sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
31,018 Commits 13 Branches 33 Tags
fd1820b7ea09e53e404d6f56bb8bc4b51a5dd83e
Commit Graph

191 Commits

Author SHA1 Message Date
Gerd Hoffmann
f335d91a3b CryptoPkg/BaseCryptLib: avoid using SHA512() 
In openssl 3.0 SHA512() goes through the provider logic,
requiring a huge amount of openssl code.  The individual
functions do not, so use them instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2023-03-07 09:59:50 +00:00
Gerd Hoffmann
5a6455e04c CryptoPkg/BaseCryptLib: avoid using SHA384() 
In openssl 3.0 SHA384() goes through the provider logic,
requiring a huge amount of openssl code.  The individual
functions do not, so use them instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2023-03-07 09:59:50 +00:00
Gerd Hoffmann
7fc183df71 CryptoPkg/BaseCryptLib: avoid using SHA256() 
In openssl 3.0 SHA256() goes through the provider logic,
requiring a huge amount of openssl code.  The individual
functions do not, so use them instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2023-03-07 09:59:50 +00:00
Gerd Hoffmann
437ed29f27 CryptoPkg/BaseCryptLib: avoid using SHA1() 
In openssl 3.0 SHA1() goes through the provider logic,
requiring a huge amount of openssl code.  The individual
functions do not, so use them instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2023-03-07 09:59:50 +00:00
Jake Garver
d0ff1cae3a CryptoPkg/Library: Reinstate ARM/AARCH64 sections in SmmCryptLib.inf 
These sections were removed mistakenly.  SmmCryptLib.inf supports these
architectures.

Signed-off-by: Jake Garver <jake@nvidia.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2023-01-26 08:59:29 +00:00
Judah Vang
39ba0f8dfc CryptoPkg: Need to enable crypto functions 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3992

V1: Enable CryptAes for PEI phase. Enable CryptHkdf for SMM phase.
    Update Readme.md

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Judah Vang <judah.vang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-12-20 01:39:32 +00:00
Zihong Yi
7de1c71dd2 CryptoPkg/BaseCryptLib:time overflow 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4167

In CrtLibSupport.h, time_t is defined as INT32, and its maximum value
is 2147483647. That is, the corresponding maximum timestamp is
2038-01-19 11:14:07. Therefore, overflow occurs when the test time
exceeds 2038-01-19 11:14:07. So change the type of time_t to INT64 and
also change the type of variables in function gmtime which calculated
with time_t.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Zihong Yi <yizihong@huawei.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-12-03 09:01:38 +00:00
Zhihao Li
5d5be45bd1 CryptPkg: Enable CryptoPkg BaseCryptLib ParallelHash for PEI and DXE 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4097

The BaseCryptLib in the CryptoPkg currently supports ParallelHash
algorithm for SMM. The MP Services PPI and MP Services Protocol
could be used to enable ParallelHash in PEI and DXE
versions of the BaseCryptLib.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhihao Li <zhihao.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-12-02 14:12:51 +00:00
Michael D Kinney
584b246e88 CryptoPkg: Fixed host-based unit tests 
* Build host-based tests using OpensslLib instance with all services
  enabled.
* Build host-based tests using performance optimized OpensslLib instance
  with all services enabled.
* Remove unused PCD gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
* Remove redundant and unnecessary [BuildOptions]
* Limit host-based unit tests to only IA32/X64

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-10-24 07:49:43 +00:00
Michael D Kinney
dd00f92b2f CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib 
* Move SysCall/inet_pton.c from BaseCryptLib to TlsLib.  The functions
  in this file are only used by TlsLib instances and not any CryptLib
  instances.
* Fix type mismatch in call to FreePool() in TlsConfig.c
* Remove use of gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled from
  TslLib and CryptLib instances
* Add missing *Null.c files to SecCryptLib.inf and RuntimeCryptLib.inf.
* Remove ARM and AARCH64 sections from SmmCryptLib.inf that does not
  support those architectures.
* Add missing PrintLib dependencies to [LibraryClasses] sections of
  CryptLib INF files
* Remove extra library classes from [LibraryClasses] sections of
  CryptLib INF files
* Remove unnecessary warning disables from [BuildOptions] sections of
  TlsLib and CryptLib INF files
* Remove RVCT support from SecCryptLib.inf

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Cc: Rebecca Cran <quic_rcran@quicinc.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-10-24 07:49:43 +00:00
Michael D Kinney
8f8372439d CryptoPkg/Library/BaseCryptLib: Update internal functions/variables 
* Update BaseCryptLib internal worker functions to be 'STATIC'
* Update BaseCryptLib internal working functions to not use EFIAPI
* Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global variables

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-10-24 07:49:43 +00:00
Michael D Kinney
8437368c69 CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format 
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-10-24 07:49:43 +00:00
Chao Li
c5f4b4fd03 CryptoPkg: Add LOONGARCH64 architecture for EDK2 CI. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4053

Add LOONGARCH64 architecture for EDK2 CI testing.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>

Signed-off-by: Chao Li <lichao@loongson.cn>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
 2022-10-14 02:16:33 +00:00
Qi Zhang
8ecae3d641 CryptoPkg: add new X509 function. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4082

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-10-12 06:38:15 +00:00
Qi Zhang
f21a1d48fe CryptoPkg: Add EC key retrieving and signature interface. 
This patch is used to retrieve EC key from PEM and X509 and
carry out the EC-DSA signature and verify it.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4102

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-10-12 05:56:00 +00:00
Yuan Yu
3c9e2f239a CryptoPkg: Fix integer overflow 
SECSPERDAY is 86400 which exceeds the limit of a UINT16 which is 65536.
Therefore DayRemainder cannot use UINT16. This patch makes it UINT32.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Julien Grall <julien@xen.org>

Signed-off-by: Yuan Yu <yuanyu@google.com>
Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-10-10 00:58:26 +00:00
Yi Li
d97ee3244d CryptoPkg/Test: Add unit test for CryptoEc 
Add unit test for CryptoEc.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-09-26 07:03:56 +00:00
Yi Li
988e4d8f5e CryptoPkg: Add EC support 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3828

This patch is used to add CryptEc library, which is wrapped
over OpenSSL.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>

Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-09-26 07:03:56 +00:00
Yi Li
0e7aa6bf9e CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf() 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075

Fake BIO_snprintf() does not actually print anything to buf,
it should return -1 as error.
0 will be considered a correct return value, the consumer may think that
the buf is valid and parse the buffer.
please refer to bugzilla link for details.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>

Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
 2022-09-26 01:39:52 +00:00
Yi Li
0c9d4ad788 CryptoPkg/Test: Add unit test for CryptoBn 
Add unit test for CryptoBn.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-09-23 10:08:24 +00:00
Yi Li
fd0ad0c346 CryptoPkg: Add BigNum support 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3828

This patch is used to add CryptBn library, which is wrapped
over OpenSSL.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-09-23 10:08:24 +00:00
Qi Zhang
5f403cdc6a CryptoPkg: add UnitTest for AeadAesGcm. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4036

Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-09-23 08:24:42 +00:00
Qi Zhang
a23f76e184 CryptoPkg: add AeadAesGcm support. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4036

Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-09-23 08:24:42 +00:00
Qi Zhang
11b24ef0d7 CryptoPkg: add new Hkdf api in Crypt Lib. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4033

Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-09-23 07:35:08 +00:00
Qi Zhang
f3c69cb5a1 CryptoPkg: add Hmac Sha384 to host UnitTest. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025

Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-09-23 06:55:58 +00:00
Qi Zhang
cbb3b6b950 CryptoPkg: Update CryptLib inf as the file name changed. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025

Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-09-23 06:55:58 +00:00
Qi Zhang
0b1a1bdc30 CryptoPkg: Add HMAC-SHA384 cipher support. 
Rename file from CryptHmacSha256 to CryptHmac and
add HmacSha384 and HmacSha256All funcitons.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4025

Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-09-23 06:55:58 +00:00
Wenyi Xie
6f340acfb1 CryptoPkg/BaseCryptLib:Remove redundant init 
CertCtx is used to be defined as a struct and ZeroMem is called to
init this struct. But now CertCtx is defined as a point, so use
ZeroMem (&CertCtx, sizeof (CertCtx)) is not correct any more.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Wenyi Xie <xiewenyi2@huawei.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-09-23 00:36:29 +00:00
Min Xu
b1567b2e15 CryptoPkg: Add SecCryptLib 
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853

This is the Cryptographic library instance for SEC. The motivation of
this library is to support SHA384 in SEC phase for Td guest. So only
Hash/CryptSha512.c is included which supports SHA384 and SHA512. Other
cryptographics are added with the null version, such as CryptMd5Null.c.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
 2022-06-03 11:41:36 +00:00
Rebecca Cran
e9eeb0ad2b CryptoPkg: Remove RVCT support 
RVCT is obsolete and no longer used.
Remove support for it.

Signed-off-by: Rebecca Cran <quic_rcran@quicinc.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
 2022-05-13 14:58:54 +00:00
Yi Li
43613b2fe8 CryptoPkg: Rename PCD about openssl EC configuration 
PcdOpensslXXXEnabled is a more appropriate choice.

Signed-off-by: Yi Li <yi1.li@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-05-11 00:04:39 +00:00
Yi Li
b06a007b64 CryptoPkg: Declare PcdEcEnabled in Library consuming OpensslLib 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3679
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3828

Tls/Base/Pei/Smm/RuntimeCryptLib.inf will use OpensslLib,
and the opensslconf.h in openssllib will use PcdEcEnabled,
but it is not declared in the inf file now,
it will cause warnings in some compilers.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-04-21 05:06:37 +00:00
Gerd Hoffmann
532bd4ec38 CryptoPkg/Crt: fix strcpy build on older VS compilers 
Drop 'restrict' keyword which older visual studio compiler
versions complain about.

Fixes: fab6285a73 ("CryptoPkg/CrtLibSupport: fix strcpy")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-04-20 10:56:03 +00:00
Gerd Hoffmann
fab6285a73 CryptoPkg/CrtLibSupport: fix strcpy 
strcpy() returns a pointer to the destination string, AsciiStrCpyS()
does not.  So a simple #define does not work.  Create a function
instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
 2022-04-12 14:39:01 +00:00
Li, Zhihao
355515a06a CryptoPkg? Redefinition bug in CrtLibSupport.h. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3885

Parallel hash patch redefines uint_64 type in CrtLibSupport.h
which has been defined in openssl/include/openssl/e_os2.h.
CryptMd5.c including e_os2.h cause redefinition bug.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>

Signed-off-by: Zhihao Li <zhihao.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-03-26 10:40:04 +00:00
Zhihao Li
c1e662101a CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596

Parallel hash function ParallelHash256HashAll, as defined in NIST's
Special Publication 800-185, published December 2016. It utilizes
multi-process to calculate the digest.

Passed CI test.
Onprotocol version code passed test.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>

Signed-off-by: Zhihao Li <zhihao.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2022-03-18 06:49:18 +00:00
Michael Kubacki
7c34237831 CryptoPkg: Apply uncrustify changes 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737

Apply uncrustify changes to .c/.h files in the CryptoPkg package

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2021-12-07 17:24:28 +00:00
Michael D Kinney
c8f46130f8 CryptoPkg: Change OPTIONAL keyword usage style 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3760

Update all use of ', OPTIONAL' to ' OPTIONAL,' for function params.

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2021-12-07 17:24:28 +00:00
Bob Morgan
f22feb0e3b CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify() 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3617

Create a read-only openSSL BIO wrapper for the existing input
buffer passed to Pkcs7Verify() instead of copying the buffer
into an empty writable BIO which causes memory allocations
within openSSL.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Bob Morgan <bobm@nvidia.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2021-10-13 01:45:18 +00:00
Stewart, Chris (SW Architect) via groups.io
7b4a99be8a CryptoPkg: BaseCryptLib fix incorrect param order 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3550

Function ConvertAsn1TimeToEfiTime initializes timestamp to zeroes with
SetMem, but the actual parameters are out of order. The result is
the SetMem operation has no effect. The fix is to put the actual
parameters in the correct order.

Signed-off-by: Chris Stewart <chris.stewart@hp.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
 2021-08-24 00:35:06 +00:00
xueshengfeng
eba32695ee CryptoPkg/BaseCryptLib: Enabled CryptSha512 for Smm/Runtime drivers 
Intel Platform utility Syscfg/sysfwupdt will trigger SMI
to enter BIOS interface. then BIOS invoke EncodePassword
in SMM mode to check password.
it's need sha384(in CryptSha512.c) in SMM mode.

the origin SmmCryptLib.lib size is 1389KB,
after changed, the size is 1391KB.

the origin RuntimeCryptLib.lib size is 911KB,
after changed,the size is 913KB.

in SmmCryptLib.inf and RuntimeCryptLib.inf,
change CryptSha512NULL.c to CryptSha512.c.

https://bugzilla.tianocore.org/show_bug.cgi?id=3423

Signed-off-by: xueshengfeng <xueshengfeng@byosoft.com.cn>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
 2021-06-24 02:46:14 +00:00
Agrawal, Sachin
20ca528828 CryptoPkg: BaseCryptLib: Update Salt length requirement for RSA-PSS scheme. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3455

Enforce salt length to be equal to digest length for RSA-PSS
encoding scheme.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>

Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
 2021-06-23 15:19:44 +00:00
Sergei Dmitrouk
15ee7b7689 CryptoPkg/BaseCryptLib: Fix possible uninitialized use 
`Result` can be used uninitialized in both functions after following
either first or second `goto` statement.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Sergei Dmitrouk <sergei@posteo.net>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
 2021-05-19 01:39:49 +00:00
Sachin Agrawal
22ac5cc9d9 CryptoPkg: BaseCryptLib: Add RSA PSS verify support 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3314

This patch uses Openssl's EVP API's to perform RSASSA-PSS verification
of a binary blob.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2021-05-14 03:35:33 +00:00
Kun Qin
21f984cede CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459

SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL
PKCS7_free function will release the memory of SignerCert when applicable.
Freeing SignerCert with X509_free again might cause page fault if use-
after-free guard is enabled.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>

Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
 2020-11-26 03:22:24 +00:00
Gao, Zhichao
e6a12a0fc8 CryptoPkg: Make the MD5 disable as default for security 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021

Make the deprecated MD5 disable as default setting for
security.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20201112055558.2348-14-zhichao.gao@intel.com>
 2020-11-17 19:26:50 +00:00
Jian J Wang
26442d11e6 CryptoPkg/BaseCryptLib: fix NULL dereference (CVE-2019-14584) 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1914

AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded
signed authenticode pkcs#7 data. when this successfully returns, a type
check is done by calling PKCS7_type_is_signed() and then
Pkcs7->d.sign->contents->type is used. It is possible to construct an asn1
blob that successfully decodes and have d2i_PKCS7() return a valid pointer
and have PKCS7_type_is_signed() also return success  but have Pkcs7->d.sign
be a NULL pointer.

Looking at how PKCS7_verify() [inside of OpenSSL] implements checking for
pkcs7 structs it does the following:
- call PKCS7_type_is_signed()
- call PKCS7_get_detached()
Looking into how PKCS7_get_detatched() is implemented, it checks to see if
p7->d.sign is NULL or if p7->d.sign->contents->d.ptr is NULL.

As such, the fix is to do the same as OpenSSL after calling d2i_PKCS7().
- Add call to PKS7_get_detached() to existing error handling

Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
 2020-10-21 06:32:46 +00:00
Matthew Carlson
694bfd6ff5 CryptoPkg: BaseCryptLib: Add unit tests (Host and Shell based) 
This adds a new INF for BaseCryptLib suitable for
host based environments. It adds a host based unit test for
BaseCryptLib that can also be built as a shell based Unit Test.

In addition, this also adds a UnitTestHostCrtWrapper.c file, which provides
some of the functionality not provided by the default host based unit test
system that OpenSSL expects. This is used by UnitTestHostBaseCryptLib, a
version of the BaseCryptLib meant specifically for host based unit testing.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Matthew Carlson <matthewfcarlson@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2020-10-18 00:49:58 +00:00
Wang, Jian J
52dbaaeace CryptoPkg/BaseCryptLib: add crypto algorithms needed by variable protection 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594

Crypto algorithms, hkdf-sha256/hmac-sha256/aes, are needed to verify
integrity of variable data, derive hmac and encryption keys, and
encrypt/decrypt varible. Replacing null version source code with real
implementations makes sure we can enable full functionalities of protected
variable later.

Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2020-09-29 05:58:58 +00:00
Guomin Jiang
8c30327deb CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g 
Upgrade openssl to 1.1.1g. the directory have been reorganized,
openssl moved crypto/include/internal to include/crypto folder.
So we change directory to match the re-organization.

The dso_conf.h and opensslconf.h will generated in UNIX format,
change process_files.pl to covent the EOL automatically.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2020-07-25 06:27:14 +00:00