From 4a567c9690db97ecbf982e9428727f073bada504 Mon Sep 17 00:00:00 2001 From: qlong Date: Fri, 31 Dec 2010 07:22:48 +0000 Subject: [PATCH] 1. Add new API supports for PEM & X509 key retrieving & verification; 2. Add new MD4 hash supports; 3. Add corresponding test case in Cryptest utility; 4. Fix MACRO definition issue in OpensslLib.inf and parameter checking issues in some wrapper implementations. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11214 6f19259b-4bc3-4df7-8a09-765794883524 --- CryptoPkg/Application/Cryptest/Cryptest.c | 5 + CryptoPkg/Application/Cryptest/Cryptest.h | 12 + CryptoPkg/Application/Cryptest/Cryptest.inf | 1 + CryptoPkg/Application/Cryptest/HashVerify.c | 47 +++ CryptoPkg/Application/Cryptest/RsaVerify2.c | 305 ++++++++++++++++++ CryptoPkg/Include/Library/BaseCryptLib.h | 209 ++++++++++++ CryptoPkg/Include/OpenSslSupport.h | 1 + .../Library/BaseCryptLib/BaseCryptLib.inf | 3 + .../Library/BaseCryptLib/Hash/CryptMd4.c | 177 ++++++++++ .../Library/BaseCryptLib/Hash/CryptMd5.c | 6 + .../Library/BaseCryptLib/Hash/CryptSha1.c | 6 + .../Library/BaseCryptLib/Hash/CryptSha256.c | 6 + .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 6 + .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 6 + CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 124 +++++++ CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 288 +++++++++++++++++ .../Library/BaseCryptLib/SysCall/CrtWrapper.c | 5 + .../Library/IntrinsicLib/MemoryIntrinsics.c | 14 +- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 6 +- 19 files changed, 1223 insertions(+), 4 deletions(-) create mode 100644 CryptoPkg/Application/Cryptest/RsaVerify2.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c diff --git a/CryptoPkg/Application/Cryptest/Cryptest.c b/CryptoPkg/Application/Cryptest/Cryptest.c index 188a36c4c3..db8c89aa51 100644 --- a/CryptoPkg/Application/Cryptest/Cryptest.c +++ b/CryptoPkg/Application/Cryptest/Cryptest.c @@ -58,6 +58,11 @@ CryptestMain ( return Status; } + Status = ValidateCryptRsa2 (); + if (EFI_ERROR (Status)) { + return Status; + } + Status = ValidateAuthenticode (); if (EFI_ERROR (Status)) { return Status; diff --git a/CryptoPkg/Application/Cryptest/Cryptest.h b/CryptoPkg/Application/Cryptest/Cryptest.h index b63128552e..cc68cd3ce5 100644 --- a/CryptoPkg/Application/Cryptest/Cryptest.h +++ b/CryptoPkg/Application/Cryptest/Cryptest.h @@ -72,6 +72,18 @@ ValidateCryptRsa ( VOID ); +/** + Validate UEFI-OpenSSL RSA Key Retrieving (from PEM & X509) & Signature Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptRsa2 ( + VOID + ); + /** Validate UEFI-OpenSSL PKCS#7 Verification Interfaces. diff --git a/CryptoPkg/Application/Cryptest/Cryptest.inf b/CryptoPkg/Application/Cryptest/Cryptest.inf index 0e617607db..ce9f62567b 100644 --- a/CryptoPkg/Application/Cryptest/Cryptest.inf +++ b/CryptoPkg/Application/Cryptest/Cryptest.inf @@ -35,6 +35,7 @@ HmacVerify.c BlockCipherVerify.c RsaVerify.c + RsaVerify2.c AuthenticodeVerify.c DhVerify.c RandVerify.c diff --git a/CryptoPkg/Application/Cryptest/HashVerify.c b/CryptoPkg/Application/Cryptest/HashVerify.c index 1b218965ee..107ff45cc8 100644 --- a/CryptoPkg/Application/Cryptest/HashVerify.c +++ b/CryptoPkg/Application/Cryptest/HashVerify.c @@ -24,6 +24,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *HashData = "abc"; +// +// Result for MD4("abc"). (From "A.5 Test suite" of IETF RFC1320) +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Md4Digest[MD4_DIGEST_SIZE] = { + 0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52, 0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d + }; + // // Result for MD5("abc"). (From "A.5 Test suite" of IETF RFC1321) // @@ -68,6 +75,46 @@ ValidateCryptDigest ( Print (L" UEFI-OpenSSL Hash Engine Testing:\n"); DataSize = AsciiStrLen (HashData); + Print (L"- MD4: "); + + // + // MD4 Digest Validation + // + ZeroMem (Digest, MAX_DIGEST_SIZE); + CtxSize = Md4GetContextSize (); + HashCtx = AllocatePool (CtxSize); + + Print (L"Init... "); + Status = Md4Init (HashCtx); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Update... "); + Status = Md4Update (HashCtx, HashData, DataSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Finalize... "); + Status = Md4Final (HashCtx, Digest); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + FreePool (HashCtx); + + Print (L"Check Value... "); + if (CompareMem (Digest, Md4Digest, MD5_DIGEST_SIZE) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"[Pass]\n"); + Print (L"- MD5: "); // diff --git a/CryptoPkg/Application/Cryptest/RsaVerify2.c b/CryptoPkg/Application/Cryptest/RsaVerify2.c new file mode 100644 index 0000000000..adac99a9d7 --- /dev/null +++ b/CryptoPkg/Application/Cryptest/RsaVerify2.c @@ -0,0 +1,305 @@ +/** @file + Application for RSA Key Retrieving (from PEM and X509) & Signature Validation. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +// +// X509 Cert Data for RSA Public Key Retrieving and X509 Verification (Generated by OpenSSL utility). +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TestCert[] = { + 0x30, 0x82, 0x02, 0x76, 0x30, 0x82, 0x01, 0xdf, 0x02, 0x09, 0x00, 0xa9, 0xff, 0x92, 0x73, 0xf6, + 0x74, 0xe0, 0xb0, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, + 0x05, 0x00, 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, + 0x4e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x08, 0x53, 0x68, 0x61, 0x6e, + 0x67, 0x68, 0x61, 0x69, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x53, + 0x68, 0x61, 0x6e, 0x67, 0x68, 0x61, 0x69, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x13, 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x13, 0x03, 0x50, 0x53, 0x49, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, + 0x55, 0x45, 0x46, 0x49, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x09, 0x01, 0x16, 0x0c, 0x75, 0x65, 0x66, 0x69, 0x40, 0x70, 0x73, 0x69, 0x2e, 0x63, 0x6f, + 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x31, 0x30, 0x30, 0x38, 0x31, 0x38, 0x32, 0x35, 0x35, + 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x31, 0x30, 0x30, 0x35, 0x31, 0x38, 0x32, 0x35, 0x35, 0x39, + 0x5a, 0x30, 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, + 0x4e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x08, 0x53, 0x68, 0x61, 0x6e, + 0x67, 0x68, 0x61, 0x69, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x53, + 0x68, 0x61, 0x6e, 0x67, 0x68, 0x61, 0x69, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x13, 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x13, 0x03, 0x50, 0x53, 0x49, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x06, + 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x40, 0x70, 0x73, + 0x69, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, + 0x81, 0x00, 0xc2, 0xfe, 0xbb, 0xbd, 0x92, 0x60, 0x6c, 0x2b, 0x75, 0x43, 0x6e, 0xd5, 0x91, 0x61, + 0x2a, 0xec, 0x15, 0x84, 0xce, 0x83, 0xc2, 0x51, 0xf6, 0x81, 0x93, 0xe6, 0x38, 0xd4, 0x85, 0xb1, + 0x02, 0x97, 0xb2, 0x7e, 0x74, 0x70, 0x57, 0x09, 0x72, 0xff, 0xb0, 0x7e, 0xd1, 0x9b, 0x34, 0x52, + 0xbb, 0x8e, 0xaf, 0x62, 0x26, 0xad, 0xfa, 0xc5, 0x9e, 0x5c, 0xbc, 0xb9, 0x9e, 0xfe, 0xa0, 0x33, + 0x30, 0x03, 0x9d, 0x3a, 0x09, 0xbb, 0xa5, 0xa9, 0x85, 0x35, 0x73, 0x52, 0xc3, 0xed, 0x10, 0x7f, + 0x83, 0x06, 0xe5, 0x2b, 0x3e, 0x39, 0xd9, 0xdf, 0x34, 0x7e, 0x15, 0x53, 0xbb, 0x82, 0x98, 0xe3, + 0xd8, 0x7e, 0xb3, 0x7e, 0xc0, 0x7f, 0x54, 0x67, 0x57, 0x19, 0xf0, 0xb2, 0xf6, 0x45, 0xaf, 0x43, + 0x05, 0xa5, 0x81, 0xc2, 0x15, 0xd7, 0x26, 0x85, 0xf7, 0xa7, 0x42, 0x36, 0x19, 0x19, 0xba, 0x0a, + 0x04, 0x9d, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x25, 0xbf, 0x8d, 0x88, 0xfc, 0xae, + 0x5e, 0xbe, 0x04, 0xed, 0x4e, 0xf2, 0x2e, 0x2f, 0x55, 0x9e, 0x21, 0x77, 0x86, 0x53, 0x16, 0xc0, + 0x04, 0x11, 0xa2, 0xeb, 0x1e, 0xf1, 0xbc, 0xfa, 0x96, 0xa3, 0xa2, 0x77, 0xe4, 0x61, 0x1b, 0x4a, + 0x69, 0x60, 0x16, 0x6f, 0xcb, 0xc6, 0xe2, 0x72, 0x72, 0xd1, 0x42, 0x7d, 0x83, 0x3d, 0xc5, 0x61, + 0x86, 0x78, 0x4b, 0x95, 0x69, 0x20, 0x88, 0xd1, 0x3c, 0x9b, 0xed, 0x2e, 0x3b, 0xeb, 0xaa, 0x99, + 0x7d, 0x9f, 0x24, 0xe6, 0xa9, 0x57, 0x31, 0x66, 0xe2, 0xe3, 0x3c, 0xd8, 0xb1, 0xf4, 0x33, 0x5d, + 0x8c, 0x21, 0xe0, 0x77, 0x82, 0x6b, 0x44, 0xb0, 0x04, 0x68, 0x25, 0xc8, 0xa1, 0xa2, 0x81, 0x7d, + 0x2e, 0xd5, 0xbb, 0xd2, 0x1d, 0x13, 0x3c, 0x22, 0x6d, 0xc5, 0x4d, 0xec, 0x76, 0x0a, 0x1c, 0xb0, + 0x1e, 0x80, 0xc1, 0xa0, 0xcc, 0x91, 0xd5, 0x7a, 0x5c, 0xf1 + }; + +// +// Test CA X509 Certificate for X509 Verification Routine (Generated by OpenSSL utility). +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TestCACert[] = { + 0x30, 0x82, 0x02, 0x71, 0x30, 0x82, 0x01, 0xda, 0x02, 0x09, 0x00, 0x91, 0x9b, 0x90, 0x19, 0x9c, + 0x81, 0x28, 0x47, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, + 0x05, 0x00, 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, + 0x4e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x08, 0x53, 0x68, 0x61, 0x6e, + 0x67, 0x68, 0x61, 0x69, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x53, + 0x68, 0x61, 0x6e, 0x67, 0x68, 0x61, 0x69, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x13, 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x13, 0x03, 0x50, 0x53, 0x49, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, + 0x55, 0x45, 0x46, 0x49, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x09, 0x01, 0x16, 0x0c, 0x75, 0x65, 0x66, 0x69, 0x40, 0x70, 0x73, 0x69, 0x2e, 0x63, 0x6f, + 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x31, 0x30, 0x30, 0x38, 0x31, 0x38, 0x31, 0x35, 0x33, + 0x36, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x31, 0x30, 0x30, 0x35, 0x31, 0x38, 0x31, 0x35, 0x33, 0x36, + 0x5a, 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, + 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x08, 0x53, 0x68, 0x61, 0x6e, 0x67, + 0x68, 0x61, 0x69, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x53, 0x68, + 0x61, 0x6e, 0x67, 0x68, 0x61, 0x69, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, + 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, + 0x03, 0x50, 0x53, 0x49, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x55, + 0x45, 0x46, 0x49, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x09, 0x01, 0x16, 0x0c, 0x75, 0x65, 0x66, 0x69, 0x40, 0x70, 0x73, 0x69, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa3, 0x32, 0x20, + 0x1d, 0x10, 0x11, 0x9c, 0x9e, 0xa2, 0x42, 0x48, 0x9b, 0x15, 0xac, 0x66, 0xa2, 0xc8, 0x25, 0x11, + 0x4c, 0xc8, 0x1e, 0x2e, 0x35, 0xd6, 0xc4, 0x43, 0x2e, 0x39, 0xf3, 0xac, 0x2b, 0xd6, 0x98, 0x5c, + 0xbe, 0x62, 0xfe, 0x95, 0x8c, 0xd6, 0xb5, 0x4e, 0x9e, 0x0f, 0xee, 0x0e, 0xb1, 0xcc, 0x0a, 0x72, + 0xc6, 0x47, 0x66, 0xfe, 0x6a, 0x8b, 0xde, 0x34, 0x0d, 0x62, 0x81, 0xd7, 0xa4, 0x30, 0x3a, 0xe6, + 0x24, 0x3b, 0xe3, 0x5a, 0xd6, 0x2b, 0xec, 0x4a, 0xb7, 0x22, 0x36, 0xed, 0x3a, 0x71, 0xfa, 0xb1, + 0x3f, 0x91, 0xd3, 0x11, 0xac, 0x52, 0xee, 0xbc, 0x37, 0x0e, 0x9e, 0x45, 0xe4, 0x4d, 0x33, 0x83, + 0xef, 0x0c, 0xb3, 0x5a, 0xbe, 0x9e, 0x5c, 0x64, 0xd2, 0x9f, 0x70, 0xf4, 0xaa, 0xd0, 0x15, 0x0e, + 0x60, 0xe5, 0xeb, 0x34, 0xfd, 0xd6, 0x70, 0x64, 0x11, 0x20, 0x60, 0x8c, 0xad, 0x02, 0x03, 0x01, + 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, + 0x00, 0x03, 0x81, 0x81, 0x00, 0x81, 0xfa, 0x8b, 0x03, 0x59, 0x30, 0xbf, 0xd2, 0x7f, 0x90, 0xd9, + 0x1a, 0xd9, 0xae, 0x1f, 0x3e, 0xc5, 0x45, 0x00, 0x0e, 0x06, 0x6e, 0xbc, 0xb0, 0xac, 0x32, 0xe3, + 0x2c, 0x10, 0x2d, 0x59, 0x51, 0x34, 0x7a, 0xb4, 0x22, 0x1d, 0x0f, 0x85, 0x9d, 0x80, 0x90, 0x3f, + 0x8e, 0x78, 0x2f, 0xfc, 0x12, 0x9e, 0xf2, 0xaa, 0xc9, 0x5d, 0x4a, 0x82, 0xc5, 0x64, 0xc7, 0x5a, + 0x29, 0xcb, 0xc2, 0x59, 0xde, 0xdf, 0xd8, 0x69, 0x51, 0x7a, 0x78, 0x4b, 0x47, 0x15, 0xcd, 0x52, + 0x66, 0xff, 0xb8, 0xf5, 0x16, 0xde, 0xe4, 0x32, 0xc5, 0x40, 0x42, 0xeb, 0xeb, 0x54, 0x63, 0xf7, + 0x82, 0x44, 0x4b, 0x5d, 0x8f, 0x3a, 0x29, 0xdf, 0xbc, 0xe0, 0x21, 0x3d, 0xc2, 0x4a, 0x19, 0x6e, + 0x7c, 0xed, 0xd3, 0x79, 0xac, 0xb0, 0x37, 0xea, 0xfd, 0x60, 0x7f, 0xbe, 0x5b, 0x0b, 0x69, 0x4a, + 0xe3, 0xac, 0xfa, 0x75, 0x0f + }; + +// +// Password-protected PEM Key data for RSA Private Key Retrieving (encryption key is "client"). +// (Generated by OpenSSL utility). +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TestKeyPem[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x52, 0x53, 0x41, 0x20, 0x50, + 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, + 0x50, 0x72, 0x6f, 0x63, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x34, 0x2c, 0x45, 0x4e, 0x43, + 0x52, 0x59, 0x50, 0x54, 0x45, 0x44, 0x0a, 0x44, 0x45, 0x4b, 0x2d, 0x49, 0x6e, 0x66, 0x6f, 0x3a, + 0x20, 0x44, 0x45, 0x53, 0x2d, 0x45, 0x44, 0x45, 0x33, 0x2d, 0x43, 0x42, 0x43, 0x2c, 0x44, 0x45, + 0x37, 0x32, 0x46, 0x31, 0x31, 0x30, 0x31, 0x31, 0x37, 0x42, 0x33, 0x36, 0x35, 0x36, 0x0a, 0x0a, + 0x38, 0x73, 0x6e, 0x79, 0x32, 0x59, 0x54, 0x79, 0x37, 0x67, 0x52, 0x5a, 0x38, 0x69, 0x73, 0x77, + 0x68, 0x37, 0x66, 0x46, 0x71, 0x49, 0x31, 0x30, 0x61, 0x39, 0x38, 0x6a, 0x2f, 0x76, 0x45, 0x66, + 0x69, 0x65, 0x47, 0x32, 0x43, 0x34, 0x53, 0x2b, 0x48, 0x70, 0x68, 0x33, 0x63, 0x68, 0x7a, 0x45, + 0x2f, 0x63, 0x58, 0x31, 0x2b, 0x6b, 0x6a, 0x6c, 0x46, 0x6b, 0x71, 0x6b, 0x47, 0x4e, 0x65, 0x4d, + 0x0a, 0x70, 0x72, 0x4b, 0x2b, 0x66, 0x48, 0x5a, 0x50, 0x77, 0x6c, 0x30, 0x63, 0x33, 0x79, 0x76, + 0x59, 0x58, 0x45, 0x7a, 0x4c, 0x45, 0x62, 0x50, 0x6f, 0x38, 0x4c, 0x6e, 0x74, 0x38, 0x36, 0x65, + 0x46, 0x53, 0x6f, 0x66, 0x4d, 0x78, 0x70, 0x33, 0x33, 0x64, 0x48, 0x39, 0x5a, 0x68, 0x6f, 0x57, + 0x66, 0x41, 0x43, 0x59, 0x78, 0x47, 0x44, 0x6f, 0x32, 0x30, 0x53, 0x33, 0x79, 0x42, 0x39, 0x67, + 0x38, 0x0a, 0x4d, 0x75, 0x59, 0x63, 0x74, 0x32, 0x38, 0x62, 0x6f, 0x62, 0x30, 0x65, 0x7a, 0x31, + 0x43, 0x38, 0x51, 0x52, 0x78, 0x58, 0x48, 0x31, 0x66, 0x4a, 0x52, 0x5a, 0x52, 0x50, 0x34, 0x38, + 0x50, 0x42, 0x6f, 0x5a, 0x7a, 0x36, 0x73, 0x6a, 0x4b, 0x36, 0x57, 0x51, 0x58, 0x66, 0x67, 0x4d, + 0x32, 0x70, 0x4c, 0x31, 0x42, 0x6f, 0x51, 0x70, 0x4e, 0x4e, 0x4f, 0x6d, 0x61, 0x79, 0x2b, 0x2b, + 0x72, 0x74, 0x0a, 0x6c, 0x7a, 0x32, 0x4f, 0x63, 0x72, 0x6a, 0x67, 0x2f, 0x72, 0x45, 0x61, 0x79, + 0x63, 0x63, 0x43, 0x55, 0x4d, 0x7a, 0x4e, 0x4f, 0x4a, 0x51, 0x74, 0x4f, 0x47, 0x74, 0x34, 0x7a, + 0x4d, 0x4a, 0x53, 0x73, 0x2f, 0x7a, 0x77, 0x77, 0x77, 0x73, 0x5a, 0x43, 0x4b, 0x74, 0x39, 0x33, + 0x37, 0x30, 0x62, 0x76, 0x74, 0x63, 0x36, 0x45, 0x34, 0x75, 0x42, 0x63, 0x75, 0x41, 0x51, 0x72, + 0x37, 0x73, 0x30, 0x0a, 0x44, 0x76, 0x46, 0x64, 0x4d, 0x6d, 0x6f, 0x71, 0x35, 0x57, 0x6d, 0x69, + 0x48, 0x6d, 0x4e, 0x70, 0x67, 0x54, 0x70, 0x65, 0x54, 0x67, 0x77, 0x62, 0x56, 0x64, 0x76, 0x71, + 0x49, 0x4f, 0x71, 0x31, 0x45, 0x6c, 0x6e, 0x30, 0x35, 0x53, 0x70, 0x76, 0x44, 0x7a, 0x4d, 0x56, + 0x76, 0x67, 0x39, 0x78, 0x62, 0x76, 0x64, 0x6f, 0x6e, 0x67, 0x4f, 0x35, 0x77, 0x49, 0x51, 0x70, + 0x69, 0x73, 0x73, 0x47, 0x0a, 0x75, 0x32, 0x69, 0x63, 0x4e, 0x66, 0x48, 0x48, 0x6d, 0x34, 0x76, + 0x48, 0x2b, 0x6d, 0x6e, 0x72, 0x58, 0x45, 0x57, 0x63, 0x69, 0x6c, 0x30, 0x64, 0x61, 0x36, 0x6b, + 0x54, 0x59, 0x66, 0x71, 0x70, 0x6d, 0x46, 0x37, 0x72, 0x52, 0x4d, 0x56, 0x61, 0x6c, 0x69, 0x30, + 0x43, 0x44, 0x4f, 0x59, 0x7a, 0x37, 0x6e, 0x70, 0x51, 0x64, 0x33, 0x38, 0x6a, 0x43, 0x62, 0x78, + 0x65, 0x59, 0x51, 0x65, 0x6d, 0x0a, 0x33, 0x68, 0x73, 0x61, 0x6f, 0x76, 0x58, 0x72, 0x71, 0x71, + 0x4e, 0x34, 0x71, 0x6b, 0x67, 0x50, 0x48, 0x57, 0x68, 0x41, 0x74, 0x39, 0x5a, 0x4d, 0x4e, 0x37, + 0x58, 0x45, 0x62, 0x56, 0x36, 0x42, 0x31, 0x6c, 0x36, 0x77, 0x4a, 0x71, 0x5a, 0x68, 0x68, 0x66, + 0x33, 0x68, 0x79, 0x7a, 0x6f, 0x38, 0x32, 0x38, 0x47, 0x59, 0x45, 0x37, 0x56, 0x58, 0x45, 0x4e, + 0x49, 0x6d, 0x76, 0x73, 0x35, 0x56, 0x0a, 0x69, 0x52, 0x58, 0x31, 0x6d, 0x61, 0x43, 0x30, 0x56, + 0x6b, 0x72, 0x31, 0x46, 0x32, 0x36, 0x55, 0x63, 0x4b, 0x51, 0x67, 0x34, 0x66, 0x53, 0x39, 0x43, + 0x71, 0x48, 0x31, 0x39, 0x7a, 0x4b, 0x36, 0x6d, 0x6d, 0x71, 0x47, 0x75, 0x67, 0x76, 0x66, 0x66, + 0x2f, 0x74, 0x5a, 0x50, 0x72, 0x67, 0x68, 0x61, 0x4f, 0x62, 0x52, 0x2b, 0x77, 0x76, 0x34, 0x46, + 0x65, 0x4f, 0x32, 0x42, 0x45, 0x44, 0x6d, 0x0a, 0x67, 0x4d, 0x33, 0x71, 0x47, 0x51, 0x4a, 0x44, + 0x35, 0x53, 0x65, 0x77, 0x4f, 0x61, 0x62, 0x41, 0x72, 0x4e, 0x37, 0x4c, 0x6f, 0x30, 0x59, 0x2b, + 0x44, 0x6a, 0x79, 0x39, 0x44, 0x43, 0x4b, 0x6f, 0x47, 0x4e, 0x4a, 0x50, 0x53, 0x4f, 0x58, 0x65, + 0x70, 0x57, 0x48, 0x65, 0x6d, 0x6c, 0x76, 0x72, 0x49, 0x63, 0x39, 0x66, 0x4d, 0x2f, 0x37, 0x57, + 0x6a, 0x4b, 0x4d, 0x6b, 0x72, 0x57, 0x50, 0x6a, 0x0a, 0x56, 0x64, 0x73, 0x61, 0x6e, 0x4b, 0x30, + 0x7a, 0x74, 0x4e, 0x2b, 0x43, 0x49, 0x64, 0x66, 0x38, 0x70, 0x33, 0x55, 0x30, 0x30, 0x57, 0x44, + 0x6d, 0x30, 0x2f, 0x62, 0x4d, 0x43, 0x56, 0x6d, 0x6b, 0x36, 0x6a, 0x76, 0x47, 0x66, 0x2f, 0x63, + 0x55, 0x6c, 0x47, 0x38, 0x79, 0x6d, 0x30, 0x2f, 0x49, 0x67, 0x4a, 0x70, 0x71, 0x35, 0x2b, 0x33, + 0x62, 0x78, 0x38, 0x73, 0x63, 0x54, 0x64, 0x55, 0x4f, 0x0a, 0x41, 0x38, 0x30, 0x41, 0x56, 0x68, + 0x61, 0x53, 0x41, 0x71, 0x44, 0x6d, 0x68, 0x49, 0x6c, 0x59, 0x34, 0x54, 0x6f, 0x78, 0x42, 0x68, + 0x63, 0x46, 0x2b, 0x4b, 0x4d, 0x48, 0x57, 0x33, 0x33, 0x5a, 0x45, 0x79, 0x66, 0x4a, 0x4a, 0x54, + 0x71, 0x55, 0x42, 0x71, 0x4a, 0x6a, 0x4f, 0x69, 0x75, 0x41, 0x78, 0x6a, 0x59, 0x70, 0x71, 0x4f, + 0x4e, 0x45, 0x35, 0x56, 0x4b, 0x33, 0x48, 0x68, 0x6c, 0x45, 0x0a, 0x2f, 0x4a, 0x33, 0x6b, 0x57, + 0x79, 0x4f, 0x39, 0x69, 0x4d, 0x62, 0x33, 0x67, 0x73, 0x44, 0x59, 0x36, 0x41, 0x76, 0x41, 0x76, + 0x5a, 0x39, 0x71, 0x6c, 0x5a, 0x6b, 0x30, 0x52, 0x50, 0x67, 0x49, 0x4c, 0x4a, 0x77, 0x6e, 0x33, + 0x6d, 0x77, 0x67, 0x73, 0x63, 0x55, 0x70, 0x41, 0x30, 0x5a, 0x50, 0x6a, 0x61, 0x55, 0x56, 0x6c, + 0x64, 0x71, 0x70, 0x32, 0x69, 0x71, 0x47, 0x78, 0x71, 0x50, 0x36, 0x0a, 0x45, 0x72, 0x65, 0x38, + 0x38, 0x59, 0x75, 0x41, 0x53, 0x55, 0x4a, 0x5a, 0x4a, 0x62, 0x34, 0x72, 0x53, 0x42, 0x4c, 0x68, + 0x45, 0x55, 0x41, 0x76, 0x63, 0x67, 0x38, 0x33, 0x4d, 0x6b, 0x4d, 0x6c, 0x68, 0x74, 0x6b, 0x34, + 0x62, 0x67, 0x34, 0x5a, 0x35, 0x65, 0x73, 0x44, 0x57, 0x66, 0x4d, 0x67, 0x56, 0x65, 0x6a, 0x4e, + 0x4a, 0x51, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x52, 0x53, + 0x41, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, + 0x2d, 0x2d + }; + +// +// Password for private key retrieving from encrypted PEM ("TestKeyPem"). +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *PemPass = "client"; + +// +// Message Hash for Signing & Verification Validation. +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 MsgHash[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09 + }; + +/** + Validate UEFI-OpenSSL RSA Key Retrieving & Signature Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptRsa2 ( + VOID + ) +{ + BOOLEAN Status; + VOID *RsaPrivKey; + VOID *RsaPubKey; + UINT8 *Signature; + UINTN SigSize; + UINT8 *Subject; + UINTN SubjectSize; + + Print (L"\nUEFI-OpenSSL RSA Key Retrieving Testing: "); + + // + // Retrieve RSA private key from encrypted PEM data. + // + Print (L"\n- Retrieve RSA Private Key for PEM ..."); + Status = RsaGetPrivateKeyFromPem (TestKeyPem, sizeof (TestKeyPem), PemPass, &RsaPrivKey); + if (Status == FALSE) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]"); + } + + // + // Retrieve RSA public key from X509 Certificate. + // + Print (L"\n- Retrieve RSA Public Key from X509 ... "); + RsaPubKey = NULL; + Status = RsaGetPublicKeyFromX509 (TestCert, sizeof (TestCert), &RsaPubKey); + if (Status == FALSE) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]"); + } + + // + // Generate RSA PKCS#1 Signature. + // + Print (L"\n- PKCS#1 Signature ... "); + SigSize = 0; + Status = RsaPkcs1Sign (RsaPrivKey, MsgHash, SHA1_DIGEST_SIZE, NULL, &SigSize); + if (Status || SigSize == 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Signature = AllocatePool (SigSize); + Status = RsaPkcs1Sign (RsaPrivKey, MsgHash, SHA1_DIGEST_SIZE, Signature, &SigSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]"); + } + + // + // Verify RSA PKCS#1-encoded Signature. + // + Print (L"\n- PKCS#1 Signature Verification ... "); + Status = RsaPkcs1Verify (RsaPubKey, MsgHash, SHA1_DIGEST_SIZE, Signature, SigSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]"); + } + + // + // X509 Certificate Subject Retrieving. + // + Print (L"\n- X509 Certificate Subject Bytes Retrieving ... "); + SubjectSize = 0; + Status = X509GetSubjectName (TestCert, sizeof (TestCert), NULL, &SubjectSize); + Subject = (UINT8 *)AllocatePool (SubjectSize); + Status = X509GetSubjectName (TestCert, sizeof (TestCert), Subject, &SubjectSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]"); + } + + // + // X509 Certificate Verification. + // + Print (L"\n- X509 Certificate Verification with Trusted CA ..."); + Status = X509VerifyCert (TestCert, sizeof (TestCert), TestCACert, sizeof (TestCACert)); + if (!Status) { + Print (L"[Fail]\n"); + return EFI_ABORTED; + } else { + Print (L"[Pass]\n"); + } + + // + // Release Resources. + // + RsaFree (RsaPubKey); + RsaFree (RsaPrivKey); + FreePool (Signature); + FreePool (Subject); + + return EFI_SUCCESS; +} diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index ee8c44d367..5fbedd9439 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -18,6 +18,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #ifndef __BASE_CRYPT_LIB_H__ #define __BASE_CRYPT_LIB_H__ +/// +/// MD4 digest size in bytes +/// +#define MD4_DIGEST_SIZE 16 + /// /// MD5 digest size in bytes /// @@ -61,6 +66,109 @@ typedef enum { // One-Way Cryptographic Hash Primitives //===================================================================================== +/** + Retrieves the size, in bytes, of the context buffer required for MD4 hash operations. + + @return The size, in bytes, of the context buffer required for MD4 hash operations. + +**/ +UINTN +EFIAPI +Md4GetContextSize ( + VOID + ); + +/** + Initializes user-supplied memory pointed by Md4Context as MD4 hash context for + subsequent use. + + If Md4Context is NULL, then ASSERT(). + + @param[out] Md4Context Pointer to MD4 context being initialized. + + @retval TRUE MD4 context initialization succeeded. + @retval FALSE MD4 context initialization failed. + +**/ +BOOLEAN +EFIAPI +Md4Init ( + OUT VOID *Md4Context + ); + +/** + Makes a copy of an existing MD4 context. + + If Md4Context is NULL, then ASSERT(). + If NewMd4Context is NULL, then ASSERT(). + + @param[in] Md4Context Pointer to MD4 context being copied. + @param[out] NewMd4Context Pointer to new MD4 context. + + @retval TRUE MD4 context copy succeeded. + @retval FALSE MD4 context copy failed. + +**/ +BOOLEAN +EFIAPI +Md4Duplicate ( + IN CONST VOID *Md4Context, + OUT VOID *NewMd4Context + ); + +/** + Digests the input data and updates MD4 context. + + This function performs MD4 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + MD4 context should be already correctly intialized by Md4Init(), and should not be finalized + by Md4Final(). Behavior with invalid context is undefined. + + If Md4Context is NULL, then ASSERT(). + + @param[in, out] Md4Context Pointer to the MD4 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE MD4 data digest succeeded. + @retval FALSE MD4 data digest failed. + +**/ +BOOLEAN +EFIAPI +Md4Update ( + IN OUT VOID *Md4Context, + IN CONST VOID *Data, + IN UINTN DataSize + ); + +/** + Completes computation of the MD4 digest value. + + This function completes MD4 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the MD4 context cannot + be used again. + MD4 context should be already correctly intialized by Md4Init(), and should not be + finalized by Md4Final(). Behavior with invalid MD4 context is undefined. + + If Md4Context is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] Md4Context Pointer to the MD4 context. + @param[out] HashValue Pointer to a buffer that receives the MD4 digest + value (16 bytes). + + @retval TRUE MD4 digest computation succeeded. + @retval FALSE MD4 digest computation failed. + +**/ +BOOLEAN +EFIAPI +Md4Final ( + IN OUT VOID *Md4Context, + OUT UINT8 *HashValue + ); + /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. @@ -1292,6 +1400,107 @@ RsaPkcs1Verify ( IN UINTN SigSize ); +/** + Retrieve the RSA Private Key from the password-protected PEM key data. + + @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. + @param[in] PemSize Size of the PEM key data in bytes. + @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. + @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved + RSA private key component. Use RsaFree() function to free the + resource. + + If PemData is NULL, then ASSERT(). + If RsaContext is NULL, then ASSERT(). + + @retval TRUE RSA Private Key was retrieved successfully. + @retval FALSE Invalid PEM key data or incorrect password. + +**/ +BOOLEAN +EFIAPI +RsaGetPrivateKeyFromPem ( + IN CONST UINT8 *PemData, + IN UINTN PemSize, + IN CONST CHAR8 *Password, + OUT VOID **RsaContext + ); + +/** + Retrieve the RSA Public Key from one DER-encoded X509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved + RSA public key component. Use RsaFree() function to free the + resource. + + If Cert is NULL, then ASSERT(). + If RsaContext is NULL, then ASSERT(). + + @retval TRUE RSA Public Key was retrieved successfully. + @retval FALSE Fail to retrieve RSA public key from X509 certificate. + +**/ +BOOLEAN +EFIAPI +RsaGetPublicKeyFromX509 ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT VOID **RsaContext + ); + +/** + Retrieve the subject bytes from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertSubject Pointer to the retrieved certificate subject bytes. + @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input, + and the size of buffer returned CertSubject on output. + + If Cert is NULL, then ASSERT(). + If SubjectSize is NULL, then ASSERT(). + + @retval TRUE The certificate subject retrieved successfully. + @retval FALSE Invalid certificate, or the SubjectSize is too small for the result. + The SubjectSize will be updated with the required size. + +**/ +BOOLEAN +EFIAPI +X509GetSubjectName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *CertSubject, + IN OUT UINTN *SubjectSize + ); + +/** + Verify one X509 certificate was issued by the trusted CA. + + @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] CACert Pointer to the DER-encoded trusted CA certificate. + @param[in] CACertSize Size of the CA Certificate in bytes. + + If Cert is NULL, then ASSERT(). + If CACert is NULL, then ASSERT(). + + @retval TRUE The certificate was issued by the trusted CA. + @retval FALSE Invalid certificate or the certificate was not issued by the given + trusted CA. + +**/ +BOOLEAN +EFIAPI +X509VerifyCert ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST UINT8 *CACert, + IN UINTN CACertSize + ); + /** Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: Cryptographic Message Syntax Standard". diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h index 1c51cdb302..571511582e 100644 --- a/CryptoPkg/Include/OpenSslSupport.h +++ b/CryptoPkg/Include/OpenSslSupport.h @@ -222,6 +222,7 @@ FILE *stdout; #define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch)) #define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch) #define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count))) +#define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count)) #define strcmp AsciiStrCmp #define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count))) #define strcpy(strDest,strSource) AsciiStrCpy(strDest,strSource) diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index efd28ed120..26ec8c1e79 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -28,6 +28,7 @@ [Sources] InternalCryptLib.h + Hash/CryptMd4.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c @@ -40,6 +41,8 @@ Pk/CryptRsa.c Pk/CryptPkcs7.c Pk/CryptDh.c + Pk/CryptX509.c + Pem/CryptPem.c SysCall/CrtWrapper.c SysCall/TimerWrapper.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c new file mode 100644 index 0000000000..a5769133ed --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c @@ -0,0 +1,177 @@ +/** @file + MD4 Digest Wrapper Implementation over OpenSSL. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Retrieves the size, in bytes, of the context buffer required for MD4 hash operations. + + @return The size, in bytes, of the context buffer required for MD4 hash operations. + +**/ +UINTN +EFIAPI +Md4GetContextSize ( + VOID + ) +{ + // + // Retrieves the OpenSSL MD4 Context Size + // + return (UINTN)(sizeof (MD4_CTX)); +} + +/** + Initializes user-supplied memory pointed by Md4Context as MD4 hash context for + subsequent use. + + If Md4Context is NULL, then ASSERT(). + + @param[out] Md4Context Pointer to MD4 context being initialized. + + @retval TRUE MD4 context initialization succeeded. + @retval FALSE MD4 context initialization failed. + +**/ +BOOLEAN +EFIAPI +Md4Init ( + OUT VOID *Md4Context + ) +{ + // + // ASSERT if Md4Context is NULL. + // + ASSERT (Md4Context != NULL); + + // + // OpenSSL MD4 Context Initialization + // + return (BOOLEAN) (MD4_Init ((MD4_CTX *)Md4Context)); +} + +/** + Makes a copy of an existing MD4 context. + + If Md4Context is NULL, then ASSERT(). + If NewMd4Context is NULL, then ASSERT(). + + @param[in] Md4Context Pointer to MD4 context being copied. + @param[out] NewMd4Context Pointer to new MD4 context. + + @retval TRUE MD4 context copy succeeded. + @retval FALSE MD4 context copy failed. + +**/ +BOOLEAN +EFIAPI +Md4Duplicate ( + IN CONST VOID *Md4Context, + OUT VOID *NewMd4Context + ) +{ + // + // ASSERT if Md4Context or NewMd4Context is NULL. + // + ASSERT (Md4Context != NULL); + ASSERT (NewMd4Context != NULL); + + CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX)); + + return TRUE; +} + +/** + Digests the input data and updates MD4 context. + + This function performs MD4 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + MD4 context should be already correctly intialized by Md4Init(), and should not be finalized + by Md4Final(). Behavior with invalid context is undefined. + + If Md4Context is NULL, then ASSERT(). + + @param[in, out] Md4Context Pointer to the MD4 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE MD4 data digest succeeded. + @retval FALSE MD4 data digest failed. + +**/ +BOOLEAN +EFIAPI +Md4Update ( + IN OUT VOID *Md4Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + // + // ASSERT if Md4Context is NULL + // + ASSERT (Md4Context != NULL); + + // + // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL + // + if (Data == NULL) { + ASSERT (DataSize == 0); + } + + // + // OpenSSL MD4 Hash Update + // + return (BOOLEAN) (MD4_Update ((MD4_CTX *)Md4Context, Data, DataSize)); +} + +/** + Completes computation of the MD4 digest value. + + This function completes MD4 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the MD4 context cannot + be used again. + MD4 context should be already correctly intialized by Md4Init(), and should not be + finalized by Md4Final(). Behavior with invalid MD4 context is undefined. + + If Md4Context is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] Md4Context Pointer to the MD4 context. + @param[out] HashValue Pointer to a buffer that receives the MD4 digest + value (16 bytes). + + @retval TRUE MD4 digest computation succeeded. + @retval FALSE MD4 digest computation failed. + +**/ +BOOLEAN +EFIAPI +Md4Final ( + IN OUT VOID *Md4Context, + OUT UINT8 *HashValue + ) +{ + // + // ASSERT if Md4Context is NULL or HashValue is NULL + // + ASSERT (Md4Context != NULL); + ASSERT (HashValue != NULL); + + // + // OpenSSL MD4 Hash Finalization + // + return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *)Md4Context)); +} diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c index 73f3d219b0..8d5e6ed89d 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c @@ -84,6 +84,12 @@ Md5Duplicate ( OUT VOID *NewMd5Context ) { + // + // ASSERT if Md5Context or NewMd5Context is NULL. + // + ASSERT (Md5Context != NULL); + ASSERT (NewMd5Context != NULL); + CopyMem (NewMd5Context, Md5Context, sizeof (MD5_CTX)); return TRUE; diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c index 9a317ec143..27526bcd40 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c @@ -83,6 +83,12 @@ Sha1Duplicate ( OUT VOID *NewSha1Context ) { + // + // ASSERT if Sha1Context or NewSha1Context is NULL. + // + ASSERT (Sha1Context != NULL); + ASSERT (NewSha1Context != NULL); + CopyMem (NewSha1Context, Sha1Context, sizeof (SHA_CTX)); return TRUE; diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c index 7e6c6c691f..3c2f9a1155 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c @@ -82,6 +82,12 @@ Sha256Duplicate ( OUT VOID *NewSha256Context ) { + // + // ASSERT if Sha256Context or NewSha256Context is NULL. + // + ASSERT (Sha256Context != NULL); + ASSERT (NewSha256Context != NULL); + CopyMem (NewSha256Context, Sha256Context, sizeof (SHA256_CTX)); return TRUE; diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c index 1eff5c4978..5386072c38 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c @@ -89,6 +89,12 @@ HmacMd5Duplicate ( OUT VOID *NewHmacMd5Context ) { + // + // ASSERT if HmacMd5Context or NewHmacMd5Context is NULL. + // + ASSERT (HmacMd5Context != NULL); + ASSERT (NewHmacMd5Context != NULL); + CopyMem (NewHmacMd5Context, HmacMd5Context, sizeof (HMAC_CTX)); return TRUE; diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c index 0298b80cc5..ff9377c0d2 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c @@ -89,6 +89,12 @@ HmacSha1Duplicate ( OUT VOID *NewHmacSha1Context ) { + // + // ASSERT if HmacSha1Context or NewHmacSha1Context is NULL. + // + ASSERT (HmacSha1Context != NULL); + ASSERT (NewHmacSha1Context != NULL); + CopyMem (NewHmacSha1Context, HmacSha1Context, sizeof (HMAC_CTX)); return TRUE; diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c new file mode 100644 index 0000000000..e9de39a105 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c @@ -0,0 +1,124 @@ +/** @file + PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Callback function for password phrase conversion used for retrieving the encrypted PEM. + + @param[out] Buf Pointer to the buffer to write the passphrase to. + @param[in] Size Maximum length of the passphrase (i.e. the size of Buf). + @param[in] Flag A flag which is set to 0 when reading and 1 when writing. + @param[in] Key Key data to be passed to the callback routine. + + @retval The number of characters in the passphrase or 0 if an error occurred. + +**/ +INTN +PasswordCallback ( + OUT CHAR8 *Buf, + IN INTN Size, + IN INTN Flag, + IN VOID *Key + ) +{ + INTN KeyLength; + + ZeroMem ((VOID *)Buf, (UINTN)Size); + if (Key != NULL) { + // + // Duplicate key phrase directly. + // + KeyLength = AsciiStrLen ((CHAR8 *)Key); + KeyLength = (KeyLength > Size ) ? Size : KeyLength; + CopyMem (Buf, Key, KeyLength); + return KeyLength; + } else { + return 0; + } +} + +/** + Retrieve the RSA Private Key from the password-protected PEM key data. + + @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. + @param[in] PemSize Size of the PEM key data in bytes. + @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. + @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved + RSA private key component. Use RsaFree() function to free the + resource. + + If PemData is NULL, then ASSERT(). + If RsaContext is NULL, then ASSERT(). + + @retval TRUE RSA Private Key was retrieved successfully. + @retval FALSE Invalid PEM key data or incorrect password. + +**/ +BOOLEAN +EFIAPI +RsaGetPrivateKeyFromPem ( + IN CONST UINT8 *PemData, + IN UINTN PemSize, + IN CONST CHAR8 *Password, + OUT VOID **RsaContext + ) +{ + BOOLEAN Status; + BIO *PemBio; + + // + // ASSERT if PemData is NULL or RsaContext is NULL. + // + ASSERT (PemData != NULL); + ASSERT (RsaContext != NULL); + + Status = FALSE; + PemBio = NULL; + + // + // Add possible block-cipher descriptor for PEM data decryption. + // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM. + // + EVP_add_cipher (EVP_des_ede3_cbc()); + EVP_add_cipher (EVP_aes_128_cbc()); + EVP_add_cipher (EVP_aes_192_cbc()); + EVP_add_cipher (EVP_aes_256_cbc()); + + // + // Read encrypted PEM Data. + // + PemBio = BIO_new (BIO_s_mem ()); + BIO_write (PemBio, PemData, (int)PemSize); + if (PemBio == NULL) { + goto _Exit; + } + + // + // Retrieve RSA Private Key from encrypted PEM data. + // + *RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *)&PasswordCallback, (void *)Password); + if (*RsaContext != NULL) { + Status = TRUE; + } + +_Exit: + // + // Release Resources. + // + BIO_free (PemBio); + + return Status; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c new file mode 100644 index 0000000000..6d687c64b6 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -0,0 +1,288 @@ +/** @file + X.509 Certificate Handler Wrapper Implementation over OpenSSL. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Retrieve the subject bytes from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertSubject Pointer to the retrieved certificate subject bytes. + @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input, + and the size of buffer returned CertSubject on output. + + If Cert is NULL, then ASSERT(). + If SubjectSize is NULL, then ASSERT(). + + @retval TRUE The certificate subject retrieved successfully. + @retval FALSE Invalid certificate, or the SubjectSize is too small for the result. + The SubjectSize will be updated with the required size. + +**/ +BOOLEAN +EFIAPI +X509GetSubjectName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *CertSubject, + IN OUT UINTN *SubjectSize + ) +{ + BOOLEAN Status; + BIO *CertBio; + X509 *X509Cert; + X509_NAME *X509Name; + + // + // ASSERT if Cert is NULL or SubjectSize is NULL. + // + ASSERT (Cert != NULL); + ASSERT (SubjectSize != NULL); + + Status = FALSE; + X509Cert = NULL; + + // + // Read DER-encoded X509 Certificate and Construct X509 object. + // + CertBio = BIO_new (BIO_s_mem ()); + BIO_write (CertBio, Cert, (int)CertSize); + if (CertBio == NULL) { + goto _Exit; + } + X509Cert = d2i_X509_bio (CertBio, NULL); + if (Cert == NULL) { + goto _Exit; + } + + // + // Retrieve subject name from certificate object. + // + X509Name = X509_get_subject_name (X509Cert); + if (*SubjectSize < (UINTN) X509Name->bytes->length) { + *SubjectSize = (UINTN) X509Name->bytes->length; + goto _Exit; + } + *SubjectSize = (UINTN) X509Name->bytes->length; + if (CertSubject != NULL) { + CopyMem (CertSubject, (UINT8 *)X509Name->bytes->data, *SubjectSize); + Status = TRUE; + } + +_Exit: + // + // Release Resources. + // + BIO_free (CertBio); + X509_free (X509Cert); + + return Status; +} + +/** + Retrieve the RSA Public Key from one DER-encoded X509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved + RSA public key component. Use RsaFree() function to free the + resource. + + If Cert is NULL, then ASSERT(). + If RsaContext is NULL, then ASSERT(). + + @retval TRUE RSA Public Key was retrieved successfully. + @retval FALSE Fail to retrieve RSA public key from X509 certificate. + +**/ +BOOLEAN +EFIAPI +RsaGetPublicKeyFromX509 ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT VOID **RsaContext + ) +{ + BOOLEAN Status; + EVP_PKEY *Pkey; + BIO *CertBio; + X509 *X509Cert; + + // + // ASSERT if Cert is NULL or RsaContext is NULL. + // + ASSERT (Cert != NULL); + ASSERT (RsaContext != NULL); + + Status = FALSE; + Pkey = NULL; + CertBio = NULL; + X509Cert = NULL; + + // + // Read DER-encoded X509 Certificate and Construct X509 object. + // + CertBio = BIO_new (BIO_s_mem ()); + BIO_write (CertBio, Cert, (int)CertSize); + if (CertBio == NULL) { + goto _Exit; + } + X509Cert = d2i_X509_bio (CertBio, NULL); + if (X509Cert == NULL) { + goto _Exit; + } + + // + // Retrieve and check EVP_PKEY data from X509 Certificate. + // + Pkey = X509_get_pubkey (X509Cert); + if ((Pkey == NULL) || (Pkey->type != EVP_PKEY_RSA)) { + goto _Exit; + } + + // + // Duplicate RSA Context from the retrieved EVP_PKEY. + // + if ((*RsaContext = RSAPublicKey_dup (Pkey->pkey.rsa)) != NULL) { + Status = TRUE; + } + +_Exit: + // + // Release Resources. + // + BIO_free (CertBio); + X509_free (X509Cert); + EVP_PKEY_free (Pkey); + + return Status; +} + +/** + Verify one X509 certificate was issued by the trusted CA. + + @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] CACert Pointer to the DER-encoded trusted CA certificate. + @param[in] CACertSize Size of the CA Certificate in bytes. + + If Cert is NULL, then ASSERT(). + If CACert is NULL, then ASSERT(). + + @retval TRUE The certificate was issued by the trusted CA. + @retval FALSE Invalid certificate or the certificate was not issued by the given + trusted CA. + +**/ +BOOLEAN +EFIAPI +X509VerifyCert ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST UINT8 *CACert, + IN UINTN CACertSize + ) +{ + BOOLEAN Status; + BIO *BioCert; + BIO *BioCACert; + X509 *X509Cert; + X509 *X509CACert; + X509_STORE *CertStore; + X509_STORE_CTX CertCtx; + + // + // ASSERT if Cert is NULL or CACert is NULL. + // + ASSERT (Cert != NULL); + ASSERT (CACert != NULL); + + Status = FALSE; + BioCert = NULL; + BioCACert = NULL; + X509Cert = NULL; + X509CACert = NULL; + CertStore = NULL; + + // + // Register & Initialize necessary digest algorithms for certificate verification. + // + EVP_add_digest (EVP_md5()); + EVP_add_digest (EVP_sha1()); + EVP_add_digest (EVP_sha256()); + + // + // Read DER-encoded certificate to be verified and Construct X509 object. + // + BioCert = BIO_new (BIO_s_mem ()); + BIO_write (BioCert, Cert, (int)CertSize); + if (BioCert == NULL) { + goto _Exit; + } + X509Cert = d2i_X509_bio (BioCert, NULL); + if (X509Cert == NULL) { + goto _Exit; + } + + // + // Read DER-encoded root certificate and Construct X509 object. + // + BioCACert = BIO_new (BIO_s_mem()); + BIO_write (BioCACert, CACert, (int)CACertSize); + if (BioCert == NULL) { + goto _Exit; + } + X509CACert = d2i_X509_bio (BioCACert, NULL); + if (CACert == NULL) { + goto _Exit; + } + + // + // Set up X509 Store for trusted certificate. + // + CertStore = X509_STORE_new (); + if (CertStore == NULL) { + goto _Exit; + } + if (!(X509_STORE_add_cert (CertStore, X509CACert))) { + goto _Exit; + } + + // + // Set up X509_STORE_CTX for the subsequent verification operation. + // + if (!X509_STORE_CTX_init (&CertCtx, CertStore, X509Cert, NULL)) { + goto _Exit; + } + + // + // X509 Certificate Verification. + // + Status = (BOOLEAN) X509_verify_cert (&CertCtx); + +_Exit: + // + // Release Resources. + // + BIO_free (BioCert); + BIO_free (BioCACert); + X509_free (X509Cert); + X509_free (X509CACert); + X509_STORE_free (CertStore); + X509_STORE_CTX_cleanup (&CertCtx); + + return Status; +} diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c index 1da4452d88..b9daaee0bc 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c @@ -293,3 +293,8 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...) { return 0; } + +void *UI_OpenSSL(void) +{ + return NULL; +} diff --git a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c index 48e0c52c36..afaa0b74ee 100644 --- a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c +++ b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c @@ -23,5 +23,17 @@ int _fltused = 1; /* Sets buffers to a specified character */ void * memset (void *dest, char ch, unsigned int count) { - return SetMem (dest, (UINTN)count, (UINT8)ch); + // + // Declare the local variables that actually move the data elements as + // volatile to prevent the optimizer from replacing this function with + // the intrinsic memset() + // + volatile UINT8 *Pointer; + + Pointer = (UINT8 *)dest; + while (count-- != 0) { + *(Pointer++) = ch; + } + + return dest; } diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 45aa1761be..27547f3a38 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -19,9 +19,9 @@ MODULE_TYPE = BASE VERSION_STRING = 1.0 LIBRARY_CLASS = OpensslLib - OPENSSL_PATH = openssl-0.9.8l - OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM - OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED + DEFINE OPENSSL_PATH = openssl-0.9.8l + DEFINE OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM + DEFINE OPENSSL_EXFLAGS = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED # # OPENSSL_FLAGS is set to define the following flags to be compatible with -- 2.39.2