Re: [edk2] [PATCH] Maintainers.txt: Change package maintainer and reviewer of CryptoPkg.
Confirmed by Long, Qin mailto:qin.l...@intel.com>> (And sorry for this rule breaking caused by me. I didn't notice this updates.) Best Regards & Thanks, LONG, Qin From: Gao, Liming Sent: Thursday, December 13, 2018 9:15 PM To: Laszlo Ersek ; Ye, Ting ; Long, Qin Cc: edk2-devel@lists.01.org Subject: RE: [edk2] [PATCH] Maintainers.txt: Change package maintainer and reviewer of CryptoPkg. Laszlo: Yes. Long, Qin should send this patch. Because Long, Qin changes to another work group for a while, he doesn't work on edk2 project. Ting directly sends the patch to remove his name. I just include Long, Qin, and let him confirm this change. Thanks Liming > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Laszlo > Ersek > Sent: Thursday, December 13, 2018 6:38 PM > To: Ye, Ting mailto:ting...@intel.com>> > Cc: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Subject: Re: [edk2] [PATCH] Maintainers.txt: Change package maintainer and > reviewer of CryptoPkg. > > Hi Ting, > > On 12/13/18 08:41, tye1 wrote: > > Cc: Gang Wei mailto:gang@intel.com>> > > Cc: Jian Wang mailto:jian.j.w...@intel.com>> > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Ting Ye mailto:ting...@intel.com>> > > --- > > Maintainers.txt | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/Maintainers.txt b/Maintainers.txt > > index 001d8ba010..d5cb305da9 100644 > > --- a/Maintainers.txt > > +++ b/Maintainers.txt > > @@ -102,8 +102,9 @@ S: Maintained > > > > CryptoPkg > > W: https://github.com/tianocore/tianocore.github.io/wiki/CryptoPkg > > -M: Qin Long mailto:qin.l...@intel.com>> > > M: Ting Ye mailto:ting...@intel.com>> > > +R: Gang Wei mailto:gang@intel.com>> > > +R: Jian Wang mailto:jian.j.w...@intel.com>> > > > > DynamicTablesPkg > > W: https://github.com/tianocore/tianocore.github.io/wiki/DynamicTablesPkg > > > > This patch does not conform to the rule that we added lately; please see > commit 9ebef6c0a7d3 ("Maintainers.txt: Add the rule to hand over the > package maintain role", 2018-11-29). > > In other words, the patch should be sent out by Qin Long. Even though > you co-maintain CryptoPkg with Qin Long, you shouldn't be able to > deprive Qin Long from the role. > > Thanks, > Laszlo > ___ > edk2-devel mailing list > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2] CryptoPkg/BaseCryptLib: Fix potential integer overflow issue.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1275 The LookupFreeMemRegion() in RuntimeMemAllocate.c is used to look-up free memory region for runtime resource allocation, which was designed to support runtime authenticated variable service. The ReqPages in this function is the required pages to be allocated, which depends on the malloc() call in internal OpenSSL routines. The direct offset subtractions on ReqPages may bring possible integer overflow issue. This patch is to add the extra parameter checks to remove this possible overflow risk. Cc: Ye Ting Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Long Qin --- .../Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c| 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c b/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c index 463f2bf855..92bb9ddccd 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c @@ -2,7 +2,7 @@ Light-weight Memory Management Routines for OpenSSL-based Crypto Library at Runtime Phase. -Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -141,6 +141,12 @@ LookupFreeMemRegion ( StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->LastEmptyPageOffset); ReqPages = RT_SIZE_TO_PAGES (AllocationSize); + if (ReqPages > mRTPageTable->PageCount) { +// +// No enough region for object allocation. +// +return (UINTN)(-1); + } // // Look up the free memory region with in current memory map table. @@ -176,6 +182,12 @@ LookupFreeMemRegion ( // Look up the free memory region from the beginning of the memory table // until the StartCursorOffset // + if (ReqPages > StartPageIndex) { +// +// No enough region for object allocation. +// +return (UINTN)(-1); + } for (Index = 0; Index < (StartPageIndex - ReqPages); ) { // // Check Consecutive ReqPages Pages. -- 2.16.1.windows.2 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] CryptoPkg/BaseCryptLib: Fix potential integer overflow issue.
Thanks, Laszlo. From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Thursday, October 25, 2018 12:59 AM To: Long, Qin ; edk2-devel@lists.01.org Cc: Ye, Ting Subject: Re: [edk2] [PATCH] CryptoPkg/BaseCryptLib: Fix potential integer overflow issue. On 10/24/18 15:22, Long Qin wrote: > The LookupFreeMemRegion() in RuntimeMemAllocate.c is used to look-up > free memory region for runtime resource allocation, which was designed > to support runtime authenticated variable service. > The direct offset subtractions in this function may bring possible > integer overflow issue. > > This patch is to add the extra parameter checks to remove this possible > overflow risk. > > Cc: Ye Ting mailto:ting...@intel.com>> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Long Qin mailto:qin.l...@intel.com>> > --- > .../Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c| 14 > +- > 1 file changed, 13 insertions(+), 1 deletion(-) > > diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c > b/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c > index 463f2bf855..92bb9ddccd 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c > +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c > @@ -2,7 +2,7 @@ >Light-weight Memory Management Routines for OpenSSL-based Crypto >Library at Runtime Phase. > > -Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved. > +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. > This program and the accompanying materials > are licensed and made available under the terms and conditions of the BSD > License > which accompanies this distribution. The full text of the license may be > found at > @@ -141,6 +141,12 @@ LookupFreeMemRegion ( > >StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->LastEmptyPageOffset); >ReqPages = RT_SIZE_TO_PAGES (AllocationSize); > + if (ReqPages > mRTPageTable->PageCount) { > +// > +// No enough region for object allocation. > +// > +return (UINTN)(-1); > + } > >// >// Look up the free memory region with in current memory map table. > @@ -176,6 +182,12 @@ LookupFreeMemRegion ( >// Look up the free memory region from the beginning of the memory table >// until the StartCursorOffset >// > + if (ReqPages > StartPageIndex) { > +// > +// No enough region for object allocation. > +// > +return (UINTN)(-1); > + } >for (Index = 0; Index < (StartPageIndex - ReqPages); ) { > // > // Check Consecutive ReqPages Pages. > As far as I can see, "RuntimeCryptLib.inf" (where this file is used) is only linked into runtime DXE modules -- not SMM modules. That means this issue is not a security bug, because runtime DXE modules can be overwritten by the OS anyway. (They reside in normal RAM.) Can you please confirm? [qlong] Yes, this library instance is only linked into runtime DXE driver, not SMM. It was designed to provide the runtime authentication / verification support (for variable service) in early implementation (non-SMM variable driver). But the memory used in runtime dxe modules will not overwritten since It was marked as “EfiRuntimeServicesData”. The RuntimeCryptLib applied one light-weight memory management routines to meet the internal memory allocation / free usage when openssl handle PKCS7 verification. The possible integer overflow issue was found from code review. Yes, I think it’s low risk since most runtime variable service was updated to use smm solution. Nonetheless, it would be nice to explain in the commit message, what exactly "ReqPages" depends on. [qlong] ReqPages is one variable to describe the required pages for memory allocation (from the malloc() call in OpenSSL codes when handling pkcs7 verification). It’s hard to state the specific dependency (which include the PKCS7 data and some openssl internal data structure). If needed, please file a BZ as well. (I'm not saying it's required, but you might want to consider it, and reference it in the commit message.) [qlong] Sure. It make sense. And create one: https://bugzilla.tianocore.org/show_bug.cgi?id=1275 Thanks Laszlo ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH] CryptoPkg/BaseCryptLib: Fix potential integer overflow issue.
The LookupFreeMemRegion() in RuntimeMemAllocate.c is used to look-up free memory region for runtime resource allocation, which was designed to support runtime authenticated variable service. The direct offset subtractions in this function may bring possible integer overflow issue. This patch is to add the extra parameter checks to remove this possible overflow risk. Cc: Ye Ting Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Long Qin --- .../Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c| 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c b/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c index 463f2bf855..92bb9ddccd 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c @@ -2,7 +2,7 @@ Light-weight Memory Management Routines for OpenSSL-based Crypto Library at Runtime Phase. -Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -141,6 +141,12 @@ LookupFreeMemRegion ( StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->LastEmptyPageOffset); ReqPages = RT_SIZE_TO_PAGES (AllocationSize); + if (ReqPages > mRTPageTable->PageCount) { +// +// No enough region for object allocation. +// +return (UINTN)(-1); + } // // Look up the free memory region with in current memory map table. @@ -176,6 +182,12 @@ LookupFreeMemRegion ( // Look up the free memory region from the beginning of the memory table // until the StartCursorOffset // + if (ReqPages > StartPageIndex) { +// +// No enough region for object allocation. +// +return (UINTN)(-1); + } for (Index = 0; Index < (StartPageIndex - ReqPages); ) { // // Check Consecutive ReqPages Pages. -- 2.16.1.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [staging/MicroPythonTestFramework]: MicroPython Test Framework for UEFI
Hi, Leif, Yes, we missed clear descriptions about these two external projects in staging/MicroPythonTestFramework. Sorry about that. The MicroPython and Oniguruma projects were used as git submodule in this project. So you can use “git submodule” to know the specific commit information: $ git submodule -d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 CryptoPkg/Library/OpensslLib/openssl -421b84af9968e582f324899934f52b3df60381ee MicroPythonPkg/MicroPython --> MicroPython-v1.9.4 -dba71710cd657ebd886ab2b712931542507fadb8 MicroPythonPkg/Oniguruma --> Oniguruma-v6.8.2 And use update command to init and sync-up all submodules: $ git submodule update --init --recursive (Will update the README for more clear information later . Thanks) Best Regards & Thanks, LONG, Qin From: Leif Lindholm [mailto:leif.lindh...@linaro.org] Sent: Saturday, October 20, 2018 6:10 PM To: Long, Qin Cc: Richardson, Brian ; edk2-devel@lists.01.org Subject: Re: [edk2] [staging/MicroPythonTestFramework]: MicroPython Test Framework for UEFI Thanks Brian, Long, could you please 1) Send me the commit hashes of micropython and oniguruma that you have tested with the overrides? 2) Add a top-level Readme.md to the MicroPythonTestFramework branch, mentioning yourself as maintainer and the commit hashes of any external projects used? Best Regards, Leif On Fri, Oct 19, 2018 at 06:18:35AM +, Richardson, Brian wrote: > Leif: > > Thank you for your feedback. Long Qin is a good starting contact for > MicroPython issues. > > There are readme files for the sub-components, but I agree that the missing > top-level readme file is an issue. > https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework/MpyTestFrameworkPkg > https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework/MicroPythonPkg > > Thanks … br > --- > Brian Richardson, Firmware Ecosystem Development, Intel Software > brian.richard...@intel.com<mailto:brian.richard...@intel.com<mailto:brian.richard...@intel.com%3cmailto:brian.richard...@intel.com>> > -- @intel_brian (Twitter & WeChat) > https://software.intel.com/en-us/meet-the-developers/evangelists/team/brian-richardson > > From: Leif Lindholm > mailto:leif.lindh...@linaro.org>> > Sent: Friday, October 19, 2018 12:34 AM > To: Richardson, Brian > mailto:brian.richard...@intel.com>> > Cc: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Subject: Re: [edk2] [staging/MicroPythonTestFramework]: MicroPython Test > Framework for UEFI > > Hi Brian, > > I've started having a look at this, and have a few comments: > - There is no Readme.md at the top level, as set out in > https://github.com/tianocore/edk2-staging/blob/about/README > Mainly, this means I don't know who I should cc on any comments I have. > - There have been substantial changes to oniguruma, and the module no longer > builds. Can we have exact commit hashes for the two external projects added > to the toplevel Readme.md? > - At least Uefi/modets.c and Uefi/modos.c contain Ia32/X64-specific bits. > Could these bits be put in architecture-specific subdirectories? > > Regards, > > Leif > > On 10 August 2018 at 03:44, Richardson, Brian > mailto:brian.richard...@intel.com<mailto:brian.richard...@intel.com%3cmailto:brian.richard...@intel.com>>> > wrote: > The "MicroPython Test Framework for UEFI" project has been added to > edk2-staging for community feedback. > https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework > > This includes a port of MicroPython to UEFI and a test execution environment > that can run from the UEFI Shell. > https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework/MicroPythonPkg > https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework/MpyTestFrameworkPkg > > Additional Info: > https://github.com/tianocore/tianocore.github.io/wiki/MicroPython-Test-Framework-for-UEFI > > Thanks ... br > --- > Brian Richardson, Senior Technical Marketing Engineer, Intel Software > brian.richard...@intel.com<mailto:brian.richard...@intel.com><mailto:brian.richard...@intel.com<mailto:brian.richard...@intel.com<mailto:brian.richard...@intel.com%3cmailto:brian.richard...@intel.com%3e%3cmailto:brian.richard...@intel.com%3cmailto:brian.richard...@intel.com>>> > -- @intel_brian (Twitter & WeChat) > https://software.intel.com/en-us/meet-the-developers/evangelists/team/brian-richardson > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>> > https://lists.01.org/mailman/listinfo/edk2-devel > ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [staging/MicroPythonTestFramework][PATCH] MpyTestFrameworkPkg: use minified jquery source
Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Stephano Cetola > Sent: Tuesday, September 4, 2018 10:51 AM > To: edk2-devel@lists.01.org > Cc: Long, Qin > Subject: [edk2] [staging/MicroPythonTestFramework][PATCH] > MpyTestFrameworkPkg: use minified jquery source > > We should be using the compressed "minified" jquery source file rather than > the > uncompressed version, as it will reduce the page load times. > > This updates the relevant FreeMaker templates, the readme, and the setup > script. > It also corrects a small mistake in the error text of the setup script. > > Contributed-under: TianoCore Contribution Agreement 1.1. > Signed-off-by: Stephano Cetola > --- > MpyTestFrameworkPkg/README.md | 2 +- > .../ReportGenerator/src/main/resources/templates/index.ftl | 2 +- > .../src/main/resources/templates/iteration.ftl | 4 ++-- > .../src/main/resources/templates/recurrentSequence.ftl | 2 +- > MpyTestFrameworkPkg/setup.py| 6 +++--- > 5 files changed, 8 insertions(+), 8 deletions(-) > > diff --git a/MpyTestFrameworkPkg/README.md > b/MpyTestFrameworkPkg/README.md index bd1579dcd3..9bcd22d843 100644 > --- a/MpyTestFrameworkPkg/README.md > +++ b/MpyTestFrameworkPkg/README.md > @@ -13,7 +13,7 @@ This test framework is dependent on the MicroPython > Interpreter for UEFI: [Micro > * Install [Python27](https://www.python.org/). > * Install Maven, using the official site tutorial: [Installing Apache > Maven](https://maven.apache.org/install.html). JDK 1.8 is preferred. > * Download `Chart.bundle.min.js` from the [ChartJS official > site](https://github.com/chartjs/Chart.js/releases) and copy it to > `MpyTestFrameworkPkg\Report\resources\js` > - * Download `jquery-3.3.1.js` from the [JQuery official > site](https://jquery.com/download/) and copy it to > `MpyTestFrameworkPkg\Report\resources\js` > + * Download `jquery-3.3.1.min.js` from the [JQuery official > + site](https://jquery.com/download/) and copy it to > + `MpyTestFrameworkPkg\Report\resources\js` > > ### Configuration > > diff --git > a/MpyTestFrameworkPkg/Tools/ReportGenerator/src/main/resources/templat > es/index.ftl > b/MpyTestFrameworkPkg/Tools/ReportGenerator/src/main/resources/templat > es/index.ftl > index ed611f3805..d58c002baf 100644 > --- > a/MpyTestFrameworkPkg/Tools/ReportGenerator/src/main/resources/templat > es/index.ftl > +++ > b/MpyTestFrameworkPkg/Tools/ReportGenerator/src/main/resources/templ > +++ ates/index.ftl > @@ -3,7 +3,7 @@ >ETS Report > > > - > + > > > > diff --git > a/MpyTestFrameworkPkg/Tools/ReportGenerator/src/main/resources/templat > es/iteration.ftl > b/MpyTestFrameworkPkg/Tools/ReportGenerator/src/main/resources/templat > es/iteration.ftl > index 82b681c8a4..e3f2490215 100644 > --- > a/MpyTestFrameworkPkg/Tools/ReportGenerator/src/main/resources/templat > es/iteration.ftl > +++ > b/MpyTestFrameworkPkg/Tools/ReportGenerator/src/main/resources/templ > +++ ates/iteration.ftl > @@ -3,7 +3,7 @@ >ETS Report > > > - > + > > > > @@ -170,4 +170,4 @@ > > > > - > \ No newline at end of file > + > diff --git > a/MpyTestFrameworkPkg/Tools/ReportGenerator/src/main/resources/templat > es/recurrentSequence.ftl > b/MpyTestFrameworkPkg/Tools/ReportGenerator/src/main/resources/templat > es/recurrentSequence.ftl > index d3c263cf91..1d09752095 100644 > --- > a/MpyTestFrameworkPkg/Tools/ReportGenerator/src/main/resources/templat > es/recurrentSequence.ftl > +++ > b/MpyTestFrameworkPkg/Tools/ReportGenerator/src/main/resources/templ > +++ ates/recurrentSequence.ftl > @@ -3,7 +3,7 @@ >ETS Report > > > - > + > > > > diff --git a/MpyTestFrameworkPkg/setup.py b/MpyTestFrameworkPkg/setup.py > index 993a4cc598..4eaf43bfed 100644 > --- a/MpyTestFrameworkPkg/setup.py > +++ b/MpyTestFrameworkPkg/setup.py > @@ -31,8 +31,8 @@ def check_environment(): > error_p('Please download Chart.bundle.min.js to > MpyTestFrameworkPkg/Report/resources/js folder') > return False > > -if not os.path.exists(origin + '/Report' + '/resources' + '/js' + > '/jquery-3.3.1.js'): > -error_p('Please download jquery-3.3.1.jsChart.bundle.min.js to > MpyTestFrameworkPkg/Report/resources/js folder') > +if not os.path.exists(origin + '/Report' + '/resources' + '/js' + > '/jquery- > 3.3.1.min.js'): > +error_p('Please download jquery-3.3.1.min.js >
Re: [edk2] [Patch] SecurityPkg: HashLib: Update HashLib file GUID
Chao, Please change the lowercase letters in the new GUID to uppercase letters when committing this. Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhang, > Chao B > Sent: Wednesday, August 8, 2018 11:06 PM > To: edk2-devel@lists.01.org > Cc: Long, Qin > Subject: [edk2] [Patch] SecurityPkg: HashLib: Update HashLib file GUID > > 2 file GUIDs conflict with existing SHA256 Lib. Update them. > > Cc: Long Qin > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Zhang, Chao B > --- > SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf | 2 +- > SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git > a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > index 76677794fa..cf12587354 100644 > --- a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > +++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.in > +++ f > @@ -15,11 +15,11 @@ > > [Defines] >INF_VERSION= 0x00010005 >BASE_NAME = HashInstanceLibSha384 >MODULE_UNI_FILE= HashInstanceLibSha384.uni > - FILE_GUID = 5810798A-ED30-4080-8DD7-B9667A748C02 > + FILE_GUID = 74223710-17A9-478f-9B24-E354496B968B >MODULE_TYPE= BASE >VERSION_STRING = 1.0 >LIBRARY_CLASS = NULL >CONSTRUCTOR= HashInstanceLibSha384Constructor > > diff --git > a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > index 94929a8736..917c23f3d5 100644 > --- a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > +++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.in > +++ f > @@ -15,11 +15,11 @@ > > [Defines] >INF_VERSION= 0x00010005 >BASE_NAME = HashInstanceLibSha512 >MODULE_UNI_FILE= HashInstanceLibSha512.uni > - FILE_GUID = 5810798A-ED30-4080-8DD7-B9667A748C02 > + FILE_GUID = 959C3685-AC3F-4f3e-AC5B-7E2A64BADD36 >MODULE_TYPE= BASE >VERSION_STRING = 1.0 >LIBRARY_CLASS = NULL >CONSTRUCTOR= HashInstanceLibSha512Constructor > > -- > 2.16.2.windows.1 > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch] SecurityPkg: HashLib: Add SHA384, SHA512 HashLib
Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin > -Original Message- > From: Zhang, Chao B > Sent: Friday, July 27, 2018 11:21 AM > To: edk2-devel@lists.01.org > Cc: Long, Qin ; Zhang, Chao B > > Subject: [Patch] SecurityPkg: HashLib: Add SHA384, SHA512 HashLib > > Add SHA384, 512 Hash lib support. Now only CryptoPkg support PEI/DXE > version. > > Cc: Long Qin > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Chao Zhang > Signed-off-by: Zhang, Chao B > --- > SecurityPkg/Include/Library/HashLib.h | 2 +- > .../HashInstanceLibSha384/HashInstanceLibSha384.c | 155 > + > .../HashInstanceLibSha384.inf | 45 ++ > .../HashInstanceLibSha384.uni | 21 +++ > .../HashInstanceLibSha512/HashInstanceLibSha512.c | 154 > > .../HashInstanceLibSha512.inf | 45 ++ > .../HashInstanceLibSha512.uni | 21 +++ > SecurityPkg/SecurityPkg.dsc| 6 + > 8 files changed, 448 insertions(+), 1 deletion(-) create mode 100644 > SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c > create mode 100644 > SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > create mode 100644 > SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni > create mode 100644 > SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c > create mode 100644 > SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > create mode 100644 > SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni > > diff --git a/SecurityPkg/Include/Library/HashLib.h > b/SecurityPkg/Include/Library/HashLib.h > index 8be8b9c59c..2b886a1b05 100644 > --- a/SecurityPkg/Include/Library/HashLib.h > +++ b/SecurityPkg/Include/Library/HashLib.h > @@ -17,11 +17,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > #ifndef _HASH_LIB_H_ > #define _HASH_LIB_H_ > > #include > #include > - > +#include > typedef UINTN HASH_HANDLE; > > /** >Start hash sequence. > > diff --git > a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c > b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c > new file mode 100644 > index 00..54bc687425 > --- /dev/null > +++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c > @@ -0,0 +1,155 @@ > +/** @file > + This library is BaseCrypto SHA384 hash instance. > + It can be registered to BaseCrypto router, to serve as hash engine. > + > +Copyright (c) 2018, Intel Corporation. All rights reserved. This > +program and the accompanying materials are licensed and made available > +under the terms and conditions of the BSD License which accompanies > +this distribution. The full text of the license may be found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#include > + > +#include > +#include > +#include > +#include > +#include #include > + > +/** > + The function set SHA384 to digest list. > + > + @param DigestList digest list > + @param Sha384Digest SHA384 digest > +**/ > +VOID > +Tpm2SetSha384ToDigestList ( > + IN TPML_DIGEST_VALUES *DigestList, > + IN UINT8 *Sha384Digest > + ) > +{ > + DigestList->count = 1; > + DigestList->digests[0].hashAlg = TPM_ALG_SHA384; > + CopyMem ( > +DigestList->digests[0].digest.sha384, > +Sha384Digest, > +SHA384_DIGEST_SIZE > +); > +} > + > +/** > + Start hash sequence. > + > + @param HashHandle Hash handle. > + > + @retval EFI_SUCCESS Hash sequence start and HandleHandle > returned. > + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. > +**/ > +EFI_STATUS > +EFIAPI > +Sha384HashInit ( > + OUT HASH_HANDLE*HashHandle > + ) > +{ > + VOID *Sha384Ctx; > + UINTNCtxSize; > + > + CtxSize = Sha384GetContextSize (); > + Sha384Ctx = AllocatePool (CtxSize); > + ASSERT (Sha384Ctx != NULL); > + > + Sha384Init (Sha384Ctx); > + > + *HashHandle = (HASH_HANDLE)Sha384Ctx; > + > + return EFI_SUCCESS; > +} > + > +/** > + Update hash sequence data. > + > + @param HashHandleHash handle. > + @param DataToHashData to be hashed. > + @param DataToHashLen Data size. > + > + @retval EFI_SUCCESS Hash sequence
Re: [edk2] [Patch] SecurityPkg: TcgSmm: Handle invalid parameter in MOR SMI handler
Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin > -Original Message- > From: Zhang, Chao B > Sent: Thursday, July 19, 2018 6:00 PM > To: edk2-devel@lists.01.org > Cc: Long, Qin ; Yao, Jiewen ; > Zhang, Chao B > Subject: [Patch] SecurityPkg: TcgSmm: Handle invalid parameter in MOR SMI > handler > > Add more logic to filter invalid function parameter in MOR Control SMI handler > > Cc: Long Qin > Cc: Yao Jiewen > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Chao Zhang > Signed-off-by: Zhang, Chao B > --- > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 4 > SecurityPkg/Tcg/TcgSmm/TcgSmm.c | 4 > 2 files changed, 8 insertions(+) > > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > index 21b1014a3b..4a1a293bfc 100644 > --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > @@ -151,10 +151,14 @@ MemoryClearCallback ( > > if (MOR_CLEAR_MEMORY_VALUE (MorControl) == 0x0) { >return EFI_SUCCESS; > } > MorControl &= ~MOR_CLEAR_MEMORY_BIT_MASK; > + } else { > +mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; > +DEBUG ((EFI_D_ERROR, "[TPM] MOR Parameter error! Parameter = %x\n", > mTcgNvs->MemoryClear.Parameter)); > +return EFI_SUCCESS; >} > >DataSize = sizeof (UINT8); >Status = mSmmVariable->SmmSetVariable ( > MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, > diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c > b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c index 0b8a002a4d..d3ddae6886 100644 > --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c > +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c > @@ -269,10 +269,14 @@ MemoryClearCallback ( > > if (MOR_CLEAR_MEMORY_VALUE (MorControl) == 0x0) { >return EFI_SUCCESS; > } > MorControl &= ~MOR_CLEAR_MEMORY_BIT_MASK; > + } else { > +mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; > +DEBUG ((EFI_D_ERROR, "[TPM] MOR Parameter error! Parameter = %x\n", > mTcgNvs->MemoryClear.Parameter)); > +return EFI_SUCCESS; >} > >DataSize = sizeof (UINT8); >Status = mSmmVariable->SmmSetVariable ( > MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, > -- > 2.16.2.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch] SecurityPkg:Tcg: Fix comment typos
Reviewed-by: Long Qin (BTW: Please remove the extra "Signed-off-by" signature) Best Regards & Thanks, LONG, Qin > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Zhang, Chao B > Sent: Monday, July 16, 2018 3:21 PM > To: edk2-devel@lists.01.org > Cc: Long Qin ; Yao, Jiewen ; > Zhang, Chao B > Subject: [edk2] [Patch] SecurityPkg:Tcg: Fix comment typos > > "Triggle" is a typo. Fix it with "Trigger" > > Cc: Long Qin > Cc: Jiewen Yao > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Chao Zhang > Signed-off-by: Zhang, Chao B > --- > SecurityPkg/Tcg/Tcg2Smm/Tpm.asl | 16 > SecurityPkg/Tcg/TcgSmm/Tpm.asl | 16 > 2 files changed, 16 insertions(+), 16 deletions(-) > > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl > b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl index 50dea0ab9a..471b6b1fa1 100644 > --- a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl > @@ -257,16 +257,16 @@ DefinitionBlock ( >// Bit4 -- DisableAutoDetect. 0 -- Firmware MAY autodetect. >// >If (LNot (And (MORD, 0x10))) >{ > // > -// Triggle the SMI through ACPI _PTS method. > +// Trigger the SMI through ACPI _PTS method. > // > Store (0x02, MCIP) > > // > -// Triggle the SMI interrupt > +// Trigger the SMI interrupt > // > Store (MCIN, IOB2) >} > } > Return (0) > @@ -363,11 +363,11 @@ DefinitionBlock ( > Store (DerefOf (Index (Arg2, 0x00)), PPRQ) > Store (0, PPRM) > Store (0x02, PPIP) > > // > -// Triggle the SMI interrupt > +// Trigger the SMI interrupt > // > Store (PPIN, IOB2) > Return (FRET) > > > @@ -394,11 +394,11 @@ DefinitionBlock ( > // e) Return TPM Operation Response to OS Environment > // > Store (0x05, PPIP) > > // > -// Triggle the SMI interrupt > +// Trigger the SMI interrupt > // > Store (PPIN, IOB2) > > Store (LPPR, Index (TPM3, 0x01)) > Store (PPRP, Index (TPM3, 0x02)) @@ -426,11 +426,11 @@ > DefinitionBlock ( > If (LEqual (PPRQ, 23)) { >Store (DerefOf (Index (Arg2, 0x01)), PPRM) > } > > // > -// Triggle the SMI interrupt > +// Trigger the SMI interrupt > // > Store (PPIN, IOB2) > Return (FRET) >} >Case (8) > @@ -440,11 +440,11 @@ DefinitionBlock ( > // > Store (8, PPIP) > Store (DerefOf (Index (Arg2, 0x00)), UCRQ) > > // > -// Triggle the SMI interrupt > +// Trigger the SMI interrupt > // > Store (PPIN, IOB2) > > Return (FRET) >} > @@ -474,16 +474,16 @@ DefinitionBlock ( > // Save the Operation Value of the Request to MORD (reserved > memory) > // > Store (DerefOf (Index (Arg2, 0x00)), MORD) > > // > -// Triggle the SMI through ACPI _DSM method. > +// Trigger the SMI through ACPI _DSM method. > // > Store (0x01, MCIP) > > // > -// Triggle the SMI interrupt > +// Trigger the SMI interrupt > // > Store (MCIN, IOB2) > Return (MRET) >} >Default {BreakPoint} > diff --git a/SecurityPkg/Tcg/TcgSmm/Tpm.asl > b/SecurityPkg/Tcg/TcgSmm/Tpm.asl index 12f24f3996..2114283b45 100644 > --- a/SecurityPkg/Tcg/TcgSmm/Tpm.asl > +++ b/SecurityPkg/Tcg/TcgSmm/Tpm.asl > @@ -93,16 +93,16 @@ DefinitionBlock ( >// Bit4 -- DisableAutoDetect. 0 -- Firmware MAY autodetect. >// >If (LNot (And (MORD, 0x10))) >{ > // > -// Triggle the SMI through ACPI _PTS method. > +// Trigger the SMI through ACPI _PTS method. > // > Store (0x02, MCIP) > > // > -// Triggle the SMI interrupt > +// Trigger the SMI interrupt > // > Store (MCIN, IOB2) >} > } > Ret
Re: [edk2] [Patch 0/2] Add CRB IdleByPass Support
Series Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Zhang, Chao B > Sent: Monday, June 25, 2018 12:44 PM > To: edk2-devel@lists.01.org > Subject: [edk2] [Patch 0/2] Add CRB IdleByPass Support > > Add CRB IdleByPass Support > > Zhang, Chao B (2): > Add CapCRBIdleBypass definition to interface ID register. It complies > with existing register > SecurityPkg: Tpm2DeviceLib: Enable CapCRBIdleBypass support > > MdePkg/Include/IndustryStandard/TpmPtp.h | 5 +- > .../Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c | 19 + > .../Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf| 1 + > .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c| 19 + > .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf | 3 +- > SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c| 98 > +++--- > SecurityPkg/SecurityPkg.dec| 10 +++ > SecurityPkg/SecurityPkg.uni| 10 ++- > 8 files changed, 149 insertions(+), 16 deletions(-) > > -- > 2.16.2.windows.1 > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch V2] SecurityPkg: Cache TPM interface type info
Reviewed-by: Long Qin Please correct the typos: + @retval EFI_SUCCESS DTPM2.0 instance is registered, or system dose not surpport registr DTPM2.0 instance ^ ^ ^ + # Accodingt to TCG PTP spec 1.3, there are 3 types defined in TPM2_PTP_INTERFACE_TYPE. ^ Best Regards & Thanks, LONG, Qin > -Original Message- > From: Zhang, Chao B > Sent: Friday, June 22, 2018 9:37 AM > To: edk2-devel@lists.01.org > Cc: Long, Qin ; Yao, Jiewen > Subject: [Patch V2] SecurityPkg: Cache TPM interface type info > > Cache TPM interface type info to avoid excessive interface ID register read > > Cc: Long Qin > Cc: Yao Jiewen > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Zhang, Chao B > --- > SecurityPkg/Include/Library/Tpm2DeviceLib.h| 12 +++- > .../Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c | 38 +++- > .../Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf| 8 ++- > .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c| 27 - > .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf | 6 +- > SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c| 47 +++ > SecurityPkg/SecurityPkg.dec| 12 +++- > SecurityPkg/SecurityPkg.uni| 10 +++- > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf | 3 +- > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c| 68 > ++ > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 60 ++- > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h | 1 + > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf| 1 + > 13 files changed, 148 insertions(+), 145 deletions(-) > > diff --git a/SecurityPkg/Include/Library/Tpm2DeviceLib.h > b/SecurityPkg/Include/Library/Tpm2DeviceLib.h > index 67f158ef03..f072a24925 100644 > --- a/SecurityPkg/Include/Library/Tpm2DeviceLib.h > +++ b/SecurityPkg/Include/Library/Tpm2DeviceLib.h > @@ -1,9 +1,9 @@ > /** @file >This library abstract how to access TPM2 hardware device. > > -Copyright (c) 2013, Intel Corporation. All rights reserved. > +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. > This program and the accompanying materials are licensed and made > available under the terms and conditions of the BSD License which > accompanies this distribution. The full text of the license may be found at > http://opensource.org/licenses/bsd-license.php > > @@ -15,10 +15,20 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > #ifndef _TPM2_DEVICE_LIB_H_ > #define _TPM2_DEVICE_LIB_H_ > > #include > > +// > +// Used in PcdActiveTpmInterfaceType to identify TPM interface type // > +typedef enum { > + Tpm2PtpInterfaceTis, > + Tpm2PtpInterfaceFifo, > + Tpm2PtpInterfaceCrb, > + Tpm2PtpInterfaceMax, > +} TPM2_PTP_INTERFACE_TYPE; > + > /** >This service enables the sending of commands to the TPM2. > >@param[in] InputParameterBlockSize Size of the TPM2 input parameter > block. >@param[in] InputParameterBlock Pointer to the TPM2 input > parameter block. > diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c > b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c > index 0b1723e4a1..3feb64df7e 100644 > --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c > +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c > @@ -1,10 +1,10 @@ > /** @file >This library is TPM2 DTPM device lib. >Choosing this library means platform uses and only uses DTPM device as > TPM2 engine. > > -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. > +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. > This program and the accompanying materials are licensed and made > available under the terms and conditions of the BSD License which > accompanies this distribution. The full text of the license may be found at > http://opensource.org/licenses/bsd-license.php > > @@ -15,10 +15,23 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > > #include > #include > #include > #include > +#include > + > +/** > + Return PTP interface type. > + > + @param[in] RegisterPointer to PTP register. > + > + @return PTP interface type. > +**/ > +TPM2_PTP_INTERFACE_TYPE > +Tpm2GetPtpInterface ( > + IN VOID *Register > + ); > > /** >This service enables the sending of commands to the TPM2. > &
Re: [edk2] [PATCH 08/37] CryptoPkg: Removing ipf which is no longer supported from edk2.
Hi, Chenchen, Please do more clean-ups on CryptoPkg for IPF removal: 1. Remove whole "CryptRuntimeDxe" folder which was also designed for IPF before; 2. Remove " CryptoPkg/CryptRuntimeDxe/CryptRuntimeDxe.inf" from CryptoPkg.dsc; 3. Remove whole "Include/Protocol" folder; 4. Remove "[Protocols]" section from CryptoPkg.dec; 5. Remove whole "Library/BaseCryptLibRuntimeCryptProtocol" folder; Best Regards & Thanks, LONG, Qin > -Original Message- > From: Chen, Chen A > Sent: Wednesday, June 13, 2018 11:44 AM > To: edk2-devel@lists.01.org > Cc: Chen, Chen A ; Long, Qin ; > Ye, Ting ; Kinney, Michael D > > Subject: [PATCH 08/37] CryptoPkg: Removing ipf which is no longer > supported from edk2. > > Removing rules for Ipf sources file: > * Remove the source file which path with "ipf" and also listed in > [Sources.IPF] section of INF file. > * Remove the source file which listed in [Components.IPF] section > of DSC file and not listed in any other [Components] section. > * Remove the embedded Ipf code for MDE_CPU_IPF. > > Removing rules for Inf file: > * Remove IPF from VALID_ARCHITECTURES comments. > * Remove DXE_SAL_DRIVER from LIBRARY_CLASS in [Defines] section. > * Remove the INF which only listed in [Components.IPF] section in DSC. > * Remove statements from [BuildOptions] that provide IPF specific flags. > * Remove any IPF sepcific sections. > > Removing rules for Dec file: > * Remove [Includes.IPF] section from Dec. > > Removing rules for Dsc file: > * Remove IPF from SUPPORTED_ARCHITECTURES in [Defines] section of DSC. > * Remove any IPF specific sections. > * Remove statements from [BuildOptions] that provide IPF specific flags. > > Cc: Qin Long > Cc: Ting Ye > Cc: Michael D Kinney > Signed-off-by: chenc2 > Contributed-under: TianoCore Contribution Agreement 1.1 > --- > CryptoPkg/CryptRuntimeDxe/CryptRuntimeDxe.inf | 4 +- > CryptoPkg/CryptoPkg.dsc| 5 +- > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf| 5 +- > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 5 +- > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 3 - > .../BaseCryptLibRuntimeCryptProtocol.inf | 76 > .../Cipher/CryptAesNull.c | 165 > .../Cipher/CryptArc4Null.c | 130 --- > .../Cipher/CryptTdesNull.c | 166 > .../Hash/CryptMd4Null.c| 124 -- > .../Hash/CryptMd5Null.c| 125 -- > .../Hash/CryptSha1Null.c | 125 -- > .../Hmac/CryptHmacMd5Null.c| 127 --- > .../Hmac/CryptHmacSha1Null.c | 127 --- > .../InternalCryptLib.h | 23 -- > .../Pem/CryptPemNull.c | 44 --- > .../Pk/CryptAuthenticodeNull.c | 51 --- > .../Pk/CryptDhNull.c | 156 > .../Pk/CryptPkcs7SignNull.c| 59 --- > .../Pk/CryptPkcs7VerifyNull.c | 163 > .../Pk/CryptRsaExtNull.c | 125 -- > .../Pk/CryptX509Null.c | 238 > .../Rand/CryptRandNull.c | 63 > .../RuntimeDxeIpfCryptLib.c| 419 > - > CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf| 13 +- > CryptoPkg/Library/OpensslLib/OpensslLib.inf| 5 +- > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 5 +- > CryptoPkg/Library/TlsLib/TlsLib.inf| 2 +- > 28 files changed, 9 insertions(+), 2544 deletions(-) > delete mode 100644 > CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntime > CryptProtocol.inf > delete mode 100644 > CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptAesNull. > c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptArc4Null > .c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptTdesNull > .c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptMd4Null.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptMd5Null.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptSha1Null.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hmac/CryptHmacMd > 5Null.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibRuntimeCryptProtoco
Re: [edk2] [Patch] CryptoPkg PeiCryptLib: Enable SHA384/512 support
Hi, Chao, The update from NULL to real wrapper looks good to me. Please also update the "Note" part in this INF's comment before your commit, since SHA384/512 was noted as "not supported" before. Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhang, > Chao B > Sent: Thursday, June 7, 2018 10:30 PM > To: edk2-devel@lists.01.org > Cc: Zhang, Chao B ; Long, Qin > Subject: [edk2] [Patch] CryptoPkg PeiCryptLib: Enable SHA384/512 support > > Enable SHA384/512 support in PEI phase. > > Cc: Long Qin > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Chao Zhang > Signed-off-by: Zhang, Chao B > --- > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > index f1f709ef6d..e08627be24 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > @@ -11,11 +11,11 @@ > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, > X.509 > # certificate handler functions, authenticode signature verification > functions, # > PEM handler functions, and pseudorandom number generator functions are not > # supported in this instance. > # > -# Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved. > +# Copyright (c) 2010 - 2018, Intel Corporation. All rights > +reserved. > # This program and the accompanying materials # are licensed and made > available under the terms and conditions of the BSD License # which > accompanies this distribution. The full text of the license may be found at > # > http://opensource.org/licenses/bsd-license.php > # > @@ -42,11 +42,11 @@ > [Sources] >Hash/CryptMd4Null.c >Hash/CryptMd5.c >Hash/CryptSha1.c >Hash/CryptSha256.c > - Hash/CryptSha512Null.c > + Hash/CryptSha512.c >Hmac/CryptHmacMd5Null.c >Hmac/CryptHmacSha1Null.c >Hmac/CryptHmacSha256Null.c >Cipher/CryptAesNull.c >Cipher/CryptTdesNull.c > -- > 2.16.2.windows.1 > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch] SecurityPkg/Tcg2Smm: Correct function parameter attribute
Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Zhang, Chao B > Sent: Monday, May 28, 2018 10:10 PM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen ; Long, Qin > Subject: [edk2] [Patch] SecurityPkg/Tcg2Smm: Correct function parameter > attribute > > Correct UpdatePossibleResource parameter attribute to align to comment > > Change-Id: Id8f8be975f0e8666573decc3fbaaf326b7767ba8 > Contributed-under: TianoCore Contribution Agreement 1.1 > Cc: Long Qin > Cc: Yao Jiewen > Reviewed-by: Chao Zhang > Signed-off-by: Zhang, Chao B > --- > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 8 > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > index 3e0a68999a..f0c92462cf 100644 > --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > @@ -315,14 +315,14 @@ UpdatePPVersion ( >@return patch status. > > **/ > EFI_STATUS > UpdatePossibleResource ( > - IN EFI_ACPI_DESCRIPTION_HEADER*Table, > - IN UINT32 *IrqBuffer, > - IN UINT32 IrqBuffserSize, > - OUT BOOLEAN*IsShortFormPkgLength > + IN OUT EFI_ACPI_DESCRIPTION_HEADER*Table, > + IN UINT32 *IrqBuffer, > + IN UINT32 IrqBuffserSize, > + OUT BOOLEAN*IsShortFormPkgLength >) > { >UINT8 *DataPtr; >UINT8 *DataEndPtr; >UINT32 NewPkgLength; > -- > 2.16.2.windows.1 > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH] CryptoPkg: Remove deprecated function usage in X509GetCommonName()
BZ#: https://bugzilla.tianocore.org/show_bug.cgi?id=923 X509_NAME_get_text_by_NID() used in X509GetCommonName() implementation is one legacy function which have various limitations. The returned data may be not usable when the target cert contains multicharacter string type like a BMPString or a UTF8String. This patch replaced the legacy function usage with more general X509_NAME_get_index_by_NID() / X509_NAME_get_entry() APIs for X509 CommonName retrieving. Tests: Validated the commonName retrieving with test certificates containing PrintableString or BMPString data. Cc: Ye Ting <ting...@intel.com> Cc: Michael Turner <michael.tur...@microsoft.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.l...@intel.com> --- CryptoPkg/Include/Library/BaseCryptLib.h | 4 +- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 53 ++- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c | 4 +- 3 files changed, 47 insertions(+), 14 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 027ea09feb..dc6aaf0635 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -4,7 +4,7 @@ primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security functionality enabling. -Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -2177,7 +2177,7 @@ X509GetSubjectName ( @param[in] Cert Pointer to the DER-encoded X509 certificate. @param[in] CertSize Size of the X509 certificate in bytes. @param[out] CommonName Buffer to contain the retrieved certificate common - name string. At most CommonNameSize bytes will be + name string (UTF8). At most CommonNameSize bytes will be written and the string will be null terminated. May be NULL in order to determine the size buffer needed. @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index 56e66308ae..c137df357f 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -1,7 +1,7 @@ /** @file X.509 Certificate Handler Wrapper Implementation over OpenSSL. -Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -303,7 +303,7 @@ _Exit: @param[in] Cert Pointer to the DER-encoded X509 certificate. @param[in] CertSize Size of the X509 certificate in bytes. @param[out] CommonName Buffer to contain the retrieved certificate common - name string. At most CommonNameSize bytes will be + name string (UTF8). At most CommonNameSize bytes will be written and the string will be null terminated. May be NULL in order to determine the size buffer needed. @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, @@ -332,13 +332,18 @@ X509GetCommonName ( IN OUT UINTN*CommonNameSize ) { - RETURN_STATUS ReturnStatus; - BOOLEANStatus; - X509 *X509Cert; - X509_NAME *X509Name; - INTN Length; + RETURN_STATUSReturnStatus; + BOOLEAN Status; + X509 *X509Cert; + X509_NAME*X509Name; + INT32Index; + INTN Length; + X509_NAME_ENTRY *Entry; + ASN1_STRING *EntryData; + UINT8*UTF8Name; ReturnStatus = RETURN_INVALID_PARAMETER; + UTF8Name = NULL; // // Check input parameters. @@ -378,8 +383,8 @@ X509GetCommonName ( // // Retrieve the CommonName information from X.509 Subject // - Length = (INTN) X509_NAME_get_text_by_NID (X509Name, NID_commonName, CommonName, (int)(*CommonNameSize)); - if (Length < 0) { + Index = X509_NAME_get_index_by_NID (X509Name, NID_commonName, -1); + if (Index < 0) { // // No CommonName entry exists in X509_NAME object // @@ -388,10 +393,35 @@ X509GetCommonName ( goto _Exit; } - *CommonN
Re: [edk2] [Patch] SecurityPkg:Tcg2Smm: Update TcgNvs info after memory is allocated
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin > -Original Message- > From: Zhang, Chao B > Sent: Sunday, May 20, 2018 10:42 PM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen@intel.com>; Long, Qin <qin.l...@intel.com> > Subject: [Patch] SecurityPkg:Tcg2Smm: Update TcgNvs info after memory is > allocated > > Update package format info in _PRS to TcgNvs after memory is allocated. > > Change-Id: Icfadb350e60d3ed2df332e92c257ce13309c0018 > Contributed-under: TianoCore Contribution Agreement 1.1 > Cc: Yao Jiewen <jiewen@intel.com> > Cc: Long Qin <qin.l...@intel.com> > Signed-off-by: Zhang, Chao B <chao.b.zh...@intel.com> > --- > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 19 --- > 1 file changed, 12 insertions(+), 7 deletions(-) > > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > index c3cee834ae..3e0a68999a 100644 > --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > @@ -308,19 +308,21 @@ UpdatePPVersion ( >interrupt buffer size. BufferSize, PkgLength and interrupt descirptor in > ByteList > need to be patched > >@param[in, out] TableThe TPM item in ACPI table. >@param[in] IrqBufferInput new IRQ buffer. >@param[in] IrqBuffserSize Input new IRQ buffer size. > + @param[out] IsShortFormPkgLength If _PRS returns Short length > Package(ACPI spec 20.2.4). > >@return patch status. > > **/ > EFI_STATUS > UpdatePossibleResource ( > - EFI_ACPI_DESCRIPTION_HEADER*Table, > - UINT32 *IrqBuffer, > - UINT32 IrqBuffserSize > + IN EFI_ACPI_DESCRIPTION_HEADER*Table, > + IN UINT32 *IrqBuffer, > + IN UINT32 IrqBuffserSize, > + OUT BOOLEAN*IsShortFormPkgLength >) > { >UINT8 *DataPtr; >UINT8 *DataEndPtr; >UINT32 NewPkgLength; > @@ -429,11 +431,11 @@ UpdatePossibleResource ( >*(DataPtr + 2) = (UINT8)(IrqBuffserSize + 19); > >// >// Notify _PRS to report short formed ResourceTemplate >// > - mTcgNvs->IsShortFormPkgLength = TRUE; > + *IsShortFormPkgLength = TRUE; > >break; > } >} > > @@ -501,11 +503,11 @@ UpdatePossibleResource ( > *(DataPtr + 2 + ((*DataPtr & (BIT7|BIT6)) >> 6)) = > (UINT8)(IrqBuffserSize + > 19); > > // > // Notify _PRS to report long formed ResourceTemplate > // > -mTcgNvs->IsShortFormPkgLength = FALSE; > +*IsShortFormPkgLength = FALSE; > break; >} > } >} > > @@ -670,10 +672,13 @@ PublishAcpiTable ( >UINTN TableKey; >EFI_ACPI_DESCRIPTION_HEADER*Table; >UINTN TableSize; >UINT32 *PossibleIrqNumBuf; >UINT32 PossibleIrqNumBufSize; > + BOOLEANIsShortFormPkgLength; > + > + IsShortFormPkgLength = FALSE; > >Status = GetSectionFromFv ( > , > EFI_SECTION_RAW, > 0, > @@ -708,11 +713,11 @@ PublishAcpiTable ( > // > PossibleIrqNumBuf = (UINT32 *)PcdGetPtr(PcdTpm2PossibleIrqNumBuf); > PossibleIrqNumBufSize = (UINT32)PcdGetSize(PcdTpm2PossibleIrqNumBuf); > > if (PossibleIrqNumBufSize <= MAX_PRS_INT_BUF_SIZE && > (PossibleIrqNumBufSize % sizeof(UINT32)) == 0) { > - Status = UpdatePossibleResource(Table, PossibleIrqNumBuf, > PossibleIrqNumBufSize); > + Status = UpdatePossibleResource(Table, PossibleIrqNumBuf, > PossibleIrqNumBufSize, ); >DEBUG (( > DEBUG_INFO, > "UpdatePossibleResource status - %x. TPM2 service may not ready in > OS.\n", > Status > )); > @@ -741,11 +746,11 @@ PublishAcpiTable ( >ASSERT (Table->OemTableId == SIGNATURE_64 ('T', 'p', 'm', '2', 'T', 'a', > 'b', 'l')); >CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table- > >OemId) ); >mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), > (UINT16) > sizeof (TCG_NVS)); >ASSERT (mTcgNvs != NULL); >mTcgNvs->TpmIrqNum= PcdGet32(PcdTpm2CurrentIrqNum); > - mTcgNvs->IsShortFormPkgLength = FALSE; > + mTcgNvs->IsShortFormPkgLength = IsShortFormPkgLength; > >// >// Publish the TPM ACPI table. Table is re-checksumed. >// >Status = gBS->LocateProtocol (, NULL, (VOID **) > ); > -- > 2.16.2.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg: fix sha256 signature check
> -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Laszlo Ersek > Sent: Thursday, May 10, 2018 8:36 PM > To: James Bottomley <james.bottom...@hansenpartnership.com>; edk2- > de...@lists.01.org > Cc: Zhang Lubo <lubo.zh...@intel.com> > Subject: Re: [edk2] [PATCH] SecurityPkg: fix sha256 signature check > > On 05/10/18 00:09, James Bottomley wrote: > > commit c035e37335ae43229d7e68de74a65f2c01ebc0af > > Author: Zhang Lubo <lubo.zh...@intel.com> > > Date: Thu Jan 5 14:58:05 2017 +0800 > > > > SecurityPkg: enhance secure boot Config Dxe & Time Based AuthVariable. > > > > Added a check for sha256 being the ownly allowed signature hash. > > Unfortuantely this commit assumed the form of the signature data was a > > raw SignedData sequence. Most tools actually generate a ContentInfo > > sequence instead which contains a header identifying the content as > > pkcs7-SignedData. Fix this check to allow either format to work. > > > > This fix is needed at least for efitools because we generate signed > > variable updates with the ContentInfo header. > > > > Signed-off-by: James Bottomley > <james.bottom...@hansenpartnership.com> > > --- > > CryptoPkg/Library/OpensslLib/openssl | 2 +- > > SecurityPkg/Library/AuthVariableLib/AuthService.c | 11 ++- > > 2 files changed, 11 insertions(+), 2 deletions(-) > > > > diff --git a/CryptoPkg/Library/OpensslLib/openssl > > b/CryptoPkg/Library/OpensslLib/openssl > > index b2758a2292..d4e4bd2a81 16 > > --- a/CryptoPkg/Library/OpensslLib/openssl > > +++ b/CryptoPkg/Library/OpensslLib/openssl > > @@ -1 +1 @@ > > -Subproject commit b2758a2292aceda93e9f44c219b94fe21bb9a650 > > +Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 > > This hunk should not be necessary; please see edk2 commit b85b20fba42e > ("CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h", 2018-04-15). > > (I'll let the SecurityPkg maintainers review the rest.) > > Thanks, > Laszlo [Long, Qin] I think so. OpenSSL submodule was already upgraded to 1.1.0h (d4e4bd2a8...) > > > diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c > > b/SecurityPkg/Library/AuthVariableLib/AuthService.c > > index 213a524f27..855ea3350a 100644 > > --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c > > +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c > > @@ -1908,10 +1908,19 @@ VerifyTimeBasedPayload ( > >//in VARIABLE_AUTHENTICATION_2 descriptor. > >//This field has the fixed offset (+13) and be calculated based on > > two > bytes of length encoding. > >// > > + // However the data may also begin > > + // ContentInfo ::= SEQUENCE { > > + // contentType ContentType, > > + // content > > + //[0] EXPLICIT ANY DEFINED BY contentType OPTIONAL } > > + // > > + // In which case the fixed offset is +32 // > >if ((Attributes & > EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { > > if (SigDataSize >= (13 + sizeof (mSha256OidValue))) { > >if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) || > > - (CompareMem (SigData + 13, , sizeof > (mSha256OidValue)) != 0)) { > > + (CompareMem (SigData + 13, , sizeof > (mSha256OidValue)) != 0 && > > + CompareMem (SigData + 32, , sizeof > > +(mSha256OidValue)) != 0)) { > >return EFI_SECURITY_VIOLATION; > > } > > } > > [Long, Qin] This part looks good to me. I prefer to add this to make both formats (with or without contentType) to work. > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] CryptoPkg/CrtLibSupport: add secure_getenv() stub function
It's OK for me to add this NULL wrapper. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Tuesday, May 8, 2018 4:21 AM To: edk2-devel-01 <edk2-devel@lists.01.org> Cc: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com> Subject: [PATCH] CryptoPkg/CrtLibSupport: add secure_getenv() stub function The Fedora distro ships a modified OpenSSL 1.1.0 package stream. One of their patches calls the secure_getenv() C library function. We already have a stub for getenv(); it applies trivially to secure_getenv() as well. Add the secure_getenv() stub so that edk2 can be built with Fedora's OpenSSL 1.1.0 sources. Cc: Qin Long <qin.l...@intel.com> Cc: Ting Ye <ting...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <ler...@redhat.com> --- Notes: Repo: https://github.com/lersek/edk2.git Branch: secure_getenv CryptoPkg/Library/Include/CrtLibSupport.h | 1 + CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 13 + 2 files changed, 14 insertions(+) diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h index 7f1ec1230206..feaf58b0c79a 100644 --- a/CryptoPkg/Library/Include/CrtLibSupport.h +++ b/CryptoPkg/Library/Include/CrtLibSupport.h @@ -163,6 +163,7 @@ gid_t getgid (void); gid_t getegid (void); void qsort (void *, size_t, size_t, int (*)(const void *, const void *)); char *getenv (const char *); +char *secure_getenv (const char *); #if defined(__GNUC__) && (__GNUC__ >= 2) void abort (void) __attribute__((__noreturn__)); #else diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c index 20c96563d270..9510a4a383e6 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c @@ -361,6 +361,19 @@ char *getenv (const char *varname) return NULL; } +/* Get a value from the current environment */ char *secure_getenv +(const char *varname) { + // + // Null secure_getenv() function implementation to satisfy the +linker, since + // there is no direct functionality logic dependency in present UEFI cases. + // + // From the secure_getenv() manual: 'just like getenv() except that +it + // returns NULL in cases where "secure execution" is required'. + // + return NULL; +} + // // -- Stream I/O Routines -- // -- 2.14.1.3.gb7cf6e02401b ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch] NetworkPkg/NetworkPkg.dsc: Add the instance of library class [SafeIntLib].
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jiaxin Wu Sent: Friday, May 4, 2018 11:53 AM To: edk2-devel@lists.01.org Cc: Ye, Ting <ting...@intel.com>; Bi, Dandan <dandan...@intel.com>; Fu, Siyuan <siyuan...@intel.com>; Wu, Jiaxin <jiaxin...@intel.com>; Long, Qin <qin.l...@intel.com> Subject: [edk2] [Patch] NetworkPkg/NetworkPkg.dsc: Add the instance of library class [SafeIntLib]. This patch is to add the instance of library class [SafeIntLib] to fix the NetworkPkg build error, which is caused by the commit of 2167c7f7 that the TlsLib will always consume SafeIntLib. Cc: Ye Ting <ting...@intel.com> Cc: Fu Siyuan <siyuan...@intel.com> Cc: Long Qin <qin.l...@intel.com> Cc: Bi Dandan <dandan...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin...@intel.com> --- NetworkPkg/NetworkPkg.dsc | 1 + 1 file changed, 1 insertion(+) diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc index 471361ce86..dcca5f9fba 100644 --- a/NetworkPkg/NetworkPkg.dsc +++ b/NetworkPkg/NetworkPkg.dsc @@ -43,10 +43,11 @@ TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf NetLib|MdeModulePkg/Library/DxeNetLib/DxeNetLib.inf IpIoLib|MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.inf UdpIoLib|MdeModulePkg/Library/DxeUdpIoLib/DxeUdpIoLib.inf -- 2.16.2.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] Set "db" variable in secure boot setup mode still requires generating PKCS#7?
Hi, David, Yes, in Setup / Custom mode, no need to generate the AuthData for verification. It's good enough to create the AUTH_2 descriptor / headers without CertData as the parameter for SetVariable() call. Do you mean this code snippet can succeed to enroll KEK, but fail to enroll DB data? The data initialization from code snippet looks good. What's the returned errcode value? (And one reminder is that KEK and DB are binding with different vendor GUID: gEfiGlobalVariableGuid, and gEfiImageSecurityDatabaseGuid). Best Regards & Thanks, LONG, Qin From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of David F. Sent: Thursday, May 3, 2018 12:26 AM To: Laszlo Ersek <ler...@redhat.com> Cc: edk2 developers list <edk2-devel@lists.01.org> Subject: Re: [edk2] Set "db" variable in secure boot setup mode still requires generating PKCS#7? This Intel mobo didn't like? This is the code snippet that builds it: // calc size of header (with no certdata) and crt file data to add size_t authhdrsize; size_t siglisthdrsize; if (applyrawdata) { authhdrsize=0; siglisthdrsize=0; } else { authhdrsize=offsetof(EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)+offsetof(WIN_CERTIFICATE_UEFI_GUID, CertData); siglisthdrsize=sizeof(EFI_SIGNATURE_LIST)+offsetof(EFI_SIGNATURE_DATA, SignatureData); } size_t tempbufsize=ffinfo.FileSize+authhdrsize+siglisthdrsize; BYTE *tempbuf; if ((tempbuf=new BYTE [tempbufsize])!=NULL) { // variable to determine where to read file BYTE *certdata=tempbuf; // determine if need to prefix .crt for kek/db entries if (!applyrawdata) { // zero header part of buffer so all are init to zero memset(tempbuf, 0, authhdrsize+siglisthdrsize); // // setup EFI_VARIABLE_AUTHENTICATION_2 header // EFI_VARIABLE_AUTHENTICATION_2 *efivarauth2=(EFI_VARIABLE_AUTHENTICATION_2 *) tempbuf; // setup time TimeTToUEFITimeGMT(time(NULL), >TimeStamp); efivarauth2->TimeStamp.Nanosecond=0; // setup authinfo (without any CertData) efivarauth2->AuthInfo.Hdr.dwLength=offsetof(WIN_CERTIFICATE_UEFI_GUID, CertData); efivarauth2->AuthInfo.Hdr.wRevision=0x200; efivarauth2->AuthInfo.Hdr.wCertificateType=WIN_CERT_TYPE_EFI_GUID; efivarauth2->AuthInfo.CertType=gEfiCertPkcs7Guid; // // setup EFI_SIGNATURE_LIST // EFI_SIGNATURE_LIST *efisiglist=(EFI_SIGNATURE_LIST *) (tempbuf+authhdrsize); efisiglist->SignatureType=gEfiCertX509Guid; efisiglist->SignatureListSize=(uint32_t)(ffinfo.FileSize+siglisthdrsize); efisiglist->SignatureHeaderSize=0; efisiglist->SignatureSize=ffinfo.FileSize+offsetof(EFI_SIGNATURE_DATA, SignatureData); // // setup EFI_SIGNATURE_DATA (no owner) // EFI_SIGNATURE_DATA *efisigdata=(EFI_SIGNATURE_DATA *) ((BYTE*)efisiglist+sizeof(EFI_SIGNATURE_LIST)+efisiglist->SignatureHeaderSize); certdata=efisigdata->SignatureData; } // Read file to buffer if ((errcode=FSOpenReadCloseFile(openpath, certdata, 0, ffinfo.FileSize, NULL, filesys))==ERROR_NONE) { // have the data, now write it to the correct variable uint32_t varattr=EFI_VARIABLE_NON_VOLATILE| EFI_VARIABLE_BOOTSERVICE_ACCESS| EFI_VARIABLE_RUNTIME_ACCESS| EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; if (!rparam) { varattr|=EFI_VARIABLE_APPEND_WRITE; } // update variable errcode=UEFISetVariable(varname, guidstr, tempbuf, tempbufsize, varattr); } // clean up delete[] tempbuf; } On Wed, May 2, 2018 at 3:21 AM, Laszlo Ersek <ler...@redhat.com<mailto:ler...@redhat.com>> wrote: > On 05/01/18 23:13, David F. wrote: > > Hi, > > > > Had a fairly simple task of wanting to install the latest MS .crt > > files for KEK, and their two files for the "db" (the Windows CA and > > UEFI CA) in a system placed in setup/custom mode. However, even > > though it seemed to take the KEK, it never took the "db", always had a > > problem on a DH77KC mobo (dumped data headers looked as expected). Now > > when I constructed it, I thought I could leave out any PKCS#7 data > > (set the expected CertType but in the Hdr dwLength only included > > CertType and not any CertData), > > Right, I've stumbled upon that too. According to the UEFI spec, dwLength > should include CertData too, but edk2 does *not* accept that. This can > be seen e.g. in > "SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/ > SecureBootConfigImpl.c", > function CreateTimeBasedPayload(): > > > // > > // In Setup mode or Custom mode, the variable does not need to be > signed but the > > // parameters to the SetVariable() call still need to be prepared as > authenticated > > // variable. So we create EFI_VARIABLE_AUTHENTICATED_2 descriptor > without certifica
Re: [edk2] [PATCH] CryptoPkg/OpensslLib: remove OpenSSL version number from OpenSSL-HOWTO.txt
Yes, this was not refreshed at last upgrade. And I agree it's better to remove this statement. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Thursday, April 26, 2018 1:58 AM To: edk2-devel-01 <edk2-devel@lists.01.org> Cc: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com> Subject: [PATCH] CryptoPkg/OpensslLib: remove OpenSSL version number from OpenSSL-HOWTO.txt Remove any concrete OpenSSL version numbers from "OpenSSL-HOWTO.txt". That information is out of date and there's no reason for us to refresh it: We now track stable OpenSSL releases via a git submodule. CryptoPkg maintainers push such submodule updates to edk2 that identify the correct stable releases of OpenSSL. "OpenSSL-HOWTO.txt" already provides instructions to users for updating their local submodules. Cc: Qin Long <qin.l...@intel.com> Cc: Ting Ye <ting...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <ler...@redhat.com> --- CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt index 36f8e711dda3..db45eb88d17a 100644 --- a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt +++ b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt @@ -18,7 +18,6 @@ on the cryptography. OpenSSL-Version = EDKII supports building with the latest release of OpenSSL. - The latest official release is OpenSSL-1.1.0g (Released at 2017-Nov-02). NOTE: Only latest release version was fully validated. And no guarantees on build & functionality if using other versions. -- 2.14.1.3.gb7cf6e02401b ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2 2/2] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h
Thanks, Laszlo! Pushed these two fixes with updates by the commits: a701ea0fe1d5178eb4fd2659d83461751cb9e7c9 b85b20fba42e25ff658ed1a470250d530c189027 Best Regards & Thanks, LONG, Qin From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Saturday, April 14, 2018 4:08 AM To: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com> Cc: edk2-devel@lists.01.org Subject: Re: [edk2] [PATCH v2 2/2] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h On 04/12/18 05:08, Long Qin wrote: > (https://bugzilla.tianocore.org/show_bug.cgi?id=927) > > (V2 Update: > Removing the wrong "--remote" option from git submodule update > command in this commit message. Thanks Leszlo's clarification > to correct this) (1) "Laszlo", not "Leszlo" :) Apology!. ☺ > > Update OpenSSL version to 1.1.0h release (27-Mar-2018) to include the > fix for CVE-2018-0739 issue (Handling of crafted recursive ASN.1 > structures can cause a stack overflow and resulting denial of service, > Refer to https://www.openssl.org/news/secadv/20180327.txt for more > information). > > Please note "git pull" will not update the submodule repository. > use the following commend to make your existing submodule track this > update: >$ git submodule update -–recursive (2) OK, so this is a tricky one. The "--recursive" option starts with two hyphen characters (ASCII 0x2D). However, the string above starts with a hyphen (ASCII 0x2D) and then a unicode EN DASH codepoint (U+2013). Please replace it with a normal hyphen. More below: > > Cc: Laszlo Ersek <ler...@redhat.com<mailto:ler...@redhat.com>> > Cc: Ye Ting <ting...@intel.com<mailto:ting...@intel.com>> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Long Qin <qin.l...@intel.com<mailto:qin.l...@intel.com>> > --- > CryptoPkg/Library/OpensslLib/openssl | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/CryptoPkg/Library/OpensslLib/openssl > b/CryptoPkg/Library/OpensslLib/openssl > index b2758a2292..d4e4bd2a81 16 > --- a/CryptoPkg/Library/OpensslLib/openssl > +++ b/CryptoPkg/Library/OpensslLib/openssl > @@ -1 +1 @@ > -Subproject commit b2758a2292aceda93e9f44c219b94fe21bb9a650 > +Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 > With the commit msg updates: Reviewed-by: Laszlo Ersek <ler...@redhat.com<mailto:ler...@redhat.com>> I also tested this patch, with an off-disk Secure Boot, and an HTTPS boot. Both worked fine. Tested-by: Laszlo Ersek <ler...@redhat.com<mailto:ler...@redhat.com>> Thanks! Laszlo ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2 1/2] CryptoPkg/OpensslLib: Fix the documentation about submodule update
Ah, "it's wrong here" means "the existence of "--remote" in original suggested command is wrong". "It's important" looks also make sense to address the "update" goal. I can update that, if old message will cause confusion. Best Regards & Thanks, LONG, Qin -Original Message- From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Thursday, April 12, 2018 5:56 PM To: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com> Cc: edk2-devel@lists.01.org Subject: Re: [PATCH v2 1/2] CryptoPkg/OpensslLib: Fix the documentation about submodule update Hello Qin, On 04/12/18 05:08, Long Qin wrote: > This patch is to drop "--remote" option from the original suggested > submodule update command ("$ git submodule update --recursive > --remote") in HOWTO document. > > "--remote" option will integrate changes from the upstream subproject > with the submodules's "current HEAD", instead of using the edk2 > superproject's "recorded SHA-1". It is wrong here for the edk2 The commit message makes sense, and the patch is good, but I think there's a significant typo in the commit message. Namely, the word "wrong" is wrong :) Instead, it should be "important". Or else, "it is the goal for the edk2 consumes to ...". Do you agree? (I'll come to the second patch sometime later.) Thanks! Laszlo > consumers to updating the working tree of the submodules to match the > commit / release tag that the superproject expects. > > Removing "--remote" option to fix the documentation issue here. > > Cc: Laszlo Ersek <ler...@redhat.com> > Cc: Ye Ting <ting...@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Long Qin <qin.l...@intel.com> > --- > CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt > b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt > index ac63d4c077..36f8e711dd 100644 > --- a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt > +++ b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt > @@ -40,7 +40,7 @@ or >And use the following combined commands to pull the remote > submodule updates (e.g. Updating the new supported OpenSSL release tag): > $ git pull --recurse-submodules && \ > - git submodule update --recursive --remote > + git submodule update --recursive > > = >About process_files.pl > ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2 0/9] {Ovmf, Mde, Network, Crypto}Pkg: fixes+features for setting HTTPS cipher suites
Hi, Laszlo, The updated patch series looks good to me. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Wednesday, April 11, 2018 6:43 PM To: edk2-devel@lists.01.org Cc: Ard Biesheuvel <ard.biesheu...@linaro.org>; Gary Ching-Pang Lin <g...@suse.com>; Wu, Jiaxin <jiaxin...@intel.com>; Justen, Jordan L <jordan.l.jus...@intel.com>; Gao, Liming <liming@intel.com>; Kinney, Michael D <michael.d.kin...@intel.com>; Long, Qin <qin.l...@intel.com>; Fu, Siyuan <siyuan...@intel.com>; Ye, Ting <ting...@intel.com> Subject: [PATCH v2 0/9] {Ovmf,Mde,Network,Crypto}Pkg: fixes+features for setting HTTPS cipher suites Repo: https://github.com/lersek/edk2.git Branch: tls_ciphers_v2 This is version 2 of the series posted earlier at 20180403145149.8925-1-lersek@redhat.com">http://mid.mail-archive.com/20180403145149.8925-1-lersek@redhat.com https://lists.01.org/pipermail/edk2-devel/2018-April/023402.html Changes are noted per patch. One important change cannot be highlighted that way however, because it involves the dropping of the following two patches from v1: [edk2] [PATCH 08/13] CryptoPkg/TlsLib: add the "TlsMappingTable.sh" POSIX shell script [edk2] [PATCH 09/13] CryptoPkg/TlsLib: extend "TlsCipherMappingTable" I retested HTTPS boot with this series; it succeeded. The TLS cipher suite preference list came from the system-wide configuration on my RHEL-7 laptop; basically the binary CipherId array from the command "openssl ciphers -V". The relevant lines from the OVMF log were: > TlsAuthConfigDxe:SetCipherSuites: stored list of cipher suites (190 > byte(s)) [...] > TlsDxe:TlsSetCipherList: skipping CipherId=0xC030 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC02C > TlsDxe:TlsSetCipherList: skipping CipherId=0xC028 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC024 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC014 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC00A > TlsDxe:TlsSetCipherList: skipping CipherId=0x00A5 > TlsDxe:TlsSetCipherList: skipping CipherId=0x00A3 > TlsDxe:TlsSetCipherList: skipping CipherId=0x00A1 > TlsDxe:TlsSetCipherList: skipping CipherId=0x009F > TlsDxe:TlsSetCipherList: skipping CipherId=0x006A > TlsDxe:TlsSetCipherList: skipping CipherId=0x0038 > TlsDxe:TlsSetCipherList: skipping CipherId=0x0088 > TlsDxe:TlsSetCipherList: skipping CipherId=0x0087 > TlsDxe:TlsSetCipherList: skipping CipherId=0x0086 > TlsDxe:TlsSetCipherList: skipping CipherId=0x0085 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC032 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC02E > TlsDxe:TlsSetCipherList: skipping CipherId=0xC02A > TlsDxe:TlsSetCipherList: skipping CipherId=0xC026 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC00F > TlsDxe:TlsSetCipherList: skipping CipherId=0xC005 > TlsDxe:TlsSetCipherList: skipping CipherId=0x009D > TlsDxe:TlsSetCipherList: skipping CipherId=0x0084 > TlsDxe:TlsSetCipherList: skipping CipherId=0x008D > TlsDxe:TlsSetCipherList: skipping CipherId=0xC02F > TlsDxe:TlsSetCipherList: skipping CipherId=0xC02B > TlsDxe:TlsSetCipherList: skipping CipherId=0xC027 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC023 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC013 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC009 > TlsDxe:TlsSetCipherList: skipping CipherId=0x00A4 > TlsDxe:TlsSetCipherList: skipping CipherId=0x00A2 > TlsDxe:TlsSetCipherList: skipping CipherId=0x00A0 > TlsDxe:TlsSetCipherList: skipping CipherId=0x009E > TlsDxe:TlsSetCipherList: skipping CipherId=0x0040 > TlsDxe:TlsSetCipherList: skipping CipherId=0x0032 > TlsDxe:TlsSetCipherList: skipping CipherId=0x009A > TlsDxe:TlsSetCipherList: skipping CipherId=0x0099 > TlsDxe:TlsSetCipherList: skipping CipherId=0x0098 > TlsDxe:TlsSetCipherList: skipping CipherId=0x0097 > TlsDxe:TlsSetCipherList: skipping CipherId=0x0045 > TlsDxe:TlsSetCipherList: skipping CipherId=0x0044 > TlsDxe:TlsSetCipherList: skipping CipherId=0x0043 > TlsDxe:TlsSetCipherList: skipping CipherId=0x0042 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC031 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC02D > TlsDxe:TlsSetCipherList: skipping CipherId=0xC029 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC025 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC00E > TlsDxe:TlsSetCipherList: skipping CipherId=0xC004 > TlsDxe:TlsSetCipherList: skipping CipherId=0x009C > TlsDxe:TlsSetCipherList: skipping CipherId=0x0096 > TlsDxe:TlsSetCipherList: skipping CipherId=0x0041 > TlsDxe:TlsSetCipherList: skipping CipherId=0x008C > TlsDxe:TlsSetCipherList: skipping CipherId=0xC012 > TlsDxe:TlsSetCipherList: skipping CipherId=0xC008 > TlsDxe:TlsS
Re: [edk2] [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h
Hi, Laszlo, You are right. "--remote" is really incorrect here. And thanks you so much to point out this. Best Regards & Thanks, LONG, Qin -Original Message----- From: Long, Qin Sent: Wednesday, April 11, 2018 4:39 PM To: 'Laszlo Ersek' <ler...@redhat.com>; Ye, Ting <ting...@intel.com> Cc: edk2-devel@lists.01.org Subject: RE: [edk2] [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h Thank you so much about this clarification, Laszlo. The submodule maintenance (commands for update / sync) looks a little confused to me. Let me check more locally before the V2. Best Regards & Thanks, LONG, Qin -Original Message- From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Wednesday, April 11, 2018 4:34 PM To: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com> Cc: edk2-devel@lists.01.org Subject: Re: [edk2] [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h Hello Qin, On 04/11/18 10:11, Long Qin wrote: > (https://bugzilla.tianocore.org/show_bug.cgi?id=927) > > Update OpenSSL version to 1.1.0h release (27-Mar-2018) to include the > fix for CVE-2018-0739 issue (Handling of crafted recursive ASN.1 > structures can cause a stack overflow and resulting denial of service, > Refer to https://www.openssl.org/news/secadv/20180327.txt for more > information). Thank you for addressing this BZ so quickly. However, I have a comment on the commit message: > > Please note "git pull" will not update the submodule repository. > use the following commend to make your existing submodule track this > update: >$ git submodule update -–recursive --remote The "--remote" option is wrong here. The git-submodule documentation says, --remote This option is only valid for the update command. Instead of using the superproject's recorded SHA-1 to update the submodule, use the status of the submodule's remote-tracking branch. [...] [...] Use this option to integrate changes from the upstream subproject with your submodule's current HEAD. [...] That is exactly what normal edk2 consumers should *not* do -- because they do not want to update their openssl submodule to the latest upstream OpenSSL release; instead they want to update their openssl submodule to the commit hash that you are recording in this patch. ... In fact I've now found the same issue in our documentation, "CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt". It also recommends "--remote". I suggest the following: please post two patches. * The first patch should fix the documentation. The "--remote" option should be moved from the "user" section to the "maintainer" section -- that is, drop the "--remote" option from its current place, and explain it separately, similarly to "process_files.pl" (which is also only for maintainers). The "--remote" option is correct for *you*, the CryptoPkg maintainer, because you are pulling the new OpenSSL release into edk2, for the rest of the edk2 users. But those users only want to consume the OpenSSL commit hash that you record for them, not the OpenSSL master branch. * The second patch should be this patch, but the commit message should not contain the "--remote" option. One more comment below: > > Cc: Ye Ting <ting...@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Long Qin <qin.l...@intel.com> > --- > CryptoPkg/Library/OpensslLib/openssl | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/CryptoPkg/Library/OpensslLib/openssl > b/CryptoPkg/Library/OpensslLib/openssl > index b2758a2292..d4e4bd2a81 16 > --- a/CryptoPkg/Library/OpensslLib/openssl > +++ b/CryptoPkg/Library/OpensslLib/openssl > @@ -1 +1 @@ > -Subproject commit b2758a2292aceda93e9f44c219b94fe21bb9a650 > +Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 > I agree that this commit corresponds to the "OpenSSL_1_1_0h" tag, in the upstream OpenSSL release. Once you post v2, I'll make an effort to review and test it reasonably quickly. (I have a Secure Boot test from hard disk, and an HTTPS boot test, in mind.) Thanks! Laszlo ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2 2/2] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h
(https://bugzilla.tianocore.org/show_bug.cgi?id=927) (V2 Update: Removing the wrong "--remote" option from git submodule update command in this commit message. Thanks Leszlo's clarification to correct this) Update OpenSSL version to 1.1.0h release (27-Mar-2018) to include the fix for CVE-2018-0739 issue (Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service, Refer to https://www.openssl.org/news/secadv/20180327.txt for more information). Please note "git pull" will not update the submodule repository. use the following commend to make your existing submodule track this update: $ git submodule update -–recursive Cc: Laszlo Ersek <ler...@redhat.com> Cc: Ye Ting <ting...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.l...@intel.com> --- CryptoPkg/Library/OpensslLib/openssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl index b2758a2292..d4e4bd2a81 16 --- a/CryptoPkg/Library/OpensslLib/openssl +++ b/CryptoPkg/Library/OpensslLib/openssl @@ -1 +1 @@ -Subproject commit b2758a2292aceda93e9f44c219b94fe21bb9a650 +Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 -- 2.16.1.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2 1/2] CryptoPkg/OpensslLib: Fix the documentation about submodule update
This patch is to drop "--remote" option from the original suggested submodule update command ("$ git submodule update --recursive --remote") in HOWTO document. "--remote" option will integrate changes from the upstream subproject with the submodules's "current HEAD", instead of using the edk2 superproject's "recorded SHA-1". It is wrong here for the edk2 consumers to updating the working tree of the submodules to match the commit / release tag that the superproject expects. Removing "--remote" option to fix the documentation issue here. Cc: Laszlo Ersek <ler...@redhat.com> Cc: Ye Ting <ting...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.l...@intel.com> --- CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt index ac63d4c077..36f8e711dd 100644 --- a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt +++ b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt @@ -40,7 +40,7 @@ or And use the following combined commands to pull the remote submodule updates (e.g. Updating the new supported OpenSSL release tag): $ git pull --recurse-submodules && \ - git submodule update --recursive --remote + git submodule update --recursive = About process_files.pl -- 2.16.1.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2 0/2] Update OpenSSL version to 1.1.0h
Updating the supported OpenSSL version to 1.1.0h release. Additional patch is to address / fix one HOWTO documentation issue about submodule update command which used the wrong "--remote" option. (Thanks Laszlo's catch). Long Qin (2): CryptoPkg/OpensslLib: Fix the documentation about submodule update CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt | 2 +- CryptoPkg/Library/OpensslLib/openssl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- 2.16.1.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h
Thank you so much about this clarification, Laszlo. The submodule maintenance (commands for update / sync) looks a little confused to me. Let me check more locally before the V2. Best Regards & Thanks, LONG, Qin -Original Message- From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Wednesday, April 11, 2018 4:34 PM To: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com> Cc: edk2-devel@lists.01.org Subject: Re: [edk2] [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h Hello Qin, On 04/11/18 10:11, Long Qin wrote: > (https://bugzilla.tianocore.org/show_bug.cgi?id=927) > > Update OpenSSL version to 1.1.0h release (27-Mar-2018) to include the > fix for CVE-2018-0739 issue (Handling of crafted recursive ASN.1 > structures can cause a stack overflow and resulting denial of service, > Refer to https://www.openssl.org/news/secadv/20180327.txt for more > information). Thank you for addressing this BZ so quickly. However, I have a comment on the commit message: > > Please note "git pull" will not update the submodule repository. > use the following commend to make your existing submodule track this > update: >$ git submodule update -–recursive --remote The "--remote" option is wrong here. The git-submodule documentation says, --remote This option is only valid for the update command. Instead of using the superproject's recorded SHA-1 to update the submodule, use the status of the submodule's remote-tracking branch. [...] [...] Use this option to integrate changes from the upstream subproject with your submodule's current HEAD. [...] That is exactly what normal edk2 consumers should *not* do -- because they do not want to update their openssl submodule to the latest upstream OpenSSL release; instead they want to update their openssl submodule to the commit hash that you are recording in this patch. ... In fact I've now found the same issue in our documentation, "CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt". It also recommends "--remote". I suggest the following: please post two patches. * The first patch should fix the documentation. The "--remote" option should be moved from the "user" section to the "maintainer" section -- that is, drop the "--remote" option from its current place, and explain it separately, similarly to "process_files.pl" (which is also only for maintainers). The "--remote" option is correct for *you*, the CryptoPkg maintainer, because you are pulling the new OpenSSL release into edk2, for the rest of the edk2 users. But those users only want to consume the OpenSSL commit hash that you record for them, not the OpenSSL master branch. * The second patch should be this patch, but the commit message should not contain the "--remote" option. One more comment below: > > Cc: Ye Ting <ting...@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Long Qin <qin.l...@intel.com> > --- > CryptoPkg/Library/OpensslLib/openssl | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/CryptoPkg/Library/OpensslLib/openssl > b/CryptoPkg/Library/OpensslLib/openssl > index b2758a2292..d4e4bd2a81 16 > --- a/CryptoPkg/Library/OpensslLib/openssl > +++ b/CryptoPkg/Library/OpensslLib/openssl > @@ -1 +1 @@ > -Subproject commit b2758a2292aceda93e9f44c219b94fe21bb9a650 > +Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 > I agree that this commit corresponds to the "OpenSSL_1_1_0h" tag, in the upstream OpenSSL release. Once you post v2, I'll make an effort to review and test it reasonably quickly. (I have a Secure Boot test from hard disk, and an HTTPS boot test, in mind.) Thanks! Laszlo ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h
(https://bugzilla.tianocore.org/show_bug.cgi?id=927) Update OpenSSL version to 1.1.0h release (27-Mar-2018) to include the fix for CVE-2018-0739 issue (Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service, Refer to https://www.openssl.org/news/secadv/20180327.txt for more information). Please note "git pull" will not update the submodule repository. use the following commend to make your existing submodule track this update: $ git submodule update -–recursive --remote Cc: Ye Ting <ting...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.l...@intel.com> --- CryptoPkg/Library/OpensslLib/openssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl index b2758a2292..d4e4bd2a81 16 --- a/CryptoPkg/Library/OpensslLib/openssl +++ b/CryptoPkg/Library/OpensslLib/openssl @@ -1 +1 @@ -Subproject commit b2758a2292aceda93e9f44c219b94fe21bb9a650 +Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 -- 2.16.1.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 00/13] {Ovmf, Mde, Network, Crypto}Pkg: fixes+features for setting HTTPS cipher suites
Hi, Laszlo, I prefer to open a separate BZ for this TlsCipherMappingTable update. Current list was produced by some rough collections from Jiaxin and me, which meet the basic cipher requirement for TLS(v1.0/1.1/1.2) to set up one successful connection. Will re-sorted this table based on IANA & IETF-RFCs & EDKII-openssl build options. Best Regards & Thanks, LONG, Qin From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Laszlo Ersek Sent: Tuesday, April 10, 2018 5:48 PM To: Wu, Jiaxin <jiaxin...@intel.com>; edk2-devel-01 <edk2-devel@lists.01.org> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org>; Ye, Ting <ting...@intel.com>; Justen, Jordan L <jordan.l.jus...@intel.com>; Gao, Liming <liming@intel.com>; Gary Ching-Pang Lin <g...@suse.com>; Long, Qin <qin.l...@intel.com>; Kinney, Michael D <michael.d.kin...@intel.com>; Fu, Siyuan <siyuan...@intel.com> Subject: Re: [edk2] [PATCH 00/13] {Ovmf, Mde, Network, Crypto}Pkg: fixes+features for setting HTTPS cipher suites On 04/10/18 06:09, Wu, Jiaxin wrote: > Hi Laszlo > > Appreciate your contribution. I have reviewed the series patches you attached > here. First, I assume you have verified the patches on OVMF and the > functionality works well, That's right; I tested cipher suite negotiation failures and successes. For example, I configured apache to "Disable All SSL and TLS Protocols Except TLS 1 and Up" <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-web_servers#s2-apache-mod_ssl-enabling>, and then I verified that HTTPS boot would succeed vs. fail dependent on whether I passed strong ciphers too, or only weak ones, to OVMF. > then, below are my comments: > > 1. The patches for OvmfPkg/NetworkPkg (0001-0004) are good to me. Thanks. For patch #2, "MdePkg/Include/Protocol/Tls.h: pack structures from the TLS RFC", we exchanged some points with Liming earlier: 4A89E2EF3DFEDB4C8BFDE51014F606A14E1F1B10@SHSMSX104.ccr.corp.intel.com">http://mid.mail-archive.com/4A89E2EF3DFEDB4C8BFDE51014F606A14E1F1B10@SHSMSX104.ccr.corp.intel.com (Please see also my response to that.) I see that both you and Siyuan are OK with patch #2, i.e. with the separate #pragma directives. I'd also like Liming to confirm that he accepts the patch as-is. > > 2. For CryptoPkg, the major viewpoint is also related to the > TlsCipherMappingTable. For this table, only include the supported > ciphersuites looks more reasonable. OK. I think this means that I should preserve patches #5 through #7, and drop patches #8 ('CryptoPkg/TlsLib: add the "TlsMappingTable.sh" POSIX shell script') and #9 ('CryptoPkg/TlsLib: extend "TlsCipherMappingTable"'). Is that correct? > After talked with Qin, I know the unsupported cipher suites won't be > rejected/filtrated by the OpenSSL cipher list setting, if so, the cipher > suite list that passed from the client to the server in the ClientHello > message might also include such unsupported cipher suites. In such a case, > the failure will happen once the server select the unsupported cipher suite. > From the handshake process view, it's unreasonable since the client sent the > desired cipher suites, then the server selected one of them but still met the > error. Oh! You are totally right. I apologize for missing this -- I didn't realize this from Qin's comments on TianoCore #915. In other words, it is actually *important* that "TlsCipherMappingTable" match the cipher suites that we build into edk2. I understand now. Thanks! > Anyway, filtrating the unsupported cipher suites as early as possible is a > wise choice. So, TlsCipherMappingTable should only include the supported > cipher suites by reference the security requirement of CryptoPkg. Yes. > > 3. For patch 0006, it's good to me to optimize the searching algorithm since > the table is larger than before. > > 4. Can we combined some patches together to make the things simple? e.g. > Patches 0005/0007/0010/0011/0012/0013. Those patches are the same purpose to > fix the issues in 0013. I'm not against squashing these patches together, but separating patch #6 (the binary search) out of the middle is not possible without a rewrite of that patch, because it has context dependencies on patch #5. Do you want me to do that? I.e., first implement the binary search for TlsGetCipherString() -- without changing the interface --, and *then* switch it over to TlsGetCipherMapping(), as part of the large squashed patch? > > 5. For patch 0008, I think it's unnecessary to provide such script. I prefer > to maintain the TlsCipherMappingTable more statical since it's the internal > mapping table. How about we keep it as internal assistant tool? Sure, given that TlsCipherMa
Re: [edk2] [PATCH 00/13] {Ovmf, Mde, Network, Crypto}Pkg: fixes+features for setting HTTPS cipher suites
Thanks, Laszlo. In fact, these implementation optimizations are good to me. ☺ On 04/10/18 12:02, Laszlo Ersek wrote: > On 04/10/18 09:40, Long, Qin wrote: >> #0005, #0006, #0007, #0012, #0013: >> These implementation looks good to me. >> But some of updates were based on the assumption of #0008-0009. I >> have no strong opinion >> if some original light implementation are good enough currently. I'd like to comment on this in more detail (namely that "some original light implementation are good enough currently"): - I now agree that "TlsCipherMappingTable" should match the ciphers built into OpensslLib exactly. However, that makes it only more important that we *not* return EFI_UNSUPPORTED immediately when we find a cipher suite in the platform's preference list that we don't support. Instead, we should filter the platform's list down to what we do support. [qlong] Yes, I agree it’s better to filter out any unavailable items. - The stack allocation with 500 bytes for CipherString is questionable practice, in my opinion, given that we add a variable list of cipher suite names. It's just not deterministic. It can produce confusing results that don't match the caller's (the platform's) intent, and it will only become worse when you extend "TlsCipherMappingTable" to the full cipher list that we build into OpensslLib *right now*. (And that's not considering any future cipher enablements.) [qlong] Yes, the original fixed buffer is limited to the future extension. It’s good to me to have more flexible implementation. - "@STRENGTH" must be dropped. I have no doubt about that. :) [qlong] I agree. “@STRENGTH” will cause to re-order the preferred cipher lists. I prefer to keep the configuration-defined order. So, I'd like to keep patch #13 as-is, perhaps squahed together with patch #12 if you all prefer that. [qlong] Sure. It’s OK for me. Thanks! Laszlo ___ edk2-devel mailing list edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 00/13] {Ovmf, Mde, Network, Crypto}Pkg: fixes+features for setting HTTPS cipher suites
Hi, Laszlo, Some comments / discussions were added in https://bugzilla.tianocore.org/show_bug.cgi?id=915 with comment 09 & 11. Back to the patch review. Some comments were appended: #0001, #0003, #0004,#0010,#0011: Looks good to me. #0002 - I personally think in general we should reduce using "#pragma pack", except that these data really have serialization requirement (e.g. variable) to match extra data layout. Here we just use these structures for setting / getting data, instead of direct data transport. I am thinking if it's better to update the implementation part. But too many sizeof() were used, and Ovmf part may also need to store preferred CipherList data. So it's still good to me to pack something. #0008, #0009: - As the BZ comments. The TlsCipherMappingTable extension and generation with script looks incorrect. This table should include all available / supported ciphers, which was actually platform / configuration dependent. I prefer to maintain one static / limited table for edk2 tls implementation. Any new cipher requirement can be evaluated & enabled, and then added into this table. #0005, #0006, #0007, #0012, #0013: These implementation looks good to me. But some of updates were based on the assumption of #0008-0009. I have no strong opinion if some original light implementation are good enough currently. Best Regards & Thanks, LONG, Qin -Original Message- From: Wu, Jiaxin Sent: Tuesday, April 10, 2018 12:09 PM To: Laszlo Ersek <ler...@redhat.com>; edk2-devel-01 <edk2-devel@lists.01.org> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org>; Gary Ching-Pang Lin <g...@suse.com>; Justen, Jordan L <jordan.l.jus...@intel.com>; Gao, Liming <liming@intel.com>; Kinney, Michael D <michael.d.kin...@intel.com>; Long, Qin <qin.l...@intel.com>; Fu, Siyuan <siyuan...@intel.com>; Ye, Ting <ting...@intel.com> Subject: RE: [PATCH 00/13] {Ovmf,Mde,Network,Crypto}Pkg: fixes+features for setting HTTPS cipher suites Hi Laszlo Appreciate your contribution. I have reviewed the series patches you attached here. First, I assume you have verified the patches on OVMF and the functionality works well, then, below are my comments: 1. The patches for OvmfPkg/NetworkPkg (0001-0004) are good to me. 2. For CryptoPkg, the major viewpoint is also related to the TlsCipherMappingTable. For this table, only include the supported ciphersuites looks more reasonable. After talked with Qin, I know the unsupported cipher suites won't be rejected/filtrated by the OpenSSL cipher list setting, if so, the cipher suite list that passed from the client to the server in the ClientHello message might also include such unsupported cipher suites. In such a case, the failure will happen once the server select the unsupported cipher suite. From the handshake process view, it's unreasonable since the client sent the desired cipher suites, then the server selected one of them but still met the error. Anyway, filtrating the unsupported cipher suites as early as possible is a wise choice. So, TlsCipherMappingTable should only include the supported cipher suites by reference the security requirement of CryptoPkg. 3. For patch 0006, it's good to me to optimize the searching algorithm since the table is larger than before. 4. Can we combined some patches together to make the things simple? e.g. Patches 0005/0007/0010/0011/0012/0013. Those patches are the same purpose to fix the issues in 0013. 5. For patch 0008, I think it's unnecessary to provide such script. I prefer to maintain the TlsCipherMappingTable more statical since it's the internal mapping table. How about we keep it as internal assistant tool? 6. For patch 0009 to extend the TlsCipherMappingTable, I think Qin can help us to provide the supported cipher suites by reference the security requirement of CryptoPkg. Thanks, Jiaxin > -Original Message- > From: Laszlo Ersek [mailto:ler...@redhat.com] > Sent: Tuesday, April 3, 2018 10:52 PM > To: edk2-devel-01 <edk2-devel@lists.01.org> > Cc: Ard Biesheuvel <ard.biesheu...@linaro.org>; Gary Ching-Pang Lin > <g...@suse.com>; Wu, Jiaxin <jiaxin...@intel.com>; Justen, Jordan L > <jordan.l.jus...@intel.com>; Gao, Liming <liming@intel.com>; > Kinney, Michael D <michael.d.kin...@intel.com>; Long, Qin > <qin.l...@intel.com>; Fu, Siyuan <siyuan...@intel.com>; Ye, Ting > <ting...@intel.com> > Subject: [PATCH 00/13] {Ovmf,Mde,Network,Crypto}Pkg: fixes+features > for setting HTTPS cipher suites > > Repo: https://github.com/lersek/edk2.git > Branch: tls_ciphers > > Earlier I posted two patch sets for better platform control of the CA > certificates used in HT
Re: [edk2] [Patch] BaseTools: Update Rsa2048Sha256Sign to use openssl dgst option
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Gao, Liming Sent: Tuesday, March 27, 2018 8:59 PM To: edk2-devel@lists.01.org Cc: Zhu, Yonghong <yonghong@intel.com>; Long, Qin <qin.l...@intel.com> Subject: [Patch] BaseTools: Update Rsa2048Sha256Sign to use openssl dgst option Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao <liming@intel.com> Cc: Yonghong Zhu <yonghong@intel.com> Cc: Qin Long <qin.l...@intel.com> --- BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py index 4188f8e..d36a14f 100644 --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py @@ -4,7 +4,7 @@ # {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf}} # This tool has been tested with OpenSSL 1.0.1e 11 Feb 2013 # -# Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved. +# Copyright (c) 2013 - 2018, Intel Corporation. All rights +reserved. # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -176,7 +176,7 @@ if __name__ == '__main__': # # Sign the input file using the specified private key and capture signature from STDOUT # -Process = subprocess.Popen('%s sha1 -sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) +Process = subprocess.Popen('%s dgst -sha256 -sign "%s"' % + (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Signature = Process.communicate(input=FullInputFileBuffer)[0] if Process.returncode <> 0: sys.exit(Process.returncode) @@ -225,7 +225,7 @@ if __name__ == '__main__': # # Verify signature # -Process = subprocess.Popen('%s sha1 -sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) +Process = subprocess.Popen('%s dgst -sha256 -prverify "%s" + -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, + args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, + stderr=subprocess.PIPE, shell=True) Process.communicate(input=FullInputFileBuffer) if Process.returncode <> 0: print 'ERROR: Verification failed' -- 2.8.0.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options
This ("sha1 -sha256") looks a little odd. Could we try "openssl dgst -sha256 "? Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhu, Yonghong Sent: Tuesday, March 27, 2018 3:56 PM To: Gao, Liming <liming@intel.com>; edk2-devel@lists.01.org Cc: Kinney, Michael D <michael.d.kin...@intel.com>; Liao, Jui-pengX <jui-pengx.l...@intel.com> Subject: Re: [edk2] [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options Reviewed-by: Yonghong Zhu <yonghong@intel.com> Best Regards, Zhu Yonghong -Original Message- From: Gao, Liming Sent: Tuesday, March 27, 2018 1:48 PM To: edk2-devel@lists.01.org Cc: Liao, Jui-pengX <jui-pengx.l...@intel.com>; Kinney, Michael D <michael.d.kin...@intel.com>; Zhu, Yonghong <yonghong@intel.com> Subject: [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options sha256 is not the standard option. It should be replaced by sha -sha256. Otherwise, it doesn't work in MAC OS. In V2, update the option to sha1 -sha256. In late openssl version >= 1.1, there is no sha option, but has sha1,sha256. In previous openssl version < 1.1, there is no sha256, but has sha,sha1. To work with all openssl version, use sha1 -sha256 for it. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liao Jui-peng <jui-pengx.l...@intel.com> Signed-off-by: Liming Gao <liming@intel.com> Cc: Michael Kinney <michael.d.kin...@intel.com> Cc: Yonghong Zhu <yonghong@intel.com> --- BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py index 1ae6ebb..4188f8e 100644 --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py @@ -176,7 +176,7 @@ if __name__ == '__main__': # # Sign the input file using the specified private key and capture signature from STDOUT # -Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) +Process = subprocess.Popen('%s sha1 -sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Signature = Process.communicate(input=FullInputFileBuffer)[0] if Process.returncode <> 0: sys.exit(Process.returncode) @@ -225,7 +225,7 @@ if __name__ == '__main__': # # Verify signature # -Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) +Process = subprocess.Popen('%s sha1 -sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Process.communicate(input=FullInputFileBuffer) if Process.returncode <> 0: print 'ERROR: Verification failed' -- 2.8.0.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch] SecurityPkg Tpm12CommandLib: Fix TPM12 GetCapability response error
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhang, Chao B Sent: Tuesday, March 20, 2018 11:12 PM To: edk2-devel@lists.01.org Cc: Yao, Jiewen <jiewen@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com>; Long, Qin <qin.l...@intel.com> Subject: [edk2] [Patch] SecurityPkg Tpm12CommandLib: Fix TPM12 GetCapability response error TPM12 command lib doesn't convert Response Size before using. Add logic to fix the issue. Cc: Long Qin <qin.l...@intel.com> Cc: Yao Jiewen <jiewen@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> Signed-off-by: Zhang, Chao B <chao.b.zh...@intel.com> --- SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c b/SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c index c6eb9e1050..29d7a13edb 100644 --- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c +++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c @@ -1,9 +1,9 @@ /** @file Implement TPM1.2 Get Capabilities related commands. -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -83,11 +83,11 @@ Tpm12GetCapabilityFlagPermanent ( DEBUG ((DEBUG_ERROR, "Tpm12GetCapabilityFlagPermanent: Response Code error! 0x%08x\r\n", SwapBytes32 (Response.Hdr.returnCode))); return EFI_DEVICE_ERROR; } ZeroMem (TpmPermanentFlags, sizeof (*TpmPermanentFlags)); - CopyMem (TpmPermanentFlags, , MIN (sizeof (*TpmPermanentFlags), Response.ResponseSize)); + CopyMem (TpmPermanentFlags, , MIN (sizeof + (*TpmPermanentFlags), SwapBytes32(Response.ResponseSize))); return Status; } /** @@ -129,9 +129,9 @@ Tpm12GetCapabilityFlagVolatile ( DEBUG ((DEBUG_ERROR, "Tpm12GetCapabilityFlagVolatile: Response Code error! 0x%08x\r\n", SwapBytes32 (Response.Hdr.returnCode))); return EFI_DEVICE_ERROR; } ZeroMem (VolatileFlags, sizeof (*VolatileFlags)); - CopyMem (VolatileFlags, , MIN (sizeof (*VolatileFlags), Response.ResponseSize)); + CopyMem (VolatileFlags, , MIN (sizeof + (*VolatileFlags), SwapBytes32(Response.ResponseSize))); return Status; } -- 2.16.2.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch] SecurityPkg Tpm2CommandLib: Fix TPM2.0 response memory overflow
Hi, Chao, One minor suggestion to add the comment to explain the following value "8": the number of digests in list is not greater than 8 per TPML_DIGEST definition. + if (PcrValues->count > 8) { +return EFI_DEVICE_ERROR; + } Other looks good to me. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Tuesday, March 20, 2018 4:36 PM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Yao, Jiewen <jiewen@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Subject: [Patch] SecurityPkg Tpm2CommandLib: Fix TPM2.0 response memory overflow TPM2.0 command lib always assumes TPM device and transmission channel can respond correctly. But it is not true when communication channel is exploited and wrong data is spoofed. Add more logic to prohibit memory overflow attack. Cc: Long Qin <qin.l...@intel.com> Cc: Yao Jiewen <jiewen@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> Signed-off-by: Zhang, Chao B <chao.b.zh...@intel.com> --- .../Library/Tpm2CommandLib/Tpm2Capability.c| 21 ++- .../Tpm2CommandLib/Tpm2EnhancedAuthorization.c | 16 ++- SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 19 ++--- SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 14 -- SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c| 31 +- SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c | 10 ++- SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c | 6 - 7 files changed, 107 insertions(+), 10 deletions(-) diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c index 79e80fb7a9..42afe107a6 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c @@ -1,9 +1,9 @@ /** @file Implement TPM2 Capability related command. -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -110,10 +110,18 @@ Tpm2GetCapability ( if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT8)) { return EFI_DEVICE_ERROR; } + // + // Fail if command failed + // + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { +DEBUG ((EFI_D_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r\n", SwapBytes32(RecvBuffer.Header.responseCode))); +return EFI_DEVICE_ERROR; + } + // // Return the response // *MoreData = RecvBuffer.MoreData; // @@ -327,10 +335,14 @@ Tpm2GetCapabilitySupportedAlg ( } CopyMem (AlgList, , sizeof (TPML_ALG_PROPERTY)); AlgList->count = SwapBytes32 (AlgList->count); + if (AlgList->count > MAX_CAP_ALGS) { +return EFI_DEVICE_ERROR; + } + for (Index = 0; Index < AlgList->count; Index++) { AlgList->algProperties[Index].alg = SwapBytes16 (AlgList->algProperties[Index].alg); WriteUnaligned32 ((UINT32 *)>algProperties[Index].algProperties, SwapBytes32 (ReadUnaligned32 ((UINT32 *)>algProperties[Index].algProperties))); } @@ -474,13 +486,20 @@ Tpm2GetCapabilityPcrs ( if (EFI_ERROR (Status)) { return Status; } Pcrs->count = SwapBytes32 (TpmCap.data.assignedPCR.count); + if (Pcrs->count > HASH_COUNT) { +return EFI_DEVICE_ERROR; + } + for (Index = 0; Index < Pcrs->count; Index++) { Pcrs->pcrSelections[Index].hash = SwapBytes16 (TpmCap.data.assignedPCR.pcrSelections[Index].hash); Pcrs->pcrSelections[Index].sizeofSelect = TpmCap.data.assignedPCR.pcrSelections[Index].sizeofSelect; +if (Pcrs->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) { + return EFI_DEVICE_ERROR; +} CopyMem (Pcrs->pcrSelections[Index].pcrSelect, TpmCap.data.assignedPCR.pcrSelections[Index].pcrSelect, Pcrs->pcrSelections[Index].sizeofSelect); } return EFI_SUCCESS; } diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c index 6f6b3693f8..3e42875b83 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c @@ -1,9 +1,9 @@ /** @file Implement TPM2 EnhancedAuthorization related command. -Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved. +Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved. This program and the accompanying mat
Re: [edk2] Why does EDK2 disable time checks on certificates?
The OS can update the certificates by correct SetVariable() call with authenticated payload (following UEFI secure boot / authenticated variable definitions. Refer to the section 8.2 "Variable Services" and chapter 31 "Secure Boot and Driver Signing" for more details). I am not sure if current OS will enforce any periodical update. Currently, UEFI is just distributing the revocation list file to address possible security risks (http://www.uefi.org/revocationlistfile). Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Bryan Rosario Sent: Tuesday, February 6, 2018 10:17 AM To: Zhang, Chao B <chao.b.zh...@intel.com> Cc: edk2-devel@lists.01.org; Alain Gefflaut <alain...@google.com>; Long, Qin <qin.l...@intel.com> Subject: Re: [edk2] Why does EDK2 disable time checks on certificates? Thanks for the info. Another question: if I enable time checks in my local copy of EDK2 (or if there is another UEFI implementation with time checks enabled), do operating systems generally update their certificates periodically to avoid them expiring? In particular, I'm wondering about bootloaders that are signed for secure boot. I've seen expiration times on the attached certificates and I'm wondering if the bootloader will be periodically updated, or if operating systems will just expect that the firmware doesn't actually enforce the expiration time. On Mon, Feb 5, 2018 at 5:45 PM, Zhang, Chao B <chao.b.zh...@intel.com> wrote: > Bryan: >You can reference EFI_CERT_X509_SHA256, EFI_CERT_X509_SHA384, > EFI_CERT_X509_SHA512 data structure definition in UEFI spec. > Now they are only supported in DBX. Revocation time here is defined > by user instead of directly from Validity of X059 Certificate in order > to address the issue mentioned below. > > > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Long, Qin > Sent: Tuesday, February 6, 2018 8:55 AM > To: Bryan Rosario <b...@google.com>; edk2-devel@lists.01.org > Subject: Re: [edk2] Why does EDK2 disable time checks on certificates? > > It's EDK2-only. > The current pre-boot environment have no trusted timer synchronization > service. And it's very likely the system time is not the real-time > (esp under dev environment). So the certificate time expiration > checking was bypassed to avoid any boot break. > > Against the corresponding certificate revocation case, the UEFI > introduced the DBX database (forbidden list) to address this. > > > Best Regards & Thanks, > LONG, Qin > > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Bryan Rosario > Sent: Tuesday, February 6, 2018 5:52 AM > To: edk2-devel@lists.01.org > Subject: [edk2] Why does EDK2 disable time checks on certificates? > > See here ("Currently certificate time expiration checking is ignored."): > https://github.com/tianocore/tianocore.github.io/wiki/How- > to-Enable-Security > . > > Is this behavior part of the UEFI specification or is it EDK2-only? > And what's the reasoning for it? > > Thanks, > Bryan > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel > ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg: Support PP version lower than 1.3
Could you update the AsciiStrLen usage with safe version, or direct "sizeof()"? Others looks good to me. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Monday, February 5, 2018 10:32 AM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Yao, Jiewen <jiewen@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Subject: [PATCH] SecurityPkg: Support PP version lower than 1.3 TCG PP 1.2 & PP 1.3 spec defined different Opcodes. Update code to support both. Cc: Long Qin <qin.l...@intel.com> Cc: Yao Jiewen <jiewen@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> --- .../SmmTcg2PhysicalPresenceLib.c | 31 +- .../SmmTcg2PhysicalPresenceLib.inf | 7 +++-- 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c index 6061453..ffade10 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres +++ enceLib.c @@ -10,7 +10,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction() will receive untrusted input and do validation. -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -27,12 +27,16 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include +#include #include #include #include #include +#define PP_INF_VERSION_1_2"1.2" + EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable; +BOOLEANmIsTcg2PPVerLowerThan_1_3 = FALSE; /** The handler for TPM physical presence function: @@ -337,11 +341,22 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( break; default: - if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { -// -// TCG PP spec defined operations that are reserved or un-implemented -// -return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; + if (mIsTcg2PPVerLowerThan_1_3 == FALSE) { +if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + // + // TCG2 PP1.3 spec defined operations that are reserved or un-implemented + // + return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; +} + } else { + // + // TCG PP lower than 1.3. (1.0, 1.1, 1.2) + // + if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) { + RequestConfirmed = TRUE; + } else if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; + } } break; } @@ -377,6 +392,10 @@ Tcg2PhysicalPresenceLibConstructor ( { EFI_STATUS Status; + if (AsciiStrnCmp(PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer), AsciiStrLen(PP_INF_VERSION_1_2)) <=0) { +mIsTcg2PPVerLowerThan_1_3 = TRUE; + } + // // Locate SmmVariableProtocol. // diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf index 5fa84b1..8367097 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPres +++ enceLib.inf @@ -7,7 +7,7 @@ # This driver will have external input - variable. # This external input must be validated carefully to avoid security issue. # -# Copyright (c) 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2015 - 2018, Intel Corporation. All rights +reserved. # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -52,6 +52,9 @@ ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" gEfiTcg2PhysicalPresenceGuid - + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## +CONSUMES + [Depex] gEfiSmmVariableProtocolGuid \ No newline at end of file -- 1.9.5.msysgit.1 _
Re: [edk2] Why does EDK2 disable time checks on certificates?
It's EDK2-only. The current pre-boot environment have no trusted timer synchronization service. And it's very likely the system time is not the real-time (esp under dev environment). So the certificate time expiration checking was bypassed to avoid any boot break. Against the corresponding certificate revocation case, the UEFI introduced the DBX database (forbidden list) to address this. Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Bryan Rosario Sent: Tuesday, February 6, 2018 5:52 AM To: edk2-devel@lists.01.org Subject: [edk2] Why does EDK2 disable time checks on certificates? See here ("Currently certificate time expiration checking is ignored."): https://github.com/tianocore/tianocore.github.io/wiki/How-to-Enable-Security . Is this behavior part of the UEFI specification or is it EDK2-only? And what's the reasoning for it? Thanks, Bryan ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg: Disable TPM interrupt in DEC
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Tuesday, January 30, 2018 9:17 AM To: edk2-devel@lists.01.org Cc: Yao, Jiewen <jiewen@intel.com>; Long, Qin <qin.l...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Subject: [PATCH] SecurityPkg: Disable TPM interrupt in DEC Disable TPM interrupt support in DEC Cc: Yao Jiewen <jiewen@intel.com> Cc: Long Qin <qin.l...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> --- SecurityPkg/SecurityPkg.dec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index d2741f6..983fb0e 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -453,12 +453,12 @@ ## Indicate current TPM2 Interrupt Number reported by _CRS control method. # TPM2 Interrupt feature is disabled If the pcd is set to 0. # @Prompt Current TPM2 Interrupt Number - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2CurrentIrqNum|0x0C|UINT32|0x0001001C + + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2CurrentIrqNum|0x00|UINT32|0x00010 + 01C ## Indicate platform possible TPM2 Interrupt Number reported by _PRS control method. # Possible TPM2 Interrupt Number Buffer will not be reported if TPM2 Interrupt feature is disabled. # @Prompt Possible TPM2 Interrupt Number buffer - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2PossibleIrqNumBuf|{0x0C, 0x00, 0x00, 0x00}|VOID*|0x0001001D + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2PossibleIrqNumBuf|{0x00, 0x00, + 0x00, 0x00}|VOID*|0x0001001D [PcdsDynamic, PcdsDynamicEx] -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg: Update package version to 0.98
Reviewed-by: Qin Long <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Monday, January 22, 2018 10:11 PM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Subject: [PATCH] SecurityPkg: Update package version to 0.98 Update package version of SecurityPkg to 0.98. Cc: Qin Long <qin.l...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> --- SecurityPkg/SecurityPkg.dec | 4 ++-- SecurityPkg/SecurityPkg.dsc | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 50dbe95..ededb51 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -5,7 +5,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes) # and libraries instances, which are used for those features. # -# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved. +# Copyright (c) 2009 - 2018, Intel Corporation. All rights +reserved. # (C) Copyright 2015 Hewlett Packard Enterprise Development LP # Copyright (c) 2017, Microsoft Corporation. All rights reserved. # This program and the accompanying materials are licensed and made available under @@ -23,7 +23,7 @@ PACKAGE_NAME = SecurityPkg PACKAGE_UNI_FILE = SecurityPkg.uni PACKAGE_GUID = 4EFC4F66-6219-4427-B780-FB99F470767F - PACKAGE_VERSION= 0.97 + PACKAGE_VERSION= 0.98 [Includes] Include diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 9ce2953..43ac0b1 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -1,7 +1,7 @@ ## @file # Security Module Package for All Architectures. # -# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved. +# Copyright (c) 2009 - 2018, Intel Corporation. All rights +reserved. # (C) Copyright 2015 Hewlett Packard Enterprise Development LP # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License @@ -16,7 +16,7 @@ [Defines] PLATFORM_NAME = SecurityPkg PLATFORM_GUID = B2C4614D-AE76-47ba-B876-5988BFED064F - PLATFORM_VERSION = 0.97 + PLATFORM_VERSION = 0.98 DSC_SPECIFICATION = 0x00010005 OUTPUT_DIRECTORY = Build/SecurityPkg SUPPORTED_ARCHITECTURES= IA32|IPF|X64|EBC|ARM|AARCH64 -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH] CryptoPkg: Update package version to 0.98
Update package version of CryptoPkg to 0.98. Cc: Ting YeContributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- CryptoPkg/CryptoPkg.dec | 4 ++-- CryptoPkg/CryptoPkg.dsc | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index afeb723211..7593ee3c69 100644 --- a/CryptoPkg/CryptoPkg.dec +++ b/CryptoPkg/CryptoPkg.dec @@ -4,7 +4,7 @@ # This Package provides cryptographic-related libraries for UEFI security modules. # It also provides a test application to test libraries. # -# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved. +# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -20,7 +20,7 @@ PACKAGE_NAME = CryptoPkg PACKAGE_UNI_FILE = CryptoPkg.uni PACKAGE_GUID = 36470E80-36F2-4ba0-8CC8-937C7D9FF888 - PACKAGE_VERSION= 0.97 + PACKAGE_VERSION= 0.98 [Includes] Include diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 461f0deeb3..b49e587ba1 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -1,7 +1,7 @@ ## @file # Cryptographic Library Package for UEFI Security Implementation. # -# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved. +# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -20,7 +20,7 @@ [Defines] PLATFORM_NAME = CryptoPkg PLATFORM_GUID = E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6 - PLATFORM_VERSION = 0.97 + PLATFORM_VERSION = 0.98 DSC_SPECIFICATION = 0x00010005 OUTPUT_DIRECTORY = Build/CryptoPkg SUPPORTED_ARCHITECTURES= IA32|X64|IPF|ARM|AARCH64 -- 2.15.1.windows.2 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] CryptoPkg/BaseCryptLib: Add error handling for time() wrapper
Yes, and the function comment were already there. -Original Message- From: Ni, Ruiyu Sent: Friday, January 19, 2018 3:16 PM To: Zeng, Star <star.z...@intel.com>; Long, Qin <qin.l...@intel.com>; edk2-devel@lists.01.org Cc: Ye, Ting <ting...@intel.com>; Zeng, Star <star.z...@intel.com> Subject: RE: [PATCH] CryptoPkg/BaseCryptLib: Add error handling for time() wrapper Qin, How about add more comments to say the tick is calculated from 1970 first second? Thanks/Ray > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Zeng, Star > Sent: Friday, January 19, 2018 3:14 PM > To: Long, Qin <qin.l...@intel.com>; edk2-devel@lists.01.org > Cc: Ye, Ting <ting...@intel.com>; Zeng, Star <star.z...@intel.com> > Subject: Re: [edk2] [PATCH] CryptoPkg/BaseCryptLib: Add error handling > for > time() wrapper > > Ok, got it. > > Reviewed-by: Star Zeng <star.z...@intel.com> > > Thanks, > Star > -Original Message- > From: Long, Qin > Sent: Friday, January 19, 2018 3:12 PM > To: Zeng, Star <star.z...@intel.com>; edk2-devel@lists.01.org > Cc: Ye, Ting <ting...@intel.com> > Subject: RE: [PATCH] CryptoPkg/BaseCryptLib: Add error handling for > time() wrapper > > It's legal to continue the calculation about the seconds elapsed since > 1970.01.01 00:00:00. > > > -Original Message- > From: Zeng, Star > Sent: Friday, January 19, 2018 3:10 PM > To: Long, Qin <qin.l...@intel.com>; edk2-devel@lists.01.org > Cc: Ye, Ting <ting...@intel.com>; Zeng, Star <star.z...@intel.com> > Subject: RE: [PATCH] CryptoPkg/BaseCryptLib: Add error handling for > time() wrapper > > What will happen if Time.Year == 1970? :) > > Thanks, > Star > -Original Message- > From: Long, Qin > Sent: Friday, January 19, 2018 3:05 PM > To: edk2-devel@lists.01.org > Cc: Zeng, Star <star.z...@intel.com>; Ye, Ting <ting...@intel.com>; > Long, Qin <qin.l...@intel.com> > Subject: [PATCH] CryptoPkg/BaseCryptLib: Add error handling for time() > wrapper > > In time() wrapper implementation, the gRT->GetTime() call may be not > available. This patch adds the extra error handling to avoid the > potential dead loop. > > Cc: Star Zeng <star.z...@intel.com> > Cc: Ting Ye <ting...@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Qin Long <qin.l...@intel.com> > --- > CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c | 12 > > 1 file changed, 8 insertions(+), 4 deletions(-) > > diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c > b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c > index 581b8fb028..95e0419640 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c > +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c > @@ -72,14 +72,18 @@ UINTN CumulativeDays[2][14] = { // ) time_t > time (time_t *timer) { > - EFI_TIME Time; > - time_tCalTime; > - UINTN Year; > + EFI_STATUS Status; > + EFI_TIMETime; > + time_t CalTime; > + UINTN Year; > >// >// Get the current time and date information >// > - gRT->GetTime (, NULL); > + Status = gRT->GetTime (, NULL); if (EFI_ERROR (Status) || > + (Time.Year < 1970)) { > +return 0; > + } > >// >// Years Handling > -- > 2.15.1.windows.2 > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] CryptoPkg/BaseCryptLib: Add error handling for time() wrapper
It's legal to continue the calculation about the seconds elapsed since 1970.01.01 00:00:00. -Original Message- From: Zeng, Star Sent: Friday, January 19, 2018 3:10 PM To: Long, Qin <qin.l...@intel.com>; edk2-devel@lists.01.org Cc: Ye, Ting <ting...@intel.com>; Zeng, Star <star.z...@intel.com> Subject: RE: [PATCH] CryptoPkg/BaseCryptLib: Add error handling for time() wrapper What will happen if Time.Year == 1970? :) Thanks, Star -Original Message----- From: Long, Qin Sent: Friday, January 19, 2018 3:05 PM To: edk2-devel@lists.01.org Cc: Zeng, Star <star.z...@intel.com>; Ye, Ting <ting...@intel.com>; Long, Qin <qin.l...@intel.com> Subject: [PATCH] CryptoPkg/BaseCryptLib: Add error handling for time() wrapper In time() wrapper implementation, the gRT->GetTime() call may be not available. This patch adds the extra error handling to avoid the potential dead loop. Cc: Star Zeng <star.z...@intel.com> Cc: Ting Ye <ting...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.l...@intel.com> --- CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c | 12 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c index 581b8fb028..95e0419640 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c @@ -72,14 +72,18 @@ UINTN CumulativeDays[2][14] = { // ) time_t time (time_t *timer) { - EFI_TIME Time; - time_tCalTime; - UINTN Year; + EFI_STATUS Status; + EFI_TIMETime; + time_t CalTime; + UINTN Year; // // Get the current time and date information // - gRT->GetTime (, NULL); + Status = gRT->GetTime (, NULL); + if (EFI_ERROR (Status) || (Time.Year < 1970)) { +return 0; + } // // Years Handling -- 2.15.1.windows.2 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH] CryptoPkg/BaseCryptLib: Add error handling for time() wrapper
In time() wrapper implementation, the gRT->GetTime() call may be not available. This patch adds the extra error handling to avoid the potential dead loop. Cc: Star ZengCc: Ting Ye Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c | 12 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c index 581b8fb028..95e0419640 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c @@ -72,14 +72,18 @@ UINTN CumulativeDays[2][14] = { // ) time_t time (time_t *timer) { - EFI_TIME Time; - time_tCalTime; - UINTN Year; + EFI_STATUS Status; + EFI_TIMETime; + time_t CalTime; + UINTN Year; // // Get the current time and date information // - gRT->GetTime (, NULL); + Status = gRT->GetTime (, NULL); + if (EFI_ERROR (Status) || (Time.Year < 1970)) { +return 0; + } // // Years Handling -- 2.15.1.windows.2 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] CryptoPkg/OpensslLib: ignore uninitialized warning
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Heyi Guo [mailto:heyi@linaro.org] Sent: Tuesday, January 16, 2018 4:02 PM To: edk2-devel@lists.01.org Cc: Heyi Guo <heyi@linaro.org>; Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com>; Ard Biesheuvel <ard.biesheu...@linaro.org> Subject: [PATCH] CryptoPkg/OpensslLib: ignore uninitialized warning We also got maybe-uninitialized warning when building OpensslLib.inf with GCC48 for ARM and AARCH64, so add -Wno-error=maybe-uninitialized build option just as other platforms. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Heyi Guo <heyi@linaro.org> Cc: Qin Long <qin.l...@intel.com> Cc: Ting Ye <ting...@intel.com> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 10021f8..55a6fa3 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -559,8 +559,8 @@ GCC:*_*_IA32_CC_FLAGS= -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -DNO_MSABI_VA_FUNCS GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format - GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) - GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-format + GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized + GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) + -Wno-error=maybe-uninitialized -Wno-format # suppress the following warnings in openssl so we don't break the build with warnings-as-errors: # 1295: Deprecated declaration - give arg types -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH] CryptoPkg: Adding OpenSSL as one submodule of EDKII repo
A submodule allows to keep another Git repository in a subdirectory of main repository. The submodule repository has its own history, which does not interfere with the history of the current repository. This can be used to have external dependencies such as third party libraries. After the extra patch for EDKII-OpenSSL build was removed, OpenSSL can be one typical submodule use case in EDKII project. This patch adds the openssl git repository into EDKII project as one submodule. One .gitmodules file will be generated with the submodule info: [submodule "CryptoPkg/Library/OpensslLib/openssl"] path = CryptoPkg/Library/OpensslLib/openssl url = https://github.com/openssl/openssl The user can use the following command to clone both main EDKII repo and openssl submodule: 1) Add the "--recursive" flag to their git clone command: $ git clone --recursive https://github.com/tianocore/edk2 or 2) Manually initialize and the submodules after the clone operation: $ git clone https://github.com/tianocore/edk2 $ git submodule update -–init -–recursive For Pull operations, "git pull" will not update the submodule repository. So the following combined commands can be used to pull the remote submodule updates (e.g. Updating to new supported OpenSSL release) $ git pull –-recurse-submodules && \ git submodule update -–recursive --remote Cc: Ye TingCc: Liming Gao Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- .gitmodules| 3 +++ CryptoPkg/.gitignore | 1 - CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt | 29 +- CryptoPkg/Library/OpensslLib/openssl | 1 + 4 files changed, 19 insertions(+), 15 deletions(-) create mode 100644 .gitmodules delete mode 100644 CryptoPkg/.gitignore create mode 16 CryptoPkg/Library/OpensslLib/openssl diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00..e4ae0c1c16 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "CryptoPkg/Library/OpensslLib/openssl"] + path = CryptoPkg/Library/OpensslLib/openssl + url = https://github.com/openssl/openssl diff --git a/CryptoPkg/.gitignore b/CryptoPkg/.gitignore deleted file mode 100644 index 731c275ae1..00 --- a/CryptoPkg/.gitignore +++ /dev/null @@ -1 +0,0 @@ -Library/OpensslLib/openssl*/ diff --git a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt index d152138129..ac63d4c077 100644 --- a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt +++ b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt @@ -25,21 +25,22 @@ on the cryptography. = HOW to Install OpenSSL for UEFI Building = -1. Clone the latest official OpenSSL release into the directory - CryptoPkg/Library/OpensslLib/openssl/ + OpenSSL repository was added as one submodule of EDKII project. - Use OpenSSL-1.1.0g release as one example: - (OpenSSL_1_1_0g below is the tag name for the OpenSSL-1.1.0g release) - > cd CryptoPkg/Library/OpensslLib - > git clone -b OpenSSL_1_1_0g https://github.com/openssl/openssl openssl - or - > git clone https://github.com/openssl/openssl openssl - > git checkout OpenSSL_1_1_0g -Or -2. Download the latest OpenSSL release package from the official website: - https://www.openssl.org/source/ - and unpack the OpenSSL source into: - CryptoPkg/Library/OpensslLib/openssl/ + The user can use the following commands to clone both main EDKII repo and +openssl submodule: + 1) Add the "--recursive" flag to the git clone command: + $ git clone --recursive https://github.com/tianocore/edk2 +or + 2) Manually initialize and update the submodules after the clone operation + on main project: + $ git clone https://github.com/tianocore/edk2 + $ git submodule update --init --recursive + + And use the following combined commands to pull the remote submodule updates +(e.g. Updating the new supported OpenSSL release tag): + $ git pull --recurse-submodules && \ + git submodule update --recursive --remote = About process_files.pl diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl new file mode 16 index 00..b2758a2292 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl @@ -0,0 +1 @@ +Subproject commit b2758a2292aceda93e9f44c219b94fe21bb9a650 -- 2.15.1.windows.2 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg/PhysicalPresenceLib: Reject illegal PCR bank allocation
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhang, Chao B Sent: Monday, January 15, 2018 3:29 PM To: edk2-devel@lists.01.org Cc: Yao, Jiewen <jiewen@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com>; Long, Qin <qin.l...@intel.com> Subject: [edk2] [PATCH] SecurityPkg/PhysicalPresenceLib: Reject illegal PCR bank allocation According to TCG PP1.3 spec, error PCR bank allocation input should be rejected by Physical Presence. Firmware has to ensure that at least one PCR banks is active. Cc: Long Qin <qin.l...@intel.com> Cc: Yao Jiewen <jiewen@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> --- .../DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c | 12 1 file changed, 12 insertions(+) diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index 5bf95a1..5ece8e5 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPres +++ enceLib.c @@ -186,6 +186,18 @@ Tcg2ExecutePhysicalPresence ( case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS: Status = Tpm2GetCapabilitySupportedAndActivePcrs (, ); ASSERT_EFI_ERROR (Status); + + // + // PP spec requirements: + //Firmware should check that all requested (set) hashing algorithms are supported with respective PCR banks. + //Firmware has to ensure that at least one PCR banks is active. + // If not, an error is returned and no action is taken. + // + if (CommandParameter == 0 || (CommandParameter & (~TpmHashAlgorithmBitmap)) != 0) { +DEBUG((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter)); +return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; + } + Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, CommandParameter); if (EFI_ERROR (Status)) { return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] CrptoPkg/BaseCryptLib: Fix type mismatch when calling OpenSSL function
Chao, Could you leverage the EFI type instead of C type here for consistence? We can use "INT32" type for Asn1Tag and ObjClass, and one "UINTN" Length should be OK with one extra zeroing here. Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Monday, January 15, 2018 10:00 AM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Chen, Chen A <chen.a.c...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Subject: [PATCH] CrptoPkg/BaseCryptLib: Fix type mismatch when calling OpenSSL function Type definition in UEFI & OpeenSSL is different. Sometime it could cause write overflow. Should use same data type when accessing the same region Cc: Long Qin <qin.l...@intel.com> Cc: Chen Chen <chen.a.c...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> --- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index bf7c4cc..a3c9d12 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -644,9 +644,9 @@ X509GetTBSCert ( ) { CONST UINT8 *Temp; - INTN Asn1Tag; - INTN ObjClass; - UINTNLength; + int Asn1Tag; + int ObjClass; + long Length; // // Check input parameters. -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH] CryptoPkg/OpensslLib: Suppress format warning with extra flag.
Under a certain [outdated] GCC482 compiler, the new-added "-Wno-format" flag will not take effect, and break the x86_64 build. This is one known issue in some Ubuntu/GCC-4.8.2 environment, which will overwrite "-Wno-format" with some default setting. see more information and discussion from: https://gcc.gnu.org/ml/gcc-help/2014-03/msg3.html https://wiki.ubuntu.com/ToolChain/CompilerFlags This patch adds one extra "-Wno-error=format" for gcc x86_64 builds to suppress this warning. Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> Cc: Liming Gao <liming@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Long Qin <qin.l...@intel.com> --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index f3eb19afd3..10021f8503 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -557,7 +557,7 @@ # types appropriate to the format string specified. # GCC:*_*_IA32_CC_FLAGS= -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized - GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -DNO_MSABI_VA_FUNCS + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -DNO_MSABI_VA_FUNCS GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-format diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf index 88134b5b5f..ff598e7d43 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -518,7 +518,7 @@ # types appropriate to the format string specified. # GCC:*_*_IA32_CC_FLAGS= -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized - GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -DNO_MSABI_VA_FUNCS + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -DNO_MSABI_VA_FUNCS GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-format -- 2.15.1.windows.2 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] CryptoPkg/OpensslLib AARCH64: disable rather than demote format warning
This makes sense to me. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] Sent: Wednesday, December 27, 2017 5:27 PM To: edk2-devel@lists.01.org; Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> Subject: [PATCH] CryptoPkg/OpensslLib AARCH64: disable rather than demote format warning We recently added -Wno-error=format to the OpenSslLib build script to work around an issue in the upstream OpenSSL code. This does not inhibit the warning, but prevents it from breaking the build by not treating it as a fatal error. Unfortunately, this interacts poorly with the -Wno-unused-const-variable option that we added to GCC49 and later. Those versions of GCC ignore -Wno- options that they don't understand, unless warnings are emitted for another reason, in which case the warning is emitted after all, and in our case, this breaks the build when the non-fatal format warning is emitted. CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/x_int64.c: In function 'uint64_print': CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/x_int64.c:105:32: warning: format '%ld' expects argument of type 'long int', but argument 3 has type 'int64_t {aka long long int}' [-Wformat=] return BIO_printf(out, "%"BIO_PRI64"d\n", **(int64_t **)pval); ^ CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/x_int64.c:106:28: warning: format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'uint64_t {aka long long unsigned int}' [-Wformat=] return BIO_printf(out, "%"BIO_PRI64"u\n", **(uint64_t **)pval); ^ CryptoPkg/Library/OpensslLib/openssl/crypto/asn1/x_int64.c: At top level: cc1: error: unrecognized command line option '-Wno-unused-const-variable' [-Werror] cc1: all warnings being treated as errors So replace -Wno-error=format with -Wno-format to suppress the warning entirely. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 6 +++--- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 602953eefff7..f3eb19afd34e 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -557,10 +557,10 @@ [BuildOptions] # types appropriate to the format string specified. # GCC:*_*_IA32_CC_FLAGS= -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized - GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format -DNO_MSABI_VA_FUNCS - GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -DNO_MSABI_VA_FUNCS + GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) - GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=format + GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-format # suppress the following warnings in openssl so we don't break the build with warnings-as-errors: # 1295: Deprecated declaration - give arg types diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf index f697243f9787..88134b5b5ff3 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -518,10 +518,10 @@ [BuildOptions] # types appropriate to the format string specified. # GCC:*_*_IA32_CC_FLAGS= -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized - GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format -DNO_MSABI_VA_FUNCS - GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -DNO_MSABI_VA_FUNCS + GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) - GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=format + GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-format # suppress the following warnings in openssl so we don't break the build with warnings-as-errors: # 1295: Deprecated declaration - give arg types -- 2.11.
Re: [edk2] [PATCH] CryptoPkg/OpensslLib AARCH64: suppress format string warning
Thanks, Ard. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Ard Biesheuvel Sent: Wednesday, December 27, 2017 4:05 PM To: edk2-devel@lists.01.org; Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> Subject: [edk2] [PATCH] CryptoPkg/OpensslLib AARCH64: suppress format string warning On GCC Build: openssl-1.1.0g introduced one additional build warning: ...\openssl\crypto\asn1\x_int64.c:105:32: error: format '%ld' expects argument of type 'long int', but argument 3 has type 'int64_t {aka long long int}' [-Werror=format=] return BIO_printf(out, "%"BIO_PRI64"d\n", **(int64_t **)pval); ^ Add "-Wno-error=format" to GCC build flags to suppress this warning, since we have no real printf usage in BaseCryptLib, and BIO_printf() was already wrapped as a dummy implementation in CryptoPkg. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 5302ad7fb5ef..602953eefff7 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -560,7 +560,7 @@ [BuildOptions] GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format -DNO_MSABI_VA_FUNCS GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) - GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) + GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=format # suppress the following warnings in openssl so we don't break the build with warnings-as-errors: # 1295: Deprecated declaration - give arg types diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf index 0c7f9e9e66f4..f697243f9787 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -521,7 +521,7 @@ [BuildOptions] GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format -DNO_MSABI_VA_FUNCS GCC:*_*_IPF_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) - GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) + GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=format # suppress the following warnings in openssl so we don't break the build with warnings-as-errors: # 1295: Deprecated declaration - give arg types -- 2.11.0 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0g
Hi, Ard, Could you kindly help to produce one extra patch to fix and validate this ARM & AARCH64 build? Thanks. Best Regards & Thanks, LONG, Qin From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] Sent: Wednesday, December 27, 2017 3:25 AM To: Ye, Ting <ting...@intel.com> Cc: Long, Qin <qin.l...@intel.com>; edk2-devel@lists.01.org Subject: Re: [edk2] [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0g On 25 December 2017 at 07:14, Ye, Ting <ting...@intel.com<mailto:ting...@intel.com>> wrote: > Reviewed-by: Ye Ting <ting...@intel.com<mailto:ting...@intel.com>> > > > -Original Message- > From: Long, Qin > Sent: Friday, December 22, 2017 2:28 PM > To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Cc: Ye, Ting <ting...@intel.com<mailto:ting...@intel.com>> > Subject: [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0g > > Update the supported OpenSSL version to the latest 1.1.0g (02-Nov-2017). > The changes includes: > - Re-generate the OpensslLib[crypto].inf using process_files.pl script >to reflect the openssl source changes. > - Update OpenSSL-HOWTO.txt > - On Visual Studio Build: adding "/wd4819" to disable one addition build >warning issue, which was already fixed in OpenSSL-HEAD >https://github.com/openssl/openssl/pull/4691. > - On GCC Build: openssl-1.1.0g introduced one additional build warning: > ...\openssl\crypto\asn1\x_int64.c:105:32: error: format '%ld' expects > argument of type 'long int', but argument 3 has type 'int64_t > {aka long long int}' [-Werror=format=] > return BIO_printf(out, "%"BIO_PRI64"d\n", **(int64_t **)pval); > ^ > Adding "-Wno-error=format" to GCC build flag to suppress this warning, > since we have no real printf usage in BaseCryptLib, and BIO_printf() > was already wrappered as the dummy implementation in CryptoPkg. > This patch does not add this flag to GCC for ARM or AARCH64, so the build is now broken. Please fix. > Cc: Ye Ting <ting...@intel.com<mailto:ting...@intel.com>> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Long Qin <qin.l...@intel.com<mailto:qin.l...@intel.com>> > --- > CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt| 10 +- > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 14 +- > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 14 +- > CryptoPkg/Library/OpensslLib/buildinf.h | 2 +- > 4 files changed, 24 insertions(+), 16 deletions(-) > > diff --git a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt > b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt > index e8b0bab010..d152138129 100644 > --- a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt > +++ b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt > @@ -18,7 +18,7 @@ on the cryptography. > OpenSSL-Version > = >EDKII supports building with the latest release of OpenSSL. > - The latest official release is OpenSSL-1.1.0e (Released at 2017-Feb-16). > + The latest official release is OpenSSL-1.1.0g (Released at 2017-Nov-02). >NOTE: Only latest release version was fully validated. > And no guarantees on build & functionality if using other versions. > > @@ -28,13 +28,13 @@ on the cryptography. > 1. Clone the latest official OpenSSL release into the directory > CryptoPkg/Library/OpensslLib/openssl/ > > - Use OpenSSL-1.1.0e release as one example: > - (OpenSSL_1_1_0e below is the tag name for the OpenSSL-1.1.0e release) > + Use OpenSSL-1.1.0g release as one example: > + (OpenSSL_1_1_0g below is the tag name for the OpenSSL-1.1.0g > + release) > > cd CryptoPkg/Library/OpensslLib > - > git clone -b OpenSSL_1_1_0e https://github.com/openssl/openssl openssl > + > git clone -b OpenSSL_1_1_0g https://github.com/openssl/openssl > + openssl > or > > git clone https://github.com/openssl/openssl openssl > - > git checkout OpenSSL_1_1_0e > + > git checkout OpenSSL_1_1_0g > Or > 2. Download the latest OpenSSL release package from the official website: > https://www.openssl.org/source/ > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index 1d15da6660..5302ad7fb5 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -95,6 +95,7 @@ >$(OPENSSL_PATH)/crypto/asn1/x_algor.c >$(OPENSSL_PATH)/crypto/asn1/x_bignu
[edk2] [PATCH] SecurityPkg: Remove RngTest Application from SecurityPkg
BZ#: https://bugzilla.tianocore.org/show_bug.cgi?id=820 Remove the RngTest application from SecurityPkg, which was only for unit test. Cc: Chao Zhang <chao.b.zh...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.l...@intel.com> --- SecurityPkg/Application/RngTest/RngTest.c| 234 --- SecurityPkg/Application/RngTest/RngTest.inf | 57 -- SecurityPkg/Application/RngTest/RngTest.uni | 23 --- SecurityPkg/Application/RngTest/RngTestExtra.uni | 18 -- SecurityPkg/SecurityPkg.dsc | 5 - 5 files changed, 337 deletions(-) delete mode 100644 SecurityPkg/Application/RngTest/RngTest.c delete mode 100644 SecurityPkg/Application/RngTest/RngTest.inf delete mode 100644 SecurityPkg/Application/RngTest/RngTest.uni delete mode 100644 SecurityPkg/Application/RngTest/RngTestExtra.uni diff --git a/SecurityPkg/Application/RngTest/RngTest.c b/SecurityPkg/Application/RngTest/RngTest.c deleted file mode 100644 index f501f806e9..00 --- a/SecurityPkg/Application/RngTest/RngTest.c +++ /dev/null @@ -1,234 +0,0 @@ -/** @file - UEFI RNG (Random Number Generator) Protocol test application. - -Copyright (c) 2013, Intel Corporation. All rights reserved. -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include -#include -#include -#include -#include -#include -#include - -/** - The user Entry Point for Application. The user code starts with this function - as the real entry point for the application. - - @param[in] ImageHandleThe firmware allocated handle for the EFI image. - @param[in] SystemTableA pointer to the EFI System Table. - - @retval EFI_SUCCESS The entry point is executed successfully. - @retval other Some error occurs when executing this entry point. - -**/ -EFI_STATUS -EFIAPI -UefiMain ( - IN EFI_HANDLEImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - EFI_STATUS Status; - EFI_RNG_PROTOCOL *Rng; - UINTN RngAlgListSize; - EFI_RNG_ALGORITHM RngAlgList[10]; - EFI_RNG_ALGORITHM *PtrRngAlg; - UINTN RngAlgCount; - UINT8 *Rand; - UINTN RandSize; - UINTN Index; - UINTN Index2; - - Status= EFI_SUCCESS; - PtrRngAlg = NULL; - Rand = NULL; - - Print (L"UEFI RNG Protocol Testing :\n"); - Print (L"\n"); - - //- - // Basic UEFI RNG Protocol Test - //- - Print (L" -- Locate UEFI RNG Protocol : "); - Status = gBS->LocateProtocol (, NULL, (VOID **)); - if (EFI_ERROR (Status)) { -Print (L"[Fail - Status = %r]\n", Status); -goto Exit; - } else { -Print (L"[Pass]\n"); - } - - //- - // Rng->GetInfo() interface test. - //- - - Print (L" -- Call RNG->GetInfo() interface : "); - RngAlgListSize = 0; - Status = Rng->GetInfo (Rng, , NULL); - if (Status != EFI_BUFFER_TOO_SMALL) { -Print (L"[Fail - Status = %r]\n", Status); - } - // - // Print out the supported RNG algorithm GUIDs - // - RngAlgCount = RngAlgListSize / sizeof (EFI_RNG_ALGORITHM); - Print (L"\n >> Supported RNG Algorithm (Count = %d) : ", RngAlgCount); - Status = Rng->GetInfo (Rng, , RngAlgList); - for (Index = 0; Index < RngAlgCount; Index++) { -PtrRngAlg = (EFI_RNG_ALGORITHM *)([Index]); -Print (L"\n %d) ", Index); -Print (L"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", PtrRngAlg->Data1, - PtrRngAlg->Data2, PtrRngAlg->Data3, PtrRngAlg->Data4[0], PtrRngAlg->Data4[1], - PtrRngAlg->Data4[2], PtrRngAlg->Data4[3], PtrRngAlg->Data4[4], - PtrRngAlg->Data4[5], PtrRngAlg->Data4[6], PtrRngAlg->Data4[7]); - } - - //- - // Rng->GetRNG() interface test. - //- - Print (L"\n -- Call RNG->GetRNG() interface : "); - - // - // Allocate one buffer to store random data. - // - RandSize = 32; - Rand = AllocatePool (RandSize); - if (Rand == NULL) { -goto Exit; - } - - // - // RNG with default algorithm - // - Print (L"\n >> RNG with default algorithm : "); - Status = Rng->GetRNG (Rng, NULL, RandSize, Rand);
[edk2] [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0g
Update the supported OpenSSL version to the latest 1.1.0g (02-Nov-2017). The changes includes: - Re-generate the OpensslLib[crypto].inf using process_files.pl script to reflect the openssl source changes. - Update OpenSSL-HOWTO.txt - On Visual Studio Build: adding "/wd4819" to disable one addition build warning issue, which was already fixed in OpenSSL-HEAD https://github.com/openssl/openssl/pull/4691. - On GCC Build: openssl-1.1.0g introduced one additional build warning: ...\openssl\crypto\asn1\x_int64.c:105:32: error: format '%ld' expects argument of type 'long int', but argument 3 has type 'int64_t {aka long long int}' [-Werror=format=] return BIO_printf(out, "%"BIO_PRI64"d\n", **(int64_t **)pval); ^ Adding "-Wno-error=format" to GCC build flag to suppress this warning, since we have no real printf usage in BaseCryptLib, and BIO_printf() was already wrappered as the dummy implementation in CryptoPkg. Cc: Ye Ting <ting...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Long Qin <qin.l...@intel.com> --- CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt| 10 +- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 14 +- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 14 +- CryptoPkg/Library/OpensslLib/buildinf.h | 2 +- 4 files changed, 24 insertions(+), 16 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt index e8b0bab010..d152138129 100644 --- a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt +++ b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt @@ -18,7 +18,7 @@ on the cryptography. OpenSSL-Version = EDKII supports building with the latest release of OpenSSL. - The latest official release is OpenSSL-1.1.0e (Released at 2017-Feb-16). + The latest official release is OpenSSL-1.1.0g (Released at 2017-Nov-02). NOTE: Only latest release version was fully validated. And no guarantees on build & functionality if using other versions. @@ -28,13 +28,13 @@ on the cryptography. 1. Clone the latest official OpenSSL release into the directory CryptoPkg/Library/OpensslLib/openssl/ - Use OpenSSL-1.1.0e release as one example: - (OpenSSL_1_1_0e below is the tag name for the OpenSSL-1.1.0e release) + Use OpenSSL-1.1.0g release as one example: + (OpenSSL_1_1_0g below is the tag name for the OpenSSL-1.1.0g release) > cd CryptoPkg/Library/OpensslLib - > git clone -b OpenSSL_1_1_0e https://github.com/openssl/openssl openssl + > git clone -b OpenSSL_1_1_0g https://github.com/openssl/openssl openssl or > git clone https://github.com/openssl/openssl openssl - > git checkout OpenSSL_1_1_0e + > git checkout OpenSSL_1_1_0g Or 2. Download the latest OpenSSL release package from the official website: https://www.openssl.org/source/ diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 1d15da6660..5302ad7fb5 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -95,6 +95,7 @@ $(OPENSSL_PATH)/crypto/asn1/x_algor.c $(OPENSSL_PATH)/crypto/asn1/x_bignum.c $(OPENSSL_PATH)/crypto/asn1/x_info.c + $(OPENSSL_PATH)/crypto/asn1/x_int64.c $(OPENSSL_PATH)/crypto/asn1/x_long.c $(OPENSSL_PATH)/crypto/asn1/x_pkey.c $(OPENSSL_PATH)/crypto/asn1/x_sig.c @@ -539,10 +540,11 @@ # C4389: 'operator' : signed/unsigned mismatch () # C4702: unreachable code # C4706: assignment within conditional expression + # C4819: The file contains a character that cannot be represented in the current code page # - MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4244 /wd4245 /wd4267 /wd4389 /wd4702 /wd4706 - MSFT:*_*_X64_CC_FLAGS= -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4244 /wd4245 /wd4267 /wd4306 /wd4389 /wd4702 /wd4706 - MSFT:*_*_IPF_CC_FLAGS= -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4244 /wd4245 /wd4267 /wd4306 /wd4389 /wd4702 /wd4706 + MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4244 /wd4245 /wd4267 /wd4389 /wd4702 /wd4706 /wd4819 + MSFT:*_*_X64_CC_FLAGS= -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4244 /wd4245 /wd4267 /wd4306 /wd4389 /wd4702 /wd4706 /wd4819 + MSFT:*_*_IPF_CC_FLAGS= -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4244 /wd4245 /wd4267 /wd4306 /wd4389 /wd4702 /wd4706 /wd4819 INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS
Re: [edk2] [Patch] CryptoPkg/TlsLib: Add some parameter check and clarification.
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Wu, Jiaxin Sent: Thursday, December 21, 2017 1:17 PM To: edk2-devel@lists.01.org Cc: Ye, Ting <ting...@intel.com>; Long, Qin <qin.l...@intel.com>; Fu, Siyuan <siyuan...@intel.com>; Wu, Jiaxin <jiaxin...@intel.com> Subject: [Patch] CryptoPkg/TlsLib: Add some parameter check and clarification. Cc: Ye Ting <ting...@intel.com> Cc: Long Qin <qin.l...@intel.com> Cc: Fu Siyuan <siyuan...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin...@intel.com> --- CryptoPkg/Include/Library/TlsLib.h | 6 ++ CryptoPkg/Library/TlsLib/TlsConfig.c | 8 +++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Include/Library/TlsLib.h b/CryptoPkg/Include/Library/TlsLib.h index b69d513..e19a38a 100644 --- a/CryptoPkg/Include/Library/TlsLib.h +++ b/CryptoPkg/Include/Library/TlsLib.h @@ -521,10 +521,12 @@ TlsSetCertRevocationList ( Gets the protocol version used by the specified TLS connection. This function returns the protocol version used by the specified TLS connection. + If Tls is NULL, then ASSERT(). + @param[in] TlsPointer to the TLS object. @return The protocol version of the specified TLS connection. **/ @@ -538,10 +540,12 @@ TlsGetVersion ( Gets the connection end of the specified TLS connection. This function returns the connection end (as client or as server) used by the specified TLS connection. + If Tls is NULL, then ASSERT(). + @param[in] TlsPointer to the TLS object. @return The connection end used by the specified TLS connection. **/ @@ -599,10 +603,12 @@ TlsGetCurrentCompressionId ( Gets the verification mode currently set in the TLS connection. This function returns the peer verification mode currently set in the specified TLS connection. + If Tls is NULL, then ASSERT(). + @param[in] TlsPointer to the TLS object. @return The verification mode set in the specified TLS connection. **/ diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c index 4c88229..2ffe58a 100644 --- a/CryptoPkg/Library/TlsLib/TlsConfig.c +++ b/CryptoPkg/Library/TlsLib/TlsConfig.c @@ -640,10 +640,12 @@ TlsSetCertRevocationList ( Gets the protocol version used by the specified TLS connection. This function returns the protocol version used by the specified TLS connection. + If Tls is NULL, then ASSERT(). + @param[in] TlsPointer to the TLS object. @return The protocol version of the specified TLS connection. **/ @@ -666,10 +668,12 @@ TlsGetVersion ( Gets the connection end of the specified TLS connection. This function returns the connection end (as client or as server) used by the specified TLS connection. + If Tls is NULL, then ASSERT(). + @param[in] TlsPointer to the TLS object. @return The connection end used by the specified TLS connection. **/ @@ -759,10 +763,12 @@ TlsGetCurrentCompressionId ( Gets the verification mode currently set in the TLS connection. This function returns the peer verification mode currently set in the specified TLS connection. + If Tls is NULL, then ASSERT(). + @param[in] TlsPointer to the TLS object. @return The verification mode set in the specified TLS connection. **/ @@ -982,11 +988,11 @@ TlsGetHostPublicCert ( TLS_CONNECTION *TlsConn; Cert= NULL; TlsConn = (TLS_CONNECTION *) Tls; - if (TlsConn == NULL || TlsConn->Ssl == NULL || DataSize == NULL) { + if (TlsConn == NULL || TlsConn->Ssl == NULL || DataSize == NULL || (*DataSize != 0 && Data == NULL)) { return EFI_INVALID_PARAMETER; } Cert = SSL_get_certificate(TlsConn->Ssl); if (Cert == NULL) { -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg:Tcg2Smm: Update Interrupt resource name
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhang, Chao B Sent: Tuesday, December 12, 2017 3:41 PM To: edk2-devel@lists.01.org Cc: Yao, Jiewen <jiewen@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com>; Long, Qin <qin.l...@intel.com> Subject: [edk2] [PATCH] SecurityPkg:Tcg2Smm: Update Interrupt resource name Update TPM interrupt resource descriptor name for better compatibility to old ASL compiler. Cc: Long Qin <qin.l...@intel.com> Cc: Jiewen Yao <jiewen@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> --- SecurityPkg/Tcg/Tcg2Smm/Tpm.asl | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl index 76a8a13..f528305 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl +++ b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl @@ -97,7 +97,7 @@ DefinitionBlock ( Name(RESO, ResourceTemplate () { Memory32Fixed (ReadWrite, 0xfed4, 0x5000, REGS) -Interrupt(ResourceConsumer, Level, ActiveLow, Shared, , , IRQ) {12} +Interrupt(ResourceConsumer, Level, ActiveLow, Shared, , , INTR) + {12} }) // @@ -120,16 +120,16 @@ DefinitionBlock ( // Use the field name to identify the offsets in the argument // buffer and RESO buffer. // -CreateDWordField(Arg0, ^IRQ._INT, IRQ0) -CreateDWordField(RESO, ^IRQ._INT, LIRQ) +CreateDWordField(Arg0, ^INTR._INT, IRQ0) +CreateDWordField(RESO, ^INTR._INT, LIRQ) Store(IRQ0, LIRQ) -CreateBitField(Arg0, ^IRQ._HE, ITRG) -CreateBitField(RESO, ^IRQ._HE, LTRG) +CreateBitField(Arg0, ^INTR._HE, ITRG) +CreateBitField(RESO, ^INTR._HE, LTRG) Store(ITRG, LTRG) -CreateBitField(Arg0, ^IRQ._LL, ILVL) -CreateBitField(RESO, ^IRQ._LL, LLVL) +CreateBitField(Arg0, ^INTR._LL, ILVL) +CreateBitField(RESO, ^INTR._LL, LLVL) Store(ILVL, LLVL) // -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] Timebased Auth Variable driver should ensure AuthAlgorithm is SHA256 before further verification
Hi, Wim Vervoorn, Yes, the logic here is a little tricky. We wouldn't like to introduce the full ASN.1 parse interfaces to handle the encoding data check. So as the comments states, the digestAlgorithms field usually has the fixed offset (based on two bytes of length encoding) in one PKCS#7 signedData structure. So the new codes (added by that commit) used this assumption to check the Sha256 OID directly. // // SignedData.digestAlgorithms shall contain the digest algorithm used when preparing the // signature. Only a digest algorithm of SHA-256 is accepted. // //According to PKCS#7 Definition: //SignedData ::= SEQUENCE { //version Version, //digestAlgorithms DigestAlgorithmIdentifiers, //contentInfo ContentInfo, // } //The DigestAlgorithmIdentifiers can be used to determine the hash algorithm //in VARIABLE_AUTHENTICATION_2 descriptor. //This field has the fixed offset (+13) and be calculated based on two bytes of length encoding. // .. One typical ASN.1 structure of PKCS7 Signature is ContentInfo { contentType = 1.2.840.113549.1.7.2 //(signedData) content { SignedData { version = 1 ... } } } But please note, the PKCS#7 signedData definition for Authenticated Variable in UEFI spec didn't include the contentType fields. So if you used some third-party tool (e.g. OpenSSL) to generate the signedData, you need to strip-off some bytes. See more discussion & clarifications from https://bugzilla.tianocore.org/show_bug.cgi?id=586 And share us the binary data for more analysis if you still have verification issues. Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Wim Vervoorn Sent: Monday, December 11, 2017 6:40 PM To: edk2-devel@lists.01.org Subject: [edk2] Timebased Auth Variable driver should ensure AuthAlgorithm is SHA256 before further verification Hello, We ran into issues with the Timebased Authenticated variable handling. In commit: c035e37335ae43229d7e68de74a65f2c01ebc0af This was added. This assumed the very first tag will be the Sha256 Oid. We have noticed situations where this is the case. The question is if the check below represents the specification and the tools generating the databuffer should be changed. Or if this check is not correct. It seems to me that the data should be parsed to check for the correct OID and not assume this is the first one if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { if (SigDataSize >= (13 + sizeof (mSha256OidValue))) { if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) || (CompareMem (SigData + 13, , sizeof (mSha256OidValue)) != 0)) { return EFI_SECURITY_VIOLATION; } } } Modified: SecurityPkg/Library/AuthVariableLib/AuthService.c Modified: SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h Best Regards, Wim Vervoorn Eltan B.V. Ambachtstraat 23 5481 SM Schijndel The Netherlands T : +31-(0)73-594 46 64 E : wvervo...@eltan.com W : http://www.eltan.com "THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS MESSAGE AND ALL COPIES." ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg:Tcg2Smm: Add MSFT copyright
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Monday, December 11, 2017 9:34 AM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Yao, Jiewen <jiewen@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Subject: [PATCH] SecurityPkg:Tcg2Smm: Add MSFT copyright Add MSFT copyright for TPM SIRQ feature. Cc: Long Qin <qin.l...@intel.com> Cc: Jiewen Yao <jiewen@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> --- SecurityPkg/Tcg/Tcg2Smm/Tpm.asl | 1 + 1 file changed, 1 insertion(+) diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl index 68b5073..76a8a13 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl +++ b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl @@ -4,6 +4,7 @@ Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved. (c)Copyright 2016 HP Development Company, L.P. +Copyright (c) 2017, Microsoft Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] CryptoPkg/IntrinsicLib: Fix the warning on memset
Reviewed-by: Long Qin <qin.l...@intel.com> (Thanks, Gary. I cannot recall why we used "char" instead of "int" here. Obviously, the prototype of CRT memset should use "int"). Best Regards & Thanks, LONG, Qin -Original Message- From: Gary Lin [mailto:g...@suse.com] Sent: Wednesday, November 22, 2017 12:44 PM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com> Subject: [PATCH] CryptoPkg/IntrinsicLib: Fix the warning on memset Gcc issued the warning when compiling CryptoPkg: CryptoPkg/Library/Include/CrtLibSupport.h:135:17: warning: type of 'memset' does not match original declaration [-Wlto-type-mismatch] void *memset (void *, int, size_t); ^ CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c:27:8: note: type mismatch in parameter 2 void * memset (void *dest, char ch, size_t count) ^ This commit changes the type of ch from char to int to match the declaration. Cc: Qin Long <qin.l...@intel.com> Cc: Ting Ye <ting...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Gary Lin <g...@suse.com> --- CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c index bf485d680d..e095f9aa0d 100644 --- a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c +++ b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c @@ -24,7 +24,7 @@ typedef UINTN size_t; int _fltused = 1; /* Sets buffers to a specified character */ -void * memset (void *dest, char ch, size_t count) +void * memset (void *dest, int ch, size_t count) { // // NOTE: Here we use one base implementation for memset, instead of the direct @@ -42,7 +42,7 @@ void * memset (void *dest, char ch, size_t count) Pointer = (UINT8 *)dest; while (count-- != 0) { -*(Pointer++) = ch; +*(Pointer++) = (UINT8)ch; } return dest; -- 2.15.0 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch] CryptoPkg/TlsLib: Change the return type of TlsInitialize().
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Wu, Jiaxin Sent: Friday, November 17, 2017 11:57 AM To: edk2-devel@lists.01.org Cc: Ye, Ting <ting...@intel.com>; Long, Qin <qin.l...@intel.com>; Fu, Siyuan <siyuan...@intel.com>; Wu, Jiaxin <jiaxin...@intel.com> Subject: [Patch] CryptoPkg/TlsLib: Change the return type of TlsInitialize(). Currently, in TlsInitialize(), neither the return status of OPENSSL_init_ssl(0, or 1) nor the return code of RandomSeed (TRUE or FALSE) is not checked. Also VOID is used as the return type of TlsInitialize(), which can't be used to capture the returned value for the error handling. >From Long Qin (CryptoPkg owner): The early version of OPENSSL_init_ssl() use the "VOID" as the return value, which was updated to "int" later because the function changes can fail. So, this patch is to change the return type of TlsInitialize() to follow up the OPENSSL_init_ssl() update. Cc: Ye Ting <ting...@intel.com> Cc: Long Qin <qin.l...@intel.com> Cc: Fu Siyuan <siyuan...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin...@intel.com> --- CryptoPkg/Include/Library/TlsLib.h | 7 +-- CryptoPkg/Library/TlsLib/TlsInit.c | 20 ++-- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/CryptoPkg/Include/Library/TlsLib.h b/CryptoPkg/Include/Library/TlsLib.h index fa6cb99..b69d513 100644 --- a/CryptoPkg/Include/Library/TlsLib.h +++ b/CryptoPkg/Include/Library/TlsLib.h @@ -1,9 +1,9 @@ /** @file Defines TLS Library APIs. -Copyright (c) 2016, Intel Corporation. All rights reserved. +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -20,12 +20,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. This function registers ciphers and digests used directly and indirectly by SSL/TLS, and initializes the readable error messages. This function must be called before any other action takes places. + @retval TRUE The OpenSSL library has been initialized. + @retval FALSE Failed to initialize the OpenSSL library. + **/ -VOID +BOOLEAN EFIAPI TlsInitialize ( VOID ); diff --git a/CryptoPkg/Library/TlsLib/TlsInit.c b/CryptoPkg/Library/TlsLib/TlsInit.c index e524647..a530ff7 100644 --- a/CryptoPkg/Library/TlsLib/TlsInit.c +++ b/CryptoPkg/Library/TlsLib/TlsInit.c @@ -20,30 +20,38 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. This function registers ciphers and digests used directly and indirectly by SSL/TLS, and initializes the readable error messages. This function must be called before any other action takes places. + @retval TRUE The OpenSSL library has been initialized. + @retval FALSE Failed to initialize the OpenSSL library. + **/ -VOID +BOOLEAN EFIAPI TlsInitialize ( VOID ) { + INTNRet; + // // Performs initialization of crypto and ssl library, and loads required // algorithms. // - OPENSSL_init_ssl ( -OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, -NULL -); + Ret = OPENSSL_init_ssl ( + OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, + NULL + ); + if (Ret != 1) { +return FALSE; + } // // Initialize the pseudorandom number generator. // - RandomSeed (NULL, 0); + return RandomSeed (NULL, 0); } /** Free an allocated SSL_CTX object. -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 1/2] CryptoPkg/BaseCryptLib: Add C-structure to matching certificate stack
Reviewed-by: Long Qin <qin.l...@intel.com> One minor comment: please leave one space before the structure name: +} EFI_CERT_DATA; and +} EFI_CERT_STACK; Best Regards & Thanks, LONG, Qin -Original Message- From: Chen, Chen A Sent: Tuesday, November 7, 2017 9:05 AM To: edk2-devel@lists.01.org Cc: Chen, Chen A <chen.a.c...@intel.com>; Long, Qin <qin.l...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Subject: [PATCH 1/2] CryptoPkg/BaseCryptLib: Add C-structure to matching certificate stack The parameter CertStack of Pkcs7GetSigners will return all embedded X.509 certificate in one given PKCS7 signature. The format is: // // UINT8 CertNumber; // UINT32 Cert1Length; // UINT8 Cert1[]; // UINT32 Cert2Length; // UINT8 Cert2[]; // ... // UINT32 CertnLength; // UINT8 Certn[]; // Add EFI_CERT_STACK and EFI_CERT_DATA structure, these two C-structure are used for parsing CertStack more clearly. Cc: Long Qin <qin.l...@intel.com> Cc: Zhang Chao <chao.b.zh...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: chenc2 <chen.a.c...@intel.com> --- CryptoPkg/Include/Library/BaseCryptLib.h | 33 ++ .../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 3 ++ .../Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c | 3 ++ 3 files changed, 39 insertions(+) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index e2b6a95666..3fd9a3c911 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2377,6 +2377,36 @@ Pkcs5HashPassword ( ); /** + The 3rd parameter of Pkcs7GetSigners will return all embedded + X.509 certificate in one given PKCS7 signature. The format is: + // + // UINT8 CertNumber; + // UINT32 Cert1Length; + // UINT8 Cert1[]; + // UINT32 Cert2Length; + // UINT8 Cert2[]; + // ... + // UINT32 CertnLength; + // UINT8 Certn[]; + // + + The two following C-structure are used for parsing CertStack more clearly. +**/ +#pragma pack(1) + +typedef struct { + UINT32CertDataLength; // The length in bytes of X.509 certificate. + UINT8 CertDataBuffer[0];// The X.509 certificate content (DER). +}EFI_CERT_DATA; + +typedef struct { + UINT8 CertNumber; // Number of X.509 certificate. + //EFI_CERT_DATA CertArray[]; // An array of X.509 certificate. +}EFI_CERT_STACK; + +#pragma pack() + +/** Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: Cryptographic Message Syntax Standard". The input signed data could be wrapped in a ContentInfo structure. @@ -2390,6 +2420,7 @@ Pkcs5HashPassword ( @param[out] CertStackPointer to Signer's certificates retrieved from P7Data. It's caller's responsibility to free the buffer with Pkcs7FreeSigners(). + This data structure is EFI_CERT_STACK type. @param[out] StackLength Length of signer's certificates in bytes. @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. It's caller's responsibility to free the buffer with @@ -2437,9 +2468,11 @@ Pkcs7FreeSigners ( @param[out] SignerChainCerts Pointer to the certificates list chained to signer's certificate. It's caller's responsibility to free the buffer with Pkcs7FreeSigners(). +This data structure is EFI_CERT_STACK type. @param[out] ChainLength Length of the chained certificates list buffer in bytes. @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's responsibility to free the buffer with Pkcs7FreeSigners(). +This data structure is EFI_CERT_STACK type. @param[out] UnchainLength Length of the unchained certificates list buffer in bytes. @retval TRUE The operation is finished successfully. diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c index 296df028b1..fe8e5950f9 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c @@ -242,6 +242,7 @@ _Exit: @param[out] CertStackPointer to Signer's certificates retrieved from P7Data. It's caller's responsibility to free the buffer with Pkcs7FreeSigners(). + This data structure is EFI_CERT_STACK type. @param[out] StackLength Length of signer's certificates in bytes. @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. It's caller's responsibility to free the buffer with @@ -442,9 +443,11 @@ Pkc
Re: [edk2] [PATCH 2/2] SecurityPkg/AuthVariableLib: Use EFI_CERT_DATA to parse certificate
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of chenc2 Sent: Tuesday, November 7, 2017 9:05 AM To: edk2-devel@lists.01.org Cc: Zhang, Chao B <chao.b.zh...@intel.com>; Long, Qin <qin.l...@intel.com> Subject: [edk2] [PATCH 2/2] SecurityPkg/AuthVariableLib: Use EFI_CERT_DATA to parse certificate The function Pkcs7GetSigners return certificate stack as binary buffer. Use EFI_CERT_DATA to parsing certificate stack more clearly, and access certificate by the field of EFI_CERT_DATA structure. Cc: Long Qin <qin.l...@intel.com> Cc: Zhang Chao <chao.b.zh...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: chenc2 <chen.a.c...@intel.com> --- SecurityPkg/Library/AuthVariableLib/AuthService.c | 12 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c index 6cbeb98535..213a524f27 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -1828,6 +1828,7 @@ VerifyTimeBasedPayload ( UINT8*CertsInCertDb; UINT32 CertsSizeinDb; UINT8Sha256Digest[SHA256_DIGEST_SIZE]; + EFI_CERT_DATA*CertDataPtr; // // 1. TopLevelCert is the top-level issuer certificate in signature Signer Cert Chain @@ -1841,6 +1842,7 @@ VerifyTimeBasedPayload ( SignerCerts= NULL; TopLevelCert = NULL; CertsInCertDb = NULL; + CertDataPtr= NULL; // // When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is @@ -2098,9 +2100,10 @@ VerifyTimeBasedPayload ( // // Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb // +CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1); Status = CalculatePrivAuthVarSignChainSHA256Digest( - SignerCerts + sizeof(UINT8) + sizeof(UINT32), - ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))), + CertDataPtr->CertDataBuffer, + ReadUnaligned32 ((UINT32 + *)&(CertDataPtr->CertDataLength)), TopLevelCert, TopLevelCertSize, Sha256Digest @@ -2135,12 +2138,13 @@ VerifyTimeBasedPayload ( // // When adding a new common authenticated variable, always save Hash of cn of signer cert + tbsCertificate of Top-level issuer // + CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1); Status = InsertCertsToDb ( VariableName, VendorGuid, Attributes, - SignerCerts + sizeof(UINT8) + sizeof(UINT32), - ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))), + CertDataPtr->CertDataBuffer, + ReadUnaligned32 ((UINT32 + *)&(CertDataPtr->CertDataLength)), TopLevelCert, TopLevelCertSize ); -- 2.13.2.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 3/3] MdeModulePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
Reviewed-by: Long Qin <qin.l...@intel.com> -Original Message- From: Zhang, Chao B Sent: Tuesday, October 31, 2017 2:35 PM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Zeng, Star <star.z...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Subject: [PATCH 3/3] MdeModulePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS Mark EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS as deprecated. 1. Make SetVariable/QueryVariableInfo return EFI_UNSUPPORTED with this attribute 2. No change to GetVariable/GetNextVariableName Also update several function descriptors accordingly Cc: Long Qin <qin.l...@intel.com> Cc: Star Zeng <star.z...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> --- MdeModulePkg/Include/Guid/VariableFormat.h | 9 +++-- MdeModulePkg/Include/Library/AuthVariableLib.h | 7 +++ MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.c | 7 +++ MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c | 8 +++- MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h | 8 +++- MdeModulePkg/Universal/BdsDxe/Bds.h| 10 -- MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 8 +++- MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 4 ++-- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 5 - MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h | 1 - 10 files changed, 32 insertions(+), 35 deletions(-) diff --git a/MdeModulePkg/Include/Guid/VariableFormat.h b/MdeModulePkg/Include/Guid/VariableFormat.h index ce71aab..b0c2616 100644 --- a/MdeModulePkg/Include/Guid/VariableFormat.h +++ b/MdeModulePkg/Include/Guid/VariableFormat.h @@ -2,7 +2,7 @@ The variable data structures are related to EDK II-specific implementation of UEFI variables. VariableFormat.h defines variable data headers and variable storage region headers. -Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved. +Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at @@ -115,11 +115,16 @@ typedef struct { /// #define VARIABLE_ATTRIBUTE_NV_BS(EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS) #define VARIABLE_ATTRIBUTE_BS_RT(EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS) -#define VARIABLE_ATTRIBUTE_AT_AW (EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) #define VARIABLE_ATTRIBUTE_BS_RT_AT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) #define VARIABLE_ATTRIBUTE_NV_BS_RT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_NON_VOLATILE) #define VARIABLE_ATTRIBUTE_NV_BS_RT_HR (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_HARDWARE_ERROR_RECORD) #define VARIABLE_ATTRIBUTE_NV_BS_RT_AT (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) +#define VARIABLE_ATTRIBUTE_AT EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS +#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR_AT(VARIABLE_ATTRIBUTE_NV_BS_RT_HR | VARIABLE_ATTRIBUTE_AT) +/// +/// EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated and should be +considered as reserved /// +#define VARIABLE_ATTRIBUTE_AT_AW (EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) #define VARIABLE_ATTRIBUTE_NV_BS_RT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) #define VARIABLE_ATTRIBUTE_NV_BS_RT_HR_AT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT_HR | VARIABLE_ATTRIBUTE_AT_AW) diff --git a/MdeModulePkg/Include/Library/AuthVariableLib.h b/MdeModulePkg/Include/Library/AuthVariableLib.h index 0731b8d..bdf5963 100644 --- a/MdeModulePkg/Include/Library/AuthVariableLib.h +++ b/MdeModulePkg/Include/Library/AuthVariableLib.h @@ -1,7 +1,7 @@ /** @file Provides services to initialize and process authenticated variables. -Copyright (c) 2015, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at @@ -228,7 +228,7 @@ AuthVariableLibInitialize ( ); /** - Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. + Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. @param[in] VariableName Name of the variable. @param[in] VendorGuid
Re: [edk2] [PATCH 1/3] SecurityPkg: Remove Counter Based AuthVariable support
Reviewed-by: Long Qin <qin.l...@intel.com> -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhang, Chao B Sent: Tuesday, October 31, 2017 2:35 PM To: edk2-devel@lists.01.org Cc: Zhang, Chao B <chao.b.zh...@intel.com>; Zeng, Star <star.z...@intel.com>; Long, Qin <qin.l...@intel.com> Subject: [edk2] [PATCH 1/3] SecurityPkg: Remove Counter Based AuthVariable support Remove counter based auth variable support. also modify several function descriptors to accommodate the change Cc: Long Qin <qin.l...@intel.com> Cc: Star Zeng <star.z...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> --- SecurityPkg/Library/AuthVariableLib/AuthService.c | 501 + .../Library/AuthVariableLib/AuthServiceInternal.h | 67 +-- .../Library/AuthVariableLib/AuthVariableLib.c | 89 +--- .../MemoryOverwriteRequestControlLock/TcgMorLock.c | 2 +- .../MemoryOverwriteRequestControlLock/TcgMorLock.h | 4 +- .../TcgMorLockSmm.c| 2 +- 6 files changed, 37 insertions(+), 628 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c index 7188ff6..aafc057 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -144,50 +144,6 @@ AuthServiceInternalUpdateVariable ( @param[in] Data Data pointer. @param[in] DataSize Size of Data. @param[in] Attributes Attribute value of the variable. - @param[in] KeyIndex Index of associated public key. - @param[in] MonotonicCount Value of associated monotonic count. - - @retval EFI_SUCCESS The update operation is success. - @retval EFI_INVALID_PARAMETER Invalid parameter. - @retval EFI_WRITE_PROTECTED Variable is write-protected. - @retval EFI_OUT_OF_RESOURCES There is not enough resource. - -**/ -EFI_STATUS -AuthServiceInternalUpdateVariableWithMonotonicCount ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes, - IN UINT32 KeyIndex, - IN UINT64 MonotonicCount - ) -{ - AUTH_VARIABLE_INFOAuthVariableInfo; - - ZeroMem (, sizeof (AuthVariableInfo)); - AuthVariableInfo.VariableName = VariableName; - AuthVariableInfo.VendorGuid = VendorGuid; - AuthVariableInfo.Data = Data; - AuthVariableInfo.DataSize = DataSize; - AuthVariableInfo.Attributes = Attributes; - AuthVariableInfo.PubKeyIndex = KeyIndex; - AuthVariableInfo.MonotonicCount = MonotonicCount; - - return mAuthVarLibContextIn->UpdateVariable ( - - ); -} - -/** - Update the variable region with Variable information. - - @param[in] VariableName Name of variable. - @param[in] VendorGuid Guid of variable. - @param[in] Data Data pointer. - @param[in] DataSize Size of Data. - @param[in] Attributes Attribute value of the variable. @param[in] TimeStamp Value of associated TimeStamp. @retval EFI_SUCCESS The update operation is success. @@ -300,306 +256,6 @@ InCustomMode ( } /** - Get available public key index. - - @param[in] PubKey Pointer to Public Key data. - - @return Public key index, 0 if no any public key index available. - -**/ -UINT32 -GetAvailableKeyIndex ( - IN UINT8 *PubKey - ) -{ - EFI_STATUSStatus; - UINT8 *Data; - UINTN DataSize; - UINT8 *Ptr; - UINT32Index; - BOOLEAN IsFound; - EFI_GUID VendorGuid; - CHAR16Name[1]; - AUTH_VARIABLE_INFOAuthVariableInfo; - UINT32KeyIndex; - - Status = AuthServiceInternalFindVariable ( - AUTHVAR_KEYDB_NAME, - , - (VOID **) , - - ); - if (EFI_ERROR (Status)) { -DEBUG ((EFI_D_ERROR, "Get public key database variable failure, Status = %r\n", Status)); -return 0; - } - - if (mPubKeyNumber == mMaxKeyNumber) { -Name[0] = 0; -AuthVariableInfo.VariableName = Name; -ZeroMem (, sizeof (VendorGuid)); -AuthVariableInfo.VendorGuid = -mPubKeyNumber = 0; -// -// Collect valid key data. -// -do { - Status = mAuthVarLibContextIn->FindNextVariable (AuthVariableInfo.VariableName, AuthVariableInfo.VendorGuid, ); - if (!EFI_ERROR (Status)) { -if (AuthVariableInfo.PubKeyIndex != 0) { - for (Ptr = Data; Ptr < (Data + DataSize); Ptr += sizeof (AUTHVAR_KEY_DB_DATA)) { -if (ReadUnaligned32 (&(((AUTHVAR
Re: [edk2] [PATCH 2/3] MdePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
Reviewed-by: Long Qin <qin.l...@intel.com> -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhang, Chao B Sent: Tuesday, October 31, 2017 2:35 PM To: edk2-devel@lists.01.org Cc: Zhang, Chao B <chao.b.zh...@intel.com>; Zeng, Star <star.z...@intel.com>; Long, Qin <qin.l...@intel.com> Subject: [edk2] [PATCH 2/3] MdePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS Mark EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS as deprecated. Also update some function descriptors accordingly. Cc: Long Qin <qin.l...@intel.com> Cc: Star Zeng <star.z...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> --- MdePkg/Include/Uefi/UefiMultiPhase.h | 8 +--- MdePkg/Include/Uefi/UefiSpec.h | 8 +++- MdePkg/Library/UefiRuntimeLib/RuntimeLib.c | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/MdePkg/Include/Uefi/UefiMultiPhase.h b/MdePkg/Include/Uefi/UefiMultiPhase.h index 9f1ef3e..0dcbb1b 100644 --- a/MdePkg/Include/Uefi/UefiMultiPhase.h +++ b/MdePkg/Include/Uefi/UefiMultiPhase.h @@ -1,7 +1,7 @@ /** @file This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases. -Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved. +Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at @@ -169,10 +169,12 @@ typedef struct { /// /// Attributes of Authenticated Variable /// -#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x0010 #define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x0020 #define EFI_VARIABLE_APPEND_WRITE0x0040 - +/// +/// NOTE: EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated and should be considered reserved. +/// +#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x0010 /// /// AuthInfo is a WIN_CERTIFICATE using the wCertificateType diff --git a/MdePkg/Include/Uefi/UefiSpec.h b/MdePkg/Include/Uefi/UefiSpec.h index d394127..92575ae 100644 --- a/MdePkg/Include/Uefi/UefiSpec.h +++ b/MdePkg/Include/Uefi/UefiSpec.h @@ -701,8 +701,7 @@ EFI_STATUS then EFI_INVALID_PARAMETER is returned. @param[in] VendorGuid A unique identifier for the vendor. @param[in] Attributes Attributes bitmask to set for the variable. - @param[in] DataSize The size in bytes of the Data buffer. Unless the EFI_VARIABLE_APPEND_WRITE, - EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, or + @param[in] DataSize The size in bytes of the Data buffer. Unless the EFI_VARIABLE_APPEND_WRITE or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero causes the variable to be deleted. When the EFI_VARIABLE_APPEND_WRITE attribute is set, then a SetVariable() call with a DataSize of zero will not cause any change to @@ -721,9 +720,8 @@ EFI_STATUS @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error. @retval EFI_WRITE_PROTECTEDThe variable in question is read-only. @retval EFI_WRITE_PROTECTEDThe variable in question cannot be deleted. - @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS - or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set, but the AuthInfo - does NOT pass the validation check carried out by the firmware. + @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set, + but the AuthInfo does NOT pass the validation check carried out by the firmware. @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found. diff --git a/MdePkg/Library/UefiRuntimeLib/RuntimeLib.c b/MdePkg/Library/UefiRuntimeLib/RuntimeLib.c index 63ae976..ba8b862 100644 --- a/MdePkg/Library/UefiRuntimeLib/RuntimeLib.c +++ b/MdePkg/Library/UefiRuntimeLib/RuntimeLib.c @@ -6,7 +6,7 @@ OS virtual address space. All pointer values are different for a virtual mapping than from the normal physical mapping at boot services time. -Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved. +Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution.
[edk2] [PATCH v2 1/2] CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
There is one long-standing problem in CRT realloc wrapper, which will cause the obvious buffer overflow issue when re-allocating one bigger memory block: void *realloc (void *ptr, size_t size) { // // BUG: hardcode OldSize == size! We have no any knowledge about // memory size of original pointer ptr. // return ReallocatePool ((UINTN) size, (UINTN) size, ptr); } This patch introduces one extra header to record the memory buffer size information when allocating memory block from malloc routine, and re-wrap the realloc() and free() routines to remove this BUG. Cc: Laszlo ErsekCc: Ting Ye Cc: Jian J Wang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- .../BaseCryptLib/SysCall/BaseMemAllocation.c | 83 -- 1 file changed, 76 insertions(+), 7 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c index f390e0d449..19c071e2bf 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c @@ -16,6 +16,18 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include +// +// Extra header to record the memory buffer size from malloc routine. +// +#define CRYPTMEM_HEAD_SIGNATURESIGNATURE_32('c','m','h','d') +typedef struct { + UINT32Signature; + UINT32Reserved; + UINTN Size; +} CRYPTMEM_HEAD; + +#define CRYPTMEM_OVERHEAD sizeof(CRYPTMEM_HEAD) + // // -- Memory-Allocation Routines -- // @@ -23,27 +35,84 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. /* Allocates memory blocks */ void *malloc (size_t size) { - return AllocatePool ((UINTN) size); + CRYPTMEM_HEAD *PoolHdr; + UINTN NewSize; + VOID *Data; + + // + // Adjust the size by the buffer header overhead + // + NewSize = (UINTN)(size) + CRYPTMEM_OVERHEAD; + + Data = AllocatePool (NewSize); + if (Data != NULL) { +PoolHdr = (CRYPTMEM_HEAD *)Data; +// +// Record the memory brief information +// +PoolHdr->Signature = CRYPTMEM_HEAD_SIGNATURE; +PoolHdr->Size = size; + +return (VOID *)(PoolHdr + 1); + } else { +// +// The buffer allocation failed. +// +return NULL; + } } /* Reallocate memory blocks */ void *realloc (void *ptr, size_t size) { - // - // BUG: hardcode OldSize == size! We have no any knowledge about - // memory size of original pointer ptr. - // - return ReallocatePool ((UINTN) size, (UINTN) size, ptr); + CRYPTMEM_HEAD *OldPoolHdr; + CRYPTMEM_HEAD *NewPoolHdr; + UINTN OldSize; + UINTN NewSize; + VOID *Data; + + NewSize = (UINTN)size + CRYPTMEM_OVERHEAD; + Data = AllocatePool (NewSize); + if (Data != NULL) { +NewPoolHdr = (CRYPTMEM_HEAD *)Data; +NewPoolHdr->Signature = CRYPTMEM_HEAD_SIGNATURE; +NewPoolHdr->Size = size; +if (ptr != NULL) { + // + // Retrieve the original size from the buffer header. + // + OldPoolHdr = (CRYPTMEM_HEAD *)ptr - 1; + ASSERT (OldPoolHdr->Signature == CRYPTMEM_HEAD_SIGNATURE); + OldSize = OldPoolHdr->Size; + + // + // Duplicate the buffer content. + // + CopyMem ((VOID *)(NewPoolHdr + 1), ptr, MIN (OldSize, size)); + FreePool ((VOID *)OldPoolHdr); +} + +return (VOID *)(NewPoolHdr + 1); + } else { +// +// The buffer allocation failed. +// +return NULL; + } } /* De-allocates or frees a memory block */ void free (void *ptr) { + CRYPTMEM_HEAD *PoolHdr; + // // In Standard C, free() handles a null pointer argument transparently. This // is not true of FreePool() below, so protect it. // if (ptr != NULL) { -FreePool (ptr); +PoolHdr = (CRYPTMEM_HEAD *)ptr - 1; +ASSERT (PoolHdr->Signature == CRYPTMEM_HEAD_SIGNATURE); +FreePool (PoolHdr); } } -- 2.14.1.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2 2/2] CryptoPkg/BaseCryptLib: Fix mismatched memory allocation/free
The malloc/free (instead of AllocatePool/FreePool) were used directly in some wrapper implementations, which was designed to leverage the light-weight memory management routines at Runtime phase. The malloc/free and AllocatePool/FreePool usages are required to be matched, after extra memory size info header was introduced in malloc wrapper. This patch corrects two memory allocation cases, which requires the caller to free the buffer with FreePool() outside the function call. And some comments were also added to clarify the correct memory release functions if it's the caller's responsibility to free the memory buffer. Cc: Laszlo ErsekCc: Ting Ye Cc: Jian J Wang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- CryptoPkg/Include/Library/BaseCryptLib.h | 16 ++-- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c | 5 +++-- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c | 3 ++- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 15 +-- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c | 13 - 5 files changed, 32 insertions(+), 20 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 5f67ecb709..e2b6a95666 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2388,10 +2388,12 @@ Pkcs5HashPassword ( @param[in] P7Data Pointer to the PKCS#7 message to verify. @param[in] P7Length Length of the PKCS#7 message in bytes. @param[out] CertStackPointer to Signer's certificates retrieved from P7Data. - It's caller's responsibility to free the buffer. + It's caller's responsibility to free the buffer with + Pkcs7FreeSigners(). @param[out] StackLength Length of signer's certificates in bytes. @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. - It's caller's responsibility to free the buffer. + It's caller's responsibility to free the buffer with + Pkcs7FreeSigners(). @param[out] CertLength Length of the trusted certificate in bytes. @retval TRUEThe operation is finished successfully. @@ -2433,10 +2435,11 @@ Pkcs7FreeSigners ( @param[in] P7DataPointer to the PKCS#7 message. @param[in] P7Length Length of the PKCS#7 message in bytes. @param[out] SignerChainCerts Pointer to the certificates list chained to signer's -certificate. It's caller's responsibility to free the buffer. +certificate. It's caller's responsibility to free the buffer +with Pkcs7FreeSigners(). @param[out] ChainLength Length of the chained certificates list buffer in bytes. @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's -responsibility to free the buffer. +responsibility to free the buffer with Pkcs7FreeSigners(). @param[out] UnchainLength Length of the unchained certificates list buffer in bytes. @retval TRUE The operation is finished successfully. @@ -2472,7 +2475,8 @@ Pkcs7GetCertificatesList ( @param[in] OtherCerts Pointer to an optional additional set of certificates to include in the PKCS#7 signedData (e.g. any intermediate CAs in the chain). - @param[out] SignedData Pointer to output PKCS#7 signedData. + @param[out] SignedData Pointer to output PKCS#7 signedData. It's caller's + responsibility to free the buffer with FreePool(). @param[out] SignedDataSize Size of SignedData in bytes. @retval TRUE PKCS#7 data signing succeeded. @@ -2540,7 +2544,7 @@ Pkcs7Verify ( @param[in] P7Data Pointer to the PKCS#7 signed data to process. @param[in] P7Length Length of the PKCS#7 signed data in bytes. @param[out] Content Pointer to the extracted content from the PKCS#7 signedData. -It's caller's responsibility to free the buffer. +It's caller's responsibility to free the buffer with FreePool(). @param[out] ContentSize The size of the extracted content in bytes. @retval TRUE The P7Data was correctly formatted for processing. diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c index d3b1a907aa..0f61d4b4ad 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c +++
[edk2] [PATCH v2 0/2] CryptoPkg/BaseCryptLib: Correct CRT realloc Wrapper
V2 Update: Add NULL check for memory allocation failure. There is one long-standing problem in current CRT realloc wrapper implementation, which will cause the obvious buffer overflow issue when re-allocating memory block. One BZ report: https://bugzilla.tianocore.org/show_bug.cgi?id=605 This patch series is to fix this buffer overflow issue by introducing one extra header to record the memory buffer size information. And extra comments were also added to clarify the memory release routines if the caller is required to free the memory block outside the function. Long Qin (2): CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper CryptoPkg/BaseCryptLib: Fix mismatched memory allocation/free CryptoPkg/Include/Library/BaseCryptLib.h | 16 +++-- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c | 5 +- .../Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c | 3 +- .../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 15 ++-- .../Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c | 13 ++-- .../BaseCryptLib/SysCall/BaseMemAllocation.c | 83 -- 6 files changed, 108 insertions(+), 27 deletions(-) -- 2.14.1.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 1/2] CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
Thanks, Jian. It's great to pass the validation. And exactly, the null data checking was missed. I will re-produce the V2 patch. Best Regards & Thanks, LONG, Qin -Original Message- From: Wang, Jian J Sent: Wednesday, November 1, 2017 3:28 PM To: Long, Qin <qin.l...@intel.com>; edk2-devel@lists.01.org Cc: Ye, Ting <ting...@intel.com>; ler...@redhat.com Subject: RE: [PATCH 1/2] CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper Hi Qin, Thanks for fixing this issue. Please find my comments below. Besides that, the patch has been passed the boot validation. Validated-by: Jian J Wang <jian.j.w...@intel.com> Thanks, Jian > -Original Message- > From: Long, Qin > Sent: Tuesday, October 31, 2017 4:39 PM > To: edk2-devel@lists.01.org > Cc: Ye, Ting <ting...@intel.com>; ler...@redhat.com; Wang, Jian J > <jian.j.w...@intel.com>; Long, Qin <qin.l...@intel.com> > Subject: [PATCH 1/2] CryptoPkg/BaseCryptLib: Fix buffer overflow issue > in realloc wrapper > > There is one long-standing problem in CRT realloc wrapper, which will > cause the obvious buffer overflow issue when re-allocating one bigger > memory block: > void *realloc (void *ptr, size_t size) > { > // > // BUG: hardcode OldSize == size! We have no any knowledge about > // memory size of original pointer ptr. > // > return ReallocatePool ((UINTN) size, (UINTN) size, ptr); > } > This patch introduces one extra header to record the memory buffer > size information when allocating memory block from malloc routine, and > re-wrap the realloc() and free() routines to remove this BUG. > > Cc: Laszlo Ersek <ler...@redhat.com> > Cc: Ting Ye <ting...@intel.com> > Cc: Jian J Wang <jian.j.w...@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Qin Long <qin.l...@intel.com> > --- > .../BaseCryptLib/SysCall/BaseMemAllocation.c | 72 +++- > -- > 1 file changed, 65 insertions(+), 7 deletions(-) > > diff --git > a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c > b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c > index f390e0d449..ed37a0ff39 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c > +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c > @@ -16,6 +16,18 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER EXPRESS OR IMPLIED. > #include > #include > > +// > +// Extra header to record the memory buffer size from malloc routine. > +// > +#define CRYPTMEM_HEAD_SIGNATURESIGNATURE_32('c','m','h','d') > +typedef struct { > + UINT32Signature; > + UINT32Reserved; > + UINTN Size; > +} CRYPTMEM_HEAD; > + > +#define CRYPTMEM_OVERHEAD sizeof(CRYPTMEM_HEAD) Any consideration of the "Reserved" field, Padding? Alignment? Future extendibility? [Long, Qin] There is no special consideration on this field. Just keep this style as other POOL_HEAD usage, and may be for possible future extension. > + > // > // -- Memory-Allocation Routines -- > // > @@ -23,27 +35,73 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER EXPRESS OR IMPLIED. > /* Allocates memory blocks */ > void *malloc (size_t size) > { > - return AllocatePool ((UINTN) size); > + CRYPTMEM_HEAD *PoolHdr; > + UINTN NewSize; > + VOID *Data; > + > + // > + // Adjust the size by the buffer header overhead // NewSize = > + (UINTN)(size) + CRYPTMEM_OVERHEAD; > + > + Data = AllocatePool (NewSize); > + if (Data != NULL) { > +PoolHdr = (CRYPTMEM_HEAD *)Data; > +// > +// Record the memory brief information > +// > +PoolHdr->Signature = CRYPTMEM_HEAD_SIGNATURE; > +PoolHdr->Size = size; > + } > + return (VOID *)(PoolHdr + 1); > } > Although it's very rare, the logic of code above doesn't consider case of Data == NULL. And above code might not pass GCC build because there's a chance that PoolHdr is not initialized. [Long, Qin] Agree. > /* Reallocate memory blocks */ > void *realloc (void *ptr, size_t size) { > - // > - // BUG: hardcode OldSize == size! We have no any knowledge about > - // memory size of original pointer ptr. > - // > - return ReallocatePool ((UINTN) size, (UINTN) size, ptr); > + CRYPTMEM_HEAD *OldPoolHdr; > + CRYPTMEM_HEAD *NewPoolHdr; > + UINTN OldSize; > + UINTN NewSize; > + VOID *Data; > + > + NewSize = (UINTN)size + CRYPTMEM_OVERHEAD; Data = AllocatePool > + (NewSize); if (Data != NULL) { > +NewPoolHdr = (CRYPTMEM_HEAD *)Data; > +
[edk2] [PATCH 0/2] CryptoPkg/BaseCryptLib: Correct CRT realloc Wrapper
There is one long-standing problem in current CRT realloc wrapper implementation, which will cause the obvious buffer overflow issue when re-allocating memory block. One BZ report: https://bugzilla.tianocore.org/show_bug.cgi?id=605 This patch series is to fix this buffer overflow issue by introducing one extra header to record the memory buffer size information. And extra comments were also added to clarify the memory release routines if the caller is required to free the memory block outside the function. Long Qin (2): CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper CryptoPkg/BaseCryptLib: Fix mismatched memory allocation/free CryptoPkg/Include/Library/BaseCryptLib.h | 16 +++-- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c | 5 +- .../Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c | 3 +- .../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 15 +++-- .../Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c | 13 ++-- .../BaseCryptLib/SysCall/BaseMemAllocation.c | 72 +++--- 6 files changed, 97 insertions(+), 27 deletions(-) -- 2.14.1.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 1/2] CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
There is one long-standing problem in CRT realloc wrapper, which will cause the obvious buffer overflow issue when re-allocating one bigger memory block: void *realloc (void *ptr, size_t size) { // // BUG: hardcode OldSize == size! We have no any knowledge about // memory size of original pointer ptr. // return ReallocatePool ((UINTN) size, (UINTN) size, ptr); } This patch introduces one extra header to record the memory buffer size information when allocating memory block from malloc routine, and re-wrap the realloc() and free() routines to remove this BUG. Cc: Laszlo ErsekCc: Ting Ye Cc: Jian J Wang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- .../BaseCryptLib/SysCall/BaseMemAllocation.c | 72 +++--- 1 file changed, 65 insertions(+), 7 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c index f390e0d449..ed37a0ff39 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c @@ -16,6 +16,18 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include +// +// Extra header to record the memory buffer size from malloc routine. +// +#define CRYPTMEM_HEAD_SIGNATURESIGNATURE_32('c','m','h','d') +typedef struct { + UINT32Signature; + UINT32Reserved; + UINTN Size; +} CRYPTMEM_HEAD; + +#define CRYPTMEM_OVERHEAD sizeof(CRYPTMEM_HEAD) + // // -- Memory-Allocation Routines -- // @@ -23,27 +35,73 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. /* Allocates memory blocks */ void *malloc (size_t size) { - return AllocatePool ((UINTN) size); + CRYPTMEM_HEAD *PoolHdr; + UINTN NewSize; + VOID *Data; + + // + // Adjust the size by the buffer header overhead + // + NewSize = (UINTN)(size) + CRYPTMEM_OVERHEAD; + + Data = AllocatePool (NewSize); + if (Data != NULL) { +PoolHdr = (CRYPTMEM_HEAD *)Data; +// +// Record the memory brief information +// +PoolHdr->Signature = CRYPTMEM_HEAD_SIGNATURE; +PoolHdr->Size = size; + } + return (VOID *)(PoolHdr + 1); } /* Reallocate memory blocks */ void *realloc (void *ptr, size_t size) { - // - // BUG: hardcode OldSize == size! We have no any knowledge about - // memory size of original pointer ptr. - // - return ReallocatePool ((UINTN) size, (UINTN) size, ptr); + CRYPTMEM_HEAD *OldPoolHdr; + CRYPTMEM_HEAD *NewPoolHdr; + UINTN OldSize; + UINTN NewSize; + VOID *Data; + + NewSize = (UINTN)size + CRYPTMEM_OVERHEAD; + Data = AllocatePool (NewSize); + if (Data != NULL) { +NewPoolHdr = (CRYPTMEM_HEAD *)Data; +NewPoolHdr->Signature = CRYPTMEM_HEAD_SIGNATURE; +NewPoolHdr->Size = size; +if (ptr != NULL) { + // + // Retrieve the original size from the buffer header. + // + OldPoolHdr = (CRYPTMEM_HEAD *)ptr - 1; + ASSERT (OldPoolHdr->Signature == CRYPTMEM_HEAD_SIGNATURE); + OldSize = OldPoolHdr->Size; + + // + // Duplicate the buffer content. + // + CopyMem ((VOID *)(NewPoolHdr + 1), ptr, MIN (OldSize, size)); + FreePool ((VOID *)OldPoolHdr); +} + } + + return (VOID *)(NewPoolHdr + 1); } /* De-allocates or frees a memory block */ void free (void *ptr) { + CRYPTMEM_HEAD *PoolHdr; + // // In Standard C, free() handles a null pointer argument transparently. This // is not true of FreePool() below, so protect it. // if (ptr != NULL) { -FreePool (ptr); +PoolHdr = (CRYPTMEM_HEAD *)ptr - 1; +ASSERT (PoolHdr->Signature == CRYPTMEM_HEAD_SIGNATURE); +FreePool (PoolHdr); } } -- 2.14.1.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v1 1/1] CryptoPkg/BaseCryptLib: remove some duplicate initializations.
The patch was already push @b5a985ca9237b551618cd97b1b71af2fff55e209 I forgot to inform that. Thanks, Laszlo. Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Laszlo Ersek Sent: Tuesday, October 24, 2017 3:51 PM To: Long, Qin <qin.l...@intel.com>; Peter Jones <pjo...@redhat.com> Cc: Ye, Ting <ting...@intel.com>; edk2-devel@lists.01.org Subject: Re: [edk2] [PATCH v1 1/1] CryptoPkg/BaseCryptLib: remove some duplicate initializations. Qin, On 10/23/17 05:02, Long, Qin wrote: > This looks good to me. > Reviewed-by: Long Qin qin.l...@intel.com<mailto:qin.l...@intel.com> Do you want me to push the patch, or do you prefer to push it yourself? Thanks! Laszlo > From: Peter Jones [mailto:pjo...@redhat.com] > Sent: Saturday, October 21, 2017 2:22 AM > To: Laszlo Ersek <ler...@redhat.com> > Cc: edk2-devel@lists.01.org; Shi, Steven <steven@intel.com>; Long, > Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com> > Subject: Re: [edk2] [PATCH v1 1/1] CryptoPkg/BaseCryptLib: remove some > duplicate initializations. > >> Assuming the maintainers are fine with the patch as well, I suggest >> that they please replace the word "initializations" with >> "assignments" in the subject, to be pedantic on the C-lang level. > > Well, that's why I said "initializations" instead of "initializers", > but if it's more clear to you, I'm fine with your way. > >> (Side note: I would even move OldSize to a lot tighter scope: >> >>> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c >>> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c >>> index d564591cb7f9..31a9ecd59ff6 100644 >>> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c >>> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c >>> @@ -477,7 +477,6 @@ Pkcs7GetCertificatesList ( >>>UINT8*CertBuf; >>>UINT8*OldBuf; >>>UINTNBufferSize; >>> - UINTNOldSize; >>>UINT8*SingleCert; >>>UINTNCertSize; >>> >>> @@ -612,10 +611,11 @@ Pkcs7GetCertificatesList ( >>> >>>if (CtxChain != NULL) { >>> BufferSize = sizeof (UINT8); >>> -OldSize= BufferSize; >>> CertBuf= NULL; >>> >>> for (Index = 0; ; Index++) { >>> + UINTN OldSize; >>> + >>>Status = X509PopCertificate (CtxChain, , ); >>>if (!Status) { >>> break; >>> @@ -656,10 +656,11 @@ Pkcs7GetCertificatesList ( >>> >>>if (CtxUntrusted != NULL) { >>> BufferSize = sizeof (UINT8); >>> -OldSize= BufferSize; >>> CertBuf= NULL; >>> >>> for (Index = 0; ; Index++) { >>> + UINTN OldSize; >>> + >>>Status = X509PopCertificate (CtxUntrusted, , ); >>>if (!Status) { >>> break; >> >> However, many edk2 maintainers don't like tight scoping like this.) > > I had considered this and guessed it was probably against the coding > style or it would have been done this way already. IMO it's better in every > way. > > -- > Peter > ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v1 1/1] CryptoPkg/BaseCryptLib: remove some duplicate initializations.
This looks good to me. Reviewed-by: Long Qin qin.l...@intel.com<mailto:qin.l...@intel.com> Best Regards & Thanks, LONG, Qin From: Peter Jones [mailto:pjo...@redhat.com] Sent: Saturday, October 21, 2017 2:22 AM To: Laszlo Ersek <ler...@redhat.com> Cc: edk2-devel@lists.01.org; Shi, Steven <steven....@intel.com>; Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com> Subject: Re: [edk2] [PATCH v1 1/1] CryptoPkg/BaseCryptLib: remove some duplicate initializations. > Assuming the maintainers are fine with the patch as well, I suggest that > they please replace the word "initializations" with "assignments" in the > subject, to be pedantic on the C-lang level. Well, that's why I said "initializations" instead of "initializers", but if it's more clear to you, I'm fine with your way. > (Side note: I would even move OldSize to a lot tighter scope: > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c > > index d564591cb7f9..31a9ecd59ff6 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c > > @@ -477,7 +477,6 @@ Pkcs7GetCertificatesList ( > >UINT8*CertBuf; > >UINT8*OldBuf; > >UINTNBufferSize; > > - UINTNOldSize; > >UINT8*SingleCert; > >UINTNCertSize; > > > > @@ -612,10 +611,11 @@ Pkcs7GetCertificatesList ( > > > >if (CtxChain != NULL) { > > BufferSize = sizeof (UINT8); > > -OldSize= BufferSize; > > CertBuf= NULL; > > > > for (Index = 0; ; Index++) { > > + UINTN OldSize; > > + > >Status = X509PopCertificate (CtxChain, , ); > >if (!Status) { > > break; > > @@ -656,10 +656,11 @@ Pkcs7GetCertificatesList ( > > > >if (CtxUntrusted != NULL) { > > BufferSize = sizeof (UINT8); > > -OldSize= BufferSize; > > CertBuf= NULL; > > > > for (Index = 0; ; Index++) { > > + UINTN OldSize; > > + > >Status = X509PopCertificate (CtxUntrusted, , ); > >if (!Status) { > > break; > > However, many edk2 maintainers don't like tight scoping like this.) I had considered this and guessed it was probably against the coding style or it would have been done this way already. IMO it's better in every way. -- Peter ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch] NetworkPkg/TlsAuthConfigDxe: Remove the extra FreePool
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Wu, Jiaxin Sent: Thursday, October 19, 2017 1:58 PM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com>; Fu, Siyuan <siyuan...@intel.com>; Wu, Jiaxin <jiaxin...@intel.com> Subject: [Patch] NetworkPkg/TlsAuthConfigDxe: Remove the extra FreePool Cc: Long Qin <qin.l...@intel.com> Cc: Ye Ting <ting...@intel.com> Cc: Fu Siyuan <siyuan...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin...@intel.com> --- NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c index 351656f..403afbb 100644 --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c @@ -1,9 +1,9 @@ /** @file The DriverEntryPoint for TlsAuthConfigDxe driver. - Copyright (c) 2016, Intel Corporation. All rights reserved. + Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php. @@ -126,10 +126,9 @@ TlsAuthConfigDxeDriverEntryPoint ( return EFI_SUCCESS; ON_ERROR: TlsAuthConfigFormUnload (PrivateData); - FreePool (PrivateData); - + return Status; } -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg:AuthVariableLib:Fix GCC build error
Agree. It's better to use CHAR8 directly. From: Gary Lin [mailto:g...@suse.com] Sent: Tuesday, October 17, 2017 10:10 AM To: Zhang, Chao B <chao.b.zh...@intel.com> Cc: edk2-devel@lists.01.org; Long, Qin <qin.l...@intel.com> Subject: Re: [edk2] [PATCH] SecurityPkg:AuthVariableLib:Fix GCC build error On Mon, Oct 16, 2017 at 10:08:29PM +0800, Zhang, Chao B wrote: > Fix GCC build error > > Cc: Long Qin <qin.l...@intel.com<mailto:qin.l...@intel.com>> > Cc: Gary Lin <g...@suse.com<mailto:g...@suse.com>> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Chao Zhang > <chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com>> > --- > SecurityPkg/Library/AuthVariableLib/AuthService.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c > b/SecurityPkg/Library/AuthVariableLib/AuthService.c > index 7188ff6..1e7872a 100644 > --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c > +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c > @@ -1564,7 +1564,7 @@ CalculatePrivAuthVarSignChainSHA256Digest( >// >// Get SignerCert CommonName >// > - Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, > ); > + Status = X509GetCommonName(SignerCert, SignerCertSize, (CHAR8 > *)CertCommonName, ); Hi Chao Zhang, Although casting also silences the warning, why not declare CertCommonName as CHAR8 directly? The only signedness check happens in X509GetCommonName(). Sha256Update() requests "VOID *" so the signedness doesn't matter. Besides, AsciiStrLen() also requests CHAR8, so declaring CertCommonName as CHAR8 can remove the casting altogether. What do you think? Gary Lin >if (EFI_ERROR(Status)) { > DEBUG((DEBUG_INFO, "%a Get SignerCert CommonName failed with status > %x\n", __FUNCTION__, Status)); > return EFI_ABORTED; > -- > 1.9.5.msysgit.1 > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > https://lists.01.org/mailman/listinfo/edk2-devel > ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg/Pkcs7Verify: Add the comments to address security problem
Thanks, Chao. The suggested change looks too neutral against this problem. I still prefer to keep the original language, which was also cited from the description of this spec ECR document. Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Monday, October 16, 2017 10:24 PM To: Long, Qin <qin.l...@intel.com>; james.bottom...@hansenpartnership.com Cc: edk2-devel@lists.01.org Subject: RE: [PATCH] SecurityPkg/Pkcs7Verify: Add the comments to address security problem Qin: The bellowing checking log is a little confusing to me. The specific problem is that if the supplied hash is a different algorithm from the blacklist hash, the hash will be approved even if it should have been denied. How about changing it to The backlist hash check may result in false negative given hashes from other different algorithms. Others are good to me. Reviewed-by : Chao Zhang <chao.b.zh...@intel.com> -Original Message----- From: Long, Qin Sent: Thursday, October 12, 2017 9:18 AM To: Zhang, Chao B <chao.b.zh...@intel.com>; james.bottom...@hansenpartnership.com Cc: edk2-devel@lists.01.org; Long, Qin <qin.l...@intel.com> Subject: [PATCH] SecurityPkg/Pkcs7Verify: Add the comments to address security problem Add the comments to address security problems in the Pkcs7Verify Protocol per UEFI 2.7 updates. The Pkcs7Verifier function VerifySignature() has problematic use cases where it might be used to unwittingly bypass security checks. The specific problem is that if the supplied hash is a different algorithm from the blacklist hash, the hash will be approved even if it should have been denied. The added comments place a strong warning about the problem. It is possible to use the protocol reliably, either by agreeing a hash to use for all time (like sha256) or by looping over all supported hashes when using the protocol. Cc: Chao Zhang <chao.b.zh...@intel.com> Cc: James Bottomley <james.bottom...@hansenpartnership.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.l...@intel.com> --- MdePkg/Include/Protocol/Pkcs7Verify.h | 10 +- SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 8 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/MdePkg/Include/Protocol/Pkcs7Verify.h b/MdePkg/Include/Protocol/Pkcs7Verify.h index ca5ec75910..eaeda48300 100644 --- a/MdePkg/Include/Protocol/Pkcs7Verify.h +++ b/MdePkg/Include/Protocol/Pkcs7Verify.h @@ -6,7 +6,7 @@ PKCS#7 is a general-purpose cryptographic standard (defined by RFC2315, available at http://tools.ietf.org/html/rfc2315). -Copyright (c) 2015, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at @@ -140,6 +140,14 @@ EFI_STATUS verifies the signature of the content is valid and signing certificate was not revoked and is contained within a list of trusted signers. + Note: because this function uses hashes and the specification contains a variety of +hash choices, you should be aware that the check against the RevokedDb list +will improperly succeed if the signature is revoked using a different hash +algorithm. For this reason, you should either cycle through all UEFI supported +hashes to see if one is forbidden, or rely on a single hash choice only if the +UEFI signature authority only signs and revokes with a single hash (at time +of writing, this hash choice is SHA256). + @param[in] This Pointer to EFI_PKCS7_VERIFY_PROTOCOL instance. @param[in] SignaturePoints to buffer containing ASN.1 DER-encoded PKCS detached signature. diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c index 0da549a6bd..ac83e6d5c2 100644 --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c @@ -1321,6 +1321,14 @@ _Exit: verifies the signature of the content is valid and signing certificate was not revoked and is contained within a list of trusted signers. + Note: because this function uses hashes and the specification contains a variety of +hash choices, you should be aware that the check against the RevokedDb list +will improperly succeed if the signature is revoked using a different hash +algorithm. For this reason, you should either cycle through all UEFI supported +hashes to see if one is forbidden, or rely on a single hash choice only if the +UEFI signature autho
Re: [edk2] [PATCH V2] SecurityPkg\Tcg2Pei: FV measure performance enhancement
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Friday, October 13, 2017 3:26 PM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Yao, Jiewen <jiewen@intel.com>; sean.bro...@microsoft.com; Zhang, Chao B <chao.b.zh...@intel.com> Subject: [PATCH V2] SecurityPkg\Tcg2Pei: FV measure performance enhancement 1. Leverage Pre-Hashed FV PPI to reduce duplicated hash 2. Only measure BFV at the beginning. Other FVs are measured in FVinfo callback with nested FV check. https://bugzilla.tianocore.org/show_bug.cgi?id=662 Cc: Long Qin <qin.l...@intel.com> Cc: Yao Jiewen <jiewen@intel.com> Cc: Sean Brogan <sean.bro...@microsoft.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> --- .../Include/Ppi/FirmwareVolumeInfoPrehashedFV.h| 70 ++ SecurityPkg/SecurityPkg.dec| 7 +- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 245 +++-- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf| 2 + 4 files changed, 250 insertions(+), 74 deletions(-) create mode 100644 SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h diff --git a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h new file mode 100644 index 000..2273357 --- /dev/null +++ b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h @@ -0,0 +1,70 @@ +/** @file +PPI to describe all hash digests for a given FV + +Copyright (c) 2017, Intel Corporation. All rights reserved. This +program and the accompanying materials are licensed and made available +under the terms and conditions of the BSD License which accompanies +this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ +/** +PPI to describe all hash digests for a given FV + +Copyright (c) 2017, Microsoft Corporation + +All rights reserved. +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: +1. Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright +notice, this list of conditions and the following disclaimer in the +documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +**/ + +#ifndef __PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_H__ +#define __PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_H__ + +#define EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI_GUID \ { +0x3ce1e631, 0x7008, 0x477c, { 0xad, 0xa7, 0x5d, 0xcf, 0xc7, 0xc1, 0x49, +0x4b } } + +// +// HashAlgoId is TPM_ALG_ID in Tpm20.h +// +typedef struct _HASH_INFO { + UINT16 HashAlgoId; + UINT16 HashSize; + //UINT8Hash[]; +} HASH_INFO; + +// +// This PPI indicates a FV is already hashed, platform should ensure 1:1 mapping between pre-hashed PPI and FV. +// The Count field in PPI is followed by Count number of FV hash info entries, which can be extended to PCR and logged to TCG event log directly by TCG modules. +// +typedef struct { + UINT32 FvBase; + UINT32 FvLength; + UINT32 Count; + //HASH_INFOHashInfo[]; +} EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI; + +extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid; + +#endif + diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 7a900dc..45d95c5 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -7,6 +7,7 @@ # # Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved. # (C) Copyright 2015 Hew
Re: [edk2] [PATCH] SecurityPkg:AuthVariableLib:Implement ECR1707 for Private Auth Variable
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Thursday, October 12, 2017 5:14 PM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Chen, Chen A <chen.a.c...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Subject: [PATCH] SecurityPkg:AuthVariableLib:Implement ECR1707 for Private Auth Variable ECR1707 for UEFI2.7 clarified certificate management rule for private time-based AuthVariable.Trusted cert rule changed from whole signer's certificate stack to top-level issuer cert tbscertificate + SignerCert CN for better management compatibility. Hash is used to reduce storage overhead. Cc: Long Qin <qin.l...@intel.com> Cc: Chen Chen <chen.a.c...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> --- SecurityPkg/Library/AuthVariableLib/AuthService.c | 208 ++ 1 file changed, 171 insertions(+), 37 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c index a37ec0b..7188ff6 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -1530,6 +1530,85 @@ AuthServiceInternalCompareTimeStamp ( } /** + Calculate SHA256 digest of SignerCert CommonName + ToplevelCert + tbsCertificate SignerCert and ToplevelCert are inside the signer certificate chain. + + @param[in] SignerCert A pointer to SignerCert data. + @param[in] SignerCertSize Length of SignerCert data. + @param[in] TopLevelCertA pointer to TopLevelCert data. + @param[in] TopLevelCertSizeLength of TopLevelCert data. + @param[out] Sha256Digest Sha256 digest calculated. + + @return EFI_ABORTED Digest process failed. + @return EFI_SUCCESS SHA256 Digest is succesfully calculated. + +**/ +EFI_STATUS +CalculatePrivAuthVarSignChainSHA256Digest( + IN UINT8*SignerCert, + IN UINTNSignerCertSize, + IN UINT8*TopLevelCert, + IN UINTNTopLevelCertSize, + OUTUINT8*Sha256Digest + ) +{ + UINT8 *TbsCert; + UINTN TbsCertSize; + UINT8 CertCommonName[128]; + UINTN CertCommonNameSize; + BOOLEAN CryptoStatus; + EFI_STATUS Status; + + CertCommonNameSize = sizeof(CertCommonName); + + // + // Get SignerCert CommonName + // + Status = X509GetCommonName(SignerCert, SignerCertSize, + CertCommonName, ); if (EFI_ERROR(Status)) { +DEBUG((DEBUG_INFO, "%a Get SignerCert CommonName failed with status %x\n", __FUNCTION__, Status)); +return EFI_ABORTED; + } + + // + // Get TopLevelCert tbsCertificate + // + if (!X509GetTBSCert(TopLevelCert, TopLevelCertSize, , )) { +DEBUG((DEBUG_INFO, "%a Get Top-level Cert tbsCertificate failed!\n", __FUNCTION__)); +return EFI_ABORTED; + } + + // + // Digest SignerCert CN + TopLevelCert tbsCertificate // ZeroMem + (Sha256Digest, SHA256_DIGEST_SIZE); CryptoStatus = Sha256Init + (mHashCtx); if (!CryptoStatus) { +return EFI_ABORTED; + } + + // + // '\0' is forced in CertCommonName. No overflow issue // + CryptoStatus = Sha256Update (mHashCtx, CertCommonName, + AsciiStrLen((CHAR8 *)CertCommonName)); if (!CryptoStatus) { +return EFI_ABORTED; + } + + CryptoStatus = Sha256Update (mHashCtx, TbsCert, TbsCertSize); if + (!CryptoStatus) { +return EFI_ABORTED; + } + + CryptoStatus = Sha256Final (mHashCtx, Sha256Digest); if + (!CryptoStatus) { +return EFI_ABORTED; + } + + return EFI_SUCCESS; +} + +/** Find matching signer's certificates for common authenticated variable by corresponding VariableName and VendorGuid from "certdb" or "certdbv". @@ -1872,13 +1951,16 @@ DeleteCertsFromDb ( /** Insert signer's certificates for common authenticated variable with VariableName and VendorGuid in AUTH_CERT_DB_DATA to "certdb" or "certdbv" according to - time based authenticated variable attributes. + time based authenticated variable attributes. CertData is the SHA256 + digest of SignerCert CommonName + TopLevelCert tbsCertificate. - @param[in] VariableName Name of authenticated Variable. - @param[in] VendorGuid Vendor GUID of authenticated Variable. - @param[in] Attributes Attributes of authenticated variable. - @param[in] CertData Pointer to signer's certificates. - @param[in] CertDataSize Length of CertData in bytes. + @param[in] VariableName Name of authenticated Variable. + @param[in] VendorGuidVendor GUID of authenticated Variable. + @param[in] AttributesAttributes of authenticated variable. + @param[in] SignerCertSigner certificate
[edk2] [PATCH] SecurityPkg/Pkcs7Verify: Add the comments to address security problem
Add the comments to address security problems in the Pkcs7Verify Protocol per UEFI 2.7 updates. The Pkcs7Verifier function VerifySignature() has problematic use cases where it might be used to unwittingly bypass security checks. The specific problem is that if the supplied hash is a different algorithm from the blacklist hash, the hash will be approved even if it should have been denied. The added comments place a strong warning about the problem. It is possible to use the protocol reliably, either by agreeing a hash to use for all time (like sha256) or by looping over all supported hashes when using the protocol. Cc: Chao ZhangCc: James Bottomley Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- MdePkg/Include/Protocol/Pkcs7Verify.h | 10 +- SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 8 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/MdePkg/Include/Protocol/Pkcs7Verify.h b/MdePkg/Include/Protocol/Pkcs7Verify.h index ca5ec75910..eaeda48300 100644 --- a/MdePkg/Include/Protocol/Pkcs7Verify.h +++ b/MdePkg/Include/Protocol/Pkcs7Verify.h @@ -6,7 +6,7 @@ PKCS#7 is a general-purpose cryptographic standard (defined by RFC2315, available at http://tools.ietf.org/html/rfc2315). -Copyright (c) 2015, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at @@ -140,6 +140,14 @@ EFI_STATUS verifies the signature of the content is valid and signing certificate was not revoked and is contained within a list of trusted signers. + Note: because this function uses hashes and the specification contains a variety of +hash choices, you should be aware that the check against the RevokedDb list +will improperly succeed if the signature is revoked using a different hash +algorithm. For this reason, you should either cycle through all UEFI supported +hashes to see if one is forbidden, or rely on a single hash choice only if the +UEFI signature authority only signs and revokes with a single hash (at time +of writing, this hash choice is SHA256). + @param[in] This Pointer to EFI_PKCS7_VERIFY_PROTOCOL instance. @param[in] SignaturePoints to buffer containing ASN.1 DER-encoded PKCS detached signature. diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c index 0da549a6bd..ac83e6d5c2 100644 --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c @@ -1321,6 +1321,14 @@ _Exit: verifies the signature of the content is valid and signing certificate was not revoked and is contained within a list of trusted signers. + Note: because this function uses hashes and the specification contains a variety of +hash choices, you should be aware that the check against the RevokedDb list +will improperly succeed if the signature is revoked using a different hash +algorithm. For this reason, you should either cycle through all UEFI supported +hashes to see if one is forbidden, or rely on a single hash choice only if the +UEFI signature authority only signs and revokes with a single hash (at time +of writing, this hash choice is SHA256). + @param[in] This Pointer to EFI_PKCS7_VERIFY_PROTOCOL instance. @param[in] SignaturePoints to buffer containing ASN.1 DER-encoded PKCS detached signature. -- 2.14.1.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg\Tcg2Pei: FV measure performance enhancement
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Monday, October 9, 2017 4:50 PM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Yao, Jiewen <jiewen@intel.com>; sean.bro...@microsoft.com; Zhang, Chao B <chao.b.zh...@intel.com> Subject: [PATCH] SecurityPkg\Tcg2Pei: FV measure performance enhancement 1. Leverage Pre-Hashed FV PPI to reduce duplicated hash 2. Only measure BFV at the beginning. Other FVs are measured in FVinfo callback with nested FV check. https://bugzilla.tianocore.org/show_bug.cgi?id=662 Cc: Long Qin <qin.l...@intel.com> Cc: Yao Jiewen <jiewen@intel.com> Cc: Sean Brogan <sean.bro...@microsoft.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> --- .../Include/Ppi/FirmwareVolumeInfoPrehashedFV.h| 70 ++ SecurityPkg/SecurityPkg.dec| 7 +- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 245 +++-- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf| 2 + 4 files changed, 250 insertions(+), 74 deletions(-) create mode 100644 SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h diff --git a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h new file mode 100644 index 000..2273357 --- /dev/null +++ b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h @@ -0,0 +1,70 @@ +/** @file +PPI to describe all hash digests for a given FV + +Copyright (c) 2017, Intel Corporation. All rights reserved. This +program and the accompanying materials are licensed and made available +under the terms and conditions of the BSD License which accompanies +this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ +/** +PPI to describe all hash digests for a given FV + +Copyright (c) 2017, Microsoft Corporation + +All rights reserved. +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: +1. Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright +notice, this list of conditions and the following disclaimer in the +documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +**/ + +#ifndef __PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_H__ +#define __PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_H__ + +#define EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI_GUID \ { +0x3ce1e631, 0x7008, 0x477c, { 0xad, 0xa7, 0x5d, 0xcf, 0xc7, 0xc1, 0x49, +0x4b } } + +// +// HashAlgoId is TPM_ALG_ID in Tpm20.h +// +typedef struct _HASH_INFO { + UINT16 HashAlgoId; + UINT16 HashSize; + //UINT8Hash[]; +} HASH_INFO; + +// +// This PPI indicates a FV is already hashed, platform should ensure 1:1 mapping between pre-hashed PPI and FV. +// The Count field in PPI is followed by Count number of FV hash info entries, which can be extended to PCR and logged to TCG event log directly by TCG modules. +// +typedef struct { + UINT32 FvBase; + UINT32 FvLength; + UINT32 Count; + //HASH_INFOHashInfo[]; +} EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI; + +extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid; + +#endif + diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 7a900dc..45d95c5 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -7,6 +7,7 @@ # # Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved. # (C) Copyright 2015 Hew
Re: [edk2] [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic
The patch looks good to me. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin From: Yao, Jiewen Sent: Tuesday, October 10, 2017 9:47 PM To: Laszlo Ersek <ler...@redhat.com>; Long, Qin <qin.l...@intel.com> Cc: Brijesh Singh <brijesh.si...@amd.com>; edk2-devel@lists.01.org; Justen, Jordan L <jordan.l.jus...@intel.com>; Tom Lendacky <thomas.lenda...@amd.com>; Zhang, Chao B <chao.b.zh...@intel.com> Subject: RE: [edk2] [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic I am OK on this patch. Reviewed-by: jiewen@intel.com<mailto:jiewen@intel.com> BTW: Do you also need update PcdRemovableMediaImageVerificationPolicy and PcdFixedMediaImageVerificationPolicy? Thank you Yao Jiewen From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Tuesday, October 10, 2017 7:28 PM To: Long, Qin <qin.l...@intel.com<mailto:qin.l...@intel.com>>; Yao, Jiewen <jiewen@intel.com<mailto:jiewen@intel.com>> Cc: Brijesh Singh <brijesh.si...@amd.com<mailto:brijesh.si...@amd.com>>; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>; Justen, Jordan L <jordan.l.jus...@intel.com<mailto:jordan.l.jus...@intel.com>>; Tom Lendacky <thomas.lenda...@amd.com<mailto:thomas.lenda...@amd.com>>; Zhang, Chao B <chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com>> Subject: Re: [edk2] [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic Jiewen, Qin, can you guys perhaps help with reviewing this patch? (The second patch in the series is for OvmfPkg, and it depends on this one.) Thanks! Laszlo On 10/05/17 22:16, Brijesh Singh wrote: > By default the image verification policy for option ROM images is 0x4 > (DENY_EXECUTE_ON_SECURITY_VIOLATION) but the following OvmfPkg commit: > > 1fea9ddb4e3f OvmfPkg: execute option ROM images regardless of Secure Boot > > set it to 0x0 (ALWAYS_EXECUTE). This is fine because typically option > ROMs comes from host-side and most of the time cloud provider (i.e > hypervisor) have full access over a guest anyway. But when secure boot > is enabled, we would like to deny the execution of option ROM when > SEV is active. Having dynamic Pcd will give us flexibility to set the > security policy at the runtime. > > Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728 > Cc: Chao Zhang <chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com>> > Cc: Jordan Justen > <jordan.l.jus...@intel.com<mailto:jordan.l.jus...@intel.com>> > Cc: Laszlo Ersek <ler...@redhat.com<mailto:ler...@redhat.com>> > Cc: Tom Lendacky <thomas.lenda...@amd.com<mailto:thomas.lenda...@amd.com>> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Brijesh Singh > <brijesh.si...@amd.com<mailto:brijesh.si...@amd.com>> > --- > > Changes since v1: > * Add Contributed-under tag > > SecurityPkg/SecurityPkg.dec | 24 ++-- > 1 file changed, 12 insertions(+), 12 deletions(-) > > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 01bff01ed50a..4e32d172d7d9 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -230,18 +230,6 @@ [Ppis] > # > > [PcdsFixedAtBuild, PcdsPatchableInModule] > - ## Image verification policy for OptionRom. Only following values are > valid: > - # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification > and has been removed. > - # 0x Always trust the image. > - # 0x0001 Never trust the image. > - # 0x0002 Allow execution when there is security violation. > - # 0x0003 Defer execution when there is security violation. > - # 0x0004 Deny execution when there is security violation. > - # 0x0005 Query user when there is security violation. > - # @Prompt Set policy for the image from OptionRom. > - # @ValidRange 0x8001 | 0x - 0x0005 > - > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x0001 > - >## Image verification policy for removable media which includes CD-ROM, > Floppy, USB and network. ># Only following values are valid: ># NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification > and has been removed. > @@ -304,6 +292,18 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] > > gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D|UINT32|0x0007 > > [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] > + ## Image verification policy for OptionRom. Only following values are > valid: > + # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI
Re: [edk2] [PATCH v3] CryptoPkg: Add new API to retrieve commonName of X.509 certificate
Yes, they are legacy version with old style alignment. It's first try to address this return status change in this new API. We may update some APIs depending on requirement and impacts evaluations later. Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Thursday, September 28, 2017 2:03 PM To: Long, Qin <qin.l...@intel.com>; ler...@redhat.com; Ye, Ting <ting...@intel.com> Cc: edk2-devel@lists.01.org Subject: RE: [PATCH v3] CryptoPkg: Add new API to retrieve commonName of X.509 certificate Qin: What about other X509 related interface, such as X509GetTBSCert, X509GetSubjectName. They all return TRUE/FALSE. It looks inconsistent between these interfaces -Original Message----- From: Long, Qin Sent: Thursday, September 21, 2017 10:48 AM To: ler...@redhat.com; Ye, Ting <ting...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Cc: edk2-devel@lists.01.org Subject: [PATCH v3] CryptoPkg: Add new API to retrieve commonName of X.509 certificate v3: Add extra CommonNameSize check since OpenSSL didn't check this input parameter. (One openssl issue was filed to address this risk: https://github.com/openssl/openssl/issues/4392) v2: Update function interface to return RETURN_STATUS to represent different error cases. Add one new API (X509GetCommonName()) to retrieve the subject commonName string from one X.509 certificate. Cc: Laszlo Ersek <ler...@redhat.com> Cc: Ting Ye <ting...@intel.com> Cc: Chao Zhang <chao.b.zh...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.l...@intel.com> --- CryptoPkg/Application/Cryptest/RsaVerify2.c| 32 -- CryptoPkg/Include/Library/BaseCryptLib.h | 35 +++ CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 109 + CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c | 32 ++ .../Pk/CryptX509Null.c | 34 ++- 5 files changed, 234 insertions(+), 8 deletions(-) diff --git a/CryptoPkg/Application/Cryptest/RsaVerify2.c b/CryptoPkg/Application/Cryptest/RsaVerify2.c index 98b5aad900..9db43d6eef 100644 --- a/CryptoPkg/Application/Cryptest/RsaVerify2.c +++ b/CryptoPkg/Application/Cryptest/RsaVerify2.c @@ -204,13 +204,17 @@ ValidateCryptRsa2 ( VOID ) { - BOOLEAN Status; - VOID *RsaPrivKey; - VOID *RsaPubKey; - UINT8*Signature; - UINTNSigSize; - UINT8*Subject; - UINTNSubjectSize; + BOOLEANStatus; + VOID *RsaPrivKey; + VOID *RsaPubKey; + UINT8 *Signature; + UINTN SigSize; + UINT8 *Subject; + UINTN SubjectSize; + RETURN_STATUS ReturnStatus; + CHAR8 CommonName[64]; + CHAR16 CommonNameUnicode[64]; + UINTN CommonNameSize; Print (L"\nUEFI-OpenSSL RSA Key Retrieving Testing: "); @@ -286,6 +290,20 @@ ValidateCryptRsa2 ( Print (L"[Pass]"); } + // + // Get CommonName from X509 Certificate Subject // CommonNameSize = + 64; ZeroMem (CommonName, CommonNameSize); ReturnStatus = + X509GetCommonName (TestCert, sizeof (TestCert), CommonName, + ); if (RETURN_ERROR (ReturnStatus)) { +Print (L"\n - Retrieving Common Name - [Fail]"); +return EFI_ABORTED; + } else { +AsciiStrToUnicodeStrS (CommonName, CommonNameUnicode, CommonNameSize); +Print (L"\n - Retrieving Common Name = \"%s\" (Size = %d)", + CommonNameUnicode, CommonNameSize); } + // // X509 Certificate Verification. // diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 9c5ffcd9cf..2366a0218d 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2171,6 +2171,41 @@ X509GetSubjectName ( IN OUT UINTN*SubjectSize ); +/** + Retrieve the common name (CN) string from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CommonName Buffer to contain the retrieved certificate common + name string. At most CommonNameSize bytes will be + written and the string will be null terminated. May be + NULL in order to determine the size buffer needed. + @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, + and the size of buffer returned CommonName on output. + If CommonName is NULL then the amount of space needed + in buffer (including the final null) is returned. + + @retval RETURN_SUCCESS The certificate CommonName retrieved successfully. + @retval R
Re: [edk2] [PATCH v2] CryptoPkg: Add new API to retrieve commonName of X.509 certificate
From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Thursday, September 21, 2017 12:38 AM To: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Cc: edk2-devel@lists.01.org Subject: Re: [PATCH v2] CryptoPkg: Add new API to retrieve commonName of X.509 certificate Hello Qin, On 09/20/17 18:05, Qin Long wrote: > v2: Update function interface to return RETURN_STATUS to represent > different error cases. > > Add one new API (X509GetCommonName()) to retrieve the subject commonName > string from one X.509 certificate. > > Cc: Laszlo Ersek <ler...@redhat.com<mailto:ler...@redhat.com>> > Cc: Ting Ye <ting...@intel.com<mailto:ting...@intel.com>> > Cc: Chao Zhang <chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com>> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Qin Long <qin.l...@intel.com<mailto:qin.l...@intel.com>> > --- > CryptoPkg/Application/Cryptest/RsaVerify2.c| 32 +-- > CryptoPkg/Include/Library/BaseCryptLib.h | 34 +++ > CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 106 > + > CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c | 32 +++ > .../Pk/CryptX509Null.c | 34 ++- > 5 files changed, 230 insertions(+), 8 deletions(-) > > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 9c5ffcd9cf..48e9531758 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -2171,6 +2171,40 @@ X509GetSubjectName ( >IN OUT UINTN*SubjectSize >); > > +/** > + Retrieve the common name (CN) string from one X.509 certificate. > + > + @param[in] Cert Pointer to the DER-encoded X509 > certificate. > + @param[in] CertSize Size of the X509 certificate in bytes. > + @param[out] CommonName Buffer to contain the retrieved > certificate common > + name string. At most CommonNameSize bytes > will be > + written and the string will be null > terminated. May be > + NULL in order to determine the size > buffer needed. > + @param[in,out] CommonNameSize The size in bytes of the CommonName > buffer on input, > + and the size of buffer returned > CommonName on output. > + If CommonName is NULL then the amount of > space needed > + in buffer (including the final null) is > returned. > + > + @retval RETURN_SUCCESS The certificate CommonName retrieved > successfully. > + @retval RETURN_INVALID_PARAMETER If Cert is NULL. > + If CommonNameSize is NULL. > + If Certificate is invalid. > + @retval RETURN_NOT_FOUND If no CommonName entry exists. > + @retval RETURN_BUFFER_TOO_SMALL If the CommonName is NULL. The required > buffer size > + (including the final null) is returned in > the > + CommonNameSize parameter. > + @retval RETURN_UNSUPPORTED The operation is not supported. > + > +**/ > +RETURN_STATUS > +EFIAPI > +X509GetCommonName ( > + IN CONST UINT8 *Cert, > + IN UINTNCertSize, > + OUT CHAR8*CommonName, > + IN OUT UINTN*CommonNameSize > + ); > + > /** >Verify one X509 certificate was issued by the trusted CA. > I think the RETURN_BUFFER_TOO_SMALL description is incorrect -- it shouldn't only cover the (CommonName == NULL) case, but any other case when *CommonNameSize is not large enough, for formatting the full CN, plus the terminating '\0'. Relatedly, the output value of *CommonNameSize should always be the number of bytes required to format the NUL-terminated common name, regardless if there is enough room or not. The return status will tell the caller: - if the return status is BUFFER_TOO_SMALL, then a larger buffer is needed -- how large is explained by *CommonNameSize - if the return status is SUCCESS, then the buffer was large enough, and *CommonNameSize bytes have been used from it. [qlong] good catch. The current implementation is based on OpenSSL X509_NAME_get_text_by_OBJ API, and we can only get the real written data size or required size (by passing NULL CommonName) with this interface. I didn’t want to introduce additional handling (e.g. extra ASN1_STRING parsing) in this API. For fixed CommonNameSize buffer, it’s acceptable to receive the truncated string (e
Re: [edk2] [PATCH] CryptoPkg: Add new API to retrieve commonName of X.509 certificate
Laszlo. It's one good feedback. This is one historical design issue. We choose to use simple BOOLEAN as the return value, because OpenSSL has complicated return data (reason) with extra api (e.g. ERR_get_error()...). It's hard to map these error messages directly, then we just used one simplest way before, and always kept this kind of API style in late updates. I also think the return value (true/false) in current BaseCryptLib is really ambiguous to tell any more useful information. RETURN_xxx is more valuable in this new-added case. I would like to update the patch per your suggestion. Thanks for raising this. Best Regards & Thanks, LONG, Qin From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Laszlo Ersek Sent: Wednesday, September 20, 2017 8:09 PM To: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Cc: edk2-devel@lists.01.org Subject: Re: [edk2] [PATCH] CryptoPkg: Add new API to retrieve commonName of X.509 certificate Hello Qin, On 09/19/17 05:38, Long Qin wrote: > Add one new API (X509GetCommonName()) to retrieve the subject commonName > string from one X.509 certificate. > > Cc: Ting Ye <ting...@intel.com<mailto:ting...@intel.com>> > Cc: Chao Zhang <chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com>> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Qin Long <qin.l...@intel.com<mailto:qin.l...@intel.com>> > --- > CryptoPkg/Application/Cryptest/RsaVerify2.c| 17 > CryptoPkg/Include/Library/BaseCryptLib.h | 32 > CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 93 > ++ > CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c | 32 > .../Pk/CryptX509Null.c | 34 +++- > 5 files changed, 207 insertions(+), 1 deletion(-) > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 9c5ffcd9cf..d861be6725 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -2171,6 +2171,38 @@ X509GetSubjectName ( >IN OUT UINTN*SubjectSize >); > > +/** > + Retrieve the common name (CN) string from one X.509 certificate. > + > + If Cert or CommonNameSize is NULL, then return FALSE. > + If this interface is not supported, then return FALSE. > + > + @param[in] CertPointer to the DER-encoded X509 > certificate. > + @param[in] CertSizeSize of the X509 certificate in bytes. > + @param[out] CommonName Buffer to contain the retrieved > certificate common > + name string. At most CommonNameSize bytes > will be > + written and the string will be null > terminated. May be > + NULL in order to determine the size buffer > needed. > + @param[in,out] CommonNameSize The size in bytes of the CommonName buffer > on input, > + and the size of buffer returned CommonName > on output. > + if CommonName is NULL then the amount of > space needed > + in buffer (including the final null) is > returned. > + > + @retval TRUE The certificate CommonName retrieved successfully. > + @retval FALSE Invalid certificate, or CommonNameSize is NULL, > + or no CommonName entry exists. > + @retval FALSE This interface is not supported. > + > +**/ > +BOOLEAN > +EFIAPI > +X509GetCommonName ( > + IN CONST UINT8 *Cert, > + IN UINTNCertSize, > + OUT CHAR8*CommonName, > + IN OUT UINTN*CommonNameSize > + ); > + > /** >Verify one X509 certificate was issued by the trusted CA. > I hope my questions / suggestions aren't unwelcome (or misguided) -- have you considered returning RETURN_STATUS from this function? Currently FALSE is returned for several error cases, but we have good RETURN_xxx macros for telling them apart: - RETURN_BUFFER_TOO_SMALL: "The buffer was not large enough to hold the requested data. The required buffer size is returned in the appropriate parameter when this error occurs." - RETURN_UNSUPPORTED: "The operation is not supported." - RETURN_NOT_FOUND: "The item was not found." -- this can be used for "no CommonName entry exists". - RETURN_INVALID_PARAMETER: "The parameter was incorrect." -- this can be used for "CommonNameSize is NULL", and likely for "Invalid certificate" as well. If you don't want to update the interface, I'm OK with that of course; I just figur
Re: [edk2] [PATCH] CryptoPkg: Add new API to retrieve commonName of X.509 certificate
Thanks, Chao. Cryptest just simply use the hard-coded test vectors for API usage demonstration. So 64 is big enough for the given test X.509 data. Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Wednesday, September 20, 2017 2:57 PM To: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com> Cc: edk2-devel@lists.01.org Subject: RE: [PATCH] CryptoPkg: Add new API to retrieve commonName of X.509 certificate Qin: For cryptest, do we need to support 64 maximum CN name and NULL? That makes buffer size 65 instead of 64. Others are good to me. -Original Message----- From: Long, Qin Sent: Tuesday, September 19, 2017 11:39 AM To: Ye, Ting <ting...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Cc: edk2-devel@lists.01.org; Long, Qin <qin.l...@intel.com> Subject: [PATCH] CryptoPkg: Add new API to retrieve commonName of X.509 certificate Add one new API (X509GetCommonName()) to retrieve the subject commonName string from one X.509 certificate. Cc: Ting Ye <ting...@intel.com> Cc: Chao Zhang <chao.b.zh...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.l...@intel.com> --- CryptoPkg/Application/Cryptest/RsaVerify2.c| 17 CryptoPkg/Include/Library/BaseCryptLib.h | 32 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 93 ++ CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c | 32 .../Pk/CryptX509Null.c | 34 +++- 5 files changed, 207 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Application/Cryptest/RsaVerify2.c b/CryptoPkg/Application/Cryptest/RsaVerify2.c index 98b5aad900..f9b70d5794 100644 --- a/CryptoPkg/Application/Cryptest/RsaVerify2.c +++ b/CryptoPkg/Application/Cryptest/RsaVerify2.c @@ -211,6 +211,9 @@ ValidateCryptRsa2 ( UINTNSigSize; UINT8*Subject; UINTNSubjectSize; + CHAR8CommonName[64]; + CHAR16 CommonNameUnicode[64]; + UINTNCommonNameSize; Print (L"\nUEFI-OpenSSL RSA Key Retrieving Testing: "); @@ -286,6 +289,20 @@ ValidateCryptRsa2 ( Print (L"[Pass]"); } + // + // Get CommonName from X509 Certificate Subject // CommonNameSize = + 64; ZeroMem (CommonName, CommonNameSize); Status = X509GetCommonName + (TestCert, sizeof (TestCert), CommonName, ); if + (!Status) { +Print (L"\n - Retrieving Common Name - [Fail]"); +return EFI_ABORTED; + } else { +AsciiStrToUnicodeStrS (CommonName, CommonNameUnicode, CommonNameSize); +Print (L"\n - Retrieving Common Name = \"%s\" (Size = %d)", + CommonNameUnicode, CommonNameSize); } + // // X509 Certificate Verification. // diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 9c5ffcd9cf..d861be6725 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2171,6 +2171,38 @@ X509GetSubjectName ( IN OUT UINTN*SubjectSize ); +/** + Retrieve the common name (CN) string from one X.509 certificate. + + If Cert or CommonNameSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] CertPointer to the DER-encoded X509 certificate. + @param[in] CertSizeSize of the X509 certificate in bytes. + @param[out] CommonName Buffer to contain the retrieved certificate common + name string. At most CommonNameSize bytes will be + written and the string will be null terminated. May be + NULL in order to determine the size buffer needed. + @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, + and the size of buffer returned CommonName on output. + if CommonName is NULL then the amount of space needed + in buffer (including the final null) is returned. + + @retval TRUE The certificate CommonName retrieved successfully. + @retval FALSE Invalid certificate, or CommonNameSize is NULL, + or no CommonName entry exists. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetCommonName ( + IN CONST UINT8 *Cert, + IN UINTNCertSize, + OUT CHAR8*CommonName, + IN OUT UINTN*CommonNameSize + ); + /** Verify one X509 certificate was issued by the trusted CA. diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index 7d275977c5..e45c214bd1 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -297,6 +297,99 @@ _Exit: return Status; } +/** + R
[edk2] [PATCH] CryptoPkg: Add new API to retrieve commonName of X.509 certificate
Add one new API (X509GetCommonName()) to retrieve the subject commonName string from one X.509 certificate. Cc: Ting YeCc: Chao Zhang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- CryptoPkg/Application/Cryptest/RsaVerify2.c| 17 CryptoPkg/Include/Library/BaseCryptLib.h | 32 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 93 ++ CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c | 32 .../Pk/CryptX509Null.c | 34 +++- 5 files changed, 207 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Application/Cryptest/RsaVerify2.c b/CryptoPkg/Application/Cryptest/RsaVerify2.c index 98b5aad900..f9b70d5794 100644 --- a/CryptoPkg/Application/Cryptest/RsaVerify2.c +++ b/CryptoPkg/Application/Cryptest/RsaVerify2.c @@ -211,6 +211,9 @@ ValidateCryptRsa2 ( UINTNSigSize; UINT8*Subject; UINTNSubjectSize; + CHAR8CommonName[64]; + CHAR16 CommonNameUnicode[64]; + UINTNCommonNameSize; Print (L"\nUEFI-OpenSSL RSA Key Retrieving Testing: "); @@ -286,6 +289,20 @@ ValidateCryptRsa2 ( Print (L"[Pass]"); } + // + // Get CommonName from X509 Certificate Subject + // + CommonNameSize = 64; + ZeroMem (CommonName, CommonNameSize); + Status = X509GetCommonName (TestCert, sizeof (TestCert), CommonName, ); + if (!Status) { +Print (L"\n - Retrieving Common Name - [Fail]"); +return EFI_ABORTED; + } else { +AsciiStrToUnicodeStrS (CommonName, CommonNameUnicode, CommonNameSize); +Print (L"\n - Retrieving Common Name = \"%s\" (Size = %d)", CommonNameUnicode, CommonNameSize); + } + // // X509 Certificate Verification. // diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 9c5ffcd9cf..d861be6725 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2171,6 +2171,38 @@ X509GetSubjectName ( IN OUT UINTN*SubjectSize ); +/** + Retrieve the common name (CN) string from one X.509 certificate. + + If Cert or CommonNameSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] CertPointer to the DER-encoded X509 certificate. + @param[in] CertSizeSize of the X509 certificate in bytes. + @param[out] CommonName Buffer to contain the retrieved certificate common + name string. At most CommonNameSize bytes will be + written and the string will be null terminated. May be + NULL in order to determine the size buffer needed. + @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, + and the size of buffer returned CommonName on output. + if CommonName is NULL then the amount of space needed + in buffer (including the final null) is returned. + + @retval TRUE The certificate CommonName retrieved successfully. + @retval FALSE Invalid certificate, or CommonNameSize is NULL, + or no CommonName entry exists. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetCommonName ( + IN CONST UINT8 *Cert, + IN UINTNCertSize, + OUT CHAR8*CommonName, + IN OUT UINTN*CommonNameSize + ); + /** Verify one X509 certificate was issued by the trusted CA. diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index 7d275977c5..e45c214bd1 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -297,6 +297,99 @@ _Exit: return Status; } +/** + Retrieve the common name (CN) string from one X.509 certificate. + + If Cert or CommonNameSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] CertPointer to the DER-encoded X509 certificate. + @param[in] CertSizeSize of the X509 certificate in bytes. + @param[out] CommonName Buffer to contain the retrieved certificate common + name string. At most CommonNameSize bytes will be + written and the string will be null terminated. May be + NULL in order to determine the size buffer needed. + @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, + and the size of buffer returned CommonName on output. + if CommonName is NULL then the amount of space needed + in buffer (including the
[edk2] [PATCH] SecurityPkg: Add ARM/AARCH64 arch to enable RngTest module build.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=680 Adding ARM and AARCH64 to SUPPORTED_ARCHITECTURES in SecurityPkg.dsc to enable RngTest module build, since this is one platform-independent application. Cc: Chao ZhangCc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- SecurityPkg/Application/RngTest/RngTest.inf | 2 +- SecurityPkg/SecurityPkg.dsc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Application/RngTest/RngTest.inf b/SecurityPkg/Application/RngTest/RngTest.inf index 334cff45b0..55510f709a 100644 --- a/SecurityPkg/Application/RngTest/RngTest.inf +++ b/SecurityPkg/Application/RngTest/RngTest.inf @@ -27,7 +27,7 @@ # # The following information is for reference only and not required by the build tools. # -# VALID_ARCHITECTURES = IA32 X64 +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 # [Sources] diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 8b9240374c..bb7147ec75 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -19,7 +19,7 @@ PLATFORM_VERSION = 0.97 DSC_SPECIFICATION = 0x00010005 OUTPUT_DIRECTORY = Build/SecurityPkg - SUPPORTED_ARCHITECTURES= IA32|IPF|X64|EBC + SUPPORTED_ARCHITECTURES= IA32|IPF|X64|EBC|ARM|AARCH64 BUILD_TARGETS = DEBUG|RELEASE|NOOPT SKUID_IDENTIFIER = DEFAULT -- 2.14.1.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch 1/2] CryptoPkg/TlsLib: Remove the redundant free of BIO objects
Reviewed-by: Long Qin <qin.l...@intel.com> -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jiaxin Wu Sent: Monday, July 31, 2017 1:41 PM To: edk2-devel@lists.01.org Cc: Ye, Ting <ting...@intel.com>; Wu, Jiaxin <jiaxin...@intel.com>; Long, Qin <qin.l...@intel.com> Subject: [edk2] [Patch 1/2] CryptoPkg/TlsLib: Remove the redundant free of BIO objects TLS BIO objects (InBio/OutBio) will be freed by SSL_free() function. So, the following free operation (BIO_free) in TlsFree is redundant. It can be removed directly. Cc: Ye Ting <ting...@intel.com> Cc: Long Qin <qin.l...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin...@intel.com> --- CryptoPkg/Library/TlsLib/TlsInit.c | 10 +- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/CryptoPkg/Library/TlsLib/TlsInit.c b/CryptoPkg/Library/TlsLib/TlsInit.c index e2c9744..e524647 100644 --- a/CryptoPkg/Library/TlsLib/TlsInit.c +++ b/CryptoPkg/Library/TlsLib/TlsInit.c @@ -128,24 +128,16 @@ TlsFree ( if (TlsConn == NULL) { return; } // - // Free the internal TLS and BIO objects. + // Free the internal TLS and related BIO objects. // if (TlsConn->Ssl != NULL) { SSL_free (TlsConn->Ssl); } - if (TlsConn->InBio != NULL) { -BIO_free (TlsConn->InBio); - } - - if (TlsConn->OutBio != NULL) { -BIO_free (TlsConn->OutBio); - } - OPENSSL_free (Tls); } /** Create a new TLS object for a connection. -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] Adding OpenSSL as the submodule of EDKII project...
Sean, Thank you for the comments. And for the submodule maintenance, do you have any BKMs (e.g. alias setting, any scripts for synchronous clone/pull...) for sharing? Best Regards & Thanks, LONG, Qin -Original Message- From: Sean Brogan [mailto:sean.bro...@microsoft.com] Sent: Saturday, July 22, 2017 12:52 AM To: Long, Qin <qin.l...@intel.com>; edk2-devel@lists.01.org Subject: RE: Adding OpenSSL as the submodule of EDKII project... Long,Qin I think this is a great idea and great step forward for making edk2 more consumable. We already do this for our internal clones of edk2 and would like to see more work like this done to make edk2 consumable in a sustainable and easy way. For example we also use submodules within our clone of edk2 for win32 basetools bin and nasm. We then use submodules exclusively to manage consuming edk2 into our project repos. This gives us great flexibility and agility to manage, update, and sustain our code trees. TianoCore should think of itself not as the final repo but as an ingredient in a larger repository for building and shipping UEFI based products. In that end I would like to see EDK2 break into smaller repositories (but I'll save that for another day). Thanks Sean -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Long, Qin Sent: Thursday, July 20, 2017 12:18 AM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com> Subject: [edk2] Adding OpenSSL as the submodule of EDKII project... Hi, The Git submodule allows us to keep another Git repository in a subdirectory of main project. The Submodule repository has its own history, which does not interfere with the history of the current repository. This can be used to have external dependencies such as third party libraries. After the extra patch for EDKII-OpenSSL build was removed, OpenSSL can be one typical use case of Git Submodule in EDKII project. The Git parent (EDKII) will keep track of the release version / tag IDs of Submodules when the module owner commit. That will also help to ensure that when we check out the EDKII project then the openssl Submodule will also contain its right tags. One forked EDK2 repository with OpenSSL submodule support was available at https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fqloong%2Fedk2=02%7C01%7Csean.brogan%40microsoft.com%7C25cfc5e585ab4364560708d4cf3f860c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636361319131460644=JlxveSrNDXpxECNOAS7zxfDkOvz%2FX5rc9RE%2FA9XYroA%3D=0 for testing. For EDKII developers, the possible impacts will include (comparing to the original openssl source download / unpacking mechanism): - Cloning EDKII project with Submodules The user can use the following commands to clone both main EDKII repo and openssl submodule: 1) Add the "--recursive" flag to their git clone command: $ git clone --recursive https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fqloong%2Fedk2=02%7C01%7Csean.brogan%40microsoft.com%7C25cfc5e585ab4364560708d4cf3f860c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636361319131460644=JlxveSrNDXpxECNOAS7zxfDkOvz%2FX5rc9RE%2FA9XYroA%3D=0 or 2) Manually initialize and update the submodules after the clone operation on main project: $ git clone https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fqloong%2Fedk2=02%7C01%7Csean.brogan%40microsoft.com%7C25cfc5e585ab4364560708d4cf3f860c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636361319131460644=JlxveSrNDXpxECNOAS7zxfDkOvz%2FX5rc9RE%2FA9XYroA%3D=0 $ git submodule update -init -recursive - Pulling in Upstream Changes For Pull operations, one single "git pull" will not update the submodule repository. So the following combined commands can be used to pull the remote submodule updates (e.g. updating to new supported OpenSSL release tag) $ git pull -recurse-submodules && git submodule update -recursive -remote (For any third-party GUI tools (e.g. TortoiseGit), there are also no direct support to sync-up the primary and submodule repo. We need to use extra "Pull..." and "Submodule Update..." to handle this case.) Let me know your comments & suggestions on this possible submodule updates (advantage or disadvantage of this change? Any impacts? ...). Thanks. Best Regards & Thanks, LONG, Qin ___ edk2-devel mailing list edk2-devel@lists.01.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.01.org%2Fmailman%2Flistinfo%2Fedk2-devel=02%7C01%7Csean.brogan%40microsoft.com%7C25cfc5e585ab4364560708d4cf3f860c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636361319131460644=SU3grvQcPSSDREJnEvg%2F6m55JCXJV01jAoSZi2nwcZA%3D=0 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] Adding OpenSSL as the submodule of EDKII project...
Hi, The Git submodule allows us to keep another Git repository in a subdirectory of main project. The Submodule repository has its own history, which does not interfere with the history of the current repository. This can be used to have external dependencies such as third party libraries. After the extra patch for EDKII-OpenSSL build was removed, OpenSSL can be one typical use case of Git Submodule in EDKII project. The Git parent (EDKII) will keep track of the release version / tag IDs of Submodules when the module owner commit. That will also help to ensure that when we check out the EDKII project then the openssl Submodule will also contain its right tags. One forked EDK2 repository with OpenSSL submodule support was available at https://github.com/qloong/edk2 for testing. For EDKII developers, the possible impacts will include (comparing to the original openssl source download / unpacking mechanism): - Cloning EDKII project with Submodules The user can use the following commands to clone both main EDKII repo and openssl submodule: 1) Add the "--recursive" flag to their git clone command: $ git clone --recursive https://github.com/qloong/edk2 or 2) Manually initialize and update the submodules after the clone operation on main project: $ git clone https://github.com/qloong/edk2 $ git submodule update -init -recursive - Pulling in Upstream Changes For Pull operations, one single "git pull" will not update the submodule repository. So the following combined commands can be used to pull the remote submodule updates (e.g. updating to new supported OpenSSL release tag) $ git pull -recurse-submodules && git submodule update -recursive -remote (For any third-party GUI tools (e.g. TortoiseGit), there are also no direct support to sync-up the primary and submodule repo. We need to use extra "Pull..." and "Submodule Update..." to handle this case.) Let me know your comments & suggestions on this possible submodule updates (advantage or disadvantage of this change? Any impacts? ...). Thanks. Best Regards & Thanks, LONG, Qin ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] CryptoPkg/OpensslLib AARCH64: clear XIP CC flags
Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] Sent: Saturday, July 15, 2017 1:19 AM To: edk2-devel@lists.01.org; Long, Qin <qin.l...@intel.com> Cc: Ye, Ting <ting...@intel.com>; leif.lindh...@linaro.org; ler...@redhat.com; Ard Biesheuvel <ard.biesheu...@linaro.org> Subject: [PATCH] CryptoPkg/OpensslLib AARCH64: clear XIP CC flags Commit 0df6c8c157af ("BaseTools/tools_def AARCH64: avoid SIMD registers in XIP code") updated the compiler flags used by AARCH64 when building modules (including BASE libraries) that may execute before the MMU is enabled. This broke the build for OpensslLib/OpensslLibCrypto because the SIMD register file is shared with the FPU, and since OpenSSL contains some references to float/double types (which are mostly unused for UEFI btw), disabling floating point prevents the compiler from building OpenSSL at all. When introducing the support for XIP CC flags, we were aware that this would affect BASE libraries as well, but were not expecting this to have any performance impact. However, in the case of software crypto, it makes sense not to needlessly inhibit the compiler's ability to generate fast code, and even if OpenssLib is a BASE library, it is guaranteed not to run with the MMU off, so we can create a local exception, and clear its XIP CC flags for AARCH64. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- Note that this un-breaks the currently broken AARCH64 build for platforms that have secure boot enabled CryptoPkg/Library/OpensslLib/OpensslLib.inf | 11 +++ CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++ 2 files changed, 22 insertions(+) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index cbabb34bdd7c..1d15da6660b2 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -580,3 +580,14 @@ [BuildOptions] RVCT:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) --library_interface=aeabi_clib99 --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188,128,546,1,3017 -JCryptoPkg/Include XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w XCODE:*_*_X64_CC_FLAGS= -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w + + # + # AARCH64 uses strict alignment and avoids SIMD registers for code + that may execute # with the MMU off. This involves SEC, PEI_CORE and + PEIM modules as well as BASE # libraries, given that they may be included into such modules. + # This library, even though of the BASE type, is never used in such + cases, and # avoiding the SIMD register file (which is shared with + the FPU) prevents the # compiler from successfully building some of + the OpenSSL source files that # use floating point types, so clear the flags here. + # + GCC:*_*_AARCH64_CC_XIPFLAGS == diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf index 026b551bcafa..6fc8884da492 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -541,3 +541,14 @@ [BuildOptions] RVCT:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) --library_interface=aeabi_clib99 --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188,128,546,1,3017 -JCryptoPkg/Include XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w XCODE:*_*_X64_CC_FLAGS= -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w + + # + # AARCH64 uses strict alignment and avoids SIMD registers for code + that may execute # with the MMU off. This involves SEC, PEI_CORE and + PEIM modules as well as BASE # libraries, given that they may be included into such modules. + # This library, even though of the BASE type, is never used in such + cases, and # avoiding the SIMD register file (which is shared with + the FPU) prevents the # compiler from successfully building some of + the OpenSSL source files that # use floating point types, so clear the flags here. + # + GCC:*_*_AARCH64_CC_XIPFLAGS == -- 2.9.3 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH] CryptoPkg/BaseCryptLib: Add NULL pointer checks in DH and P7Verify
Add more NULL pointer checks before using them in DhGenerateKey and Pkcs7GetCertificatesList functions to eliminate possible dereferenced pointer issue. Cc: Ting YeCc: Hao Wu Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c | 4 +++- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 10 +++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c index f44684f907..391efd5c14 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c @@ -232,7 +232,9 @@ DhGenerateKey ( return FALSE; } -BN_bn2bin (DhPubKey, PublicKey); +if (PublicKey != NULL) { + BN_bn2bin (DhPubKey, PublicKey); +} *PublicKeySize = Size; } diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c index 45d5df5e11..d564591cb7 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c @@ -558,7 +558,9 @@ Pkcs7GetCertificatesList ( } } CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx); - (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer); + if (CtxUntrusted != NULL) { +(VOID)sk_X509_delete_ptr (CtxUntrusted, Signer); + } // // Build certificates stack chained from Signer's certificate. @@ -711,8 +713,10 @@ _Error: } sk_X509_free (Signers); - X509_STORE_CTX_cleanup (CertCtx); - X509_STORE_CTX_free (CertCtx); + if (CertCtx != NULL) { +X509_STORE_CTX_cleanup (CertCtx); +X509_STORE_CTX_free (CertCtx); + } if (SingleCert != NULL) { free (SingleCert); -- 2.12.2.windows.2 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg: Add TCG Spec info to TCG related modules
Reviewed-by: Qin Long <qin.l...@intel.com> > -Original Message- > From: Zhang, Chao B > Sent: Thursday, May 11, 2017 1:15 PM > To: edk2-devel@lists.01.org > Cc: Long, Qin; Yao, Jiewen; Zhang, Chao B > Subject: [PATCH] SecurityPkg: Add TCG Spec info to TCG related modules > > Add TCG Spec compliance info to TCG related module INFs. > > Cc: Qin Long <qin.l...@intel.com> > Cc: Yao Jiewen <jiewen@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> > --- > .../Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf | 5 > - > SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf | 8 > ++-- > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 7 +++ > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 7 ++- > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf | 9 > - > 5 files changed, 31 insertions(+), 5 deletions(-) > > diff --git > a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.i > nf > b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.i > nf > index a11988e..939f6fb 100644 > --- > a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.i > nf > +++ > b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.i > n > +++ f > @@ -1,6 +1,9 @@ > ## @file > # Provides security service for TPM 2.0 measured boot # > +# Spec Compliance Info: > +#"TCG PC Client Platform Firmware Profile Specification for TPM Family > 2.0 Level 00 Revision 00.21" > +# > # This library instance hooks LoadImage() API to measure every image that > # is not measured in PEI phase. And, it will also measure GPT partition. > # > @@ -9,7 +12,7 @@ > # This external input must be validated carefully to avoid security issues > such # as buffer overflow or integer overflow. > # > -# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. > +# Copyright (c) 2013 - 2017, Intel Corporation. All rights > +reserved. > # This program and the accompanying materials # are licensed and made > available under the terms and conditions of the BSD License # which > accompanies this distribution. The full text of the license may be found at > diff > --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > index 976972d..3e619b9 100644 > --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > @@ -1,12 +1,16 @@ > ## @file > # Provides TPM 2.0 TIS/PTP functions for DTPM -# > +# > +# Spec Compliance Info: > +#"TCG PC Client Platform TPM Profile(PTP) Specification Family 2.0 Level > 00 Revision 00.43" > +#"TCG PC Client Specific TPM Interface Specification(TIS) Version 1.3" > +# > # This library implements TIS (TPM Interface Specification) and # PTP > (Platform TPM Profile) functions which is # used for every TPM 2.0 > command. Choosing this library means platform uses and # only uses TPM > 2.0 DTPM device. > # > -# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. > +# Copyright (c) 2013 - 2017, Intel Corporation. All rights > +reserved. > # This program and the accompanying materials # are licensed and made > available under the terms and conditions of the BSD License # which > accompanies this distribution. The full text of the license may be found at > diff > --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > index 8efc4e3..85415e8 100644 > --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > @@ -1,5 +1,12 @@ > ## @file > # Produces Tcg2 protocol and measure boot environment > +# > +# Spec Compliance Info: > +#"TCG PC Client Platform Firmware Profile Specification for TPM Family > 2.0 Level 00 Revision 00.21" > +# along with > +#"Errata for PC Client Specific Platform Firmware Profile Specification > Version 1.0 Revision 0.21" > +#"TCG EFI Protocol Specification" "Family 2.0" "Level 00 Revision 00.13" > +# > # This module will produce Tcg2 protocol and measure boot environment. > # > # Caution: This module requires additional review when modified. > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > index 3477d82..1b79ee4 100644 > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > @@ -1,9 +1,14 @@
[edk2] [PATCH] CryptoPkg: Update package version to 0.97
Update package version of CryptoPkg to 0.97. Cc: Ting YeContributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- CryptoPkg/CryptoPkg.dec | 2 +- CryptoPkg/CryptoPkg.dsc | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index b2fae6142a..afeb723211 100644 --- a/CryptoPkg/CryptoPkg.dec +++ b/CryptoPkg/CryptoPkg.dec @@ -20,7 +20,7 @@ PACKAGE_NAME = CryptoPkg PACKAGE_UNI_FILE = CryptoPkg.uni PACKAGE_GUID = 36470E80-36F2-4ba0-8CC8-937C7D9FF888 - PACKAGE_VERSION= 0.96 + PACKAGE_VERSION= 0.97 [Includes] Include diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 468e60b5b1..07ff42c5b7 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -1,7 +1,7 @@ ## @file # Cryptographic Library Package for UEFI Security Implementation. # -# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved. +# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved. # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -20,7 +20,7 @@ [Defines] PLATFORM_NAME = CryptoPkg PLATFORM_GUID = E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6 - PLATFORM_VERSION = 0.96 + PLATFORM_VERSION = 0.97 DSC_SPECIFICATION = 0x00010005 OUTPUT_DIRECTORY = Build/CryptoPkg SUPPORTED_ARCHITECTURES= IA32|X64|IPF|ARM|AARCH64 -- 2.12.2.windows.2 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [Patch] CryptoPkg: Correct some minor issues in function comments
Correct some minor comment issues in BaseCryptLib.h and CryptPkcs7Verify.c, including: - missed "out" in parameter property for ARC4 interfaces; - Wrong Comment tail in Pkcs7GetAttachedContent function Cc: Ting Ye <ting...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.l...@intel.com> Signed-off-by: Long Qin <qin.l...@intel.com> --- CryptoPkg/Include/Library/BaseCryptLib.h | 18 +- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 9f0f202668..9c5ffcd9cf 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1790,10 +1790,10 @@ Arc4Init ( If Output is NULL, then return FALSE. If this interface is not supported, then return FALSE. - @param[in] Arc4Context Pointer to the ARC4 context. - @param[in] InputPointer to the buffer containing the data to be encrypted. - @param[in] InputSizeSize of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4 encryption output. + @param[in, out] Arc4Context Pointer to the ARC4 context. + @param[in] InputPointer to the buffer containing the data to be encrypted. + @param[in] InputSizeSize of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the ARC4 encryption output. @retval TRUE ARC4 encryption succeeded. @retval FALSE ARC4 encryption failed. @@ -1822,10 +1822,10 @@ Arc4Encrypt ( If Output is NULL, then return FALSE. If this interface is not supported, then return FALSE. - @param[in] Arc4Context Pointer to the ARC4 context. - @param[in] InputPointer to the buffer containing the data to be decrypted. - @param[in] InputSizeSize of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4 decryption output. + @param[in, out] Arc4Context Pointer to the ARC4 context. + @param[in] InputPointer to the buffer containing the data to be decrypted. + @param[in] InputSizeSize of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the ARC4 decryption output. @retval TRUE ARC4 decryption succeeded. @retval FALSE ARC4 decryption failed. @@ -2511,7 +2511,7 @@ Pkcs7Verify ( @retval TRUE The P7Data was correctly formatted for processing. @retval FALSE The P7Data was not correctly formatted for processing. -*/ +**/ BOOLEAN EFIAPI Pkcs7GetAttachedContent ( diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c index bf24e92127..45d5df5e11 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c @@ -925,7 +925,7 @@ _Exit: @retval TRUE The P7Data was correctly formatted for processing. @retval FALSE The P7Data was not correctly formatted for processing. -*/ +**/ BOOLEAN EFIAPI Pkcs7GetAttachedContent ( -- 2.12.2.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] CryptoPkg compiles error: BIO_printf() andBIO_snprintf() redefined.
In general, the user needn’t to run “process_files.pl” to re-generate the INF file, if you are using the latest release (e.g. current 1.1.0e stated in the OpenSSL-HOWTO). You can re-produce your INF file if any customization requirement (new OpenSSL version, new config flags, …). Theprocss_files.pl was originally created in UNIX-like style (“#!/usr/bin/perl –w”). So no more validations on those third-party Perl utility (ActivePerl, Strawberry, etc). Of cause, I can take a look at those Perl environments later. Best Regards & Thanks, LONG, Qin From: winddy [mailto:winddy_zh...@foxmail.com] Sent: Thursday, April 13, 2017 2:06 PM To: Long, Qin <qin.l...@intel.com>; edk2-devel <edk2-devel@lists.01.org> Subject: RE: [edk2] CryptoPkg compiles error: BIO_printf() andBIO_snprintf() redefined. Hi Qin, So currently our CryptoPkg init does not support third party perl tool such as ActivePerl ? Thanks. -- BR winddy_zhang -- Original ------ From: "Long, Qin";<qin.l...@intel.com<mailto:qin.l...@intel.com>>; Date: Thu, Apr 13, 2017 01:08 PM To: "winddy"<winddy_zh...@foxmail.com<mailto:winddy_zh...@foxmail.com>>; "edk2-devel"<edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>>; Subject: RE: [edk2] CryptoPkg compiles error: BIO_printf() andBIO_snprintf() redefined. > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > winddy > Sent: Thursday, April 13, 2017 10:39 AM > To: edk2-devel <edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>> > Subject: [edk2] CryptoPkg compiles error: BIO_printf() and BIO_snprintf() > redefined. > > Hi experts, > Now I compile CryptoPkg in lastest UDK, I find there is a build error: > > BaseCryptLib.lib(CrtWrapper.obj) : error LNK2005: BIO_snprintf already > defined i n OpensslLib.lib(b_print.obj) > BaseCryptLib.lib(CrtWrapper.obj) : error LNK2005: BIO_printf already defined > in > OpensslLib.lib(b_print.obj) > d:\project\udkapp\udkapp\Build\WinddyPkg\RELEASE_DDK7600\X64\Windd > yPkg\Dxe\Crypt > Dxe\CryptDxe\DEBUG\CryptDxe.dll : fatal error LNK1169: one or more > multiply defi ned symbols found Please check your OpensslLib.inf, the b_print.c should not be there. And the process_file.pl should filter this file into the final file list in INF. > > Both c file "CryptoPkg\Library\BaseCryptLib\SysCall\CrtWrapper.c" and c > file "CryptoPkg\Library\OpensslLib\openssl\crypto\bio\b_print.c" defined > function BIO_printf(), BIO_snprintf(). > > I just remove the dummy functions in CrtWrapper.c, the build process is > successful. > Is that right? > > BTW, I think someone maybe does not know how to run perl script for > openssl library init, so I write down my trying steps under windows 7 64 bit > for your reference: > 1. download and install ActivePerl-5.24.1.2402-MSWin32-x64-401627.exe > 2. cmdline run "ppm install dmake" > 3. download openssl-1.1.0e.tar.gz and unpack it to > CryptoPkg/Library/OpensslLib/openssl. > 4. rename "openssl\Configure" to "openssl\Configure.pl" > 5. modify file process_files.pl line 49: "./Configure" -> "Configure.pl" > 6. under cmdline, cd to "CryptoPkg\Library\OpensslLib" and run > "process_files.pl" Use "Perl process_files.pl" is fine enough. If you are using Windows and installed Git-Windows, just run "perl process_files.pl" In your Git Bash (Perl should be included in your MINGW environment). > > Thank you. > > > > -- > BR > winddy_zhang > ___ > edk2-devel mailing list > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] CryptoPkg compiles error: BIO_printf() and BIO_snprintf() redefined.
> -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > winddy > Sent: Thursday, April 13, 2017 10:39 AM > To: edk2-devel> Subject: [edk2] CryptoPkg compiles error: BIO_printf() and BIO_snprintf() > redefined. > > Hi experts, > Now I compile CryptoPkg in lastest UDK, I find there is a build error: > > BaseCryptLib.lib(CrtWrapper.obj) : error LNK2005: BIO_snprintf already > defined i n OpensslLib.lib(b_print.obj) > BaseCryptLib.lib(CrtWrapper.obj) : error LNK2005: BIO_printf already defined > in > OpensslLib.lib(b_print.obj) > d:\project\udkapp\udkapp\Build\WinddyPkg\RELEASE_DDK7600\X64\Windd > yPkg\Dxe\Crypt > Dxe\CryptDxe\DEBUG\CryptDxe.dll : fatal error LNK1169: one or more > multiply defi ned symbols found Please check your OpensslLib.inf, the b_print.c should not be there. And the process_file.pl should filter this file into the final file list in INF. > > Both c file "CryptoPkg\Library\BaseCryptLib\SysCall\CrtWrapper.c" and c > file "CryptoPkg\Library\OpensslLib\openssl\crypto\bio\b_print.c" defined > function BIO_printf(), BIO_snprintf(). > > I just remove the dummy functions in CrtWrapper.c, the build process is > successful. > Is that right? > > BTW, I think someone maybe does not know how to run perl script for > openssl library init, so I write down my trying steps under windows 7 64 bit > for your reference: > 1. download and install ActivePerl-5.24.1.2402-MSWin32-x64-401627.exe > 2. cmdline run "ppm install dmake" > 3. download openssl-1.1.0e.tar.gz and unpack it to > CryptoPkg/Library/OpensslLib/openssl. > 4. rename "openssl\Configure" to "openssl\Configure.pl" > 5. modify file process_files.pl line 49: "./Configure" -> "Configure.pl" > 6. under cmdline, cd to "CryptoPkg\Library\OpensslLib" and run > "process_files.pl" Use "Perl process_files.pl" is fine enough. If you are using Windows and installed Git-Windows, just run "perl process_files.pl" In your Git Bash (Perl should be included in your MINGW environment). > > Thank you. > > > > -- > BR > winddy_zhang > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel