In time() wrapper implementation, the gRT->GetTime() call may be not
available. This patch adds the extra error handling to avoid the
potential dead loop.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
We also got maybe-uninitialized warning when building OpensslLib.inf
with GCC48 for ARM and AARCH64, so add -Wno-error=maybe-uninitialized
build option just as other platforms.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
Cc: Qin Long <qin.long@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Qin Long <qin.long@intel.com>
A submodule allows to keep another Git repository in a subdirectory
of main repository. The submodule repository has its own history, which
does not interfere with the history of the current repository. This can
be used to have external dependencies such as third party libraries.
After the extra patch for EDKII-OpenSSL build was removed, OpenSSL can
be one typical submodule use case in EDKII project. This patch adds the
openssl git repository into EDKII project as one submodule.
One .gitmodules file will be generated with the submodule info:
[submodule "CryptoPkg/Library/OpensslLib/openssl"]
path = CryptoPkg/Library/OpensslLib/openssl
url = https://github.com/openssl/openssl
The user can use the following command to clone both main EDKII repo and
openssl submodule:
1) Add the "--recursive" flag to their git clone command:
$ git clone --recursive https://github.com/tianocore/edk2
or 2) Manually initialize and the submodules after the clone operation:
$ git clone https://github.com/tianocore/edk2
$ git submodule update -–init -–recursive
For Pull operations, "git pull" will not update the submodule repository.
So the following combined commands can be used to pull the remote submodule
updates (e.g. Updating to new supported OpenSSL release)
$ git pull –-recurse-submodules && \
git submodule update -–recursive --remote
Cc: Ye Ting <ting.ye@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Type definition in UEFI & OpeenSSL is different. Sometime it could cause
write overflow. Should use same data type when accessing the same region
Cc: Long Qin <qin.long@intel.com>
Cc: Chen Chen <chen.a.chen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Under a certain [outdated] GCC482 compiler, the new-added "-Wno-format"
flag will not take effect, and break the x86_64 build.
This is one known issue in some Ubuntu/GCC-4.8.2 environment, which will
overwrite "-Wno-format" with some default setting. see more information
and discussion from:
https://gcc.gnu.org/ml/gcc-help/2014-03/msg00003.htmlhttps://wiki.ubuntu.com/ToolChain/CompilerFlags
This patch adds one extra "-Wno-error=format" for gcc x86_64 builds to
suppress this warning.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
We recently added -Wno-error=format to the OpenSslLib build script to
work around an issue in the upstream OpenSSL code. This does not inhibit
the warning, but prevents it from breaking the build by not treating it
as a fatal error.
Unfortunately, this interacts poorly with the -Wno-unused-const-variable
option that we added to GCC49 and later. Those versions of GCC ignore
-Wno-xxxx options that they don't understand, unless warnings are emitted
for another reason, in which case the warning is emitted after all, and
in our case, this breaks the build when the non-fatal format warning is
emitted.
CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/x_int64.c: In function 'uint64_print':
CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/x_int64.c:105:32: warning: format '%ld' expects argument of type 'long int', but argument 3 has type 'int64_t {aka long long int}' [-Wformat=]
return BIO_printf(out, "%"BIO_PRI64"d\n", **(int64_t **)pval);
^
CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/x_int64.c:106:28: warning: format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'uint64_t {aka long long unsigned int}' [-Wformat=]
return BIO_printf(out, "%"BIO_PRI64"u\n", **(uint64_t **)pval);
^
CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/x_int64.c: At top level:
cc1: error: unrecognized command line option '-Wno-unused-const-variable' [-Werror]
cc1: all warnings being treated as errors
So replace -Wno-error=format with -Wno-format to suppress the warning
entirely.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Long Qin <qin.long@intel.com>
On GCC Build: openssl-1.1.0g introduced one additional build warning:
...\openssl\crypto\asn1\x_int64.c:105:32: error: format '%ld' expects
argument of type 'long int', but argument 3 has type 'int64_t
{aka long long int}' [-Werror=format=]
return BIO_printf(out, "%"BIO_PRI64"d\n", **(int64_t **)pval);
^
Add "-Wno-error=format" to GCC build flags to suppress this warning,
since we have no real printf usage in BaseCryptLib, and BIO_printf()
was already wrapped as a dummy implementation in CryptoPkg.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Long Qin <qin.long@intel.com>
Update the supported OpenSSL version to the latest 1.1.0g (02-Nov-2017).
The changes includes:
- Re-generate the OpensslLib[crypto].inf using process_files.pl script
to reflect the openssl source changes.
- Update OpenSSL-HOWTO.txt
- On Visual Studio Build: adding "/wd4819" to disable one addition build
warning issue, which was already fixed in OpenSSL-HEAD
https://github.com/openssl/openssl/pull/4691.
- On GCC Build: openssl-1.1.0g introduced one additional build warning:
...\openssl\crypto\asn1\x_int64.c:105:32: error: format '%ld' expects
argument of type 'long int', but argument 3 has type 'int64_t
{aka long long int}' [-Werror=format=]
return BIO_printf(out, "%"BIO_PRI64"d\n", **(int64_t **)pval);
^
Adding "-Wno-error=format" to GCC build flag to suppress this warning,
since we have no real printf usage in BaseCryptLib, and BIO_printf()
was already wrappered as the dummy implementation in CryptoPkg.
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Gcc issued the warning when compiling CryptoPkg:
CryptoPkg/Library/Include/CrtLibSupport.h:135:17: warning: type of 'memset' does not match original declaration [-Wlto-type-mismatch]
void *memset (void *, int, size_t);
^
CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c:27:8: note: type mismatch in parameter 2
void * memset (void *dest, char ch, size_t count)
^
This commit changes the type of ch from char to int to match the
declaration.
Cc: Qin Long <qin.long@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Qin Long <qin.long@intel.com>
V2:
* Correct the commit log.
Currently, the return code of OPENSSL_init_ssl(0 or 1) and RandomSeed
(TRUE or FALSE) are not checked in TlsInitialize(). Also "VOID" is used
as the return type of TlsInitialize(), which can't be used to capture
the returned value for error handling.
From Long Qin (CryptoPkg owner):
The early version of OPENSSL_init_ssl() use the "VOID" as the return
value, which was updated to "int" later because the function changes
can fail.
So, this patch is to change the return type of TlsInitialize() to
follow up the OPENSSL_init_ssl() update.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
The parameter CertStack of Pkcs7GetSigners will return all embedded X.509
certificate in one given PKCS7 signature. The format is:
//
// UINT8 CertNumber;
// UINT32 Cert1Length;
// UINT8 Cert1[];
// UINT32 Cert2Length;
// UINT8 Cert2[];
// ...
// UINT32 CertnLength;
// UINT8 Certn[];
//
Add EFI_CERT_STACK and EFI_CERT_DATA structure, these two C-structure are
used for parsing CertStack more clearly.
Cc: Long Qin <qin.long@intel.com>
Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Zhang Chao <chao.b.zhang@intel.com>
The malloc/free (instead of AllocatePool/FreePool) were used directly
in some wrapper implementations, which was designed to leverage the
light-weight memory management routines at Runtime phase.
The malloc/free and AllocatePool/FreePool usages are required to be
matched, after extra memory size info header was introduced in malloc
wrapper.
This patch corrects two memory allocation cases, which requires the
caller to free the buffer with FreePool() outside the function call.
And some comments were also added to clarify the correct memory
release functions if it's the caller's responsibility to free the
memory buffer.
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
There is one long-standing problem in CRT realloc wrapper, which will
cause the obvious buffer overflow issue when re-allocating one bigger
memory block:
void *realloc (void *ptr, size_t size)
{
//
// BUG: hardcode OldSize == size! We have no any knowledge about
// memory size of original pointer ptr.
//
return ReallocatePool ((UINTN) size, (UINTN) size, ptr);
}
This patch introduces one extra header to record the memory buffer size
information when allocating memory block from malloc routine, and re-wrap
the realloc() and free() routines to remove this BUG.
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Validated-by: Jian J Wang <jian.j.wang@intel.com>
clang-analyzer noticed this:
Pk/CryptPkcs7Verify.c:600:5: warning: Value stored to 'OldSize' is never read
OldSize = BufferSize;
^ ~~~~~~~~~~
Pk/CryptPkcs7Verify.c:644:5: warning: Value stored to 'OldSize' is never read
OldSize = BufferSize;
^ ~~~~~~~~~~
2 warnings generated.
These are each immediately followed by a loop that initializes them (to
the same values) a second time, and are otherwise only referenced inside
that loop, so there's just no point to these assignments at all.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Long Qin <qin.long@intel.com>
v3: Add extra CommonNameSize check since OpenSSL didn't check this
input parameter. (One openssl issue was filed to address this risk:
https://github.com/openssl/openssl/issues/4392)
v2: Update function interface to return RETURN_STATUS to represent
different error cases.
Add one new API (X509GetCommonName()) to retrieve the subject commonName
string from one X.509 certificate.
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
TLS BIO objects (InBio/OutBio) will be freed by SSL_free() function.
So, the following free operation (BIO_free) in TlsFree is redundant.
It can be removed directly.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Long Qin <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Commit 0df6c8c157 ("BaseTools/tools_def AARCH64: avoid SIMD registers
in XIP code") updated the compiler flags used by AARCH64 when building
modules (including BASE libraries) that may execute before the MMU is
enabled.
This broke the build for OpensslLib/OpensslLibCrypto because the SIMD
register file is shared with the FPU, and since OpenSSL contains some
references to float/double types (which are mostly unused for UEFI btw),
disabling floating point prevents the compiler from building OpenSSL
at all. So for OpensslLib[Crypto], we need to override the XIP CC flags,
to remove the -mgeneral-regs-only compiler flag again.
When introducing the support for XIP CC flags, we were aware that this
would affect BASE libraries as well, but were not expecting this to
have any performance impact. However, in the case of software crypto,
it makes sense not to needlessly inhibit the compiler's ability to
generate fast code, and even if OpenssLib is a BASE library, it is
guaranteed not to run with the MMU off. So omit -mstrict-align from the
local XIP CC flags override as well.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Add more NULL pointer checks before using them in DhGenerateKey and
Pkcs7GetCertificatesList functions to eliminate possible dereferenced
pointer issue.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Enable HMAC-SHA256 cipher support in SmmCryptLib instance.
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Correct some minor comment issues in BaseCryptLib.h and
CryptPkcs7Verify.c, including:
- missed "out" in parameter property for ARC4 interfaces;
- Wrong Comment tail in Pkcs7GetAttachedContent function
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
GCC -fno-builtin option is added into tools_def.template at
90defe7198.
So, there is no need to set it in module INF file.
Cc: Qin Long <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
There are some explicit time(NULL) calls in openssl-1.1.0xx source,
but the dummy time() wrapper in ConstantTimeClock.c (used by PEI
and SMM module) has no any checks on NULL parameter. This is one bug
and will cause the memory access issue.
This patch adds the NULL parameter checking in time() wrapper.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
The compiler (visual studio) may optimize some explicit strcmp call
in openssl source to use the intrinsic memcmp call.
In CrtLibSupport.h, we just use #define to mapping memcmp to
CompareMem API. So in Link phase, this kind of intrinsic optimization
will cause the "unresolved external symbol" error. For example:
OpensslLib.lib(v3_utl.obj) : error LNK2001:
unresolved external symbol _memcmp
This patch will keep the memcmp mapping, and provide extra Intrinsic
memcmp wrapper to satisfy the symbol link.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(Need further follow-ups as described in
https://bugzilla.tianocore.org/show_bug.cgi?id=455)
This patch added some extra build options to suppress possible warnings
when building openssl source under GCC48 and VS2010. Including:
Adding "-Wno-error=maybe-uninitialized" to suppress the following GCC48
build warning:
OpensslLib/openssl/ssl/statem/statem_clnt.c:2543:9: error: "len" may
be used uninitialized in this function [-Werror=maybe-uninitialized]
len += pskhdrlen;
^
And adding "/wd4306" to suppress the following VS2010 build warning:
openssl\crypto\asn1\tasn_dec.c(795) : warning C4306: 'type cast' :
conversion from 'int' to 'ASN1_VALUE *' of greater size
Cc: Ting Ye <ting.ye@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Moving the header files for openssl and CRT wrappers to the private
include section, since these files should be referenced by CryptoPkg
internally. This update was supported by new [Includes.Common.Private]
setting in Package DEC file.
The external consumer modules should only use the interfaces defined
in BaseCryptLib.h to access crypto functions. This change will be
helpful to immediately detect any illegal direct reference to internal
openssl headers.
The Perl script "process_files.pl" was also updated to reflect the new
private include path.
Cc: Gao Liming <liming.gao@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
The memory free operation is empty function in PEI. The compiler
optimization will bring the build warning in openssl/crypto/mem.c:
warning C4718: 'CRYPTO_free': recursive call has no side
effects, deleting
This patch uses '/wd4718' to silence the build warning for PEI
module building.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
This patch update the wrapper implementation in TlsLib to align
with the latest OpenSSL-1.1.0xx API changes.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Palmer Thomas <thomas.palmer@hpe.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
OpenSSL-1.1.xx makes most data structures opaque.
This patch updates Public Key Cipher Wrapper implementations in
BaseCryptLib to use the accessor APIs for opaque object access.
The impacted interfaces includes RSA, DH, X509, PKCS7, etc.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
OpenSSL-1.1.xx makes most data structures opaque.
This patch updated HMAC Wrapper implementation with opaque
HMAC_CTX object.
The HmacXXGetContextSize() is marked as deprecated, and updated
to use the fixed HMAC_CTX size, which is just kept for compatibility.
New APIs (HmacXXNew(), HmacXXFree()) were added as the recommended
HMAC_CTX usage interfaces for HMAC-XXXX operations.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
openssl/include/openssl/lhash.h will bring C4090 build warning
issue, which is one known issue for OpenSSL under Visual Studio
toolchain.
Refer to https://github.com/openssl/openssl/issues/2214 for more
discussions against this.
Use /wd4090 to silence this build warning until OpenSSL fix this.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Cleaning-up CRT Library Wrapper for the third-party cryptography
library building. The changes includes
1. Rename OpenSslSupport.h to CrtLibSupport.h for future alternative
crypto provider support.
2. Remove all un-referenced CRT APIs and headers.
(NOTE: More cleans-up could be possible after OpenSSL integrate the
extra PR request: https://github.com/openssl/openssl/pull/2961)
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
In a couple of places, OpenSSL code uses the address of the
strcmp() function, and assigns it to another comparator function
pointer.
Unfortunately, this falls foul of the inconsistent function ABI
that we use in EDKII. We '#define strcmp AsciiStrCmp' but AsciiStrCmp
is an EFIAPI function with the Microsoft ABI. And we're assigning its
address to a non-EFIAPI function, which may well have a different ABI.
Fix this by providing an actual strcmp() function in the default ABI.
We already *had* a prototype for it in OpenSslSupport.h, which was
then superseded by the #define strcmp AsciiStrCmp.
Now, OpenSSL code *can* use &strcmp without problems.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
Add one new OpenSSL-HOWTO.txt to introduce how to clone / download
the latest OpenSSL release source for build.
ALso update buildinf.h to reflect the latest update time.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Gary Lin <glin@suse.com>
Tested-by: Gary Lin <glin@suse.com>
OpenSSL-1.1.0xx configure mechanism was updated with new configdata.
This patch update process_file.sh script to new Perl-based script for
auto generation of file list and openssl config file (opensslconf.h).
This only needs to be done once by a developer when updating to a new
version of OpenSSL (or changing options, etc.). Normal users do not
need to do this, since the results are already stored in the EDK2 git
repository.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
This patch removes the EDKII-openssl-xxxx.patch, installation scripts,
and Patch-HOWTO.txt which were used for old OpenSSL-1.0.2xx enabling.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Update OpensslLib INF files to support OpenSSL-1.1.0x source build.
The file list was generated from the latest OpenSSL-1.1.0e release.
Main changes to support OpensslLib build in this patch include:
1. Use "openssl" instead of "openssl-x.x.xx" as main source directory,
Also update include path in CryptoPkg.dec
2. Enable warnings in GCC builds;
3. Update Visual Studio build options to silence current possible build
warnings.
4. Move the default opensslconf.h to Include/openssl, and add one dummy
dso_conf.h for native UEFI build.
The OpensslLib module build was validated as
build -t VSXXXX -a XX -p CryptoPkg/CryptoPkg.dsc
-m CryptoPkg/Library/OpensslLib/OpensslLib.inf
(NOTE: The extra build options for ARM/RVCT/XCODE were kept, which expect
further optimizations from community)
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
For pointer subtraction, the result is of type "ptrdiff_t". According to
the C11 standard (Committee Draft - April 12, 2011):
"When two pointers are subtracted, both shall point to elements of the
same array object, or one past the last element of the array object; the
result is the difference of the subscripts of the two array elements. The
size of the result is implementation-defined, and its type (a signed
integer type) is ptrdiff_t defined in the <stddef.h> header. If the result
is not representable in an object of that type, the behavior is
undefined."
In our codes, there are cases that the pointer subtraction is not
performed by pointers to elements of the same array object. This might
lead to potential issues, since the behavior is undefined according to C11
standard.
Also, since the size of type "ptrdiff_t" is implementation-defined. Some
static code checkers may warn that the pointer subtraction might underflow
first and then being cast to a bigger size. For example:
UINT8 *Ptr1, *Ptr2;
UINTN PtrDiff;
...
PtrDiff = (UINTN) (Ptr1 - Ptr2);
The commit will refine the pointer subtraction expressions by casting each
pointer to UINTN first and then perform the subtraction:
PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2;
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
v2:
Re-generate the patch after the new OpensslLibCrypto instance.
OpenSSL 1.0.2k was released with several severity fixes at
26-Jan-2017 (https://www.openssl.org/news/secadv/20170126.txt).
This patch is to upgrade the supported OpenSSL version in
CryptoPkg/OpensslLib to catch the latest release 1.0.2k.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Commit 32387e0081 ("CryptoPkg: Enable ssl build in OpensslLib directly",
2016-12-14) pulls OpenSSL's libssl files into the "OpensslLib.inf" library
instance unconditionally.
If a platform doesn't include the TLS modules, such as
- CryptoPkg/Library/TlsLib/TlsLib.inf
- NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
- NetworkPkg/TlsDxe/TlsDxe.inf
then the platform never actually uses the libssl functionality that gets
built into "OpensslLib.inf".
Tomas Hoger from Red Hat Product Security tells me that security
evaluation is less demanding if we can actually *exclude* the libssl files
from such OVMF builds that don't specify -D TLS_ENABLE (rather than just
trust modules not to call libssl functions if we don't specify -D
TLS_ENABLE).
This patch introduces a parallel OpensslLib instance called
"OpensslLibCrypto" that is appropriate for platform builds without TLS
enablement. It does not build C source files in vain, and it eases
security review -- all libssl vulnerabilities can be excluded at once.
"OpensslLibCrypto.inf" is created as a copy of "OpensslLib.inf", modifying
the BASE_NAME, MODULE_UNI_FILE and FILE_GUID defines.
"process_files.sh" is extended to auto-generate the list of OpenSSL files
for both library instances accordingly. This list is updated in
"OpensslLibCrypto.inf" at once.
"OpensslLibCrypto.uni" is introduced as a copy of "OpensslLib.uni",
highlighting the difference.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Qin Long <qin.long@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Tomas Hoger <thoger@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Commit 32387e0081 ("CryptoPkg: Enable ssl build in OpensslLib directly",
2016-12-14) removed the "no-queue" configuration option in
"process_files.sh", plus it enabled "process_files.sh" to place all libssl
source files into "OpensslLib.inf".
However, the patch apparently failed to capture two changes originating
from the above actions:
- the definitions of the OPENSSL_NO_PQUEUE and NO_PQUEUE macros were not
removed from "opensslconf.h",
- "ssl/ssl_conf.c" was not added to "OpensslLib.inf".
Refresh these files, completing commit 32387e0081.
I built OVMF with -D SECURE_BOOT_ENABLE -D TLS_ENABLE, and ArmVirtQemu
with -D SECURE_BOOT_ENABLE, after this fix, and experienced no regression.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Qin Long <qin.long@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Tomas Hoger <thoger@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
v2:
* Code refine and Typo fix:
TlsHandeAlert -> TlsHandleAlert
This patch is used to add new TlsLib library, which is wrapped
over OpenSSL. The implementation provides TLS library functions
for EFI TLS protocol and EFI TLS Configuration Protocol.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Cc: Thomas Palmer <thomas.palmer@hpe.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Correct the unaligned parameter names in comments (BaseCryptLib.h and
HMAC-SHA256 wrapper implementation)
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Add one new API (Pkcs5HashPassword) to provide PKCS#5 v2.0 PBKDF2
support (Password based encryption key derivation function, specified
in RFC 2898).
Also update the Cryptest utility to include the new API testing (with
the test vector from RFC6070).
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Add new HMAC-SHA256 cipher support in CryptoPkg to meet more security
and industry requirements,
and update Cryptest utility to include new HMAC-SHA256 test case.
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Long Qin
Heyi Guo
Zhang, Chao B
Ard Biesheuvel
Jiaxin Wu
Gary Lin
chenc2
Peter Jones
Liming Gao
Hao Wu
Jiewen Yao
Laszlo Ersek
Dandan Bi