More stuff got hidden. Some of this is tolerable. Other bits are horrid, but given that we expose *requires* that we know the size of the data structure, it's hard to see how we can avoid it.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <david.woodho...@intel.com> --- Really need to sort this one out properly... CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 7 ++++--- CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 6 ++++-- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c | 1 + CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 2 ++ CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 1 + 5 files changed, 12 insertions(+), 5 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c index 693cd32..93c2bcb 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c @@ -14,7 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "InternalCryptLib.h" #include <openssl/hmac.h> - +#include <../hmac/hmac_lcl.h> /** Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations. @@ -65,7 +65,8 @@ HmacMd5Init ( // // OpenSSL HMAC-MD5 Context Initialization // - HMAC_CTX_init (HmacMd5Context); + memset(HmacMd5Context, 0, sizeof(HMAC_CTX)); + HMAC_CTX_reset (HmacMd5Context); HMAC_Init_ex (HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL); return TRUE; @@ -191,7 +192,7 @@ HmacMd5Final ( // OpenSSL HMAC-MD5 digest finalization // HMAC_Final (HmacMd5Context, HmacValue, &Length); - HMAC_CTX_cleanup (HmacMd5Context); + HMAC_CTX_reset (HmacMd5Context); return TRUE; } diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c index 881d26c..5710f26 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c @@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "InternalCryptLib.h" #include <openssl/hmac.h> +#include <../hmac/hmac_lcl.h> /** Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations. @@ -65,7 +66,8 @@ HmacSha1Init ( // // OpenSSL HMAC-SHA1 Context Initialization // - HMAC_CTX_init (HmacSha1Context); + memset(HmacSha1Context, 0, sizeof(HMAC_CTX)); + HMAC_CTX_reset (HmacSha1Context); HMAC_Init_ex (HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL); return TRUE; @@ -191,7 +193,7 @@ HmacSha1Final ( // OpenSSL HMAC-SHA1 digest finalization // HMAC_Final (HmacSha1Context, HmacValue, &Length); - HMAC_CTX_cleanup (HmacSha1Context); + HMAC_CTX_reset (HmacSha1Context); return TRUE; } diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c index 704eb4e..8e0d896 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c @@ -17,6 +17,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/pkcs7.h> +#include <internal/evp_int.h> /** diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c index d495812..c6799ae 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c @@ -23,6 +23,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/pkcs7.h> +#include <../evp/evp_locl.h> // // OID ASN.1 Value for SPC_RFC3161_OBJID ("1.3.6.1.4.1.311.3.3.1") @@ -285,6 +286,7 @@ CheckTSTInfo ( if (HashedMsg == NULL) { goto _Exit; } + memset(&MdCtx, 0, sizeof(MdCtx)); EVP_DigestInit (&MdCtx, Md); EVP_DigestUpdate (&MdCtx, TimestampedData, DataSize); EVP_DigestFinal (&MdCtx, HashedMsg, NULL); diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index 7dc4596..d392bed 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -15,6 +15,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "InternalCryptLib.h" #include <openssl/x509.h> #include <openssl/rsa.h> +#include <internal/evp_int.h> /** Construct a X509 object from DER-encoded certificate data. -- 2.5.0 -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel