Add need merge mbedtls(AesGcm/Pem(only RSA)/X509(not EC)/RSA/PKCS5/7/TS/Auth) #5552
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Wenxing-hou
force-pushed
the
add_need_merge_mbedtls
branch
10 times, most recently
from
4050c90
to
9ec285d
Compare
liyi77
reviewed
Apr 22, 2024
liyi77
reviewed
Apr 22, 2024
liyi77
reviewed
Apr 22, 2024
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
Outdated
Show resolved
Hide resolved
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
Outdated
Show resolved
Hide resolved
| // Check whether input P7Data is a wrapped ContentInfo structure or not. | ||
| // | ||
| Wrapped = FALSE; | ||
| if ((P7Data[4] == 0x06) && (P7Data[5] == 0x09)) { |
There was a problem hiding this comment.
Magic number, is there any define in Mbedtls?
There was a problem hiding this comment.
Thanks. I have changed the hardcode numbers.
| OUT UINTN *DataOutSize | ||
| ) | ||
| { | ||
| mbedtls_gcm_context ctx; |
There was a problem hiding this comment.
Thanks. I have fixed all the format issue.
Wenxing-hou
force-pushed
the
add_need_merge_mbedtls
branch
2 times, most recently
from
b606d11
to
9e08e39
Compare
Wenxing-hou
force-pushed
the
add_need_merge_mbedtls
branch
3 times, most recently
from
c129734
to
bde5eeb
Compare
liyi77
reviewed
May 6, 2024
| IN VOID *RsaContext, | ||
| IN CONST UINT8 *MessageHash, | ||
| IN UINTN HashSize, | ||
| OUT UINT8 *Signature, |
There was a problem hiding this comment.
should check Signature == NULL
There was a problem hiding this comment.
Thanks. I have added the check. And the unit_test also passed.
| if (Ret == 0) { | ||
| return TRUE; | ||
| } else { | ||
| if ((mbedtls_x509_crt *)*X509Stack == NULL) { |
There was a problem hiding this comment.
meaningless check, *X509Stack always be non-NULL when need to free.
There was a problem hiding this comment.
Yes. I have changed the logic. Thanks.
Wenxing-hou
force-pushed
the
add_need_merge_mbedtls
branch
4 times, most recently
from
e6557e8
to
8da4c4a
Compare
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 AeadAesGcm implementation based on Mbedtls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Add rand function for BaseCryptLibMbedTls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement Pem API based on Mbedtls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 X.509 Certificate Handler Wrapper Implementation over MbedTLS. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Because the current Mbedlts pkcs7 library doesn't support authenticatedAttributes: Mbed-TLS/mbedtls@bb82ab7 and only support 0 or 1 certificates in Signed data: tianocore/edk2-staging@9c5b26b The patch implement Pkcs7 by low Mbedtls Api. And the implementation has pass unit_tes and integration test. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement more RSA functions such as RsaPkcs1Sign based Mbedlts. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement AuthenticodeVerify based on Mbedtls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Timestamp Countersignature Verification implementaion based on Mbedtls. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Update all *.inf in BaseCryptLibMbedTls based on new implementation. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Because the Mbedlts 3.3.0 doesn't have SHA3 and Sm3, the SHA3 and Sm3 implementaion based on Openssl. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Wenxing-hou
force-pushed
the
add_need_merge_mbedtls
branch
from
8da4c4a
to
d3ad1b2
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.