Commit Graph

232 Commits

Author SHA1 Message Date
Qin Long a62a7cc7f9 CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3992
Instead of commenting out the Signed Certificate Timestamps purely based
on the OPENSSL_SYS_UEFI flag, OpenSSL 1.1 supports a no-sct configuration
option, added in commit 05d7bf6c5. Drop our own hack and use that.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Tested-by: Qin Long <qin.long@intel.com>
2016-03-05 23:42:24 +08:00
Qin Long e94546e77b CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3951
A more complete implementation of the X509_V_FLAG_NO_CHECK_TIME flag was
added to OpenSSL 1.1 as commit d35ff2c0a. Drop our own version and use a
backport of what was committed upstream.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Tested-by: Qin Long <qin.long@intel.com>
2016-03-05 23:41:31 +08:00
Qin Long f0e3cd1927 CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3674
A more complete fix for the no-cms configuration has been added to
OpenSSL 1.1 as commit e968561d5. Drop our own version and use a
backport of what was committed upstream.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Tested-by: Qin Long <qin.long@intel.com>
2016-03-05 23:40:40 +08:00
Qin Long b9dbddd88a CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3955
A different fix for the excessive stack usage has been merged into
OpenSSL 1.1 as commit 8e704858f. Drop our own version and use a backport
of what was committed upstream.

Note: This requires the free() function to work correctly when passed
      a NULL argument (qv).

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Tested-by: Qin Long <qin.long@intel.com>
2016-03-05 23:39:47 +08:00
Qin Long e578aa19dc CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3628
A complete implementation of the no-filenames configuration option was
added to OpenSSL 1.1 in commit 02f7114a7. Drop our own version and use
a backport of what was committed upstream.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Tested-by: Qin Long <qin.long@intel.com>
2016-03-05 23:38:51 +08:00
Qin Long ca6fa1fe3b CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3964
Extensive fixes for the no-stdio configuration have been merged into
OpenSSL 1.1, primarily in commit 984d6c605.

The backport to 1.0.2 is slightly different because we still have a
mixture of no-fp-api and no-stdio in 1.0.2, although they are hopelessly
intertwined. Nevertheless, drop our own original version and switch to
a backported version of what went into 1.1.

This includes subsequent fixes in commit c0cf5b84d for the TS code.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Tested-by: Qin Long <qin.long@intel.com>
2016-03-05 23:37:42 +08:00
Qin Long 503f6e3888 CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#4175
A different fix for the PKCS7_verify() regression on Authenticode
signatures has landed in the OpenSSL 1.0.2 branch as commit c436c990f
and will be present in the 1.0.2g release.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Tested-by: Qin Long <qin.long@intel.com>
2016-03-05 23:36:37 +08:00
Qin Long 3f73ccb37a CryptoPkg/OpensslLib: Regenerate OpenSSL patch
All the OpenSSL changes we carry in our EDKII_openssl patch for 1.0.2
are now merged into upstream OpenSSL and will be in the upcoming 1.1
release.

As a first step towards switching out our original hacks for backported
versions of the commits which were actually accepted into OpenSSL 1.1,
just regenerate the *existing* patch against the 1.0.2f release using
'git diff'.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Tested-by: Qin Long <qin.long@intel.com>
2016-03-05 23:35:04 +08:00
Qin Long 259d0e71af CryptoPkg/OpensslLib: Include complete copy of opensslconf.h
This can be an auto-generated file, and it *isn't* in the OpenSSL git tree;
it's only in the generated tarballs. So rather than including it in our
OpenSSL patch, just have the user copy it into place.

This makes it easier to manage changes, and is a step towards better
integration.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Tested-by: Qin Long <qin.long@intel.com>
2016-03-05 23:33:59 +08:00
Qin Long 6c56c76c75 CryptoPkg: Use OpenSSL include directory directly
The standard OpenSSL 1.0.2 configuration and build process will already
symlink or copy the necessary header files to the include/openssl/
directory within the OpenSSL source tree.

When we transition to OpenSSL 1.1 it won't even be necessary to link
or copy the files there; they have just been moved outright.

So let's use them from there. Change the include directory specified
in CryptoPkg/CryptoPkg.dec, and modify the Install.cmd and Install.sh
scripts to copy the files to the normal directory within the OpenSSL
source tree, instead of CryptoPkg/Include/openssl/.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Tested-by: Qin Long <qin.long@intel.com>
2016-03-05 23:32:55 +08:00
Laszlo Ersek e89d672110 CryptoPkg: RuntimeCryptLib: support realloc(NULL, size)
The ISO C standard says about realloc(),

  If ptr is a null pointer, the realloc function behaves like the malloc
  function for the specified size.

The realloc() implementation doesn't conform to this currently, so add a
check and call malloc() if appropriate.

Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Qin Long <qin.long@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
2016-02-25 11:04:31 +01:00
Laszlo Ersek 1246dde58e CryptoPkg: RuntimeCryptLib: support free(NULL)
The ISO C standard says about free(),

  If ptr is a null pointer, no action occurs.

This is not true of the RuntimeFreeMem() internal function. Therefore we
must not forward the argument of free() to RuntimeFreeMem() without
checking.

Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Qin Long <qin.long@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
2016-02-25 11:04:28 +01:00
Laszlo Ersek 211372d63a CryptoPkg: BaseCryptLib: support free(NULL)
The ISO C standard says about free(),

  If ptr is a null pointer, no action occurs.

This is not true of the FreePool() interface of the MemoryAllocationLib
class:

  Buffer must have been allocated on a previous call to the pool
  allocation services of the Memory Allocation Library. [...] If Buffer
  was not allocated with a pool allocation function in the Memory
  Allocation Library, then ASSERT().

Therefore we must not forward the argument of free() to FreePool() without
checking.

This bug can be triggered by upstream OpenSSL commit 8e704858f219
("RT3955: Reduce some stack usage"), for example.

Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Qin Long <qin.long@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
2016-02-25 11:04:02 +01:00
Qin Long e6b2c99121 CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2f
OpenSSL has released version 1.0.2f with two security fixes
(http://www.openssl.org/news/secadv/20160128.txt) at 28-Jan-2016.
Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib
to catch the latest release 1.0.2f.
(NOTE: The patch file was just re-generated, and no new source
       changes was introduced for 1.0.2f enabling)

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-02-23 11:12:51 +08:00
Karyne Mayer 03805fc376 CryptoPkg: Fix function qsort for non 32-bit machines
Although the function qsort receives as an argument a "compare" function
which returns an "int", QuickSortWorker (the function used internally by
qsort to do its job) receives as an argument a "CompareFunction" which
returns an "INTN". In a 32-bit machine, "INTN" is defined as "INT32",
which is defined as "int" and everything works well. However, when qsort
is compiled for a 64-bit machine, "INTN" is defined as "INT64" and the
return values of the compare functions become incompatible ("int" for
qsort and "INT64" for QuickSortWorker), causing malfunction.

For example, let's assume qsort is being compiled for a 64-bit machine.
As stated before, the "compare" function will be returning an "int",
and "CompareFunction" will be returning an "INT64". When, for example,
the "compare" function (which was passed as an argument to qsort and,
then, re-passed as an argument to QuickSortWorker) returns -1 (or
0xffffffff, in a 32-bit integer, its original return type) from inside
a call to QuickSortWorker, its return value is interpreted as being an
"INT64" value - which turns out to be 4294967295 (or 0x00000000ffffffff,
in a 64-bit integer) -, making the function QuickSortWorker to behave
unexpectedly.

Note that this unexpected (or incorrect) conversion does not happen when
casting an "INT32" to an "INT64" directly, but does happen when casting
function types.

The issue is fixed by changing the return type of SORT_COMPARE (the type
of "CompareFunction", used by QuickSortWorker) from "INTN" to "int".
This way, both qsort and QuickSortWorker use compatible definitions for
their compare functions.

Contributed-under: TianoCore Contribution Agreement 1.0
Acked-by: Paulo Alcantara Cavalcanti <paulo.alc.cavalcanti@hp.com>
Signed-off-by: Karyne Mayer <kmayer@hp.com>
Signed-off-by: Rodrigo Dias Correa <rodrigo.dia.correa@hp.com>
Signed-off-by: Arthur Crippa Burigo <acb@hp.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19748 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-26 08:51:13 +00:00
Hao Wu e7efd897d0 CryptoPkg: Add NOOPT target in CryptoPkg.dsc
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19670 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-19 04:04:54 +00:00
Ard Biesheuvel 5fa05671e2 CryptoPkg: fix build support under RVCT
The RVCT compiler chokes on a couple of issues in upstream OpenSSL that
can be confirmed to be non-issues by inspection. So just ignore these
warnings entirely.

Also, move the dummy -J system include from CryptoPkg.dsc to the various
.INF files, since it will not be picked up when building the CryptoPkg
libraries from a platform .DSC

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19328 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-17 17:02:06 +00:00
Jordan Justen 3af422600f CryptoPkg: Convert all .uni files to utf-8
To convert these files I ran:

$ python3 BaseTools/Scripts/ConvertUni.py CryptoPkg

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19250 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-15 04:51:26 +00:00
Qin Long 65202874a4 CryptoPkg/OpensslLib: upgrade OpenSSL version to 1.0.2e
OpenSSL has released version 1.0.2e with security fixes.
Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib
from 1.0.2d to 1.0.2e.
(Note: This is based on Ard's previous patch with extra fix
       https://rt.openssl.org/Ticket/Display.html?id=4175)

Contributed-under: TianoCore Contribution Agreement 1.0
Singed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19218 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-11 02:29:05 +00:00
Ard Biesheuvel 76a5e6c269 CryptoPkg/OpensslLib: comment out unused code
This comments out the pqueue and ts_* source files from the OpensslLib
build, since they have no users.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19147 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-07 09:22:21 +00:00
Ard Biesheuvel e01f529efc CryptoPkg/BaseCryptLib: make mVirtualAddressChangeEvent STATIC
Make mVirtualAddressChangeEvent STATIC to prevent it from conflicting
with other variables of the same name that may be defined in other
libraries (e.g., MdeModulePkg/Universal/Variable/RuntimeDxe)
This also removes the risk of mVirtualAddressChangeEvent being merged with
other uninitialized variables with external linkage by toolchains that perform
COMMON allocation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19146 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-07 09:20:20 +00:00
Ard Biesheuvel 8fb0d2e3fd CryptoPkg ARM: add ArmSoftFloatLib resolution to CryptoPkg.dsc
In order to build the ARM version of CryptoPkg from its own .DSC file,
it needs a resolution for the ArmSoftFloatLib dependency of OpensslLib.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19145 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-07 09:20:09 +00:00
Ard Biesheuvel 84c7452165 CryptoPkg: remove global variable 'timeval' from OpenSslSupport.h
The header file OpenSslSupport.h not only defines a type 'struct timeval'
but also defines a global variable 'timeval' of that type. The RVCT
compiler does not merge this definition into a common symbol, resulting
in duplicate definition errors in the final link. So remove the
variable definition.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19135 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-07 06:33:27 +00:00
Liming Gao 0f397749e1 CryptoPkg: Disable VS2015 warning C4311 in OpensslLib
Warning C4311: pointer truncation from 'type' to 'type'.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19115 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-04 03:15:45 +00:00
Ard Biesheuvel 8786ba4fe7 CryptoPkg/OpensslLib: add softfloat dependency for ARM
UEFI on 32-bit ARM does not allow the use of hardware floating point,
so in order to be able to run OpenSslLib, we need to fulfil its
floating point arithmetic dependencies using a software library.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19033 6f19259b-4bc3-4df7-8a09-765794883524
2015-11-30 08:57:26 +00:00
Qin Long 0f5f6b3db7 [CryptoPkg] Correct one typo in the API comments.
Correct one typo (SingerChainCerts --> SignerChainCerts) in the comments
for Pkcs7GetCertificatesList() API.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Shumin Qiu <shumin.qiu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18944 6f19259b-4bc3-4df7-8a09-765794883524
2015-11-25 08:34:57 +00:00
Ard Biesheuvel a100d0073b CryptoPkg: fix AARCH64 build under CLANG35
The OpenSSL function sk_X509_delete_ptr() resolves through preprocessor
substitution to '(X509 *)sk_delete_ptr()', in which the cast causes the
call to be interpreted as an expression (whose value is not used) rather
than a statement, resulting in the following error under Clang:

  ...: error: expression result unused [-Werror,-Wunused-value]

Add (VOID) casts to silence the error.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18730 6f19259b-4bc3-4df7-8a09-765794883524
2015-11-05 14:41:43 +00:00
Qin Long 45419de6ca CryptoPkg: Add one new API (Pkcs7GetCertificatesList) for certs retrieving.
Adding one new API (Pkcs7GetCertificatesList) to retrieve and sort all
embedded certificates from Pkcs7 signedData. This new API will provide
the support for UEFI 2.5 Secure-Boot AuditMode feature.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18729 6f19259b-4bc3-4df7-8a09-765794883524
2015-11-05 08:50:39 +00:00
David Woodhouse 843f8ca01b CryptoPkg/OpensslLib: Move OPENSSL_NO_xxx defines into opensslconf.h
Putting these on the command line as we do at the moment means that they
are *only* visible when actually building the OpenSSL code itself. When
building other things like BaseCryptLib, they were missing. Which could
lead to discrepancies in structures defined by the header files, between
the OpenSSL code and the EDK II code which calls it.

Move the definitions into opensslconf.h where they would normally live
in a standard build of OpenSSL.

Note: Do *not* set OPENSSL_NO_LHASH or OPENSSL_NO_OCSP since those weren't
effectively disabled before; the directories was still being included in
the build. If we actually disable then, the build breaks. We can hopefully
fix at least OCSP upstream later, but one thing at a time...

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18708 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-29 14:17:31 +00:00
David Woodhouse 97468ab902 CryptoPkg/OpensslLib: Eliminate GETPID_IS_MEANINGLESS definition
OpenSSL ought to work this out for itself when OPENSSL_SYS_UEFI is set.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18707 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-29 14:17:23 +00:00
David Woodhouse 3b21958bf2 CryptoPkg: Fix OpenSSL BN wordsize and OPENSSL_SYS_UEFI handling
We were manually setting -DSIXTY_FOUR_BIT_LONG or -DTHIRTY_TWO_BIT on
the compiler command line when building OpensslLib itself, but not when
building BaseCryptLib.

But when building BaseCryptLib, we weren't setting OPENSSL_SYS_UEFI
*either*. This meant that *that* build was picking up the definition
from <openssl/opensslconf.h>, and was thus *different* to the version
the library was built with, in some cases.

So set OPENSSL_SYS_UEFI consistently in OpensslSupport.h and *also*
define either SIXTY_FOUR_BIT or THIRTY_TWO_BIT there too.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18706 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-29 14:17:15 +00:00
David Woodhouse 5121a76461 CryptoPkg/OpensslLib: Undefine NO_BUILTIN_VA_FUNCS to fix varargs breakage
Instead of patching OpenSSL to add EFIAPI to the one varargs function we
actually *noticed* breakage in, let's fix the problem in a more coherent
way by undefining NO_BUILTIN_VA_FUNCS.

That way, the VA_START and similar macros will actually do the right
thing for non-EFIAPI functions, which is to use the GCC builtins.

It's still fairly broken elsewhere in the tree, with the VA_START macro
being used from both EFIAPI and non-EFIAPI functions — and being broken
in the latter case. We probably ought to make EFIAPI a no-op everywhere
and add -mabi=ms to the GCC builds. But that's a project for another day.
For now, just fix the OpenSSL build in a cleaner fashion.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18705 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-29 14:17:02 +00:00
David Woodhouse de0408be72 CryptoPkg/BaseCryptLib: Use X509_V_FLAG_NO_CHECK_TIME
OpenSSL HEAD is in the process of adding this flag to disable the validity
time checking. Backport it to 1.0.2 and use it too, for consistency.

https://rt.openssl.org/Ticket/Display.html?id=3951&user=guest&pass=guest

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18704 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-29 14:16:54 +00:00
David Woodhouse 68547181f3 CryptoPkg/BaseCryptLib: Use X509_V_FLAG_PARTIAL_CHAIN
Since OpenSSL 1.0.2 we can set this flag on the X509_STORE to instruct
OpenSSL to accept non-self-signed certificates as trusted. So we don't
need two entirely identical copies of a verify_cb() function which makes
it ignore the resulting errors.

We also *didn't* use that verify_cb() function for X509VerifyCert(), but
probably should have done. So that can get X509_V_FLAG_PARTIAL_CHAIN for
consistency, too.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18703 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-29 14:16:45 +00:00
David Woodhouse e6eaada468 CryptoPkg/BaseCryptLib: Clean up checking of PKCS#7 contents type
Use the new OBJ_get0_data() accessor to compare the data, and actually
check the length of the object too.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18702 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-29 14:16:37 +00:00
David Woodhouse 338bfd970a CryptoPkg/BaseCryptLib: Use accessor functions for ASN1_OBJECT
OpenSSL 1.1 introduces new OBJ_get0_data() and OBJ_length() accessor
functions and makes ASN1_OBJECT an opaque type.

Unlike the accessors in previous commits which *did* actually exist
already but just weren't mandatory, these don't exist in older versions
of OpenSSL. So introduce macros which do the right thing, for
compatibility.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18701 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-29 14:16:30 +00:00
David Woodhouse 4ffe0facbe CryptoPkg/BaseCryptLib: Use accessor functions for X509_ATTRIBUTE
In OpenSSL 1.1, the X509_ATTRIBUTE becomes an opaque structure and we will
no longer get away with accessing its members directly. Use the accessor
functions X509_ATTRIBUTE_get0_object0() and X509_ATTRIBUTE_get0_type()
instead.

Also be slightly more defensive about unlikely failure modes.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18700 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-29 14:16:22 +00:00
David Woodhouse eeb8928a26 CryptoPkg/BaseCryptLib: Use i2d_X509_NAME() instead of abusing X509_NAME
In OpenSSL 1.1, the X509_NAME becomes an opaque structure and we will no
longer get away with accessing its members directly. Use i2d_X509_NAME()
instead.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18699 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-29 14:16:15 +00:00
David Woodhouse 1cae0c83bb CryptoPkg/BaseCryptLib: Add missing OpenSSL includes
OpenSSL 1.1 has cleaned up its include files a little, and it will now
be necessary to directly include things like <openssl/bn.h> if we want
to use them, rather than assuming they are included indirectly from
other headers.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18698 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-29 14:15:53 +00:00
Qin Long f858b8715d CryptoPkg: Fix one wrong parameter for weak key checking
Fix one wrong offset which is passed into DES weak key checking in TdesInit().

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18389 6f19259b-4bc3-4df7-8a09-765794883524
2015-09-02 08:44:46 +00:00
Qin Long 5c4a3795a5 CryptoPkg: Replace string wrapper functions with safe string functions
EDKII core suggests to retire unsafe string functions. This patch is to
replace string wrapper functions with new-added safe string functions
for consistency.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18385 6f19259b-4bc3-4df7-8a09-765794883524
2015-09-02 08:12:39 +00:00
Qin Long 9e8841b4f8 CryptoPkg: Add a missed include file to fix the possible build issue.
Add a missed include file (UefiBaseType.h) into BaseCryptLib.h, since
EFI_TIME was introduced in the new crypto API (ImageTimestampVerify).

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18255 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-20 08:49:31 +00:00
Qin Long 11298d8b7a CryptoPkg: Update Package version to 0.96
Update Package version to 0.9.6

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18247 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-20 06:58:44 +00:00
Bruce Cran 8ca8dd9b05 CryptoPkg: remove redundant parentheses
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Bruce Cran <bruce@cran.org.uk>
Reviewed-by: Qin Long <qin.long.intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17939 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-14 02:57:38 +00:00
Qiu Shumin b134fe98aa CryptoPkg: Make the function headers of Pkcs7GetAttachedContent follow Doxygen.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17938 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-14 02:24:22 +00:00
Ard Biesheuvel d5b5b8f8aa CryptoPkg: update OpenSSL dependency to version 1.0.2d
Upstream OpenSSL version 1.0.2c contained a fatal flaw
[CVE-2015-1793] and is no longer available from the openssl.org
download servers. So upgrade to its replacement, version 1.0.2d.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17928 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-12 18:58:24 +00:00
Qin Long 2aabd14630 CryptoPkg: Fix the dereferenced pointer issue
This patch is to fix one dereferenced pointer issue in new
Pkcs7GetAttachedContent API, and add the memory allocation
failure check.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17731 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-30 03:27:23 +00:00
Laszlo Ersek 4a066c7b27 CryptoPkg: OpensslLib: reintroduce EFIAPI for ERR_add_error_data()
Git commit f93f78ea70 (SVN r17633), with subject "CryptoPkg: Update
openssl patch file from 0.9.8zf to 1.0.2c", replaced the file

  CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8zf.patch

with

  CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2c.patch

In the process, two hunks were lost that used to add EFIAPI to the
declaration of the variadic function ERR_add_error_data().

The VA_START() macro, from "MdePkg/Include/Base.h", expands to an
EFIAPI-dependent implementation when

  !defined(__CC_ARM) && (!defined(__GNUC__) ||
                         defined(NO_BUILTIN_VA_FUNCS))

Under such circumstances, the va_start() macro invocation in
ERR_add_error_data() -- which is translated to VA_START() by
"CryptoPkg/Include/OpenSslSupport.h" -- results in EFIAPI-dependent code,
but callers of the function pass the arguments incorrectly, because the
declaration doesn't state EFIAPI.

This leads to crashes when ERR_add_error_vdata(), called by
ERR_add_error_data(), tries to access the arguments forwarded to it.

Restore the missing hunk from before SVN r17633.

Cc: Qin Long <qin.long@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Ching-Pang Lin <glin@suse.com>
Cc: Peter Jones <pjones@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Peter Jones <pjones@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17689 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-23 14:54:00 +00:00
Qin Long 952bd22918 CryptoPkg: Add some comments for API usage clarification.
This patch adds some comments for API usage clarification, and
adds one object initialization in X509ConstructCertificateStack
implementation to fix possible memory release issue.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17671 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-19 02:46:51 +00:00
Qin Long afeb55e4a6 CryptoPkg: Add one new API for PKCS7 Verification Protocol Support
This patch adds one new API (Pkcs7GetAttachedContent) to support
PKCS7 Verification Protocol defined in UEFI 2.5.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17669 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-19 02:44:20 +00:00
Ard Biesheuvel ffbb1b2540 CryptoPkg: add .gitignore for OpenSSL source files
Add a .gitignore that masks the OpenSSL header files under
Include/openssl and the OpenSSL source files under
Library/OpensslLib/openssl-*. This prevents Git from considering
any of these files for addition, and prevents other clutter in
the git status output.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Qin Long <qin.long@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17647 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-16 15:09:19 +00:00
Qin Long 1463ce18ca CryptoPkg: Wrapper files updates to support openssl-1.0.2c
This patch updates some support header and wrapper files to support
openssl-1.0.2c build, and correct some openssl API usages and
boundary check.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17635 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-16 00:54:16 +00:00
Qin Long 73c54a5823 CryptoPkg: Update OpensslLib module files for openssl-1.0.2c support
This patch updates the INF file, installation scripts and HOWTO file
in OpensslLib for openssl-1.0.2c support.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17634 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-16 00:52:40 +00:00
Qin Long f93f78ea70 CryptoPkg: Update openssl patch file from 0.9.8zf to 1.0.2c
This patch adds a patch file for openssl-1.0.2c, and removes
the patch file for openssl-0.9.8zf.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17633 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-16 00:52:17 +00:00
Long Qin 785d183b4e Upgrade to OpenSSL-0.9.8zf (released on 19-MAR-2015).
Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17072 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-25 08:13:32 +00:00
Jordan Justen 3f3c4895da */Contributions.txt: Update example email address
Use the example.com domain as recommended in RFC 2606.

NOTE: This does not modify the wording of the "TianoCore Contribution
      Agreement 1.0" section

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Bruce Cran <bruce.cran@gmail.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16724 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-03 17:29:14 +00:00
Long Qin d47da78669 Update OpenSSL support to the latest release (0.9.8ze, 15-Jan-2015).
Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16641 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-22 07:43:04 +00:00
Long, Qin 12d95665cb Correct the Hash Calculation for Revoked X.509 Certificate to align with RFC3280 and UEFI 2.4 Spec.
This patch added one new X509GetTBSCert() interface in BaseCryptLib to retrieve the TBSCertificate, 
and also corrected the hash calculation for revoked certificate to aligned the RFC3280 and UEFI 2.4 spec.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Long, Qin" <qin.long@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@initel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16559 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-25 08:37:08 +00:00
Qin Long b01fcf92ad Update the build option to eliminate possible build warning for IPF platform.
Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Qin Long <qin.long@intel.com> 
Reviewed-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16492 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-10 08:05:42 +00:00
Laszlo Ersek afc18ead28 CryptoPkg: OpenSslSupport.h: edk2-ize offsetof() macro for gcc-4.8 / X64
Code added in SVN r16339 ("CryptoPkg Updates to support RFC3161 timestamp
signature verification.") introduced many new uses of the offsetof()
macro. Since the offsetof() macro in "OpenSslSupport.h" casts a pointer to
an "int", it triggers a large number of

  error: cast from pointer to integer of different size
  [-Werror=pointer-to-int-cast]

errors when building CryptoPkg with gcc-4.8 for X64.

Remedy this by directing offsetof() to the OFFSET_OF() macro in
"MdePkg/Include/Base.h" (which matches how "OpenSslSupport.h" resolves the
va_*() macros too).

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Laszlo Ersek <lersek@redhat.com>

Build-tested-by: Scott Duplichan <scott@notabs.org>

Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>

Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16388 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-14 10:24:33 +00:00
Laszlo Ersek 017c285ef1 CryptoPkg: TimestampTokenVerify(): fix gcc-4.8 / Ia32 build failure
SVN r16339 ("CryptoPkg Updates to support RFC3161 timestamp signature
verification.") introduced the following build failure:

> CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c: In function
> 'TimestampTokenVerify':
> CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c:538:3: error: passing
> argument 2 of 'd2i_TS_TST_INFO' from incompatible pointer type [-Werror]
>    TstInfo = d2i_TS_TST_INFO (NULL, &TstTemp, (int)TstSize);
>    ^
> In file included from CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c:22:0:
> CryptoPkg/Include/openssl/asn1t.h:803:10: note: expected 'const unsigned
> char **' but argument is of type 'UINT8 **'
>   stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
>           ^
> CryptoPkg/Include/openssl/asn1t.h:799:2: note: in expansion of macro
> 'IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname'
>   IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
>   ^
> CryptoPkg/Include/openssl/asn1t.h:778:42: note: in expansion of macro
> 'IMPLEMENT_ASN1_FUNCTIONS_fname'
>  #define IMPLEMENT_ASN1_FUNCTIONS(stname)
> IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
>                                           ^
> CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c:136:1: note: in expansion of
> macro 'IMPLEMENT_ASN1_FUNCTIONS'
>  IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO)
>  ^
> cc1: all warnings being treated as errors

Note that the cast

  (const unsigned char **) &TstTemp

does not match the general edk2 coding style, but it *does* match
other similar casts in this file.

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Laszlo Ersek <lersek@redhat.com>

Build-tested-by: Scott Duplichan <scott@notabs.org>

Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>

Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16387 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-14 10:24:21 +00:00
Qin Long 2ac68e8b54 CryptoPkg Updates to support RFC3161 timestamp signature verification.
The main changes includes:
1. Enabling SHA384 and SHA512 digest algorithm; (Sha512.c)
2. RFC 3161 timestamp signature verification support; (CryptTs.c)
3. Fixed one ASN.1 length encoding issue in Authenticode verification routine. (CryptAuthenticode.c)
4. Add the corresponding test cases in Cryptest utility (SHA384 & SHA512 & Timestamp verification)

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Qin Long <qin.long@intel.com> 
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16339 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-12 08:51:45 +00:00
Jordan Justen 26830e8579 EDK II Contributions.txt: Update patch format information
Update to show what the patch looks like in email form.

NOTE: This does not modify the wording of the "TianoCore Contribution
      Agreement 1.0" section

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16297 6f19259b-4bc3-4df7-8a09-765794883524
2014-10-31 22:05:50 +00:00
Ard Biesheuvel efda1df8d5 Users of the LP64 data model should declare SIXTY_FOUR_BIT_LONG, not SIXTY_FOUR_BIT when building OpenSSL.
Contributed-under: TianoCore Contribution Agreement 1.0

Reviewed-By: Olivier Martin <olivier.martin@arm.com>
Reviewed-by: Andrew Fish <afish@apple.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16165 6f19259b-4bc3-4df7-8a09-765794883524
2014-09-24 07:48:26 +00:00
Gao, Liming 08ae2c0eec CryptoPkg: Convert non DOS format files to DOS format
Module UNI and Package UNI files are not DOS format. Convert them to DOS format.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gao, Liming <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16051 6f19259b-4bc3-4df7-8a09-765794883524
2014-09-03 08:56:12 +00:00
Long Qin 7886a51135 Update CryptoPkg package version to 0.94.
Signed-off-by: Long Qin <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16033 6f19259b-4bc3-4df7-8a09-765794883524
2014-09-02 07:08:30 +00:00
Gao, Liming d7325a8c49 Correct OpenSSL version in Cryptest.uni
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gao, Liming <liming.gao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15976 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-29 04:49:15 +00:00
Dong, Guo 7ccea0ae2f CryptoPkg: INF/DEC file updates to EDK II packages
5. Add PACKAGE_UNI_FILE UNI file that contains the localized Abstract and Description of a package and localized strings associated with PCDs. 
a. Addresses an information gap between DEC files and the UEFI Distribution Packaging Specification XML schema
b. There will be an associated update to UPT in BaseTools to consume PACKAGE_UNI_FILE and associated UNI file during UDP creation that performs the DEC -> XML conversion.
c. There will be an associated update to UPT in BaseTools to produce PACKAGE_UNI_FILE and associated UNI file during UDP installation that performs the XML -> DEC conversion.

6. Add Package Extra UNI file that provides the localized Name of a package.
a. [UserExtensions.TianoCore."ExtraFiles"] provides an easy method for a package to specify extra files to be added to a UDP without having to list the files in the UPT package information data file.
b. There will be an associated update to UPT in BaseTools to package up files listed in [UserExtensions.TianoCore."ExtraFiles"] during UDP creation.
c. UNI file contains localized name of a package to go along with the localized Abstract and Description from the PACKAGE_UNI_FILE.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15957 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-28 05:52:56 +00:00
Dong, Guo 7a2f2ec353 CryptoPkg: INF/DEC file updates to EDK II packages
4. PCD information in DEC file comment blocks are either incomplete or incorrect.  
This includes detailed description, @Prompt, @ValidRange, @ValidList, @Expression, and [Error.<TokenSpaceGuid>] validation error messages.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15956 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-28 05:52:36 +00:00
Dong, Guo 18bb9e19c0 CryptoPkg: INF/DEC file updates to EDK II packages
2. Add MODULE_UNI_FILE file that contains the localized Abstract and Description of a module.
a. Addresses an information gap between INF files and the UEFI Distribution Packaging Specification XML schema
b. There will be an associated update to UPT in BaseTools to consume MODULE_UNI_FILE and associated UNI file during UDP creation that performs the INF -> XML conversion.
c. There will be an associated update to UPT in BaseTools to produce MODULE_UNI_FILE and associated UNI file during UDP installation that performs the XML -> INF conversion.

3. Add Module Extra UNI file that provides the localized Name of a module.
a. [UserExtensions.TianoCore."ExtraFiles"] provides an easy method for a module to specify extra files not listed in [Sources] or [Binaries] sections to be added to a UDP without having to list the files in the UPT package information data file.
b. There will be an associated update to UPT in BaseTools to package up files listed in [UserExtensions.TianoCore."ExtraFiles"] during UDP creation.
c. UNI file contains localized name of a module to go along with the localized Abstract and Description from the MODULE_UNI_FILE.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15955 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-28 05:51:39 +00:00
Dong, Guo dda856b3c1 CryptoPkg: INF/DEC file updates to EDK II packages
1. Usage information in INF file comment blocks are either incomplete or incorrect.  
This includes usage information for Protocols/PPIs/GUIDs/PCDs/HOBs/Events/BootModes.  
The syntax for usage information in comment blocks is defined in the EDK II Module Information (INF) Specification

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15954 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-28 05:50:45 +00:00
Ronald Cron d1984abcb9 CryptoPkg: Add support of AARCH64 architecture
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Reviewed-By: Olivier Martin <olivier.martin@arm.com>
Reviewed-By: Long, Qin <qin.long@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15913 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-26 15:06:45 +00:00
Ronald Cron bccc877842 CryptoPkg: Add support to build with ARM GCC
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Reviewed-By: Olivier Martin <olivier.martin@arm.com>
Reviewed-By: Long, Qin <qin.long@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15912 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-26 15:05:58 +00:00
Ronald Cron 2f7cd8de3b CryptoPkg: Update to build with RVCT
Update RVCT compile options for the CryptoPkg to compile.
Add support for stack protector with BaseStackCheckLib to link.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Reviewed-By: Olivier Martin <olivier.martin@arm.com>
Reviewed-By: Long, Qin <qin.long@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15911 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-26 15:05:22 +00:00
Jordan Justen fad213a3db EDK II Contributions.txt: Note acceptable contribution licenses
We strongly prefer that contribtions be offered using the same license
as the project/module. But, we should document other acceptable
licenses for contributions.

This will allow package owners to more easily know if they can accept
a contribution under a different source license.

NOTE: This does not modify the wording of the "TianoCore Contribution
      Agreement 1.0" section

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Mark Doran <mark.doran@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15892 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-25 23:10:18 +00:00
Long, Qin f61d69cc44 OpenSSL 0.9.8zb was released at 06-Aug-2014, including bug and security fixes.
This patch is to catch the latest OpenSSL release.
NOTE: The content of EDKII_openssl-0.9.8zb.patch is same with the old EDKII_openssl-0.9.8za.patch, and the extra changes 
      are only name / directory modifications. 

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long, Qin  <qin.long@intel.com>
Reviewed-by: Ye, Ting <ting.ye@intel.com>
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15802 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-14 10:16:57 +00:00
qlong 0e24145420 Clean up code.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed off by: Long Qin <qin.long@intel.com>
Reviewed by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15768 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-07 07:56:31 +00:00
Eugene Cohen 86110f65ab Fix OpensslLib build issue for ARM. The changes are:
The changes are:
  1. Add RVCT ARM build target
  2. Add suppression of warnings to get openssl building (1295,550,1293,111,68,177,223,144,513,188)
  3. Remove architectures that RVCT cannot build for (IA32, X64, and IPF)
  4. Add the -DOPENSSL_NO_MD2 flag to prevent link errors from MD2 references; the comments in the .inf assumes that this flag exists but it wasn’t actually set

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eugene Cohen <eugene@hp.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15767 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-07 07:44:37 +00:00
Long, Qin 1b98d6ce44 Add comments for clarification about memset implementation.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long, Qin <qin.long@intel.com>
Reviewed-by: Ye, Ting <ting.ye@intel.com>
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15662 6f19259b-4bc3-4df7-8a09-765794883524
2014-07-16 02:48:20 +00:00
Long, Qin a6908c99aa Update OpenSSL from 0.9.8w to the latest 0.9.8za.
Main changes include:
1. Update the patch file for 0.9.8za;
2. Update the install scripts to align the path for 0.9.8za;
3. OpensslLib.inf : Update the OPENSSL_PATH for 0.9.8za; enable more OPENSLL FLAGS to disable those un-used algorithms for better build performance and size;
4. Update the HOWTO file to align new OpenSSL version.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long, Qin <qin.long@intel.com>
Reviewed-by: Ye, Ting <ting.ye@intel.com>
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15638 6f19259b-4bc3-4df7-8a09-765794883524
2014-07-08 03:03:24 +00:00
Andrew Fish 7bf3ce9ff9 Fix build issues with Xcode in CryptoPkg and SecurityPkg.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Andrew Fish <afish@apple.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15560 6f19259b-4bc3-4df7-8a09-765794883524
2014-06-16 08:30:41 +00:00
Long, Qin 6ab63eb9e0 Update CryptoPkg version: 0.92 -> 0.93
Signed-off-by: Long, Qin <qin.long@intel.com>
Reviewed-by: Tian, Hot <hot.tian@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15084 6f19259b-4bc3-4df7-8a09-765794883524
2014-01-10 02:30:22 +00:00
Long, Qin 38d91622fa Fixed one typo in MathRShiftU64.S stub implementation; Add one digest algorithm registration to make sure the underlying algorithm is available for the default OpenSSL software PRNG implementation.
Signed-off-by: Long, Qin <qin.long@intel.com>
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14860 6f19259b-4bc3-4df7-8a09-765794883524
2013-11-19 02:57:19 +00:00
Ye Ting 5b2956ea63 Enhance error handling code after calling BIO_new in BaseCryptLib.
Signed-off-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14528 6f19259b-4bc3-4df7-8a09-765794883524
2013-08-07 08:11:14 +00:00
Gary Ching-Pang Lin 04a3cfa78a Per gmtime manpage, tm_mon is the number of months since January
while MonthNo is the month of the year, so tm_mon should be MonthNo-1.

Similarly, tm_mday is the day of the month, and DayNo is the number 
of days since the first day of the month. Assigning DayNo+1 to 
tm_mday to fit the definition.

This commit also corrected miscalculated MonthNo and DayNo for the 
first day of the month. (Thanks to Laszlo Ersek!)

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14481 6f19259b-4bc3-4df7-8a09-765794883524
2013-07-17 07:53:04 +00:00
tye1 b3a18a1a17 Though the comment of RandomSeed() states it should return FALSE if there is not enough entropy for random generation, the function always returns TRUE. This commit checks the status of pseudorandom number generator to match the comment.
Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14392 6f19259b-4bc3-4df7-8a09-765794883524
2013-05-29 05:30:13 +00:00
sfu5 86b5c3ee54 The openssl API RSA_public_decrypt() and RSA_private_encrypt() are deprecated, use RSA_sign(), RSA_verify() instead.
Signed-off-by: Long Qin < qin.long@intel.com >
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14309 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-23 01:52:17 +00:00
sfu5 02ee8d3b4c 1. Enable the whole X509v3 extension checking.
2. Replace d2i_X509_bio with d2i_X509.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ling Qin <qin.long@intel.com>
Reviewed-by: Ouyang Qian <qian.ouyang@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14026 6f19259b-4bc3-4df7-8a09-765794883524
2012-12-28 01:20:57 +00:00
tye1 8c5720b465 Fix issue that RsaPkcs1Verify() may not work in PEI phase.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13958 6f19259b-4bc3-4df7-8a09-765794883524
2012-11-22 05:07:22 +00:00
tye1 eb58f55912 Fix coding style issue in CryptoPkg.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Eric <yong.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13864 6f19259b-4bc3-4df7-8a09-765794883524
2012-10-18 09:09:36 +00:00
sfu5 e98e59c237 Fix a bug in OpensslLib that PKCS7_verify will use over 8k stack space.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13858 6f19259b-4bc3-4df7-8a09-765794883524
2012-10-17 08:17:33 +00:00
tye1 fe5eea5e00 Add SPC_INDIRECT_DATA_OBJID check to make sure contentType equals to the
specific value defined in Authenticode PE specification.

Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by:Dong Guo <guo.dong@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13853 6f19259b-4bc3-4df7-8a09-765794883524
2012-10-17 02:13:54 +00:00
tye1 efad60c584 Fix PeiCryptLib build issue.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13670 6f19259b-4bc3-4df7-8a09-765794883524
2012-08-23 03:31:00 +00:00
sfu5 f4184cbd9b Update openssl patch to replaces the “__FILE__” and “__LINE__” with NULL and 0.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13605 6f19259b-4bc3-4df7-8a09-765794883524
2012-08-10 01:27:30 +00:00
tye1 dda39f3a58 Fix several issues in BaseCryptLib:
1. Add input length check for several APIs in BaseCryptLib.
2. Add return status check when calling OpensslLib functions
3. Adjust BaseCryptLib API to match description of wrapped OpensslLib API.
4. Update INF file to add missed RuntimeServicesTableLib.
5. Fix return status issue of APIs in CryptX509.c that incorrect when error occurs.

Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13579 6f19259b-4bc3-4df7-8a09-765794883524
2012-08-02 02:49:24 +00:00
tye1 6b8ebcb8de Fix some typo and coding style issues in BaseCryptLib instances.
Signed-off by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu, Siyuan <Siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13564 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-27 07:49:42 +00:00
tye1 532616bbd6 Add interfaces to several library instances of BaseCryptLib.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>




git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13539 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-18 09:32:05 +00:00
tye1 c4de8e2eb9 Fix incorrect return status in Pkcs7Verify().
Signed-off by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu, Siyuan <Siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13469 6f19259b-4bc3-4df7-8a09-765794883524
2012-06-25 05:15:40 +00:00
vanjeff 4f6904db4c Enable execute property to avoid format is changed carelessly.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13451 6f19259b-4bc3-4df7-8a09-765794883524
2012-06-14 06:43:08 +00:00
vanjeff 1300608777 Remove Carriage-Return character.
signed-off-by: Jeff Fan <jeff.fan@intel.com>
reviewed-by: Ting Ye <ting.ye@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13450 6f19259b-4bc3-4df7-8a09-765794883524
2012-06-14 06:31:44 +00:00
jyao1 dc204d5a0f Add comment for modules which have external input.
signed-off-by: jiewen.yao@intel.com
reviewed-by: guo.dong@intel.com
reviewed-by: ting.ye@intel.com
reviewed-by: liming.gao@intel.com
reviewed-by: elvin.li@intel.com



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524
2012-06-12 08:28:43 +00:00
tye1 38fcd0270f Fix SmmCryptLib issue when calling time() in RealTimeClock.c
Signed-off by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13417 6f19259b-4bc3-4df7-8a09-765794883524
2012-06-01 02:37:24 +00:00
tye1 7ce960e712 Use current time value as default random seed in BaseCryptLib.
Signed-off by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Sun Rui <rui.sun@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13300 6f19259b-4bc3-4df7-8a09-765794883524
2012-05-10 07:58:02 +00:00
tye1 5359174326 Upgrade openssl version to 0.98w.
Signed-off by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13289 6f19259b-4bc3-4df7-8a09-765794883524
2012-05-07 10:29:58 +00:00
hhtian bff8c6f61d Update copyright format
Signed-off-by: Hot Tian <hot.tian@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13213 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-24 06:49:39 +00:00
jljusten ea4ee7ac38 EDK II Packages: Add Contributions.txt and License.txt files
Contributions.txt documents the contribution process for all
tianocore projects. The conents of Contributions.txt should
match in all cases.

License.txt is a per-project document showing the license terms
used by that project.

Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13187 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-11 23:19:46 +00:00
tye1 e8b4eb0417 Add two new interfaces Pkcs7GetSigners and Pkcs7FreeSigners to BaseCryptLib.
Signed-off by: tye1
Reviewed-by: geekboy15a
Reviewed-by: sfu5
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13158 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-31 04:49:02 +00:00
sfu5 16d2c32c4d 1. Remove conducting ASSERT in BaseCryptLib.
Signed-off-by: sfu5
Reviewed-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13110 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-19 05:52:16 +00:00
li-elvin 855790a56f Change Openssl build option for IPF back to SIXTY_FOUR_BIT.
Signed-off-by: li-elvin
Reviewed-by: vanjeff

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12893 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-26 02:18:13 +00:00
tye1 9fa957ec82 Update CryptoPkg package versions from 0.91 to 0.92.
Signed-off-by: tye1
Reviewed-by: gdong1



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12846 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-13 09:46:54 +00:00
tye1 c79111f6f1 Fix Windows 2008 R2 installation fail issue in IPF ICC tip.
Signed-off-by: tye1
Reviewed-by: gdong1
Reviewed-by: li-elvin

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12832 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-09 09:25:12 +00:00
tye1 0bdcfe7592 Fix openssl lib build issue in IPF tip.
Signed-off-by: tye
Reviewed-by: gdong1
Reviewed-by: ftian


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12794 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-28 07:12:20 +00:00
lgao4 c21ddf7c43 Add the missing options for X64 and IPF arch of MSFT:NOOPT target.
Signed-off-by: lgao4

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12793 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-28 06:24:39 +00:00
tye1 4d6afad3b9 Fix CrytoPkg issue in GCC X64 tip.
Signed-off-by: tye
Reviewed-by: gdong1
Reviewed-by: ftian


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12784 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-25 07:07:01 +00:00
tye1 d3945da644 Update return FALSE to ASSERT() for code consistent.
Signed-off-by: tye
Reviewed-by: jyao1




git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12659 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-04 02:55:30 +00:00
xdu2 421fb3b504 CryptoPkg: Fix GCC build break for BaseCryptLib.
Signed-off-by: xdu2

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12601 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28 14:35:01 +00:00
tye1 da9e7418da 1. Fix build break issue for NOOPT target.
2. Fix potential system hang issue in X509_STORE_CTX_cleanup.
3. Fix potential overflow when convert UINTN to INT.
4. Update Pkcs7Sign() to output stripped PKCS#7 SignedData.
5. Update Pkcs7Verify() to support both wrapped/stripped PKCS#7 SignedData.

Signed-off-by: tye
Reviewed-by: xdu2



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12593 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28 07:41:26 +00:00
tye1 a2d111ed25 Replace SHA1 with SHA256 digest algorithm.
Signed-off-by: tye
Reviewed-by: hhuan13
Reviewed-by: qlong



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12350 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-14 11:12:08 +00:00
tye1 55581f953a 1. Adjust SignedData to comply with latest UEFI spec: 1) remove SignerInfo.authenticatedAttributes; 2) remove SignedData.contentInfo.content;
2. Fix some coding style problems.


Signed-off-by: tye
Reviewed-by: hhuan13
Reviewed-by: qlong


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12349 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-14 10:20:53 +00:00
tye1 b7d320f811 Add new interfaces to support PKCS7#7 signed data and authenticode signature. Update Cryptest to validate functionality of new interfaces.
Signed-off-by: tye1
Reviewed-by: hhuan13
Reviewed-by: qlong


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12142 6f19259b-4bc3-4df7-8a09-765794883524
2011-08-16 06:46:52 +00:00
lzeng14 d490265ca6 Update code to pass packaging tool.
Signed-off-by: lzeng14
Reviewed-by: lgao4

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11712 6f19259b-4bc3-4df7-8a09-765794883524
2011-05-30 09:56:57 +00:00
hhtian e6a6082acf Clean up DEC files: Remove section header comment blocks that do not provide any information
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11643 6f19259b-4bc3-4df7-8a09-765794883524
2011-05-12 14:24:24 +00:00
jljusten f114914b39 CryptoPkg SysCall Lib: Fix warning with GCC in CrtWrapper.c
Exit is declared to be 'noreturn' function, but GCC sees
that the empty function will return.  Therefore, GCC flags
a warning.

To work-around this, we use a function pointer, along with
a cast to force the code to think that a 'noreturn' function
is being called.

Signed-off-by: jljusten
Reviewed-by: qlong

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11609 6f19259b-4bc3-4df7-8a09-765794883524
2011-05-04 00:56:33 +00:00
jljusten c61fb9c8a4 CryptoPkg OpenSslSupport.h: Do not instantiate data in an include file
Include files should never instantiate data.  Data should only
be referenced as an 'extern' within include files.

The previous code would generate a GCC warning, since the static
data items were not always referenced.

Signed-off-by: jljusten
Reviewed-by: qlong

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11608 6f19259b-4bc3-4df7-8a09-765794883524
2011-05-04 00:56:11 +00:00
hhtian 944b3bbd17 Update DebugLib to provide support for "err" command in the EFI Shell to adjust the filter mask for DEBUG() messages. The "err" command provide the ability to adjust this filter mask at a global level through an EFI Variable and at the module level through a the Debug Mask Protocol. In order to support the degree of flexibility, the DebugLib needs to use library to abstract the get/set operations to the filter mask.
1) Add default mappings for the DebugPrintErrorLevelLib to the DSC file for this package.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11569 6f19259b-4bc3-4df7-8a09-765794883524
2011-04-20 00:18:57 +00:00
qlong 8e01b449de Patch from open source community for CryptoPkg to allow it to build for ARM using the RVCT toolchain.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11565 6f19259b-4bc3-4df7-8a09-765794883524
2011-04-19 16:25:31 +00:00
ydong10 96488aa25a Refine code to make code follow the coding style.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11247 6f19259b-4bc3-4df7-8a09-765794883524
2011-01-13 01:05:59 +00:00
qlong 4a567c9690 1. Add new API supports for PEM & X509 key retrieving & verification;
2. Add new MD4 hash supports;
3. Add corresponding test case in Cryptest utility;
4. Fix MACRO definition issue in OpensslLib.inf and parameter checking issues in some wrapper implementations.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11214 6f19259b-4bc3-4df7-8a09-765794883524
2010-12-31 07:22:48 +00:00
vanjeff f754e613fc 1. enable /GL optimization building on OpensslLib.
2. add DDK3790 compiler option for IA32.


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11099 6f19259b-4bc3-4df7-8a09-765794883524
2010-11-26 07:23:30 +00:00
vanjeff d0bf0f8872 Override MSFT build option in INF files to remove /GL or /Oi.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11059 6f19259b-4bc3-4df7-8a09-765794883524
2010-11-16 02:06:29 +00:00
qlong a8c4464502 Update CryptoPkg for new ciphers (HMAC, Block Cipher, etc) supports.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10997 6f19259b-4bc3-4df7-8a09-765794883524
2010-11-02 06:06:38 +00:00
hhtian 97f98500c1 Add CryptoPkg (from UDK2010.UP3)
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10987 6f19259b-4bc3-4df7-8a09-765794883524
2010-11-01 06:30:58 +00:00