summaryrefslogtreecommitdiffstats
path: root/CryptoPkg
Commit message (Collapse)AuthorAgeFilesLines
* CryptoPkg: Enable DXE_CORE support in DxeCryptLib.infYi Li2023-04-191-1/+1
| | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4413 Make the DXE_CORE module able to call the crypto protocol, which can reduce FV size on platforms using the Crypto Binaries. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Update code to be more C11 compliant by using __func__Rebecca Cran2023-04-102-6/+6
| | | | | | | | | | | | __FUNCTION__ is a pre-standard extension that gcc and Visual C++ among others support, while __func__ was standardized in C99. Since it's more standard, replace __FUNCTION__ with __func__ throughout CryptoPkg. Signed-off-by: Rebecca Cran <rebecca@bsdio.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* CryptoPkg: Fix conditionally uninitialized variableMichael Kubacki2023-04-031-9/+12
| | | | | | | | | | | | | | | | | | | | | | | | | Fixes CodeQL alerts for CWE-457: https://cwe.mitre.org/data/definitions/457.html Checks the return value from `ASN1_get_object()` to verify values set by the function are valid. Note that the function returns literal `0x80`: `return (0x80);` That is used to check the return value is as the case in other areas of the code. Cc: Erich McMillan <emcmillan@microsoft.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael Kubacki <mikuback@linux.microsoft.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Co-authored-by: Erich McMillan <emcmillan@microsoft.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Oliver Smith-Denny <osd@smith-denny.com>
* CryptoPkg/Library: add -Wno-unused-but-set-variable for opensslGang Chen2023-03-175-0/+10
| | | | | | | | | | The GCC warning fix is not in 1.1.1x. Ignore the warning type -Wno-unused-but-set-variable with GCC compiler in the build option. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Gang Chen <gang.c.chen@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
* CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1tSheng Wei2023-03-106-0/+5
| | | | | | | | | | | | Upgrade openssl to 1.1.1t Pick up bugfixes from the latest openssl release. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Sheng Wei <w.sheng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/BaseCryptLib: avoid using SHA512()Gerd Hoffmann2023-03-071-3/+13
| | | | | | | | | In openssl 3.0 SHA512() goes through the provider logic, requiring a huge amount of openssl code. The individual functions do not, so use them instead. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/BaseCryptLib: avoid using SHA384()Gerd Hoffmann2023-03-071-3/+13
| | | | | | | | | In openssl 3.0 SHA384() goes through the provider logic, requiring a huge amount of openssl code. The individual functions do not, so use them instead. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/BaseCryptLib: avoid using SHA256()Gerd Hoffmann2023-03-071-3/+13
| | | | | | | | | In openssl 3.0 SHA256() goes through the provider logic, requiring a huge amount of openssl code. The individual functions do not, so use them instead. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/BaseCryptLib: avoid using SHA1()Gerd Hoffmann2023-03-071-3/+13
| | | | | | | | | In openssl 3.0 SHA1() goes through the provider logic, requiring a huge amount of openssl code. The individual functions do not, so use them instead. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/Library: Reinstate ARM/AARCH64 sections in SmmCryptLib.infJake Garver2023-01-261-0/+6
| | | | | | | | | These sections were removed mistakenly. SmmCryptLib.inf supports these architectures. Signed-off-by: Jake Garver <jake@nvidia.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Need to enable crypto functionsJudah Vang2022-12-212-7/+13
| | | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3992 V2: Update Readme and CryptoPkg.dsc to reflect changes and be in sync. V1: Enable CryptAes for PEI phase. Enable CryptHkdf for SMM phase. Update Readme.md Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Nishant C Mistry <nishant.c.mistry@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com> Signed-off-by: Judah Vang <judah.vang@intel.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Need to enable crypto functionsJudah Vang2022-12-203-14/+17
| | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3992 V1: Enable CryptAes for PEI phase. Enable CryptHkdf for SMM phase. Update Readme.md Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Nishant C Mistry <nishant.c.mistry@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com> Signed-off-by: Judah Vang <judah.vang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/BaseCryptLib:time overflowZihong Yi2022-12-032-15/+38
| | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4167 In CrtLibSupport.h, time_t is defined as INT32, and its maximum value is 2147483647. That is, the corresponding maximum timestamp is 2038-01-19 11:14:07. Therefore, overflow occurs when the test time exceeds 2038-01-19 11:14:07. So change the type of time_t to INT64 and also change the type of variables in function gmtime which calculated with time_t. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Zihong Yi <yizihong@huawei.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptPkg: Enable CryptoPkg BaseCryptLib ParallelHash for PEI and DXEZhihao Li2022-12-028-27/+183
| | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4097 The BaseCryptLib in the CryptoPkg currently supports ParallelHash algorithm for SMM. The MP Services PPI and MP Services Protocol could be used to enable ParallelHash in PEI and DXE versions of the BaseCryptLib. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhihao Li <zhihao.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1sGang Chen2022-12-011-0/+0
| | | | | | | | | | | | Upgrade openssl to 1.1.1s. Pick up bugfixes from the latest openssl release, which include some GCC build warnings cleaning up. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Gang Chen <gang.c.chen@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Sha1 functions causing build errorsJudah Vang2022-11-081-1/+13
| | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3991 Fix build issue when DiSABLE_SHA1_DEPRECATED_INTERFACES is defined. Percolate the #ifndef DiSABLE_SHA1_DEPRECATED_INTERFACES to all the Sha1 functions. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Nishant C Mistry <nishant.c.mistry@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com> Signed-off-by: Judah Vang <judah.vang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/Readme.md: typo and grammar fixesLaszlo Ersek2022-11-071-23/+23
| | | | | | | | | | | | | | | | | | Commit 244ce33bdd2f ("CryptoPkg: Add Readme.md", 2022-10-24) had added the long-awaited documentation on the dynamic crypto services. Fix some of the typos and arguable grammar errors in "Readme.md". A few light clarifications are also snuck in. Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Christopher Zurcher <christopher.zurcher@microsoft.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/Test: Simplify BaseCryptLib host based unit testsMichael D Kinney2022-11-022-59/+7
| | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4130 Remove TestBaseCryptLibHostAccel.inf and instead use FILE_GUID override in DSC file to run the same unit test INF against OpensslLibFull.inf and OpensslLibFullAccel.inf Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/Library/OpensslLib: update auto-generated filesYi Li2022-10-246-388/+185
| | | | | | | | | | | | | | | | | | | | | | | | | | | Update OpensslLib INF files to match results from running process_files.pl to auto-generate the INF files. * OpensslLib.inf * OpensslLibAccel.inf * OpensslLibCrypto.inf * OpensslLibFull.inf * OpensslLibFullAccel.inf These INF files are generated by running the following perl scripts: * process_files.pl * process_files.pl X64 * process_files.pl X64Gcc * process_files.pl IA32 * process_files.pl IA32Gcc Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/Library/OpensslLib: Add generated flag to Accel INFYi Li2022-10-242-0/+16
| | | | | | | | | | | | | | Update OpensslLibAccel.inf and OpensslLibFullAccel.inf to include flags used by process_files.pl to generate OpensslLib INF files. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/Library/OpensslLib: Update process_files.pl INF generationYi Li2022-10-241-6/+87
| | | | | | | | | | | | | | | | | | Update process_files.pl to generate all OpensslLib INF files. * OpensslLib.inf * OpensslLibAccel.inf * OpensslLibCrypto.inf * OpensslLibFull.inf * OpensslLibFullAccel.inf Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* Revert "CryptoPkg: Update process_files.pl to auto add PCD config option"Yi Li2022-10-241-74/+3
| | | | | | | | | | | | | This reverts commit 499b0d5fa57dafe47b260aaf0cea6c6b0286e656. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Add Readme.mdMichael D Kinney2022-10-241-0/+498
| | | | | | | | | | | | | | Add Readme.md that provides an overview of the CryptoPkg and how to configure the use of cryptographic services in a platform. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Fixed host-based unit testsMichael D Kinney2022-10-243-27/+68
| | | | | | | | | | | | | | | | | | * Build host-based tests using OpensslLib instance with all services enabled. * Build host-based tests using performance optimized OpensslLib instance with all services enabled. * Remove unused PCD gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled * Remove redundant and unnecessary [BuildOptions] * Limit host-based unit tests to only IA32/X64 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Update DSC to improve CI test coverageMichael D Kinney2022-10-241-83/+345
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the addition of EC services and performance optimized versions of the OpensslLib for IA32/X64, the CryptoPkg.dsc file is updated to make sure all combinations are covered in CI builds. * Use different output directory for each CRYPTO_SERVICES profile. * Add FILE_GUID define names for CryptoPei, CryptoDxe, and CryptoSmm when they are linked with different OpensslLib instances. * Update CryptoPei, CryptoDxe, CryptoSmm builds to include all combinations of OpensslLib library instances supported by each CPU architecture. * Add TARGET_UINT_TESTS profile to CryptoPkg.dsc to build only the target-based unit tests. This reduces the size of CryptoPkg components not related to unit testing by removing unit test specific assert handlers. Build target-based unit tests using OpensslLibFull.inf and OpensslLibFullAccel.inf. * Remove the PACKAGE profile and instead make the ALL profile the default for CI testing that enables all services for all modules. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.decMichael D Kinney2022-10-241-33/+0
| | | | | | | | | | | | | | | Remove the PcdOpensslEcEnabled PCD that is no longer used. The EC feature is selected by using one of the OpensslLib instances that includes the EC features which are either OpensslLibFull.inf or OpensslLibFullAccel.inf. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/Library/OpensslLib: Remove PrintLib from INF filesMichael D Kinney2022-10-245-5/+0
| | | | | | | | | | | | | | The OpensslLib instances do not directly use any PrintLib services. Remove PrintLib from [LibraryClasses] sections of all OpensslLib INF files. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/Library/OpensslLib: Produce consistent set of APIsMichael D Kinney2022-10-2410-0/+837
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update all OpensslLib instances so they produce all the APIs used by the BaseCryptLib instances. Not producing the same set of APIs for a library class does not follow the EDK II library class rules and breaks the assumptions that consumers of the OpensslLib may make about which services are present. * Add missing declaration of the private library class OpensslLib to CryptoPkg.dec. * Add SslNull.c with NULL implementations of SSL functions * Add EcSm2Null.c with NULL implementations of EC/SM2 functions. * Update OpensslLibCrypto.inf to include both SslNull.c and EcSm2Null.c so this library instance produces all the opensll APIs used by the BaseCryptLib instances. * Update OpensslLib.inf and OpensslLibAccel.inf to include EcSm2Null.c so these library instances produce all the opensll APIs used by the BaseCryptLib instances. * Add missing declaration of the private library class IntrinsicLib to CryptoPkg.dec Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/Library/OpensslLib: Combine all performance optimized INFsMichael D Kinney2022-10-2415-1420/+913
| | | | | | | | | | | | | | | | | | | | | | | | | | * Remove IA32/X64 specific INF files for performance optimized OpensslLib and combine into OpensslLibAccel.inf and OpensslLibFullAccel.inf. * Remove use of PcdOpensslEcEnabled and let the platform select the EC feature by using either OpensslLibFull.inf or OpensslLibFullAccel.inf. * With PcdOpensslEcEnabled removed, roll back style of opensslconf.h and remove opensslconf_generated.h. Move the choice to disable EC/SM2 into OpensslLib INF files using OPENSSL_FLAGS define. * Update OpensslLibContructor() API to be compatible with all FW phases by using types from Base.h and using RETURN_STATUS type and values instead of EFI_STATUS type and values. * Add /wd4718 to VS2015x86 for IA32 and X64 to disable warning for recursive call with no side effects. This is a false positive warning that is not produced with VS2017 or VS2019. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/Library: Cleanup BaseCryptLib and TlsLibMichael D Kinney2022-10-2410-70/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib. The functions in this file are only used by TlsLib instances and not any CryptLib instances. * Fix type mismatch in call to FreePool() in TlsConfig.c * Remove use of gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled from TslLib and CryptLib instances * Add missing *Null.c files to SecCryptLib.inf and RuntimeCryptLib.inf. * Remove ARM and AARCH64 sections from SmmCryptLib.inf that does not support those architectures. * Add missing PrintLib dependencies to [LibraryClasses] sections of CryptLib INF files * Remove extra library classes from [LibraryClasses] sections of CryptLib INF files * Remove unnecessary warning disables from [BuildOptions] sections of TlsLib and CryptLib INF files * Remove RVCT support from SecCryptLib.inf Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Cc: Rebecca Cran <quic_rcran@quicinc.com> Cc: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixesMichael D Kinney2022-10-242-6/+13
| | | | | | | | | | | | | | | | | * Update ImageTimeStampTest to return UNIT_TEST_PASSED instead of Status. On success Status is TRUE(1), which was returning a unit test status of UNIT_TEST_ERROR_PREREQUISITE_NOT_MET. * Update HmacTests to use the *Free() service from the HMAC family instead of FreePool(). Using FreePool() generates ASSERT() because the context being freed was not allocated using AllocatePool(). Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/Library/BaseCryptLib: Update internal functions/variablesMichael D Kinney2022-10-247-17/+50
| | | | | | | | | | | | | | * Update BaseCryptLib internal worker functions to be 'STATIC' * Update BaseCryptLib internal working functions to not use EFIAPI * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global variables Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix formatMichael D Kinney2022-10-246-8/+18
| | | | | | | | | | Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Document and disable deprecated crypto servicesMichael D Kinney2022-10-242-55/+77
| | | | | | | | | | | | | | Also note services that are recommended to be disabled and update CryptoPkg.dsc PcdCryptoServiceFamilyEnable settings to disable all deprecated services. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Add LOONGARCH64 architecture for EDK2 CI.Chao Li2022-10-1411-8/+27
| | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4053 Add LOONGARCH64 architecture for EDK2 CI testing. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Chao Li <lichao@loongson.cn> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
* CryptoPkg: add Unit Test for X509 new function.Qi Zhang2022-10-125-0/+638
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4082 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: add new X509 function to Crypto Service.Qi Zhang2022-10-124-12/+1261
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4082 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: add new X509 function.Qi Zhang2022-10-123-0/+1894
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4082 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: add new X509 function definition.Qi Zhang2022-10-121-0/+374
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4082 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: add unit test for EC key interface.Qi Zhang2022-10-121-0/+156
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4102 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Add EC key interface to DXE and protocolQi Zhang2022-10-124-2/+412
| | | | | | | | | | | | | | The implementation provide EC key interface for EFI driver nad EFI BaseCrypt protocol. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4102 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Add EC key retrieving and signature interface.Qi Zhang2022-10-1210-0/+837
| | | | | | | | | | | | | | This patch is used to retrieve EC key from PEM and X509 and carry out the EC-DSA signature and verify it. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4102 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Add new Tls APIs to DXE and protocolYi Li2022-10-104-7/+435
| | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 The implementation provides new Tls library functions for Crypto EFI Driver and Protocol. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Extend Tls function libraryYi Li2022-10-106-7/+667
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 1. TlsSetSignatureAlgoList(): Configure the list of TLS signature algorithms that should be used as part of the TLS session establishment. This is needed for some WLAN Supplicant connection establishment flows that allow only specific TLS signature algorithms to be used, e.g., Authenticate and Key Managmenet (AKM) suites that are SUITE-B compliant. 2. TlsSetEcCurve(): Configure the Elliptic Curve that should be used for TLS flows the use cipher suite with EC, e.g., TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384. This is needed for some WLAN Supplicant connection establishment flows that allow only specific TLS signature algorithms to be used, e.g., Authenticate and Key Managmenet (AKM) suites that are SUITE-B compliant. 3. TlsShutdown(): Shutdown the TLS connection without releasing the resources, meaning a new connection can be started without calling TlsNew() and without setting certificates etc. 4. TlsGetExportKey(): Derive keying material from a TLS connection using the mechanism described in RFC 5705 and export the key material (needed by EAP methods such as EAP-TTLS and EAP-PEAP). 5. TlsSetHostPrivateKeyEx(): This function adds the local private key (PEM-encoded or PKCS#8 or DER-encoded private key) into the specified TLS object for TLS negotiation. There is already a similar function TlsSetHostPrivateKey(), the new Ex function introduces a new parameter Password, set Password to NULL when useless. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Fix integer overflowYuan Yu2022-10-101-2/+2
| | | | | | | | | | | | | | | SECSPERDAY is 86400 which exceeds the limit of a UINT16 which is 65536. Therefore DayRemainder cannot use UINT16. This patch makes it UINT32. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Anthony Perard <anthony.perard@citrix.com> Cc: Julien Grall <julien@xen.org> Signed-off-by: Yuan Yu <yuanyu@google.com> Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg/Test: Add unit test for CryptoEcYi Li2022-09-267-0/+300
| | | | | | | | | | | Add unit test for CryptoEc. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Add ECC related usage referenceYi Li2022-09-261-0/+29
| | | | | | | | | | | | | | Describes the use cases under which ECC needs to be enabled, and provides the impact on memory size for developers' reference. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Add EC APIs to DXE and protocolYi Li2022-09-265-200/+1622
| | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3828 The implementation provides CryptEc library functions for EFI Driveer and EFI BaseCrypt Protocol. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Add EC supportYi Li2022-09-268-0/+2186
| | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3828 This patch is used to add CryptEc library, which is wrapped over OpenSSL. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf()Yi Li2022-09-261-1/+3
| | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075 Fake BIO_snprintf() does not actually print anything to buf, it should return -1 as error. 0 will be considered a correct return value, the consumer may think that the buf is valid and parse the buffer. please refer to bugzilla link for details. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>