REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1493
Pkcs7GetAttachedContent() implementation in current CryptPkcs7Verify.c
is actually shared by RuntimeCryptLib.inf, SmmCryptLib.inf and
BaseCryptLib.inf, which are not correct since there's no use scenario
for runtime and AllocatePool() used in this method can only be called
in boot time.
This patch fix this issue by splitting file CryptPkcs7Verify.c into 3 parts.
CryptPkcs7VerifyCommon.c (shared among Base, SMM, Runtime)
CryptPkcs7VerifyBase.c (shared between Base, SMM)
CryptPkcs7VerifyRuntime.c (for Runtime only)
CryptPkcs7VerifyBase.c will have original implementation of
Pkcs7GetAttachedContent() as CryptPkcs7Verify.c. CryptPkcs7VerifyRuntime.c
provide a NULL version of Pkcs7GetAttachedContent().
No functionality and interface change is involved in this patch.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Qin Long <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
openssl/include/openssl/lhash.h will bring C4090 build warning
issue, which is one known issue for OpenSSL under Visual Studio
toolchain.
Refer to https://github.com/openssl/openssl/issues/2214 for more
discussions against this.
Use /wd4090 to silence this build warning until OpenSSL fix this.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Cleaning-up CRT Library Wrapper for the third-party cryptography
library building. The changes includes
1. Rename OpenSslSupport.h to CrtLibSupport.h for future alternative
crypto provider support.
2. Remove all un-referenced CRT APIs and headers.
(NOTE: More cleans-up could be possible after OpenSSL integrate the
extra PR request: https://github.com/openssl/openssl/pull/2961)
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
We were manually setting -DSIXTY_FOUR_BIT_LONG or -DTHIRTY_TWO_BIT on
the compiler command line when building OpensslLib itself, but not when
building BaseCryptLib.
But when building BaseCryptLib, we weren't setting OPENSSL_SYS_UEFI
*either*. This meant that *that* build was picking up the definition
from <openssl/opensslconf.h>, and was thus *different* to the version
the library was built with, in some cases.
So set OPENSSL_SYS_UEFI consistently in OpensslSupport.h and *also*
define either SIXTY_FOUR_BIT or THIRTY_TWO_BIT there too.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18706 6f19259b-4bc3-4df7-8a09-765794883524
OpenSSL 1.1 introduces new OBJ_get0_data() and OBJ_length() accessor
functions and makes ASN1_OBJECT an opaque type.
Unlike the accessors in previous commits which *did* actually exist
already but just weren't mandatory, these don't exist in older versions
of OpenSSL. So introduce macros which do the right thing, for
compatibility.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18701 6f19259b-4bc3-4df7-8a09-765794883524
1. Add input length check for several APIs in BaseCryptLib.
2. Add return status check when calling OpensslLib functions
3. Adjust BaseCryptLib API to match description of wrapped OpensslLib API.
4. Update INF file to add missed RuntimeServicesTableLib.
5. Fix return status issue of APIs in CryptX509.c that incorrect when error occurs.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13579 6f19259b-4bc3-4df7-8a09-765794883524
Michael D Kinney
Jian J Wang
Qin Long
David Woodhouse
tye1
qlong