summaryrefslogtreecommitdiff
path: root/CryptoPkg
AgeCommit message (Collapse)Author
2016-12-26CryptoPkg: Move to new locationGuo Mang
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Guo Mang <mang.guo@intel.com>
2016-07-13CryptoPkg BaseCryptLib: Init the content of struct 'CertCtx' before useHao Wu
Some fields in structure 'CertCtx' might be used uninitialized in function Pkcs7GetCertificatesList(). This commit makes sure that 'CertCtx' gets initialized before being used. Cc: Long Qin <qin.long@intel.com> Cc: Ye Ting <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> (cherry picked from commit 07cae0659795b4d6b59f67eabb8426c7c7742318)
2016-07-13CryptoPkg BaseCryptLib: Avoid passing NULL ptr to function BN_bn2bin()Hao Wu
This commit modifies the code logic to avoid passing NULL pointer to function BN_bn2bin(). Cc: Long Qin <qin.long@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> (cherry picked from commit 8824c6144c73fe4b6355df6dfaee3e80e068c3b1)
2016-07-13CryptoPkg: Fix typos in commentsGiri P Mudusuru
- availabe to available Cc: Qin Long <qin.long@intel.com> Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Giri P Mudusuru <giri.p.mudusuru@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> (cherry picked from commit ab6cee31e7dd468f8656d7ca101bf783a0fe9b82)
2016-07-13CryptoPkg: update openssl to ignore RVCT 3079Eugene Cohen
Getting openssl 1.0.2g building with ARM RVCT requires a change to ignore an unset variable used before set was necessary. (NOTE: This was fixed in OpenSSL 1.1 HEAD with commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.) corrects x509_vfy.c(875): error C3017: ok may be used before being set Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eugene Cohen <eugene@hp.com> Reviewed-by: Qin Long <qin.long@intel.com> (cherry picked from commit 179bcd31f320111adde639ebc3f69170be254c73)
2016-07-13CryptoPkg/SmmCryptLib: Enable AES support for SMM.Qin Long
Enable AES cipher support for SmmCryptLib instance. Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> (cherry picked from commit bfba88bc68eed24c71ff500b740c3f563531d49c)
2016-03-18CryptoPkg: Fix the potential system hang issueJiaxin Wu
This patch is used to fix the potential system hang caused by the NULL 'time' parameter usage. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Long Qin <qin.long@intel.com> Cc: Ye Ting <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: David Woodhouse <David.Woodhouse@intel.com> (cherry picked from commit 5e2318dd37a51948aaf845c7d920b11f47cdcfe6)
2016-03-14CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2gQin Long
OpenSSL 1.0.2g was released with several severity fixes at 01-Mar-2016(https://www.openssl.org/news/secadv/20160301.txt). Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to catch the latest release 1.0.2g. (NOTE: RT4175 from David Woodhouse was included in 1.0.2g. The new-generated patch will remove this part. And the line endings were still kept as before in this version for consistency) CC: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: David Woodhouse <David.Woodhouse@intel.com> (cherry picked from commit ec3a1a11dc90d46c87a70327c87d139d12eccdcb)
2016-03-14CryptoPkg/OpensslLib: Convert saved opensslconf.h to DOS line endingsDavid Woodhouse
Until we fix the git repository to store line endings properly and then just check them out in the appropriate form for the platform, let's make process_files.sh convert the opensslconf.h to DOS line endings when it creates it. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> (cherry picked from commit f6326d1fba1eb89a21e9831c9d716e5f3f970084)
2016-03-14CryptoPkg/OpensslLib: Fix CRLF breakage in process_files.shDavid Woodhouse
This got broken in committing, due to a catalogue of broken practices. Firstly, we should *pull* git submissions, never recommit them. You preserve the correct history then, and don't risk rebasing to result in a history which *never* worked in the form that gets preserved. That would have kept the authorship attrbution correct too. Secondly, we shouldn't be storing CRLF line endings in the objects that git stores in its database. It is designed to store simple LF line endings, and then check that out as appropriate for the system (resulting in CRLF in the working tree for Windows users, as they expect). That would avoid this problem, and all the other problems we have with patches being exchanged. Make it executable too, which also got lost in the commit mess. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> (cherry picked from commit 9353c60cea6eeedbbe4b336aea02646e2bf25f47)
2016-03-14CryptoPkg/OpensslLib: Automatically configure OpenSSL and generate file listQin Long
OpenSSL 1.1 (as well as our backport to 1.0.2) now allows us to run its standard Configure script and import the result into the EDK II source repository for others to build natively. The opensslconf.h file and the list of files in OpensslLib.inf don't need to be managed manually. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com> (cherry picked from commit f9496167549701f31968fea3b52c05c32689f7b9)
2016-03-14CryptoPkg/OpensslLib: Fix OpenSSL link failures on Windows (RT#4310)Qin Long
This is pull request #755 for OpenSSL 1.1, along with a little extra fix in the RSA_NET code which has been removed from 1.1 so we can't fix it there. https://github.com/openssl/openssl/pull/755 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com> (cherry picked from commit 42d683426792b34c7538a07ade47a20e3d9929bf)
2016-03-14CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3969Qin Long
Support for the UEFI target has been added to OpenSSL in commit 4d60c7e10. Drop our partial implementation and use a backported version of what's upstream. This includes a couple of fixes which will be needed when we automatically generate the file list and opensslconf.h instead of manually maintaining those. This includes the subsequent fix in commit fb4844bbc. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com> (cherry picked from commit 65213f295538c0de547819b4ed36ca89c71a67b0)
2016-03-14CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3992Qin Long
Instead of commenting out the Signed Certificate Timestamps purely based on the OPENSSL_SYS_UEFI flag, OpenSSL 1.1 supports a no-sct configuration option, added in commit 05d7bf6c5. Drop our own hack and use that. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com> (cherry picked from commit a62a7cc7f97cc1d9ce1a4fd2cff0bf6bb8506204)
2016-03-14CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3951Qin Long
A more complete implementation of the X509_V_FLAG_NO_CHECK_TIME flag was added to OpenSSL 1.1 as commit d35ff2c0a. Drop our own version and use a backport of what was committed upstream. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com> (cherry picked from commit e94546e77bcb4ff57c167be06bfbe1d1d5ac0754)
2016-03-14CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3674Qin Long
A more complete fix for the no-cms configuration has been added to OpenSSL 1.1 as commit e968561d5. Drop our own version and use a backport of what was committed upstream. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com> (cherry picked from commit f0e3cd1927c40e542798dd9a6b697f543c0e8829)
2016-03-14CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3955Qin Long
A different fix for the excessive stack usage has been merged into OpenSSL 1.1 as commit 8e704858f. Drop our own version and use a backport of what was committed upstream. Note: This requires the free() function to work correctly when passed a NULL argument (qv). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com> (cherry picked from commit b9dbddd88acc645f048b61e240caa6642f80796f)
2016-03-14CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3628Qin Long
A complete implementation of the no-filenames configuration option was added to OpenSSL 1.1 in commit 02f7114a7. Drop our own version and use a backport of what was committed upstream. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com> (cherry picked from commit e578aa19dcd57734e9b4615e39d8d409384329a0)
2016-03-14CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3964Qin Long
Extensive fixes for the no-stdio configuration have been merged into OpenSSL 1.1, primarily in commit 984d6c605. The backport to 1.0.2 is slightly different because we still have a mixture of no-fp-api and no-stdio in 1.0.2, although they are hopelessly intertwined. Nevertheless, drop our own original version and switch to a backported version of what went into 1.1. This includes subsequent fixes in commit c0cf5b84d for the TS code. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com> (cherry picked from commit ca6fa1fe3bdf2f3f7356530166a4f138ba537b98)
2016-03-14CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#4175Qin Long
A different fix for the PKCS7_verify() regression on Authenticode signatures has landed in the OpenSSL 1.0.2 branch as commit c436c990f and will be present in the 1.0.2g release. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com> (cherry picked from commit 503f6e3888ba9f39cb88d689804af62c9dd89ff2)
2016-03-14CryptoPkg/OpensslLib: Regenerate OpenSSL patchQin Long
All the OpenSSL changes we carry in our EDKII_openssl patch for 1.0.2 are now merged into upstream OpenSSL and will be in the upcoming 1.1 release. As a first step towards switching out our original hacks for backported versions of the commits which were actually accepted into OpenSSL 1.1, just regenerate the *existing* patch against the 1.0.2f release using 'git diff'. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com> (cherry picked from commit 3f73ccb37a05ffdfdd8e5fe79190befd11366787)
2016-03-14CryptoPkg/OpensslLib: Include complete copy of opensslconf.hQin Long
This can be an auto-generated file, and it *isn't* in the OpenSSL git tree; it's only in the generated tarballs. So rather than including it in our OpenSSL patch, just have the user copy it into place. This makes it easier to manage changes, and is a step towards better integration. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com> (cherry picked from commit 259d0e71af6888aae81df429d522b661af2b6bd4)
2016-03-14CryptoPkg: Use OpenSSL include directory directlyQin Long
The standard OpenSSL 1.0.2 configuration and build process will already symlink or copy the necessary header files to the include/openssl/ directory within the OpenSSL source tree. When we transition to OpenSSL 1.1 it won't even be necessary to link or copy the files there; they have just been moved outright. So let's use them from there. Change the include directory specified in CryptoPkg/CryptoPkg.dec, and modify the Install.cmd and Install.sh scripts to copy the files to the normal directory within the OpenSSL source tree, instead of CryptoPkg/Include/openssl/. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com> (cherry picked from commit 6c56c76c75ef24e3ab103494a9236da73ad1ffa5)
2016-02-26CryptoPkg: RuntimeCryptLib: support realloc(NULL, size)Laszlo Ersek
The ISO C standard says about realloc(), If ptr is a null pointer, the realloc function behaves like the malloc function for the specified size. The realloc() implementation doesn't conform to this currently, so add a check and call malloc() if appropriate. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Qin Long <qin.long@intel.com> Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> (cherry picked from commit e89d672110aaf1c5a85404375ca6767b099d3b50)
2016-02-26CryptoPkg: RuntimeCryptLib: support free(NULL)Laszlo Ersek
The ISO C standard says about free(), If ptr is a null pointer, no action occurs. This is not true of the RuntimeFreeMem() internal function. Therefore we must not forward the argument of free() to RuntimeFreeMem() without checking. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Qin Long <qin.long@intel.com> Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> (cherry picked from commit 1246dde58e8a84644ad46679b8767f8643818e31)
2016-02-26CryptoPkg: BaseCryptLib: support free(NULL)Laszlo Ersek
The ISO C standard says about free(), If ptr is a null pointer, no action occurs. This is not true of the FreePool() interface of the MemoryAllocationLib class: Buffer must have been allocated on a previous call to the pool allocation services of the Memory Allocation Library. [...] If Buffer was not allocated with a pool allocation function in the Memory Allocation Library, then ASSERT(). Therefore we must not forward the argument of free() to FreePool() without checking. This bug can be triggered by upstream OpenSSL commit 8e704858f219 ("RT3955: Reduce some stack usage"), for example. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Qin Long <qin.long@intel.com> Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> (cherry picked from commit 211372d63a82861e52250c0f7a5ee78d9dc417ae)
2016-02-24CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2fQin Long
OpenSSL has released version 1.0.2f with two security fixes (http://www.openssl.org/news/secadv/20160128.txt) at 28-Jan-2016. Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to catch the latest release 1.0.2f. (NOTE: The patch file was just re-generated, and no new source changes was introduced for 1.0.2f enabling) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> (cherry picked from commit e6b2c99121963f84b847120044075e7b6ce374cb)
2016-02-24CryptoPkg: Fix function qsort for non 32-bit machinesKaryne Mayer
Although the function qsort receives as an argument a "compare" function which returns an "int", QuickSortWorker (the function used internally by qsort to do its job) receives as an argument a "CompareFunction" which returns an "INTN". In a 32-bit machine, "INTN" is defined as "INT32", which is defined as "int" and everything works well. However, when qsort is compiled for a 64-bit machine, "INTN" is defined as "INT64" and the return values of the compare functions become incompatible ("int" for qsort and "INT64" for QuickSortWorker), causing malfunction. For example, let's assume qsort is being compiled for a 64-bit machine. As stated before, the "compare" function will be returning an "int", and "CompareFunction" will be returning an "INT64". When, for example, the "compare" function (which was passed as an argument to qsort and, then, re-passed as an argument to QuickSortWorker) returns -1 (or 0xffffffff, in a 32-bit integer, its original return type) from inside a call to QuickSortWorker, its return value is interpreted as being an "INT64" value - which turns out to be 4294967295 (or 0x00000000ffffffff, in a 64-bit integer) -, making the function QuickSortWorker to behave unexpectedly. Note that this unexpected (or incorrect) conversion does not happen when casting an "INT32" to an "INT64" directly, but does happen when casting function types. The issue is fixed by changing the return type of SORT_COMPARE (the type of "CompareFunction", used by QuickSortWorker) from "INTN" to "int". This way, both qsort and QuickSortWorker use compatible definitions for their compare functions. Contributed-under: TianoCore Contribution Agreement 1.0 Acked-by: Paulo Alcantara Cavalcanti <paulo.alc.cavalcanti@hp.com> Signed-off-by: Karyne Mayer <kmayer@hp.com> Signed-off-by: Rodrigo Dias Correa <rodrigo.dia.correa@hp.com> Signed-off-by: Arthur Crippa Burigo <acb@hp.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19748 6f19259b-4bc3-4df7-8a09-765794883524 (cherry picked from commit 03805fc376239ddc56838d33b20a031734e3e3a1)
2016-02-24CryptoPkg: Add NOOPT target in CryptoPkg.dscHao Wu
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19670 6f19259b-4bc3-4df7-8a09-765794883524 (cherry picked from commit e7efd897d05198ef079cfc6a0ce08467e5c4d0c3)
2016-02-24CryptoPkg: fix build support under RVCTArd Biesheuvel
The RVCT compiler chokes on a couple of issues in upstream OpenSSL that can be confirmed to be non-issues by inspection. So just ignore these warnings entirely. Also, move the dummy -J system include from CryptoPkg.dsc to the various .INF files, since it will not be picked up when building the CryptoPkg libraries from a platform .DSC Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19328 6f19259b-4bc3-4df7-8a09-765794883524 (cherry picked from commit 5fa05671e2ac0dafc52eb3b8049b4ac95f54d3bf)
2016-02-24CryptoPkg: Convert all .uni files to utf-8Jordan Justen
To convert these files I ran: $ python3 BaseTools/Scripts/ConvertUni.py CryptoPkg Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-by: Michael Kinney <michael.d.kinney@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19250 6f19259b-4bc3-4df7-8a09-765794883524 (cherry picked from commit 3af422600fe7bc92ed385907586af8b61db53a74)
2015-12-29CryptoPkg/OpensslLib: upgrade OpenSSL version to 1.0.2eQin Long
OpenSSL has released version 1.0.2e with security fixes. Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib from 1.0.2d to 1.0.2e. (Note: This is based on Ard's previous patch with extra fix https://rt.openssl.org/Ticket/Display.html?id=4175) (Sync patch r19218 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Singed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19571 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg/OpensslLib: comment out unused codeArd Biesheuvel
This comments out the pqueue and ts_* source files from the OpensslLib build, since they have no users. (Sync patch r19147 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19570 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg/BaseCryptLib: make mVirtualAddressChangeEvent STATICArd Biesheuvel
Make mVirtualAddressChangeEvent STATIC to prevent it from conflicting with other variables of the same name that may be defined in other libraries (e.g., MdeModulePkg/Universal/Variable/RuntimeDxe) This also removes the risk of mVirtualAddressChangeEvent being merged with other uninitialized variables with external linkage by toolchains that perform COMMON allocation. (Sync patch r19146 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19569 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg ARM: add ArmSoftFloatLib resolution to CryptoPkg.dscArd Biesheuvel
In order to build the ARM version of CryptoPkg from its own .DSC file, it needs a resolution for the ArmSoftFloatLib dependency of OpensslLib. (Sync patch r19145 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19568 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg/OpensslLib: add softfloat dependency for ARMArd Biesheuvel
UEFI on 32-bit ARM does not allow the use of hardware floating point, so in order to be able to run OpenSslLib, we need to fulfil its floating point arithmetic dependencies using a software library. (Sync patch r19033 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19567 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29[CryptoPkg] Correct one typo in the API comments.Qin Long
Correct one typo (SingerChainCerts --> SignerChainCerts) in the comments for Pkcs7GetCertificatesList() API. (Sync patch r18944 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Shumin Qiu <shumin.qiu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19566 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg/OpensslLib: Move OPENSSL_NO_xxx defines into opensslconf.hDavid Woodhouse
Putting these on the command line as we do at the moment means that they are *only* visible when actually building the OpenSSL code itself. When building other things like BaseCryptLib, they were missing. Which could lead to discrepancies in structures defined by the header files, between the OpenSSL code and the EDK II code which calls it. Move the definitions into opensslconf.h where they would normally live in a standard build of OpenSSL. Note: Do *not* set OPENSSL_NO_LHASH or OPENSSL_NO_OCSP since those weren't effectively disabled before; the directories was still being included in the build. If we actually disable then, the build breaks. We can hopefully fix at least OCSP upstream later, but one thing at a time... (Sync patch r18708 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19565 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg/OpensslLib: Eliminate GETPID_IS_MEANINGLESS definitionDavid Woodhouse
OpenSSL ought to work this out for itself when OPENSSL_SYS_UEFI is set. (Sync patch r18707 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19564 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg: Fix OpenSSL BN wordsize and OPENSSL_SYS_UEFI handlingDavid Woodhouse
We were manually setting -DSIXTY_FOUR_BIT_LONG or -DTHIRTY_TWO_BIT on the compiler command line when building OpensslLib itself, but not when building BaseCryptLib. But when building BaseCryptLib, we weren't setting OPENSSL_SYS_UEFI *either*. This meant that *that* build was picking up the definition from <openssl/opensslconf.h>, and was thus *different* to the version the library was built with, in some cases. So set OPENSSL_SYS_UEFI consistently in OpensslSupport.h and *also* define either SIXTY_FOUR_BIT or THIRTY_TWO_BIT there too. (Sync patch r18706 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19563 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg/OpensslLib: Undefine NO_BUILTIN_VA_FUNCS to fix varargs breakageDavid Woodhouse
Instead of patching OpenSSL to add EFIAPI to the one varargs function we actually *noticed* breakage in, let's fix the problem in a more coherent way by undefining NO_BUILTIN_VA_FUNCS. That way, the VA_START and similar macros will actually do the right thing for non-EFIAPI functions, which is to use the GCC builtins. It's still fairly broken elsewhere in the tree, with the VA_START macro being used from both EFIAPI and non-EFIAPI functions — and being broken in the latter case. We probably ought to make EFIAPI a no-op everywhere and add -mabi=ms to the GCC builds. But that's a project for another day. For now, just fix the OpenSSL build in a cleaner fashion. (Sync patch r18705 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19562 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg/BaseCryptLib: Use X509_V_FLAG_NO_CHECK_TIMEDavid Woodhouse
OpenSSL HEAD is in the process of adding this flag to disable the validity time checking. Backport it to 1.0.2 and use it too, for consistency. https://rt.openssl.org/Ticket/Display.html?id=3951&user=guest&pass=guest (Sync patch r18704 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19561 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg/BaseCryptLib: Use X509_V_FLAG_PARTIAL_CHAINDavid Woodhouse
Since OpenSSL 1.0.2 we can set this flag on the X509_STORE to instruct OpenSSL to accept non-self-signed certificates as trusted. So we don't need two entirely identical copies of a verify_cb() function which makes it ignore the resulting errors. We also *didn't* use that verify_cb() function for X509VerifyCert(), but probably should have done. So that can get X509_V_FLAG_PARTIAL_CHAIN for consistency, too. (Sync patch r18703 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19560 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg/BaseCryptLib: Clean up checking of PKCS#7 contents typeDavid Woodhouse
Use the new OBJ_get0_data() accessor to compare the data, and actually check the length of the object too. (Sync patch r18702 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19559 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg/BaseCryptLib: Use accessor functions for ASN1_OBJECTDavid Woodhouse
OpenSSL 1.1 introduces new OBJ_get0_data() and OBJ_length() accessor functions and makes ASN1_OBJECT an opaque type. Unlike the accessors in previous commits which *did* actually exist already but just weren't mandatory, these don't exist in older versions of OpenSSL. So introduce macros which do the right thing, for compatibility. (Sync patch r18701 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19558 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg/BaseCryptLib: Use accessor functions for X509_ATTRIBUTEDavid Woodhouse
In OpenSSL 1.1, the X509_ATTRIBUTE becomes an opaque structure and we will no longer get away with accessing its members directly. Use the accessor functions X509_ATTRIBUTE_get0_object0() and X509_ATTRIBUTE_get0_type() instead. Also be slightly more defensive about unlikely failure modes. (Sync patch r18700 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19557 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg/BaseCryptLib: Use i2d_X509_NAME() instead of abusing X509_NAMEDavid Woodhouse
In OpenSSL 1.1, the X509_NAME becomes an opaque structure and we will no longer get away with accessing its members directly. Use i2d_X509_NAME() instead. (Sync patch r18699 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19556 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29CryptoPkg/BaseCryptLib: Add missing OpenSSL includesDavid Woodhouse
OpenSSL 1.1 has cleaned up its include files a little, and it will now be necessary to directly include things like <openssl/bn.h> if we want to use them, rather than assuming they are included indirectly from other headers. (Sync patch r18698 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19555 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29Revert "CryptoPkg/OpensslLib: upgrade OpenSSL version to 1.0.2e"Jeff Fan
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jeff Fan <jeff.fan@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19554 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-25Update the file format.Jeff Fan
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jeff Fan <jeff.fan@intel.com> Reviewed-by: Eric Dong <eric.gong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19547 6f19259b-4bc3-4df7-8a09-765794883524