From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web08.8439.1665500715117670141 for ; Tue, 11 Oct 2022 08:05:16 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=WMaNfJls; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: michael.d.kinney@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1665500716; x=1697036716; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=b7nfWpE781xylWhBqXw/ysIFAAGX1OSCeBACoJHUxmQ=; b=WMaNfJlsFhwag/oqATZLxR5m2heInyaop/G7nvgcfsb0zi28pHd29qQo NbwazMyHUns7c4iF0k4anFw2wwmczGszrR2fxDl2yViePtlylAvCYfA1u ged16Zc6difVYnwPul5qsqA0farmOpPS4eFtBokOjZGsi8r6Gl2ENZ2lg DSNFFtUTgbhdcaCFYRYmBZZlxugH7/K7DrCIdUTFeu7oohZLTniFE2qcj SyK2wMGS0nlr19MqsR7XoRS3kb+Tsk7nqpUTjZZyajF3spgGLzVBcWZMU RX4OND1kx3PjMXiWeGeLTSm5MRYdLF7H6m6+PuWGyw57GDNKxmib2blkZ g==; X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="366518334" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="366518334" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:08 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="604172831" X-IronPort-AV: E=Sophos;i="5.95,176,1661842800"; d="scan'208";a="604172831" Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.79.249]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 08:04:08 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Christopher Zurcher Subject: [Patch 07/12] CryptoPkg/Library/OpensslLib: Produce consistent set of APIs Date: Tue, 11 Oct 2022 08:03:53 -0700 Message-Id: <20221011150358.1332-8-michael.d.kinney@intel.com> X-Mailer: git-send-email 2.37.1.windows.1 In-Reply-To: <20221011150358.1332-1-michael.d.kinney@intel.com> References: <20221011150358.1332-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Update all OpensslLib instances so they all produce all the APIs used by the BaseCryptLib instances. Not producing the same set of APIs for a library class does not follow the EDK II library class rules and breaks the assumptions that consumers of the OpensslLib may make about which services are present. * Add missing declaration of the private library class OpensslLib to CryptoPkg.dec. * Add SslNull.c with NULL implementations of SSL functions * Add EcSm2Null.c with NULL implementations of EC/SM2 functions. * Update OpensslLibCrypto.inf to include both SslNull.c and EcSm2Null.c so this library instance produces all the opensll APIs used by the BaseCryptLib instances. * Update OpensslLib.inf and OpensslLibAccel.inf to include EcSm2Null.c so these library instances produce all the opensll APIs used by the BaseCryptLib instances. * Add missing declaration of the private library class IntrinsicLib to CryptoPkg.dec Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Christopher Zurcher Signed-off-by: Michael D Kinney --- CryptoPkg/CryptoPkg.dec | 9 + CryptoPkg/Library/OpensslLib/EcSm2Null.c | 291 +++++++++++++ CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 + .../Library/OpensslLib/OpensslLibAccel.inf | 2 + .../Library/OpensslLib/OpensslLibCrypto.inf | 2 + .../Library/OpensslLib/OpensslLibFull.inf | 2 + .../OpensslLib/OpensslLibFullAccel.inf | 2 + CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++++++++++ CryptoPkg/Private/Library/IntrinsicLib.h | 16 + CryptoPkg/Private/Library/OpensslLib.h | 14 + 10 files changed, 745 insertions(+) create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h create mode 100644 CryptoPkg/Private/Library/OpensslLib.h diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index 217e73c3bcd2..f326c6324013 100644 --- a/CryptoPkg/CryptoPkg.dec +++ b/CryptoPkg/CryptoPkg.dec @@ -37,6 +37,15 @@ [LibraryClasses] # HashApiLib|Include/Library/HashApiLib.h +[LibraryClasses.common.Private] + ## @libraryclass Provides library functions from the openssl project. + # + OpensslLib|Private/Library/OpensslLib.h + + ## @libraryclass Provides compiler intrinsic functions required to link openssl project. + # + InstrinsicLib|Private/Library/IntrinsicLib.h + [Protocols] ## EDK II Crypto DXE protocol # 2C2275C9-3A7B-426F-BE54-2D22BD9D1092 diff --git a/CryptoPkg/Library/OpensslLib/EcSm2Null.c b/CryptoPkg/Library/OpensslLib/EcSm2Null.c new file mode 100644 index 000000000000..8c52626ab29d --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/EcSm2Null.c @@ -0,0 +1,291 @@ +/** @file + Null implementation of EC and SM2 functions called by BaseCryptLib. + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +#undef OPENSSL_NO_EC + +#include +#include +#include + +void +EC_GROUP_free ( + EC_GROUP *group + ) +{ + ASSERT (FALSE); +} + +int +EC_GROUP_get_order ( + const EC_GROUP *group, + BIGNUM *order, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_GROUP_get_curve_name ( + const EC_GROUP *group + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_GROUP_get_curve ( + const EC_GROUP *group, + BIGNUM *p, + BIGNUM *a, + BIGNUM *b, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_GROUP_get_degree ( + const EC_GROUP *group + ) +{ + ASSERT (FALSE); + return 0; +} + +EC_GROUP * +EC_GROUP_new_by_curve_name ( + int nid + ) +{ + ASSERT (FALSE); + return NULL; +} + +EC_POINT * +EC_POINT_new ( + const EC_GROUP *group + ) +{ + ASSERT (FALSE); + return NULL; +} + +void +EC_POINT_free ( + EC_POINT *point + ) +{ + ASSERT (FALSE); +} + +void +EC_POINT_clear_free ( + EC_POINT *point + ) +{ + ASSERT (FALSE); +} + +int +EC_POINT_set_affine_coordinates ( + const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_POINT_get_affine_coordinates ( + const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_POINT_set_compressed_coordinates ( + const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_POINT_add ( + const EC_GROUP *group, + EC_POINT *r, + const EC_POINT *a, + const EC_POINT *b, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_POINT_invert ( + const EC_GROUP *group, + EC_POINT *a, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_POINT_is_at_infinity ( + const EC_GROUP *group, + const EC_POINT *p + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_POINT_is_on_curve ( + const EC_GROUP *group, + const EC_POINT *point, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return -1; +} + +int +EC_POINT_cmp ( + const EC_GROUP *group, + const EC_POINT *a, + const EC_POINT *b, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return -1; +} + +int +EC_POINT_mul ( + const EC_GROUP *group, + EC_POINT *r, + const BIGNUM *n, + const EC_POINT *q, + const BIGNUM *m, + BN_CTX *ctx + ) +{ + ASSERT (FALSE); + return -0; +} + +EC_KEY * +EC_KEY_new_by_curve_name ( + int nid + ) +{ + ASSERT (FALSE); + return NULL; +} + +void +EC_KEY_free ( + EC_KEY *key + ) +{ + ASSERT (FALSE); +} + +const EC_GROUP * +EC_KEY_get0_group ( + const EC_KEY *key + ) +{ + ASSERT (FALSE); + return NULL; +} + +const EC_POINT * +EC_KEY_get0_public_key ( + const EC_KEY *key + ) +{ + ASSERT (FALSE); + return NULL; +} + +int +EC_KEY_set_public_key ( + EC_KEY *key, + const EC_POINT *pub + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_KEY_generate_key ( + EC_KEY *key + ) +{ + ASSERT (FALSE); + return 0; +} + +int +EC_KEY_check_key ( + const EC_KEY *key + ) +{ + ASSERT (FALSE); + return 0; +} + +int +ECDH_compute_key ( + void *out, + size_t outlen, + const EC_POINT *pub_key, + const EC_KEY *ecdh, + void *(*KDF)( + const void *in, + size_t inlen, + void *out, + size_t *outlen + ) + ) +{ + ASSERT (FALSE); + return 0; +} diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 7d4b729bf7c7..9dc1dd23cf5a 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -627,6 +627,8 @@ [Sources] buildinf.h ossl_store.c rand_pool.c +# SslNull.c + EcSm2Null.c [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf index b552b011e2bf..256400bcc1b0 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf @@ -629,6 +629,8 @@ [Sources] buildinf.h ossl_store.c rand_pool.c +# SslNull.c + EcSm2Null.c [Sources.IA32] IA32/crypto/aes/aesni-x86.nasm | MSFT diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf index 5492865ddb2d..543487d53642 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -628,6 +628,8 @@ [Sources] buildinf.h ossl_store.c rand_pool.c + SslNull.c + EcSm2Null.c [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf index 1b5d9fa42405..c563ab13e4dc 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf @@ -633,6 +633,8 @@ [Sources] buildinf.h ossl_store.c rand_pool.c +# SslNull.c +# EcSm2Null.c [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf index 3c7b33f1e512..6ba05f23187c 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf @@ -634,6 +634,8 @@ [Sources] buildinf.h ossl_store.c rand_pool.c +# SslNull.c +# EcSm2Null.c [Sources.IA32] IA32/crypto/aes/aesni-x86.nasm | MSFT diff --git a/CryptoPkg/Library/OpensslLib/SslNull.c b/CryptoPkg/Library/OpensslLib/SslNull.c new file mode 100644 index 000000000000..49f1405bc0f1 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/SslNull.c @@ -0,0 +1,405 @@ +/** @file + Null implementation of SSL functions called by BaseCryptLib. + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include + +int +OPENSSL_init_ssl ( + uint64_t opts, + const OPENSSL_INIT_SETTINGS *settings + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur uint32_t +SSL_CIPHER_get_id ( + const SSL_CIPHER *c + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_COMP_add_compression_method ( + int id, + COMP_METHOD *cm + ) +{ + ASSERT (FALSE); + return 0; +} + +long +SSL_CTX_ctrl ( + SSL_CTX *ctx, + int cmd, + long larg, + void *parg + ) +{ + ASSERT (FALSE); + return 0; +} + +void +SSL_CTX_free ( + SSL_CTX *x + ) +{ + ASSERT (FALSE); + return; +} + +__owur X509_STORE * +SSL_CTX_get_cert_store ( + const SSL_CTX *x + ) +{ + ASSERT (FALSE); + return NULL; +} + +__owur SSL_CTX * +SSL_CTX_new ( + const SSL_METHOD *meth + ) +{ + ASSERT (FALSE); + return NULL; +} + +unsigned long +SSL_CTX_set_options ( + SSL_CTX *ctx, + unsigned long op + ) +{ + ASSERT (FALSE); + return 0; +} + +const unsigned char * +SSL_SESSION_get_id ( + const SSL_SESSION *s, + unsigned int *len + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur size_t +SSL_SESSION_get_master_key ( + const SSL_SESSION *sess, + unsigned char *out, + size_t outlen + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_SESSION_set1_id ( + SSL_SESSION *s, + const unsigned char *sid, + unsigned int sid_len + ) +{ + ASSERT (FALSE); + return 0; +} + +long +SSL_ctrl ( + SSL *ssl, + int cmd, + long larg, + void *parg + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_do_handshake ( + SSL *s + ) +{ + ASSERT (FALSE); + return 0; +} + +void +SSL_free ( + SSL *ssl + ) +{ + ASSERT (FALSE); + return; +} + +__owur X509 * +SSL_get_certificate ( + const SSL *ssl + ) +{ + ASSERT (FALSE); + return NULL; +} + +__owur size_t +SSL_get_client_random ( + const SSL *ssl, + unsigned char *out, + size_t outlen + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur const SSL_CIPHER * +SSL_get_current_cipher ( + const SSL *s + ) +{ + ASSERT (FALSE); + return NULL; +} + +__owur int +SSL_get_error ( + const SSL *s, + int ret_code + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur size_t +SSL_get_server_random ( + const SSL *ssl, + unsigned char *out, + size_t outlen + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur SSL_SESSION * +SSL_get_session ( + const SSL *ssl + ) +{ + ASSERT (FALSE); + return NULL; +} + +__owur SSL_CTX * +SSL_get_SSL_CTX ( + const SSL *ssl + ) +{ + ASSERT (FALSE); + return NULL; +} + +__owur OSSL_HANDSHAKE_STATE +SSL_get_state ( + const SSL *ssl + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_get_verify_mode ( + const SSL *s + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur X509_VERIFY_PARAM * +SSL_get0_param ( + SSL *ssl + ) +{ + ASSERT (FALSE); + return NULL; +} + +int +SSL_is_init_finished ( + const SSL *s + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_is_server ( + const SSL *s + ) +{ + ASSERT (FALSE); + return 0; +} + +SSL * +SSL_new ( + SSL_CTX *ctx + ) +{ + ASSERT (FALSE); + return NULL; +} + +__owur int +SSL_read ( + SSL *ssl, + void *buf, + int num + ) +{ + ASSERT (FALSE); + return 0; +} + +void +SSL_set_bio ( + SSL *s, + BIO *rbio, + BIO *wbio + ) +{ + ASSERT (FALSE); + return; +} + +__owur int +SSL_set_cipher_list ( + SSL *s, + const char *str + ) +{ + ASSERT (FALSE); + return 0; +} + +void +SSL_set_connect_state ( + SSL *s + ) +{ + ASSERT (FALSE); + return; +} + +void +SSL_set_hostflags ( + SSL *s, + unsigned int flags + ) +{ + ASSERT (FALSE); + return; +} + +void +SSL_set_info_callback ( + SSL *ssl, + void ( *cb )(const SSL *ssl, int type, int val) + ) +{ + ASSERT (FALSE); + return; +} + +void +SSL_set_security_level ( + SSL *s, + int level + ) +{ + ASSERT (FALSE); + return; +} + +void +SSL_set_verify ( + SSL *s, + int mode, + SSL_verify_cb callback + ) +{ + ASSERT (FALSE); + return; +} + +int +SSL_shutdown ( + SSL *s + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_use_certificate ( + SSL *ssl, + X509 *x + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_version ( + const SSL *ssl + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur int +SSL_write ( + SSL *ssl, + const void *buf, + int num + ) +{ + ASSERT (FALSE); + return 0; +} + +__owur const SSL_METHOD * +TLS_client_method ( + void + ) +{ + ASSERT (FALSE); + return NULL; +} diff --git a/CryptoPkg/Private/Library/IntrinsicLib.h b/CryptoPkg/Private/Library/IntrinsicLib.h new file mode 100644 index 000000000000..69172a041949 --- /dev/null +++ b/CryptoPkg/Private/Library/IntrinsicLib.h @@ -0,0 +1,16 @@ +/** @file + InstrinsicLib class with intrinsic APIs generated by compilers. + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef INTRINSTIC_LIB_H_ +#define INTRINSTIC_LIB_H_ + +// +// Compiler dependent intrinsic APIs. +// + +#endif diff --git a/CryptoPkg/Private/Library/OpensslLib.h b/CryptoPkg/Private/Library/OpensslLib.h new file mode 100644 index 000000000000..005eb848724e --- /dev/null +++ b/CryptoPkg/Private/Library/OpensslLib.h @@ -0,0 +1,14 @@ +/** @file + OpensslLib class with APIs from the openssl project + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef OPENSSL_LIB_H_ +#define OPENSSL_LIB_H_ + +#include + +#endif -- 2.37.1.windows.1