* Move SysCall/inet_pton.c from BaseCryptLib to TlsLib. The functions
in this file are only used by TlsLib instances and not any CryptLib
instances.
* Fix type mismatch in call to FreePool() in TlsConfig.c
* Remove use of gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled from
TslLib and CryptLib instances
* Add missing *Null.c files to SecCryptLib.inf and RuntimeCryptLib.inf.
* Remove ARM and AARCH64 sections from SmmCryptLib.inf that does not
support those architectures.
* Add missing PrintLib dependencies to [LibraryClasses] sections of
CryptLib INF files
* Remove extra library classes from [LibraryClasses] sections of
CryptLib INF files
* Remove unnecessary warning disables from [BuildOptions] sections of
TlsLib and CryptLib INF files
* Remove RVCT support from SecCryptLib.inf
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Cc: Rebecca Cran <quic_rcran@quicinc.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This patch is used to retrieve EC key from PEM and X509 and
carry out the EC-DSA signature and verify it.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4102
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737
Apply uncrustify changes to .c/.h files in the CryptoPkg package
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3760
Update all use of ', OPTIONAL' to ' OPTIONAL,' for function params.
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2420
Add X509ConstructCertificateStackV() to BaseCryptLib that is
identical in behavior to X509ConstructCertificateStack(), but
it takes a VA_LIST parameter for the variable argument list.
The VA_LIST form of this function is required for BaseCryptLib
functions to be wrapped in a Protocol/PPI.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1401
Implement a common function to get the NID name. And use
this function to get common name and organization name.
Add a null function API X509GetOrganizationName of null
function source file.
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Gang Wei <gang.wei@intel.com>
Cc: Wang Jian J <jian.j.wang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
1. Do not use tab characters
2. No trailing white space in one line
3. All files must end with CRLF
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
BZ#: https://bugzilla.tianocore.org/show_bug.cgi?id=923
X509_NAME_get_text_by_NID() used in X509GetCommonName() implementation
is one legacy function which have various limitations. The returned
data may be not usable when the target cert contains multicharacter
string type like a BMPString or a UTF8String.
This patch replaced the legacy function usage with more general
X509_NAME_get_index_by_NID() / X509_NAME_get_entry() APIs for X509
CommonName retrieving.
Tests: Validated the commonName retrieving with test certificates
containing PrintableString or BMPString data.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Type definition in UEFI & OpeenSSL is different. Sometime it could cause
write overflow. Should use same data type when accessing the same region
Cc: Long Qin <qin.long@intel.com>
Cc: Chen Chen <chen.a.chen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
v3: Add extra CommonNameSize check since OpenSSL didn't check this
input parameter. (One openssl issue was filed to address this risk:
https://github.com/openssl/openssl/issues/4392)
v2: Update function interface to return RETURN_STATUS to represent
different error cases.
Add one new API (X509GetCommonName()) to retrieve the subject commonName
string from one X.509 certificate.
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
OpenSSL-1.1.xx makes most data structures opaque.
This patch updates Public Key Cipher Wrapper implementations in
BaseCryptLib to use the accessor APIs for opaque object access.
The impacted interfaces includes RSA, DH, X509, PKCS7, etc.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
Since OpenSSL 1.0.2 we can set this flag on the X509_STORE to instruct
OpenSSL to accept non-self-signed certificates as trusted. So we don't
need two entirely identical copies of a verify_cb() function which makes
it ignore the resulting errors.
We also *didn't* use that verify_cb() function for X509VerifyCert(), but
probably should have done. So that can get X509_V_FLAG_PARTIAL_CHAIN for
consistency, too.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18703 6f19259b-4bc3-4df7-8a09-765794883524
In OpenSSL 1.1, the X509_NAME becomes an opaque structure and we will no
longer get away with accessing its members directly. Use i2d_X509_NAME()
instead.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18699 6f19259b-4bc3-4df7-8a09-765794883524
OpenSSL 1.1 has cleaned up its include files a little, and it will now
be necessary to directly include things like <openssl/bn.h> if we want
to use them, rather than assuming they are included indirectly from
other headers.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18698 6f19259b-4bc3-4df7-8a09-765794883524
This patch adds some comments for API usage clarification, and
adds one object initialization in X509ConstructCertificateStack
implementation to fix possible memory release issue.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17671 6f19259b-4bc3-4df7-8a09-765794883524
This patch updates some support header and wrapper files to support
openssl-1.0.2c build, and correct some openssl API usages and
boundary check.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17635 6f19259b-4bc3-4df7-8a09-765794883524
This patch added one new X509GetTBSCert() interface in BaseCryptLib to retrieve the TBSCertificate,
and also corrected the hash calculation for revoked certificate to aligned the RFC3280 and UEFI 2.4 spec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Long, Qin" <qin.long@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@initel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16559 6f19259b-4bc3-4df7-8a09-765794883524
1. Add input length check for several APIs in BaseCryptLib.
2. Add return status check when calling OpensslLib functions
3. Adjust BaseCryptLib API to match description of wrapped OpensslLib API.
4. Update INF file to add missed RuntimeServicesTableLib.
5. Fix return status issue of APIs in CryptX509.c that incorrect when error occurs.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13579 6f19259b-4bc3-4df7-8a09-765794883524
2. Fix potential system hang issue in X509_STORE_CTX_cleanup.
3. Fix potential overflow when convert UINTN to INT.
4. Update Pkcs7Sign() to output stripped PKCS#7 SignedData.
5. Update Pkcs7Verify() to support both wrapped/stripped PKCS#7 SignedData.
Signed-off-by: tye
Reviewed-by: xdu2
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12593 6f19259b-4bc3-4df7-8a09-765794883524
2. Add new MD4 hash supports;
3. Add corresponding test case in Cryptest utility;
4. Fix MACRO definition issue in OpensslLib.inf and parameter checking issues in some wrapper implementations.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11214 6f19259b-4bc3-4df7-8a09-765794883524
Michael D Kinney
Qi Zhang
Michael Kubacki
Bret Barkelew
Liming Gao
Long Qin
Zhang, Chao B
David Woodhouse
sfu5
tye1
qlong