From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web12.7143.1654754635751883474 for ; Wed, 08 Jun 2022 23:03:55 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=DFfAdqdX; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: judah.vang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1654754635; x=1686290635; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=nQpgMuUIwgvvD67dh1EcfhBlMG7QWFCeOfL/4ovPoYs=; b=DFfAdqdXaeDs3SzkUAiVVKzhUpFaxa8/VM5cLvnB1HyOU0kR3wCdWRr0 3ujNTnD/i+6bJB1yuXLkkEMilXAk3Dkl0DayAVS7QesSPoVeWkDg0cM2y /kiny2nUY/9EgsNIz95Fr+JHZVR8NPrqpoM6fyMYgwsoo8ItZBEZSNYma R+iRVl1Sng9QqKePt3wB+HljUjt4PFHobSjarJ8BAOJpBp5CYKNQyLmeR sc7zN4Yj4tXL0iJ7SLQF/wO3ELuS1E4Lf+3chD9eIQCPNt1uwVwr0yEBl tsXGB73ctpfQqhb6iDjvi6tsZYO44v77XkwbjfnAZqDEDgArwHs2LE5FB g==; X-IronPort-AV: E=McAfee;i="6400,9594,10372"; a="274684410" X-IronPort-AV: E=Sophos;i="5.91,287,1647327600"; d="scan'208";a="274684410" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Jun 2022 23:03:54 -0700 X-IronPort-AV: E=Sophos;i="5.91,287,1647327600"; d="scan'208";a="566239988" Received: from jvang-mobl.amr.corp.intel.com ([10.209.91.16]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Jun 2022 23:03:54 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Nishant C Mistry Subject: [PATCH v3 28/28] CryptoPkg: Enable cypto HMAC KDF and AES library Date: Wed, 8 Jun 2022 23:03:22 -0700 Message-Id: <20220609060322.3491-29-judah.vang@intel.com> X-Mailer: git-send-email 2.35.1.windows.2 In-Reply-To: <20220609060322.3491-1-judah.vang@intel.com> References: <20220609060322.3491-1-judah.vang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 V3: Fix build issue when DiSABLE_SHA1_DEPRECATED_INTERFACES is defined. Percolate the #ifndef DiSABLE_SHA1_DEPRECATED_INTERFACES to all the Sha1 functions. Replace AllocatePool() with AllocatePages() and FreePool() with FreePages() because FreePool() is not supported in PEI phase. FreePool() does not free the allocated pool in PEI phase causing a memory leak. V1: RPMC confidentiality feature requires HMAC-SHA256 support during SMM phase. This allows the protected variable's data to be encrypted in the SPI flash. PEI phase requires AES. AllocatePool is replaced by AllocatePages because the memory allocated by AllocatePool cannot be freed in PEI phase. This is causing a memory leak error when running this new feature. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang --- CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 2 +- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 2 +- CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c | 11 ++++++----- CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c | 14 +++++++++++++- 4 files changed, 21 insertions(+), 8 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf index 01de27e03747..40728af37822 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -43,7 +43,7 @@ [Sources] Hash/CryptParallelHashNull.c Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c - Cipher/CryptAesNull.c + Cipher/CryptAes.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf index 91a171509540..706b527338f0 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -43,7 +43,7 @@ [Sources] Hash/CryptCShake256.c Hash/CryptParallelHash.c Hmac/CryptHmacSha256.c - Kdf/CryptHkdfNull.c + Kdf/CryptHkdf.c Cipher/CryptAes.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c index b7bed15c18df..d77e1f7de5e3 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c @@ -2,13 +2,14 @@ Base Memory Allocation Routines Wrapper for Crypto library over OpenSSL during PEI & DXE phases. -Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ #include #include +#include // // Extra header to record the memory buffer size from malloc routine. @@ -41,7 +42,7 @@ malloc ( // NewSize = (UINTN)(size) + CRYPTMEM_OVERHEAD; - Data = AllocatePool (NewSize); + Data = AllocatePages (EFI_SIZE_TO_PAGES (NewSize)); if (Data != NULL) { PoolHdr = (CRYPTMEM_HEAD *)Data; // @@ -73,7 +74,7 @@ realloc ( VOID *Data; NewSize = (UINTN)size + CRYPTMEM_OVERHEAD; - Data = AllocatePool (NewSize); + Data = AllocatePages (EFI_SIZE_TO_PAGES (NewSize)); if (Data != NULL) { NewPoolHdr = (CRYPTMEM_HEAD *)Data; NewPoolHdr->Signature = CRYPTMEM_HEAD_SIGNATURE; @@ -90,7 +91,7 @@ realloc ( // Duplicate the buffer content. // CopyMem ((VOID *)(NewPoolHdr + 1), ptr, MIN (OldSize, size)); - FreePool ((VOID *)OldPoolHdr); + FreePages (((VOID *)OldPoolHdr), EFI_SIZE_TO_PAGES (OldSize)); } return (VOID *)(NewPoolHdr + 1); @@ -117,6 +118,6 @@ free ( if (ptr != NULL) { PoolHdr = (CRYPTMEM_HEAD *)ptr - 1; ASSERT (PoolHdr->Signature == CRYPTMEM_HEAD_SIGNATURE); - FreePool (PoolHdr); + FreePages (((VOID *)PoolHdr), EFI_SIZE_TO_PAGES (PoolHdr->Size)); } } diff --git a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c index f9796b215865..ede9fa8c09ec 100644 --- a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c @@ -6,7 +6,7 @@ This API, when called, will calculate the Hash using the hashing algorithm specified by PcdHashApiLibPolicy. - Copyright (c) 2020, Intel Corporation. All rights reserved.
+ Copyright (c) 2020-2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -33,9 +33,11 @@ HashApiGetContextSize ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { + #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES case HASH_ALG_SHA1: return Sha1GetContextSize (); break; + #endif case HASH_ALG_SHA256: return Sha256GetContextSize (); @@ -75,9 +77,11 @@ HashApiInit ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { + #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES case HASH_ALG_SHA1: return Sha1Init (HashContext); break; + #endif case HASH_ALG_SHA256: return Sha256Init (HashContext); @@ -119,9 +123,11 @@ HashApiDuplicate ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { + #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES case HASH_ALG_SHA1: return Sha1Duplicate (HashContext, NewHashContext); break; + #endif case HASH_ALG_SHA256: return Sha256Duplicate (HashContext, NewHashContext); @@ -165,9 +171,11 @@ HashApiUpdate ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { + #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES case HASH_ALG_SHA1: return Sha1Update (HashContext, DataToHash, DataToHashLen); break; + #endif case HASH_ALG_SHA256: return Sha256Update (HashContext, DataToHash, DataToHashLen); @@ -209,9 +217,11 @@ HashApiFinal ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { + #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES case HASH_ALG_SHA1: return Sha1Final (HashContext, Digest); break; + #endif case HASH_ALG_SHA256: return Sha256Final (HashContext, Digest); @@ -255,9 +265,11 @@ HashApiHashAll ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { + #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES case HASH_ALG_SHA1: return Sha1HashAll (DataToHash, DataToHashLen, Digest); break; + #endif case HASH_ALG_SHA256: return Sha256HashAll (DataToHash, DataToHashLen, Digest); -- 2.35.1.windows.2