2998af862469c6a05657e169d7def6f55420caad |
|
19-Oct-2016 |
Gary Lin <glin@suse.com> |
CryptoPkg: Fix typos in comments - intialized -> initialized - componenet -> component - compoents -> components - FAlSE -> FALSE - responsiblity -> responsibility - validility -> validity - procudure -> procedure - pamameter -> parameter - randome -> random - buiild -> build Cc: Ting Ye <ting.ye@intel.com> Cc: Qin Long <qin.long@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Gary Lin <glin@suse.com> Reviewed-by: Qin Long <qin.long@intel.com>
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
|
de0408be72d4a0e27683ce594fde982ff9085f7f |
|
29-Oct-2015 |
David Woodhouse <David.Woodhouse@intel.com> |
CryptoPkg/BaseCryptLib: Use X509_V_FLAG_NO_CHECK_TIME OpenSSL HEAD is in the process of adding this flag to disable the validity time checking. Backport it to 1.0.2 and use it too, for consistency. https://rt.openssl.org/Ticket/Display.html?id=3951&user=guest&pass=guest Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18704 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
|
68547181f3c5b1c0a73e748b44be1f454e2f7e3c |
|
29-Oct-2015 |
David Woodhouse <David.Woodhouse@intel.com> |
CryptoPkg/BaseCryptLib: Use X509_V_FLAG_PARTIAL_CHAIN Since OpenSSL 1.0.2 we can set this flag on the X509_STORE to instruct OpenSSL to accept non-self-signed certificates as trusted. So we don't need two entirely identical copies of a verify_cb() function which makes it ignore the resulting errors. We also *didn't* use that verify_cb() function for X509VerifyCert(), but probably should have done. So that can get X509_V_FLAG_PARTIAL_CHAIN for consistency, too. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18703 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
|
338bfd970ad9f852ed82090c240f10a74a77b656 |
|
29-Oct-2015 |
David Woodhouse <David.Woodhouse@intel.com> |
CryptoPkg/BaseCryptLib: Use accessor functions for ASN1_OBJECT OpenSSL 1.1 introduces new OBJ_get0_data() and OBJ_length() accessor functions and makes ASN1_OBJECT an opaque type. Unlike the accessors in previous commits which *did* actually exist already but just weren't mandatory, these don't exist in older versions of OpenSSL. So introduce macros which do the right thing, for compatibility. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18701 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
|
4ffe0facbe89df0f1856f747cf887f5efcbca955 |
|
29-Oct-2015 |
David Woodhouse <David.Woodhouse@intel.com> |
CryptoPkg/BaseCryptLib: Use accessor functions for X509_ATTRIBUTE In OpenSSL 1.1, the X509_ATTRIBUTE becomes an opaque structure and we will no longer get away with accessing its members directly. Use the accessor functions X509_ATTRIBUTE_get0_object0() and X509_ATTRIBUTE_get0_type() instead. Also be slightly more defensive about unlikely failure modes. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18700 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
|
1463ce18ca7c4f971c08cc6341dbb0adb25c831a |
|
16-Jun-2015 |
Qin Long <qin.long@intel.com> |
CryptoPkg: Wrapper files updates to support openssl-1.0.2c This patch updates some support header and wrapper files to support openssl-1.0.2c build, and correct some openssl API usages and boundary check. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17635 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
|
017c285ef1c326853c4a1390b741cecb57677162 |
|
14-Nov-2014 |
Laszlo Ersek <lersek@redhat.com> |
CryptoPkg: TimestampTokenVerify(): fix gcc-4.8 / Ia32 build failure SVN r16339 ("CryptoPkg Updates to support RFC3161 timestamp signature verification.") introduced the following build failure: > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c: In function > 'TimestampTokenVerify': > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c:538:3: error: passing > argument 2 of 'd2i_TS_TST_INFO' from incompatible pointer type [-Werror] > TstInfo = d2i_TS_TST_INFO (NULL, &TstTemp, (int)TstSize); > ^ > In file included from CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c:22:0: > CryptoPkg/Include/openssl/asn1t.h:803:10: note: expected 'const unsigned > char **' but argument is of type 'UINT8 **' > stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ > ^ > CryptoPkg/Include/openssl/asn1t.h:799:2: note: in expansion of macro > 'IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname' > IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ > ^ > CryptoPkg/Include/openssl/asn1t.h:778:42: note: in expansion of macro > 'IMPLEMENT_ASN1_FUNCTIONS_fname' > #define IMPLEMENT_ASN1_FUNCTIONS(stname) > IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) > ^ > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c:136:1: note: in expansion of > macro 'IMPLEMENT_ASN1_FUNCTIONS' > IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO) > ^ > cc1: all warnings being treated as errors Note that the cast (const unsigned char **) &TstTemp does not match the general edk2 coding style, but it *does* match other similar casts in this file. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Build-tested-by: Scott Duplichan <scott@notabs.org> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16387 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
|
2ac68e8b549b646607149919a2780bcd7234d92d |
|
12-Nov-2014 |
Qin Long <qin.long@intel.com> |
CryptoPkg Updates to support RFC3161 timestamp signature verification. The main changes includes: 1. Enabling SHA384 and SHA512 digest algorithm; (Sha512.c) 2. RFC 3161 timestamp signature verification support; (CryptTs.c) 3. Fixed one ASN.1 length encoding issue in Authenticode verification routine. (CryptAuthenticode.c) 4. Add the corresponding test cases in Cryptest utility (SHA384 & SHA512 & Timestamp verification) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16339 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
|