int c)
int
isalnum (
int c
)
{
//
// <alnum> ::= [0-9] | [a-z] | [A-Z]
@ -278,7 +322,10 @@ int isalnum (int c)
}
/* Determines if a particular character is in upper case */
int isupper (int c)
int
isupper (
int c
)
{
//
// <uppercase letter> := [A-Z]
@ -291,7 +338,12 @@ int isupper (int c)
//
/* Convert strings to a long-integer value */
long strtol (const char *nptr, char **endptr, int base)
long
strtol (
const char *nptr,
char **endptr,
int base
)
{
//
// Null strtol() function implementation to satisfy the linker, since there is
@ -301,7 +353,12 @@ long strtol (const char *nptr, char **endptr, int base)
}
/* Convert strings to an unsigned long-integer value */
unsigned long strtoul (const char *nptr, char **endptr, int base)
unsigned long
strtoul (
const char *nptr,
char **endptr,
int base
)
{
//
// Null strtoul() function implementation to satisfy the linker, since there is
@ -311,11 +368,15 @@ unsigned long strtoul (const char *nptr, char **endptr, int base)
}
/* Convert character to lowercase */
int tolower (int c)
int
tolower (
int c
)
{
if (('A' <= (c)) && ((c) <= 'Z')) {
return (c - ('A' - 'a'));
}
return (c);
}
@ -324,7 +385,13 @@ int tolower (int c)
//
/* Performs a quick sort */
void qsort (void *base, size_t num, size_t width, int (*compare)(const void *, const void *))
void
qsort (
void *base,
size_t num,
size_t width,
int ( *compare )(const void *, const void *)
)
{
VOID *Buffer;
@ -351,7 +418,10 @@ void qsort (void *base, size_t num, size_t width, int (*compare)(const void *, c
//
/* Get a value from the current environment */
char *getenv (const char *varname)
char *
getenv (
const char *varname
)
{
//
// Null getenv() function implementation to satisfy the linker, since there is
@ -361,7 +431,10 @@ char *getenv (const char *varname)
}
/* Get a value from the current environment */
char *secure_getenv (const char *varname)
char *
secure_getenv (
const char *varname
)
{
//
// Null secure_getenv() function implementation to satisfy the linker, since
@ -378,7 +451,13 @@ char *secure_getenv (const char *varname)
//
/* Write data to a stream */
size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream)
size_t
fwrite (
const void *buffer,
size_t size,
size_t count,
FILE *stream
)
{
return 0;
}
@ -387,12 +466,23 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream)
// -- Dummy OpenSSL Support Routines --
//
int BIO_printf (void *bio, const char *format, ...)
int
BIO_printf (
void *bio,
const char *format,
...
)
{
return 0;
}
int BIO_snprintf(char *buf, size_t n, const char *format, ...)
int
BIO_snprintf (
char *buf,
size_t n,
const char *format,
...
)
{
return 0;
}
@ -414,7 +504,10 @@ NopFunction (
{
}
void abort (void)
void
abort (
void
)
{
NoReturnFuncPtr NoReturnFunc;
@ -425,49 +518,81 @@ void abort (void)
#else
void abort (void)
void
abort (
void
)
{
// Do nothing
}
#endif
int fclose (FILE *f)
int
fclose (
FILE *f
)
{
return 0;
}
FILE *fopen (const char *c, const char *m)
FILE *
fopen (
const char *c,
const char *m
)
{
return NULL;
}
size_t fread (void *b, size_t c, size_t i, FILE *f)
size_t
fread (
void *b,
size_t c,
size_t i,
FILE *f
)
{
return 0;
}
uid_t getuid (void)
uid_t
getuid (
void
)
{
return 0;
}
uid_t geteuid (void)
uid_t
geteuid (
void
)
{
return 0;
}
gid_t getgid (void)
gid_t
getgid (
void
)
{
return 0;
}
gid_t getegid (void)
gid_t
getegid (
void
)
{
return 0;
}
int printf (char const *fmt, ...)
int
printf (
char const *fmt,
...
)
{
return 0;
}

33
CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c
View File

@ -61,7 +61,6 @@ RT_MEMORY_PAGE_TABLE *mRTPageTable = NULL;
//
STATIC EFI_EVENT mVirtualAddressChangeEvent;
/**
Initializes pre-allocated memory pointed by ScratchBuffer for subsequent
runtime use.
@ -114,7 +113,6 @@ InitializeScratchMemory (
return EFI_SUCCESS;
}
/**
Look-up Free memory Region for object allocation.
@ -182,6 +180,7 @@ LookupFreeMemRegion (
//
return (UINTN)(-1);
}
for (Index = 0; Index < (StartPageIndex - ReqPages); ) {
//
// Check Consecutive ReqPages Pages.
@ -203,7 +202,8 @@ LookupFreeMemRegion (
// Failed! Skip current adjacent Used pages
//
while ((SubIndex < (StartPageIndex - ReqPages)) &&
((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0)) {
((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0))
{
SubIndex++;
}
@ -216,7 +216,6 @@ LookupFreeMemRegion (
return (UINTN)(-1);
}
/**
Allocates a buffer at runtime phase.
@ -274,7 +273,6 @@ RuntimeAllocateMem (
return AllocPtr;
}
/**
Frees a buffer that was previously allocated at runtime phase.
@ -294,7 +292,8 @@ RuntimeFreeMem (
while (StartPageIndex < mRTPageTable->PageCount) {
if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != 0) &&
(mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset)) {
(mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset))
{
//
// Free this page
//
@ -311,7 +310,6 @@ RuntimeFreeMem (
return;
}
/**
Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE.
@ -336,7 +334,6 @@ RuntimeCryptLibAddressChangeEvent (
EfiConvertPointer (0x0, (VOID **)&mRTPageTable);
}
/**
Constructor routine for runtime crypt library instance.
@ -384,19 +381,25 @@ RuntimeCryptLibConstructor (
return Status;
}
//
// -- Memory-Allocation Routines Wrapper for UEFI-OpenSSL Library --
//
/* Allocates memory blocks */
void *malloc (size_t size)
void *
malloc (
size_t size
)
{
return RuntimeAllocateMem ((UINTN)size);
}
/* Reallocate memory blocks */
void *realloc (void *ptr, size_t size)
void *
realloc (
void *ptr,
size_t size
)
{
VOID *NewPtr;
UINTN StartOffset;
@ -415,7 +418,8 @@ void *realloc (void *ptr, size_t size)
PageCount = 0;
while (StartPageIndex < mRTPageTable->PageCount) {
if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != 0) &&
(mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset)) {
(mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset))
{
StartPageIndex++;
PageCount++;
} else {
@ -443,7 +447,10 @@ void *realloc (void *ptr, size_t size)
}
/* Deallocates or frees a memory block */
void free (void *ptr)
void
free (
void *ptr
)
{
//
// In Standard C, free() handles a null pointer argument transparently. This

10
CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c
View File

@ -64,7 +64,10 @@ UINTN CumulativeDays[2][14] = {
// INTN time(
// INTN *timer
// )
time_t time (time_t *timer)
time_t
time (
time_t *timer
)
{
EFI_STATUS Status;
EFI_TIME Time;
@ -108,7 +111,10 @@ time_t time (time_t *timer)
//
// Convert a time value from type time_t to struct tm.
//
struct tm * gmtime (const time_t *timer)
struct tm *
gmtime (
const time_t *timer
)
{
struct tm *GmTime;
UINT16 DayNo;

57
CryptoPkg/Library/BaseCryptLib/SysCall/UnitTestHostCrtWrapper.c
View File

@ -14,16 +14,25 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DebugLib.h>
/* Convert character to lowercase */
int tolower (int c)
int
tolower (
int c
)
{
if (('A' <= (c)) && ((c) <= 'Z')) {
return (c - ('A' - 'a'));
}
return (c);
}
/* Compare first n bytes of string s1 with string s2, ignoring case */
int strncasecmp (const char *s1, const char *s2, size_t n)
int
strncasecmp (
const char *s1,
const char *s2,
size_t n
)
{
int Val;
@ -36,6 +45,7 @@ int strncasecmp (const char *s1, const char *s2, size_t n)
if (Val != 0) {
return Val;
}
++s1;
++s2;
if (*s1 == '\0') {
@ -43,11 +53,17 @@ int strncasecmp (const char *s1, const char *s2, size_t n)
}
} while (--n != 0);
}
return 0;
}
/* Read formatted data from a string */
int sscanf (const char *buffer, const char *format, ...)
int
sscanf (
const char *buffer,
const char *format,
...
)
{
//
// Null sscanf() function implementation to satisfy the linker, since
@ -60,32 +76,55 @@ int sscanf (const char *buffer, const char *format, ...)
// -- Dummy OpenSSL Support Routines --
//
int BIO_printf (void *bio, const char *format, ...)
int
BIO_printf (
void *bio,
const char *format,
...
)
{
return 0;
}
int BIO_snprintf(char *buf, size_t n, const char *format, ...)
int
BIO_snprintf (
char *buf,
size_t n,
const char *format,
...
)
{
return 0;
}
uid_t getuid (void)
uid_t
getuid (
void
)
{
return 0;
}
uid_t geteuid (void)
uid_t
geteuid (
void
)
{
return 0;
}
gid_t getgid (void)
gid_t
getgid (
void
)
{
return 0;
}
gid_t getegid (void)
gid_t
getegid (
void
)
{
return 0;
}

85
CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
View File

@ -72,8 +72,17 @@ static char rcsid[] = "$Id: inet_pton.c,v 1.1.1.1 2003/11/19 01:51:30 kyu3 Exp $
* sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
*/
static int inet_pton4 (const char *src, u_char *dst);
static int inet_pton6 (const char *src, u_char *dst);
static int
inet_pton4 (
const char *src,
u_char *dst
);
static int
inet_pton6 (
const char *src,
u_char *dst
);
/* int
* inet_pton(af, src, dst)
@ -102,6 +111,7 @@ inet_pton(
errno = EAFNOSUPPORT;
return (-1);
}
/* NOTREACHED */
}
@ -134,24 +144,33 @@ inet_pton4(
if ((pch = strchr (digits, ch)) != NULL) {
u_int new = *tp * 10 + (u_int)(pch - digits);
if (new > 255)
if (new > 255) {
return (0);
}
*tp = (u_char)new;
if (!saw_digit) {
if (++octets > 4)
if (++octets > 4) {
return (0);
}
saw_digit = 1;
}
} else if (ch == '.' && saw_digit) {
if (octets == 4)
return (0);
*++tp = 0;
saw_digit = 0;
} else
} else if ((ch == '.') && saw_digit) {
if (octets == 4) {
return (0);
}
if (octets < 4)
*++tp = 0;
saw_digit = 0;
} else {
return (0);
}
}
if (octets < 4) {
return (0);
}
memcpy (dst, tmp, NS_INADDRSZ);
return (1);
@ -187,55 +206,75 @@ inet_pton6(
endp = tp + NS_IN6ADDRSZ;
colonp = NULL;
/* Leading :: requires some special handling. */
if (*src == ':')
if (*++src != ':')
if (*src == ':') {
if (*++src != ':') {
return (0);
}
}
curtok = src;
saw_xdigit = 0;
val = 0;
while ((ch = *src++) != '\0') {
const char *pch;
if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
if ((pch = strchr ((xdigits = xdigits_l), ch)) == NULL) {
pch = strchr ((xdigits = xdigits_u), ch);
}
if (pch != NULL) {
val <<= 4;
val |= (pch - xdigits);
if (val > 0xffff)
if (val > 0xffff) {
return (0);
}
saw_xdigit = 1;
continue;
}
if (ch == ':') {
curtok = src;
if (!saw_xdigit) {
if (colonp)
if (colonp) {
return (0);
}
colonp = tp;
continue;
}
if (tp + NS_INT16SZ > endp)
if (tp + NS_INT16SZ > endp) {
return (0);
}
*tp++ = (u_char)(val >> 8) & 0xff;
*tp++ = (u_char)val & 0xff;
saw_xdigit = 0;
val = 0;
continue;
}
if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
inet_pton4(curtok, tp) > 0) {
if ((ch == '.') && ((tp + NS_INADDRSZ) <= endp) &&
(inet_pton4 (curtok, tp) > 0))
{
tp += NS_INADDRSZ;
saw_xdigit = 0;
break; /* '\0' was seen by inet_pton4(). */
}
return (0);
}
if (saw_xdigit) {
if (tp + NS_INT16SZ > endp)
if (tp + NS_INT16SZ > endp) {
return (0);
}
*tp++ = (u_char)(val >> 8) & 0xff;
*tp++ = (u_char)val & 0xff;
}
if (colonp != NULL) {
/*
* Since some memmove()'s erroneously fail to handle
@ -248,10 +287,14 @@ inet_pton6(
endp[-i] = colonp[n - i];
colonp[n - i] = 0;
}
tp = endp;
}
if (tp != endp)
if (tp != endp) {
return (0);
}
memcpy (dst, tmp, NS_IN6ADDRSZ);
return (1);
}

2
CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd5Null.c
View File

@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "InternalCryptLib.h"
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
@ -26,7 +25,6 @@ Md5GetContextSize (
return 0;
}
/**
Initializes user-supplied memory pointed by Md5Context as MD5 hash context for
subsequent use.

1
CryptoPkg/Library/BaseCryptLibNull/Hash/CryptSha1Null.c
View File

@ -8,7 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "InternalCryptLib.h"
/**
Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.

1
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs7SignNull.c
View File

@ -51,4 +51,3 @@ Pkcs7Sign (
ASSERT (FALSE);
return FALSE;
}

4
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs7VerifyEkuNull.c
View File

@ -57,10 +57,8 @@ GetSignerCertificate (
{
ASSERT (FALSE);
return EFI_NOT_READY;
}
/**
Determines if the specified EKU represented in ASN1 form is present
in a given certificate.
@ -84,7 +82,6 @@ IsEkuInCertificate (
return EFI_NOT_READY;
}
/**
Determines if the specified EKUs are present in a signing certificate.
@ -153,4 +150,3 @@ VerifyEKUsInPkcs7Signature (
ASSERT (FALSE);
return EFI_NOT_READY;
}

2
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaExtNull.c
View File

@ -115,5 +115,3 @@ RsaPkcs1Sign (
ASSERT (FALSE);
return FALSE;
}

1
CryptoPkg/Library/BaseCryptLibNull/Rand/CryptRandNull.c
View File

@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "InternalCryptLib.h"
/**
Sets up the seed value for the pseudorandom number generator.

5
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
View File

@ -100,6 +100,7 @@ CryptoServiceNotAvailable (
// =====================================================================================
#ifdef ENABLE_MD5_DEPRECATED_INTERFACES
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
@ -257,9 +258,11 @@ Md5HashAll (
{
CALL_CRYPTO_SERVICE (Md5HashAll, (Data, DataSize, HashValue), FALSE);
}
#endif
#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
/**
Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
@ -417,6 +420,7 @@ Sha1HashAll (
{
CALL_CRYPTO_SERVICE (Sha1HashAll, (Data, DataSize, HashValue), FALSE);
}
#endif
/**
@ -2287,7 +2291,6 @@ VerifyEKUsInPkcs7Signature (
CALL_CRYPTO_SERVICE (VerifyEKUsInPkcs7Signature, (Pkcs7Signature, SignatureSize, RequiredEKUs, RequiredEKUsSize, RequireAllPresent), FALSE);
}
/**
Extracts the attached content from a PKCS#7 signed data if existed. The input signed
data could be wrapped in a ContentInfo structure.

2
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c
View File

@ -57,7 +57,7 @@ DxeCryptLibConstructor (
(VOID **)&mCryptoProtocol
);
if (EFI_ERROR (Status) || mCryptoProtocol == NULL) {
if (EFI_ERROR (Status) || (mCryptoProtocol == NULL)) {
DEBUG ((DEBUG_ERROR, "[DxeCryptLib] Failed to locate Crypto Protocol. Status = %r\n", Status));
ASSERT_EFI_ERROR (Status);
ASSERT (mCryptoProtocol != NULL);

2
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c
View File

@ -39,7 +39,7 @@ GetCryptoServices (
NULL,
(VOID **)&CryptoPpi
);
if (EFI_ERROR (Status) || CryptoPpi == NULL) {
if (EFI_ERROR (Status) || (CryptoPpi == NULL)) {
DEBUG ((DEBUG_ERROR, "[PeiCryptLib] Failed to locate Crypto PPI. Status = %r\n", Status));
ASSERT_EFI_ERROR (Status);
ASSERT (CryptoPpi != NULL);

2
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c
View File

@ -59,7 +59,7 @@ SmmCryptLibConstructor (
NULL,
(VOID **)&mSmmCryptoProtocol
);
if (EFI_ERROR (Status) || mSmmCryptoProtocol == NULL) {
if (EFI_ERROR (Status) || (mSmmCryptoProtocol == NULL)) {
DEBUG ((DEBUG_ERROR, "[SmmCryptLib] Failed to locate Crypto SMM Protocol. Status = %r\n", Status));
ASSERT_EFI_ERROR (Status);
ASSERT (mSmmCryptoProtocol != NULL);

272
CryptoPkg/Library/Include/CrtLibSupport.h
View File

@ -155,49 +155,241 @@ extern FILE *stderr;
//
// Function prototypes of CRT Library routines
//
void *malloc (size_t);
void *realloc (void *, size_t);
void free (void *);
void *memset (void *, int, size_t);
int memcmp (const void *, const void *, size_t);
int isdigit (int);
int isspace (int);
int isxdigit (int);
int isalnum (int);
int isupper (int);
int tolower (int);
int strcmp (const char *, const char *);
int strncasecmp (const char *, const char *, size_t);
char *strchr (const char *, int);
char *strrchr (const char *, int);
unsigned long strtoul (const char *, char **, int);
long strtol (const char *, char **, int);
char *strerror (int);
size_t strspn (const char *, const char *);
size_t strcspn (const char *, const char *);
int printf (const char *, ...);
int sscanf (const char *, const char *, ...);
FILE *fopen (const char *, const char *);
size_t fread (void *, size_t, size_t, FILE *);
size_t fwrite (const void *, size_t, size_t, FILE *);
int fclose (FILE *);
int fprintf (FILE *, const char *, ...);
time_t time (time_t *);
struct tm *gmtime (const time_t *);
uid_t getuid (void);
uid_t geteuid (void);
gid_t getgid (void);
gid_t getegid (void);
int issetugid (void);
void qsort (void *, size_t, size_t, int (*)(const void *, const void *));
char *getenv (const char *);
char *secure_getenv (const char *);
void *
malloc (
size_t
);
void *
realloc (
void *,
size_t
);
void
free (
void *
);
void *
memset (
void *,
int,
size_t
);
int
memcmp (
const void *,
const void *,
size_t
);
int
isdigit (
int
);
int
isspace (
int
);
int
isxdigit (
int
);
int
isalnum (
int
);
int
isupper (
int
);
int
tolower (
int
);
int
strcmp (
const char *,
const char *
);
int
strncasecmp (
const char *,
const char *,
size_t
);
char *
strchr (
const char *,
int
);
char *
strrchr (
const char *,
int
);
unsigned long
strtoul (
const char *,
char **,
int
);
long
strtol (
const char *,
char **,
int
);
char *
strerror (
int
);
size_t
strspn (
const char *,
const char *
);
size_t
strcspn (
const char *,
const char *
);
int
printf (
const char *,
...
);
int
sscanf (
const char *,
const char *,
...
);
FILE *
fopen (
const char *,
const char *
);
size_t
fread (
void *,
size_t,
size_t,
FILE *
);
size_t
fwrite (
const void *,
size_t,
size_t,
FILE *
);
int
fclose (
FILE *
);
int
fprintf (
FILE *,
const char *,
...
);
time_t
time (
time_t *
);
struct tm *
gmtime (
const time_t *
);
uid_t
getuid (
void
);
uid_t
geteuid (
void
);
gid_t
getgid (
void
);
gid_t
getegid (
void
);
int
issetugid (
void
);
void
qsort (
void *,
size_t,
size_t,
int (*)(const void *, const void *)
);
char *
getenv (
const char *
);
char *
secure_getenv (
const char *
);
#if defined (__GNUC__) && (__GNUC__ >= 2)
void abort (void) __attribute__((__noreturn__));
void
abort (
void
) __attribute__ ((__noreturn__));
#else
void abort (void);
void
abort (
void
);
#endif
int inet_pton (int, const char *, void *);
int
inet_pton (
int,
const char *,
void *
);
//
// Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions

1
CryptoPkg/Library/Include/crypto/dso_conf.h
View File

@ -1,5 +1,6 @@
/* WARNING: do not edit! */
/* Generated from include/crypto/dso_conf.h.in */
/*
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
*

1
CryptoPkg/Library/Include/openssl/opensslconf.h
View File

@ -245,7 +245,6 @@ extern "C" {
#define OPENSSL_NO_DYNAMIC_ENGINE
#endif
/*
* Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
* don't like that. This will hopefully silence them.

1
CryptoPkg/Library/Include/sys/syscall.h
View File

@ -8,4 +8,3 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <CrtLibSupport.h>

23
CryptoPkg/Library/IntrinsicLib/CopyMem.c
View File

@ -14,17 +14,34 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
/* Copies bytes between buffers */
static __attribute__ ((__used__))
void * __memcpy (void *dest, const void *src, unsigned int count)
void *
__memcpy (
void *dest,
const void *src,
unsigned int count
)
{
return CopyMem (dest, src, (UINTN)count);
}
__attribute__ ((__alias__ ("__memcpy")))
void * memcpy (void *dest, const void *src, unsigned int count);
void *
memcpy (
void *dest,
const void *src,
unsigned int count
);
#else
/* Copies bytes between buffers */
void * memcpy (void *dest, const void *src, unsigned int count)
void *
memcpy (
void *dest,
const void *src,
unsigned int count
)
{
return CopyMem (dest, src, (UINTN)count);
}
#endif

5
CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
View File

@ -11,7 +11,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
/*
* Floating point to integer conversion.
*/
__declspec(naked) void _ftol2 (void)
__declspec(naked) void
_ftol2 (
void
)
{
_asm {
fistp qword ptr [esp-8]

7
CryptoPkg/Library/IntrinsicLib/Ia32/MathLShiftS64.c
View File

@ -8,16 +8,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
/*
* Shifts a 64-bit signed value left by a particular number of bits.
*/
__declspec(naked) void __cdecl _allshl (void)
__declspec(naked) void __cdecl
_allshl (
void
)
{
_asm {
;
; Handle shifting of 64 or more bits (return 0)
;
cmp cl, 64
jae short ReturnZero

7
CryptoPkg/Library/IntrinsicLib/Ia32/MathRShiftU64.c
View File

@ -8,11 +8,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
/*
* Shifts a 64-bit unsigned value right by a certain number of bits.
*/
__declspec(naked) void __cdecl _aullshr (void)
__declspec(naked) void __cdecl
_aullshr (
void
)
{
_asm {
;
@ -43,6 +45,7 @@ More32:
;
; Invalid number (less then 32bits), return 0
;
_Exit:
xor eax, eax
xor edx, edx

20
CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
View File

@ -24,7 +24,12 @@ typedef UINTN size_t;
int GLOBAL_USED _fltused = 1;
/* Sets buffers to a specified character */
void * memset (void *dest, int ch, size_t count)
void *
memset (
void *dest,
int ch,
size_t count
)
{
//
// NOTE: Here we use one base implementation for memset, instead of the direct
@ -49,12 +54,21 @@ void * memset (void *dest, int ch, size_t count)
}
/* Compare bytes in two buffers. */
int memcmp (const void *buf1, const void *buf2, size_t count)
int
memcmp (
const void *buf1,
const void *buf2,
size_t count
)
{
return (int)CompareMem (buf1, buf2, count);
}
int strcmp (const char *s1, const char *s2)
int
strcmp (
const char *s1,
const char *s2
)
{
return (int)AsciiStrCmp (s1, s2);
}

2
CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
View File

@ -8,7 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Uefi.h>
/**
An internal OpenSSL function which fetches a local copy of the hardware
capability flags.
@ -41,4 +40,3 @@ OpensslLibConstructor (
return EFI_SUCCESS;
}

1
CryptoPkg/Library/OpensslLib/X64/ApiHooks.c
View File

@ -19,4 +19,3 @@ __imp_RtlVirtualUnwind (
{
return NULL;
}

6
CryptoPkg/Library/OpensslLib/ossl_store.c
View File

@ -11,7 +11,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
*
* Dummy Implement for UEFI
*/
void ossl_store_cleanup_int(void)
void
ossl_store_cleanup_int (
void
)
{
}

10
CryptoPkg/Library/OpensslLib/rand_pool.c
View File

@ -44,7 +44,6 @@ RandGetBytes (
return Ret;
}
while (Length > 0) {
// Use RngLib to get random number
Ret = GetRandomNumber64 (&TempRand);
@ -52,12 +51,12 @@ RandGetBytes (
if (!Ret) {
return Ret;
}
if (Length >= sizeof (TempRand)) {
*((UINT64 *)RandBuffer) = TempRand;
RandBuffer += sizeof (UINT64);
Length -= sizeof (TempRand);
}
else {
} else {
CopyMem (RandBuffer, &TempRand, Length);
Length = 0;
}
@ -91,8 +90,7 @@ rand_pool_acquire_entropy (
Ret = RandGetBytes (Bytes_needed, Buffer);
if (FALSE == Ret) {
rand_pool_add_end (pool, 0, 0);
}
else {
} else {
rand_pool_add_end (pool, Bytes_needed, 8 * Bytes_needed);
}
}
@ -112,6 +110,7 @@ rand_pool_add_nonce_data (
)
{
UINT8 data[16];
RandGetBytes (sizeof (data), data);
return rand_pool_add (pool, (unsigned char *)&data, sizeof (data), 0);
@ -128,6 +127,7 @@ rand_pool_add_additional_data (
)
{
UINT8 data[16];
RandGetBytes (sizeof (data), data);
return rand_pool_add (pool, (unsigned char *)&data, sizeof (data), 0);

1
CryptoPkg/Library/TlsLib/InternalTlsLib.h
View File

@ -38,4 +38,3 @@ typedef struct {
} TLS_CONNECTION;
#endif

112
CryptoPkg/Library/TlsLib/TlsConfig.c
View File

@ -138,7 +138,7 @@ TlsSetVersion (
UINT16 ProtoVersion;
TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -176,7 +176,7 @@ TlsSetVersion (
return EFI_UNSUPPORTED;
}
return EFI_SUCCESS;;
return EFI_SUCCESS;
}
/**
@ -202,7 +202,7 @@ TlsSetConnectionEnd (
TLS_CONNECTION *TlsConn;
TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -261,7 +261,7 @@ TlsSetCipherList (
CHAR8 *CipherStringPosition;
TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (CipherId == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -269,11 +269,15 @@ TlsSetCipherList (
// Allocate the MappedCipher array for recording the mappings that we find
// for the input IANA identifiers in CipherId.
//
Status = SafeUintnMult (CipherNum, sizeof (*MappedCipher),
&MappedCipherBytes);
Status = SafeUintnMult (
CipherNum,
sizeof (*MappedCipher),
&MappedCipherBytes
);
if (EFI_ERROR (Status)) {
return EFI_OUT_OF_RESOURCES;
}
MappedCipher = AllocatePool (MappedCipherBytes);
if (MappedCipher == NULL) {
return EFI_OUT_OF_RESOURCES;
@ -291,8 +295,13 @@ TlsSetCipherList (
//
Mapping = TlsGetCipherMapping (CipherId[Index]);
if (Mapping == NULL) {
DEBUG ((DEBUG_VERBOSE, "%a:%a: skipping CipherId=0x%04x\n",
gEfiCallerBaseName, __FUNCTION__, CipherId[Index]));
DEBUG ((
DEBUG_VERBOSE,
"%a:%a: skipping CipherId=0x%04x\n",
gEfiCallerBaseName,
__FUNCTION__,
CipherId[Index]
));
//
// Skipping the cipher is valid because CipherId is an ordered
// preference list of ciphers, thus we can filter it as long as we
@ -300,6 +309,7 @@ TlsSetCipherList (
//
continue;
}
//
// Accumulate Mapping->OpensslCipherLength into CipherStringSize. If this
// is not the first successful mapping, account for a colon (":") prefix
@ -312,12 +322,17 @@ TlsSetCipherList (
goto FreeMappedCipher;
}
}
Status = SafeUintnAdd (CipherStringSize, Mapping->OpensslCipherLength,
&CipherStringSize);
Status = SafeUintnAdd (
CipherStringSize,
Mapping->OpensslCipherLength,
&CipherStringSize
);
if (EFI_ERROR (Status)) {
Status = EFI_OUT_OF_RESOURCES;
goto FreeMappedCipher;
}
//
// Record the mapping.
//
@ -329,16 +344,22 @@ TlsSetCipherList (
// terminating NUL character in CipherStringSize; allocate CipherString.
//
if (MappedCipherCount == 0) {
DEBUG ((DEBUG_ERROR, "%a:%a: no CipherId could be mapped\n",
gEfiCallerBaseName, __FUNCTION__));
DEBUG ((
DEBUG_ERROR,
"%a:%a: no CipherId could be mapped\n",
gEfiCallerBaseName,
__FUNCTION__
));
Status = EFI_UNSUPPORTED;
goto FreeMappedCipher;
}
Status = SafeUintnAdd (CipherStringSize, 1, &CipherStringSize);
if (EFI_ERROR (Status)) {
Status = EFI_OUT_OF_RESOURCES;
goto FreeMappedCipher;
}
CipherString = AllocatePool (CipherStringSize);
if (CipherString == NULL) {
Status = EFI_OUT_OF_RESOURCES;
@ -358,8 +379,12 @@ TlsSetCipherList (
if (Index > 0) {
*(CipherStringPosition++) = ':';
}
CopyMem (CipherStringPosition, Mapping->OpensslCipher,
Mapping->OpensslCipherLength);
CopyMem (
CipherStringPosition,
Mapping->OpensslCipher,
Mapping->OpensslCipherLength
);
CipherStringPosition += Mapping->OpensslCipherLength;
}
@ -380,17 +405,24 @@ TlsSetCipherList (
UINTN SegmentLength;
FullLength = CipherStringSize - 1;
DEBUG ((DEBUG_VERBOSE, "%a:%a: CipherString={\n", gEfiCallerBaseName,
__FUNCTION__));
DEBUG ((
DEBUG_VERBOSE,
"%a:%a: CipherString={\n",
gEfiCallerBaseName,
__FUNCTION__
));
for (CipherStringPosition = CipherString;
CipherStringPosition < CipherString + FullLength;
CipherStringPosition += SegmentLength) {
CipherStringPosition += SegmentLength)
{
SegmentLength = FullLength - (CipherStringPosition - CipherString);
if (SegmentLength > 79) {
SegmentLength = 79;
}
DEBUG ((DEBUG_VERBOSE, "%.*a\n", SegmentLength, CipherStringPosition));
}
DEBUG ((DEBUG_VERBOSE, "}\n"));
//
// Restore the pre-debug value of CipherStringPosition by skipping over the
@ -487,7 +519,7 @@ TlsSetVerify (
TLS_CONNECTION *TlsConn;
TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {
return;
}
@ -524,7 +556,7 @@ TlsSetVerifyHost (
INTN ParamStatus;
TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (HostName == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -541,11 +573,20 @@ TlsSetVerifyHost (
}
if (BinaryAddressSize > 0) {
DEBUG ((DEBUG_VERBOSE, "%a:%a: parsed \"%a\" as an IPv%c address "
"literal\n", gEfiCallerBaseName, __FUNCTION__, HostName,
(UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4')));
ParamStatus = X509_VERIFY_PARAM_set1_ip (VerifyParam, BinaryAddress,
BinaryAddressSize);
DEBUG ((
DEBUG_VERBOSE,
"%a:%a: parsed \"%a\" as an IPv%c address "
"literal\n",
gEfiCallerBaseName,
__FUNCTION__,
HostName,
(UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4')
));
ParamStatus = X509_VERIFY_PARAM_set1_ip (
VerifyParam,
BinaryAddress,
BinaryAddressSize
);
} else {
ParamStatus = X509_VERIFY_PARAM_set1_host (VerifyParam, HostName, 0);
}
@ -582,7 +623,7 @@ TlsSetSessionId (
TlsConn = (TLS_CONNECTION *)Tls;
Session = NULL;
if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (SessionId == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -637,7 +678,7 @@ TlsSetCaCertificate (
TlsConn = (TLS_CONNECTION *)Tls;
Ret = 0;
if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize == 0) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (Data == NULL) || (DataSize == 0)) {
return EFI_INVALID_PARAMETER;
}
@ -684,8 +725,9 @@ TlsSetCaCertificate (
//
// Ignore "already in table" errors
//
if (!(ERR_GET_FUNC (ErrorCode) == X509_F_X509_STORE_ADD_CERT &&
ERR_GET_REASON (ErrorCode) == X509_R_CERT_ALREADY_IN_HASH_TABLE)) {
if (!((ERR_GET_FUNC (ErrorCode) == X509_F_X509_STORE_ADD_CERT) &&
(ERR_GET_REASON (ErrorCode) == X509_R_CERT_ALREADY_IN_HASH_TABLE)))
{
Status = EFI_ABORTED;
goto ON_EXIT;
}
@ -738,7 +780,7 @@ TlsSetHostPublicCert (
Status = EFI_SUCCESS;
TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize == 0) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (Data == NULL) || (DataSize == 0)) {
return EFI_INVALID_PARAMETER;
}
@ -920,7 +962,7 @@ TlsGetCurrentCipher (
TlsConn = (TLS_CONNECTION *)Tls;
Cipher = NULL;
if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (CipherId == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -1018,7 +1060,7 @@ TlsGetSessionId (
TlsConn = (TLS_CONNECTION *)Tls;
Session = NULL;
if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL || SessionIdLen == NULL) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (SessionId == NULL) || (SessionIdLen == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -1055,7 +1097,7 @@ TlsGetClientRandom (
TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL || ClientRandom == NULL) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (ClientRandom == NULL)) {
return;
}
@ -1084,7 +1126,7 @@ TlsGetServerRandom (
TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL || ServerRandom == NULL) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (ServerRandom == NULL)) {
return;
}
@ -1118,7 +1160,7 @@ TlsGetKeyMaterial (
TlsConn = (TLS_CONNECTION *)Tls;
Session = NULL;
if (TlsConn == NULL || TlsConn->Ssl == NULL || KeyMaterial == NULL) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (KeyMaterial == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -1191,7 +1233,7 @@ TlsGetHostPublicCert (
Cert = NULL;
TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL || DataSize == NULL || (*DataSize != 0 && Data == NULL)) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (DataSize == NULL) || ((*DataSize != 0) && (Data == NULL))) {
return EFI_INVALID_PARAMETER;
}

2
CryptoPkg/Library/TlsLib/TlsInit.c
View File

@ -247,6 +247,7 @@ TlsNew (
TlsFree ((VOID *)TlsConn);
return NULL;
}
SSL_CTX_set1_verify_cert_store (SslCtx, X509Store);
X509_STORE_free (X509Store);
}
@ -260,4 +261,3 @@ TlsNew (
);
return (VOID *)TlsConn;
}

59
CryptoPkg/Library/TlsLib/TlsProcess.c
View File

@ -32,7 +32,7 @@ TlsInHandshake (
TLS_CONNECTION *TlsConn;
TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {
return FALSE;
}
@ -87,16 +87,17 @@ TlsDoHandshake (
PendingBufferSize = 0;
Ret = 1;
if (TlsConn == NULL || \
TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
BufferOutSize == NULL || \
(BufferIn == NULL && BufferInSize != 0) || \
(BufferIn != NULL && BufferInSize == 0) || \
(BufferOut == NULL && *BufferOutSize != 0)) {
if ((TlsConn == NULL) || \
(TlsConn->Ssl == NULL) || (TlsConn->InBio == NULL) || (TlsConn->OutBio == NULL) || \
(BufferOutSize == NULL) || \
((BufferIn == NULL) && (BufferInSize != 0)) || \
((BufferIn != NULL) && (BufferInSize == 0)) || \
((BufferOut == NULL) && (*BufferOutSize != 0)))
{
return EFI_INVALID_PARAMETER;
}
if(BufferIn == NULL && BufferInSize == 0) {
if ((BufferIn == NULL) && (BufferInSize == 0)) {
//
// If RequestBuffer is NULL and RequestSize is 0, and TLS session
// status is EfiTlsSessionNotStarted, the TLS session will be initiated
@ -119,9 +120,10 @@ TlsDoHandshake (
if (Ret < 1) {
Ret = SSL_get_error (TlsConn->Ssl, (int)Ret);
if (Ret == SSL_ERROR_SSL ||
Ret == SSL_ERROR_SYSCALL ||
Ret == SSL_ERROR_ZERO_RETURN) {
if ((Ret == SSL_ERROR_SSL) ||
(Ret == SSL_ERROR_SYSCALL) ||
(Ret == SSL_ERROR_ZERO_RETURN))
{
DEBUG ((
DEBUG_ERROR,
"%a SSL_HANDSHAKE_ERROR State=0x%x SSL_ERROR_%a\n",
@ -135,6 +137,7 @@ TlsDoHandshake (
if (ErrorCode == 0) {
break;
}
DEBUG ((
DEBUG_ERROR,
"%a ERROR 0x%x=L%x:F%x:R%x\n",
@ -145,6 +148,7 @@ TlsDoHandshake (
ERR_GET_REASON (ErrorCode)
));
}
DEBUG_CODE_END ();
return EFI_ABORTED;
}
@ -209,17 +213,18 @@ TlsHandleAlert (
TempBuffer = NULL;
Ret = 0;
if (TlsConn == NULL || \
TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
BufferOutSize == NULL || \
(BufferIn == NULL && BufferInSize != 0) || \
(BufferIn != NULL && BufferInSize == 0) || \
(BufferOut == NULL && *BufferOutSize != 0)) {
if ((TlsConn == NULL) || \
(TlsConn->Ssl == NULL) || (TlsConn->InBio == NULL) || (TlsConn->OutBio == NULL) || \
(BufferOutSize == NULL) || \
((BufferIn == NULL) && (BufferInSize != 0)) || \
((BufferIn != NULL) && (BufferInSize == 0)) || \
((BufferOut == NULL) && (*BufferOutSize != 0)))
{
return EFI_INVALID_PARAMETER;
}
PendingBufferSize = (UINTN)BIO_ctrl_pending (TlsConn->OutBio);
if (PendingBufferSize == 0 && BufferIn != NULL && BufferInSize != 0) {
if ((PendingBufferSize == 0) && (BufferIn != NULL) && (BufferInSize != 0)) {
Ret = BIO_write (TlsConn->InBio, BufferIn, (UINT32)BufferInSize);
if (Ret != (INTN)BufferInSize) {
return EFI_ABORTED;
@ -284,10 +289,11 @@ TlsCloseNotify (
TlsConn = (TLS_CONNECTION *)Tls;
PendingBufferSize = 0;
if (TlsConn == NULL || \
TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
BufferSize == NULL || \
(Buffer == NULL && *BufferSize != 0)) {
if ((TlsConn == NULL) || \
(TlsConn->Ssl == NULL) || (TlsConn->InBio == NULL) || (TlsConn->OutBio == NULL) || \
(BufferSize == NULL) || \
((Buffer == NULL) && (*BufferSize != 0)))
{
return EFI_INVALID_PARAMETER;
}
@ -339,7 +345,7 @@ TlsCtrlTrafficOut (
TLS_CONNECTION *TlsConn;
TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL || TlsConn->OutBio == 0) {
if ((TlsConn == NULL) || (TlsConn->OutBio == 0)) {
return -1;
}
@ -374,7 +380,7 @@ TlsCtrlTrafficIn (
TLS_CONNECTION *TlsConn;
TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL || TlsConn->InBio == 0) {
if ((TlsConn == NULL) || (TlsConn->InBio == 0)) {
return -1;
}
@ -383,6 +389,7 @@ TlsCtrlTrafficIn (
//
return BIO_write (TlsConn->InBio, Buffer, (UINT32)BufferSize);
}
/**
Attempts to read bytes from the specified TLS connection into the buffer.
@ -409,7 +416,7 @@ TlsRead (
TLS_CONNECTION *TlsConn;
TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {
return -1;
}
@ -445,7 +452,7 @@ TlsWrite (
TLS_CONNECTION *TlsConn;
TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL) {
if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {
return -1;
}

1
CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
View File

@ -131,6 +131,7 @@ TlsSetVerify (
}
// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN) accepted. [BEGIN]
/**
Set the specified host name to be verified.

1
CryptoPkg/Library/TlsLibNull/TlsInitNull.c
View File

@ -108,4 +108,3 @@ TlsNew (
ASSERT (FALSE);
return NULL;
}

1
CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
View File

@ -191,6 +191,7 @@ TlsCtrlTrafficIn (
ASSERT (FALSE);
return 0;
}
/**
Attempts to read bytes from the specified TLS connection into the buffer.

69
CryptoPkg/Private/Protocol/Crypto.h
View File

@ -43,6 +43,7 @@ UINTN
// =====================================================================================
// MAC (Message Authentication Code) Primitive
// =====================================================================================
/**
HMAC MD5 is deprecated and unsupported any longer.
Keep the function field for binary compability.
@ -137,7 +138,6 @@ BOOLEAN
OUT UINT8 *HmacValue
);
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
@ -163,7 +163,6 @@ VOID
IN VOID *HmacSha256Ctx
);
/**
Set user-supplied key for subsequent use. It must be done before any
calling to HmacSha256Update().
@ -210,7 +209,6 @@ BOOLEAN
OUT VOID *NewHmacSha256Context
);
/**
Digests the input data and updates HMAC-SHA256 context.
@ -268,7 +266,6 @@ BOOLEAN
OUT UINT8 *HmacValue
);
// =====================================================================================
// One-Way Cryptographic Hash Primitives
// =====================================================================================
@ -284,14 +281,12 @@ UINTN
VOID
);
typedef
BOOLEAN
(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_INIT)(
OUT VOID *Md4Context
);
typedef
BOOLEAN
(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE)(
@ -299,7 +294,6 @@ BOOLEAN
OUT VOID *NewMd4Context
);
typedef
BOOLEAN
(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_UPDATE)(
@ -308,7 +302,6 @@ BOOLEAN
IN UINTN DataSize
);
typedef
BOOLEAN
(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_FINAL)(
@ -316,7 +309,6 @@ BOOLEAN
OUT UINT8 *HashValue
);
typedef
BOOLEAN
(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL)(
@ -359,7 +351,8 @@ UINTN
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_MD5_INIT)(
OUT VOID *Md5Context);
OUT VOID *Md5Context
);
/**
Makes a copy of an existing MD5 context.
@ -380,8 +373,8 @@ typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_MD5_DUPLICATE)(
IN CONST VOID *Md5Context,
OUT VOID *NewMd5Context);
OUT VOID *NewMd5Context
);
/**
Digests the input data and updates MD5 context.
@ -408,8 +401,8 @@ BOOLEAN
(EFIAPI *EDKII_CRYPTO_MD5_UPDATE)(
IN OUT VOID *Md5Context,
IN CONST VOID *Data,
IN UINTN DataSize);
IN UINTN DataSize
);
/**
Completes computation of the MD5 digest value.
@ -437,8 +430,8 @@ typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_MD5_FINAL)(
IN OUT VOID *Md5Context,
OUT UINT8 *HashValue);
OUT UINT8 *HashValue
);
/**
Computes the MD5 message digest of a input data buffer.
@ -463,14 +456,13 @@ BOOLEAN
(EFIAPI *EDKII_CRYPTO_MD5_HASH_ALL)(
IN CONST VOID *Data,
IN UINTN DataSize,
OUT UINT8 *HashValue);
OUT UINT8 *HashValue
);
// =====================================================================================
// PKCS
// =====================================================================================
/**
Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the encrypted message in
in a newly allocated buffer.
@ -508,9 +500,6 @@ OUT UINT8 **EncryptedData,
OUT UINTN *EncryptedDataSize
);
// ---------------------------------------------
// PKCS5
@ -554,8 +543,6 @@ BOOLEAN
OUT UINT8 *Output
);
// ---------------------------------------------
// PKCS7
@ -861,7 +848,6 @@ BOOLEAN
OUT EFI_TIME *SigningTime
);
// =====================================================================================
// DH Key Exchange Primitive
// =====================================================================================
@ -1655,7 +1641,6 @@ BOOLEAN
OUT UINT8 *HashValue
);
/**
Retrieves the size, in bytes, of the context buffer required for SHA-384 hash operations.
If this interface is not supported, then return zero.
@ -1670,7 +1655,6 @@ UINTN
VOID
);
/**
Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash context for
subsequent use.
@ -1689,7 +1673,6 @@ BOOLEAN
OUT VOID *Sha384Context
);
/**
Makes a copy of an existing SHA-384 context.
@ -1712,7 +1695,6 @@ BOOLEAN
OUT VOID *NewSha384Context
);
/**
Digests the input data and updates SHA-384 context.
@ -1739,7 +1721,6 @@ BOOLEAN
IN UINTN DataSize
);
/**
Completes computation of the SHA-384 digest value.
@ -1767,7 +1748,6 @@ BOOLEAN
OUT UINT8 *HashValue
);
/**
Computes the SHA-384 message digest of a input data buffer.
@ -1806,7 +1786,6 @@ UINTN
VOID
);
/**
Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash context for
subsequent use.
@ -1825,7 +1804,6 @@ BOOLEAN
OUT VOID *Sha512Context
);
/**
Makes a copy of an existing SHA-512 context.
@ -1874,7 +1852,6 @@ BOOLEAN
IN UINTN DataSize
);
/**
Completes computation of the SHA-512 digest value.
@ -2186,8 +2163,6 @@ BOOLEAN
OUT UINTN *TBSCertSize
);
// =====================================================================================
// Symmetric Cryptography Primitive
// =====================================================================================
@ -2438,7 +2413,6 @@ BOOLEAN
IN OUT VOID *Arc4Context
);
/**
Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.
@ -2471,7 +2445,8 @@ UINTN
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_SM3_INIT)(
OUT VOID *Sm3Context);
OUT VOID *Sm3Context
);
/**
Makes a copy of an existing SM3 context.
@ -2492,8 +2467,8 @@ typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_SM3_DUPLICATE)(
IN CONST VOID *Sm3Context,
OUT VOID *NewSm3Context);
OUT VOID *NewSm3Context
);
/**
Digests the input data and updates SM3 context.
@ -2520,8 +2495,8 @@ BOOLEAN
(EFIAPI *EDKII_CRYPTO_SM3_UPDATE)(
IN OUT VOID *Sm3Context,
IN CONST VOID *Data,
IN UINTN DataSize);
IN UINTN DataSize
);
/**
Completes computation of the SM3 digest value.
@ -2549,8 +2524,8 @@ typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_SM3_FINAL)(
IN OUT VOID *Sm3Context,
OUT UINT8 *HashValue);
OUT UINT8 *HashValue
);
/**
Computes the SM3 message digest of a input data buffer.
@ -2575,8 +2550,8 @@ BOOLEAN
(EFIAPI *EDKII_CRYPTO_SM3_HASH_ALL)(
IN CONST VOID *Data,
IN UINTN DataSize,
OUT UINT8 *HashValue);
OUT UINT8 *HashValue
);
/**
Derive key data using HMAC-SHA256 based KDF.
@ -3482,8 +3457,6 @@ BOOLEAN
IN UINT16 SaltLen
);
///
/// EDK II Crypto Protocol
///

8
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
View File

@ -33,14 +33,16 @@ CreateUnitTest (
IN CHAR8 *UnitTestName,
IN CHAR8 *UnitTestVersion,
IN OUT UNIT_TEST_FRAMEWORK_HANDLE *Framework
) {
)
{
EFI_STATUS Status;
UINTN SuiteIndex;
UINTN TestIndex;
if ( Framework == NULL || UnitTestVersion == NULL || UnitTestName == NULL) {
if ((Framework == NULL) || (UnitTestVersion == NULL) || (UnitTestName == NULL)) {
return EFI_INVALID_PARAMETER;
}
Status = EFI_SUCCESS;
//
// Start setting up the test framework for running the tests.
@ -58,10 +60,12 @@ CreateUnitTest (
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
for (TestIndex = 0; TestIndex < *mSuiteDesc[SuiteIndex].TestNum; TestIndex++) {
AddTestCase (Suite, (mSuiteDesc[SuiteIndex].TestDesc + TestIndex)->Description, (mSuiteDesc[SuiteIndex].TestDesc + TestIndex)->ClassName, (mSuiteDesc[SuiteIndex].TestDesc + TestIndex)->Func, (mSuiteDesc[SuiteIndex].TestDesc + TestIndex)->PreReq, (mSuiteDesc[SuiteIndex].TestDesc + TestIndex)->CleanUp, (mSuiteDesc[SuiteIndex].TestDesc + TestIndex)->Context);
}
}
EXIT:
return Status;
}

3
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BlockCipherTests.c
View File

@ -125,7 +125,6 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Arc4Cipher[] = {
0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79
};
typedef
UINTN
(EFIAPI *EFI_BLOCK_CIPHER_GET_CONTEXT_SIZE)(
@ -192,7 +191,6 @@ typedef struct {
// BLOCK_CIPHER_TEST_CONTEXT mArc4TestCtx = {Arc4GetContextSize, Arc4Init, Arc4Encrypt, (EFI_BLOCK_CIPHER_ECB_ENCRYPT_DECRYPT), Arc4Decrypt, NULL, NULL, Arc4Reset, Arc4Key, sizeof(Arc4Key), NULL, Arc4Data, sizeof(Arc4Data), Arc4Cipher, sizeof(Arc4Cipher)};
BLOCK_CIPHER_TEST_CONTEXT mAes128CbcTestCtx = { AesGetContextSize, AesInit, NULL, NULL, AesCbcEncrypt, AesCbcDecrypt, NULL, Aes128CbcKey, 128, Aes128CbcIvec, Aes128CbcData, sizeof (Aes128CbcData), Aes128CbcCipher, sizeof (Aes128CbcCipher) };
UNIT_TEST_STATUS
EFIAPI
TestVerifyBLockCiperPreReq (
@ -256,7 +254,6 @@ TestVerifyBLockCiper (
Status = TestContext->EcbDecrypt (TestContext->Ctx, Encrypt, TestContext->DataSize, Decrypt);
UT_ASSERT_TRUE (Status);
} else {
Status = TestContext->CbcEncrypt (TestContext->Ctx, TestContext->Data, TestContext->DataSize, TestContext->Ivec, Encrypt);
UT_ASSERT_TRUE (Status);

1
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/DhTests.c
View File

@ -40,6 +40,7 @@ TestVerifyDhCleanUp (
DhFree (mDh1);
mDh1 = NULL;
}
if (mDh2 != NULL) {
DhFree (mDh2);
mDh2 = NULL;

2
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
View File

@ -110,7 +110,6 @@ typedef struct {
// HMAC_TEST_CONTEXT mHmacSha1TestCtx = {SHA1_DIGEST_SIZE, HmacSha1New, HmacSha1SetKey, HmacSha1Update, HmacSha1Final, HmacSha1Key, sizeof(HmacSha1Key), HmacSha1Digest};
HMAC_TEST_CONTEXT mHmacSha256TestCtx = { SHA256_DIGEST_SIZE, HmacSha256New, HmacSha256SetKey, HmacSha256Update, HmacSha256Final, HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest };
UNIT_TEST_STATUS
EFIAPI
TestVerifyHmacPreReq (
@ -178,7 +177,6 @@ TEST_DESC mHmacTest[] = {
// These functions have been deprecated but they've been left commented out for future reference
// {"TestVerifyHmacMd5()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacMd5TestCtx},
// {"TestVerifyHmacSha1()", "CryptoPkg.BaseCryptLib.Hmac", TestVerifyHmac, TestVerifyHmacPreReq, TestVerifyHmacCleanUp, &mHmacSha1TestCtx},
};
UINTN mHmacTestNum = ARRAY_SIZE (mHmacTest);

2
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c
View File

@ -304,5 +304,3 @@ TEST_DESC mOaepTest[] = {
};
UINTN mOaepTestNum = ARRAY_SIZE (mOaepTest);

3
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/Pkcs5Pbkdf2Tests.c
View File

@ -17,7 +17,8 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *Salt = "salt"; // Input Sal
GLOBAL_REMOVE_IF_UNREFERENCED UINTN SaltLen = 4; // Length of Input Salt
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINTN Count = 2; // InterationCount
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINTN KeyLen = 20; // Length of derived key
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 DerivedKey[] = { // Expected output key
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 DerivedKey[] = {
// Expected output key
0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
0xd8, 0xde, 0x89, 0x57
};

2
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/Pkcs7EkuTestSignatures.h
View File

@ -24,7 +24,6 @@ Abstract:
signature files.
--*/
//
// This is the ProductionECCSignature.p7b in byte array format. It has one
// EKU in it. (Firmware signing)
@ -301,7 +300,6 @@ CONST UINT8 TestSignedWithMultipleEKUsInCert[] =
0xB5, 0xEA, 0xBA, 0x90, 0x51, 0xC0, 0xC6, 0x94, 0x09, 0xE4, 0xB7, 0x15, 0x3F, 0x07, 0x23, 0xE8,
0x46, 0x93, 0xA5, 0x7B, 0x7A, 0x91, 0xDA, 0x8E, 0x7C, 0xAF, 0xBD, 0x41, 0xB9, 0xDE, 0x85, 0x04,
0xBC, 0x08, 0x6C, 0x08, 0x56, 0x16, 0xDB, 0xB5, 0xEE, 0x65, 0x76, 0xE9, 0x78, 0xD3, 0xDD, 0xD8,
};
//

101
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/Pkcs7EkuTests.c
View File

@ -67,7 +67,6 @@ VerifyEKUsInPkcs7Signature (
CONST CHAR8 FIRMWARE_SIGNER_EKU[] = "1.3.6.1.4.1.311.76.9.21.1";
/**
TestVerifyEKUsInSignature()
@ -92,17 +91,18 @@ TestVerifyEKUsInSignature (
CONST CHAR8 *RequiredEKUs[] = { FIRMWARE_SIGNER_EKU };
Status = VerifyEKUsInPkcs7Signature(ProductionECCSignature,
Status = VerifyEKUsInPkcs7Signature (
ProductionECCSignature,
ARRAY_SIZE (ProductionECCSignature),
(CONST CHAR8 **)RequiredEKUs,
ARRAY_SIZE (RequiredEKUs),
TRUE);
TRUE
);
UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);
return UNIT_TEST_PASSED;
}// TestVerifyEKUsInSignature()
/**
TestVerifyEKUsWith3CertsInSignature()
@ -127,11 +127,13 @@ TestVerifyEKUsWith3CertsInSignature (
CONST CHAR8 *RequiredEKUs[] = { FIRMWARE_SIGNER_EKU };
Status = VerifyEKUsInPkcs7Signature(TestSignEKUsWith3CertsInSignature,
Status = VerifyEKUsInPkcs7Signature (
TestSignEKUsWith3CertsInSignature,
ARRAY_SIZE (TestSignEKUsWith3CertsInSignature),
(CONST CHAR8 **)RequiredEKUs,
ARRAY_SIZE (RequiredEKUs),
TRUE);
TRUE
);
UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);
return UNIT_TEST_PASSED;
@ -160,17 +162,18 @@ TestVerifyEKUsWith2CertsInSignature (
CONST CHAR8 *RequiredEKUs[] = { FIRMWARE_SIGNER_EKU };
Status = VerifyEKUsInPkcs7Signature(TestSignEKUsWith2CertsInSignature,
Status = VerifyEKUsInPkcs7Signature (
TestSignEKUsWith2CertsInSignature,
ARRAY_SIZE (TestSignEKUsWith2CertsInSignature),
(CONST CHAR8 **)RequiredEKUs,
ARRAY_SIZE (RequiredEKUs),
TRUE);
TRUE
);
UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);
return UNIT_TEST_PASSED;
}// TestVerifyEKUsWith2CertsInSignature()
/**
TestVerifyEKUsWith1CertInSignature()
@ -194,17 +197,18 @@ TestVerifyEKUsWith1CertInSignature (
CONST CHAR8 *RequiredEKUs[] = { FIRMWARE_SIGNER_EKU };
Status = VerifyEKUsInPkcs7Signature(TestSignEKUsWith1CertInSignature,
Status = VerifyEKUsInPkcs7Signature (
TestSignEKUsWith1CertInSignature,
ARRAY_SIZE (TestSignEKUsWith1CertInSignature),
(CONST CHAR8 **)RequiredEKUs,
ARRAY_SIZE (RequiredEKUs),
TRUE);
TRUE
);
UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);
return UNIT_TEST_PASSED;
}// TestVerifyEKUsWith1CertInSignature()
/**
TestVerifyEKUsWithMultipleEKUsInCert()
@ -229,20 +233,23 @@ TestVerifyEKUsWithMultipleEKUsInCert (
{
EFI_STATUS Status = EFI_SUCCESS;
CONST CHAR8* RequiredEKUs[] = { "1.3.6.1.4.1.311.76.9.21.1",
"1.3.6.1.4.1.311.76.9.21.1.2" };
CONST CHAR8 *RequiredEKUs[] = {
"1.3.6.1.4.1.311.76.9.21.1",
"1.3.6.1.4.1.311.76.9.21.1.2"
};
Status = VerifyEKUsInPkcs7Signature(TestSignedWithMultipleEKUsInCert,
Status = VerifyEKUsInPkcs7Signature (
TestSignedWithMultipleEKUsInCert,
ARRAY_SIZE (TestSignedWithMultipleEKUsInCert),
(CONST CHAR8 **)RequiredEKUs,
ARRAY_SIZE (RequiredEKUs),
TRUE);
TRUE
);
UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);
return UNIT_TEST_PASSED;
}// TestVerifyEKUsWithMultipleEKUsInCert()
/**
TestEkusNotPresentInSignature()
@ -269,11 +276,13 @@ TestEkusNotPresentInSignature (
//
CONST CHAR8 *RequiredEKUs[] = { "1.3.6.1.4.1.311.76.9.21.3" };
Status = VerifyEKUsInPkcs7Signature(TestSignedWithMultipleEKUsInCert,
Status = VerifyEKUsInPkcs7Signature (
TestSignedWithMultipleEKUsInCert,
ARRAY_SIZE (TestSignedWithMultipleEKUsInCert),
(CONST CHAR8 **)RequiredEKUs,
ARRAY_SIZE (RequiredEKUs),
TRUE);
TRUE
);
UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);
return UNIT_TEST_PASSED;
@ -292,7 +301,6 @@ TestEkusNotPresentInSignature (
@retval UNIT_TEST_PASSED - The required EKUs were found in the signature.
@retval UNIT_TEST_ERROR_TEST_FAILED - Something failed, check the debug output.
**/
static
UNIT_TEST_STATUS
EFIAPI
@ -305,20 +313,23 @@ TestProductId10001PresentInSignature(
//
// These EKU's are present in the leaf signer certificate.
//
CONST CHAR8* RequiredEKUs[] = { "1.3.6.1.4.1.311.76.9.21.1",
"1.3.6.1.4.1.311.76.9.21.1.10001" };
CONST CHAR8 *RequiredEKUs[] = {
"1.3.6.1.4.1.311.76.9.21.1",
"1.3.6.1.4.1.311.76.9.21.1.10001"
};
Status = VerifyEKUsInPkcs7Signature(TestSignedWithProductId10001,
Status = VerifyEKUsInPkcs7Signature (
TestSignedWithProductId10001,
ARRAY_SIZE (TestSignedWithProductId10001),
(CONST CHAR8 **)RequiredEKUs,
ARRAY_SIZE (RequiredEKUs),
TRUE);
TRUE
);
UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);
return UNIT_TEST_PASSED;
}// TestProductId10001PresentInSignature()
/**
TestOnlyOneEkuInListRequired()
@ -337,7 +348,6 @@ TestProductId10001PresentInSignature(
@retval UNIT_TEST_PASSED - The required EKUs were found in the signature.
@retval UNIT_TEST_ERROR_TEST_FAILED - Something failed, check the debug output.
**/
static
UNIT_TEST_STATUS
EFIAPI
@ -353,11 +363,13 @@ TestOnlyOneEkuInListRequired(
//
CONST CHAR8 *RequiredEKUs[] = { "1.3.6.1.4.1.311.76.9.21.1.10001" };
Status = VerifyEKUsInPkcs7Signature(TestSignedWithProductId10001,
Status = VerifyEKUsInPkcs7Signature (
TestSignedWithProductId10001,
ARRAY_SIZE (TestSignedWithProductId10001),
(CONST CHAR8 **)RequiredEKUs,
ARRAY_SIZE (RequiredEKUs),
FALSE);
FALSE
);
UT_ASSERT_STATUS_EQUAL (Status, EFI_SUCCESS);
return UNIT_TEST_PASSED;
@ -376,7 +388,6 @@ TestOnlyOneEkuInListRequired(
@retval UNIT_TEST_PASSED - The required EKUs were found in the signature.
@retval UNIT_TEST_ERROR_TEST_FAILED - Something failed, check the debug output.
**/
static
UNIT_TEST_STATUS
EFIAPI
@ -391,17 +402,18 @@ TestNoEKUsInSignature(
//
CONST CHAR8 *RequiredEKUs[] = { "1.3.6.1.4.1.311.76.9.21.1" };
Status = VerifyEKUsInPkcs7Signature(TestSignatureWithNoEKUsPresent,
Status = VerifyEKUsInPkcs7Signature (
TestSignatureWithNoEKUsPresent,
ARRAY_SIZE (TestSignatureWithNoEKUsPresent),
(CONST CHAR8 **)RequiredEKUs,
ARRAY_SIZE (RequiredEKUs),
TRUE);
TRUE
);
UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);
return UNIT_TEST_PASSED;
}// TestNoEKUsInSignature()
/**
TestInvalidParameters()
@ -427,27 +439,30 @@ TestInvalidParameters(
//
// Check bad signature.
//
Status = VerifyEKUsInPkcs7Signature(NULL,
Status = VerifyEKUsInPkcs7Signature (
NULL,
0,
(CONST CHAR8 **)RequiredEKUs,
ARRAY_SIZE (RequiredEKUs),
TRUE);
TRUE
);
UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
//
// Check invalid EKU's
//
Status = VerifyEKUsInPkcs7Signature(TestSignatureWithNoEKUsPresent,
Status = VerifyEKUsInPkcs7Signature (
TestSignatureWithNoEKUsPresent,
ARRAY_SIZE (TestSignatureWithNoEKUsPresent),
(CONST CHAR8 **)NULL,
0,
TRUE);
TRUE
);
UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
return UNIT_TEST_PASSED;
}// TestInvalidParameters()
/**
TestEKUSubStringFails()
@ -478,11 +493,13 @@ TestEKUSubsetSupersetFails(
//
CONST CHAR8 *RequiredEKUs1[] = { "1.3.6.1.4.1.311.76.9.21" };
Status = VerifyEKUsInPkcs7Signature(TestSignedWithProductId10001,
Status = VerifyEKUsInPkcs7Signature (
TestSignedWithProductId10001,
ARRAY_SIZE (TestSignedWithProductId10001),
(CONST CHAR8 **)RequiredEKUs1,
ARRAY_SIZE (RequiredEKUs1),
TRUE);
TRUE
);
UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);
//
@ -494,11 +511,13 @@ TestEKUSubsetSupersetFails(
//
CONST CHAR8 *RequiredEKUs2[] = { "1.3.6.1.4.1.311.76.9.21.1.10001.1" };
Status = VerifyEKUsInPkcs7Signature(TestSignedWithProductId10001,
Status = VerifyEKUsInPkcs7Signature (
TestSignedWithProductId10001,
ARRAY_SIZE (TestSignedWithProductId10001),
(CONST CHAR8 **)RequiredEKUs2,
ARRAY_SIZE (RequiredEKUs2),
TRUE);
TRUE
);
UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);
return UNIT_TEST_PASSED;

3
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaPkcs7Tests.c
View File

@ -9,7 +9,6 @@
#include "TestBaseCryptLib.h"
//
// Password-protected PEM Key data for RSA Private Key Retrieving (encryption key is "client").
// (Generated by OpenSSL utility).
@ -241,7 +240,6 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 MsgHash[] = {
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *Payload = "Payload Data for PKCS#7 Signing";
UNIT_TEST_STATUS
EFIAPI
TestVerifyRsaCertPkcs1SignVerify (
@ -389,6 +387,7 @@ TestVerifyPkcs7SignVerify (
if (P7SignedData != NULL) {
FreePool (P7SignedData);
}
if (SignCert != NULL) {
X509Free (SignCert);
}

3
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaPssTests.c
View File

@ -105,7 +105,6 @@ UINT8 TestVectorSignature[]={
0x11, 0x18, 0x81, 0xe6, 0x50, 0xce, 0x61, 0xf2, 0x51, 0xd9, 0xc3, 0xa6, 0x29, 0xef, 0x22, 0x2d,
};
STATIC VOID *mRsa;
UNIT_TEST_STATUS
@ -135,7 +134,6 @@ TestVerifyRsaPssCleanUp (
}
}
UNIT_TEST_STATUS
EFIAPI
TestVerifyRsaPssSignVerify (
@ -180,7 +178,6 @@ TestVerifyRsaPssSignVerify (
return UNIT_TEST_PASSED;
}
TEST_DESC mRsaPssTest[] = {
//
// -----Description--------------------------------------Class----------------------Function---------------------------------Pre---------------------Post---------Context

2
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h
View File

@ -119,6 +119,4 @@ ValidateCryptPrng (
VOID
);
#endif

1
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
View File

@ -8,7 +8,6 @@
**/
#include "TestBaseCryptLib.h"
/**
Initialize the unit test framework, suite, and unit tests for the
sample unit tests and run the unit tests.