| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3679
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3828
Tls/Base/Pei/Smm/RuntimeCryptLib.inf will use OpensslLib,
and the opensslconf.h in openssllib will use PcdEcEnabled,
but it is not declared in the inf file now,
it will cause warnings in some compilers.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
| |
Drop 'restrict' keyword which older visual studio compiler
versions complain about.
Fixes: fab6285a73c4 ("CryptoPkg/CrtLibSupport: fix strcpy")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
MU_CHANGE tags are used in a different project (Project Mu) to
highlight deviations from Tianocore. Therefore, the comments are
not needed when the changes are present in a Tianocore repository.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3679
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3828
Use PCD gEfiCryptoPkgTokenSpaceGuid.PcdEcEnabled to config-able
source files list in OpensslLib.inf and OpensslLibCrypto.inf.
If PcdEcEnabled equals to FALSE, this file will not be compiled.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: yi1 li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3679
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3828
Reconfigure OpensslLib to add elliptic curve cipher algorithms.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: yi1 li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3679
This dependency is needed to build openssl lib with ECC ciphers
under IA32 Windows and adds implementation for _allmul and _allshr
instrinsics.
It is taken from Project Mu:
microsoft/mu_basecore@b55b341
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: yi1 li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
| |
openssl 3.0 wants at least 512 bytes, otherwise it throws an error:
error:0280007E:Diffie-Hellman routines::modulus too small
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
| |
strcpy() returns a pointer to the destination string, AsciiStrCpyS()
does not. So a simple #define does not work. Create a function
instead.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
| |
Add typedef for off_t.
Will be needed by openssl 3.0.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
| |
Add dummy MODULESDIR #define
Will be needed by openssl 3.0.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
| |
Add define for UINT_MAX.
Will be needed by openssl 3.0.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
| |
Add #define for INT_MIN.
Will be needed by openssl 3.0.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
| |
Add #define for strstr().
Will be needed by openssl 3.0.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
| |
Add fcntl.h header file.
Will be needed by openssl 3.0.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3885
Parallel hash patch redefines uint_64 type in CrtLibSupport.h
which has been defined in openssl/include/openssl/e_os2.h.
CryptMd5.c including e_os2.h cause redefinition bug.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Zhihao Li <zhihao.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
| |
Pick up bugfixes from latest openssl release. Includes CVE-2022-0778
fix (I don't think edk2 is affected though due to EC being disabled).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596
Parallel hash function ParallelHash256HashAll, as defined in NIST's
Special Publication 800-185, published December 2016. It utilizes
multi-process to calculate the digest.
Passed CI test.
Onprotocol version code passed test.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Zhihao Li <zhihao.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737
Apply uncrustify changes to .c/.h files in the CryptoPkg package
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3767
Update use of DEBUG_CODE(Expression) if Expression is a complex code
block with if/while/for/case statements that use {}.
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3760
Update all use of ', OPTIONAL' to ' OPTIONAL,' for function params.
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3749
Update package YAML files to ignore ECC errors that are
already present. These issues must be fixed in the future,
but should not block source code changes for these known
issues.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3617
Create a read-only openSSL BIO wrapper for the existing input
buffer passed to Pkcs7Verify() instead of copying the buffer
into an empty writable BIO which causes memory allocations
within openSSL.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Bob Morgan <bobm@nvidia.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3550
Function ConvertAsn1TimeToEfiTime initializes timestamp to zeroes with
SetMem, but the actual parameters are out of order. The result is
the SetMem operation has no effect. The fix is to put the actual
parameters in the correct order.
Signed-off-by: Chris Stewart <chris.stewart@hp.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507
Adding the auto-generated assembly files for X64 architectures.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Mike Kinney <michael.d.kinney@intel.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Christopher Zurcher <christopher.zurcher@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507
Adding OpensslLibX64.inf and modifying process_files.pl to process this
file and generate the necessary assembly files.
Adding OpensslLibX64Gcc.inf to allow building with GCC toolchain.
ApiHooks.c contains a stub function for a Windows API call.
uefi-asm.conf contains the limited assembly configurations for OpenSSL.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Mike Kinney <michael.d.kinney@intel.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Christopher Zurcher <christopher.zurcher@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Intel Platform utility Syscfg/sysfwupdt will trigger SMI
to enter BIOS interface. then BIOS invoke EncodePassword
in SMM mode to check password.
it's need sha384(in CryptSha512.c) in SMM mode.
the origin SmmCryptLib.lib size is 1389KB,
after changed, the size is 1391KB.
the origin RuntimeCryptLib.lib size is 911KB,
after changed,the size is 913KB.
in SmmCryptLib.inf and RuntimeCryptLib.inf,
change CryptSha512NULL.c to CryptSha512.c.
https://bugzilla.tianocore.org/show_bug.cgi?id=3423
Signed-off-by: xueshengfeng <xueshengfeng@byosoft.com.cn>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3455
Enforce salt length to be equal to digest length for RSA-PSS
encoding scheme.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
`Result` can be used uninitialized in both functions after following
either first or second `goto` statement.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Sergei Dmitrouk <sergei@posteo.net>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3314
This patch uses Openssl's EVP API's to perform RSASSA-PSS verification
of a binary blob.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3308
The EDK II Build Specifications do not restrict the set of
CPU architectures that can be supported. Remove places in
the EDK II that assume a fixed set of CPU architectures.
Update SIXTY_FOUR_BIT and THIRTY_TWO_BIT defines in the
CryptoPkg to allow one of them to be predefined on the EDK II
build command line using /D flag or in DSC file [BuildOptions]
sections.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Abner Chang <abner.chang@hpe.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Abner Chang <abner.chang@hpe.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3288
Simplify the DSC file by using the library mappings from
UnitTestFrameworkPkgTarget.dsc.inc to build the CryptoPkg
target based unit tests that run from the UEFI Shell.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3287
Remove duplicate declaration of the function prototype
EDKII_CRYPTO_RSA_GET_PUBLIC_KEY_FROM_X509.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3246
MdeLibs.dsc.inc was added for some basic/default library
instances provided by MdePkg and RegisterFilterLibNull Library
was also added into it as the first version of MdeLibs.dsc.inc.
So update platform dsc to consume MdeLibs.dsc.inc for
RegisterFilterLibNull which will be consumed by IoLib and BaseLib.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update openssl from 1.1.1g to 1.1.1j. Current OpenSSL version
1.1.1g contains the vulnerabilities of CVE-2021-23841 and
CVE-2021-23840. The related vulnerable API EVP_DecryptUpdate
are used in drivers.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3266
Besides, the opensslconf.h automatically generated by process_files.pl.
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Liu Wei <weix.c.liu@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459
SignerCert is part of Pkcs7 instance when both have valid content. OpenSLL
PKCS7_free function will release the memory of SignerCert when applicable.
Freeing SignerCert with X509_free again might cause page fault if use-
after-free guard is enabled.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only include MD5 unit tests if ENABLE_MD5_DEPRECATED_INTERFACES
is defined and define ENABLE_MD5_DEPRECATED_INTERFACES for host
based unit tests so MD5 services are always tested.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021
Make the deprecated MD5 disable as default setting for
security.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20201112055558.2348-14-zhichao.gao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021
CRYPTO_SERVICES PACKAGES and ALL config would enable MD5
function. So explicitly enable MD5 while CRYPTO_SERVICES
are set PACKAGES and ALL.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Message-Id: <20201112055558.2348-4-zhichao.gao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1914
AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded
signed authenticode pkcs#7 data. when this successfully returns, a type
check is done by calling PKCS7_type_is_signed() and then
Pkcs7->d.sign->contents->type is used. It is possible to construct an asn1
blob that successfully decodes and have d2i_PKCS7() return a valid pointer
and have PKCS7_type_is_signed() also return success but have Pkcs7->d.sign
be a NULL pointer.
Looking at how PKCS7_verify() [inside of OpenSSL] implements checking for
pkcs7 structs it does the following:
- call PKCS7_type_is_signed()
- call PKCS7_get_detached()
Looking into how PKCS7_get_detatched() is implemented, it checks to see if
p7->d.sign is NULL or if p7->d.sign->contents->d.ptr is NULL.
As such, the fix is to do the same as OpenSSL after calling d2i_PKCS7().
- Add call to PKS7_get_detached() to existing error handling
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new INF for BaseCryptLib suitable for
host based environments. It adds a host based unit test for
BaseCryptLib that can also be built as a shell based Unit Test.
In addition, this also adds a UnitTestHostCrtWrapper.c file, which provides
some of the functionality not provided by the default host based unit test
system that OpenSSL expects. This is used by UnitTestHostBaseCryptLib, a
version of the BaseCryptLib meant specifically for host based unit testing.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Matthew Carlson <matthewfcarlson@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
Crypto algorithms, hkdf-sha256/hmac-sha256/aes, are needed to verify
integrity of variable data, derive hmac and encryption keys, and
encrypt/decrypt varible. Replacing null version source code with real
implementations makes sure we can enable full functionalities of protected
variable later.
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ref: https://github.com/tianocore/edk2/pull/845
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1871
Changes OpenSSL to no longer depend on TimerLib and instead use RngLib.
This allows platforms to decide for themsevles what sort of entropy source
they provide to OpenSSL and TlsLib.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Signed-off-by: Matthew Carlson <matthewfcarlson@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add configuration ExceptionList and IgnoreFiles for package config
files. So users can rely on this to ignore some Ecc issues.
Besides, add submodule path in IgnoreFiles section.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Guomin Jiang <guomin.jiang@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove the redundant build option for RISCV64 architecture.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2848
Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Guomin Jiang <guomin.jiang@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add configuration IgnoreFiles for package config files.
So users can rely on this to skip license conflict for
some generated files.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Guomin Jiang <guomin.jiang@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade openssl to 1.1.1g. the directory have been reorganized,
openssl moved crypto/include/internal to include/crypto folder.
So we change directory to match the re-organization.
The dso_conf.h and opensslconf.h will generated in UNIX format,
change process_files.pl to covent the EOL automatically.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682
SHA1 is deprecated but it is required for compatible issue.
So add a MARCO for the platform to disable the usage of SHA1 for
security.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682
MD5 is deprecated but it is required for compatible issue.
So add a MARCO for the platform to disable the usage of MD5 for
security.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
The binary is totally changed, so update the Crypto Version to 7:
1. Retire below deprecated function:
MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
Convert file ending of the crypto created openssl config file -
opensslconf.h from '\n' to '\r\n' to make align the line ending and
pass the patch check.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
|
