summaryrefslogtreecommitdiffstats
path: root/CryptoPkg
Commit message (Collapse)AuthorAgeFilesLines
* CryptoPkg: Extend TLS handshake debug outputSebastian Witt2024-06-251-3/+7
| | | | | | | | | The error codes during TLS handshake errors are sometimes not enough to understand the root cause of the problem. Extending the debug output by the function and optional data helps in some cases. Signed-off-by: Sebastian Witt <sebastian.witt@siemens.com>
* CryptoPkg: Add SNI extension to TLS ClientHelloSebastian Witt2024-06-251-0/+18
| | | | | | | | | | | | | | Webservers hosting multiple websites require the TLS SNI (Server Name Indication) in the ClientHello to know which certificate to return. The current TLS code does not include the server name in the ClientHello handshake, which leads to failed HTTPS boots when the server does not return the correct certificate. This sets the host name for SNI in TlsSetVerifyHost which receives the host name also for verification against the certificates. Signed-off-by: Sebastian Witt <sebastian.witt@siemens.com>
* CryptoPkg: Fix strncpy for BaseCryptLibMbedTlsWenxing Hou2024-06-171-3/+22
| | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2817 Because the change for strncpy, add the strncpy implementation. Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
* CryptoPkg/Test: call ProcessLibraryConstructorListGerd Hoffmann2024-06-141-0/+7
| | | | | | Needed to properly initialize BaseRngLib. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* CryptoPkg: Fix BaseCryptLib CrtWrapper strncpy and strcatSebastian Witt2024-06-072-14/+64
| | | | | | | | | | | | | | | | | | | | Following https://bugzilla.tianocore.org/show_bug.cgi?id=2817 this bug could also apply to strncpy and strcat. For strncpy use count+1 if smaller than MAX_STRING_SIZE. This still restricts the destination size to MAX_STRING_SIZE as before but allows a strncpy when the source is close after destination without triggering the InternalSafeStringNoAsciiStrOverlap check in AsciiStrnCpyS. For strcat use the destination string length + the size of the source string including the terminator as destination size if smaller than MAX_STRING_SIZE. Also move both functions to CrtWrapper.c as they do not return the correct return value. AsciiStrnCpyS and AsciiStrCatS return RETURN_VALUE instead of a char * to the destination buffer. Signed-off-by: Sebastian Witt <sebastian.witt@siemens.com>
* CryptoPkg: Fix BaseCryptLib CrtWrapper strcpySebastian Witt2024-06-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | strcpy fails when strSource is closer than 4096 bytes after strDest. This is caused by an overlap check in AsciiStrCpyS: // // 5. Copying shall not take place between objects that overlap. // SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED); Since DestMax is MAX_STRING_SIZE (0x1000) and with a Source that is in this area behind Destination, AsciiStrCpyS will fail and strcpy will do nothing. When called by CRYPTO_strdup in openssl this leads to uninitialzed memory that gets accessed instead of the copied string. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2817 Signed-off-by: Sebastian Witt <sebastian.witt@siemens.com>
* CryptoPkg: Fix wrong logic in X509GetTBSCertWenxing Hou2024-06-061-2/+2
| | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4509 Both return 0x80 value and Asn1Tag != V_ASN1_SEQUENCE are wrong return. Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
* CryptoPkg/BaseCryptLib: Enable more functions for SMM/StandaloneMMNhi Pham2024-06-031-3/+3
| | | | | | | | This facilitates RSA extension, PKCS7 sign, and bignum function to broaden the range of algorithms available in SMM/StandaloneMM for platform utilization. Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
* CryptoPkg: Remove deprecated code related to SHA-1Shang Qingyu2024-05-312-16/+0
| | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4698 The default drbg type of randlib has been switched to aes_256_ctr in openssl1.1.1, so sha1 is not really used in RandomSeed(). Remove related code which do SHA-1 support checking in CryptRand.c and CryptRandTsc.c to avoid potential compatibility errors. Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Shang Qingyu <qingyu.shang@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Fix bug for correct return value checking when get X509CertQingyu2024-05-311-3/+3
| | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4509 CryptX509.c file has X509GetTBSCert() funtion and it is added Inf variable to collect the return value of ASN1_get_object(), which return 0x80 in error case. Supplement the return value check during the second function call and correct the check logic. Signed-off-by: Qingyu <qingyu.shang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Add support for aes128-sha256 and aes256-sha256 cipherShang Qingyu2024-05-311-0/+11
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4739 AES256-SHA256 is a Tls1.2 suite we need to support, add it to deflt_ciphers in OpensslStub. Signed-off-by: Shang Qingyu <qingyu.shang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* Add SM3 functions with openssl for MbedtlsWenxing Hou2024-05-2711-8/+1010
| | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Because the Mbedlts 3.3.0 doesn't have Sm3, the Sm3 implementaion is based on Openssl. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* CryptoPkg: Update *.inf in BaseCryptLibMbedTlsWenxing Hou2024-05-275-66/+80
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Update all *.inf in BaseCryptLibMbedTls based on new implementation. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* CryptoPkg: Add ImageTimestampVerify based on MbedtlsWenxing Hou2024-05-271-0/+381
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Timestamp Countersignature Verification implementaion based on Mbedtls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* CryptoPkg: Add AuthenticodeVerify based on MbedtlsWenxing Hou2024-05-271-0/+214
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement AuthenticodeVerify based on Mbedtls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* CryptoPkg: Add more RSA related functions based on MbedtlsWenxing Hou2024-05-273-0/+770
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement more RSA functions such as RsaPkcs1Sign based Mbedlts. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* CryptoPkg: Add Pkcs5 functions based on MbedtlsWenxing Hou2024-05-271-0/+100
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* CryptoPkg: Add Pkcs7 related functions based on MbedtlsWenxing Hou2024-05-277-12/+2843
| | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Because the current Mbedlts pkcs7 library doesn't support authenticatedAttributes and only support 0 or 1 certificates in Signed data, the patch implement Pkcs7 by low Mbedtls Api. And the implementation has pass unit_tes and integration test. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* CryptoPkg: Add X509 functions based on MbedtlsWenxing Hou2024-05-271-0/+1940
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 X.509 Certificate Handler Wrapper Implementation over MbedTLS. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* CryptoPkg: Add Pem APIs based on MbedtlsWenxing Hou2024-05-271-0/+138
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement Pem API based on Mbedtls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* CryptoPkg: Add rand function for BaseCryptLibMbedTlsWenxing Hou2024-05-274-0/+246
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Add rand function for BaseCryptLibMbedTls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* CryptoPkg: Add AeadAesGcm based on MbedtlsWenxing Hou2024-05-271-0/+227
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 AeadAesGcm implementation based on Mbedtls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* CryptoPkg/BaseCryptLibUnitTest: add unit test functionsChris Ruffin2024-04-071-71/+687
| | | | | | | | | | | | | | | | | Add unit test functions: TestVerifyPkcs1v2EncryptInterface() TestVerifyRsaOaepEncryptInterface() TestVerifyEncrypt() TestVerifyDecrypt() TestVerifyEncryptDecrypt() Signed-off-by: Chris Ruffin <v-chruffin@microsoft.com> Cc: Chris Ruffin <cruffin@millcore.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg/Driver: add additional RSAES-OAEP crypto functionsChris Ruffin2024-04-074-2/+355
| | | | | | | | | | | | Add new functions to CryptoPkg/Driver. Signed-off-by: Chris Ruffin <v-chruffin@microsoft.com> Cc: Chris Ruffin <cruffin@millcore.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg/BaseCryptLib: add additional RSAES-OAEP crypto functionsChris Ruffin2024-04-075-50/+1054
| | | | | | | | | | | | | | | | | | | | | | Expand the availability of the RSAES-OAEP crypto capability in BaseCryptLib. Applications using RSA crypto functions directly from OpensslLib can transition to BaseCryptLib to take advantage of the shared crypto feature in CryptoDxe. Pkcs1v2Decrypt(): decryption using DER-encoded private key RsaOaepEncrypt(): encryption using RSA contexts RsaOaepDecrypt(): decryption using RSA contexts Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=4732 Gihub PR: https://github.com/tianocore/edk2/pull/5473 Signed-off-by: Chris Ruffin <v-chruffin@microsoft.com> Cc: Chris Ruffin <cruffin@millcore.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Remove interdependence for RsaPssVerifyHou, Wenxing2024-04-011-63/+11
| | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4742 Remove interdependence for RsaPssVerify, only use original mbedtls API. Because APIs such as Sha512Init may be closed by the platform PCD. And this patch optimize the hash flow. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Update Md5/Sha1/Sha2 by using new mbedtls apiHou, Wenxing2024-04-014-24/+20
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4741 Update Md5/Sha1/Sha2 by using mbedtls 3.0 api in BaseCryptLibMbedTls, because the old API may be deprecated when open some MACRO. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Update OPTIONAL location for BaseCryptLibMbedTlsHou, Wenxing2024-04-012-8/+4
| | | | | | | | | | | REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4740 There is a wrong usage for OPTIONAL. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Add dummy inttypes header to fix clang buildHou, Wenxing2024-01-222-0/+10
| | | | | | | | | | | | | | REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4642 When use Mbedtls, there is a clang build error. Add dummy inttypes header to fix clang build. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Fix redefinition error of int definesHou, Wenxing2024-01-102-15/+19
| | | | | | | | | | | | REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4632 Move the define to stdint and add MACRO to prevent duplicate inclusion. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: fix gcc build fail for CryptoPkgMbedtlsHou, Wenxing2024-01-081-1/+1
| | | | | | | | | | | | REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4630 Enable MBEDTLS_NO_UDBL_DIVISION to fix GCC x64 build failure. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: move define to CrtLibSupportHou, Wenxing2024-01-042-10/+15
| | | | | | | | | | | | | | | REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4632 The before code will cause redefine error. This patch move them to CrtLibSupport header. But Openssl has already defined them internally, need to increase support for OPENSLL_SYS_UEFI judgment. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: CI: Add PrEval entryJoey Vagedes2023-10-231-0/+3
| | | | | | | | | | | | | | | | | | | | Adds a PrEval entry to the package's ci.yaml file which is used to verify if the package uses a particular library instance when that library instance file (INF) is updated. When a library instance file (INF) is updated, PrEval will review each package's DSC as described in the ci.yaml file to determine if the package uses said library instance. If the package does use the library instance, it will be built and tested to ensure the package is not broken from the change. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Joey Vagedes <joeyvagedes@gmail.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Add CryptAes functions based on Mbedtls Add CryptAes APIS.Wenxing Hou2023-10-121-0/+225
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Add basic Readme for BaseCryptLibMbedTlsWenxing Hou2023-10-121-5/+11
| | | | | | | | | | | | | Update Readme for BaseCryptLibMbedTls. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Add Mbedtls submodule in CIWenxing Hou2023-10-124-2/+33
| | | | | | | | | | | | | | Change CI for new Mbedtls submodule. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
* CryptoPkg: Add MD5/SHA1/SHA2 functions based on MbedtlsWenxing Hou2023-10-125-5/+1130
| | | | | | | | | | | | | Add MD5/SHA1/SHA256/SHA384/SHA512 APIs. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Add Null functions for building passWenxing Hou2023-10-1224-0/+4086
| | | | | | | | | | | | | Add Null functions to build. These feature are not supported now. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Add all .inf files for BaseCryptLibMbedTlsWenxing Hou2023-10-1219-1/+1718
| | | | | | | | | | | | | Add .inf files and other support files. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Add RSA functions based on MbedtlsWenxing Hou2023-10-128-0/+831
| | | | | | | | | | | | | Add RSA APIs. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Add HKDF functions based on MbedtlsWenxing Hou2023-10-122-0/+564
| | | | | | | | | | | | | Add HKDF APIs. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Add HMAC functions based on MbedtlsWenxing Hou2023-10-123-13/+1084
| | | | | | | | | | | | Add HMAC APIS. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
* CryptoPkg: Add mbedtls_config and MbedTlsLib.infWenxing Hou2023-10-125-0/+4760
| | | | | | | | | | | | | Add MbedTlsLib support. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg: Add mbedtls submodule for EDKIIWenxing Hou2023-10-121-0/+0
| | | | | | | | | | | | | | Add mbedtls 3.3.0 as submodule in CryptoPkg. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
* CryptoPkg/TlsLib: fix tls cipher configurationGerd Hoffmann2023-10-081-128/+36
| | | | | | | | | | | | | | | | | | Trying to configure the TLS ciphers can lead to TLS handshake failures because TlsCipherMappingTable is not in line with the ciphers actually supported by OpensslLib. Fix that by removing TlsCipherMappingTable altogether. Use SSL_get_ciphers() instead to get the stack of ciphers supported by openssl. Name and ID of the ciphers can be queried using the SSL_CIPHER_get_name() and SSL_CIPHER_get_protocol_id() functions, which allows us to map IDs to names without a hard-code table. Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=2541 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <20231004092003.3809321-1-kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Yi Li <yi1.li@intel.com>
* CryptoPkg/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerifySheng Wei2023-09-071-1/+2
| | | | | | | | | | | | | | | | | | | Register and initialize sha384/sha512 digest algorithms for PKCS#7 Handling. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Zeyi Chen <zeyi.chen@intel.com> Cc: Fiona Wang <fiona.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Sheng Wei <w.sheng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: remove BN and EC accel for size optimizationYi Li2023-08-093-54/+27
| | | | | | | | | | | | | | | BN and EC have not been fully tested, and will greatly increase the size of the Crypto driver(>150KB). Signed-off-by: Yi Li <yi1.li@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Brian J. Johnson <brian.johnson@hpe.com> Tested-by: Kenneth Lautner <klautner@microsoft.com>
* CryptoPkg/openssl: update CI config for openssl 3.0Gerd Hoffmann2023-08-091-11/+43
| | | | | | | | | | | | | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Yi Li <yi1.li@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Brian J. Johnson <brian.johnson@hpe.com> Tested-by: Kenneth Lautner <klautner@microsoft.com>
* CryptoPkg: remove strcmp to syscallYi Li2023-08-092-9/+9
| | | | | | | | | | | | | | | | In rare cases the platform may not provide the full IntrinsicLib. But openssl30 build always require strcmp, provide this function by moving it into CrtWrapper.c. Signed-off-by: Yi Li <yi1.li@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Brian J. Johnson <brian.johnson@hpe.com> Tested-by: Kenneth Lautner <klautner@microsoft.com>
* CryptoPkg: run configure.py to update all generated filesYi Li2023-08-09122-4/+240260
| | | | | | | | | | | | | | | cd */edk2/CryptoPkg/Library/OpensslLib python configure.py Signed-off-by: Yi Li <yi1.li@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Brian J. Johnson <brian.johnson@hpe.com> Tested-by: Kenneth Lautner <klautner@microsoft.com>