Commit Graph

31 Commits

Author SHA1 Message Date
Jiaxin Wu 9c14f76bae CryptoPkg/TlsLib: Add some parameter check and clarification.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2017-12-22 15:50:37 +08:00
Jiaxin Wu 0878771f0c CryptoPkg/TlsLib: Change the return type of TlsInitialize().
V2:
* Correct the commit log.

Currently, the return code of OPENSSL_init_ssl(0 or 1) and RandomSeed
(TRUE or FALSE) are not checked in TlsInitialize(). Also "VOID" is used
as the return type of TlsInitialize(), which can't be used to capture
the returned value for error handling.

From Long Qin (CryptoPkg owner):
The early version of OPENSSL_init_ssl() use the "VOID" as the return
value, which was updated to "int" later because the function changes
can fail.

So, this patch is to change the return type of TlsInitialize() to
follow up the OPENSSL_init_ssl() update.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2017-11-24 08:46:20 +08:00
chenc2 3702637a52 CryptoPkg/BaseCryptLib: Add C-structure to matching certificate stack
The parameter CertStack of Pkcs7GetSigners will return all embedded X.509
certificate in one given PKCS7 signature. The format is:
//
// UINT8  CertNumber;
// UINT32 Cert1Length;
// UINT8  Cert1[];
// UINT32 Cert2Length;
// UINT8  Cert2[];
// ...
// UINT32 CertnLength;
// UINT8  Certn[];
//
Add EFI_CERT_STACK and EFI_CERT_DATA structure, these two C-structure are
used for parsing CertStack more clearly.

Cc: Long Qin <qin.long@intel.com>
Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Zhang Chao <chao.b.zhang@intel.com>
2017-11-07 22:06:48 +08:00
Long Qin 6fe575d052 CryptoPkg/BaseCryptLib: Fix mismatched memory allocation/free
The malloc/free (instead of AllocatePool/FreePool) were used directly
in some wrapper implementations, which was designed to leverage the
light-weight memory management routines at Runtime phase.
The malloc/free and AllocatePool/FreePool usages are required to be
matched, after extra memory size info header was introduced in malloc
wrapper.

This patch corrects two memory allocation cases, which requires the
caller to free the buffer with FreePool() outside the function call.

And some comments were also added to clarify the correct memory
release functions if it's the caller's responsibility to free the
memory buffer.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2017-11-06 14:51:39 +08:00
Qin Long 5b7c224505 CryptoPkg: Add new API to retrieve commonName of X.509 certificate
v3: Add extra CommonNameSize check since OpenSSL didn't check this
    input parameter. (One openssl issue was filed to address this risk:
    https://github.com/openssl/openssl/issues/4392)
v2: Update function interface to return RETURN_STATUS to represent
    different error cases.

Add one new API (X509GetCommonName()) to retrieve the subject commonName
string from one X.509 certificate.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2017-09-25 00:06:41 +08:00
Long Qin 0c9fc4b167 CryptoPkg: Correct some minor issues in function comments
Correct some minor comment issues in BaseCryptLib.h and
CryptPkcs7Verify.c, including:
  - missed "out" in parameter property for ARC4 interfaces;
  - Wrong Comment tail in Pkcs7GetAttachedContent function

Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2017-04-14 16:40:04 +08:00
Hao Wu 264702a04b CryptoPkg: Convert files to CRLF line ending
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2017-04-06 15:42:34 +08:00
Qin Long 4c27024399 CryptoPkg: Update HMAC Wrapper with opaque HMAC_CTX object.
OpenSSL-1.1.xx makes most data structures opaque.
This patch updated HMAC Wrapper implementation with opaque
HMAC_CTX object.
The HmacXXGetContextSize() is marked as deprecated, and updated
to use the fixed HMAC_CTX size, which is just kept for compatibility.
New APIs (HmacXXNew(), HmacXXFree()) were added  as the recommended
HMAC_CTX usage interfaces for HMAC-XXXX operations.

Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
2017-03-29 16:17:24 +08:00
Jiaxin Wu 9396cdfeaa CryptoPkg: Add new TlsLib library
v2:
* Code refine and Typo fix:
TlsHandeAlert -> TlsHandleAlert

This patch is used to add new TlsLib library, which is wrapped
over OpenSSL. The implementation provides TLS library functions
for EFI TLS protocol and EFI TLS Configuration Protocol.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Cc: Thomas Palmer <thomas.palmer@hpe.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-12-22 20:33:22 +08:00
Dandan Bi 68ae7cd66b CryptoPkg/BaseCryptLib: Make comments consistent with the function
Correct the unaligned parameter names in comments (BaseCryptLib.h and
HMAC-SHA256 wrapper implementation)

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
2016-11-11 13:46:04 +08:00
Gary Lin 2998af8624 CryptoPkg: Fix typos in comments
- intialized -> initialized
- componenet -> component
- compoents -> components
- FAlSE -> FALSE
- responsiblity -> responsibility
- validility -> validity
- procudure -> procedure
- pamameter -> parameter
- randome -> random
- buiild -> build

Cc: Ting Ye <ting.ye@intel.com>
Cc: Qin Long <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Qin Long <qin.long@intel.com>
2016-11-07 23:21:22 +08:00
Qin Long a8f37449c7 CryptoPkg: Add PKCS5 PBKDF2 interface for password derivation.
Add one new API (Pkcs5HashPassword) to provide PKCS#5 v2.0 PBKDF2
support (Password based encryption key derivation function, specified
in RFC 2898).
Also update the Cryptest utility to include the new API testing (with
the test vector from RFC6070).

Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-11-02 23:19:01 +08:00
Qin Long 72009c626d CryptoPkg: Add HMAC-SHA256 cipher support
Add new HMAC-SHA256 cipher support in CryptoPkg to meet more security
and industry requirements,

and update Cryptest utility to include new HMAC-SHA256 test case.

Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-11-02 23:17:21 +08:00
Qin Long b7d1ba0a8a CryptoPkg: Add xxxxHashAll APIs to facilitate the digest computation
Add new xxxxHashAll APIs to facilitate the digest computation of blob
data. New APIs include: Md4HashAll(), Md5HashAll(), Sha1HashAll(),
Sha256HashAll(), Sha384HashAll(), and Sha512HashAll().

The corresponding test cases were added in Cryptest utility.

Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-11-02 23:16:10 +08:00
Qin Long 0f5f6b3db7 [CryptoPkg] Correct one typo in the API comments.
Correct one typo (SingerChainCerts --> SignerChainCerts) in the comments
for Pkcs7GetCertificatesList() API.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Shumin Qiu <shumin.qiu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18944 6f19259b-4bc3-4df7-8a09-765794883524
2015-11-25 08:34:57 +00:00
Qin Long 45419de6ca CryptoPkg: Add one new API (Pkcs7GetCertificatesList) for certs retrieving.
Adding one new API (Pkcs7GetCertificatesList) to retrieve and sort all
embedded certificates from Pkcs7 signedData. This new API will provide
the support for UEFI 2.5 Secure-Boot AuditMode feature.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18729 6f19259b-4bc3-4df7-8a09-765794883524
2015-11-05 08:50:39 +00:00
Qin Long 9e8841b4f8 CryptoPkg: Add a missed include file to fix the possible build issue.
Add a missed include file (UefiBaseType.h) into BaseCryptLib.h, since
EFI_TIME was introduced in the new crypto API (ImageTimestampVerify).

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18255 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-20 08:49:31 +00:00
Qin Long 952bd22918 CryptoPkg: Add some comments for API usage clarification.
This patch adds some comments for API usage clarification, and
adds one object initialization in X509ConstructCertificateStack
implementation to fix possible memory release issue.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17671 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-19 02:46:51 +00:00
Qin Long afeb55e4a6 CryptoPkg: Add one new API for PKCS7 Verification Protocol Support
This patch adds one new API (Pkcs7GetAttachedContent) to support
PKCS7 Verification Protocol defined in UEFI 2.5.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17669 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-19 02:44:20 +00:00
Long, Qin 12d95665cb Correct the Hash Calculation for Revoked X.509 Certificate to align with RFC3280 and UEFI 2.4 Spec.
This patch added one new X509GetTBSCert() interface in BaseCryptLib to retrieve the TBSCertificate, 
and also corrected the hash calculation for revoked certificate to aligned the RFC3280 and UEFI 2.4 spec.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Long, Qin" <qin.long@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@initel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16559 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-25 08:37:08 +00:00
Qin Long 2ac68e8b54 CryptoPkg Updates to support RFC3161 timestamp signature verification.
The main changes includes:
1. Enabling SHA384 and SHA512 digest algorithm; (Sha512.c)
2. RFC 3161 timestamp signature verification support; (CryptTs.c)
3. Fixed one ASN.1 length encoding issue in Authenticode verification routine. (CryptAuthenticode.c)
4. Add the corresponding test cases in Cryptest utility (SHA384 & SHA512 & Timestamp verification)

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Qin Long <qin.long@intel.com> 
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16339 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-12 08:51:45 +00:00
tye1 8c5720b465 Fix issue that RsaPkcs1Verify() may not work in PEI phase.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13958 6f19259b-4bc3-4df7-8a09-765794883524
2012-11-22 05:07:22 +00:00
tye1 dda39f3a58 Fix several issues in BaseCryptLib:
1. Add input length check for several APIs in BaseCryptLib.
2. Add return status check when calling OpensslLib functions
3. Adjust BaseCryptLib API to match description of wrapped OpensslLib API.
4. Update INF file to add missed RuntimeServicesTableLib.
5. Fix return status issue of APIs in CryptX509.c that incorrect when error occurs.

Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13579 6f19259b-4bc3-4df7-8a09-765794883524
2012-08-02 02:49:24 +00:00
tye1 6b8ebcb8de Fix some typo and coding style issues in BaseCryptLib instances.
Signed-off by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu, Siyuan <Siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13564 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-27 07:49:42 +00:00
tye1 532616bbd6 Add interfaces to several library instances of BaseCryptLib.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>




git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13539 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-18 09:32:05 +00:00
tye1 e8b4eb0417 Add two new interfaces Pkcs7GetSigners and Pkcs7FreeSigners to BaseCryptLib.
Signed-off by: tye1
Reviewed-by: geekboy15a
Reviewed-by: sfu5
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13158 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-31 04:49:02 +00:00
sfu5 16d2c32c4d 1. Remove conducting ASSERT in BaseCryptLib.
Signed-off-by: sfu5
Reviewed-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13110 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-19 05:52:16 +00:00
tye1 b7d320f811 Add new interfaces to support PKCS7#7 signed data and authenticode signature. Update Cryptest to validate functionality of new interfaces.
Signed-off-by: tye1
Reviewed-by: hhuan13
Reviewed-by: qlong


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12142 6f19259b-4bc3-4df7-8a09-765794883524
2011-08-16 06:46:52 +00:00
qlong 4a567c9690 1. Add new API supports for PEM & X509 key retrieving & verification;
2. Add new MD4 hash supports;
3. Add corresponding test case in Cryptest utility;
4. Fix MACRO definition issue in OpensslLib.inf and parameter checking issues in some wrapper implementations.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11214 6f19259b-4bc3-4df7-8a09-765794883524
2010-12-31 07:22:48 +00:00
qlong a8c4464502 Update CryptoPkg for new ciphers (HMAC, Block Cipher, etc) supports.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10997 6f19259b-4bc3-4df7-8a09-765794883524
2010-11-02 06:06:38 +00:00
hhtian 97f98500c1 Add CryptoPkg (from UDK2010.UP3)
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10987 6f19259b-4bc3-4df7-8a09-765794883524
2010-11-01 06:30:58 +00:00