Re: [edk2-devel] [PATCH V4 0/4] CryptoPkg: Add EC support
Thanks. For patch 3/4: I don't think "TLS" is "public key related service". I suggest to change from + # 1) Platform needs ECC in public key related service, eg. Tls, X509, Pem. to + # 1) Platform needs ECC in TLS, or asymmetric cryptography services such as X509 certificate or PEM format data processing. The rest looks good to me. With above comment change, reviewed-by: Jiewen Yao Thank you Yao Jiewen > -Original Message- > From: Li, Yi1 > Sent: Sunday, September 25, 2022 11:39 AM > To: devel@edk2.groups.io > Cc: Li, Yi1 ; Yao, Jiewen ; Wang, > Jian J ; Lu, Xiaoyu1 ; Jiang, > Guomin ; Kinney, Michael D > > Subject: [PATCH V4 0/4] CryptoPkg: Add EC support > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3828 > > Review PR: https://github.com/tianocore/edk2/pull/3398 > This patch sequence is used to add CryptEc library, which are wrapped > over OpenSSL. The implementation provides library functions for EFI > BaseCrypt protocol and EFI BaseCrypt Configuration Protocol. > > All APIs passed unit test and fuzzing test, detail as: > 1. Unit test: > The purpose of unit testing is to ensure that the function obtains the > expected result under specific input, that is, to ensure the correctness > of APIs. > All test case show in patch 3 :CryptoPkg/Test: Add unit test for CryptoEc. > 2. Fuzzing test: > Various Fuzz Testing are employed across the all introduced APIs, and the > test is used AFL (2.52b) and Libfuzzer (clang+llvm-11.0.0) as the fuzzer, > based on HBFA. > Fuzzing Pass Rate is 100%; > The Code Coverage new APIs is 90.3%. > All test case show in: > https://github.com/liyi77/edk2- > staging/tree/HBFA/HBFA/UefiHostFuzzTestCasePkg/TestCase/CryptoPkg > > V2 change: > 1. Squash uncrustify tool update into previous patch. > 2. Increase EDKII_CRYPTO_VERSION to 10. > V3 change: > Fix typo in comment. > V4 change: > Add ECC related usage reference > > Tested-by: Yi Li > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang > Cc: Michael D Kinney > > Signed-off-by: Yi Li > Yi Li (4): > CryptoPkg: Add EC support > CryptoPkg: Add EC APIs to DXE and protocol > CryptoPkg: Add ECC related usage reference > CryptoPkg/Test: Add unit test for CryptoEc > > CryptoPkg/CryptoPkg.dec | 28 + > CryptoPkg/CryptoPkg.dsc | 1 + > CryptoPkg/Driver/Crypto.c | 496 +++ > CryptoPkg/Include/Library/BaseCryptLib.h | 424 + > .../Pcd/PcdCryptoServiceFamilyEnable.h| 25 + > .../Library/BaseCryptLib/BaseCryptLib.inf | 2 + > .../Library/BaseCryptLib/PeiCryptLib.inf | 1 + > CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c | 765 > .../Library/BaseCryptLib/Pk/CryptEcNull.c | 496 +++ > .../Library/BaseCryptLib/SmmCryptLib.inf | 1 + > .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 2 + > .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 + > .../Library/BaseCryptLibNull/Pk/CryptEcNull.c | 496 +++ > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 469 ++ > CryptoPkg/Private/Protocol/Crypto.h | 831 +- > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 3 + > .../BaseCryptLib/BaseCryptLibUnitTests.c | 1 + > .../UnitTest/Library/BaseCryptLib/EcTests.c | 290 ++ > .../Library/BaseCryptLib/TestBaseCryptLib.h | 2 + > .../BaseCryptLib/TestBaseCryptLibHost.inf | 1 + > .../BaseCryptLib/TestBaseCryptLibShell.inf| 1 + > 21 files changed, 4136 insertions(+), 200 deletions(-) > create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c > create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptEcNull.c > create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Pk/CryptEcNull.c > create mode 100644 > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c > > -- > 2.31.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94281): https://edk2.groups.io/g/devel/message/94281 Mute This Topic: https://groups.io/mt/93901843/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH 0/4] CryptoPkg: add more X509 functions.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4082 This patch serial is to add more CryptoX509 functions. Tested by: 1. https://github.com/tianocore/edk2-staging/tree/DeviceSecurity. 2. Unit test: CryptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c Review PR: https://github.com/tianocore/edk2/pull/3380. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Qi Zhang Qi Zhang (4): CryptoPkg: add new X509 function definition. CryptoPkg: add new X509 function. CryptoPkg: add new X509 function to Crypto Service. CryptoPkg: add Unit Test for X509 new function. CryptoPkg/Driver/Crypto.c | 430 +++ CryptoPkg/Include/Library/BaseCryptLib.h | 374 ++ .../Pcd/PcdCryptoServiceFamilyEnable.h| 34 +- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 1036 + .../Library/BaseCryptLib/Pk/CryptX509Null.c | 429 +++ .../BaseCryptLibNull/Pk/CryptX509Null.c | 429 +++ .../BaseCryptLibOnProtocolPpi/CryptLib.c | 415 +++ CryptoPkg/Private/Protocol/Crypto.h | 790 + .../BaseCryptLib/BaseCryptLibUnitTests.c |1 + .../Library/BaseCryptLib/TestBaseCryptLib.h |3 + .../BaseCryptLib/TestBaseCryptLibHost.inf |1 + .../BaseCryptLib/TestBaseCryptLibShell.inf|1 + .../UnitTest/Library/BaseCryptLib/X509Tests.c | 631 ++ 13 files changed, 4364 insertions(+), 210 deletions(-) create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94282): https://edk2.groups.io/g/devel/message/94282 Mute This Topic: https://groups.io/mt/93903801/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH 1/4] CryptoPkg: add new X509 function definition.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4082 Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Qi Zhang --- CryptoPkg/Include/Library/BaseCryptLib.h | 374 +++ 1 file changed, 374 insertions(+) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 3026299e29..d7bf29c93f 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2459,6 +2459,380 @@ ImageTimestampVerify ( OUT EFI_TIME *SigningTime ); +/** + Retrieve the version from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Version Pointer to the retrieved version integer. + + @retval TRUE The certificate version retrieved successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + @retval FALSE The operation is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetVersion ( + IN CONST UINT8 *Cert, + IN UINTNCertSize, + OUT UINTN*Version + ); + +/** + Retrieve the serialNumber from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] SerialNumber Pointer to the retrieved certificate SerialNumber bytes. + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber buffer on input, + and the size of buffer returned SerialNumber on output. + + @retval TRUE The certificate serialNumber retrieved successfully. + @retval FALSEIf Cert is NULL or CertSize is Zero. + If SerialNumberSize is NULL. + If Certificate is invalid. + @retval FALSEIf no SerialNumber exists. + @retval FALSEIf the SerialNumber is NULL. The required buffer size + (including the final null) is returned in the + SerialNumberSize parameter. + @retval FALSEThe operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSerialNumber ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *SerialNumber, OPTIONAL + IN OUT UINTN *SerialNumberSize + ); + +/** + Retrieve the issuer bytes from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertIssuer Pointer to the retrieved certificate subject bytes. + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buffer on input, + and the size of buffer returned CertSubject on output. + + @retval TRUE The certificate issuer retrieved successfully. + @retval FALSE Invalid certificate, or the CertIssuerSize is too small for the result. + The CertIssuerSize will be updated with the required size. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetIssuerName ( + IN CONST UINT8 *Cert, + IN UINTNCertSize, + OUT UINT8*CertIssuer, + IN OUT UINTN*CertIssuerSize + ); + +/** + Retrieve the Signature Algorithm from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Oid Signature Algorithm Object identifier buffer. + @param[in,out] OidSize Signature Algorithm Object identifier buffer size + + @retval TRUE The certificate Extension data retrieved successfully. + @retval FALSEIf Cert is NULL. + If OidSize is NULL. + If Oid is not NULL and *OidSize is 0. + If Certificate is invalid. + @retval FALSEIf no SignatureType. + @retval FALSEIf the Oid is NULL. The required buffer size + is returned in the OidSize. + @retval FALSEThe operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSignatureAlgorithm ( + IN CONST UINT8 *Cert
[edk2-devel] [PATCH 2/4] CryptoPkg: add new X509 function.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4082
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Xiaoyu Lu
Cc: Guomin Jiang
Signed-off-by: Qi Zhang
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 1036 +
.../Library/BaseCryptLib/Pk/CryptX509Null.c | 429 +++
.../BaseCryptLibNull/Pk/CryptX509Null.c | 429 +++
3 files changed, 1894 insertions(+)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index e6bb45e641..4cb3c9f814 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -8,8 +8,22 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "InternalCryptLib.h"
#include
+#include
+#include
+#include
#include
+/* OID*/
+#define OID_EXT_KEY_USAGE { 0x55, 0x1D, 0x25 }
+#define OID_BASIC_CONSTRAINTS { 0x55, 0x1D, 0x13 }
+
+static CONST UINT8 mOidExtKeyUsage[] = OID_EXT_KEY_USAGE;
+static CONST UINT8 mOidBasicConstraints[] = OID_BASIC_CONSTRAINTS;
+
+#define CRYPTO_ASN1_TAG_CLASS_MASK 0xC0
+#define CRYPTO_ASN1_TAG_PC_MASK 0x20
+#define CRYPTO_ASN1_TAG_VALUE_MASK 0x1F
+
/**
Construct a X509 object from DER-encoded certificate data.
@@ -842,3 +856,1025 @@ X509GetTBSCert (
return TRUE;
}
+
+/**
+ Retrieve the version from one X.509 certificate.
+
+ If Cert is NULL, then return FALSE.
+ If CertSize is 0, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] Version Pointer to the retrieved version integer.
+
+ @retval TRUE The certificate version retrieved successfully.
+ @retval FALSE If Cert is NULL or CertSize is Zero.
+ @retval FALSE The operation is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509GetVersion (
+ IN CONST UINT8 *Cert,
+ IN UINTNCertSize,
+ OUT UINTN*Version
+ )
+{
+ BOOLEAN Status;
+ X509 *X509Cert;
+
+ X509Cert = NULL;
+ Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
+ if ((X509Cert == NULL) || (!Status)) {
+//
+// Invalid X.509 Certificate
+//
+Status = FALSE;
+ }
+
+ if (Status) {
+*Version = X509_get_version (X509Cert);
+ }
+
+ if (X509Cert != NULL) {
+X509_free (X509Cert);
+ }
+
+ return Status;
+}
+
+/**
+ Retrieve the serialNumber from one X.509 certificate.
+
+ If Cert is NULL, then return FALSE.
+ If CertSize is 0, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] SerialNumber Pointer to the retrieved certificate
SerialNumber bytes.
+ @param[in, out] SerialNumberSize The size in bytes of the SerialNumber
buffer on input,
+ and the size of buffer returned SerialNumber on
output.
+
+ @retval TRUE The certificate serialNumber retrieved
successfully.
+ @retval FALSEIf Cert is NULL or CertSize is Zero.
+ If SerialNumberSize is NULL.
+ If Certificate is invalid.
+ @retval FALSEIf no SerialNumber exists.
+ @retval FALSEIf the SerialNumber is NULL. The required
buffer size
+ (including the final null) is returned in
the
+ SerialNumberSize parameter.
+ @retval FALSEThe operation is not supported.
+**/
+BOOLEAN
+EFIAPI
+X509GetSerialNumber (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT UINT8 *SerialNumber, OPTIONAL
+ IN OUT UINTN *SerialNumberSize
+ )
+{
+ BOOLEAN Status;
+ X509 *X509Cert;
+ ASN1_INTEGER *Asn1Integer;
+
+ Status = FALSE;
+ //
+ // Check input parameters.
+ //
+ if ((Cert == NULL) || (SerialNumberSize == NULL)) {
+return Status;
+ }
+
+ X509Cert = NULL;
+
+ //
+ // Read DER-encoded X509 Certificate and Construct X509 object.
+ //
+ Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
+ if ((X509Cert == NULL) || (!Status)) {
+*SerialNumberSize = 0;
+Status= FALSE;
+goto _Exit;
+ }
+
+ //
+ // Retrieve subject name from certificate object.
+ //
+ Asn1Integer = X509_get_serialNumber (X509Cert);
+ if (Asn1Integer == NULL) {
+*SerialNumberSize = 0;
+Status= FALSE;
+goto _Exit;
+ }
+
+ if (*SerialNumberSize < (UINTN)Asn1Integer->length) {
+*SerialNumberSize = (UINTN)Asn1Integer->length;
+Status= FALSE;
+goto _Exit;
+ }
+
+ if (SerialNumber != NULL) {
+CopyMem (SerialNumber, Asn1Integer->data, *SerialNumberSize);
+Statu
[edk2-devel] [PATCH 3/4] CryptoPkg: add new X509 function to Crypto Service.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4082
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Xiaoyu Lu
Cc: Guomin Jiang
Signed-off-by: Qi Zhang
---
CryptoPkg/Driver/Crypto.c | 430 ++
.../Pcd/PcdCryptoServiceFamilyEnable.h| 34 +-
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 415 +
CryptoPkg/Private/Protocol/Crypto.h | 790 +-
4 files changed, 1459 insertions(+), 210 deletions(-)
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 9872b5bf70..343d73b9db 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -3086,6 +3086,421 @@ CryptoServiceX509GetTBSCert (
return CALL_BASECRYPTLIB (X509.Services.GetTBSCert, X509GetTBSCert, (Cert,
CertSize, TBSCert, TBSCertSize), FALSE);
}
+/**
+ Retrieve the version from one X.509 certificate.
+
+ If Cert is NULL, then return FALSE.
+ If CertSize is 0, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] Version Pointer to the retrieved version integer.
+
+ @retval TRUE The certificate version retrieved successfully.
+ @retval FALSE If Cert is NULL or CertSize is Zero.
+ @retval FALSE The operation is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceX509GetVersion (
+ IN CONST UINT8 *Cert,
+ IN UINTNCertSize,
+ OUT UINTN*Version
+ )
+{
+ return CALL_BASECRYPTLIB (X509.Services.GetVersion, X509GetVersion, (Cert,
CertSize, Version), FALSE);
+}
+
+/**
+ Retrieve the serialNumber from one X.509 certificate.
+
+ If Cert is NULL, then return FALSE.
+ If CertSize is 0, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] SerialNumber Pointer to the retrieved certificate
SerialNumber bytes.
+ @param[in, out] SerialNumberSize The size in bytes of the SerialNumber
buffer on input,
+ and the size of buffer returned SerialNumber on
output.
+
+ @retval TRUE The certificate serialNumber retrieved
successfully.
+ @retval FALSEIf Cert is NULL or CertSize is Zero.
+ If SerialNumberSize is NULL.
+ If Certificate is invalid.
+ @retval FALSEIf no SerialNumber exists.
+ @retval FALSEIf the SerialNumber is NULL. The required
buffer size
+ (including the final null) is returned in
the
+ SerialNumberSize parameter.
+ @retval FALSEThe operation is not supported.
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceX509GetSerialNumber (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT UINT8 *SerialNumber, OPTIONAL
+ IN OUT UINTN *SerialNumberSize
+ )
+{
+ return CALL_BASECRYPTLIB (X509.Services.GetSerialNumber,
X509GetSerialNumber, (Cert, CertSize, SerialNumber, SerialNumberSize), FALSE);
+}
+
+/**
+ Retrieve the issuer bytes from one X.509 certificate.
+
+ If Cert is NULL, then return FALSE.
+ If CertIssuerSize is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] CertIssuer Pointer to the retrieved certificate subject
bytes.
+ @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buffer
on input,
+ and the size of buffer returned CertSubject on
output.
+
+ @retval TRUE The certificate issuer retrieved successfully.
+ @retval FALSE Invalid certificate, or the CertIssuerSize is too small for
the result.
+ The CertIssuerSize will be updated with the required size.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceX509GetIssuerName (
+ IN CONST UINT8 *Cert,
+ IN UINTNCertSize,
+ OUT UINT8*CertIssuer,
+ IN OUT UINTN*CertIssuerSize
+ )
+{
+ return CALL_BASECRYPTLIB (X509.Services.GetIssuerName, X509GetIssuerName,
(Cert, CertSize, CertIssuer, CertIssuerSize), FALSE);
+}
+
+/**
+ Retrieve the Signature Algorithm from one X.509 certificate.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] Oid Signature Algorithm Object identifier
buffer.
+ @param[in,out] OidSize Signature Algorithm Object identifier
buffer size
+
+ @r
[edk2-devel] [PATCH 4/4] CryptoPkg: add Unit Test for X509 new function.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4082
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Xiaoyu Lu
Cc: Guomin Jiang
Signed-off-by: Qi Zhang
---
.../BaseCryptLib/BaseCryptLibUnitTests.c | 1 +
.../Library/BaseCryptLib/TestBaseCryptLib.h | 3 +
.../BaseCryptLib/TestBaseCryptLibHost.inf | 1 +
.../BaseCryptLib/TestBaseCryptLibShell.inf| 1 +
.../UnitTest/Library/BaseCryptLib/X509Tests.c | 631 ++
5 files changed, 637 insertions(+)
create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c
diff --git
a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
index 8450e95172..5afea59f29 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
@@ -28,6 +28,7 @@ SUITE_DESC mSuiteDesc[] = {
{ "Hkdf extract and expand tests", "CryptoPkg.BaseCryptLib", NULL, NULL,
&mHkdfTestNum, mHkdfTest },
{ "Aead AES Gcm tests","CryptoPkg.BaseCryptLib", NULL, NULL,
&mAeadAesGcmTestNum, mAeadAesGcmTest },
{ "Bn verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,
&mBnTestNum, mBnTest },
+ { "X509 Verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,
&mX509TestNum, mX509Test },
};
EFI_STATUS
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h
b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h
index fc44030ff6..173f260900 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h
@@ -95,6 +95,9 @@ extern TEST_DESC mAeadAesGcmTest[];
extern UINTN mBnTestNum;
extern TEST_DESC mBnTest[];
+extern UINTN mX509TestNum;
+extern TEST_DESC mX509Test[];
+
/** Creates a framework you can use */
EFI_STATUS
EFIAPI
diff --git
a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
index 40dfade717..1785b46005 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
@@ -40,6 +40,7 @@
HkdfTests.c
AeadAesGcmTests.c
BnTests.c
+ X509Tests.c
[Packages]
MdePkg/MdePkg.dec
diff --git
a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
index 00e6b088b8..70cdcf78f9 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
@@ -39,6 +39,7 @@
HkdfTests.c
AeadAesGcmTests.c
BnTests.c
+ X509Tests.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c
b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c
new file mode 100644
index 00..d9e1f3066b
--- /dev/null
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c
@@ -0,0 +1,631 @@
+/** @file
+ Application for X509 Cert Validation.
+
+Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "TestBaseCryptLib.h"
+
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 mOidSubjectAltName[] = { 0x55,
0x1D, 0x11 };
+
+//
+// use openssl tool to create the test certificates.
+//
+// openssl req -nodes -x509 -days 3650 -newkey rsa:4096 -keyout ca.key -out
ca.cert -sha256 -subj "/CN=intel test RSA CA"
+// openssl rsa -in ca.key -outform der -out ca.key.der
+// openssl req -nodes -newkey rsa:3072 -keyout inter.key -out inter.req
-sha256 -batch -subj "/CN=intel test RSA intermediate cert"
+// openssl req -nodes -newkey rsa:2048 -keyout end_requester.key -out
end_requester.req -sha256 -batch -subj "/CN=intel test RSA requseter cert"
+// openssl req -nodes -newkey rsa:2048 -keyout end_responder.key -out
end_responder.req -sha256 -batch -subj "/CN=intel test RSA responder cert"
+// openssl x509 -req -in inter.req -out inter.cert -CA ca.cert -CAkey ca.key
-sha256 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf
+// openssl x509 -req -in end_requester.req -out end_requester.cert -CA
inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 2 -extensions v3_end
-extfile ../openssl.cnf
+// openssl x509 -req -in end_responder.req -out end_responder.cert -CA
inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 3 -extensions v3_end
-extfile ../openssl.cnf
+// openssl asn1parse -in ca.cert -out ca.cert.der
+// openssl asn1parse -in inter.cert -out inter.cert.der
+// openssl asn1parse -in end_requester.cert -out end_requester.cert.der
+// cat ca.cert.der inter.cert.der end_requester.cert.der >
bundle_requester.certchain.der
+// openssl rsa
[edk2-devel] [PATCH V5 0/4] CryptoPkg: Add EC support
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3828 Review PR: https://github.com/tianocore/edk2/pull/3398 This patch sequence is used to add CryptEc library, which are wrapped over OpenSSL. The implementation provides library functions for EFI BaseCrypt protocol and EFI BaseCrypt Configuration Protocol. All APIs passed unit test and fuzzing test, detail as: 1. Unit test: The purpose of unit testing is to ensure that the function obtains the expected result under specific input, that is, to ensure the correctness of APIs. All test case show in patch 3 :CryptoPkg/Test: Add unit test for CryptoEc. 2. Fuzzing test: Various Fuzz Testing are employed across the all introduced APIs, and the test is used AFL (2.52b) and Libfuzzer (clang+llvm-11.0.0) as the fuzzer, based on HBFA. Fuzzing Pass Rate is 100%; The Code Coverage new APIs is 90.3%. All test case show in: https://github.com/liyi77/edk2-staging/tree/HBFA/HBFA/UefiHostFuzzTestCasePkg/TestCase/CryptoPkg V2 change: 1. Squash uncrustify tool update into previous patch. 2. Increase EDKII_CRYPTO_VERSION to 10. V3 change: Fix typo in comment. V4 change: Add ECC related usage reference V5 change: Optimized the description of ECC reference Tested-by: Yi Li Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Michael D Kinney Signed-off-by: Yi Li Yi Li (4): CryptoPkg: Add EC support CryptoPkg: Add EC APIs to DXE and protocol CryptoPkg: Add ECC related usage reference CryptoPkg/Test: Add unit test for CryptoEc CryptoPkg/CryptoPkg.dec | 29 + CryptoPkg/CryptoPkg.dsc | 1 + CryptoPkg/Driver/Crypto.c | 496 +++ CryptoPkg/Include/Library/BaseCryptLib.h | 424 + .../Pcd/PcdCryptoServiceFamilyEnable.h| 25 + .../Library/BaseCryptLib/BaseCryptLib.inf | 2 + .../Library/BaseCryptLib/PeiCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c | 765 .../Library/BaseCryptLib/Pk/CryptEcNull.c | 496 +++ .../Library/BaseCryptLib/SmmCryptLib.inf | 1 + .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 2 + .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 + .../Library/BaseCryptLibNull/Pk/CryptEcNull.c | 496 +++ .../BaseCryptLibOnProtocolPpi/CryptLib.c | 469 ++ CryptoPkg/Private/Protocol/Crypto.h | 831 +- CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 3 + .../BaseCryptLib/BaseCryptLibUnitTests.c | 1 + .../UnitTest/Library/BaseCryptLib/EcTests.c | 290 ++ .../Library/BaseCryptLib/TestBaseCryptLib.h | 2 + .../BaseCryptLib/TestBaseCryptLibHost.inf | 1 + .../BaseCryptLib/TestBaseCryptLibShell.inf| 1 + 21 files changed, 4137 insertions(+), 200 deletions(-) create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptEcNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Pk/CryptEcNull.c create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c -- 2.31.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94287): https://edk2.groups.io/g/devel/message/94287 Mute This Topic: https://groups.io/mt/93904005/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V5 2/4] CryptoPkg: Add EC APIs to DXE and protocol
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3828
The implementation provides CryptEc library functions
for EFI Driveer and EFI BaseCrypt Protocol.
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Xiaoyu Lu
Cc: Guomin Jiang
Signed-off-by: Yi Li
---
CryptoPkg/CryptoPkg.dsc | 1 +
CryptoPkg/Driver/Crypto.c | 496 +++
.../Pcd/PcdCryptoServiceFamilyEnable.h| 25 +
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 469 ++
CryptoPkg/Private/Protocol/Crypto.h | 831 +-
5 files changed, 1622 insertions(+), 200 deletions(-)
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 7034e8a412..e4e7bc0dbf 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -172,6 +172,7 @@
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family
| 0
!endif
!if $(CRYPTO_SERVICES) == MIN_PEI
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 9872b5bf70..7a8266aaba 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -5519,6 +5519,481 @@ CryptoServiceBigNumAddMod (
return CALL_BASECRYPTLIB (Bn.Services.AddMod, BigNumAddMod, (BnA, BnB, BnM,
BnRes), FALSE);
}
+//
=
+//Basic Elliptic Curve Primitives
+//
=
+
+/**
+ Initialize new opaque EcGroup object. This object represents an EC curve and
+ and is used for calculation within this group. This object should be freed
+ using EcGroupFree() function.
+
+ @param[in] CryptoNid Identifying number for the ECC curve (Defined in
+ BaseCryptLib.h).
+
+ @retval EcGroup object On success.
+ @retval NULLOn failure.
+**/
+VOID *
+EFIAPI
+CryptoServiceEcGroupInit (
+ IN UINTN CryptoNid
+ )
+{
+ return CALL_BASECRYPTLIB (Ec.Services.GroupInit, EcGroupInit, (CryptoNid),
NULL);
+}
+
+/**
+ Get EC curve parameters. While elliptic curve equation is Y^2 mod P = (X^3 +
AX + B) Mod P.
+ This function will set the provided Big Number objects to the corresponding
+ values. The caller needs to make sure all the "out" BigNumber parameters
+ are properly initialized.
+ @param[in] EcGroupEC group object.
+ @param[out] BnPrimeGroup prime number.
+ @param[out] BnAA coefficient.
+ @param[out] BnBB coefficient.
+ @param[in] BnCtx BN context.
+
+ @retval TRUE On success.
+ @retval FALSE Otherwise.
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceEcGroupGetCurve (
+ IN CONST VOID *EcGroup,
+ OUT VOID *BnPrime,
+ OUT VOID *BnA,
+ OUT VOID *BnB,
+ IN VOID*BnCtx
+ )
+{
+ return CALL_BASECRYPTLIB (Ec.Services.GroupGetCurve, EcGroupGetCurve,
(EcGroup, BnPrime, BnA, BnB, BnCtx), FALSE);
+}
+
+/**
+ Get EC group order.
+ This function will set the provided Big Number object to the corresponding
+ value. The caller needs to make sure that the "out" BigNumber parameter
+ is properly initialized.
+
+ @param[in] EcGroup EC group object.
+ @param[out] BnOrder Group prime number.
+
+ @retval TRUE On success.
+ @retval FALSE Otherwise.
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceEcGroupGetOrder (
+ IN VOID *EcGroup,
+ OUT VOID *BnOrder
+ )
+{
+ return CALL_BASECRYPTLIB (Ec.Services.GroupGetOrder, EcGroupGetOrder,
(EcGroup, BnOrder), FALSE);
+}
+
+/**
+ Free previously allocated EC group object using EcGroupInit().
+
+ @param[in] EcGroup EC group object to free.
+**/
+VOID
+EFIAPI
+CryptoServiceEcGroupFree (
+ IN VOID *EcGroup
+ )
+{
+ CALL_VOID_BASECRYPTLIB (Ec.Services.GroupFree, EcGroupFree, (EcGroup));
+}
+
+/**
+ Initialize new opaque EC Point object. This object represents an EC point
+ within the given EC group (curve).
+
+ @param[in] EC Group, properly initialized using EcGroupInit().
+
+ @retval EC Point object On success.
+ @retval NULL On failure.
+**/
+VOID *
+EFIAPI
+CryptoServiceEcPointInit (
+ IN CONST VOID *EcGroup
+ )
+{
+ return CALL_BASECRYPTLIB (Ec.Services.PointInit, EcPointInit, (EcGroup),
NULL);
+}
+
+/**
+ Free previously allocated EC Point object using EcPointInit().
+
+ @param[in] EcPoint EC Point to free.
+ @param[in] Clear TRUE iff the memory should be cleared.
+**/
+VOID
+EFIAPI
+CryptoServiceEcPointDeInit (
+ IN VOID *EcPoint,
+ IN BOOLEAN Clear
+ )
+{
+ CALL_VOID_BASECRYPTLIB (Ec.Services.PointDeInit,
[edk2-devel] [PATCH V5 3/4] CryptoPkg: Add ECC related usage reference
Describes the use cases under which ECC needs to be enabled, and provides the impact on memory size for developers' reference. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Michael D Kinney Signed-off-by: Yi Li --- CryptoPkg/CryptoPkg.dec | 29 + 1 file changed, 29 insertions(+) diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index d9b64e5763..a3716864fd 100644 --- a/CryptoPkg/CryptoPkg.dec +++ b/CryptoPkg/CryptoPkg.dec @@ -83,7 +83,36 @@ ## Enable/Disable the ECC feature in openssl library. The default is disabled. # If ECC feature is disabled, all related source files will not be compiled. + # @Prompt Enable/Disable ECC feature in EDK II Crypto gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled|FALSE|BOOLEAN|0x003 + # Set it to TRUE if: + # 1) Platform needs ECC in TLS, or asymmetric cryptography services such as + #X509 certificate or PEM format data processing. + # 2) Platform needs to enable PcdCryptoServiceFamilyEnable.Ec service. + # Please note: + # ECC feature will cause a significant memory increase, approximate memory impact + # in below table for reference by platform developers with FW size limitations. + # Uncompressed LZMA Compressed + # CPU CRYPTO_SERVICESModule EC=FALSE EC=TRUE EC=FALSE EC=TRUE Increase + # === === === + # IA32 NONE CryptoPei2153621568 0 KB + # IA32 NONE CryptoDxe2163221696 0 KB + # IA32 NONE CryptoSmm2297623072 0 KB + # IA32 MIN_PEI CryptoPei 248992 249120 0 KB + # IA32 MIN_DXE_MIN_SMM CryptoDxe 636672 829568288520 401034 113 KB + # IA32 MIN_DXE_MIN_SMM CryptoSmm 426048 601472191517 296022 105 KB + # IA32 ALL CryptoPei 423840 598976189047 293759 104 KB + # IA32 ALL CryptoDxe 645280 838144292955 405277 113 KB + # IA32 ALL CryptoSmm 441888 617184198779 303628 105 KB + # X64 NONE CryptoPei2963229664 0 KB + # X64 NONE CryptoDxe2979229792 0 KB + # X64 NONE CryptoSmm3129631296 0 KB + # X64 MIN_PEI CryptoPei 310784 310848 0 KB + # X64 MIN_DXE_MIN_SMM CryptoDxe 804288 1016256311436 426596 115 KB + # X64 MIN_DXE_MIN_SMM CryptoSmm 543776 733920204483 310775 106 KB + # X64 ALL CryptoPei 540384 730240202494 308467 106 KB + # X64 ALL CryptoDxe 815392 1027296316228 431321 115 KB + # X64 ALL CryptoSmm 563648 753696213488 319644 106 KB [UserExtensions.TianoCore."ExtraFiles"] CryptoPkgExtra.uni -- 2.31.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94290): https://edk2.groups.io/g/devel/message/94290 Mute This Topic: https://groups.io/mt/93904008/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V5 1/4] CryptoPkg: Add EC support
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3828 This patch is used to add CryptEc library, which is wrapped over OpenSSL. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Yi Li --- CryptoPkg/Include/Library/BaseCryptLib.h | 424 ++ .../Library/BaseCryptLib/BaseCryptLib.inf | 2 + .../Library/BaseCryptLib/PeiCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c | 765 ++ .../Library/BaseCryptLib/Pk/CryptEcNull.c | 496 .../Library/BaseCryptLib/SmmCryptLib.inf | 1 + .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 + .../Library/BaseCryptLibNull/Pk/CryptEcNull.c | 496 8 files changed, 2186 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptEc.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptEcNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Pk/CryptEcNull.c diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 3026299e29..63c6228368 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -14,6 +14,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include +#define CRYPTO_NID_NULL 0x + +// Key Exchange +#define CRYPTO_NID_SECP256R1 0x0204 +#define CRYPTO_NID_SECP384R1 0x0205 +#define CRYPTO_NID_SECP521R1 0x0206 + /// /// MD5 digest size in bytes /// @@ -3254,4 +3261,421 @@ BigNumAddMod ( OUT VOID *BnRes ); +// = +//Basic Elliptic Curve Primitives +// = + +/** + Initialize new opaque EcGroup object. This object represents an EC curve and + and is used for calculation within this group. This object should be freed + using EcGroupFree() function. + + @param[in] CryptoNid Identifying number for the ECC curve (Defined in + BaseCryptLib.h). + + @retval EcGroup object On success. + @retval NULLOn failure. +**/ +VOID * +EFIAPI +EcGroupInit ( + IN UINTN CryptoNid + ); + +/** + Get EC curve parameters. While elliptic curve equation is Y^2 mod P = (X^3 + AX + B) Mod P. + This function will set the provided Big Number objects to the corresponding + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroupEC group object. + @param[out] BnPrimeGroup prime number. + @param[out] BnAA coefficient. + @param[out] BnBB coefficient. + @param[in] BnCtx BN context. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcGroupGetCurve ( + IN CONST VOID *EcGroup, + OUT VOID *BnPrime, + OUT VOID *BnA, + OUT VOID *BnB, + IN VOID*BnCtx + ); + +/** + Get EC group order. + This function will set the provided Big Number object to the corresponding + value. The caller needs to make sure that the "out" BigNumber parameter + is properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnOrder Group prime number. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcGroupGetOrder ( + IN VOID *EcGroup, + OUT VOID *BnOrder + ); + +/** + Free previously allocated EC group object using EcGroupInit(). + + @param[in] EcGroup EC group object to free. +**/ +VOID +EFIAPI +EcGroupFree ( + IN VOID *EcGroup + ); + +/** + Initialize new opaque EC Point object. This object represents an EC point + within the given EC group (curve). + + @param[in] EC Group, properly initialized using EcGroupInit(). + + @retval EC Point object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +EcPointInit ( + IN CONST VOID *EcGroup + ); + +/** + Free previously allocated EC Point object using EcPointInit(). + + @param[in] EcPoint EC Point to free. + @param[in] Clear TRUE iff the memory should be cleared. +**/ +VOID +EFIAPI +EcPointDeInit ( + IN VOID *EcPoint, + IN BOOLEAN Clear + ); + +/** + Get EC point affine (x,y) coordinates. + This function will set the provided Big Number objects to the corresponding + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroupEC group object. + @param[in] EcPointEC point object. + @param[out] BnXX coordinate. + @param[out] BnYY coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointGetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + OUT VOID *BnX, + OUT VOID *BnY, + IN VOID*BnCtx + ); + +/** + Set EC poi
[edk2-devel] [PATCH V5 4/4] CryptoPkg/Test: Add unit test for CryptoEc
Add unit test for CryptoEc.
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Xiaoyu Lu
Cc: Guomin Jiang
Signed-off-by: Yi Li
---
.../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 2 +
CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 3 +
.../BaseCryptLib/BaseCryptLibUnitTests.c | 1 +
.../UnitTest/Library/BaseCryptLib/EcTests.c | 290 ++
.../Library/BaseCryptLib/TestBaseCryptLib.h | 2 +
.../BaseCryptLib/TestBaseCryptLibHost.inf | 1 +
.../BaseCryptLib/TestBaseCryptLibShell.inf| 1 +
7 files changed, 300 insertions(+)
create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c
diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
index 6891db97fb..168e24e4c0 100644
--- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
@@ -48,6 +48,8 @@
Pk/CryptRsaPss.c
Pk/CryptRsaPssSign.c
Bn/CryptBn.c
+ Pk/CryptEcNull.c|*|*|*|!gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ Pk/CryptEc.c|*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
SysCall/UnitTestHostCrtWrapper.c
diff --git a/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc
b/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc
index 16478f4a57..b6e1a66198 100644
--- a/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc
+++ b/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc
@@ -19,6 +19,9 @@
!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
+[PcdsFixedAtBuild]
+ gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled|TRUE
+
[LibraryClasses]
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
diff --git
a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
index 8450e95172..63bae35b80 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c
@@ -28,6 +28,7 @@ SUITE_DESC mSuiteDesc[] = {
{ "Hkdf extract and expand tests", "CryptoPkg.BaseCryptLib", NULL, NULL,
&mHkdfTestNum, mHkdfTest },
{ "Aead AES Gcm tests","CryptoPkg.BaseCryptLib", NULL, NULL,
&mAeadAesGcmTestNum, mAeadAesGcmTest },
{ "Bn verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,
&mBnTestNum, mBnTest },
+ { "EC verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,
&mEcTestNum, mEcTest },
};
EFI_STATUS
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c
b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c
new file mode 100644
index 00..54ce0b22df
--- /dev/null
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/EcTests.c
@@ -0,0 +1,290 @@
+/** @file
+ Application for Diffie-Hellman Primitives Validation.
+
+Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "TestBaseCryptLib.h"
+
+#define EC_CURVE_NUM_SUPPORTED 3
+UINTN EcCurveList[EC_CURVE_NUM_SUPPORTED] = { CRYPTO_NID_SECP256R1,
CRYPTO_NID_SECP384R1, CRYPTO_NID_SECP521R1 };
+UINTN EcKeyHalfSize[EC_CURVE_NUM_SUPPORTED] = { 32, 48, 66 };
+
+struct Generator {
+ UINT8X[66];
+ UINT8Y[66];
+};
+
+// Generator points of all ec curve
+struct Generator EcCurveGenerator[EC_CURVE_NUM_SUPPORTED] =
+{
+ // CRYPTO_NID_SECP256R1
+ {
+{ 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
+ 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
+ 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96 },
+
+{ 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
+ 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
+ 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5 }
+ },
+ // CRYPTO_NID_SECP384R1
+ {
+{ 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
+ 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
+ 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
+ 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7 },
+
+{ 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
+ 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
+ 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
+ 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f }
+ },
+ // CRYPTO_NID_SECP521R1
+ {
+{ 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
+ 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
+ 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
+ 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1
Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf()
Hi Jiewen,
Can you take a look at this patch?
WPA3 Tls API fuzzing is blocked because of same pem API.
Thanks,
Yi
-Original Message-
From: devel@edk2.groups.io On Behalf Of yi1 li
Sent: Thursday, September 22, 2022 8:53 PM
To: devel@edk2.groups.io
Cc: Li, Yi1 ; Yao, Jiewen ; Wang, Jian
J ; Lu, Xiaoyu1 ; Jiang, Guomin
Subject: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix pem heap-buffer-overflow due
to BIO_snprintf()
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075
Fake BIO_snprintf() need to return error status -1. 0 will be considered a
correct return value, this may cause crash, please refer to bugzilla link for
details.
Signed-off-by: Yi Li
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Xiaoyu Lu
Cc: Guomin Jiang
---
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index c1fc33538f..d7d8c206ed 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -494,7 +494,7 @@ BIO_snprintf (
...
)
{
- return 0;
+ return -1;
}
#ifdef __GNUC__
--
2.31.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#94292): https://edk2.groups.io/g/devel/message/94292
Mute This Topic: https://groups.io/mt/93847550/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf()
Thanks. The solution looks good.
I recommend to add more comments below:
// Because the function does not actually print anything to buf, it returns -1
as error.
// Otherwise, the consumer may think that the buf is valid and parse the buffer.
With comment change, reviewed-by: Jiewen Yao
> -Original Message-
> From: Li, Yi1
> Sent: Sunday, September 25, 2022 5:40 PM
> To: devel@edk2.groups.io; Li, Yi1 ; Yao, Jiewen
>
> Cc: Wang, Jian J ; Lu, Xiaoyu1
> ; Jiang, Guomin
> Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix pem heap-buffer-
> overflow due to BIO_snprintf()
>
> Hi Jiewen,
> Can you take a look at this patch?
> WPA3 Tls API fuzzing is blocked because of same pem API.
>
> Thanks,
> Yi
>
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of yi1 li
> Sent: Thursday, September 22, 2022 8:53 PM
> To: devel@edk2.groups.io
> Cc: Li, Yi1 ; Yao, Jiewen ; Wang,
> Jian J ; Lu, Xiaoyu1 ; Jiang,
> Guomin
> Subject: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix pem heap-buffer-overflow
> due to BIO_snprintf()
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075
>
> Fake BIO_snprintf() need to return error status -1. 0 will be considered a
> correct return value, this may cause crash, please refer to bugzilla link for
> details.
>
> Signed-off-by: Yi Li
>
> Cc: Jiewen Yao
> Cc: Jian J Wang
> Cc: Xiaoyu Lu
> Cc: Guomin Jiang
> ---
> CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
> b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
> index c1fc33538f..d7d8c206ed 100644
> --- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
> +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
> @@ -494,7 +494,7 @@ BIO_snprintf (
>...
>)
> {
> - return 0;
> + return -1;
> }
>
> #ifdef __GNUC__
> --
> 2.31.1.windows.1
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#94293): https://edk2.groups.io/g/devel/message/94293
Mute This Topic: https://groups.io/mt/93847550/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1] UefiCpuPkg/Test: Add unit tests for MP service PPI and Protocol
From: Jason Lou
The code changes add unit tests based on current UnitTestFramework.
EdkiiPeiMpServices2PpiPeiUnitTest PEIM is used to test
EdkiiPeiMpServices2Ppi and EfiMpServiceProtocolDxeUnitTest DXE driver is
used to test EfiMpServiceProtocol.
Change-Id: I7c48249d5113c172655df5f39cfc254f48aed259
Signed-off-by: Jason Lou
Cc: Ray Ni
Cc: Eric Dong
Cc: Laszlo Ersek
Cc: Rahul Kumar
---
UefiCpuPkg/Test/UnitTest/EfiMpServicesPpiProtocol/EdkiiPeiMpServices2PpiUnitTest.c
| 477 ++
UefiCpuPkg/Test/UnitTest/EfiMpServicesPpiProtocol/EfiMpServiceProtocolUnitTest.c
| 244 +++
UefiCpuPkg/Test/UnitTest/EfiMpServicesPpiProtocol/EfiMpServicesUnitTestCommom.c
| 1741
UefiCpuPkg/Test/UefiCpuPkgHostTest.dsc
|6 +
UefiCpuPkg/Test/UnitTest/EfiMpServicesPpiProtocol/EdkiiPeiMpServices2PpiPeiUnitTest.inf
| 46 +
UefiCpuPkg/Test/UnitTest/EfiMpServicesPpiProtocol/EfiMpServiceProtocolDxeUnitTest.inf
| 46 +
UefiCpuPkg/Test/UnitTest/EfiMpServicesPpiProtocol/EfiMpServicesUnitTestCommom.h
| 611 +++
7 files changed, 3171 insertions(+)
diff --git
a/UefiCpuPkg/Test/UnitTest/EfiMpServicesPpiProtocol/EdkiiPeiMpServices2PpiUnitTest.c
b/UefiCpuPkg/Test/UnitTest/EfiMpServicesPpiProtocol/EdkiiPeiMpServices2PpiUnitTest.c
new file mode 100644
index 00..1826a6daae
--- /dev/null
+++
b/UefiCpuPkg/Test/UnitTest/EfiMpServicesPpiProtocol/EdkiiPeiMpServices2PpiUnitTest.c
@@ -0,0 +1,477 @@
+/** @file
+ PEI Module to test APIs defined in EdkiiPeiMpServices2Ppi.
+
+ Copyright (c) 2022, Intel Corporation. All rights reserved.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include
+#include
+#include "EfiMpServicesUnitTestCommom.h"
+
+#define UNIT_TEST_NAME "EdkiiPeiMpServices2Ppi Unit Test"
+#define UNIT_TEST_VERSION "0.1"
+
+/**
+ Get EDKII_PEI_MP_SERVICES2_PPI pointer.
+
+ @param[out] MpServicesPointer to the buffer where
EDKII_PEI_MP_SERVICES2_PPI is stored.
+
+ @retval EFI_SUCCESS EDKII_PEI_MP_SERVICES2_PPI interface is returned
+ @retval EFI_NOT_FOUND EDKII_PEI_MP_SERVICES2_PPI interface is not found
+**/
+EFI_STATUS
+MpServicesUnitTestGetMpServices (
+ OUT MP_SERVICES *MpServices
+ )
+{
+ return PeiServicesLocatePpi (&gEdkiiPeiMpServices2PpiGuid, 0, NULL, (VOID
**)&MpServices->Ppi);
+}
+
+/**
+ Retrieve the number of logical processor in the platform and the number of
those logical processors that
+ are enabled on this boot.
+
+ @param[in] MpServices MP_SERVICES structure.
+ @param[out] NumberOfProcessors Pointer to the total number of logical
processors in the system, including
+ the BSP and disabled APs.
+ @param[out] NumberOfEnabledProcessors Pointer to the number of processors in
the system that are enabled.
+
+ @retval EFI_SUCCESS Retrieve the number of logical processor
successfully
+ @retval OthersRetrieve the number of logical processor
unsuccessfully
+**/
+EFI_STATUS
+MpServicesUnitTestGetNumberOfProcessors (
+ IN MP_SERVICES MpServices,
+ OUT UINTN *NumberOfProcessors,
+ OUT UINTN *NumberOfEnabledProcessors
+ )
+{
+ return MpServices.Ppi->GetNumberOfProcessors (MpServices.Ppi,
NumberOfProcessors, NumberOfEnabledProcessors);
+}
+
+/**
+ Get detailed information on the requested logical processor.
+
+ @param[in] MpServicesMP_SERVICES structure.
+ @param[in] ProcessorNum The handle number of the processor.
+ @param[out] ProcessorInfo Pointer to the buffer where the processor
information is stored.
+
+ @retval EFI_SUCCESS Get information on the requested logical processor
successfully
+ @retval OthersGet information on the requested logical processor
unsuccessfully
+**/
+EFI_STATUS
+MpServicesUnitTestGetProcessorInfo (
+ IN MP_SERVICES MpServices,
+ IN UINTNProcessorNumber,
+ OUT EFI_PROCESSOR_INFORMATION *ProcessorInfoBuffer
+ )
+{
+ return MpServices.Ppi->GetProcessorInfo (MpServices.Ppi, ProcessorNumber,
ProcessorInfoBuffer);
+}
+
+/**
+ Execute a caller provided function on all enabled APs.
+
+ @param[in] MpServicesMP_SERVICES structure.
+ @param[in] Procedure Pointer to the function to be run on enabled APs
of the system.
+ @param[in] SingleThread If TRUE, then all the enabled APs execute the
function specified by Procedure
+one by one, in ascending order of processor handle
number.
+If FALSE, then all the enabled APs execute the
function specified by Procedure
+simultaneously.
+ @param[in] TimeoutInMicroseconds Indicates the time limit in microseconds
for APs to return from Procedure,
+for blocking mode only. Zero means
infinity.
+ @param[in] ProcedureArgument The parameter passed into Procedure for
all APs.
+
+ @ret
Re: [edk2-devel] CryptoPkg OpensslLib INF files
Hi Christopher, I tried this path and the build does break for GCC5 due to NASM source files using some VS20xx specific section names. We will keep the .S files for GCC5 compatibility. I also noticed that your patches did not add the build of these optimized INFs to the CryptoPkg DSC file. I am working on a branch that includes that update along with combining the 4 new INFs into a single OpensslLibOpt.inf. I have also noticed that these optimized libs have larger PE/COFF section alignment requirements than the default alignment for VS20xx toolchains. IA32 requires 64-byte alignment. X64 required 256-byte alignment. We do not want to apply these larger alignment requirements to all modules. This can increase FLASH overhead, especially for uncompressed PEIMs. When building modules that consume the optimized OpensslLib, then modules require the use of in the scope of that specific module in the DSC file to increase the alignment size. MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64 MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256 What does not make sense is that GCC5 builds use 32-byte alignment by default and do not generate a build error from linking this Openssl content that required 64-byte or 256-byte alignment. Have the GCC5 builds of these optimized OpensslLibs been tested? Are exceptions being generated for unaligned access? Thanks, Mike > -Original Message- > From: Kinney, Michael D > Sent: Saturday, September 24, 2022 1:24 PM > To: devel@edk2.groups.io; christopher.zurc...@outlook.com; Yao, Jiewen > ; Wang, Jian J > ; Lu, Xiaoyu1 ; Jiang, Guomin > ; Kinney, Michael D > > Subject: RE: [edk2-devel] CryptoPkg OpensslLib INF files > > Hi Christopher, > > I see that IA32 uses .nasm files and IA32Gcc uses .S files. > > EDK II support use of NASM files from both VS and GCC builds. > > Is there any reason why the .nasm files generated by OpenSSL can not > be used for both VS and GCC builds and remove the .S files? > > Thanks, > > Mike > > > > -Original Message- > > From: devel@edk2.groups.io On Behalf Of Christopher > > Zurcher > > Sent: Friday, September 23, 2022 3:40 PM > > To: devel@edk2.groups.io; Yao, Jiewen ; Kinney, > > Michael D ; Wang, Jian J > > ; Lu, Xiaoyu1 ; Jiang, Guomin > > > > Subject: Re: [edk2-devel] CryptoPkg OpensslLib INF files > > > > I looked at doing this previously and found that depending on the selection > > of accelerated algorithms (in UefiAsm.conf) you > > can end up with different sets of non-assembly source files, so that a > > unified INF would have to contain a copy of the > entire > > Sources section for each architecture target. The build options can also be > > affected such that you'd have different sets of > > those as well (the OPENSSL_FLAGS_CONFIG define). > > > > If we can commit to limiting the accelerated algorithms to the current > > selection, it should be possible to unify the files. > > > > Thanks, > > Christopher Zurcher > > > > -Original Message- > > From: devel@edk2.groups.io On Behalf Of Yao, Jiewen > > Sent: Friday, September 23, 2022 15:33 > > To: Kinney, Michael D ; devel@edk2.groups.io; > > Wang, Jian J ; Lu, Xiaoyu1 > > ; Jiang, Guomin > > Subject: Re: [edk2-devel] CryptoPkg OpensslLib INF files > > > > Hi Mike > > Yes, I agree with you. > > > > If we have a way to reduce the number of INF, we should. Feel free to > > submit patch. > > > > BTW: Do you think we have chance to combine OpensslLibOpt.inf with > > OpensslLib.inf, with PCD Feature Flag: "Opt"? > > > > Thank you > > Yao Jiewen > > > > > -Original Message- > > > From: Kinney, Michael D > > > Sent: Saturday, September 24, 2022 4:58 AM > > > To: devel@edk2.groups.io; Yao, Jiewen ; Kinney, > > > Michael D ; Wang, Jian J > > > ; Lu, Xiaoyu1 ; Jiang, > > > Guomin > > > Subject: CryptoPkg OpensslLib INF files > > > > > > Hi Jiewen, > > > > > > I see we now have 6 INF files for the OpensslLib > > > > > > * OpensslLib.inf > > > * OpensslLibCrypto.inf > > > * OpensslLibIa32.inf > > > * OpensslLibIa32Gcc.inf > > > * OpensslLibX64.inf > > > * OpensslLibX64Gcc.inf > > > > > > If I look at the difference between OpensslLib and OpensslLibCrypto, > > > the OpensslLibCrypto includes the "ssl" source files. > > > > > > This looks like a similar problem as the "ec" sources. But the "ec" > > > sources were addressed with a PCD FeatureFlag expression so we did not > > > have to add another INF. > > > > > > Could the same technique be applied to the "ssl" sources so we can get > > > back to just OpensslLib.inf with an SSL PCD and an EC PCD to > > > conditionally build the extra source files? > > > > > > For the other 4 INF files, these contain the assembly optimized > > > algorithms for IA32/X64. I think these 4 INFs can be combined into a > > > single INF. > > > Perhaps OpensslLibOpt.inf? > > > > > > Mike > > > > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this g
[edk2-devel] Event: Tools, CI, Code base construction meeting series - 09/26/2022 #cal-reminder
*Reminder: Tools, CI, Code base construction meeting series* *When:* 09/26/2022 4:30pm to 5:30pm (UTC-07:00) America/Los Angeles *Where:* https://github.com/tianocore/edk2/discussions/2614 View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=1610029 ) *Description:* TianoCore community, Microsoft and Intel will be hosting a series of open meetings to discuss build, CI, tools, and other related topics. If you are interested, have ideas/opinions please join us. These meetings will be Monday 4:30pm Pacific Time on Microsoft Teams. MS Teams Link in following discussion: * https://github.com/tianocore/edk2/discussions/2614 Anyone is welcome to join. * tianocore/edk2: EDK II (github.com) * tianocore/edk2-basetools: EDK II BaseTools Python tools as a PIP module (github.com) https://github.com/tianocore/edk2-basetools * tianocore/edk2-pytool-extensions: Extensions to the edk2 build system allowing for a more robust and plugin based build system and tool execution environment (github.com) https://github.com/tianocore/edk2-pytool-extensions * tianocore/edk2-pytool-library: Python library package that supports UEFI development (github.com) https://github.com/tianocore/edk2-pytool-library MS Teams Browser Clients * https://docs.microsoft.com/en-us/microsoftteams/get-clients?tabs=Windows#browser-client -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94296): https://edk2.groups.io/g/devel/message/94296 Mute This Topic: https://groups.io/mt/93917243/21656 Mute #cal-reminder:https://edk2.groups.io/g/devel/mutehashtag/cal-reminder Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V2 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf()
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075
Fake BIO_snprintf() does not actually print anything to buf,
it should return -1 as error.
0 will be considered a correct return value, the consumer may think that
the buf is valid and parse the buffer.
please refer to bugzilla link for details.
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Xiaoyu Lu
Cc: Guomin Jiang
Signed-off-by: Yi Li
reviewed-by: Jiewen Yao
---
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index c1fc33538f..b65d29485b 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -494,7 +494,9 @@ BIO_snprintf (
...
)
{
- return 0;
+ // Because the function does not actually print anything to buf, it returns
-1 as error.
+ // Otherwise, the consumer may think that the buf is valid and parse the
buffer.
+ return -1;
}
#ifdef __GNUC__
--
2.31.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#94297): https://edk2.groups.io/g/devel/message/94297
Mute This Topic: https://groups.io/mt/93918011/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] Questions about MicroPython and CPython in shell environment
Hi, Experts: I have 2 questions about python support in shell environment. 1. MicroPython not supported in udk github base anymore? It seemed intel colleagures had developmented a sample MicroPython pkg in edk2-staging github. 2. Will CPython be supported in shell environment? Thanks ? ? CONFIDENTIAL NOTE: This email contains confidential or legally privileged information and is for the sole use of its intended recipient. Any unauthorized review, use, copying or forwarding of this email or the content of this email is strictly prohibited. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94298): https://edk2.groups.io/g/devel/message/94298 Mute This Topic: https://groups.io/mt/93918306/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V2 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf()
Merged https://github.com/tianocore/edk2/pull/3401
> -Original Message-
> From: Li, Yi1
> Sent: Monday, September 26, 2022 8:25 AM
> To: devel@edk2.groups.io
> Cc: Li, Yi1 ; Yao, Jiewen ; Wang,
> Jian J ; Lu, Xiaoyu1 ; Jiang,
> Guomin ; Yao, Jiewen
> Subject: [PATCH V2 1/1] CryptoPkg: Fix pem heap-buffer-overflow due to
> BIO_snprintf()
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4075
>
> Fake BIO_snprintf() does not actually print anything to buf,
> it should return -1 as error.
> 0 will be considered a correct return value, the consumer may think that
> the buf is valid and parse the buffer.
> please refer to bugzilla link for details.
>
> Cc: Jiewen Yao
> Cc: Jian J Wang
> Cc: Xiaoyu Lu
> Cc: Guomin Jiang
>
> Signed-off-by: Yi Li
> reviewed-by: Jiewen Yao
> ---
> CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
> b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
> index c1fc33538f..b65d29485b 100644
> --- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
> +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
> @@ -494,7 +494,9 @@ BIO_snprintf (
>...
>)
> {
> - return 0;
> + // Because the function does not actually print anything to buf, it returns
> -1 as error.
> + // Otherwise, the consumer may think that the buf is valid and parse the
> buffer.
> + return -1;
> }
>
> #ifdef __GNUC__
> --
> 2.31.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#94299): https://edk2.groups.io/g/devel/message/94299
Mute This Topic: https://groups.io/mt/93918011/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] Questions about MicroPython and CPython in shell environment
Hi Tiger, CPython is already supported, see edk2-libc. Thanks, Pedro On Mon, 26 Sept 2022, 01:39 Tiger Liu(BJ-RD), wrote: > Hi, Experts: > > I have 2 questions about python support in shell environment. > > > > 1. MicroPython not supported in udk github base anymore? > > It seemed intel colleagures had developmented a sample MicroPython pkg in > edk2-staging github. > > 2. Will CPython be supported in shell environment? > > > > > > Thanks > > > > > > 保密声明: > 本邮件含有保密或专有信息,仅供指定收件人使用。严禁对本邮件或其内容做任何未经授权的查阅、使用、复制或转发。 > *CONFIDENTIAL NOTE: * > *This email contains confidential or legally privileged information and is > for the sole use of its intended recipient. Any unauthorized review, use, > copying or forwarding of this email or the content of this email is > strictly prohibited.* > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94300): https://edk2.groups.io/g/devel/message/94300 Mute This Topic: https://groups.io/mt/93918306/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] 回复: [PATCH v2 04/34] FmpDevicePkg: Add LOONGARCH64 architecture for EDK2 CI.
Reviewed-by: Liming Gao 发件人: chao li 发送时间: 2022年9月23日 15:04 收件人: Liming Gao ; Michael D Kinney ; Guomin Jiang ; Wei6 Xu 抄送: devel@edk2.groups.io 主题: Re: [PATCH v2 04/34] FmpDevicePkg: Add LOONGARCH64 architecture for EDK2 CI. Hi Liming, Mike, Guomin and Wei, This patch has not been reviewed, would you please review it? Thanks, Chao On 9月 14 2022, at 5:36 下午, Chao Li mailto:lic...@loongson.cn> > wrote: REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4053 Add LOONGARCH64 architecture for EDK2 CI testing. Cc: Liming Gao mailto:gaolim...@byosoft.com.cn> > Cc: Michael D Kinney mailto:michael.d.kin...@intel.com> > Cc: Guomin Jiang mailto:guomin.ji...@intel.com> > Cc: Wei6 Xu mailto:wei6...@intel.com> > Signed-off-by: Chao Li mailto:lic...@loongson.cn> > --- FmpDevicePkg/FmpDevicePkg.dsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/FmpDevicePkg/FmpDevicePkg.dsc b/FmpDevicePkg/FmpDevicePkg.dsc index 7b1af285dd..f9f26c54bb 100644 --- a/FmpDevicePkg/FmpDevicePkg.dsc +++ b/FmpDevicePkg/FmpDevicePkg.dsc @@ -9,6 +9,7 @@ # Copyright (c) Microsoft Corporation. # Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved. # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved. +# Copyright (c) 2022, Loongson Technology Corporation Limited. All rights reserved. # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -20,7 +21,7 @@ PLATFORM_VERSION = 0.1 DSC_SPECIFICATION = 0x00010005 OUTPUT_DIRECTORY = Build/FmpDevicePkg - SUPPORTED_ARCHITECTURES = IA32|X64|ARM|AARCH64|RISCV64 + SUPPORTED_ARCHITECTURES = IA32|X64|ARM|AARCH64|RISCV64|LOONGARCH64 BUILD_TARGETS = DEBUG|RELEASE|NOOPT SKUID_IDENTIFIER = DEFAULT -- 2.27.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94301): https://edk2.groups.io/g/devel/message/94301 Mute This Topic: https://groups.io/mt/93920957/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] 回复: [PATCH v2 32/34] MdeModulePkg/DxeIplPeim : LoongArch DxeIPL implementation.
Reviewed-by: Liming Gao
发件人: chao li
发送时间: 2022年9月23日 15:24
收件人: Liming Gao ; Guomin Jiang
; Baoqi Zhang
抄送: devel@edk2.groups.io
主题: Re: [PATCH v2 32/34] MdeModulePkg/DxeIplPeim : LoongArch DxeIPL
implementation.
Hi Liming and Guomin,
This patch has not been reviewed, would you please review it?
Thanks,
Chao
On 9月 14 2022, at 5:42 下午, Chao Li mailto:lic...@loongson.cn> > wrote:
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4053
Implement LoongArch DxeIPL instance.
Cc: Liming Gao mailto:gaolim...@byosoft.com.cn> >
Cc: Guomin Jiang mailto:guomin.ji...@intel.com> >
Signed-off-by: Chao Li mailto:lic...@loongson.cn> >
Co-authored-by: Baoqi Zhang mailto:zhangba...@loongson.cn> >
---
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 6 +-
.../Core/DxeIplPeim/LoongArch64/DxeLoadFunc.c | 63 +++
2 files changed, 68 insertions(+), 1 deletion(-)
create mode 100644 MdeModulePkg/Core/DxeIplPeim/LoongArch64/DxeLoadFunc.c
diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
index 19b8a4c8ae..052ea0ec1a 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -8,6 +8,7 @@
# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
# Copyright (c) 2017, AMD Incorporated. All rights reserved.
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights
reserved.
+# Copyright (c) 2022, Loongson Technology Corporation Limited. All rights
reserved.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -26,7 +27,7 @@
#
# The following information is for reference only and not required by the build
tools.
#
-# VALID_ARCHITECTURES = IA32 X64 EBC (EBC is for build only) AARCH64 RISCV64
+# VALID_ARCHITECTURES = IA32 X64 EBC (EBC is for build only) AARCH64 RISCV64
LOONGARCH64
#
[Sources]
@@ -53,6 +54,9 @@
[Sources.RISCV64]
RiscV64/DxeLoadFunc.c
+[Sources.LOONGARCH64]
+ LoongArch64/DxeLoadFunc.c
+
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
diff --git a/MdeModulePkg/Core/DxeIplPeim/LoongArch64/DxeLoadFunc.c
b/MdeModulePkg/Core/DxeIplPeim/LoongArch64/DxeLoadFunc.c
new file mode 100644
index 00..95d3af19ea
--- /dev/null
+++ b/MdeModulePkg/Core/DxeIplPeim/LoongArch64/DxeLoadFunc.c
@@ -0,0 +1,63 @@
+/** @file
+ LoongArch specifc functionality for DxeLoad.
+
+ Copyright (c) 2022, Loongson Technology Corporation Limited. All rights
reserved.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "DxeIpl.h"
+
+/**
+ Transfers control to DxeCore.
+
+ This function performs a CPU architecture specific operations to execute
+ the entry point of DxeCore with the parameters of HobList.
+ It also installs EFI_END_OF_PEI_PPI to signal the end of PEI phase.
+
+ @param[in] DxeCoreEntryPoint The entry point of DxeCore.
+ @param[in] HobList The start of HobList passed to DxeCore.
+
+**/
+VOID
+HandOffToDxeCore (
+ IN EFI_PHYSICAL_ADDRESS DxeCoreEntryPoint,
+ IN EFI_PEI_HOB_POINTERS HobList
+ )
+{
+ VOID *BaseOfStack;
+ VOID *TopOfStack;
+ EFI_STATUS Status;
+
+ //
+ // Allocate 128KB for the Stack
+ //
+ BaseOfStack = AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE));
+ ASSERT (BaseOfStack != NULL);
+
+ //
+ // Compute the top of the stack we were allocated. Pre-allocate a UINTN
+ // for safety.
+ //
+ TopOfStack = (VOID *)((UINTN)BaseOfStack + EFI_SIZE_TO_PAGES (STACK_SIZE) *
EFI_PAGE_SIZE - CPU_STACK_ALIGNMENT);
+ TopOfStack = ALIGN_POINTER (TopOfStack, CPU_STACK_ALIGNMENT);
+
+ //
+ // End of PEI phase signal
+ //
+ Status = PeiServicesInstallPpi (&gEndOfPeiSignalPpi);
+ ASSERT_EFI_ERROR (Status);
+
+ //
+ // Update the contents of BSP stack HOB to reflect the real stack info passed
to DxeCore.
+ //
+ UpdateStackHob ((EFI_PHYSICAL_ADDRESS)(UINTN)BaseOfStack, STACK_SIZE);
+
+ SwitchStack (
+ (SWITCH_STACK_ENTRY_POINT)(UINTN)DxeCoreEntryPoint,
+ HobList.Raw,
+ NULL,
+ TopOfStack
+ );
+}
--
2.27.0
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#94302): https://edk2.groups.io/g/devel/message/94302
Mute This Topic: https://groups.io/mt/93920996/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] Questions about MicroPython and CPython in shell environment
Hi, Pedro: Thanks for your reply! How about UEFI MicroPython? Is it deprecated? Or maintained in other github branch? Thanks 发件人: Pedro Falcato 发送时间: 2022年9月26日 10:49 收件人: edk2-devel-groups-io ; Tiger Liu(BJ-RD) 主题: Re: [edk2-devel] Questions about MicroPython and CPython in shell environment Hi Tiger, CPython is already supported, see edk2-libc. Thanks, Pedro On Mon, 26 Sept 2022, 01:39 Tiger Liu(BJ-RD), mailto:tiger...@zhaoxin.com>> wrote: Hi, Experts: I have 2 questions about python support in shell environment. 1. MicroPython not supported in udk github base anymore? It seemed intel colleagures had developmented a sample MicroPython pkg in edk2-staging github. 2. Will CPython be supported in shell environment? Thanks 保密声明: 本邮件含有保密或专有信息,仅供指定收件人使用。严禁对本邮件或其内容做任何未经授权的查阅、使用、复制或转发。 CONFIDENTIAL NOTE: This email contains confidential or legally privileged information and is for the sole use of its intended recipient. Any unauthorized review, use, copying or forwarding of this email or the content of this email is strictly prohibited. 保密声明: 本邮件含有保密或专有信息,仅供指定收件人使用。严禁对本邮件或其内容做任何未经授权的查阅、使用、复制或转发。 CONFIDENTIAL NOTE: This email contains confidential or legally privileged information and is for the sole use of its intended recipient. Any unauthorized review, use, copying or forwarding of this email or the content of this email is strictly prohibited. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94303): https://edk2.groups.io/g/devel/message/94303 Mute This Topic: https://groups.io/mt/93918306/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
回复: [edk2-devel] [PATCH 3/6] BaseTools/VolInfo: Increase GUID base name string
Reviewed-by: Liming Gao
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 Konstantin
> Aladyshev
> 发送时间: 2022年8月30日 18:15
> 收件人: devel@edk2.groups.io
> 抄送: bob.c.f...@intel.com; gaolim...@byosoft.com.cn;
> yuwei.c...@intel.com; Konstantin Aladyshev
> 主题: [edk2-devel] [PATCH 3/6] BaseTools/VolInfo: Increase GUID base name
> string
>
> The current string lenght (=60) is not enough for cases where basename
> is a path to Build folder.
> Drop custom define and use MAX_LINE_LEN from the BaseTools codebase
> instead.
>
> Signed-off-by: Konstantin Aladyshev
> ---
> BaseTools/Source/C/VolInfo/VolInfo.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/BaseTools/Source/C/VolInfo/VolInfo.c
> b/BaseTools/Source/C/VolInfo/VolInfo.c
> index 4628e756d7..d9be3d8c18 100644
> --- a/BaseTools/Source/C/VolInfo/VolInfo.c
> +++ b/BaseTools/Source/C/VolInfo/VolInfo.c
> @@ -51,15 +51,13 @@ EFI_GUID
> gEfiCrc32GuidedSectionExtractionProtocolGuid =
> EFI_CRC32_GUIDED_SECTIO
>
>
> #define EFI_SECTION_ERROR EFIERR (100)
>
>
>
> -#define MAX_BASENAME_LEN 60 // not good to hardcode, but let's be
> reasonable
>
> -
>
> //
>
> // Structure to keep a list of guid-to-basenames
>
> //
>
> typedef struct _GUID_TO_BASENAME {
>
>struct _GUID_TO_BASENAME *Next;
>
>INT8 Guid[PRINTED_GUID_BUFFER_SIZE];
>
> - INT8 BaseName[MAX_BASENAME_LEN];
>
> + INT8 BaseName[MAX_LINE_LEN];
>
> } GUID_TO_BASENAME;
>
>
>
> static GUID_TO_BASENAME *mGuidBaseNameList = NULL;
>
> --
> 2.25.1
>
>
>
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#92970): https://edk2.groups.io/g/devel/message/92970
> Mute This Topic: https://groups.io/mt/93345658/4905953
> Group Owner: devel+ow...@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> [gaolim...@byosoft.com.cn]
> -=-=-=-=-=-=
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#94304): https://edk2.groups.io/g/devel/message/94304
Mute This Topic: https://groups.io/mt/93921326/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
回复: [edk2-devel] [PATCH 4/6] BaseTools/VolInfo: Update file and section type strings
Reviewed-by: Liming Gao
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 Konstantin
> Aladyshev
> 发送时间: 2022年8月30日 18:15
> 收件人: devel@edk2.groups.io
> 抄送: bob.c.f...@intel.com; gaolim...@byosoft.com.cn;
> yuwei.c...@intel.com; Konstantin Aladyshev
> 主题: [edk2-devel] [PATCH 4/6] BaseTools/VolInfo: Update file and section
> type strings
>
> Change SMM to MM in naming according to the recent PI specifications.
> Remove trailing whitespaces in some strings.
>
> Signed-off-by: Konstantin Aladyshev
> ---
> BaseTools/Source/C/VolInfo/VolInfo.c | 12 ++--
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/BaseTools/Source/C/VolInfo/VolInfo.c
> b/BaseTools/Source/C/VolInfo/VolInfo.c
> index d9be3d8c18..2d7c6212b3 100644
> --- a/BaseTools/Source/C/VolInfo/VolInfo.c
> +++ b/BaseTools/Source/C/VolInfo/VolInfo.c
> @@ -676,11 +676,11 @@ Returns:
> //
>
> // 0x17
>
> //
>
> -"EFI_SECTION_FIRMWARE_VOLUME_IMAGE ",
>
> +"EFI_SECTION_FIRMWARE_VOLUME_IMAGE",
>
> //
>
> // 0x18
>
> //
>
> -"EFI_SECTION_FREEFORM_SUBTYPE_GUID ",
>
> +"EFI_SECTION_FREEFORM_SUBTYPE_GUID",
>
> //
>
> // 0x19
>
> //
>
> @@ -696,7 +696,7 @@ Returns:
> //
>
> // 0x1C
>
> //
>
> -"EFI_SECTION_SMM_DEPEX",
>
> +"EFI_SECTION_MM_DEPEX",
>
> //
>
> // 0x1C+
>
> //
>
> @@ -1282,7 +1282,7 @@ Returns:
> break;
>
>
>
>case EFI_FV_FILETYPE_SMM:
>
> -printf ("EFI_FV_FILETYPE_SMM\n");
>
> +printf ("EFI_FV_FILETYPE_MM\n");
>
> break;
>
>
>
>case EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE:
>
> @@ -1290,11 +1290,11 @@ Returns:
> break;
>
>
>
>case EFI_FV_FILETYPE_COMBINED_SMM_DXE:
>
> -printf ("EFI_FV_FILETYPE_COMBINED_SMM_DXE\n");
>
> +printf ("EFI_FV_FILETYPE_COMBINED_MM_DXE\n");
>
> break;
>
>
>
>case EFI_FV_FILETYPE_SMM_CORE:
>
> -printf ("EFI_FV_FILETYPE_SMM_CORE\n");
>
> +printf ("EFI_FV_FILETYPE_MM_CORE\n");
>
> break;
>
>
>
>case EFI_FV_FILETYPE_MM_STANDALONE:
>
> --
> 2.25.1
>
>
>
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#92971): https://edk2.groups.io/g/devel/message/92971
> Mute This Topic: https://groups.io/mt/93345659/4905953
> Group Owner: devel+ow...@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> [gaolim...@byosoft.com.cn]
> -=-=-=-=-=-=
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#94305): https://edk2.groups.io/g/devel/message/94305
Mute This Topic: https://groups.io/mt/93921328/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
回复: [edk2-devel] [PATCH 5/6] BaseTools/VolInfo: Parse apriori files
Reviewed-by: Liming Gao
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 Konstantin
> Aladyshev
> 发送时间: 2022年8月30日 18:15
> 收件人: devel@edk2.groups.io
> 抄送: bob.c.f...@intel.com; gaolim...@byosoft.com.cn;
> yuwei.c...@intel.com; Konstantin Aladyshev
> 主题: [edk2-devel] [PATCH 5/6] BaseTools/VolInfo: Parse apriori files
>
> Output file GUIDs from the DXE and PEI apriori files.
>
> Signed-off-by: Konstantin Aladyshev
> ---
> BaseTools/Source/C/VolInfo/VolInfo.c | 74
>
> 1 file changed, 74 insertions(+)
>
> diff --git a/BaseTools/Source/C/VolInfo/VolInfo.c
> b/BaseTools/Source/C/VolInfo/VolInfo.c
> index 2d7c6212b3..28c6806cf0 100644
> --- a/BaseTools/Source/C/VolInfo/VolInfo.c
> +++ b/BaseTools/Source/C/VolInfo/VolInfo.c
> @@ -43,6 +43,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> //
>
>
>
> EFI_GUID gEfiCrc32GuidedSectionExtractionProtocolGuid =
> EFI_CRC32_GUIDED_SECTION_EXTRACTION_PROTOCOL_GUID;
>
> +EFI_GUID gPeiAprioriFileNameGuid = { 0x1b45cc0a, 0x156a, 0x428a,
> { 0XAF, 0x62, 0x49, 0x86, 0x4d, 0xa0, 0xe6, 0xe6 }};
>
> +EFI_GUID gAprioriGuid = { 0xFC510EE7, 0xFFDC, 0x11D4, { 0xBD, 0x41,
> 0x00, 0x80, 0xC7, 0x3C, 0x88, 0x81 }};
>
>
>
> #define UTILITY_MAJOR_VERSION 1
>
> #define UTILITY_MINOR_VERSION 0
>
> @@ -107,6 +109,12 @@ ReadHeader (
>OUT BOOLEAN *ErasePolarity
>
>);
>
>
>
> +STATIC
>
> +EFI_STATUS
>
> +PrintAprioriFile (
>
> + EFI_FFS_FILE_HEADER *FileHeader
>
> + );
>
> +
>
> STATIC
>
> EFI_STATUS
>
> PrintFileInfo (
>
> @@ -1083,6 +1091,53 @@ Returns:
>return EFI_SUCCESS;
>
> }
>
>
>
> +STATIC
>
> +EFI_STATUS
>
> +PrintAprioriFile (
>
> + EFI_FFS_FILE_HEADER *FileHeader
>
> + )
>
> +/*++
>
> +
>
> +Routine Description:
>
> +
>
> + Print GUIDs from the APRIORI file
>
> +
>
> +Arguments:
>
> +
>
> + FileHeader - The file header
>
> +
>
> +Returns:
>
> +
>
> + EFI_SUCCESS - The APRIORI file was parsed correctly
>
> + EFI_SECTION_ERROR - Problem with file parsing
>
> +
>
> +--*/
>
> +{
>
> + UINT8 GuidBuffer[PRINTED_GUID_BUFFER_SIZE];
>
> + UINT32 HeaderSize;
>
> +
>
> + HeaderSize = FvBufGetFfsHeaderSize (FileHeader);
>
> +
>
> + if (FileHeader->Type != EFI_FV_FILETYPE_FREEFORM)
>
> +return EFI_SECTION_ERROR;
>
> +
>
> + EFI_COMMON_SECTION_HEADER* SectionHeader =
> (EFI_COMMON_SECTION_HEADER *) ((UINTN) FileHeader + HeaderSize);
>
> + if (SectionHeader->Type != EFI_SECTION_RAW)
>
> +return EFI_SECTION_ERROR;
>
> +
>
> + UINT32 SectionLength = GetSectionFileLength (SectionHeader);
>
> + EFI_GUID* FileName = (EFI_GUID *) ((UINT8 *) SectionHeader + sizeof
> (EFI_COMMON_SECTION_HEADER));
>
> + while (((UINT8 *) FileName) < ((UINT8 *) SectionHeader +
SectionLength))
> {
>
> +PrintGuidToBuffer (FileName, GuidBuffer, sizeof (GuidBuffer), TRUE);
>
> +printf ("%s ", GuidBuffer);
>
> +PrintGuidName (GuidBuffer);
>
> +printf ("\n");
>
> +FileName++;
>
> + }
>
> +
>
> + return EFI_SUCCESS;
>
> +}
>
> +
>
> STATIC
>
> EFI_STATUS
>
> PrintFileInfo (
>
> @@ -1339,6 +1394,25 @@ Returns:
> break;
>
>}
>
>
>
> + if (!CompareGuid (
>
> + &FileHeader->Name,
>
> + &gPeiAprioriFileNameGuid
>
> + ))
>
> + {
>
> +printf("\n");
>
> +printf("PEI APRIORI FILE:\n");
>
> +return PrintAprioriFile (FileHeader);
>
> + }
>
> + if (!CompareGuid (
>
> + &FileHeader->Name,
>
> + &gAprioriGuid
>
> + ))
>
> + {
>
> +printf("\n");
>
> +printf("DXE APRIORI FILE:\n");
>
> +return PrintAprioriFile (FileHeader);
>
> + }
>
> +
>
>return EFI_SUCCESS;
>
> }
>
>
>
> --
> 2.25.1
>
>
>
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#92972): https://edk2.groups.io/g/devel/message/92972
> Mute This Topic: https://groups.io/mt/93345661/4905953
> Group Owner: devel+ow...@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> [gaolim...@byosoft.com.cn]
> -=-=-=-=-=-=
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#94306): https://edk2.groups.io/g/devel/message/94306
Mute This Topic: https://groups.io/mt/93921338/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
回复: [edk2-devel] [PATCH 6/6] BaseTools/VolInfo: Update copyright information
Reviewed-by: Liming Gao > -邮件原件- > 发件人: devel@edk2.groups.io 代表 Konstantin > Aladyshev > 发送时间: 2022年8月30日 18:15 > 收件人: devel@edk2.groups.io > 抄送: bob.c.f...@intel.com; gaolim...@byosoft.com.cn; > yuwei.c...@intel.com; Konstantin Aladyshev > 主题: [edk2-devel] [PATCH 6/6] BaseTools/VolInfo: Update copyright > information > > Add Konstantin Aladyshev to the copyright header. > > Signed-off-by: Konstantin Aladyshev > --- > BaseTools/Source/C/VolInfo/VolInfo.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/BaseTools/Source/C/VolInfo/VolInfo.c > b/BaseTools/Source/C/VolInfo/VolInfo.c > index 28c6806cf0..428011ca04 100644 > --- a/BaseTools/Source/C/VolInfo/VolInfo.c > +++ b/BaseTools/Source/C/VolInfo/VolInfo.c > @@ -2,6 +2,7 @@ > The tool dumps the contents of a firmware volume > > > > Copyright (c) 1999 - 2018, Intel Corporation. All rights reserved. > > +Copyright (c) 2022, Konstantin Aladyshev > > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > **/ > > -- > 2.25.1 > > > > -=-=-=-=-=-= > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#92973): https://edk2.groups.io/g/devel/message/92973 > Mute This Topic: https://groups.io/mt/93345662/4905953 > Group Owner: devel+ow...@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub > [gaolim...@byosoft.com.cn] > -=-=-=-=-=-= > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94307): https://edk2.groups.io/g/devel/message/94307 Mute This Topic: https://groups.io/mt/93921339/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] CryptoPkg OpensslLib INF files
Hi Christopher, I have the following PR that has some proposed ideas to combine all the optimized opensll libs into one new INF. It also addresses some missing CI test coverage and host based unit test coverage for this optimized openssl lib https://github.com/tianocore/edk2/pull/3402 Please review and test to make sure I have not broken any use cases. I know Jiewen asked if it was possible to merge this INF into the OpensslLib.inf. That may be possible, but will require a little more investigation. Thanks, Mike > -Original Message- > From: Kinney, Michael D > Sent: Sunday, September 25, 2022 10:52 AM > To: devel@edk2.groups.io; christopher.zurc...@outlook.com; Yao, Jiewen > ; Wang, Jian J > ; Lu, Xiaoyu1 ; Jiang, Guomin > ; Kinney, Michael D > > Subject: RE: [edk2-devel] CryptoPkg OpensslLib INF files > > Hi Christopher, > > I tried this path and the build does break for GCC5 due to NASM source files > using some VS20xx specific section names. > > We will keep the .S files for GCC5 compatibility. > > I also noticed that your patches did not add the build of these optimized > INFs to the CryptoPkg DSC file. > I am working on a branch that includes that update along with combining the 4 > new INFs into a single > OpensslLibOpt.inf. > > I have also noticed that these optimized libs have larger PE/COFF section > alignment requirements than the > default alignment for VS20xx toolchains. IA32 requires 64-byte alignment. > X64 required 256-byte alignment. > We do not want to apply these larger alignment requirements to all modules. > This can increase FLASH overhead, > especially for uncompressed PEIMs. > > When building modules that consume the optimized OpensslLib, then modules > require the use of > in the scope of that specific module in the DSC file to increase the > alignment size. > > > MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64 > MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256 > > What does not make sense is that GCC5 builds use 32-byte alignment by default > and do not generate a build error > from linking this Openssl content that required 64-byte or 256-byte > alignment. Have the GCC5 builds of these > optimized OpensslLibs been tested? Are exceptions being generated for > unaligned access? > > Thanks, > > Mike > > > -Original Message- > > From: Kinney, Michael D > > Sent: Saturday, September 24, 2022 1:24 PM > > To: devel@edk2.groups.io; christopher.zurc...@outlook.com; Yao, Jiewen > > ; Wang, Jian J > > ; Lu, Xiaoyu1 ; Jiang, Guomin > > ; Kinney, Michael D > > > > Subject: RE: [edk2-devel] CryptoPkg OpensslLib INF files > > > > Hi Christopher, > > > > I see that IA32 uses .nasm files and IA32Gcc uses .S files. > > > > EDK II support use of NASM files from both VS and GCC builds. > > > > Is there any reason why the .nasm files generated by OpenSSL can not > > be used for both VS and GCC builds and remove the .S files? > > > > Thanks, > > > > Mike > > > > > > > -Original Message- > > > From: devel@edk2.groups.io On Behalf Of > > > Christopher Zurcher > > > Sent: Friday, September 23, 2022 3:40 PM > > > To: devel@edk2.groups.io; Yao, Jiewen ; Kinney, > > > Michael D ; Wang, Jian J > > > ; Lu, Xiaoyu1 ; Jiang, > > > Guomin > > > Subject: Re: [edk2-devel] CryptoPkg OpensslLib INF files > > > > > > I looked at doing this previously and found that depending on the > > > selection of accelerated algorithms (in UefiAsm.conf) > you > > > can end up with different sets of non-assembly source files, so that a > > > unified INF would have to contain a copy of the > > entire > > > Sources section for each architecture target. The build options can also > > > be affected such that you'd have different sets > of > > > those as well (the OPENSSL_FLAGS_CONFIG define). > > > > > > If we can commit to limiting the accelerated algorithms to the current > > > selection, it should be possible to unify the > files. > > > > > > Thanks, > > > Christopher Zurcher > > > > > > -Original Message- > > > From: devel@edk2.groups.io On Behalf Of Yao, Jiewen > > > Sent: Friday, September 23, 2022 15:33 > > > To: Kinney, Michael D ; devel@edk2.groups.io; > > > Wang, Jian J ; Lu, > Xiaoyu1 > > > ; Jiang, Guomin > > > Subject: Re: [edk2-devel] CryptoPkg OpensslLib INF files > > > > > > Hi Mike > > > Yes, I agree with you. > > > > > > If we have a way to reduce the number of INF, we should. Feel free to > > > submit patch. > > > > > > BTW: Do you think we have chance to combine OpensslLibOpt.inf with > > > OpensslLib.inf, with PCD Feature Flag: "Opt"? > > > > > > Thank you > > > Yao Jiewen > > > > > > > -Original Message- > > > > From: Kinney, Michael D > > > > Sent: Saturday, September 24, 2022 4:58 AM > > > > To: devel@edk2.groups.io; Yao, Jiewen ; Kinney, > > > > Michael D ; Wang, Jian J > > > > ; Lu, Xiaoyu1 ; Jiang, > > > > Guomin > > > > Subject: CryptoPkg OpensslLib INF files > > > > > > > > Hi Jiewen, > > > > > > > > I see w
[edk2-devel] [PATCH 1/3] MdePkg: Add Tls configuration related define
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3892
Consumed by TlsSetEcCurve and TlsSetSignatureAlgoList.
Cc: Jiewen Yao
Cc: Michael D Kinney
Cc: Liming Gao
Signed-off-by: Yi Li
---
MdePkg/Include/IndustryStandard/Tls1.h | 110 +
1 file changed, 74 insertions(+), 36 deletions(-)
diff --git a/MdePkg/Include/IndustryStandard/Tls1.h
b/MdePkg/Include/IndustryStandard/Tls1.h
index cf67428b11..5cf2860caf 100644
--- a/MdePkg/Include/IndustryStandard/Tls1.h
+++ b/MdePkg/Include/IndustryStandard/Tls1.h
@@ -15,42 +15,46 @@
///
/// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246.
///
-#define TLS_RSA_WITH_NULL_MD5{0x00, 0x01}
-#define TLS_RSA_WITH_NULL_SHA{0x00, 0x02}
-#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04}
-#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05}
-#define TLS_RSA_WITH_IDEA_CBC_SHA{0x00, 0x07}
-#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09}
-#define TLS_RSA_WITH_3DES_EDE_CBC_SHA{0x00, 0x0A}
-#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C}
-#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D}
-#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F}
-#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10}
-#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12}
-#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA{0x00, 0x13}
-#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15}
-#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA{0x00, 0x16}
-#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F}
-#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30}
-#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31}
-#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32}
-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33}
-#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35}
-#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36}
-#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37}
-#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38}
-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39}
-#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B}
-#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C}
-#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D}
-#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E}
-#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F}
-#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40}
-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67}
-#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68}
-#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69}
-#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A}
-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B}
+#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01}
+#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02}
+#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04}
+#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05}
+#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07}
+#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09}
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A}
+#define TLS_DH_DSS_WITH_DES_CBC_SHA{0x00, 0x0C}
+#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D}
+#define TLS_DH_RSA_WITH_DES_CBC_SHA{0x00, 0x0F}
+#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10}
+#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12}
+#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13}
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15}
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16}
+#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F}
+#define TLS_DH_DSS_WITH_AES_128_CBC_SHA{0x00, 0x30}
+#define TLS_DH_RSA_WITH_AES_128_CBC_SHA{0x00, 0x31}
+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32}
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33}
+#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35}
+#define TLS_DH_DSS_WITH_AES_256_CBC_SHA{0x00, 0x36}
+#define TLS_DH_RSA_WITH_AES_256_CBC_SHA{0x00, 0x37}
+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38}
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39}
+#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B}
+#define TLS_RSA_WITH_AES_128_CBC_SHA256{0x00, 0x3C}
+#define TLS_RSA_WITH_AES_256_CBC_SHA256{0x00, 0x3D}
+#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E}
+#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F}
+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256{0x00, 0x40}
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256{0x00, 0x67}
+#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68}
+#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69}
+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256{0x00, 0x6A}
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256{0x00, 0x6B}
+#define TLS_DHE_RSA_WITH_AES_256_GCM_S
[edk2-devel] [PATCH 0/3] CryptoPkg: Extend Tls library
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 Review PR: https://github.com/tianocore/edk2/pull/3400 This patch sequence is used to extend Tls library, which are wrapped over OpenSSL. The implementation provides library functions for EFI DXE dirver and Protocol. All APIs passed unit test and fuzzing test, detail as: 1. Unit test: New Tls APIs tested on Intel platform as part of WIFI WPA3 feature. 2. Fuzzing test: Various Fuzz Testing are employed across the all introduced APIs, and the test is used AFL (2.52b) and Libfuzzer (clang+llvm-11.0.0) as the fuzzer, based on HBFA. Fuzzing Pass Rate is 100%; The Code Coverage of new APIs is 91%. All test case show in: https://github.com/liyi77/edk2-staging/tree/HBFA/HBFA/UefiHostFuzzTestCasePkg/TestCase/CryptoPkg Tested-by: Yi Li Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Yi Li *** BLURB HERE *** Yi Li (3): MdePkg: Add Tls configuration related define CryptoPkg: Extend Tls function library CryptoPkg: Add new Tls APIs to DXE and protocol CryptoPkg/Driver/Crypto.c | 155 ++- CryptoPkg/Include/Library/TlsLib.h| 126 +- .../Pcd/PcdCryptoServiceFamilyEnable.h| 5 + .../BaseCryptLibOnProtocolPpi/CryptLib.c | 146 ++- CryptoPkg/Library/TlsLib/InternalTlsLib.h | 4 + CryptoPkg/Library/TlsLib/TlsConfig.c | 413 -- CryptoPkg/Library/TlsLib/TlsProcess.c | 32 ++ CryptoPkg/Library/TlsLibNull/TlsConfigNull.c | 123 +- CryptoPkg/Library/TlsLibNull/TlsProcessNull.c | 23 + CryptoPkg/Private/Protocol/Crypto.h | 136 +- MdePkg/Include/IndustryStandard/Tls1.h| 110 +++-- 11 files changed, 1200 insertions(+), 73 deletions(-) -- 2.31.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94309): https://edk2.groups.io/g/devel/message/94309 Mute This Topic: https://groups.io/mt/93921698/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892
The implementation provides new Tls library functions
for Crypto EFI Driver and Protocol.
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Xiaoyu Lu
Cc: Guomin Jiang
Signed-off-by: Yi Li
---
CryptoPkg/Driver/Crypto.c | 155 +-
.../Pcd/PcdCryptoServiceFamilyEnable.h| 5 +
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 146 -
CryptoPkg/Private/Protocol/Crypto.h | 136 ++-
4 files changed, 435 insertions(+), 7 deletions(-)
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 7a8266aaba..f1ff77855c 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -4238,6 +4238,28 @@ CryptoServiceTlsWrite (
return CALL_BASECRYPTLIB (Tls.Services.Write, TlsWrite, (Tls, Buffer,
BufferSize), 0);
}
+/**
+ Shutdown a TLS connection.
+
+ Shutdown the TLS connection without releasing the resources, meaning a new
+ connection can be started without calling TlsNew() and without setting
+ certificates etc.
+
+ @param[in] TlsPointer to the TLS object to shutdown.
+
+ @retval EFI_SUCCESS The TLS is shutdown successfully.
+ @retval EFI_INVALID_PARAMETER Tls is NULL.
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.
+**/
+EFI_STATUS
+EFIAPI
+CryptoServiceTlsShutdown (
+ IN VOID *Tls
+ )
+{
+ return CALL_BASECRYPTLIB (Tls.Services.Shutdown, TlsShutdown, (Tls),
EFI_UNSUPPORTED);
+}
+
/**
Set a new TLS/SSL method for a particular TLS object.
@@ -4463,11 +4485,41 @@ CryptoServiceTlsSetHostPublicCert (
/**
Adds the local private key to the specified TLS object.
- This function adds the local private key (PEM-encoded RSA or PKCS#8 private
+ This function adds the local private key (DER-encoded or PEM-encoded or
PKCS#8 private
+ key) into the specified TLS object for TLS negotiation.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] DataPointer to the data buffer of a DER-encoded or
PEM-encoded
+ or PKCS#8 private key.
+ @param[in] DataSizeThe size of data buffer in bytes.
+ @param[in] PasswordPointer to NULL-terminated private key password, set
it to NULL
+ if private key not encrypted.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_ABORTED Invalid private key data.
+
+**/
+EFI_STATUS
+EFIAPI
+CryptoServiceTlsSetHostPrivateKeyEx (
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN VOID *Password OPTIONAL
+ )
+{
+ return CALL_BASECRYPTLIB (TlsSet.Services.HostPrivateKeyEx,
TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password), EFI_UNSUPPORTED);
+}
+
+/**
+ Adds the local private key to the specified TLS object.
+
+ This function adds the local private key (DER-encoded or PEM-encoded or
PKCS#8 private
key) into the specified TLS object for TLS negotiation.
@param[in] Tls Pointer to the TLS object.
- @param[in] DataPointer to the data buffer of a PEM-encoded RSA
+ @param[in] DataPointer to the data buffer of a DER-encoded or
PEM-encoded
or PKCS#8 private key.
@param[in] DataSizeThe size of data buffer in bytes.
@@ -4511,6 +4563,59 @@ CryptoServiceTlsSetCertRevocationList (
return CALL_BASECRYPTLIB (TlsSet.Services.CertRevocationList,
TlsSetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);
}
+/**
+ Set the signature algorithm list to used by the TLS object.
+
+ This function sets the signature algorithms for use by a specified TLS
object.
+
+ @param[in] TlsPointer to a TLS object.
+ @param[in] Data Array of UINT8 of signature algorithms. The
array consists of
+ pairs of the hash algorithm and the signature
algorithm as defined
+ in RFC 5246
+ @param[in] DataSize The length the SignatureAlgoList. Must be
divisible by 2.
+
+ @retval EFI_SUCCESS The signature algorithm list was set
successfully.
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.
+ @retval EFI_UNSUPPORTED No supported TLS signature algorithm was
found in SignatureAlgoList
+ @retval EFI_OUT_OF_RESOURCES Memory allocation failed.
+
+**/
+EFI_STATUS
+EFIAPI
+CryptoServiceTlsSetSignatureAlgoList (
+ IN VOID *Tls,
+ IN UINT8 *Data,
+ IN UINTN DataSize
+ )
+{
+ return CALL_BASECRYPTLIB (TlsSet.Services.SignatureAlgoList,
TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);
+}
+
+/**
+ Set the EC curve to be used for TLS flows
+
+ This function sets the EC curve to be used for TLS flows.
+
+ @param[in] TlsPointer to a TLS object.
+ @param[in] Data An EC named curve as defined in section 5.1.1
of RFC 4492.
+
[edk2-devel] [PATCH 2/3] CryptoPkg: Extend Tls function library
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 1. TlsSetSignatureAlgoList(): Configure the list of TLS signature algorithms that should be used as part of the TLS session establishment. This is needed for some WLAN Supplicant connection establishment flows that allow only specific TLS signature algorithms to be used, e.g., Authenticate and Key Managmenet (AKM) suites that are SUITE-B compliant. 2. TlsSetEcCurve(): Configure the Elliptic Curve that should be used for TLS flows the use cipher suite with EC, e.g., TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384. This is needed for some WLAN Supplicant connection establishment flows that allow only specific TLS signature algorithms to be used, e.g., Authenticate and Key Managmenet (AKM) suites that are SUITE-B compliant. 3. TlsShutdown(): Shutdown the TLS connection without releasing the resources, meaning a new connection can be started without calling TlsNew() and without setting certificates etc. 4. TlsGetExportKey(): Derive keying material from a TLS connection using the mechanism described in RFC 5705 and export the key material (needed by EAP methods such as EAP-TTLS and EAP-PEAP). 5. TlsSetHostPrivateKeyEx(): This function adds the local private key (PEM-encoded or PKCS#8 or DER-encoded private key) into the specified TLS object for TLS negotiation. There is already a similar function TlsSetHostPrivateKey(), the new Ex function introduces a new parameter Password, set Password to NULL when useless. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Yi Li --- CryptoPkg/Include/Library/TlsLib.h| 126 +- CryptoPkg/Library/TlsLib/InternalTlsLib.h | 4 + CryptoPkg/Library/TlsLib/TlsConfig.c | 412 -- CryptoPkg/Library/TlsLib/TlsProcess.c | 32 ++ CryptoPkg/Library/TlsLibNull/TlsConfigNull.c | 123 +- CryptoPkg/Library/TlsLibNull/TlsProcessNull.c | 23 + 6 files changed, 690 insertions(+), 30 deletions(-) diff --git a/CryptoPkg/Include/Library/TlsLib.h b/CryptoPkg/Include/Library/TlsLib.h index 3b75fde0aa..d37c5fcc35 100644 --- a/CryptoPkg/Include/Library/TlsLib.h +++ b/CryptoPkg/Include/Library/TlsLib.h @@ -294,6 +294,25 @@ TlsWrite ( IN UINTN BufferSize ); +/** + Shutdown a TLS connection. + + Shutdown the TLS connection without releasing the resources, meaning a new + connection can be started without calling TlsNew() and without setting + certificates etc. + + @param[in] TlsPointer to the TLS object to shutdown. + + @retval EFI_SUCCESS The TLS is shutdown successfully. + @retval EFI_INVALID_PARAMETER Tls is NULL. + @retval EFI_PROTOCOL_ERROR Some other error occurred. +**/ +EFI_STATUS +EFIAPI +TlsShutdown ( + IN VOID *Tls + ); + /** Set a new TLS/SSL method for a particular TLS object. @@ -492,11 +511,38 @@ TlsSetHostPublicCert ( /** Adds the local private key to the specified TLS object. - This function adds the local private key (PEM-encoded RSA or PKCS#8 private + This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private key) into the specified TLS object for TLS negotiation. @param[in] Tls Pointer to the TLS object. - @param[in] DataPointer to the data buffer of a PEM-encoded RSA + @param[in] DataPointer to the data buffer of a DER-encoded or PEM-encoded + or PKCS#8 private key. + @param[in] DataSizeThe size of data buffer in bytes. + @param[in] PasswordPointer to NULL-terminated private key password, set it to NULL + if private key not encrypted. + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_UNSUPPORTED This function is not supported. + @retval EFI_ABORTED Invalid private key data. + +**/ +EFI_STATUS +EFIAPI +TlsSetHostPrivateKeyEx ( + IN VOID *Tls, + IN VOID *Data, + IN UINTN DataSize, + IN VOID *Password OPTIONAL + ); + +/** + Adds the local private key to the specified TLS object. + + This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private + key) into the specified TLS object for TLS negotiation. + + @param[in] Tls Pointer to the TLS object. + @param[in] DataPointer to the data buffer of a DER-encoded or PEM-encoded or PKCS#8 private key. @param[in] DataSizeThe size of data buffer in bytes. @@ -534,6 +580,53 @@ TlsSetCertRevocationList ( IN UINTN DataSize ); +/** + Set the signature algorithm list to used by the TLS object. + + This function sets the signature algorithms for use by a specified TLS object. + + @param[in] TlsPointer to a TLS object. + @param[in] Data Array of UINT8 of signature algorithms. The array consists of + pairs of the hash algorithm and the signature algorithm as defined +
回复: [edk2-devel] [PATCH v2 03/34] FatPkg: Add LOONGARCH64 architecture for EDK2 CI.
This change is good to me. Reviewed-by: Liming Gao 发件人: devel@edk2.groups.io 代表 Chao Li 发送时间: 2022年9月23日 15:02 收件人: Ray Ni 抄送: devel@edk2.groups.io 主题: Re: [edk2-devel] [PATCH v2 03/34] FatPkg: Add LOONGARCH64 architecture for EDK2 CI. Hi Ray, This patch has not been reviewed, would you please review it? Thanks, Chao On 9月 14 2022, at 5:35 下午, Chao Li mailto:lic...@loongson.cn> > wrote: REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4053 Add LOONGARCH64 architecture for EDK2 CI testing. Cc: Ray Ni mailto:ray...@intel.com> > Signed-off-by: Chao Li mailto:lic...@loongson.cn> > --- FatPkg/FatPkg.dsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/FatPkg/FatPkg.dsc b/FatPkg/FatPkg.dsc index 6fa439e440..076b577972 100644 --- a/FatPkg/FatPkg.dsc +++ b/FatPkg/FatPkg.dsc @@ -5,6 +5,7 @@ # for EDK II Prime release. # Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved. # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved. +# Copyright (c) 2022, Loongson Technology Corporation Limited. All rights reserved. # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -15,7 +16,7 @@ PLATFORM_GUID = 25b55dbc-9d0b-4a32-80da-46e1273d622c PLATFORM_VERSION = 0.3 DSC_SPECIFICATION = 0x00010005 - SUPPORTED_ARCHITECTURES = IA32|X64|EBC|ARM|AARCH64|RISCV64 + SUPPORTED_ARCHITECTURES = IA32|X64|EBC|ARM|AARCH64|RISCV64|LOONGARCH64 OUTPUT_DIRECTORY = Build/Fat BUILD_TARGETS = DEBUG|RELEASE|NOOPT SKUID_IDENTIFIER = DEFAULT -- 2.27.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94313): https://edk2.groups.io/g/devel/message/94313 Mute This Topic: https://groups.io/mt/93921746/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] CryptoPkg OpensslLib INF files
Mike, I don't see any change to process_files.pl in your PR, have you made these changes by hand? We would either need changes to the perl script to support generating the unified INF or an expectation that the INFs would be re-combined manually whenever an update to OpenSSL is taken. Regarding the .S files for GCC, as you found the assembly generated by OpenSSL is unfortunately not cross-compatible between GAS and NASM. I'm also not clear on why the GCC build passes without 64-byte alignment but in testing I never observed any errors or failures with the GCC variants in QEMU or hardware-based testing. Related to that, it seems the [BuildOptions] section in the INF can't be used to pass DLINK_FLAGS; do you know if this is an intentional limitation or just unimplemented? Thanks, Christopher Zurcher -Original Message- From: Kinney, Michael D Sent: Sunday, September 25, 2022 22:47 To: devel@edk2.groups.io; christopher.zurc...@outlook.com; Yao, Jiewen ; Wang, Jian J ; Lu, Xiaoyu1 ; Jiang, Guomin ; Kinney, Michael D Subject: RE: [edk2-devel] CryptoPkg OpensslLib INF files Hi Christopher, I have the following PR that has some proposed ideas to combine all the optimized opensll libs into one new INF. It also addresses some missing CI test coverage and host based unit test coverage for this optimized openssl lib https://github.com/tianocore/edk2/pull/3402 Please review and test to make sure I have not broken any use cases. I know Jiewen asked if it was possible to merge this INF into the OpensslLib.inf. That may be possible, but will require a little more investigation. Thanks, Mike > -Original Message- > From: Kinney, Michael D > Sent: Sunday, September 25, 2022 10:52 AM > To: devel@edk2.groups.io; christopher.zurc...@outlook.com; Yao, Jiewen > ; Wang, Jian J ; Lu, > Xiaoyu1 ; Jiang, Guomin > ; Kinney, Michael D > > Subject: RE: [edk2-devel] CryptoPkg OpensslLib INF files > > Hi Christopher, > > I tried this path and the build does break for GCC5 due to NASM source files > using some VS20xx specific section names. > > We will keep the .S files for GCC5 compatibility. > > I also noticed that your patches did not add the build of these optimized > INFs to the CryptoPkg DSC file. > I am working on a branch that includes that update along with > combining the 4 new INFs into a single OpensslLibOpt.inf. > > I have also noticed that these optimized libs have larger PE/COFF > section alignment requirements than the default alignment for VS20xx > toolchains. IA32 requires 64-byte alignment. X64 required 256-byte > alignment. > We do not want to apply these larger alignment requirements to all > modules. This can increase FLASH overhead, especially for uncompressed PEIMs. > > When building modules that consume the optimized OpensslLib, then > modules require the use of in the scope of that specific > module in the DSC file to increase the alignment size. > > > MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64 > MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256 > > What does not make sense is that GCC5 builds use 32-byte alignment by > default and do not generate a build error from linking this Openssl > content that required 64-byte or 256-byte alignment. Have the GCC5 builds of > these optimized OpensslLibs been tested? Are exceptions being generated for > unaligned access? > > Thanks, > > Mike > > > -Original Message- > > From: Kinney, Michael D > > Sent: Saturday, September 24, 2022 1:24 PM > > To: devel@edk2.groups.io; christopher.zurc...@outlook.com; Yao, > > Jiewen ; Wang, Jian J ; > > Lu, Xiaoyu1 ; Jiang, Guomin > > ; Kinney, Michael D > > > > Subject: RE: [edk2-devel] CryptoPkg OpensslLib INF files > > > > Hi Christopher, > > > > I see that IA32 uses .nasm files and IA32Gcc uses .S files. > > > > EDK II support use of NASM files from both VS and GCC builds. > > > > Is there any reason why the .nasm files generated by OpenSSL can not > > be used for both VS and GCC builds and remove the .S files? > > > > Thanks, > > > > Mike > > > > > > > -Original Message- > > > From: devel@edk2.groups.io On Behalf Of > > > Christopher Zurcher > > > Sent: Friday, September 23, 2022 3:40 PM > > > To: devel@edk2.groups.io; Yao, Jiewen ; > > > Kinney, Michael D ; Wang, Jian J > > > ; Lu, Xiaoyu1 ; > > > Jiang, Guomin > > > Subject: Re: [edk2-devel] CryptoPkg OpensslLib INF files > > > > > > I looked at doing this previously and found that depending on the > > > selection of accelerated algorithms (in UefiAsm.conf) > you > > > can end up with different sets of non-assembly source files, so > > > that a unified INF would have to contain a copy of the > > entire > > > Sources section for each architecture target. The build options > > > can also be affected such that you'd have different sets > of > > > those as well (the OPENSSL_FLAGS_CONFIG define). > > > > > > If we can commit to limiting the accelerated algorithms to the >
