summaryrefslogtreecommitdiff
path: root/CryptoPkg
AgeCommit message (Collapse)Author
2017-01-06CryptoPkg/TlsLib: Refine the coding style.Jiaxin Wu
Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Long Qin <qin.long@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-12-22CryptoPkg: Add new TlsLib libraryJiaxin Wu
v2: * Code refine and Typo fix: TlsHandeAlert -> TlsHandleAlert This patch is used to add new TlsLib library, which is wrapped over OpenSSL. The implementation provides TLS library functions for EFI TLS protocol and EFI TLS Configuration Protocol. Cc: Ye Ting <ting.ye@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Zhang Lubo <lubo.zhang@intel.com> Cc: Thomas Palmer <thomas.palmer@hpe.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-12-22CryptoPkg: Enable ssl build in OpensslLib directlyJiaxin Wu
This patch is used to enable ssl build in OpensslLib module directly. Cc: Wu Jiaxin <jiaxin.wu@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Zhang Lubo <lubo.zhang@intel.com> Cc: Thomas Palmer <thomas.palmer@hpe.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.long@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Tested-by: Wu Jiaxin <jiaxin.wu@intel.com>
2016-11-11CryptoPkg/BaseCryptLib: Make comments consistent with the functionDandan Bi
Correct the unaligned parameter names in comments (BaseCryptLib.h and HMAC-SHA256 wrapper implementation) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-11-07CryptoPkg: Fix typos in commentsGary Lin
- intialized -> initialized - componenet -> component - compoents -> components - FAlSE -> FALSE - responsiblity -> responsibility - validility -> validity - procudure -> procedure - pamameter -> parameter - randome -> random - buiild -> build Cc: Ting Ye <ting.ye@intel.com> Cc: Qin Long <qin.long@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Gary Lin <glin@suse.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-11-02CryptoPkg: Add PKCS5 PBKDF2 interface for password derivation.Qin Long
Add one new API (Pkcs5HashPassword) to provide PKCS#5 v2.0 PBKDF2 support (Password based encryption key derivation function, specified in RFC 2898). Also update the Cryptest utility to include the new API testing (with the test vector from RFC6070). Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-11-02CryptoPkg: Add HMAC-SHA256 cipher supportQin Long
Add new HMAC-SHA256 cipher support in CryptoPkg to meet more security and industry requirements, and update Cryptest utility to include new HMAC-SHA256 test case. Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-11-02CryptoPkg: Add xxxxHashAll APIs to facilitate the digest computationQin Long
Add new xxxxHashAll APIs to facilitate the digest computation of blob data. New APIs include: Md4HashAll(), Md5HashAll(), Sha1HashAll(), Sha256HashAll(), Sha384HashAll(), and Sha512HashAll(). The corresponding test cases were added in Cryptest utility. Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-09-30CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2jQin Long
Two official releases (OpenSSL 1.0.2i and 1.0.2j) were available with several severity fixes at 22-Sep-2016 and 26-Sep-2016. Refer to https://www.openssl.org/news/secadv/20160922.txt and https://www.openssl.org/news/secadv/20160926.txt. This patch is to upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to catch the latest release 1.0.2j. Cc: Ting Ye <ting.ye@intel.com> Cc: David Woodhouse <David.Woodhouse@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com>
2016-09-21CryptoPkg: Clean up unreferenced symbol in Cryptest utility.Qin Long
Remove "TSCounterSignature" from TSVerify.c, which is not being used by anyone. Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-08-11CryptoPkg: Fix "responsiblity" typosThomas Huth
It's "responsibility", not "responsiblity". Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>
2016-08-11CryptoPkg: Fix capitalization of path name in Patch-HOWTO.txtThomas Huth
It's "OpensslLib", not "OpenSslLib" - not a big issue, but the typo is annoying when trying to copy-n-paste the path name to use it on the command line on Linux. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>
2016-08-11CryptoPkg IntrinsicLib: Add the missing nasm source fileLiming Gao
Add two name files IntrinsicLib Ia32 MathLShiftS64.nasm and MathRShiftU64.nasm Cc: Qin Long <qin.long@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-08-08CryptoPkg DSC: Add build option to disable deprecated APIsHao Wu
Add the following definition in the [BuildOptions] section in package DSC files to disable APIs that are deprecated: [BuildOptions] *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES Cc: Qin Long <qin.long@intel.com> Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-07-21MdePkg CryptoPkg EdkCompatibilityPkg: retire NO_BUILTIN_VA_FUNCS defineArd Biesheuvel
This is never set anymore, so unsetting it or testing whether it is unset no longer makes any sense. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Tested-By: Liming Gao <liming.gao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-07-21CryptoPkg: set new define to avoid MS ABI VA_LIST on GCC/X64Ard Biesheuvel
Set the #define NO_MSABI_VA_FUNCS that will be introduced in a subsequent patch to avoid the use of the MS ABI in variadic functions. In EDK2, such functions normally require the EFIAPI modifier to be used, but for external libraries such as OpenSSL, which lack these annotations, it is easier to simply revert to the default SysV style VA_LIST ABI. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Tested-By: Liming Gao <liming.gao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-07-20CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2hQin Long
OpenSSL 1.0.2h was released with several severity fixes at 03-May-2016 (https://www.openssl.org/news/secadv/20160503.txt). Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to catch the latest release 1.0.2h. Cc: Ting Ye <ting.ye@intel.com> Cc: David Woodhouse <David.Woodhouse@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com>
2016-07-12CryptoPkg BaseCryptLib: Init the content of struct 'CertCtx' before useHao Wu
Some fields in structure 'CertCtx' might be used uninitialized in function Pkcs7GetCertificatesList(). This commit makes sure that 'CertCtx' gets initialized before being used. Cc: Long Qin <qin.long@intel.com> Cc: Ye Ting <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-07-12CryptoPkg BaseCryptLib: Avoid passing NULL ptr to function BN_bn2bin()Hao Wu
This commit modifies the code logic to avoid passing NULL pointer to function BN_bn2bin(). Cc: Long Qin <qin.long@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-07-11CryptoPkg: Fix typos in commentsGiri P Mudusuru
- availabe to available Cc: Qin Long <qin.long@intel.com> Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Giri P Mudusuru <giri.p.mudusuru@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-07-08CryptoPkg: update openssl to ignore RVCT 3079Eugene Cohen
Getting openssl 1.0.2g building with ARM RVCT requires a change to ignore an unset variable used before set was necessary. (NOTE: This was fixed in OpenSSL 1.1 HEAD with commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.) corrects x509_vfy.c(875): error C3017: ok may be used before being set Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eugene Cohen <eugene@hp.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-05-16CryptoPkg/SmmCryptLib: Enable AES support for SMM.Qin Long
Enable AES cipher support for SmmCryptLib instance. Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-03-15CryptoPkg: Fix the potential system hang issueJiaxin Wu
This patch is used to fix the potential system hang caused by the NULL 'time' parameter usage. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Long Qin <qin.long@intel.com> Cc: Ye Ting <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
2016-03-11CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2gQin Long
OpenSSL 1.0.2g was released with several severity fixes at 01-Mar-2016(https://www.openssl.org/news/secadv/20160301.txt). Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to catch the latest release 1.0.2g. (NOTE: RT4175 from David Woodhouse was included in 1.0.2g. The new-generated patch will remove this part. And the line endings were still kept as before in this version for consistency) CC: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
2016-03-11CryptoPkg/OpensslLib: Convert saved opensslconf.h to DOS line endingsDavid Woodhouse
Until we fix the git repository to store line endings properly and then just check them out in the appropriate form for the platform, let's make process_files.sh convert the opensslconf.h to DOS line endings when it creates it. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Fix CRLF breakage in process_files.shDavid Woodhouse
This got broken in committing, due to a catalogue of broken practices. Firstly, we should *pull* git submissions, never recommit them. You preserve the correct history then, and don't risk rebasing to result in a history which *never* worked in the form that gets preserved. That would have kept the authorship attrbution correct too. Secondly, we shouldn't be storing CRLF line endings in the objects that git stores in its database. It is designed to store simple LF line endings, and then check that out as appropriate for the system (resulting in CRLF in the working tree for Windows users, as they expect). That would avoid this problem, and all the other problems we have with patches being exchanged. Make it executable too, which also got lost in the commit mess. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
2016-03-05CryptoPkg/OpensslLib: Automatically configure OpenSSL and generate file listQin Long
OpenSSL 1.1 (as well as our backport to 1.0.2) now allows us to run its standard Configure script and import the result into the EDK II source repository for others to build natively. The opensslconf.h file and the list of files in OpensslLib.inf don't need to be managed manually. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Fix OpenSSL link failures on Windows (RT#4310)Qin Long
This is pull request #755 for OpenSSL 1.1, along with a little extra fix in the RSA_NET code which has been removed from 1.1 so we can't fix it there. https://github.com/openssl/openssl/pull/755 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3969Qin Long
Support for the UEFI target has been added to OpenSSL in commit 4d60c7e10. Drop our partial implementation and use a backported version of what's upstream. This includes a couple of fixes which will be needed when we automatically generate the file list and opensslconf.h instead of manually maintaining those. This includes the subsequent fix in commit fb4844bbc. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3992Qin Long
Instead of commenting out the Signed Certificate Timestamps purely based on the OPENSSL_SYS_UEFI flag, OpenSSL 1.1 supports a no-sct configuration option, added in commit 05d7bf6c5. Drop our own hack and use that. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3951Qin Long
A more complete implementation of the X509_V_FLAG_NO_CHECK_TIME flag was added to OpenSSL 1.1 as commit d35ff2c0a. Drop our own version and use a backport of what was committed upstream. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3674Qin Long
A more complete fix for the no-cms configuration has been added to OpenSSL 1.1 as commit e968561d5. Drop our own version and use a backport of what was committed upstream. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3955Qin Long
A different fix for the excessive stack usage has been merged into OpenSSL 1.1 as commit 8e704858f. Drop our own version and use a backport of what was committed upstream. Note: This requires the free() function to work correctly when passed a NULL argument (qv). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3628Qin Long
A complete implementation of the no-filenames configuration option was added to OpenSSL 1.1 in commit 02f7114a7. Drop our own version and use a backport of what was committed upstream. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#3964Qin Long
Extensive fixes for the no-stdio configuration have been merged into OpenSSL 1.1, primarily in commit 984d6c605. The backport to 1.0.2 is slightly different because we still have a mixture of no-fp-api and no-stdio in 1.0.2, although they are hopelessly intertwined. Nevertheless, drop our own original version and switch to a backported version of what went into 1.1. This includes subsequent fixes in commit c0cf5b84d for the TS code. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Switch to upstream fix for OpenSSL RT#4175Qin Long
A different fix for the PKCS7_verify() regression on Authenticode signatures has landed in the OpenSSL 1.0.2 branch as commit c436c990f and will be present in the 1.0.2g release. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Regenerate OpenSSL patchQin Long
All the OpenSSL changes we carry in our EDKII_openssl patch for 1.0.2 are now merged into upstream OpenSSL and will be in the upcoming 1.1 release. As a first step towards switching out our original hacks for backported versions of the commits which were actually accepted into OpenSSL 1.1, just regenerate the *existing* patch against the 1.0.2f release using 'git diff'. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg/OpensslLib: Include complete copy of opensslconf.hQin Long
This can be an auto-generated file, and it *isn't* in the OpenSSL git tree; it's only in the generated tarballs. So rather than including it in our OpenSSL patch, just have the user copy it into place. This makes it easier to manage changes, and is a step towards better integration. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-03-05CryptoPkg: Use OpenSSL include directory directlyQin Long
The standard OpenSSL 1.0.2 configuration and build process will already symlink or copy the necessary header files to the include/openssl/ directory within the OpenSSL source tree. When we transition to OpenSSL 1.1 it won't even be necessary to link or copy the files there; they have just been moved outright. So let's use them from there. Change the include directory specified in CryptoPkg/CryptoPkg.dec, and modify the Install.cmd and Install.sh scripts to copy the files to the normal directory within the OpenSSL source tree, instead of CryptoPkg/Include/openssl/. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> Tested-by: Qin Long <qin.long@intel.com>
2016-02-25CryptoPkg: RuntimeCryptLib: support realloc(NULL, size)Laszlo Ersek
The ISO C standard says about realloc(), If ptr is a null pointer, the realloc function behaves like the malloc function for the specified size. The realloc() implementation doesn't conform to this currently, so add a check and call malloc() if appropriate. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Qin Long <qin.long@intel.com> Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-02-25CryptoPkg: RuntimeCryptLib: support free(NULL)Laszlo Ersek
The ISO C standard says about free(), If ptr is a null pointer, no action occurs. This is not true of the RuntimeFreeMem() internal function. Therefore we must not forward the argument of free() to RuntimeFreeMem() without checking. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Qin Long <qin.long@intel.com> Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-02-25CryptoPkg: BaseCryptLib: support free(NULL)Laszlo Ersek
The ISO C standard says about free(), If ptr is a null pointer, no action occurs. This is not true of the FreePool() interface of the MemoryAllocationLib class: Buffer must have been allocated on a previous call to the pool allocation services of the Memory Allocation Library. [...] If Buffer was not allocated with a pool allocation function in the Memory Allocation Library, then ASSERT(). Therefore we must not forward the argument of free() to FreePool() without checking. This bug can be triggered by upstream OpenSSL commit 8e704858f219 ("RT3955: Reduce some stack usage"), for example. Cc: David Woodhouse <dwmw2@infradead.org> Cc: Qin Long <qin.long@intel.com> Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com>
2016-02-23CryptoPkg/OpensslLib: Upgrade OpenSSL version to 1.0.2fQin Long
OpenSSL has released version 1.0.2f with two security fixes (http://www.openssl.org/news/secadv/20160128.txt) at 28-Jan-2016. Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib to catch the latest release 1.0.2f. (NOTE: The patch file was just re-generated, and no new source changes was introduced for 1.0.2f enabling) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
2016-01-26CryptoPkg: Fix function qsort for non 32-bit machinesKaryne Mayer
Although the function qsort receives as an argument a "compare" function which returns an "int", QuickSortWorker (the function used internally by qsort to do its job) receives as an argument a "CompareFunction" which returns an "INTN". In a 32-bit machine, "INTN" is defined as "INT32", which is defined as "int" and everything works well. However, when qsort is compiled for a 64-bit machine, "INTN" is defined as "INT64" and the return values of the compare functions become incompatible ("int" for qsort and "INT64" for QuickSortWorker), causing malfunction. For example, let's assume qsort is being compiled for a 64-bit machine. As stated before, the "compare" function will be returning an "int", and "CompareFunction" will be returning an "INT64". When, for example, the "compare" function (which was passed as an argument to qsort and, then, re-passed as an argument to QuickSortWorker) returns -1 (or 0xffffffff, in a 32-bit integer, its original return type) from inside a call to QuickSortWorker, its return value is interpreted as being an "INT64" value - which turns out to be 4294967295 (or 0x00000000ffffffff, in a 64-bit integer) -, making the function QuickSortWorker to behave unexpectedly. Note that this unexpected (or incorrect) conversion does not happen when casting an "INT32" to an "INT64" directly, but does happen when casting function types. The issue is fixed by changing the return type of SORT_COMPARE (the type of "CompareFunction", used by QuickSortWorker) from "INTN" to "int". This way, both qsort and QuickSortWorker use compatible definitions for their compare functions. Contributed-under: TianoCore Contribution Agreement 1.0 Acked-by: Paulo Alcantara Cavalcanti <paulo.alc.cavalcanti@hp.com> Signed-off-by: Karyne Mayer <kmayer@hp.com> Signed-off-by: Rodrigo Dias Correa <rodrigo.dia.correa@hp.com> Signed-off-by: Arthur Crippa Burigo <acb@hp.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19748 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-19CryptoPkg: Add NOOPT target in CryptoPkg.dscHao Wu
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19670 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-17CryptoPkg: fix build support under RVCTArd Biesheuvel
The RVCT compiler chokes on a couple of issues in upstream OpenSSL that can be confirmed to be non-issues by inspection. So just ignore these warnings entirely. Also, move the dummy -J system include from CryptoPkg.dsc to the various .INF files, since it will not be picked up when building the CryptoPkg libraries from a platform .DSC Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19328 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-15CryptoPkg: Convert all .uni files to utf-8Jordan Justen
To convert these files I ran: $ python3 BaseTools/Scripts/ConvertUni.py CryptoPkg Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-by: Michael Kinney <michael.d.kinney@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19250 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-11CryptoPkg/OpensslLib: upgrade OpenSSL version to 1.0.2eQin Long
OpenSSL has released version 1.0.2e with security fixes. Upgrade the supported OpenSSL version in CryptoPkg/OpensslLib from 1.0.2d to 1.0.2e. (Note: This is based on Ard's previous patch with extra fix https://rt.openssl.org/Ticket/Display.html?id=4175) Contributed-under: TianoCore Contribution Agreement 1.0 Singed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19218 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-07CryptoPkg/OpensslLib: comment out unused codeArd Biesheuvel
This comments out the pqueue and ts_* source files from the OpensslLib build, since they have no users. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19147 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-07CryptoPkg/BaseCryptLib: make mVirtualAddressChangeEvent STATICArd Biesheuvel
Make mVirtualAddressChangeEvent STATIC to prevent it from conflicting with other variables of the same name that may be defined in other libraries (e.g., MdeModulePkg/Universal/Variable/RuntimeDxe) This also removes the risk of mVirtualAddressChangeEvent being merged with other uninitialized variables with external linkage by toolchains that perform COMMON allocation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19146 6f19259b-4bc3-4df7-8a09-765794883524