system76-edk2

Author	SHA1	Message	Date
Michael D Kinney	584b246e88	CryptoPkg: Fixed host-based unit tests * Build host-based tests using OpensslLib instance with all services enabled. * Build host-based tests using performance optimized OpensslLib instance with all services enabled. * Remove unused PCD gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled * Remove redundant and unnecessary [BuildOptions] * Limit host-based unit tests to only IA32/X64 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-10-24 07:49:43 +00:00
Michael D Kinney	dd00f92b2f	CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib. The functions in this file are only used by TlsLib instances and not any CryptLib instances. * Fix type mismatch in call to FreePool() in TlsConfig.c * Remove use of gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled from TslLib and CryptLib instances * Add missing Null.c files to SecCryptLib.inf and RuntimeCryptLib.inf. Remove ARM and AARCH64 sections from SmmCryptLib.inf that does not support those architectures. * Add missing PrintLib dependencies to [LibraryClasses] sections of CryptLib INF files * Remove extra library classes from [LibraryClasses] sections of CryptLib INF files * Remove unnecessary warning disables from [BuildOptions] sections of TlsLib and CryptLib INF files * Remove RVCT support from SecCryptLib.inf Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Cc: Rebecca Cran <quic_rcran@quicinc.com> Cc: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-10-24 07:49:43 +00:00
Michael D Kinney	8f8372439d	CryptoPkg/Library/BaseCryptLib: Update internal functions/variables * Update BaseCryptLib internal worker functions to be 'STATIC' * Update BaseCryptLib internal working functions to not use EFIAPI * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global variables Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-10-24 07:49:43 +00:00
Michael D Kinney	8437368c69	CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-10-24 07:49:43 +00:00
Chao Li	c5f4b4fd03	CryptoPkg: Add LOONGARCH64 architecture for EDK2 CI. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4053 Add LOONGARCH64 architecture for EDK2 CI testing. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Chao Li <lichao@loongson.cn> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2022-10-14 02:16:33 +00:00
Qi Zhang	8ecae3d641	CryptoPkg: add new X509 function. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4082 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-10-12 06:38:15 +00:00
Qi Zhang	f21a1d48fe	CryptoPkg: Add EC key retrieving and signature interface. This patch is used to retrieve EC key from PEM and X509 and carry out the EC-DSA signature and verify it. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4102 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-10-12 05:56:00 +00:00
Yuan Yu	3c9e2f239a	CryptoPkg: Fix integer overflow SECSPERDAY is 86400 which exceeds the limit of a UINT16 which is 65536. Therefore DayRemainder cannot use UINT16. This patch makes it UINT32. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Anthony Perard <anthony.perard@citrix.com> Cc: Julien Grall <julien@xen.org> Signed-off-by: Yuan Yu <yuanyu@google.com> Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-10-10 00:58:26 +00:00
Yi Li	d97ee3244d	CryptoPkg/Test: Add unit test for CryptoEc Add unit test for CryptoEc. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-09-26 07:03:56 +00:00
Yi Li	988e4d8f5e	CryptoPkg: Add EC support REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3828 This patch is used to add CryptEc library, which is wrapped over OpenSSL. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-09-26 07:03:56 +00:00
Yi Li	0e7aa6bf9e	CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf() REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075 Fake BIO_snprintf() does not actually print anything to buf, it should return -1 as error. 0 will be considered a correct return value, the consumer may think that the buf is valid and parse the buffer. please refer to bugzilla link for details. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2022-09-26 01:39:52 +00:00
Yi Li	0c9d4ad788	CryptoPkg/Test: Add unit test for CryptoBn Add unit test for CryptoBn. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-09-23 10:08:24 +00:00
Yi Li	fd0ad0c346	CryptoPkg: Add BigNum support REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3828 This patch is used to add CryptBn library, which is wrapped over OpenSSL. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-09-23 10:08:24 +00:00
Qi Zhang	5f403cdc6a	CryptoPkg: add UnitTest for AeadAesGcm. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4036 Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-09-23 08:24:42 +00:00
Qi Zhang	a23f76e184	CryptoPkg: add AeadAesGcm support. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4036 Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-09-23 08:24:42 +00:00
Qi Zhang	11b24ef0d7	CryptoPkg: add new Hkdf api in Crypt Lib. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033 Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-09-23 07:35:08 +00:00
Qi Zhang	f3c69cb5a1	CryptoPkg: add Hmac Sha384 to host UnitTest. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025 Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-09-23 06:55:58 +00:00
Qi Zhang	cbb3b6b950	CryptoPkg: Update CryptLib inf as the file name changed. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025 Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-09-23 06:55:58 +00:00
Qi Zhang	0b1a1bdc30	CryptoPkg: Add HMAC-SHA384 cipher support. Rename file from CryptHmacSha256 to CryptHmac and add HmacSha384 and HmacSha256All funcitons. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025 Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-09-23 06:55:58 +00:00
Wenyi Xie	6f340acfb1	CryptoPkg/BaseCryptLib:Remove redundant init CertCtx is used to be defined as a struct and ZeroMem is called to init this struct. But now CertCtx is defined as a point, so use ZeroMem (&CertCtx, sizeof (CertCtx)) is not correct any more. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenyi Xie <xiewenyi2@huawei.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-09-23 00:36:29 +00:00
Min Xu	b1567b2e15	CryptoPkg: Add SecCryptLib RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853 This is the Cryptographic library instance for SEC. The motivation of this library is to support SHA384 in SEC phase for Td guest. So only Hash/CryptSha512.c is included which supports SHA384 and SHA512. Other cryptographics are added with the null version, such as CryptMd5Null.c. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>	2022-06-03 11:41:36 +00:00
Rebecca Cran	e9eeb0ad2b	CryptoPkg: Remove RVCT support RVCT is obsolete and no longer used. Remove support for it. Signed-off-by: Rebecca Cran <quic_rcran@quicinc.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>	2022-05-13 14:58:54 +00:00
Yi Li	43613b2fe8	CryptoPkg: Rename PCD about openssl EC configuration PcdOpensslXXXEnabled is a more appropriate choice. Signed-off-by: Yi Li <yi1.li@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-05-11 00:04:39 +00:00
Yi Li	b06a007b64	CryptoPkg: Declare PcdEcEnabled in Library consuming OpensslLib REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3679 REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3828 Tls/Base/Pei/Smm/RuntimeCryptLib.inf will use OpensslLib, and the opensslconf.h in openssllib will use PcdEcEnabled, but it is not declared in the inf file now, it will cause warnings in some compilers. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-04-21 05:06:37 +00:00
Gerd Hoffmann	532bd4ec38	CryptoPkg/Crt: fix strcpy build on older VS compilers Drop 'restrict' keyword which older visual studio compiler versions complain about. Fixes: `fab6285a73` ("CryptoPkg/CrtLibSupport: fix strcpy") Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-04-20 10:56:03 +00:00
Gerd Hoffmann	fab6285a73	CryptoPkg/CrtLibSupport: fix strcpy strcpy() returns a pointer to the destination string, AsciiStrCpyS() does not. So a simple #define does not work. Create a function instead. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2022-04-12 14:39:01 +00:00
Li, Zhihao	355515a06a	CryptoPkg? Redefinition bug in CrtLibSupport.h. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3885 Parallel hash patch redefines uint_64 type in CrtLibSupport.h which has been defined in openssl/include/openssl/e_os2.h. CryptMd5.c including e_os2.h cause redefinition bug. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Zhihao Li <zhihao.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-03-26 10:40:04 +00:00
Zhihao Li	c1e662101a	CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 Parallel hash function ParallelHash256HashAll, as defined in NIST's Special Publication 800-185, published December 2016. It utilizes multi-process to calculate the digest. Passed CI test. Onprotocol version code passed test. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Zhihao Li <zhihao.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2022-03-18 06:49:18 +00:00
Michael Kubacki	7c34237831	CryptoPkg: Apply uncrustify changes REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737 Apply uncrustify changes to .c/.h files in the CryptoPkg package Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2021-12-07 17:24:28 +00:00
Michael D Kinney	c8f46130f8	CryptoPkg: Change OPTIONAL keyword usage style REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3760 Update all use of ', OPTIONAL' to ' OPTIONAL,' for function params. Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael Kubacki <michael.kubacki@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2021-12-07 17:24:28 +00:00
Bob Morgan	f22feb0e3b	CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify() REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3617 Create a read-only openSSL BIO wrapper for the existing input buffer passed to Pkcs7Verify() instead of copying the buffer into an empty writable BIO which causes memory allocations within openSSL. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Bob Morgan <bobm@nvidia.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2021-10-13 01:45:18 +00:00
Stewart, Chris (SW Architect) via groups.io	7b4a99be8a	CryptoPkg: BaseCryptLib fix incorrect param order REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3550 Function ConvertAsn1TimeToEfiTime initializes timestamp to zeroes with SetMem, but the actual parameters are out of order. The result is the SetMem operation has no effect. The fix is to put the actual parameters in the correct order. Signed-off-by: Chris Stewart <chris.stewart@hp.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com>	2021-08-24 00:35:06 +00:00
xueshengfeng	eba32695ee	CryptoPkg/BaseCryptLib: Enabled CryptSha512 for Smm/Runtime drivers Intel Platform utility Syscfg/sysfwupdt will trigger SMI to enter BIOS interface. then BIOS invoke EncodePassword in SMM mode to check password. it's need sha384(in CryptSha512.c) in SMM mode. the origin SmmCryptLib.lib size is 1389KB, after changed, the size is 1391KB. the origin RuntimeCryptLib.lib size is 911KB, after changed,the size is 913KB. in SmmCryptLib.inf and RuntimeCryptLib.inf, change CryptSha512NULL.c to CryptSha512.c. https://bugzilla.tianocore.org/show_bug.cgi?id=3423 Signed-off-by: xueshengfeng <xueshengfeng@byosoft.com.cn> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2021-06-24 02:46:14 +00:00
Agrawal, Sachin	20ca528828	CryptoPkg: BaseCryptLib: Update Salt length requirement for RSA-PSS scheme. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3455 Enforce salt length to be equal to digest length for RSA-PSS encoding scheme. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2021-06-23 15:19:44 +00:00
Sergei Dmitrouk	15ee7b7689	CryptoPkg/BaseCryptLib: Fix possible uninitialized use `Result` can be used uninitialized in both functions after following either first or second `goto` statement. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Sergei Dmitrouk <sergei@posteo.net> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2021-05-19 01:39:49 +00:00
Sachin Agrawal	22ac5cc9d9	CryptoPkg: BaseCryptLib: Add RSA PSS verify support REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3314 This patch uses Openssl's EVP API's to perform RSASSA-PSS verification of a binary blob. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2021-05-14 03:35:33 +00:00
Kun Qin	21f984cede	CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459 SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL PKCS7_free function will release the memory of SignerCert when applicable. Freeing SignerCert with X509_free again might cause page fault if use- after-free guard is enabled. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Kun Qin <kun.q@outlook.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2020-11-26 03:22:24 +00:00
Gao, Zhichao	e6a12a0fc8	CryptoPkg: Make the MD5 disable as default for security REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 Make the deprecated MD5 disable as default setting for security. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Message-Id: <20201112055558.2348-14-zhichao.gao@intel.com>	2020-11-17 19:26:50 +00:00
Jian J Wang	26442d11e6	CryptoPkg/BaseCryptLib: fix NULL dereference (CVE-2019-14584) REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1914 AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded signed authenticode pkcs#7 data. when this successfully returns, a type check is done by calling PKCS7_type_is_signed() and then Pkcs7->d.sign->contents->type is used. It is possible to construct an asn1 blob that successfully decodes and have d2i_PKCS7() return a valid pointer and have PKCS7_type_is_signed() also return success but have Pkcs7->d.sign be a NULL pointer. Looking at how PKCS7_verify() [inside of OpenSSL] implements checking for pkcs7 structs it does the following: - call PKCS7_type_is_signed() - call PKCS7_get_detached() Looking into how PKCS7_get_detatched() is implemented, it checks to see if p7->d.sign is NULL or if p7->d.sign->contents->d.ptr is NULL. As such, the fix is to do the same as OpenSSL after calling d2i_PKCS7(). - Add call to PKS7_get_detached() to existing error handling Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2020-10-21 06:32:46 +00:00
Matthew Carlson	694bfd6ff5	CryptoPkg: BaseCryptLib: Add unit tests (Host and Shell based) This adds a new INF for BaseCryptLib suitable for host based environments. It adds a host based unit test for BaseCryptLib that can also be built as a shell based Unit Test. In addition, this also adds a UnitTestHostCrtWrapper.c file, which provides some of the functionality not provided by the default host based unit test system that OpenSSL expects. This is used by UnitTestHostBaseCryptLib, a version of the BaseCryptLib meant specifically for host based unit testing. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Matthew Carlson <matthewfcarlson@gmail.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2020-10-18 00:49:58 +00:00
Wang, Jian J	52dbaaeace	CryptoPkg/BaseCryptLib: add crypto algorithms needed by variable protection REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 Crypto algorithms, hkdf-sha256/hmac-sha256/aes, are needed to verify integrity of variable data, derive hmac and encryption keys, and encrypt/decrypt varible. Replacing null version source code with real implementations makes sure we can enable full functionalities of protected variable later. Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Nishant C Mistry <nishant.c.mistry@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2020-09-29 05:58:58 +00:00
Guomin Jiang	8c30327deb	CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g Upgrade openssl to 1.1.1g. the directory have been reorganized, openssl moved crypto/include/internal to include/crypto folder. So we change directory to match the re-organization. The dso_conf.h and opensslconf.h will generated in UNIX format, change process_files.pl to covent the EOL automatically. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2020-07-25 06:27:14 +00:00
Zhichao Gao	0f01cec52f	CryptoPkg/BaseCryptLib: Add MARCO to disable the deprecated SHA1 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682 SHA1 is deprecated but it is required for compatible issue. So add a MARCO for the platform to disable the usage of SHA1 for security. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2020-06-29 05:25:55 +00:00
Zhichao Gao	acfd555795	CryptoPkg/BaseCryptLib: Add MARCO to disable the deprecated MD5 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682 MD5 is deprecated but it is required for compatible issue. So add a MARCO for the platform to disable the usage of MD5 for security. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2020-06-29 05:25:55 +00:00
Zhichao Gao	c812d3209c	CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 HMAC SHA1 is not secure any longer. Remove the HMAC SHA1 support from edk2. Change the HMAC SHA1 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>	2020-05-15 07:22:36 +00:00
Zhichao Gao	b6174e2d09	CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 HMAC MD5 is not secure any longer. Remove the HMAC MD5 support from edk2. Change the HMAC MD5 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>	2020-05-15 07:22:36 +00:00
Zhichao Gao	80e28dcec8	CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 Aes Ecb mode is not secure any longer. Remove the Aes Ecb mode support from edk2. Change the Aes Ecb mode field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>	2020-05-15 07:22:36 +00:00
Zhichao Gao	b8af2c9eda	CryptoPkg/BaseCryptLib: Retire the TDES algorithm REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 TDES is not secure any longer. Remove the Tdes support from edk2. Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>	2020-05-15 07:22:36 +00:00
Zhichao Gao	c22a32e1ab	CryptoPkg/BaseCryptLib: Retire ARC4 algorithm REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 ARC4 is not secure any longer. Remove the ARC4 support from edk2. Change the ARC4 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>	2020-05-15 07:22:36 +00:00
Zhichao Gao	0a6fc3d067	CryptoPkg/BaseCrpytLib: Retire MD4 algorithm REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 MD4 is not secure any longer. Remove the MD4 support from edk2. Change the MD4 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>	2020-05-15 07:22:36 +00:00

1 2 3 4

183 Commits