summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorqlong <qlong@6f19259b-4bc3-4df7-8a09-765794883524>2010-12-31 07:22:48 +0000
committerqlong <qlong@6f19259b-4bc3-4df7-8a09-765794883524>2010-12-31 07:22:48 +0000
commit4a567c9690db97ecbf982e9428727f073bada504 (patch)
tree92682c435813f60c29afd83ad98d04ebc24903ac
parent2a6433fef2413df583db6399008c7e6716a8e243 (diff)
downloadedk2-platforms-4a567c9690db97ecbf982e9428727f073bada504.tar.xz
1. Add new API supports for PEM & X509 key retrieving & verification;
2. Add new MD4 hash supports; 3. Add corresponding test case in Cryptest utility; 4. Fix MACRO definition issue in OpensslLib.inf and parameter checking issues in some wrapper implementations. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11214 6f19259b-4bc3-4df7-8a09-765794883524
-rw-r--r--CryptoPkg/Application/Cryptest/Cryptest.c5
-rw-r--r--CryptoPkg/Application/Cryptest/Cryptest.h12
-rw-r--r--CryptoPkg/Application/Cryptest/Cryptest.inf1
-rw-r--r--CryptoPkg/Application/Cryptest/HashVerify.c47
-rw-r--r--CryptoPkg/Application/Cryptest/RsaVerify2.c305
-rw-r--r--CryptoPkg/Include/Library/BaseCryptLib.h209
-rw-r--r--CryptoPkg/Include/OpenSslSupport.h1
-rw-r--r--CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf3
-rw-r--r--CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c177
-rw-r--r--CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c6
-rw-r--r--CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c6
-rw-r--r--CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c6
-rw-r--r--CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c6
-rw-r--r--CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c6
-rw-r--r--CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c124
-rw-r--r--CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c288
-rw-r--r--CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c5
-rw-r--r--CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c14
-rw-r--r--CryptoPkg/Library/OpensslLib/OpensslLib.inf6
19 files changed, 1223 insertions, 4 deletions
diff --git a/CryptoPkg/Application/Cryptest/Cryptest.c b/CryptoPkg/Application/Cryptest/Cryptest.c
index 188a36c4c3..db8c89aa51 100644
--- a/CryptoPkg/Application/Cryptest/Cryptest.c
+++ b/CryptoPkg/Application/Cryptest/Cryptest.c
@@ -58,6 +58,11 @@ CryptestMain (
return Status;
}
+ Status = ValidateCryptRsa2 ();
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
Status = ValidateAuthenticode ();
if (EFI_ERROR (Status)) {
return Status;
diff --git a/CryptoPkg/Application/Cryptest/Cryptest.h b/CryptoPkg/Application/Cryptest/Cryptest.h
index b63128552e..cc68cd3ce5 100644
--- a/CryptoPkg/Application/Cryptest/Cryptest.h
+++ b/CryptoPkg/Application/Cryptest/Cryptest.h
@@ -73,6 +73,18 @@ ValidateCryptRsa (
);
/**
+ Validate UEFI-OpenSSL RSA Key Retrieving (from PEM & X509) & Signature Interfaces.
+
+ @retval EFI_SUCCESS Validation succeeded.
+ @retval EFI_ABORTED Validation failed.
+
+**/
+EFI_STATUS
+ValidateCryptRsa2 (
+ VOID
+ );
+
+/**
Validate UEFI-OpenSSL PKCS#7 Verification Interfaces.
@retval EFI_SUCCESS Validation succeeded.
diff --git a/CryptoPkg/Application/Cryptest/Cryptest.inf b/CryptoPkg/Application/Cryptest/Cryptest.inf
index 0e617607db..ce9f62567b 100644
--- a/CryptoPkg/Application/Cryptest/Cryptest.inf
+++ b/CryptoPkg/Application/Cryptest/Cryptest.inf
@@ -35,6 +35,7 @@
HmacVerify.c
BlockCipherVerify.c
RsaVerify.c
+ RsaVerify2.c
AuthenticodeVerify.c
DhVerify.c
RandVerify.c
diff --git a/CryptoPkg/Application/Cryptest/HashVerify.c b/CryptoPkg/Application/Cryptest/HashVerify.c
index 1b218965ee..107ff45cc8 100644
--- a/CryptoPkg/Application/Cryptest/HashVerify.c
+++ b/CryptoPkg/Application/Cryptest/HashVerify.c
@@ -25,6 +25,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *HashData = "abc";
//
+// Result for MD4("abc"). (From "A.5 Test suite" of IETF RFC1320)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Md4Digest[MD4_DIGEST_SIZE] = {
+ 0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52, 0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d
+ };
+
+//
// Result for MD5("abc"). (From "A.5 Test suite" of IETF RFC1321)
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Md5Digest[MD5_DIGEST_SIZE] = {
@@ -68,6 +75,46 @@ ValidateCryptDigest (
Print (L" UEFI-OpenSSL Hash Engine Testing:\n");
DataSize = AsciiStrLen (HashData);
+ Print (L"- MD4: ");
+
+ //
+ // MD4 Digest Validation
+ //
+ ZeroMem (Digest, MAX_DIGEST_SIZE);
+ CtxSize = Md4GetContextSize ();
+ HashCtx = AllocatePool (CtxSize);
+
+ Print (L"Init... ");
+ Status = Md4Init (HashCtx);
+ if (!Status) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ }
+
+ Print (L"Update... ");
+ Status = Md4Update (HashCtx, HashData, DataSize);
+ if (!Status) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ }
+
+ Print (L"Finalize... ");
+ Status = Md4Final (HashCtx, Digest);
+ if (!Status) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ }
+
+ FreePool (HashCtx);
+
+ Print (L"Check Value... ");
+ if (CompareMem (Digest, Md4Digest, MD5_DIGEST_SIZE) != 0) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ }
+
+ Print (L"[Pass]\n");
+
Print (L"- MD5: ");
//
diff --git a/CryptoPkg/Application/Cryptest/RsaVerify2.c b/CryptoPkg/Application/Cryptest/RsaVerify2.c
new file mode 100644
index 0000000000..adac99a9d7
--- /dev/null
+++ b/CryptoPkg/Application/Cryptest/RsaVerify2.c
@@ -0,0 +1,305 @@
+/** @file
+ Application for RSA Key Retrieving (from PEM and X509) & Signature Validation.
+
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "Cryptest.h"
+
+//
+// X509 Cert Data for RSA Public Key Retrieving and X509 Verification (Generated by OpenSSL utility).
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TestCert[] = {
+ 0x30, 0x82, 0x02, 0x76, 0x30, 0x82, 0x01, 0xdf, 0x02, 0x09, 0x00, 0xa9, 0xff, 0x92, 0x73, 0xf6,
+ 0x74, 0xe0, 0xb0, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
+ 0x05, 0x00, 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43,
+ 0x4e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x08, 0x53, 0x68, 0x61, 0x6e,
+ 0x67, 0x68, 0x61, 0x69, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x53,
+ 0x68, 0x61, 0x6e, 0x67, 0x68, 0x61, 0x69, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0a,
+ 0x13, 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b,
+ 0x13, 0x03, 0x50, 0x53, 0x49, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04,
+ 0x55, 0x45, 0x46, 0x49, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+ 0x01, 0x09, 0x01, 0x16, 0x0c, 0x75, 0x65, 0x66, 0x69, 0x40, 0x70, 0x73, 0x69, 0x2e, 0x63, 0x6f,
+ 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x31, 0x30, 0x30, 0x38, 0x31, 0x38, 0x32, 0x35, 0x35,
+ 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x31, 0x30, 0x30, 0x35, 0x31, 0x38, 0x32, 0x35, 0x35, 0x39,
+ 0x5a, 0x30, 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43,
+ 0x4e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x08, 0x53, 0x68, 0x61, 0x6e,
+ 0x67, 0x68, 0x61, 0x69, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x53,
+ 0x68, 0x61, 0x6e, 0x67, 0x68, 0x61, 0x69, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0a,
+ 0x13, 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b,
+ 0x13, 0x03, 0x50, 0x53, 0x49, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x06,
+ 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+ 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x40, 0x70, 0x73,
+ 0x69, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81,
+ 0x81, 0x00, 0xc2, 0xfe, 0xbb, 0xbd, 0x92, 0x60, 0x6c, 0x2b, 0x75, 0x43, 0x6e, 0xd5, 0x91, 0x61,
+ 0x2a, 0xec, 0x15, 0x84, 0xce, 0x83, 0xc2, 0x51, 0xf6, 0x81, 0x93, 0xe6, 0x38, 0xd4, 0x85, 0xb1,
+ 0x02, 0x97, 0xb2, 0x7e, 0x74, 0x70, 0x57, 0x09, 0x72, 0xff, 0xb0, 0x7e, 0xd1, 0x9b, 0x34, 0x52,
+ 0xbb, 0x8e, 0xaf, 0x62, 0x26, 0xad, 0xfa, 0xc5, 0x9e, 0x5c, 0xbc, 0xb9, 0x9e, 0xfe, 0xa0, 0x33,
+ 0x30, 0x03, 0x9d, 0x3a, 0x09, 0xbb, 0xa5, 0xa9, 0x85, 0x35, 0x73, 0x52, 0xc3, 0xed, 0x10, 0x7f,
+ 0x83, 0x06, 0xe5, 0x2b, 0x3e, 0x39, 0xd9, 0xdf, 0x34, 0x7e, 0x15, 0x53, 0xbb, 0x82, 0x98, 0xe3,
+ 0xd8, 0x7e, 0xb3, 0x7e, 0xc0, 0x7f, 0x54, 0x67, 0x57, 0x19, 0xf0, 0xb2, 0xf6, 0x45, 0xaf, 0x43,
+ 0x05, 0xa5, 0x81, 0xc2, 0x15, 0xd7, 0x26, 0x85, 0xf7, 0xa7, 0x42, 0x36, 0x19, 0x19, 0xba, 0x0a,
+ 0x04, 0x9d, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+ 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x25, 0xbf, 0x8d, 0x88, 0xfc, 0xae,
+ 0x5e, 0xbe, 0x04, 0xed, 0x4e, 0xf2, 0x2e, 0x2f, 0x55, 0x9e, 0x21, 0x77, 0x86, 0x53, 0x16, 0xc0,
+ 0x04, 0x11, 0xa2, 0xeb, 0x1e, 0xf1, 0xbc, 0xfa, 0x96, 0xa3, 0xa2, 0x77, 0xe4, 0x61, 0x1b, 0x4a,
+ 0x69, 0x60, 0x16, 0x6f, 0xcb, 0xc6, 0xe2, 0x72, 0x72, 0xd1, 0x42, 0x7d, 0x83, 0x3d, 0xc5, 0x61,
+ 0x86, 0x78, 0x4b, 0x95, 0x69, 0x20, 0x88, 0xd1, 0x3c, 0x9b, 0xed, 0x2e, 0x3b, 0xeb, 0xaa, 0x99,
+ 0x7d, 0x9f, 0x24, 0xe6, 0xa9, 0x57, 0x31, 0x66, 0xe2, 0xe3, 0x3c, 0xd8, 0xb1, 0xf4, 0x33, 0x5d,
+ 0x8c, 0x21, 0xe0, 0x77, 0x82, 0x6b, 0x44, 0xb0, 0x04, 0x68, 0x25, 0xc8, 0xa1, 0xa2, 0x81, 0x7d,
+ 0x2e, 0xd5, 0xbb, 0xd2, 0x1d, 0x13, 0x3c, 0x22, 0x6d, 0xc5, 0x4d, 0xec, 0x76, 0x0a, 0x1c, 0xb0,
+ 0x1e, 0x80, 0xc1, 0xa0, 0xcc, 0x91, 0xd5, 0x7a, 0x5c, 0xf1
+ };
+
+//
+// Test CA X509 Certificate for X509 Verification Routine (Generated by OpenSSL utility).
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TestCACert[] = {
+ 0x30, 0x82, 0x02, 0x71, 0x30, 0x82, 0x01, 0xda, 0x02, 0x09, 0x00, 0x91, 0x9b, 0x90, 0x19, 0x9c,
+ 0x81, 0x28, 0x47, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
+ 0x05, 0x00, 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43,
+ 0x4e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x08, 0x53, 0x68, 0x61, 0x6e,
+ 0x67, 0x68, 0x61, 0x69, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x53,
+ 0x68, 0x61, 0x6e, 0x67, 0x68, 0x61, 0x69, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0a,
+ 0x13, 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b,
+ 0x13, 0x03, 0x50, 0x53, 0x49, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04,
+ 0x55, 0x45, 0x46, 0x49, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+ 0x01, 0x09, 0x01, 0x16, 0x0c, 0x75, 0x65, 0x66, 0x69, 0x40, 0x70, 0x73, 0x69, 0x2e, 0x63, 0x6f,
+ 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x31, 0x30, 0x30, 0x38, 0x31, 0x38, 0x31, 0x35, 0x33,
+ 0x36, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x31, 0x30, 0x30, 0x35, 0x31, 0x38, 0x31, 0x35, 0x33, 0x36,
+ 0x5a, 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e,
+ 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x08, 0x53, 0x68, 0x61, 0x6e, 0x67,
+ 0x68, 0x61, 0x69, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x53, 0x68,
+ 0x61, 0x6e, 0x67, 0x68, 0x61, 0x69, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
+ 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13,
+ 0x03, 0x50, 0x53, 0x49, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x55,
+ 0x45, 0x46, 0x49, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+ 0x09, 0x01, 0x16, 0x0c, 0x75, 0x65, 0x66, 0x69, 0x40, 0x70, 0x73, 0x69, 0x2e, 0x63, 0x6f, 0x6d,
+ 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
+ 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa3, 0x32, 0x20,
+ 0x1d, 0x10, 0x11, 0x9c, 0x9e, 0xa2, 0x42, 0x48, 0x9b, 0x15, 0xac, 0x66, 0xa2, 0xc8, 0x25, 0x11,
+ 0x4c, 0xc8, 0x1e, 0x2e, 0x35, 0xd6, 0xc4, 0x43, 0x2e, 0x39, 0xf3, 0xac, 0x2b, 0xd6, 0x98, 0x5c,
+ 0xbe, 0x62, 0xfe, 0x95, 0x8c, 0xd6, 0xb5, 0x4e, 0x9e, 0x0f, 0xee, 0x0e, 0xb1, 0xcc, 0x0a, 0x72,
+ 0xc6, 0x47, 0x66, 0xfe, 0x6a, 0x8b, 0xde, 0x34, 0x0d, 0x62, 0x81, 0xd7, 0xa4, 0x30, 0x3a, 0xe6,
+ 0x24, 0x3b, 0xe3, 0x5a, 0xd6, 0x2b, 0xec, 0x4a, 0xb7, 0x22, 0x36, 0xed, 0x3a, 0x71, 0xfa, 0xb1,
+ 0x3f, 0x91, 0xd3, 0x11, 0xac, 0x52, 0xee, 0xbc, 0x37, 0x0e, 0x9e, 0x45, 0xe4, 0x4d, 0x33, 0x83,
+ 0xef, 0x0c, 0xb3, 0x5a, 0xbe, 0x9e, 0x5c, 0x64, 0xd2, 0x9f, 0x70, 0xf4, 0xaa, 0xd0, 0x15, 0x0e,
+ 0x60, 0xe5, 0xeb, 0x34, 0xfd, 0xd6, 0x70, 0x64, 0x11, 0x20, 0x60, 0x8c, 0xad, 0x02, 0x03, 0x01,
+ 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
+ 0x00, 0x03, 0x81, 0x81, 0x00, 0x81, 0xfa, 0x8b, 0x03, 0x59, 0x30, 0xbf, 0xd2, 0x7f, 0x90, 0xd9,
+ 0x1a, 0xd9, 0xae, 0x1f, 0x3e, 0xc5, 0x45, 0x00, 0x0e, 0x06, 0x6e, 0xbc, 0xb0, 0xac, 0x32, 0xe3,
+ 0x2c, 0x10, 0x2d, 0x59, 0x51, 0x34, 0x7a, 0xb4, 0x22, 0x1d, 0x0f, 0x85, 0x9d, 0x80, 0x90, 0x3f,
+ 0x8e, 0x78, 0x2f, 0xfc, 0x12, 0x9e, 0xf2, 0xaa, 0xc9, 0x5d, 0x4a, 0x82, 0xc5, 0x64, 0xc7, 0x5a,
+ 0x29, 0xcb, 0xc2, 0x59, 0xde, 0xdf, 0xd8, 0x69, 0x51, 0x7a, 0x78, 0x4b, 0x47, 0x15, 0xcd, 0x52,
+ 0x66, 0xff, 0xb8, 0xf5, 0x16, 0xde, 0xe4, 0x32, 0xc5, 0x40, 0x42, 0xeb, 0xeb, 0x54, 0x63, 0xf7,
+ 0x82, 0x44, 0x4b, 0x5d, 0x8f, 0x3a, 0x29, 0xdf, 0xbc, 0xe0, 0x21, 0x3d, 0xc2, 0x4a, 0x19, 0x6e,
+ 0x7c, 0xed, 0xd3, 0x79, 0xac, 0xb0, 0x37, 0xea, 0xfd, 0x60, 0x7f, 0xbe, 0x5b, 0x0b, 0x69, 0x4a,
+ 0xe3, 0xac, 0xfa, 0x75, 0x0f
+ };
+
+//
+// Password-protected PEM Key data for RSA Private Key Retrieving (encryption key is "client").
+// (Generated by OpenSSL utility).
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TestKeyPem[] = {
+ 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x52, 0x53, 0x41, 0x20, 0x50,
+ 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a,
+ 0x50, 0x72, 0x6f, 0x63, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x34, 0x2c, 0x45, 0x4e, 0x43,
+ 0x52, 0x59, 0x50, 0x54, 0x45, 0x44, 0x0a, 0x44, 0x45, 0x4b, 0x2d, 0x49, 0x6e, 0x66, 0x6f, 0x3a,
+ 0x20, 0x44, 0x45, 0x53, 0x2d, 0x45, 0x44, 0x45, 0x33, 0x2d, 0x43, 0x42, 0x43, 0x2c, 0x44, 0x45,
+ 0x37, 0x32, 0x46, 0x31, 0x31, 0x30, 0x31, 0x31, 0x37, 0x42, 0x33, 0x36, 0x35, 0x36, 0x0a, 0x0a,
+ 0x38, 0x73, 0x6e, 0x79, 0x32, 0x59, 0x54, 0x79, 0x37, 0x67, 0x52, 0x5a, 0x38, 0x69, 0x73, 0x77,
+ 0x68, 0x37, 0x66, 0x46, 0x71, 0x49, 0x31, 0x30, 0x61, 0x39, 0x38, 0x6a, 0x2f, 0x76, 0x45, 0x66,
+ 0x69, 0x65, 0x47, 0x32, 0x43, 0x34, 0x53, 0x2b, 0x48, 0x70, 0x68, 0x33, 0x63, 0x68, 0x7a, 0x45,
+ 0x2f, 0x63, 0x58, 0x31, 0x2b, 0x6b, 0x6a, 0x6c, 0x46, 0x6b, 0x71, 0x6b, 0x47, 0x4e, 0x65, 0x4d,
+ 0x0a, 0x70, 0x72, 0x4b, 0x2b, 0x66, 0x48, 0x5a, 0x50, 0x77, 0x6c, 0x30, 0x63, 0x33, 0x79, 0x76,
+ 0x59, 0x58, 0x45, 0x7a, 0x4c, 0x45, 0x62, 0x50, 0x6f, 0x38, 0x4c, 0x6e, 0x74, 0x38, 0x36, 0x65,
+ 0x46, 0x53, 0x6f, 0x66, 0x4d, 0x78, 0x70, 0x33, 0x33, 0x64, 0x48, 0x39, 0x5a, 0x68, 0x6f, 0x57,
+ 0x66, 0x41, 0x43, 0x59, 0x78, 0x47, 0x44, 0x6f, 0x32, 0x30, 0x53, 0x33, 0x79, 0x42, 0x39, 0x67,
+ 0x38, 0x0a, 0x4d, 0x75, 0x59, 0x63, 0x74, 0x32, 0x38, 0x62, 0x6f, 0x62, 0x30, 0x65, 0x7a, 0x31,
+ 0x43, 0x38, 0x51, 0x52, 0x78, 0x58, 0x48, 0x31, 0x66, 0x4a, 0x52, 0x5a, 0x52, 0x50, 0x34, 0x38,
+ 0x50, 0x42, 0x6f, 0x5a, 0x7a, 0x36, 0x73, 0x6a, 0x4b, 0x36, 0x57, 0x51, 0x58, 0x66, 0x67, 0x4d,
+ 0x32, 0x70, 0x4c, 0x31, 0x42, 0x6f, 0x51, 0x70, 0x4e, 0x4e, 0x4f, 0x6d, 0x61, 0x79, 0x2b, 0x2b,
+ 0x72, 0x74, 0x0a, 0x6c, 0x7a, 0x32, 0x4f, 0x63, 0x72, 0x6a, 0x67, 0x2f, 0x72, 0x45, 0x61, 0x79,
+ 0x63, 0x63, 0x43, 0x55, 0x4d, 0x7a, 0x4e, 0x4f, 0x4a, 0x51, 0x74, 0x4f, 0x47, 0x74, 0x34, 0x7a,
+ 0x4d, 0x4a, 0x53, 0x73, 0x2f, 0x7a, 0x77, 0x77, 0x77, 0x73, 0x5a, 0x43, 0x4b, 0x74, 0x39, 0x33,
+ 0x37, 0x30, 0x62, 0x76, 0x74, 0x63, 0x36, 0x45, 0x34, 0x75, 0x42, 0x63, 0x75, 0x41, 0x51, 0x72,
+ 0x37, 0x73, 0x30, 0x0a, 0x44, 0x76, 0x46, 0x64, 0x4d, 0x6d, 0x6f, 0x71, 0x35, 0x57, 0x6d, 0x69,
+ 0x48, 0x6d, 0x4e, 0x70, 0x67, 0x54, 0x70, 0x65, 0x54, 0x67, 0x77, 0x62, 0x56, 0x64, 0x76, 0x71,
+ 0x49, 0x4f, 0x71, 0x31, 0x45, 0x6c, 0x6e, 0x30, 0x35, 0x53, 0x70, 0x76, 0x44, 0x7a, 0x4d, 0x56,
+ 0x76, 0x67, 0x39, 0x78, 0x62, 0x76, 0x64, 0x6f, 0x6e, 0x67, 0x4f, 0x35, 0x77, 0x49, 0x51, 0x70,
+ 0x69, 0x73, 0x73, 0x47, 0x0a, 0x75, 0x32, 0x69, 0x63, 0x4e, 0x66, 0x48, 0x48, 0x6d, 0x34, 0x76,
+ 0x48, 0x2b, 0x6d, 0x6e, 0x72, 0x58, 0x45, 0x57, 0x63, 0x69, 0x6c, 0x30, 0x64, 0x61, 0x36, 0x6b,
+ 0x54, 0x59, 0x66, 0x71, 0x70, 0x6d, 0x46, 0x37, 0x72, 0x52, 0x4d, 0x56, 0x61, 0x6c, 0x69, 0x30,
+ 0x43, 0x44, 0x4f, 0x59, 0x7a, 0x37, 0x6e, 0x70, 0x51, 0x64, 0x33, 0x38, 0x6a, 0x43, 0x62, 0x78,
+ 0x65, 0x59, 0x51, 0x65, 0x6d, 0x0a, 0x33, 0x68, 0x73, 0x61, 0x6f, 0x76, 0x58, 0x72, 0x71, 0x71,
+ 0x4e, 0x34, 0x71, 0x6b, 0x67, 0x50, 0x48, 0x57, 0x68, 0x41, 0x74, 0x39, 0x5a, 0x4d, 0x4e, 0x37,
+ 0x58, 0x45, 0x62, 0x56, 0x36, 0x42, 0x31, 0x6c, 0x36, 0x77, 0x4a, 0x71, 0x5a, 0x68, 0x68, 0x66,
+ 0x33, 0x68, 0x79, 0x7a, 0x6f, 0x38, 0x32, 0x38, 0x47, 0x59, 0x45, 0x37, 0x56, 0x58, 0x45, 0x4e,
+ 0x49, 0x6d, 0x76, 0x73, 0x35, 0x56, 0x0a, 0x69, 0x52, 0x58, 0x31, 0x6d, 0x61, 0x43, 0x30, 0x56,
+ 0x6b, 0x72, 0x31, 0x46, 0x32, 0x36, 0x55, 0x63, 0x4b, 0x51, 0x67, 0x34, 0x66, 0x53, 0x39, 0x43,
+ 0x71, 0x48, 0x31, 0x39, 0x7a, 0x4b, 0x36, 0x6d, 0x6d, 0x71, 0x47, 0x75, 0x67, 0x76, 0x66, 0x66,
+ 0x2f, 0x74, 0x5a, 0x50, 0x72, 0x67, 0x68, 0x61, 0x4f, 0x62, 0x52, 0x2b, 0x77, 0x76, 0x34, 0x46,
+ 0x65, 0x4f, 0x32, 0x42, 0x45, 0x44, 0x6d, 0x0a, 0x67, 0x4d, 0x33, 0x71, 0x47, 0x51, 0x4a, 0x44,
+ 0x35, 0x53, 0x65, 0x77, 0x4f, 0x61, 0x62, 0x41, 0x72, 0x4e, 0x37, 0x4c, 0x6f, 0x30, 0x59, 0x2b,
+ 0x44, 0x6a, 0x79, 0x39, 0x44, 0x43, 0x4b, 0x6f, 0x47, 0x4e, 0x4a, 0x50, 0x53, 0x4f, 0x58, 0x65,
+ 0x70, 0x57, 0x48, 0x65, 0x6d, 0x6c, 0x76, 0x72, 0x49, 0x63, 0x39, 0x66, 0x4d, 0x2f, 0x37, 0x57,
+ 0x6a, 0x4b, 0x4d, 0x6b, 0x72, 0x57, 0x50, 0x6a, 0x0a, 0x56, 0x64, 0x73, 0x61, 0x6e, 0x4b, 0x30,
+ 0x7a, 0x74, 0x4e, 0x2b, 0x43, 0x49, 0x64, 0x66, 0x38, 0x70, 0x33, 0x55, 0x30, 0x30, 0x57, 0x44,
+ 0x6d, 0x30, 0x2f, 0x62, 0x4d, 0x43, 0x56, 0x6d, 0x6b, 0x36, 0x6a, 0x76, 0x47, 0x66, 0x2f, 0x63,
+ 0x55, 0x6c, 0x47, 0x38, 0x79, 0x6d, 0x30, 0x2f, 0x49, 0x67, 0x4a, 0x70, 0x71, 0x35, 0x2b, 0x33,
+ 0x62, 0x78, 0x38, 0x73, 0x63, 0x54, 0x64, 0x55, 0x4f, 0x0a, 0x41, 0x38, 0x30, 0x41, 0x56, 0x68,
+ 0x61, 0x53, 0x41, 0x71, 0x44, 0x6d, 0x68, 0x49, 0x6c, 0x59, 0x34, 0x54, 0x6f, 0x78, 0x42, 0x68,
+ 0x63, 0x46, 0x2b, 0x4b, 0x4d, 0x48, 0x57, 0x33, 0x33, 0x5a, 0x45, 0x79, 0x66, 0x4a, 0x4a, 0x54,
+ 0x71, 0x55, 0x42, 0x71, 0x4a, 0x6a, 0x4f, 0x69, 0x75, 0x41, 0x78, 0x6a, 0x59, 0x70, 0x71, 0x4f,
+ 0x4e, 0x45, 0x35, 0x56, 0x4b, 0x33, 0x48, 0x68, 0x6c, 0x45, 0x0a, 0x2f, 0x4a, 0x33, 0x6b, 0x57,
+ 0x79, 0x4f, 0x39, 0x69, 0x4d, 0x62, 0x33, 0x67, 0x73, 0x44, 0x59, 0x36, 0x41, 0x76, 0x41, 0x76,
+ 0x5a, 0x39, 0x71, 0x6c, 0x5a, 0x6b, 0x30, 0x52, 0x50, 0x67, 0x49, 0x4c, 0x4a, 0x77, 0x6e, 0x33,
+ 0x6d, 0x77, 0x67, 0x73, 0x63, 0x55, 0x70, 0x41, 0x30, 0x5a, 0x50, 0x6a, 0x61, 0x55, 0x56, 0x6c,
+ 0x64, 0x71, 0x70, 0x32, 0x69, 0x71, 0x47, 0x78, 0x71, 0x50, 0x36, 0x0a, 0x45, 0x72, 0x65, 0x38,
+ 0x38, 0x59, 0x75, 0x41, 0x53, 0x55, 0x4a, 0x5a, 0x4a, 0x62, 0x34, 0x72, 0x53, 0x42, 0x4c, 0x68,
+ 0x45, 0x55, 0x41, 0x76, 0x63, 0x67, 0x38, 0x33, 0x4d, 0x6b, 0x4d, 0x6c, 0x68, 0x74, 0x6b, 0x34,
+ 0x62, 0x67, 0x34, 0x5a, 0x35, 0x65, 0x73, 0x44, 0x57, 0x66, 0x4d, 0x67, 0x56, 0x65, 0x6a, 0x4e,
+ 0x4a, 0x51, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x52, 0x53,
+ 0x41, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d,
+ 0x2d, 0x2d
+ };
+
+//
+// Password for private key retrieving from encrypted PEM ("TestKeyPem").
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *PemPass = "client";
+
+//
+// Message Hash for Signing & Verification Validation.
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 MsgHash[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09
+ };
+
+/**
+ Validate UEFI-OpenSSL RSA Key Retrieving & Signature Interfaces.
+
+ @retval EFI_SUCCESS Validation succeeded.
+ @retval EFI_ABORTED Validation failed.
+
+**/
+EFI_STATUS
+ValidateCryptRsa2 (
+ VOID
+ )
+{
+ BOOLEAN Status;
+ VOID *RsaPrivKey;
+ VOID *RsaPubKey;
+ UINT8 *Signature;
+ UINTN SigSize;
+ UINT8 *Subject;
+ UINTN SubjectSize;
+
+ Print (L"\nUEFI-OpenSSL RSA Key Retrieving Testing: ");
+
+ //
+ // Retrieve RSA private key from encrypted PEM data.
+ //
+ Print (L"\n- Retrieve RSA Private Key for PEM ...");
+ Status = RsaGetPrivateKeyFromPem (TestKeyPem, sizeof (TestKeyPem), PemPass, &RsaPrivKey);
+ if (Status == FALSE) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ } else {
+ Print (L"[Pass]");
+ }
+
+ //
+ // Retrieve RSA public key from X509 Certificate.
+ //
+ Print (L"\n- Retrieve RSA Public Key from X509 ... ");
+ RsaPubKey = NULL;
+ Status = RsaGetPublicKeyFromX509 (TestCert, sizeof (TestCert), &RsaPubKey);
+ if (Status == FALSE) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ } else {
+ Print (L"[Pass]");
+ }
+
+ //
+ // Generate RSA PKCS#1 Signature.
+ //
+ Print (L"\n- PKCS#1 Signature ... ");
+ SigSize = 0;
+ Status = RsaPkcs1Sign (RsaPrivKey, MsgHash, SHA1_DIGEST_SIZE, NULL, &SigSize);
+ if (Status || SigSize == 0) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ }
+
+ Signature = AllocatePool (SigSize);
+ Status = RsaPkcs1Sign (RsaPrivKey, MsgHash, SHA1_DIGEST_SIZE, Signature, &SigSize);
+ if (!Status) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ } else {
+ Print (L"[Pass]");
+ }
+
+ //
+ // Verify RSA PKCS#1-encoded Signature.
+ //
+ Print (L"\n- PKCS#1 Signature Verification ... ");
+ Status = RsaPkcs1Verify (RsaPubKey, MsgHash, SHA1_DIGEST_SIZE, Signature, SigSize);
+ if (!Status) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ } else {
+ Print (L"[Pass]");
+ }
+
+ //
+ // X509 Certificate Subject Retrieving.
+ //
+ Print (L"\n- X509 Certificate Subject Bytes Retrieving ... ");
+ SubjectSize = 0;
+ Status = X509GetSubjectName (TestCert, sizeof (TestCert), NULL, &SubjectSize);
+ Subject = (UINT8 *)AllocatePool (SubjectSize);
+ Status = X509GetSubjectName (TestCert, sizeof (TestCert), Subject, &SubjectSize);
+ if (!Status) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ } else {
+ Print (L"[Pass]");
+ }
+
+ //
+ // X509 Certificate Verification.
+ //
+ Print (L"\n- X509 Certificate Verification with Trusted CA ...");
+ Status = X509VerifyCert (TestCert, sizeof (TestCert), TestCACert, sizeof (TestCACert));
+ if (!Status) {
+ Print (L"[Fail]\n");
+ return EFI_ABORTED;
+ } else {
+ Print (L"[Pass]\n");
+ }
+
+ //
+ // Release Resources.
+ //
+ RsaFree (RsaPubKey);
+ RsaFree (RsaPrivKey);
+ FreePool (Signature);
+ FreePool (Subject);
+
+ return EFI_SUCCESS;
+}
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index ee8c44d367..5fbedd9439 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -19,6 +19,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define __BASE_CRYPT_LIB_H__
///
+/// MD4 digest size in bytes
+///
+#define MD4_DIGEST_SIZE 16
+
+///
/// MD5 digest size in bytes
///
#define MD5_DIGEST_SIZE 16
@@ -62,6 +67,109 @@ typedef enum {
//=====================================================================================
/**
+ Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
+
+ @return The size, in bytes, of the context buffer required for MD4 hash operations.
+
+**/
+UINTN
+EFIAPI
+Md4GetContextSize (
+ VOID
+ );
+
+/**
+ Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
+ subsequent use.
+
+ If Md4Context is NULL, then ASSERT().
+
+ @param[out] Md4Context Pointer to MD4 context being initialized.
+
+ @retval TRUE MD4 context initialization succeeded.
+ @retval FALSE MD4 context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Init (
+ OUT VOID *Md4Context
+ );
+
+/**
+ Makes a copy of an existing MD4 context.
+
+ If Md4Context is NULL, then ASSERT().
+ If NewMd4Context is NULL, then ASSERT().
+
+ @param[in] Md4Context Pointer to MD4 context being copied.
+ @param[out] NewMd4Context Pointer to new MD4 context.
+
+ @retval TRUE MD4 context copy succeeded.
+ @retval FALSE MD4 context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Duplicate (
+ IN CONST VOID *Md4Context,
+ OUT VOID *NewMd4Context
+ );
+
+/**
+ Digests the input data and updates MD4 context.
+
+ This function performs MD4 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ MD4 context should be already correctly intialized by Md4Init(), and should not be finalized
+ by Md4Final(). Behavior with invalid context is undefined.
+
+ If Md4Context is NULL, then ASSERT().
+
+ @param[in, out] Md4Context Pointer to the MD4 context.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE MD4 data digest succeeded.
+ @retval FALSE MD4 data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Update (
+ IN OUT VOID *Md4Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the MD4 digest value.
+
+ This function completes MD4 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the MD4 context cannot
+ be used again.
+ MD4 context should be already correctly intialized by Md4Init(), and should not be
+ finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
+
+ If Md4Context is NULL, then ASSERT().
+ If HashValue is NULL, then ASSERT().
+
+ @param[in, out] Md4Context Pointer to the MD4 context.
+ @param[out] HashValue Pointer to a buffer that receives the MD4 digest
+ value (16 bytes).
+
+ @retval TRUE MD4 digest computation succeeded.
+ @retval FALSE MD4 digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Final (
+ IN OUT VOID *Md4Context,
+ OUT UINT8 *HashValue
+ );
+
+/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
@return The size, in bytes, of the context buffer required for MD5 hash operations.
@@ -1293,6 +1401,107 @@ RsaPkcs1Verify (
);
/**
+ Retrieve the RSA Private Key from the password-protected PEM key data.
+
+ @param[in] PemData Pointer to the PEM-encoded key data to be retrieved.
+ @param[in] PemSize Size of the PEM key data in bytes.
+ @param[in] Password NULL-terminated passphrase used for encrypted PEM key data.
+ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
+ RSA private key component. Use RsaFree() function to free the
+ resource.
+
+ If PemData is NULL, then ASSERT().
+ If RsaContext is NULL, then ASSERT().
+
+ @retval TRUE RSA Private Key was retrieved successfully.
+ @retval FALSE Invalid PEM key data or incorrect password.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetPrivateKeyFromPem (
+ IN CONST UINT8 *PemData,
+ IN UINTN PemSize,
+ IN CONST CHAR8 *Password,
+ OUT VOID **RsaContext
+ );
+
+/**
+ Retrieve the RSA Public Key from one DER-encoded X509 certificate.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
+ RSA public key component. Use RsaFree() function to free the
+ resource.
+
+ If Cert is NULL, then ASSERT().
+ If RsaContext is NULL, then ASSERT().
+
+ @retval TRUE RSA Public Key was retrieved successfully.
+ @retval FALSE Fail to retrieve RSA public key from X509 certificate.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetPublicKeyFromX509 (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT VOID **RsaContext
+ );
+
+/**
+ Retrieve the subject bytes from one X.509 certificate.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] CertSubject Pointer to the retrieved certificate subject bytes.
+ @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,
+ and the size of buffer returned CertSubject on output.
+
+ If Cert is NULL, then ASSERT().
+ If SubjectSize is NULL, then ASSERT().
+
+ @retval TRUE The certificate subject retrieved successfully.
+ @retval FALSE Invalid certificate, or the SubjectSize is too small for the result.
+ The SubjectSize will be updated with the required size.
+
+**/
+BOOLEAN
+EFIAPI
+X509GetSubjectName (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT UINT8 *CertSubject,
+ IN OUT UINTN *SubjectSize
+ );
+
+/**
+ Verify one X509 certificate was issued by the trusted CA.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[in] CACert Pointer to the DER-encoded trusted CA certificate.
+ @param[in] CACertSize Size of the CA Certificate in bytes.
+
+ If Cert is NULL, then ASSERT().
+ If CACert is NULL, then ASSERT().
+
+ @retval TRUE The certificate was issued by the trusted CA.
+ @retval FALSE Invalid certificate or the certificate was not issued by the given
+ trusted CA.
+
+**/
+BOOLEAN
+EFIAPI
+X509VerifyCert (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ IN CONST UINT8 *CACert,
+ IN UINTN CACertSize
+ );
+
+/**
Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: Cryptographic
Message Syntax Standard".
diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h
index 1c51cdb302..571511582e 100644
--- a/CryptoPkg/Include/OpenSslSupport.h
+++ b/CryptoPkg/Include/OpenSslSupport.h
@@ -222,6 +222,7 @@ FILE *stdout;
#define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch))
#define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch)
#define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count)))
+#define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count))
#define strcmp AsciiStrCmp
#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
#define strcpy(strDest,strSource) AsciiStrCpy(strDest,strSource)
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index efd28ed120..26ec8c1e79 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -28,6 +28,7 @@
[Sources]
InternalCryptLib.h
+ Hash/CryptMd4.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
@@ -40,6 +41,8 @@
Pk/CryptRsa.c
Pk/CryptPkcs7.c
Pk/CryptDh.c
+ Pk/CryptX509.c
+ Pem/CryptPem.c
SysCall/CrtWrapper.c
SysCall/TimerWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
new file mode 100644
index 0000000000..a5769133ed
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
@@ -0,0 +1,177 @@
+/** @file
+ MD4 Digest Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/md4.h>
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
+
+ @return The size, in bytes, of the context buffer required for MD4 hash operations.
+
+**/
+UINTN
+EFIAPI
+Md4GetContextSize (
+ VOID
+ )
+{
+ //
+ // Retrieves the OpenSSL MD4 Context Size
+ //
+ return (UINTN)(sizeof (MD4_CTX));
+}
+
+/**
+ Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
+ subsequent use.
+
+ If Md4Context is NULL, then ASSERT().
+
+ @param[out] Md4Context Pointer to MD4 context being initialized.
+
+ @retval TRUE MD4 context initialization succeeded.
+ @retval FALSE MD4 context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Init (
+ OUT VOID *Md4Context
+ )
+{
+ //
+ // ASSERT if Md4Context is NULL.
+ //
+ ASSERT (Md4Context != NULL);
+
+ //
+ // OpenSSL MD4 Context Initialization
+ //
+ return (BOOLEAN) (MD4_Init ((MD4_CTX *)Md4Context));
+}
+
+/**
+ Makes a copy of an existing MD4 context.
+
+ If Md4Context is NULL, then ASSERT().
+ If NewMd4Context is NULL, then ASSERT().
+
+ @param[in] Md4Context Pointer to MD4 context being copied.
+ @param[out] NewMd4Context Pointer to new MD4 context.
+
+ @retval TRUE MD4 context copy succeeded.
+ @retval FALSE MD4 context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Duplicate (
+ IN CONST VOID *Md4Context,
+ OUT VOID *NewMd4Context
+ )
+{
+ //
+ // ASSERT if Md4Context or NewMd4Context is NULL.
+ //
+ ASSERT (Md4Context != NULL);
+ ASSERT (NewMd4Context != NULL);
+
+ CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX));
+
+ return TRUE;
+}
+
+/**
+ Digests the input data and updates MD4 context.
+
+ This function performs MD4 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ MD4 context should be already correctly intialized by Md4Init(), and should not be finalized
+ by Md4Final(). Behavior with invalid context is undefined.
+
+ If Md4Context is NULL, then ASSERT().
+
+ @param[in, out] Md4Context Pointer to the MD4 context.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE MD4 data digest succeeded.
+ @retval FALSE MD4 data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Update (
+ IN OUT VOID *Md4Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ //
+ // ASSERT if Md4Context is NULL
+ //
+ ASSERT (Md4Context != NULL);
+
+ //
+ // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL
+ //
+ if (Data == NULL) {
+ ASSERT (DataSize == 0);
+ }
+
+ //
+ // OpenSSL MD4 Hash Update
+ //
+ return (BOOLEAN) (MD4_Update ((MD4_CTX *)Md4Context, Data, DataSize));
+}
+
+/**
+ Completes computation of the MD4 digest value.
+
+ This function completes MD4 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the MD4 context cannot
+ be used again.
+ MD4 context should be already correctly intialized by Md4Init(), and should not be
+ finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
+
+ If Md4Context is NULL, then ASSERT().
+ If HashValue is NULL, then ASSERT().
+
+ @param[in, out] Md4Context Pointer to the MD4 context.
+ @param[out] HashValue Pointer to a buffer that receives the MD4 digest
+ value (16 bytes).
+
+ @retval TRUE MD4 digest computation succeeded.
+ @retval FALSE MD4 digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Final (
+ IN OUT VOID *Md4Context,
+ OUT UINT8 *HashValue
+ )
+{
+ //
+ // ASSERT if Md4Context is NULL or HashValue is NULL
+ //
+ ASSERT (Md4Context != NULL);
+ ASSERT (HashValue != NULL);
+
+ //
+ // OpenSSL MD4 Hash Finalization
+ //
+ return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *)Md4Context));
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c
index 73f3d219b0..8d5e6ed89d 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c
@@ -84,6 +84,12 @@ Md5Duplicate (
OUT VOID *NewMd5Context
)
{
+ //
+ // ASSERT if Md5Context or NewMd5Context is NULL.
+ //
+ ASSERT (Md5Context != NULL);
+ ASSERT (NewMd5Context != NULL);
+
CopyMem (NewMd5Context, Md5Context, sizeof (MD5_CTX));
return TRUE;
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
index 9a317ec143..27526bcd40 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
@@ -83,6 +83,12 @@ Sha1Duplicate (
OUT VOID *NewSha1Context
)
{
+ //
+ // ASSERT if Sha1Context or NewSha1Context is NULL.
+ //
+ ASSERT (Sha1Context != NULL);
+ ASSERT (NewSha1Context != NULL);
+
CopyMem (NewSha1Context, Sha1Context, sizeof (SHA_CTX));
return TRUE;
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c
index 7e6c6c691f..3c2f9a1155 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c
@@ -82,6 +82,12 @@ Sha256Duplicate (
OUT VOID *NewSha256Context
)
{
+ //
+ // ASSERT if Sha256Context or NewSha256Context is NULL.
+ //
+ ASSERT (Sha256Context != NULL);
+ ASSERT (NewSha256Context != NULL);
+
CopyMem (NewSha256Context, Sha256Context, sizeof (SHA256_CTX));
return TRUE;
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
index 1eff5c4978..5386072c38 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
@@ -89,6 +89,12 @@ HmacMd5Duplicate (
OUT VOID *NewHmacMd5Context
)
{
+ //
+ // ASSERT if HmacMd5Context or NewHmacMd5Context is NULL.
+ //
+ ASSERT (HmacMd5Context != NULL);
+ ASSERT (NewHmacMd5Context != NULL);
+
CopyMem (NewHmacMd5Context, HmacMd5Context, sizeof (HMAC_CTX));
return TRUE;
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
index 0298b80cc5..ff9377c0d2 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
@@ -89,6 +89,12 @@ HmacSha1Duplicate (
OUT VOID *NewHmacSha1Context
)
{
+ //
+ // ASSERT if HmacSha1Context or NewHmacSha1Context is NULL.
+ //
+ ASSERT (HmacSha1Context != NULL);
+ ASSERT (NewHmacSha1Context != NULL);
+
CopyMem (NewHmacSha1Context, HmacSha1Context, sizeof (HMAC_CTX));
return TRUE;
diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
new file mode 100644
index 0000000000..e9de39a105
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
@@ -0,0 +1,124 @@
+/** @file
+ PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/pem.h>
+
+/**
+ Callback function for password phrase conversion used for retrieving the encrypted PEM.
+
+ @param[out] Buf Pointer to the buffer to write the passphrase to.
+ @param[in] Size Maximum length of the passphrase (i.e. the size of Buf).
+ @param[in] Flag A flag which is set to 0 when reading and 1 when writing.
+ @param[in] Key Key data to be passed to the callback routine.
+
+ @retval The number of characters in the passphrase or 0 if an error occurred.
+
+**/
+INTN
+PasswordCallback (
+ OUT CHAR8 *Buf,
+ IN INTN Size,
+ IN INTN Flag,
+ IN VOID *Key
+ )
+{
+ INTN KeyLength;
+
+ ZeroMem ((VOID *)Buf, (UINTN)Size);
+ if (Key != NULL) {
+ //
+ // Duplicate key phrase directly.
+ //
+ KeyLength = AsciiStrLen ((CHAR8 *)Key);
+ KeyLength = (KeyLength > Size ) ? Size : KeyLength;
+ CopyMem (Buf, Key, KeyLength);
+ return KeyLength;
+ } else {
+ return 0;
+ }
+}
+
+/**
+ Retrieve the RSA Private Key from the password-protected PEM key data.
+
+ @param[in] PemData Pointer to the PEM-encoded key data to be retrieved.
+ @param[in] PemSize Size of the PEM key data in bytes.
+ @param[in] Password NULL-terminated passphrase used for encrypted PEM key data.
+ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
+ RSA private key component. Use RsaFree() function to free the
+ resource.
+
+ If PemData is NULL, then ASSERT().
+ If RsaContext is NULL, then ASSERT().
+
+ @retval TRUE RSA Private Key was retrieved successfully.
+ @retval FALSE Invalid PEM key data or incorrect password.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetPrivateKeyFromPem (
+ IN CONST UINT8 *PemData,
+ IN UINTN PemSize,
+ IN CONST CHAR8 *Password,
+ OUT VOID **RsaContext
+ )
+{
+ BOOLEAN Status;
+ BIO *PemBio;
+
+ //
+ // ASSERT if PemData is NULL or RsaContext is NULL.
+ //
+ ASSERT (PemData != NULL);
+ ASSERT (RsaContext != NULL);
+
+ Status = FALSE;
+ PemBio = NULL;
+
+ //
+ // Add possible block-cipher descriptor for PEM data decryption.
+ // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.
+ //
+ EVP_add_cipher (EVP_des_ede3_cbc());
+ EVP_add_cipher (EVP_aes_128_cbc());
+ EVP_add_cipher (EVP_aes_192_cbc());
+ EVP_add_cipher (EVP_aes_256_cbc());
+
+ //
+ // Read encrypted PEM Data.
+ //
+ PemBio = BIO_new (BIO_s_mem ());
+ BIO_write (PemBio, PemData, (int)PemSize);
+ if (PemBio == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Retrieve RSA Private Key from encrypted PEM data.
+ //
+ *RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *)&PasswordCallback, (void *)Password);
+ if (*RsaContext != NULL) {
+ Status = TRUE;
+ }
+
+_Exit:
+ //
+ // Release Resources.
+ //
+ BIO_free (PemBio);
+
+ return Status;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
new file mode 100644
index 0000000000..6d687c64b6
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -0,0 +1,288 @@
+/** @file
+ X.509 Certificate Handler Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/x509.h>
+
+/**
+ Retrieve the subject bytes from one X.509 certificate.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] CertSubject Pointer to the retrieved certificate subject bytes.
+ @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,
+ and the size of buffer returned CertSubject on output.
+
+ If Cert is NULL, then ASSERT().
+ If SubjectSize is NULL, then ASSERT().
+
+ @retval TRUE The certificate subject retrieved successfully.
+ @retval FALSE Invalid certificate, or the SubjectSize is too small for the result.
+ The SubjectSize will be updated with the required size.
+
+**/
+BOOLEAN
+EFIAPI
+X509GetSubjectName (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT UINT8 *CertSubject,
+ IN OUT UINTN *SubjectSize
+ )
+{
+ BOOLEAN Status;
+ BIO *CertBio;
+ X509 *X509Cert;
+ X509_NAME *X509Name;
+
+ //
+ // ASSERT if Cert is NULL or SubjectSize is NULL.
+ //
+ ASSERT (Cert != NULL);
+ ASSERT (SubjectSize != NULL);
+
+ Status = FALSE;
+ X509Cert = NULL;
+
+ //
+ // Read DER-encoded X509 Certificate and Construct X509 object.
+ //
+ CertBio = BIO_new (BIO_s_mem ());
+ BIO_write (CertBio, Cert, (int)CertSize);
+ if (CertBio == NULL) {
+ goto _Exit;
+ }
+ X509Cert = d2i_X509_bio (CertBio, NULL);
+ if (Cert == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Retrieve subject name from certificate object.
+ //
+ X509Name = X509_get_subject_name (X509Cert);
+ if (*SubjectSize < (UINTN) X509Name->bytes->length) {
+ *SubjectSize = (UINTN) X509Name->bytes->length;
+ goto _Exit;
+ }
+ *SubjectSize = (UINTN) X509Name->bytes->length;
+ if (CertSubject != NULL) {
+ CopyMem (CertSubject, (UINT8 *)X509Name->bytes->data, *SubjectSize);
+ Status = TRUE;
+ }
+
+_Exit:
+ //
+ // Release Resources.
+ //
+ BIO_free (CertBio);
+ X509_free (X509Cert);
+
+ return Status;
+}
+
+/**
+ Retrieve the RSA Public Key from one DER-encoded X509 certificate.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
+ RSA public key component. Use RsaFree() function to free the
+ resource.
+
+ If Cert is NULL, then ASSERT().
+ If RsaContext is NULL, then ASSERT().
+
+ @retval TRUE RSA Public Key was retrieved successfully.
+ @retval FALSE Fail to retrieve RSA public key from X509 certificate.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetPublicKeyFromX509 (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT VOID **RsaContext
+ )
+{
+ BOOLEAN Status;
+ EVP_PKEY *Pkey;
+ BIO *CertBio;
+ X509 *X509Cert;
+
+ //
+ // ASSERT if Cert is NULL or RsaContext is NULL.
+ //
+ ASSERT (Cert != NULL);
+ ASSERT (RsaContext != NULL);
+
+ Status = FALSE;
+ Pkey = NULL;
+ CertBio = NULL;
+ X509Cert = NULL;
+
+ //
+ // Read DER-encoded X509 Certificate and Construct X509 object.
+ //
+ CertBio = BIO_new (BIO_s_mem ());
+ BIO_write (CertBio, Cert, (int)CertSize);
+ if (CertBio == NULL) {
+ goto _Exit;
+ }
+ X509Cert = d2i_X509_bio (CertBio, NULL);
+ if (X509Cert == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Retrieve and check EVP_PKEY data from X509 Certificate.
+ //
+ Pkey = X509_get_pubkey (X509Cert);
+ if ((Pkey == NULL) || (Pkey->type != EVP_PKEY_RSA)) {
+ goto _Exit;
+ }
+
+ //
+ // Duplicate RSA Context from the retrieved EVP_PKEY.
+ //
+ if ((*RsaContext = RSAPublicKey_dup (Pkey->pkey.rsa)) != NULL) {
+ Status = TRUE;
+ }
+
+_Exit:
+ //
+ // Release Resources.
+ //
+ BIO_free (CertBio);
+ X509_free (X509Cert);
+ EVP_PKEY_free (Pkey);
+
+ return Status;
+}
+
+/**
+ Verify one X509 certificate was issued by the trusted CA.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[in] CACert Pointer to the DER-encoded trusted CA certificate.
+ @param[in] CACertSize Size of the CA Certificate in bytes.
+
+ If Cert is NULL, then ASSERT().
+ If CACert is NULL, then ASSERT().
+
+ @retval TRUE The certificate was issued by the trusted CA.
+ @retval FALSE Invalid certificate or the certificate was not issued by the given
+ trusted CA.
+
+**/
+BOOLEAN
+EFIAPI
+X509VerifyCert (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ IN CONST UINT8 *CACert,
+ IN UINTN CACertSize
+ )
+{
+ BOOLEAN Status;
+ BIO *BioCert;
+ BIO *BioCACert;
+ X509 *X509Cert;
+ X509 *X509CACert;
+ X509_STORE *CertStore;
+ X509_STORE_CTX CertCtx;
+
+ //
+ // ASSERT if Cert is NULL or CACert is NULL.
+ //
+ ASSERT (Cert != NULL);
+ ASSERT (CACert != NULL);
+
+ Status = FALSE;
+ BioCert = NULL;
+ BioCACert = NULL;
+ X509Cert = NULL;
+ X509CACert = NULL;
+ CertStore = NULL;
+
+ //
+ // Register & Initialize necessary digest algorithms for certificate verification.
+ //
+ EVP_add_digest (EVP_md5());
+ EVP_add_digest (EVP_sha1());
+ EVP_add_digest (EVP_sha256());
+
+ //
+ // Read DER-encoded certificate to be verified and Construct X509 object.
+ //
+ BioCert = BIO_new (BIO_s_mem ());
+ BIO_write (BioCert, Cert, (int)CertSize);
+ if (BioCert == NULL) {
+ goto _Exit;
+ }
+ X509Cert = d2i_X509_bio (BioCert, NULL);
+ if (X509Cert == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Read DER-encoded root certificate and Construct X509 object.
+ //
+ BioCACert = BIO_new (BIO_s_mem());
+ BIO_write (BioCACert, CACert, (int)CACertSize);
+ if (BioCert == NULL) {
+ goto _Exit;
+ }
+ X509CACert = d2i_X509_bio (BioCACert, NULL);
+ if (CACert == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Set up X509 Store for trusted certificate.
+ //
+ CertStore = X509_STORE_new ();
+ if (CertStore == NULL) {
+ goto _Exit;
+ }
+ if (!(X509_STORE_add_cert (CertStore, X509CACert))) {
+ goto _Exit;
+ }
+
+ //
+ // Set up X509_STORE_CTX for the subsequent verification operation.
+ //
+ if (!X509_STORE_CTX_init (&CertCtx, CertStore, X509Cert, NULL)) {
+ goto _Exit;
+ }
+
+ //
+ // X509 Certificate Verification.
+ //
+ Status = (BOOLEAN) X509_verify_cert (&CertCtx);
+
+_Exit:
+ //
+ // Release Resources.
+ //
+ BIO_free (BioCert);
+ BIO_free (BioCACert);
+ X509_free (X509Cert);
+ X509_free (X509CACert);
+ X509_STORE_free (CertStore);
+ X509_STORE_CTX_cleanup (&CertCtx);
+
+ return Status;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index 1da4452d88..b9daaee0bc 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -293,3 +293,8 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...)
{
return 0;
}
+
+void *UI_OpenSSL(void)
+{
+ return NULL;
+}
diff --git a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
index 48e0c52c36..afaa0b74ee 100644
--- a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
+++ b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
@@ -23,5 +23,17 @@ int _fltused = 1;
/* Sets buffers to a specified character */
void * memset (void *dest, char ch, unsigned int count)
{
- return SetMem (dest, (UINTN)count, (UINT8)ch);
+ //
+ // Declare the local variables that actually move the data elements as
+ // volatile to prevent the optimizer from replacing this function with
+ // the intrinsic memset()
+ //
+ volatile UINT8 *Pointer;
+
+ Pointer = (UINT8 *)dest;
+ while (count-- != 0) {
+ *(Pointer++) = ch;
+ }
+
+ return dest;
}
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 45aa1761be..27547f3a38 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -19,9 +19,9 @@
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
- OPENSSL_PATH = openssl-0.9.8l
- OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
- OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED
+ DEFINE OPENSSL_PATH = openssl-0.9.8l
+ DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM
+ DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED
#
# OPENSSL_FLAGS is set to define the following flags to be compatible with