-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add need merge mbedtls(AesGcm/Pem(only RSA)/X509(not EC)/RSA/PKCS5/7/TS/Auth) #5552
Conversation
4050c90
to
9ec285d
Compare
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
Outdated
Show resolved
Hide resolved
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
Outdated
Show resolved
Hide resolved
// Check whether input P7Data is a wrapped ContentInfo structure or not. | ||
// | ||
Wrapped = FALSE; | ||
if ((P7Data[4] == 0x06) && (P7Data[5] == 0x09)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Magic number, is there any define in Mbedtls?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. I have changed the hardcode numbers.
OUT UINTN *DataOutSize | ||
) | ||
{ | ||
mbedtls_gcm_context ctx; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
format issue ctx.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. I have fixed all the format issue.
b606d11
to
9e08e39
Compare
c129734
to
bde5eeb
Compare
IN VOID *RsaContext, | ||
IN CONST UINT8 *MessageHash, | ||
IN UINTN HashSize, | ||
OUT UINT8 *Signature, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should check Signature == NULL
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. I have added the check. And the unit_test also passed.
if (Ret == 0) { | ||
return TRUE; | ||
} else { | ||
if ((mbedtls_x509_crt *)*X509Stack == NULL) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
meaningless check, *X509Stack always be non-NULL when need to free.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. I have changed the logic. Thanks.
e6557e8
to
8da4c4a
Compare
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 AeadAesGcm implementation based on Mbedtls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Add rand function for BaseCryptLibMbedTls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement Pem API based on Mbedtls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 X.509 Certificate Handler Wrapper Implementation over MbedTLS. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Because the current Mbedlts pkcs7 library doesn't support authenticatedAttributes: Mbed-TLS/mbedtls@bb82ab7 and only support 0 or 1 certificates in Signed data: tianocore/edk2-staging@9c5b26b The patch implement Pkcs7 by low Mbedtls Api. And the implementation has pass unit_tes and integration test. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement more RSA functions such as RsaPkcs1Sign based Mbedlts. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement AuthenticodeVerify based on Mbedtls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Timestamp Countersignature Verification implementaion based on Mbedtls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Update all *.inf in BaseCryptLibMbedTls based on new implementation. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Because the Mbedlts 3.3.0 doesn't have SHA3 and Sm3, the SHA3 and Sm3 implementaion based on Openssl. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
8da4c4a
to
d3ad1b2
Compare
No description provided.