Commit Graph

23 Commits

Author SHA1 Message Date
Qin Long 0f5f6b3db7 [CryptoPkg] Correct one typo in the API comments.
Correct one typo (SingerChainCerts --> SignerChainCerts) in the comments
for Pkcs7GetCertificatesList() API.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Shumin Qiu <shumin.qiu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18944 6f19259b-4bc3-4df7-8a09-765794883524
2015-11-25 08:34:57 +00:00
Qin Long 45419de6ca CryptoPkg: Add one new API (Pkcs7GetCertificatesList) for certs retrieving.
Adding one new API (Pkcs7GetCertificatesList) to retrieve and sort all
embedded certificates from Pkcs7 signedData. This new API will provide
the support for UEFI 2.5 Secure-Boot AuditMode feature.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18729 6f19259b-4bc3-4df7-8a09-765794883524
2015-11-05 08:50:39 +00:00
David Woodhouse 3b21958bf2 CryptoPkg: Fix OpenSSL BN wordsize and OPENSSL_SYS_UEFI handling
We were manually setting -DSIXTY_FOUR_BIT_LONG or -DTHIRTY_TWO_BIT on
the compiler command line when building OpensslLib itself, but not when
building BaseCryptLib.

But when building BaseCryptLib, we weren't setting OPENSSL_SYS_UEFI
*either*. This meant that *that* build was picking up the definition
from <openssl/opensslconf.h>, and was thus *different* to the version
the library was built with, in some cases.

So set OPENSSL_SYS_UEFI consistently in OpensslSupport.h and *also*
define either SIXTY_FOUR_BIT or THIRTY_TWO_BIT there too.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18706 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-29 14:17:15 +00:00
Qin Long 5c4a3795a5 CryptoPkg: Replace string wrapper functions with safe string functions
EDKII core suggests to retire unsafe string functions. This patch is to
replace string wrapper functions with new-added safe string functions
for consistency.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18385 6f19259b-4bc3-4df7-8a09-765794883524
2015-09-02 08:12:39 +00:00
Qin Long 9e8841b4f8 CryptoPkg: Add a missed include file to fix the possible build issue.
Add a missed include file (UefiBaseType.h) into BaseCryptLib.h, since
EFI_TIME was introduced in the new crypto API (ImageTimestampVerify).

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18255 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-20 08:49:31 +00:00
Qin Long 952bd22918 CryptoPkg: Add some comments for API usage clarification.
This patch adds some comments for API usage clarification, and
adds one object initialization in X509ConstructCertificateStack
implementation to fix possible memory release issue.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17671 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-19 02:46:51 +00:00
Qin Long afeb55e4a6 CryptoPkg: Add one new API for PKCS7 Verification Protocol Support
This patch adds one new API (Pkcs7GetAttachedContent) to support
PKCS7 Verification Protocol defined in UEFI 2.5.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17669 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-19 02:44:20 +00:00
Qin Long 1463ce18ca CryptoPkg: Wrapper files updates to support openssl-1.0.2c
This patch updates some support header and wrapper files to support
openssl-1.0.2c build, and correct some openssl API usages and
boundary check.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17635 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-16 00:54:16 +00:00
Long, Qin 12d95665cb Correct the Hash Calculation for Revoked X.509 Certificate to align with RFC3280 and UEFI 2.4 Spec.
This patch added one new X509GetTBSCert() interface in BaseCryptLib to retrieve the TBSCertificate, 
and also corrected the hash calculation for revoked certificate to aligned the RFC3280 and UEFI 2.4 spec.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Long, Qin" <qin.long@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@initel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16559 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-25 08:37:08 +00:00
Laszlo Ersek afc18ead28 CryptoPkg: OpenSslSupport.h: edk2-ize offsetof() macro for gcc-4.8 / X64
Code added in SVN r16339 ("CryptoPkg Updates to support RFC3161 timestamp
signature verification.") introduced many new uses of the offsetof()
macro. Since the offsetof() macro in "OpenSslSupport.h" casts a pointer to
an "int", it triggers a large number of

  error: cast from pointer to integer of different size
  [-Werror=pointer-to-int-cast]

errors when building CryptoPkg with gcc-4.8 for X64.

Remedy this by directing offsetof() to the OFFSET_OF() macro in
"MdePkg/Include/Base.h" (which matches how "OpenSslSupport.h" resolves the
va_*() macros too).

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Laszlo Ersek <lersek@redhat.com>

Build-tested-by: Scott Duplichan <scott@notabs.org>

Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>

Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16388 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-14 10:24:33 +00:00
Qin Long 2ac68e8b54 CryptoPkg Updates to support RFC3161 timestamp signature verification.
The main changes includes:
1. Enabling SHA384 and SHA512 digest algorithm; (Sha512.c)
2. RFC 3161 timestamp signature verification support; (CryptTs.c)
3. Fixed one ASN.1 length encoding issue in Authenticode verification routine. (CryptAuthenticode.c)
4. Add the corresponding test cases in Cryptest utility (SHA384 & SHA512 & Timestamp verification)

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Qin Long <qin.long@intel.com> 
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16339 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-12 08:51:45 +00:00
tye1 8c5720b465 Fix issue that RsaPkcs1Verify() may not work in PEI phase.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13958 6f19259b-4bc3-4df7-8a09-765794883524
2012-11-22 05:07:22 +00:00
tye1 dda39f3a58 Fix several issues in BaseCryptLib:
1. Add input length check for several APIs in BaseCryptLib.
2. Add return status check when calling OpensslLib functions
3. Adjust BaseCryptLib API to match description of wrapped OpensslLib API.
4. Update INF file to add missed RuntimeServicesTableLib.
5. Fix return status issue of APIs in CryptX509.c that incorrect when error occurs.

Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13579 6f19259b-4bc3-4df7-8a09-765794883524
2012-08-02 02:49:24 +00:00
tye1 6b8ebcb8de Fix some typo and coding style issues in BaseCryptLib instances.
Signed-off by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu, Siyuan <Siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13564 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-27 07:49:42 +00:00
tye1 532616bbd6 Add interfaces to several library instances of BaseCryptLib.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>




git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13539 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-18 09:32:05 +00:00
tye1 e8b4eb0417 Add two new interfaces Pkcs7GetSigners and Pkcs7FreeSigners to BaseCryptLib.
Signed-off by: tye1
Reviewed-by: geekboy15a
Reviewed-by: sfu5
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13158 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-31 04:49:02 +00:00
sfu5 16d2c32c4d 1. Remove conducting ASSERT in BaseCryptLib.
Signed-off-by: sfu5
Reviewed-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13110 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-19 05:52:16 +00:00
tye1 b7d320f811 Add new interfaces to support PKCS7#7 signed data and authenticode signature. Update Cryptest to validate functionality of new interfaces.
Signed-off-by: tye1
Reviewed-by: hhuan13
Reviewed-by: qlong


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12142 6f19259b-4bc3-4df7-8a09-765794883524
2011-08-16 06:46:52 +00:00
jljusten c61fb9c8a4 CryptoPkg OpenSslSupport.h: Do not instantiate data in an include file
Include files should never instantiate data.  Data should only
be referenced as an 'extern' within include files.

The previous code would generate a GCC warning, since the static
data items were not always referenced.

Signed-off-by: jljusten
Reviewed-by: qlong

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11608 6f19259b-4bc3-4df7-8a09-765794883524
2011-05-04 00:56:11 +00:00
qlong 8e01b449de Patch from open source community for CryptoPkg to allow it to build for ARM using the RVCT toolchain.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11565 6f19259b-4bc3-4df7-8a09-765794883524
2011-04-19 16:25:31 +00:00
qlong 4a567c9690 1. Add new API supports for PEM & X509 key retrieving & verification;
2. Add new MD4 hash supports;
3. Add corresponding test case in Cryptest utility;
4. Fix MACRO definition issue in OpensslLib.inf and parameter checking issues in some wrapper implementations.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11214 6f19259b-4bc3-4df7-8a09-765794883524
2010-12-31 07:22:48 +00:00
qlong a8c4464502 Update CryptoPkg for new ciphers (HMAC, Block Cipher, etc) supports.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10997 6f19259b-4bc3-4df7-8a09-765794883524
2010-11-02 06:06:38 +00:00
hhtian 97f98500c1 Add CryptoPkg (from UDK2010.UP3)
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10987 6f19259b-4bc3-4df7-8a09-765794883524
2010-11-01 06:30:58 +00:00