summaryrefslogtreecommitdiffstats
path: root/CryptoPkg
Commit message (Collapse)AuthorAgeFilesLines
* CryptoPkg/SmmCryptLib: Enable AES support for SMM.Qin Long2016-05-161-3/+3
| | | | | | | | | Enable AES cipher support for SmmCryptLib instance. Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
* CryptoPkg: Fix the potential system hang issueJiaxin Wu2016-03-151-12/+17
| | | | | | | | | | | | This patch is used to fix the potential system hang caused by the NULL 'time' parameter usage. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Long Qin <qin.long@intel.com> Cc: Ye Ting <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
* CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2gQin Long2016-03-117-79/+56
| | | | | | | | | | | | | | | | OpenSSL 1.0.2g was released with several severity fixes at 01-Mar-2016(https://www.openssl.org/news/secadv/20160301.txt). Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to catch the latest release 1.0.2g. (NOTE: RT4175 from David Woodhouse was included in 1.0.2g. The new-generated patch will remove this part. And the line endings were still kept as before in this version for consistency) CC: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
* CryptoPkg/OpensslLib: Convert saved opensslconf.h to DOS line endingsDavid Woodhouse2016-03-111-2/+3
| | | | | | | | | | | Until we fix the git repository to store line endings properly and then just check them out in the appropriate form for the platform, let's make process_files.sh convert the opensslconf.h to DOS line endings when it creates it. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
* CryptoPkg/OpensslLib: Fix CRLF breakage in process_files.shDavid Woodhouse2016-03-051-97/+97
| | | | | | | | | | | | | | | | | | | | | | This got broken in committing, due to a catalogue of broken practices. Firstly, we should *pull* git submissions, never recommit them. You preserve the correct history then, and don't risk rebasing to result in a history which *never* worked in the form that gets preserved. That would have kept the authorship attrbution correct too. Secondly, we shouldn't be storing CRLF line endings in the objects that git stores in its database. It is designed to store simple LF line endings, and then check that out as appropriate for the system (resulting in CRLF in the working tree for Windows users, as they expect). That would avoid this problem, and all the other problems we have with patches being exchanged. Make it executable too, which also got lost in the commit mess. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
* CryptoPkg/OpensslLib: Automatically configure OpenSSL and generate file listQin Long2016-03-053-378/+120
| | | | | | | | | | | | | OpenSSL 1.1 (as well as our backport to 1.0.2) now allows us to run its standard Configure script and import the result into the EDK II source repository for others to build natively. The opensslconf.h file and the list of files in OpensslLib.inf don't need to be managed manually. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
* CryptoPkg/OpensslLib: Fix OpenSSL link failures on Windows (RT#4310)Qin Long2016-03-051-0/+80
| | | | | | | | | | | | | This is pull request #755 for OpenSSL 1.1, along with a little extra fix in the RSA_NET code which has been removed from 1.1 so we can't fix it there. https://github.com/openssl/openssl/pull/755 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
* CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3969Qin Long2016-03-051-3/+35
| | | | | | | | | | | | | | | | | Support for the UEFI target has been added to OpenSSL in commit 4d60c7e10. Drop our partial implementation and use a backported version of what's upstream. This includes a couple of fixes which will be needed when we automatically generate the file list and opensslconf.h instead of manually maintaining those. This includes the subsequent fix in commit fb4844bbc. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
* CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3992Qin Long2016-03-051-2/+69
| | | | | | | | | | | | Instead of commenting out the Signed Certificate Timestamps purely based on the OPENSSL_SYS_UEFI flag, OpenSSL 1.1 supports a no-sct configuration option, added in commit 05d7bf6c5. Drop our own hack and use that. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
* CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3951Qin Long2016-03-051-0/+28
| | | | | | | | | | | | A more complete implementation of the X509_V_FLAG_NO_CHECK_TIME flag was added to OpenSSL 1.1 as commit d35ff2c0a. Drop our own version and use a backport of what was committed upstream. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
* CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3674Qin Long2016-03-051-26/+147
| | | | | | | | | | | | A more complete fix for the no-cms configuration has been added to OpenSSL 1.1 as commit e968561d5. Drop our own version and use a backport of what was committed upstream. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
* CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3955Qin Long2016-03-051-19/+137
| | | | | | | | | | | | | | | A different fix for the excessive stack usage has been merged into OpenSSL 1.1 as commit 8e704858f. Drop our own version and use a backport of what was committed upstream. Note: This requires the free() function to work correctly when passed a NULL argument (qv). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
* CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3628Qin Long2016-03-052-17/+652
| | | | | | | | | | | | A complete implementation of the no-filenames configuration option was added to OpenSSL 1.1 in commit 02f7114a7. Drop our own version and use a backport of what was committed upstream. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
* CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3964Qin Long2016-03-051-42/+768
| | | | | | | | | | | | | | | | | | Extensive fixes for the no-stdio configuration have been merged into OpenSSL 1.1, primarily in commit 984d6c605. The backport to 1.0.2 is slightly different because we still have a mixture of no-fp-api and no-stdio in 1.0.2, although they are hopelessly intertwined. Nevertheless, drop our own original version and switch to a backported version of what went into 1.1. This includes subsequent fixes in commit c0cf5b84d for the TS code. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
* CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#4175Qin Long2016-03-051-11/+28
| | | | | | | | | | | | A different fix for the PKCS7_verify() regression on Authenticode signatures has landed in the OpenSSL 1.0.2 branch as commit c436c990f and will be present in the 1.0.2g release. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
* CryptoPkg/OpensslLib: Regenerate OpenSSL patchQin Long2016-03-052-146/+159
| | | | | | | | | | | | | | | | | All the OpenSSL changes we carry in our EDKII_openssl patch for 1.0.2 are now merged into upstream OpenSSL and will be in the upcoming 1.1 release. As a first step towards switching out our original hacks for backported versions of the commits which were actually accepted into OpenSSL 1.1, just regenerate the *existing* patch against the 1.0.2f release using 'git diff'. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
* CryptoPkg/OpensslLib: Include complete copy of opensslconf.hQin Long2016-03-054-322/+477
| | | | | | | | | | | | | | | This can be an auto-generated file, and it *isn't* in the OpenSSL git tree; it's only in the generated tarballs. So rather than including it in our OpenSSL patch, just have the user copy it into place. This makes it easier to manage changes, and is a step towards better integration. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
* CryptoPkg: Use OpenSSL include directory directlyQin Long2016-03-054-152/+154
| | | | | | | | | | | | | | | | | | | | The standard OpenSSL 1.0.2 configuration and build process will already symlink or copy the necessary header files to the include/openssl/ directory within the OpenSSL source tree. When we transition to OpenSSL 1.1 it won't even be necessary to link or copy the files there; they have just been moved outright. So let's use them from there. Change the include directory specified in CryptoPkg/CryptoPkg.dec, and modify the Install.cmd and Install.sh scripts to copy the files to the normal directory within the OpenSSL source tree, instead of CryptoPkg/Include/openssl/. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
* CryptoPkg: RuntimeCryptLib: support realloc(NULL, size)Laszlo Ersek2016-02-251-0/+4
| | | | | | | | | | | | | | | | | The ISO C standard says about realloc(), If ptr is a null pointer, the realloc function behaves like the malloc function for the specified size. The realloc() implementation doesn't conform to this currently, so add a check and call malloc() if appropriate. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Qin Long <qin.long@intel.com> Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
* CryptoPkg: RuntimeCryptLib: support free(NULL)Laszlo Ersek2016-02-251-1/+7
| | | | | | | | | | | | | | | | | The ISO C standard says about free(), If ptr is a null pointer, no action occurs. This is not true of the RuntimeFreeMem() internal function. Therefore we must not forward the argument of free() to RuntimeFreeMem() without checking. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Qin Long <qin.long@intel.com> Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
* CryptoPkg: BaseCryptLib: support free(NULL)Laszlo Ersek2016-02-251-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | The ISO C standard says about free(), If ptr is a null pointer, no action occurs. This is not true of the FreePool() interface of the MemoryAllocationLib class: Buffer must have been allocated on a previous call to the pool allocation services of the Memory Allocation Library. [...] If Buffer was not allocated with a pool allocation function in the Memory Allocation Library, then ASSERT(). Therefore we must not forward the argument of free() to FreePool() without checking. This bug can be triggered by upstream OpenSSL commit 8e704858f219 ("RT3955: Reduce some stack usage"), for example. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Qin Long <qin.long@intel.com> Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
* CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2fQin Long2016-02-235-49/+48
| | | | | | | | | | | | | OpenSSL has released version 1.0.2f with two security fixes (http://www.openssl.org/news/secadv/20160128.txt) at 28-Jan-2016. Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to catch the latest release 1.0.2f. (NOTE: The patch file was just re-generated, and no new source changes was introduced for 1.0.2f enabling) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
* CryptoPkg: Fix function qsort for non 32-bit machinesKaryne Mayer2016-01-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Although the function qsort receives as an argument a "compare" function which returns an "int", QuickSortWorker (the function used internally by qsort to do its job) receives as an argument a "CompareFunction" which returns an "INTN". In a 32-bit machine, "INTN" is defined as "INT32", which is defined as "int" and everything works well. However, when qsort is compiled for a 64-bit machine, "INTN" is defined as "INT64" and the return values of the compare functions become incompatible ("int" for qsort and "INT64" for QuickSortWorker), causing malfunction. For example, let's assume qsort is being compiled for a 64-bit machine. As stated before, the "compare" function will be returning an "int", and "CompareFunction" will be returning an "INT64". When, for example, the "compare" function (which was passed as an argument to qsort and, then, re-passed as an argument to QuickSortWorker) returns -1 (or 0xffffffff, in a 32-bit integer, its original return type) from inside a call to QuickSortWorker, its return value is interpreted as being an "INT64" value - which turns out to be 4294967295 (or 0x00000000ffffffff, in a 64-bit integer) -, making the function QuickSortWorker to behave unexpectedly. Note that this unexpected (or incorrect) conversion does not happen when casting an "INT32" to an "INT64" directly, but does happen when casting function types. The issue is fixed by changing the return type of SORT_COMPARE (the type of "CompareFunction", used by QuickSortWorker) from "INTN" to "int". This way, both qsort and QuickSortWorker use compatible definitions for their compare functions. Contributed-under: TianoCore Contribution Agreement 1.0 Acked-by: Paulo Alcantara Cavalcanti <paulo.alc.cavalcanti@hp.com> Signed-off-by: Karyne Mayer <kmayer@hp.com> Signed-off-by: Rodrigo Dias Correa <rodrigo.dia.correa@hp.com> Signed-off-by: Arthur Crippa Burigo <acb@hp.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19748 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg: Add NOOPT target in CryptoPkg.dscHao Wu2016-01-191-2/+2
| | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19670 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg: fix build support under RVCTArd Biesheuvel2015-12-175-19/+18
| | | | | | | | | | | | | | | | The RVCT compiler chokes on a couple of issues in upstream OpenSSL that can be confirmed to be non-issues by inspection. So just ignore these warnings entirely. Also, move the dummy -J system include from CryptoPkg.dsc to the various .INF files, since it will not be picked up when building the CryptoPkg libraries from a platform .DSC Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19328 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg: Convert all .uni files to utf-8Jordan Justen2015-12-1513-0/+0
| | | | | | | | | | | | | To convert these files I ran: $ python3 BaseTools/Scripts/ConvertUni.py CryptoPkg Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-by: Michael Kinney <michael.d.kinney@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19250 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg/OpensslLib: upgrade OpenSSL version to 1.0.2eQin Long2015-12-115-25/+38
| | | | | | | | | | | | | | | OpenSSL has released version 1.0.2e with security fixes. Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib from 1.0.2d to 1.0.2e. (Note: This is based on Ard's previous patch with extra fix https://rt.openssl.org/Ticket/Display.html?id=4175) Contributed-under: TianoCore Contribution Agreement 1.0 Singed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19218 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg/OpensslLib: comment out unused codeArd Biesheuvel2015-12-071-12/+12
| | | | | | | | | | | This comments out the pqueue and ts_* source files from the OpensslLib build, since they have no users. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19147 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg/BaseCryptLib: make mVirtualAddressChangeEvent STATICArd Biesheuvel2015-12-071-1/+1
| | | | | | | | | | | | | | | Make mVirtualAddressChangeEvent STATIC to prevent it from conflicting with other variables of the same name that may be defined in other libraries (e.g., MdeModulePkg/Universal/Variable/RuntimeDxe) This also removes the risk of mVirtualAddressChangeEvent being merged with other uninitialized variables with external linkage by toolchains that perform COMMON allocation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19146 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg ARM: add ArmSoftFloatLib resolution to CryptoPkg.dscArd Biesheuvel2015-12-071-0/+3
| | | | | | | | | | | In order to build the ARM version of CryptoPkg from its own .DSC file, it needs a resolution for the ArmSoftFloatLib dependency of OpensslLib. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19145 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg: remove global variable 'timeval' from OpenSslSupport.hArd Biesheuvel2015-12-071-1/+1
| | | | | | | | | | | | | | The header file OpenSslSupport.h not only defines a type 'struct timeval' but also defines a global variable 'timeval' of that type. The RVCT compiler does not merge this definition into a common symbol, resulting in duplicate definition errors in the final link. So remove the variable definition. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19135 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg: Disable VS2015 warning C4311 in OpensslLibLiming Gao2015-12-041-1/+2
| | | | | | | | | | | Warning C4311: pointer truncation from 'type' to 'type'. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-by: Michael Kinney <michael.d.kinney@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19115 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg/OpensslLib: add softfloat dependency for ARMArd Biesheuvel2015-11-301-1/+4
| | | | | | | | | | | | | UEFI on 32-bit ARM does not allow the use of hardware floating point, so in order to be able to run OpenSslLib, we need to fulfil its floating point arithmetic dependencies using a software library. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19033 6f19259b-4bc3-4df7-8a09-765794883524
* [CryptoPkg] Correct one typo in the API comments.Qin Long2015-11-254-5/+5
| | | | | | | | | | | Correct one typo (SingerChainCerts --> SignerChainCerts) in the comments for Pkcs7GetCertificatesList() API. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Shumin Qiu <shumin.qiu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18944 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg: fix AARCH64 build under CLANG35Ard Biesheuvel2015-11-051-2/+2
| | | | | | | | | | | | | | | | | The OpenSSL function sk_X509_delete_ptr() resolves through preprocessor substitution to '(X509 *)sk_delete_ptr()', in which the cast causes the call to be interpreted as an expression (whose value is not used) rather than a statement, resulting in the following error under Clang: ...: error: expression result unused [-Werror,-Wunused-value] Add (VOID) casts to silence the error. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18730 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg: Add one new API (Pkcs7GetCertificatesList) for certs retrieving.Qin Long2015-11-054-0/+386
| | | | | | | | | | | | | Adding one new API (Pkcs7GetCertificatesList) to retrieve and sort all embedded certificates from Pkcs7 signedData. This new API will provide the support for UEFI 2.5 Secure-Boot AuditMode feature. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18729 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg/OpensslLib: Move OPENSSL_NO_xxx defines into opensslconf.hDavid Woodhouse2015-10-292-44/+317
| | | | | | | | | | | | | | | | | | | | | | Putting these on the command line as we do at the moment means that they are *only* visible when actually building the OpenSSL code itself. When building other things like BaseCryptLib, they were missing. Which could lead to discrepancies in structures defined by the header files, between the OpenSSL code and the EDK II code which calls it. Move the definitions into opensslconf.h where they would normally live in a standard build of OpenSSL. Note: Do *not* set OPENSSL_NO_LHASH or OPENSSL_NO_OCSP since those weren't effectively disabled before; the directories was still being included in the build. If we actually disable then, the build breaks. We can hopefully fix at least OCSP upstream later, but one thing at a time... Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18708 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg/OpensslLib: Eliminate GETPID_IS_MEANINGLESS definitionDavid Woodhouse2015-10-292-2/+13
| | | | | | | | | | OpenSSL ought to work this out for itself when OPENSSL_SYS_UEFI is set. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18707 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg: Fix OpenSSL BN wordsize and OPENSSL_SYS_UEFI handlingDavid Woodhouse2015-10-295-42/+76
| | | | | | | | | | | | | | | | | | | | | We were manually setting -DSIXTY_FOUR_BIT_LONG or -DTHIRTY_TWO_BIT on the compiler command line when building OpensslLib itself, but not when building BaseCryptLib. But when building BaseCryptLib, we weren't setting OPENSSL_SYS_UEFI *either*. This meant that *that* build was picking up the definition from <openssl/opensslconf.h>, and was thus *different* to the version the library was built with, in some cases. So set OPENSSL_SYS_UEFI consistently in OpensslSupport.h and *also* define either SIXTY_FOUR_BIT or THIRTY_TWO_BIT there too. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18706 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg/OpensslLib: Undefine NO_BUILTIN_VA_FUNCS to fix varargs breakageDavid Woodhouse2015-10-292-35/+1
| | | | | | | | | | | | | | | | | | | | | | | Instead of patching OpenSSL to add EFIAPI to the one varargs function we actually *noticed* breakage in, let's fix the problem in a more coherent way by undefining NO_BUILTIN_VA_FUNCS. That way, the VA_START and similar macros will actually do the right thing for non-EFIAPI functions, which is to use the GCC builtins. It's still fairly broken elsewhere in the tree, with the VA_START macro being used from both EFIAPI and non-EFIAPI functions — and being broken in the latter case. We probably ought to make EFIAPI a no-op everywhere and add -mabi=ms to the GCC builds. But that's a project for another day. For now, just fix the OpenSSL build in a cleaner fashion. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18705 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg/BaseCryptLib: Use X509_V_FLAG_NO_CHECK_TIMEDavid Woodhouse2015-10-294-25/+39
| | | | | | | | | | | | | OpenSSL HEAD is in the process of adding this flag to disable the validity time checking. Backport it to 1.0.2 and use it too, for consistency. https://rt.openssl.org/Ticket/Display.html?id=3951&user=guest&pass=guest Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18704 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg/BaseCryptLib: Use X509_V_FLAG_PARTIAL_CHAINDavid Woodhouse2015-10-293-171/+15
| | | | | | | | | | | | | | | | | Since OpenSSL 1.0.2 we can set this flag on the X509_STORE to instruct OpenSSL to accept non-self-signed certificates as trusted. So we don't need two entirely identical copies of a verify_cb() function which makes it ignore the resulting errors. We also *didn't* use that verify_cb() function for X509VerifyCert(), but probably should have done. So that can get X509_V_FLAG_PARTIAL_CHAIN for consistency, too. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18703 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg/BaseCryptLib: Clean up checking of PKCS#7 contents typeDavid Woodhouse2015-10-291-3/+4
| | | | | | | | | | | | Use the new OBJ_get0_data() accessor to compare the data, and actually check the length of the object too. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18702 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg/BaseCryptLib: Use accessor functions for ASN1_OBJECTDavid Woodhouse2015-10-292-3/+10
| | | | | | | | | | | | | | | | | OpenSSL 1.1 introduces new OBJ_get0_data() and OBJ_length() accessor functions and makes ASN1_OBJECT an opaque type. Unlike the accessors in previous commits which *did* actually exist already but just weren't mandatory, these don't exist in older versions of OpenSSL. So introduce macros which do the right thing, for compatibility. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18701 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg/BaseCryptLib: Use accessor functions for X509_ATTRIBUTEDavid Woodhouse2015-10-291-3/+11
| | | | | | | | | | | | | | | | In OpenSSL 1.1, the X509_ATTRIBUTE becomes an opaque structure and we will no longer get away with accessing its members directly. Use the accessor functions X509_ATTRIBUTE_get0_object0() and X509_ATTRIBUTE_get0_type() instead. Also be slightly more defensive about unlikely failure modes. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18700 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg/BaseCryptLib: Use i2d_X509_NAME() instead of abusing X509_NAMEDavid Woodhouse2015-10-291-4/+6
| | | | | | | | | | | | | In OpenSSL 1.1, the X509_NAME becomes an opaque structure and we will no longer get away with accessing its members directly. Use i2d_X509_NAME() instead. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18699 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg/BaseCryptLib: Add missing OpenSSL includesDavid Woodhouse2015-10-294-4/+7
| | | | | | | | | | | | | | OpenSSL 1.1 has cleaned up its include files a little, and it will now be necessary to directly include things like <openssl/bn.h> if we want to use them, rather than assuming they are included indirectly from other headers. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18698 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg: Fix one wrong parameter for weak key checkingQin Long2015-09-021-3/+3
| | | | | | | | | | Fix one wrong offset which is passed into DES weak key checking in TdesInit(). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18389 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg: Replace string wrapper functions with safe string functionsQin Long2015-09-021-4/+6
| | | | | | | | | | | | EDKII core suggests to retire unsafe string functions. This patch is to replace string wrapper functions with new-added safe string functions for consistency. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18385 6f19259b-4bc3-4df7-8a09-765794883524
* CryptoPkg: Add a missed include file to fix the possible build issue.Qin Long2015-08-201-0/+2
| | | | | | | | | | | | Add a missed include file (UefiBaseType.h) into BaseCryptLib.h, since EFI_TIME was introduced in the new crypto API (ImageTimestampVerify). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18255 6f19259b-4bc3-4df7-8a09-765794883524