de0408be72d4a0e27683ce594fde982ff9085f7f |
|
29-Oct-2015 |
David Woodhouse <David.Woodhouse@intel.com> |
CryptoPkg/BaseCryptLib: Use X509_V_FLAG_NO_CHECK_TIME OpenSSL HEAD is in the process of adding this flag to disable the validity time checking. Backport it to 1.0.2 and use it too, for consistency. https://rt.openssl.org/Ticket/Display.html?id=3951&user=guest&pass=guest Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18704 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
68547181f3c5b1c0a73e748b44be1f454e2f7e3c |
|
29-Oct-2015 |
David Woodhouse <David.Woodhouse@intel.com> |
CryptoPkg/BaseCryptLib: Use X509_V_FLAG_PARTIAL_CHAIN Since OpenSSL 1.0.2 we can set this flag on the X509_STORE to instruct OpenSSL to accept non-self-signed certificates as trusted. So we don't need two entirely identical copies of a verify_cb() function which makes it ignore the resulting errors. We also *didn't* use that verify_cb() function for X509VerifyCert(), but probably should have done. So that can get X509_V_FLAG_PARTIAL_CHAIN for consistency, too. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18703 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
eeb8928a263b277fbf49fd72b4abacb8bf615511 |
|
29-Oct-2015 |
David Woodhouse <David.Woodhouse@intel.com> |
CryptoPkg/BaseCryptLib: Use i2d_X509_NAME() instead of abusing X509_NAME In OpenSSL 1.1, the X509_NAME becomes an opaque structure and we will no longer get away with accessing its members directly. Use i2d_X509_NAME() instead. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18699 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
1cae0c83bbd88822076542e2715077ca2a8bcadb |
|
29-Oct-2015 |
David Woodhouse <David.Woodhouse@intel.com> |
CryptoPkg/BaseCryptLib: Add missing OpenSSL includes OpenSSL 1.1 has cleaned up its include files a little, and it will now be necessary to directly include things like <openssl/bn.h> if we want to use them, rather than assuming they are included indirectly from other headers. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18698 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
952bd2291872b5e2d302f8de1349239bfbd0332c |
|
19-Jun-2015 |
Qin Long <qin.long@intel.com> |
CryptoPkg: Add some comments for API usage clarification. This patch adds some comments for API usage clarification, and adds one object initialization in X509ConstructCertificateStack implementation to fix possible memory release issue. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17671 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
1463ce18ca7c4f971c08cc6341dbb0adb25c831a |
|
16-Jun-2015 |
Qin Long <qin.long@intel.com> |
CryptoPkg: Wrapper files updates to support openssl-1.0.2c This patch updates some support header and wrapper files to support openssl-1.0.2c build, and correct some openssl API usages and boundary check. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17635 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
12d95665cb0e088afe2cd395f0acc7fdb2604acc |
|
25-Dec-2014 |
Long, Qin <qin.long@intel.com> |
Correct the Hash Calculation for Revoked X.509 Certificate to align with RFC3280 and UEFI 2.4 Spec. This patch added one new X509GetTBSCert() interface in BaseCryptLib to retrieve the TBSCertificate, and also corrected the hash calculation for revoked certificate to aligned the RFC3280 and UEFI 2.4 spec. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Long, Qin" <qin.long@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@initel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16559 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
02ee8d3b4cebb319ff1747f9bdc3f6b473d63f3e |
|
28-Dec-2012 |
sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> |
1. Enable the whole X509v3 extension checking. 2. Replace d2i_X509_bio with d2i_X509. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ling Qin <qin.long@intel.com> Reviewed-by: Ouyang Qian <qian.ouyang@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14026 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
efad60c5845b4fb095d42940ba986ec5202b6e80 |
|
23-Aug-2012 |
tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> |
Fix PeiCryptLib build issue. Signed-off-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13670 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
dda39f3a5850458391aaab330971d46bc9c2b690 |
|
02-Aug-2012 |
tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> |
Fix several issues in BaseCryptLib: 1. Add input length check for several APIs in BaseCryptLib. 2. Add return status check when calling OpensslLib functions 3. Adjust BaseCryptLib API to match description of wrapped OpensslLib API. 4. Update INF file to add missed RuntimeServicesTableLib. 5. Fix return status issue of APIs in CryptX509.c that incorrect when error occurs. Signed-off-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13579 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
6b8ebcb8de52ae5cab543181712e53eeb94340a7 |
|
27-Jul-2012 |
tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> |
Fix some typo and coding style issues in BaseCryptLib instances. Signed-off by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu, Siyuan <Siyuan.fu@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13564 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
e8b4eb041777a361c2fb81b34c8ab65951ff8c46 |
|
31-Mar-2012 |
tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> |
Add two new interfaces Pkcs7GetSigners and Pkcs7FreeSigners to BaseCryptLib. Signed-off by: tye1 Reviewed-by: geekboy15a Reviewed-by: sfu5 Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13158 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
16d2c32c4dff7fd8b0ee19e3ba908c0121f6636e |
|
19-Mar-2012 |
sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> |
1. Remove conducting ASSERT in BaseCryptLib. Signed-off-by: sfu5 Reviewed-by: qianouyang Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13110 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
d3945da6446cac381620340eced7c22b50d8ef44 |
|
04-Nov-2011 |
tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> |
Update return FALSE to ASSERT() for code consistent. Signed-off-by: tye Reviewed-by: jyao1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12659 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
da9e7418daad22aee7b48790c1d1db5d2ede7e58 |
|
28-Oct-2011 |
tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> |
1. Fix build break issue for NOOPT target. 2. Fix potential system hang issue in X509_STORE_CTX_cleanup. 3. Fix potential overflow when convert UINTN to INT. 4. Update Pkcs7Sign() to output stripped PKCS#7 SignedData. 5. Update Pkcs7Verify() to support both wrapped/stripped PKCS#7 SignedData. Signed-off-by: tye Reviewed-by: xdu2 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12593 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
b7d320f8117ed2fffe001b1a0b7bfcd4f40fafc4 |
|
16-Aug-2011 |
tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> |
Add new interfaces to support PKCS7#7 signed data and authenticode signature. Update Cryptest to validate functionality of new interfaces. Signed-off-by: tye1 Reviewed-by: hhuan13 Reviewed-by: qlong git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12142 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
4a567c9690db97ecbf982e9428727f073bada504 |
|
31-Dec-2010 |
qlong <qlong@6f19259b-4bc3-4df7-8a09-765794883524> |
1. Add new API supports for PEM & X509 key retrieving & verification; 2. Add new MD4 hash supports; 3. Add corresponding test case in Cryptest utility; 4. Fix MACRO definition issue in OpensslLib.inf and parameter checking issues in some wrapper implementations. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11214 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|