Commit Graph

266 Commits

Author SHA1 Message Date
Shenglei Zhang 944bd5cf1d CryptoPkg: Fix coding style
Update attribute "Out" to "out".
The original "Out" can not pass ECC check.

Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-08-19 08:45:29 +08:00
Shenglei Zhang 8906f076de CryptoPkg/OpensslLib: Add missing header files in INF file
The header files are used but missing in INF,which causes
warning message when building them.
https://bugzilla.tianocore.org/show_bug.cgi?id=2036

Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-08-16 11:26:57 +08:00
Jian J Wang 5ab96088ae CryptoPkg/OpensslLib: remove clone commands
https://bugzilla.tianocore.org/show_bug.cgi?id=1910

edk2/Readme.md has added a section to explain the correct clone
commands for submodules. Detailed steps in the OpenSSL-HOWTO.txt
are removed to avoid any inconsistency.

Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2019-08-15 09:56:37 +08:00
Gary West 4b1b7c1913 CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1928

1. Implement OpenSSL HKDF wrapped function in CryptHkdf.c file.
2. Implement stub implementation function in CryptHkdfNull.c file.
3. Add wrapped HKDF function declaration to BaseCryptLib.h file.
4. Add CryptHkdf.c to module information BaseCryptLib.inf file.
5. Add CryptHkdfNull.c to module information PeiCryptLib.inf,
   RuntimeCryptLib.inf and SmmCryptLib.inf

Signed-off-by: Gary West <Gary.West@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Reviewed-by: Jian Wang <jian.j.wang@intel.com>
2019-08-09 09:38:56 +08:00
Zhichao Gao b3d00df69c CryptoPkg/BaseCryptLib: Use cmp-operator for non-Boolean comparisons
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2027

Refer to CSS_2_1 5.7.2.1 "Non-Boolean comparisons must use a
compare operator (==, !=, >, < >=, <=).", use compare operator
for the non-boolean comparisons.

Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-07-31 09:19:43 +08:00
Laszlo Ersek 9e55ce6b75 CryptoPkg/BaseCryptLib: list module-internal header files in INF [Sources]
The BaseTools build feature introduced for TianoCore#1804 / in commit
1fa6699e6c ("BaseTools: Add a checking for Sources section in INF file",
2019-06-10) logs some (non-fatal) warnings about unlisted internal header
files. List those files explicitly.

Note: header files are added in lexicographical order only if the
underlying INF file already keeps the [Sources] and [LibraryClasses]
sections in lexicographical order. Otherwise, header files are added in
rough "logical" order.

Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-07-23 00:20:30 +02:00
Xiaoyu Lu 51f7a3e6c5 CryptoPkg/OpensslLib: Exclude err_all.c in process_files.pl
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1881

Commit(0a1b13fd4d) fix VS2017 build failure
remove useless file in OpensslLib[Crypto].inf,
but we use process_files.pl to generate files.
So exclude err_all.c file in process_files.pl

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-25 16:45:54 +08:00
Xiaoyu Lu b86fbe1f98 CryptoPkg/OpensslLib: disable autoload-config for OpenSSL
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1926

This problem was found by Rebecca Cran <rebecca@bluestop.org>.
REF: https://edk2.groups.io/g/devel/topic/32100684

OpenSSL will automatically load a system config file which configures
default ssl options. In UEFI, It will cause TlsInitialize failed
without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature,
So disable it.

Re-run process_files.py to generate OpensslLib[Crypto].inf files.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Rebecca Cran <rebecca@bluestop.org>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-21 17:25:02 +08:00
Lu, XiaoyuX 90e8f13d51 CryptoPkg/OpensslLib: Fix CR/LF issue
Re-run process_files.py to generate OpensslLib[Crypto].inf.
CryptoPkg/Library/Include/openssl/opensslconf.h is coped from OpenSSL,
So keep the CR/LF style like OpenSSL source file.

Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-21 17:16:52 +08:00
Bret Barkelew a860eb9668 CryptoPkg: Add missing instance for build only
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1900

Add the missing instance to [Components] of dsc file
for build only.

Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-15 03:42:29 +08:00
Lu, XiaoyuX f0718d1d6b CryptoPkg/BaseCryptLib: Wrap OpenSSL SM3 algorithm
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1861

1. Implement OpenSSL SM3 wrapped functions in CryptSm3.c file.
2. Add wrapped SM3 functions declaration to BaseCryptLib.h file.
3. Add CryptSm3.c to each module information file.

Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-08 05:18:41 +08:00
Wang, Jian J 20d2e5a125 CryptoPkg/OpensslLib: fix build break caused by missing library
CryptoPkg\Library\Include\CrtLibSupport.h maps strxxxx interfaces to
edk2 PrintLib interfaces but related module inf file don't claim the
use of it. This will cause unresolved symbol issue with VS2017 build
which has enabled strict symbol check. This patch resolves the problem
by adding PrintLib to inf files.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2019-06-06 12:51:42 +08:00
Xiaoyu Lu 98d8f194e5 CryptoPkg/IntrinsicLib: Fix CLANG38 IA32 build problem
When use clang-3.8 to build the NetworkPkg, compiler optimization
may use memcpy for memory copy. For example:

 CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_rsa.c:918: undefined
 reference to `memcpy'`

Compiler optimization is sophisticated, but we can work around it
use __attribute__((__used__)) to informs the compiler that symbol
should be retained in the object file, even if it may be
unreferenced.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2019-06-06 11:01:50 +08:00
Wang, Jian J 0a1b13fd4d CryptoPkg/OpensslLib: fix VS2017 build failure
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1878

This issue is specific to VS2017 which tries to resolve symbol referenced
by a symbol not really referenced eventually.

ossl_init_load_crypto_strings
-> err_load_crypto_strings_int (not really referenced)
-> ERR_load_OSSL_STORE_strings

Because OPENSSL_NO_ERR and OPENSSL_NO_AUTOERRINIT are not defined by
default, err_load_crypto_strings_int() will not be actually referenced
by ossl_init_load_crypto_strings().

Since err_load_crypto_strings_int() is not actually referenced at all,
the fix can be done simply by removing crypto/err/err_all.c from build.

Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2019-06-05 16:21:35 +08:00
Xiaoyu Lu 466c66341a CryptoPkg: Fix build problem with XCODE
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089

When building CryptoPkg with XCODE, blow error may result

* usr/lib/clang/9.0.0/include/stdatomic.h:105:17:
error: unknown type name 'wchar_t'

Since the C native atomics are C11 feature we can explicitly
use C99 to work around it.
add -std=c99 to avoid it

* openssl/crypto/conf/conf_sap.c:71:12: error: variable 'ret' is
    uninitialized
    when used here [-Werror,-Wuninitialized]

Suppress warnings in OpenSSL so we don't break the build with -Werror.
add -Wno-error=uninitialized to disalbe this warning

Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-04 08:10:14 +08:00
Ard Biesheuvel f03859ea6c CryptoPkg CLANG35: add -std=c99 to dodge OpenSSL C atomics issue
Commit c51f8bae7c ("CryptoPkg: Fix possible build problem with
Clang") added -std=c99 to the CLANG38 compiler command line of
packages that incorporate parts of OpenSSL, to ensure that the new
C atomics code used by OpenSSL for refcounting (which we don't care
about) does not pull in system C library headers, which we cannot
rely on when (cross)building EDK2 code.

Unsurprisingly, CLANG35 (which is only defined for ARM and AARCH64)
suffers from the exact same issue, so let's add the same flags
there as well.

Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2019-06-03 18:33:53 +02:00
Xiaoyu Lu acfb909118 CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1089

OpenSSL internally redefines the size of HMAC_CTX at
crypto/hmac/hmac_lcl.h(OpenSSL commit e0810e35).
Ref: https://github.com/openssl/openssl/pull/4338

We should not use it directly and should remove relevant
functions(Hmac*GetContextSize).
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1792

But for compatiblility, temporarily change these definition
of HMAC_*_CTX_SIZE.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-03 08:28:03 +08:00
XiaoyuX Lu 456dd8b99f CryptoPkg: Upgrade OpenSSL to 1.1.1b
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089

* Update OpenSSL submodule to OpenSSL_1_1_1b
   OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687)

* Run process_files.pl script to regenerate OpensslLib[Crypto].inf
  and opensslconf.h

* Remove -DNO_SYSLOG from OPENSSL_FLAGS in OpensslLib[Crypto].inf,
  due to upstream OpenSSL commit cff55b90e95e("Cleaning UEFI
  Build with additional OPENSSL_SYS_UEFI flags", 2017-03-29),
  which was first released as part of OpenSSL_1_1_1.

* Starting with OpenSSL commit 8a8d9e1905(first release in
  OpenSSL_1_1_1), the OpenSSL_version() function can no longer
  return a pointer to the string literal "compiler: information
  not available", in the case CFLAGS macro is not defined.
  Instead, the function now has a hard dependency on the global
  variable 'compiler_flags'. This variable is normally placed
  by "util/mkbuildinf.pl" into "buildinf.h". In edk2 we don't
  run that script whenever we build OpenSSL, therefore we
  must provide our own dummy 'compiler_flags'.

* BUFSIZ is used by crypto/evp/evp_key.c(OpenSSL_1_1_1b)
  And it is declared in stdio.h. So add it to CrtLibSupport.h.
  Here's a discussion about this.
  Ref: https://github.com/openssl/openssl/issues/8904

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-03 08:28:03 +08:00
XiaoyuX Lu b739678918 CryptoPkg/OpensslLib: Add functions for upgrading OpenSSL1_1_1b
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089

* From OpenSSL_1_1_0i(97c0959f27b294fe1eb10b547145ebef2524b896) to
  OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687), OpenSSL
  updated DRBG / RAND to request nonce and additional low entropy
  randomness from system(line 229 openssl/CHANGES).

  Since OpenSSL_1_1_1b doesn't fully implement rand pool functions
  for UEFI. We must provide a method to implenet these method.
  TSC is used as first entropy source if it's availabe otherwise
  fallback to TimerLib. But we are not sure the amount of randomness
  they provide. If you really care about the security, one choice is
  overrided it with hardware generator.

  Add rand_pool.c to implement these functions required by OpenSSL
    rand_pool_acquire_entropy
    rand_pool_add_nonce_data
    rand_pool_add_additional_data
    rand_pool_init
    rand_pool_cleanup
    rand_pool_keep_random_devices_open

  And add rand_pool_noise.* for getting entropy noise from different
  architecture.

* We don't need ossl_store functions. We exclude relative files
  through process_files.pl. And ossl_store_cleanup_int was first
  added in crypto/init.c OpenSSL_1_1_1(71a5516d).
  So add a new file(ossl_store.c) to implement ossl_store_cleanup_int
  function.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Tested-by: Gary Lin <glin@suse.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-03 08:28:02 +08:00
XiaoyuX Lu c51f8bae7c CryptoPkg: Fix possible build problem with Clang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089

When building CryptoPkg with Clang, blow error may result

* /usr/lib/llvm-3.8/lib/clang/3.8.0/include/stdatomic.h:105:17: error:
    unknown type name 'wchar_t'

Since the C native atomics are C11 feature we can explicitly
use C99 to work around it.
add -std=c99 to avoid it

* openssl/crypto/conf/conf_sap.c:71:12: error: variable 'ret' is
  uninitialized
  when used here [-Werror,-Wuninitialized]

Suppress warnings in OpenSSL so we don't break the build with -Werror.
add -Wno-error=uninitialized to disalbe this warning

Cc: Ting Ye <ting.ye@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-03 08:28:02 +08:00
Laszlo Ersek 9c3c5c91ce CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1089

Thanks Laszlo Ersek <lersek@redhat.com>.
Ref: https://edk2.groups.io/g/devel/message/40375

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-03 08:28:02 +08:00
XiaoyuX Lu 5db2fbff23 CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089

Disable warning for building OpenSSL_1_1_1b

add /wd4132 /wd4700 /wd4310 for Visual Studio in OpensslLib[Crypto].inf

add -Wno-error=unused-but-set-variable for GCC in OpensslLib[Crypto].inf
Although this option is set in some build environments by default.
But this is only for OpenSSL compilation, no matter how the
default options change.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-03 08:28:01 +08:00
Xiaoyu Lu 96dbfad9b0 CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089

This is for the upcoming upgrade to OpenSSL_1_1_1b

Compiler optimization(Visual Studio) may automatically use _ftol2
instead of some type conversion. For example:

 OpensslLib.lib(drbg_lib.obj) : error LNK2001:
    unresolved external symbol __ftol2

This patch add _ftol2 function for the compiler intrinsic.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Tested-by: Gary Lin <glin@suse.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-03 08:28:01 +08:00
Xiaoyu Lu 7eee048894 CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089

When running process_files.py to configure OpenSSL, we can exclude
some unnecessary files. This can reduce porting time, compiling
time and library size.

Upstream OpenSSL commit 71a5516dcc8a which was as part of
OpenSSL_1_1_1b, Add the STORE module(crypto/store/*).
But UEFI don't use them. So exclude these files.

Functions in crypto/rand/randfile.c OpenSSL and edk2 don't
call them. And it requires more crt runtime support.
So exclude it.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-03 08:28:00 +08:00
Xiaoyu Lu 6fcc3d68eb CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089

OpenSSL configure mechanism use --with-rand-seed=xxx option to configure
random number generation.

OpenSSL_1_1_0j(74f2d9c1ec5f5510e1d3da5a9f03c28df0977762)
we use default --with-rand-seed=os option to for building it.

But OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687)
only support seeding NONE for UEFI(rand_unix.c line 93).

This OpenSSL change was introduced in commit
8389ec4b4950 ("Add --with-rand-seed", 2017-07-22).

So add --with-rand-seed=none to process_files.pl.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-03 08:28:00 +08:00
Jian J Wang c2eab535c6 CryptoPkg/BaseCryptLib: remove unused code for IPF
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1805

CryptRandItc.c is only for IPF arch, which has not been supported any
more in edk2. And no module actually reference this file. This patch
just removes it from tree.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2019-05-17 13:13:41 +08:00
Zhichao Gao 038f929c92 CryptoPkg/BaseCryptLib: Remove the blank line in the comments
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1736

For accroding with the doxygen special documention blocks
in section 2.3.5, removing the blank line in the file comments
of the file header for PeiCryptLib.inf

Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jian Wang <jian.j.wang@intel.com>
2019-04-29 17:07:12 +08:00
rebecca via Groups.Io 1a734ed85f CryptoPkg: add issetugid declaration to fix openssl build on FreeBSD
When building OpenSSL, the OpenBSD/FreeBSD/DFBSD code in crypto/uid.c
calls issetugid(). Add the declaration of this function to
CrtLibSupport.h to avoid the need to patch the openssl code on these
platforms.

Signed-off-by: Rebecca Cran <rebecca@bluestop.org>
Reviewed-by: Jian Wang <jian.j.wang@intel.com>
2019-04-24 16:31:11 +08:00
Bret Barkelew 933f1990f5 CryptoPkg/BaseCryptLib: Add PKCS1v2 (RSAES-OAEP) support.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1403

Add support for PKCS 1v2 RSAES-OAEP PKI encryption in BaseCryptLib.

Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Gang Wei <gang.wei@intel.com>
Cc: Wang Jian J <jian.j.wang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-04-18 13:11:22 +08:00
Bret Barkelew aed90beee5 CryptoPkg/BaseCryptLib.h: Add PKCS1v2 (RSAES-OAEP) support.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1403

Add prototype of new API Pkcs1v2Encrypt in header file to
support PKCS1v2 (RSAES-OAEP) encrypt.

Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Gang Wei <gang.wei@intel.com>
Cc: Wang Jian J <jian.j.wang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-04-18 13:11:21 +08:00
Bret Barkelew 23c3178c4d CryptoPkg/BaseCryptLib: Add new API VerifyEKUsInPkcs7Signature
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1402

Add the API VerifyEKUsInPkcs7Signature to check if x509 cert
has any or all EKUs.

Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Gang Wei <gang.wei@intel.com>
Cc: Wang Jian J <jian.j.wang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-04-18 13:11:21 +08:00
Bret Barkelew 1796a39493 CryptoPkg/BaseCryptLib.h: Add new API VerifyEKUsInPkcs7Signature
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1402

Add a prototype of new API VerifyEKUsInPkcs7Signature.

Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Gang Wei <gang.wei@intel.com>
Cc: Wang Jian J <jian.j.wang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-04-18 13:11:20 +08:00
Bret Barkelew 912e1e1ee2 CryptoPkg/BaseCryptLib: Add new API to get organization name
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1401

Implement a common function to get the NID name. And use
this function to get common name and organization name.

Add a null function API X509GetOrganizationName of null
function source file.

Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Gang Wei <gang.wei@intel.com>
Cc: Wang Jian J <jian.j.wang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-04-18 13:11:20 +08:00
Bret Barkelew e2a673b853 CryptoPkg/BaseCryptLib.h: Add new API to get organization name
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1401

Add a prototype declaration of the new API X509GetOrganizationName
in the header file.

Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Gang Wei <gang.wei@intel.com>
Cc: Wang Jian J <jian.j.wang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-04-18 13:11:19 +08:00
Michael D Kinney 2009f6b4c5 CryptoPkg: Replace BSD License with BSD+Patent License
https://bugzilla.tianocore.org/show_bug.cgi?id=1373

Replace BSD 2-Clause License with BSD+Patent License.  This change is
based on the following emails:

  https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html
  https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html

RFCs with detailed process for the license change:

  V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html
  V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html
  V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-04-09 09:10:22 -07:00
Shenglei Zhang fcc61ca4b1 CryptoPkg/IntrinsicLib: Remove .S files for IA32 arch
.nasm file has been added for X86 arch. .S assembly code
is not required any more.
https://bugzilla.tianocore.org/show_bug.cgi?id=1594

Cc: Ting Ye <ting.ye@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2019-04-03 13:27:44 +08:00
Antoine Coeur 2a784a2cc3 CryptoPkg: Fix various typos
Fix various typos in CryptoPkg.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Coeur <coeur@gmx.fr>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-02-11 11:09:44 +08:00
Jian J Wang cc01b26e05 CryptoPkg/BaseCryptLib: split CryptPkcs7Verify.c on behalf of runtime
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1493

Pkcs7GetAttachedContent() implementation in current CryptPkcs7Verify.c
is actually shared by RuntimeCryptLib.inf, SmmCryptLib.inf and
BaseCryptLib.inf, which are not correct since there's no use scenario
for runtime and AllocatePool() used in this method can only be called
in boot time.

This patch fix this issue by splitting file CryptPkcs7Verify.c into 3 parts.

  CryptPkcs7VerifyCommon.c  (shared among Base, SMM, Runtime)
  CryptPkcs7VerifyBase.c    (shared between Base, SMM)
  CryptPkcs7VerifyRuntime.c (for Runtime only)

CryptPkcs7VerifyBase.c will have original implementation of
Pkcs7GetAttachedContent() as CryptPkcs7Verify.c. CryptPkcs7VerifyRuntime.c
provide a NULL version of Pkcs7GetAttachedContent().

No functionality and interface change is involved in this patch.

Cc: Ting Ye <ting.ye@intel.com>
Cc: Qin Long <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
2019-01-31 21:25:05 +08:00
Ard Biesheuvel 2c010aba22 CryptoPkg/SmmCryptLib: permit use by MM_STANDALONE modules
Permit SmmCryptLib to be used by MM_STANDALONE modules

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-01-21 13:42:49 +01:00
Laszlo Ersek 300b8c5f15 CryptoPkg/BaseCryptLib: drop build flags specific to GCC44
We've removed BaseTools support for GCC44..GCC47. Drop
CryptoPkg/BaseCryptLib build flags that are specific to any of those gcc
versions.

No GCC44..GCC47 references remain under CryptoPkg after this patch.

Cc: Gang Wei <gang.wei@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1377
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2019-01-08 02:39:43 +01:00
Jian J Wang a18f784cfd Upgrade OpenSSL to 1.1.0j
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1393

BZ#1089 (https://bugzilla.tianocore.org/show_bug.cgi?id=1089) requests
to upgrade the OpenSSL to the latest 1.1.1 release. Since OpenSSL-1.1.1
has many changes, more porting efforts and feature evaluation are needed.
This might lead to a situation that it cannot catch the Q1'19 stable tag.

One of the solution is upgrade current version (1.1.0h) to 1.1.0j.
According to following web page in openssl.org, all security issues
solved in 1.1.1 have been also back-ported to 1.1.0.j. This can make
sure that no security vulnerabilities left in edk2 master before 1.1.1.

https://www.openssl.org/news/vulnerabilities-1.1.1.html

Cc: Ting Ye <ting.ye@intel.com>
Cc: Gang Wei <gang.wei@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Gang Wei <gang.wei@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
2018-12-21 10:07:42 +08:00
Jian J Wang 366a7672cf CryptoPkg/IntrinsicLib: add missing BaseLib declaration
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=596

BaseLib interfaces are used in this library but not declared in module's
inf file. This patch fix this situation to keep inf and its code in
consistency. No functionality or interface change are involved.

Cc: Qin Long <qin.long@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2018-12-10 11:02:47 +08:00
Long Qin 269f3b5180 CryptoPkg/BaseCryptLib: Fix potential integer overflow issue.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1275

The LookupFreeMemRegion() in RuntimeMemAllocate.c is used to look-up
free memory region for runtime resource allocation, which was designed
to support runtime authenticated variable service.
The ReqPages in this function is the required pages to be allocated,
which depends on the malloc() call in internal OpenSSL routines. The
direct offset subtractions on ReqPages may bring possible integer
overflow issue.

This patch is to add the extra parameter checks to remove this possible
overflow risk.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2018-10-31 11:07:53 +08:00
Chen A Chen 94d67262d8 CryptoPkg: Removing ipf which is no longer supported from edk2.
Removing rules for Ipf sources file:
* Remove the source file which path with "ipf" and also listed in
  [Sources.IPF] section of INF file.
* Remove the source file which listed in [Components.IPF] section
  of DSC file and not listed in any other [Components] section.
* Remove the embedded Ipf code for MDE_CPU_IPF.

Removing rules for Inf file:
* Remove IPF from VALID_ARCHITECTURES comments.
* Remove DXE_SAL_DRIVER from LIBRARY_CLASS in [Defines] section.
* Remove the INF which only listed in [Components.IPF] section in DSC.
* Remove statements from [BuildOptions] that provide IPF specific flags.
* Remove any IPF sepcific sections.

Removing rules for Dec file:
* Remove [Includes.IPF] section from Dec.

Removing rules for Dsc file:
* Remove IPF from SUPPORTED_ARCHITECTURES in [Defines] section of DSC.
* Remove any IPF specific sections.
* Remove statements from [BuildOptions] that provide IPF specific flags.

The following rules are specially proposed by package owner:
* Remove whole "CryptRuntimeDxe" folder which was designed for IPF.
* Remove whole "Include/Protocol" folder
* Update .Dec and .Dsc file accordingly.

Cc: Qin Long <qin.long@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2018-09-25 23:40:41 +08:00
Liming Gao 630f67ddfe CryptoPkg: Clean up source files
1. Do not use tab characters
2. No trailing white space in one line
3. All files must end with CRLF

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
2018-06-28 11:19:40 +08:00
Zhang, Chao B d69e8a7b79 CryptoPkg PeiCryptLib: Enable SHA384/512 support
Enable SHA384/512 support in PEI phase.

Cc: Long Qin <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2018-06-08 10:55:53 +08:00
Long Qin 0b6457efab CryptoPkg: Remove deprecated function usage in X509GetCommonName()
BZ#: https://bugzilla.tianocore.org/show_bug.cgi?id=923

X509_NAME_get_text_by_NID() used in X509GetCommonName() implementation
is one legacy function which have various limitations. The returned
data may be not usable  when the target cert contains multicharacter
string type like a BMPString or a UTF8String.
This patch replaced the legacy function usage with more general
X509_NAME_get_index_by_NID() / X509_NAME_get_entry() APIs for X509
CommonName retrieving.

Tests: Validated the commonName retrieving with test certificates
       containing PrintableString or BMPString data.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2018-06-05 10:16:03 +08:00
Laszlo Ersek ee3198e672 CryptoPkg/CrtLibSupport: add secure_getenv() stub function
The Fedora distro ships a modified OpenSSL 1.1.0 package stream. One of
their patches calls the secure_getenv() C library function. We already
have a stub for getenv(); it applies trivially to secure_getenv() as well.
Add the secure_getenv() stub so that edk2 can be built with Fedora's
OpenSSL 1.1.0 sources.

Cc: Qin Long <qin.long@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2018-05-08 13:29:06 +02:00
Laszlo Ersek e31fe995b8 CryptoPkg/OpensslLib: remove OpenSSL version number from OpenSSL-HOWTO.txt
Remove any concrete OpenSSL version numbers from "OpenSSL-HOWTO.txt". That
information is out of date and there's no reason for us to refresh it:

We now track stable OpenSSL releases via a git submodule. CryptoPkg
maintainers push such submodule updates to edk2 that identify the correct
stable releases of OpenSSL. "OpenSSL-HOWTO.txt" already provides
instructions to users for updating their local submodules.

Cc: Qin Long <qin.long@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2018-04-26 12:46:27 +02:00
Long Qin b85b20fba4 CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h
(https://bugzilla.tianocore.org/show_bug.cgi?id=927)

(V2 Update:
    Removing the wrong "--remote" option from git submodule update
    command in this commit message. Thanks Laszlo's clarification
    to correct this)

Update OpenSSL version to 1.1.0h release (27-Mar-2018) to include the
fix for CVE-2018-0739 issue (Handling of crafted recursive ASN.1
structures can cause a stack overflow and resulting denial of service,
Refer to https://www.openssl.org/news/secadv/20180327.txt for more
information).

Please note "git pull" will not update the submodule repository.
use the following commend to make your existing submodule track this
update:
   $ git submodule update --recursive

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
2018-04-15 21:08:37 +08:00