From: "Judah Vang" <judah.vang@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
Jian J Wang <jian.j.wang@intel.com>,
Xiaoyu Lu <xiaoyux.lu@intel.com>,
Guomin Jiang <guomin.jiang@intel.com>,
Nishant C Mistry <nishant.c.mistry@intel.com>
Subject: [PATCH v3 28/28] CryptoPkg: Enable cypto HMAC KDF and AES library
Date: Wed, 8 Jun 2022 23:03:22 -0700 [thread overview]
Message-ID: <20220609060322.3491-29-judah.vang@intel.com> (raw)
In-Reply-To: <20220609060322.3491-1-judah.vang@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
V3: Fix build issue when DiSABLE_SHA1_DEPRECATED_INTERFACES
is defined. Percolate the #ifndef DiSABLE_SHA1_DEPRECATED_INTERFACES
to all the Sha1 functions. Replace AllocatePool() with
AllocatePages() and FreePool() with FreePages() because
FreePool() is not supported in PEI phase. FreePool() does not
free the allocated pool in PEI phase causing a memory leak.
V1: RPMC confidentiality feature requires HMAC-SHA256 support
during SMM phase. This allows the protected variable's data to
be encrypted in the SPI flash. PEI phase requires AES.
AllocatePool is replaced by AllocatePages because the memory
allocated by AllocatePool cannot be freed in PEI phase.
This is causing a memory leak error when running this new
feature.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Judah Vang <judah.vang@intel.com>
---
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 2 +-
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 2 +-
CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c | 11 ++++++-----
CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c | 14 +++++++++++++-
4 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index 01de27e03747..40728af37822 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -43,7 +43,7 @@ [Sources]
Hash/CryptParallelHashNull.c
Hmac/CryptHmacSha256.c
Kdf/CryptHkdf.c
- Cipher/CryptAesNull.c
+ Cipher/CryptAes.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 91a171509540..706b527338f0 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -43,7 +43,7 @@ [Sources]
Hash/CryptCShake256.c
Hash/CryptParallelHash.c
Hmac/CryptHmacSha256.c
- Kdf/CryptHkdfNull.c
+ Kdf/CryptHkdf.c
Cipher/CryptAes.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c
index b7bed15c18df..d77e1f7de5e3 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c
@@ -2,13 +2,14 @@
Base Memory Allocation Routines Wrapper for Crypto library over OpenSSL
during PEI & DXE phases.
-Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <CrtLibSupport.h>
#include <Library/MemoryAllocationLib.h>
+#include <Library/BaseCryptLib.h>
//
// Extra header to record the memory buffer size from malloc routine.
@@ -41,7 +42,7 @@ malloc (
//
NewSize = (UINTN)(size) + CRYPTMEM_OVERHEAD;
- Data = AllocatePool (NewSize);
+ Data = AllocatePages (EFI_SIZE_TO_PAGES (NewSize));
if (Data != NULL) {
PoolHdr = (CRYPTMEM_HEAD *)Data;
//
@@ -73,7 +74,7 @@ realloc (
VOID *Data;
NewSize = (UINTN)size + CRYPTMEM_OVERHEAD;
- Data = AllocatePool (NewSize);
+ Data = AllocatePages (EFI_SIZE_TO_PAGES (NewSize));
if (Data != NULL) {
NewPoolHdr = (CRYPTMEM_HEAD *)Data;
NewPoolHdr->Signature = CRYPTMEM_HEAD_SIGNATURE;
@@ -90,7 +91,7 @@ realloc (
// Duplicate the buffer content.
//
CopyMem ((VOID *)(NewPoolHdr + 1), ptr, MIN (OldSize, size));
- FreePool ((VOID *)OldPoolHdr);
+ FreePages (((VOID *)OldPoolHdr), EFI_SIZE_TO_PAGES (OldSize));
}
return (VOID *)(NewPoolHdr + 1);
@@ -117,6 +118,6 @@ free (
if (ptr != NULL) {
PoolHdr = (CRYPTMEM_HEAD *)ptr - 1;
ASSERT (PoolHdr->Signature == CRYPTMEM_HEAD_SIGNATURE);
- FreePool (PoolHdr);
+ FreePages (((VOID *)PoolHdr), EFI_SIZE_TO_PAGES (PoolHdr->Size));
}
}
diff --git a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
index f9796b215865..ede9fa8c09ec 100644
--- a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
+++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
@@ -6,7 +6,7 @@
This API, when called, will calculate the Hash using the
hashing algorithm specified by PcdHashApiLibPolicy.
- Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2020-2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -33,9 +33,11 @@ HashApiGetContextSize (
)
{
switch (PcdGet32 (PcdHashApiLibPolicy)) {
+ #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
case HASH_ALG_SHA1:
return Sha1GetContextSize ();
break;
+ #endif
case HASH_ALG_SHA256:
return Sha256GetContextSize ();
@@ -75,9 +77,11 @@ HashApiInit (
)
{
switch (PcdGet32 (PcdHashApiLibPolicy)) {
+ #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
case HASH_ALG_SHA1:
return Sha1Init (HashContext);
break;
+ #endif
case HASH_ALG_SHA256:
return Sha256Init (HashContext);
@@ -119,9 +123,11 @@ HashApiDuplicate (
)
{
switch (PcdGet32 (PcdHashApiLibPolicy)) {
+ #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
case HASH_ALG_SHA1:
return Sha1Duplicate (HashContext, NewHashContext);
break;
+ #endif
case HASH_ALG_SHA256:
return Sha256Duplicate (HashContext, NewHashContext);
@@ -165,9 +171,11 @@ HashApiUpdate (
)
{
switch (PcdGet32 (PcdHashApiLibPolicy)) {
+ #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
case HASH_ALG_SHA1:
return Sha1Update (HashContext, DataToHash, DataToHashLen);
break;
+ #endif
case HASH_ALG_SHA256:
return Sha256Update (HashContext, DataToHash, DataToHashLen);
@@ -209,9 +217,11 @@ HashApiFinal (
)
{
switch (PcdGet32 (PcdHashApiLibPolicy)) {
+ #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
case HASH_ALG_SHA1:
return Sha1Final (HashContext, Digest);
break;
+ #endif
case HASH_ALG_SHA256:
return Sha256Final (HashContext, Digest);
@@ -255,9 +265,11 @@ HashApiHashAll (
)
{
switch (PcdGet32 (PcdHashApiLibPolicy)) {
+ #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
case HASH_ALG_SHA1:
return Sha1HashAll (DataToHash, DataToHashLen, Digest);
break;
+ #endif
case HASH_ALG_SHA256:
return Sha256HashAll (DataToHash, DataToHashLen, Digest);
--
2.35.1.windows.2
prev parent reply other threads:[~2022-06-09 6:03 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-09 6:02 [PATCH v3 00/28] UEFI variable protection Judah Vang
2022-06-09 6:02 ` [PATCH v3 01/28] MdeModulePkg: Add new GUID for Variable Store Info Judah Vang
2022-06-13 6:05 ` [edk2-devel] " Wu, Hao A
2022-06-09 6:02 ` [PATCH v3 02/28] SecurityPkg: Add new GUIDs for Judah Vang
2022-06-09 6:02 ` [PATCH v3 03/28] MdeModulePkg: Update AUTH_VARIABLE_INFO struct Judah Vang
2022-06-09 6:02 ` [PATCH v3 04/28] MdeModulePkg: Add reference to new Ppi Guid Judah Vang
2022-06-09 6:02 ` [PATCH v3 05/28] MdeModulePkg: Add new ProtectedVariable GUIDs Judah Vang
2022-06-13 6:07 ` [edk2-devel] " Wu, Hao A
2022-06-09 6:03 ` [PATCH v3 06/28] MdeModulePkg: Add new include files Judah Vang
2022-06-13 6:07 ` [edk2-devel] " Wu, Hao A
2022-06-09 6:03 ` [PATCH v3 07/28] MdeModulePkg: Add Null ProtectedVariable Library Judah Vang
2022-06-09 6:03 ` [PATCH v3 08/28] MdeModulePkg: Add new Variable functionality Judah Vang
2022-06-13 6:08 ` Wu, Hao A
2022-06-09 6:03 ` [PATCH v3 09/28] MdeModulePkg: Add support for Protected Variables Judah Vang
2022-06-13 6:08 ` Wu, Hao A
2022-06-09 6:03 ` [PATCH v3 10/28] SecurityPkg: Add new KeyService types and defines Judah Vang
2022-06-09 6:03 ` [PATCH v3 11/28] SecurityPkg: Update RPMC APIs with index Judah Vang
2022-06-09 6:03 ` [PATCH v3 12/28] SecurityPkg: Add new variable types and functions Judah Vang
2022-06-09 6:03 ` [PATCH v3 13/28] SecurityPkg: Fix GetVariableKey API Judah Vang
2022-06-09 6:03 ` [PATCH v3 14/28] SecurityPkg: Add null encryption variable libs Judah Vang
2022-06-09 6:03 ` [PATCH v3 15/28] SecurityPkg: Add VariableKey library function Judah Vang
2022-06-09 6:03 ` [PATCH v3 16/28] SecurityPkg: Add EncryptionVariable lib with AES Judah Vang
2022-06-09 6:03 ` [PATCH v3 17/28] SecurityPkg: Add Protected Variable Services Judah Vang
2022-06-09 8:30 ` Min Xu
2022-06-16 19:23 ` [edk2-devel] " Judah Vang
2022-08-07 17:34 ` Wang, Jian J
2022-06-09 6:03 ` [PATCH v3 18/28] MdeModulePkg: Reference Null ProtectedVariableLib Judah Vang
2022-06-13 6:08 ` [edk2-devel] " Wu, Hao A
2022-06-09 6:03 ` [PATCH v3 19/28] SecurityPkg: Add references to new *.inf files Judah Vang
2022-06-09 6:03 ` [PATCH v3 20/28] ArmVirtPkg: Add reference to ProtectedVariableNull Judah Vang
2022-06-09 6:03 ` [PATCH v3 21/28] UefiPayloadPkg: Add ProtectedVariable reference Judah Vang
2022-06-09 6:03 ` [PATCH v3 22/28] EmulatorPkg: " Judah Vang
2022-07-13 5:21 ` [edk2-devel] " Ni, Ray
2022-06-09 6:03 ` [PATCH v3 23/28] OvmfPkg: " Judah Vang
2022-06-09 6:03 ` [PATCH v3 24/28] OvmfPkg: Add ProtectedVariableLib reference Judah Vang
2022-06-09 6:03 ` [PATCH v3 25/28] " Judah Vang
2022-06-09 6:03 ` [PATCH v3 26/28] " Judah Vang
2022-06-09 6:03 ` [PATCH v3 27/28] OvmfPkg: Add ProtectedVariable reference Judah Vang
2022-06-09 6:03 ` Judah Vang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220609060322.3491-29-judah.vang@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox