| de0408be72d4a0e27683ce594fde982ff9085f7f |
|
29-Oct-2015 |
David Woodhouse <David.Woodhouse@intel.com> |
CryptoPkg/BaseCryptLib: Use X509_V_FLAG_NO_CHECK_TIME
OpenSSL HEAD is in the process of adding this flag to disable the validity
time checking. Backport it to 1.0.2 and use it too, for consistency.
https://rt.openssl.org/Ticket/Display.html?id=3951&user=guest&pass=guest
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18704 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| 68547181f3c5b1c0a73e748b44be1f454e2f7e3c |
|
29-Oct-2015 |
David Woodhouse <David.Woodhouse@intel.com> |
CryptoPkg/BaseCryptLib: Use X509_V_FLAG_PARTIAL_CHAIN
Since OpenSSL 1.0.2 we can set this flag on the X509_STORE to instruct
OpenSSL to accept non-self-signed certificates as trusted. So we don't
need two entirely identical copies of a verify_cb() function which makes
it ignore the resulting errors.
We also *didn't* use that verify_cb() function for X509VerifyCert(), but
probably should have done. So that can get X509_V_FLAG_PARTIAL_CHAIN for
consistency, too.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18703 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| eeb8928a263b277fbf49fd72b4abacb8bf615511 |
|
29-Oct-2015 |
David Woodhouse <David.Woodhouse@intel.com> |
CryptoPkg/BaseCryptLib: Use i2d_X509_NAME() instead of abusing X509_NAME
In OpenSSL 1.1, the X509_NAME becomes an opaque structure and we will no
longer get away with accessing its members directly. Use i2d_X509_NAME()
instead.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18699 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| 1cae0c83bbd88822076542e2715077ca2a8bcadb |
|
29-Oct-2015 |
David Woodhouse <David.Woodhouse@intel.com> |
CryptoPkg/BaseCryptLib: Add missing OpenSSL includes
OpenSSL 1.1 has cleaned up its include files a little, and it will now
be necessary to directly include things like <openssl/bn.h> if we want
to use them, rather than assuming they are included indirectly from
other headers.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18698 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| 952bd2291872b5e2d302f8de1349239bfbd0332c |
|
19-Jun-2015 |
Qin Long <qin.long@intel.com> |
CryptoPkg: Add some comments for API usage clarification.
This patch adds some comments for API usage clarification, and
adds one object initialization in X509ConstructCertificateStack
implementation to fix possible memory release issue.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17671 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| 1463ce18ca7c4f971c08cc6341dbb0adb25c831a |
|
16-Jun-2015 |
Qin Long <qin.long@intel.com> |
CryptoPkg: Wrapper files updates to support openssl-1.0.2c
This patch updates some support header and wrapper files to support
openssl-1.0.2c build, and correct some openssl API usages and
boundary check.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17635 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| 12d95665cb0e088afe2cd395f0acc7fdb2604acc |
|
25-Dec-2014 |
Long, Qin <qin.long@intel.com> |
Correct the Hash Calculation for Revoked X.509 Certificate to align with RFC3280 and UEFI 2.4 Spec.
This patch added one new X509GetTBSCert() interface in BaseCryptLib to retrieve the TBSCertificate,
and also corrected the hash calculation for revoked certificate to aligned the RFC3280 and UEFI 2.4 spec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Long, Qin" <qin.long@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@initel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16559 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| 02ee8d3b4cebb319ff1747f9bdc3f6b473d63f3e |
|
28-Dec-2012 |
sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> |
1. Enable the whole X509v3 extension checking.
2. Replace d2i_X509_bio with d2i_X509.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ling Qin <qin.long@intel.com>
Reviewed-by: Ouyang Qian <qian.ouyang@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14026 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| efad60c5845b4fb095d42940ba986ec5202b6e80 |
|
23-Aug-2012 |
tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> |
Fix PeiCryptLib build issue.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13670 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| dda39f3a5850458391aaab330971d46bc9c2b690 |
|
02-Aug-2012 |
tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> |
Fix several issues in BaseCryptLib:
1. Add input length check for several APIs in BaseCryptLib.
2. Add return status check when calling OpensslLib functions
3. Adjust BaseCryptLib API to match description of wrapped OpensslLib API.
4. Update INF file to add missed RuntimeServicesTableLib.
5. Fix return status issue of APIs in CryptX509.c that incorrect when error occurs.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13579 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| 6b8ebcb8de52ae5cab543181712e53eeb94340a7 |
|
27-Jul-2012 |
tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> |
Fix some typo and coding style issues in BaseCryptLib instances.
Signed-off by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu, Siyuan <Siyuan.fu@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13564 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| e8b4eb041777a361c2fb81b34c8ab65951ff8c46 |
|
31-Mar-2012 |
tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> |
Add two new interfaces Pkcs7GetSigners and Pkcs7FreeSigners to BaseCryptLib.
Signed-off by: tye1
Reviewed-by: geekboy15a
Reviewed-by: sfu5
Reviewed-by: gdong1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13158 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| 16d2c32c4dff7fd8b0ee19e3ba908c0121f6636e |
|
19-Mar-2012 |
sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> |
1. Remove conducting ASSERT in BaseCryptLib.
Signed-off-by: sfu5
Reviewed-by: qianouyang
Reviewed-by: gdong1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13110 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| d3945da6446cac381620340eced7c22b50d8ef44 |
|
04-Nov-2011 |
tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> |
Update return FALSE to ASSERT() for code consistent.
Signed-off-by: tye
Reviewed-by: jyao1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12659 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| da9e7418daad22aee7b48790c1d1db5d2ede7e58 |
|
28-Oct-2011 |
tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> |
1. Fix build break issue for NOOPT target.
2. Fix potential system hang issue in X509_STORE_CTX_cleanup.
3. Fix potential overflow when convert UINTN to INT.
4. Update Pkcs7Sign() to output stripped PKCS#7 SignedData.
5. Update Pkcs7Verify() to support both wrapped/stripped PKCS#7 SignedData.
Signed-off-by: tye
Reviewed-by: xdu2
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12593 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| b7d320f8117ed2fffe001b1a0b7bfcd4f40fafc4 |
|
16-Aug-2011 |
tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> |
Add new interfaces to support PKCS7#7 signed data and authenticode signature. Update Cryptest to validate functionality of new interfaces.
Signed-off-by: tye1
Reviewed-by: hhuan13
Reviewed-by: qlong
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12142 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|
| 4a567c9690db97ecbf982e9428727f073bada504 |
|
31-Dec-2010 |
qlong <qlong@6f19259b-4bc3-4df7-8a09-765794883524> |
1. Add new API supports for PEM & X509 key retrieving & verification;
2. Add new MD4 hash supports;
3. Add corresponding test case in Cryptest utility;
4. Fix MACRO definition issue in OpensslLib.inf and parameter checking issues in some wrapper implementations.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11214 6f19259b-4bc3-4df7-8a09-765794883524
/device/linaro/bootloader/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
|