From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web08.2004.1657851205340464911 for ; Thu, 14 Jul 2022 19:13:25 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=guDHgXbN; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: heng.luo@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1657851205; x=1689387205; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=GOOES1VTzkK5LHxSpsVnS8m9ky85l9W4BgytWu+B62s=; b=guDHgXbNtvZZcwg8fvis0gth/1SzDRsOVtQv0e+9m7cCGh7D1jqeMmlM qP1o7G/i81cBmvOjfJaNvyd78bFznZa5DjeXslzRQt1LJV5ODHG7DYlT7 cEyJslel2WCVf5cMgEmcjsT2OazTjd/RBjPjdujBedfwQbnJh+Hv8paCa aqMYhvSVopF0J8WatiFDU5TL4phsFBcsBgLVSg47M/XBfOJVXYyaTKebI ut0TzsY42d8N54zAmFj4hQwrf73MMsiIW9Bbwpov+CtzTIuDpU1Y0f7cr PChoaRodgQkpgmpyEaOIWyU+KGoat1AlNDg04zGmcL5okIzULW2mlIqVc Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10408"; a="283239278" X-IronPort-AV: E=Sophos;i="5.92,272,1650956400"; d="scan'208";a="283239278" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jul 2022 19:13:24 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.92,272,1650956400"; d="scan'208";a="654132372" Received: from orsmsx604.amr.corp.intel.com ([10.22.229.17]) by fmsmga008.fm.intel.com with ESMTP; 14 Jul 2022 19:13:24 -0700 Received: from orsmsx609.amr.corp.intel.com (10.22.229.22) by ORSMSX604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Thu, 14 Jul 2022 19:13:24 -0700 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX609.amr.corp.intel.com (10.22.229.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Thu, 14 Jul 2022 19:13:23 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Thu, 14 Jul 2022 19:13:23 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.171) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Thu, 14 Jul 2022 19:13:23 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D5hkrpgv9AVo0ulVTDxURzf/Bh80sDolBykcmWGkLXsbTjx+B/JVUb6+nxXF5jwRBdmoWOEzYO6czSAjUq3k6Kvl4vkspect3H0dH/r1f1lBAYF6wApP5RZ+0qX6ud9RidpxYKlymWZcT4Cr3LdCim5hCxw5yNV1k+Rq/LucS+XL1U9K31Jj58p0mQ30m4Obs1Gx9ZtdZwr6OOOGKN4fcM8EUQaUQTYqKWaeucPAAe7+fd0RwazJfIPtwwiJDTWIjYtCM75ycZEXEt7ap3JgEtxlGDqR72ATSJg1jaecWrhOVtPRhZUv7wQWBdtJqXvGRh3FGFTPQpyOod24BS2WqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GCt05fS3oa7dDSUXoKR5ngQWh63bTknz1F1KJ8lv8EM=; b=DGLNy8Usc5XCJRYoivOYXQ9TzEGiRUjBAizrAGavmky3XLGeld0ne4woUstNfvOBfz0idvlDCG9vZ3StX4tdkoCEvBfq5LDQwGbZulLxRSf/dB0ElCGBN/cb619NZ3g2tHPIdUcy7/b9A70Gs3l1ZJ5AKLOLDRZbuTjle4jlopKO/0zp3Ulim1+cF8UKH1MadGixntYYKpWwM6TTE7D9mS1j2zu9M6Olfy0HCdJ/A6FmknvMv0fouQPT9niVpSynZcAtES74czvYVVZ/NVSkG4GkX4OenVHSWCZ6gadxYdSKCatEZ3WevVW4U4KtdPRZ6GSZJur8pV2wZhQ1sLH+WA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from SN6PR11MB2752.namprd11.prod.outlook.com (2603:10b6:805:59::31) by CY5PR11MB6390.namprd11.prod.outlook.com (2603:10b6:930:39::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.14; Fri, 15 Jul 2022 02:13:16 +0000 Received: from SN6PR11MB2752.namprd11.prod.outlook.com ([fe80::d18b:1f51:52b6:f1bb]) by SN6PR11MB2752.namprd11.prod.outlook.com ([fe80::d18b:1f51:52b6:f1bb%5]) with mapi id 15.20.5417.027; Fri, 15 Jul 2022 02:13:16 +0000 From: "Heng Luo" To: "Li, Yi1" , "devel@edk2.groups.io" CC: "Tan, Ming" Subject: Re: [staging/crypto-new-api PATCH] CryptoPkg: Fix issues from crypto code review. Thread-Topic: [staging/crypto-new-api PATCH] CryptoPkg: Fix issues from crypto code review. Thread-Index: AQHYl++pcqECw6mdUUWgv9HGNUeOda1+sC9A Date: Fri, 15 Jul 2022 02:13:16 +0000 Message-ID: References: <20220715020711.1190-1-yi1.li@intel.com> In-Reply-To: <20220715020711.1190-1-yi1.li@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.500.17 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cf65bfcf-6953-4ed4-3ee2-08da66079453 x-ms-traffictypediagnostic: CY5PR11MB6390:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 1USRRsbIO0SnWn1uHwciM83cvHhqT0rQHwewunx78nvjCzhmQ2YmmXR/V4rs7SQpGrljt5cWEyA/v3raTRZ4/I7tVF2CgBOIzK1ebMmz9vYmO4iV5V5m7NZV0OZJrG344c6kSCSBZPhgs9YI/he9euKZJj0wJYixtee5E/yMV68mdtzxNeNrHBb6+5kaHRWhQONvu6StOX2AZZ2GHXJ6raZ1N6wXH6Fmjl0IE+u9lx3Q6Dq99fbhhobeFOeuhRBU57VaJ2sXXQqIFt9NL6yL4SGRbSSq4VMx0Mw1Hwfph01KnqjvX1g17Pmr7Dt8v/M4SU7VAvRP3uKPZHoSvogpEa1M4n9zNm3nexTtXroWjkPiZKR/YlSr3OwIILWnZKEMuBs+pAEloixuY7r6PNlv6/ffXwqIU7upRiXUBZimLoZQ1B2BIbrjMOhDK3XYsG7XsD387QUhsKItwZzW0tCDOHrlzZBCzAbhl7SdK3Gl3MNqzofl6YFBV6iHrIDE951g6F24ynX3K0pOL6MStMKR0gq5OYl+ou5jsuBigUn/aX+8Hu8TbserkPDmJGdHjN4euY/noRY216TWIQGCoWOZQApXXNRUxbNZI1h+JHLzgAOgVH1Cuy/gKsTyTpIsNx4Ft305PE0gpRqVY1PQ/Gr0oTuf4QAW812TA9neZWKnRjsUfXw7ZBEPs3fJraYGxcQy5cD2meBc3wJsyRnvs7IbNO45dE4dgfmx5BHZ0XmW/E/KP8bGtBaMiJ5ghuVeb4QIWaAevbs+O/WJIgZ4iYyOO2k2iggha3U1HYQRLpLiytMEoyJRd9qiQBGbI7FKqt34 x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR11MB2752.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(396003)(346002)(136003)(376002)(366004)(39860400002)(38070700005)(316002)(7696005)(26005)(76116006)(30864003)(107886003)(66946007)(2906002)(53546011)(83380400001)(110136005)(64756008)(41300700001)(66446008)(66556008)(8676002)(4326008)(66476007)(5660300002)(6506007)(33656002)(55016003)(8936002)(52536014)(122000001)(86362001)(478600001)(71200400001)(38100700002)(186003)(82960400001)(9686003)(559001)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?eaZwC7q1IlsBbcnwgj/k2TdEmQ4i8SQGNLm4b5GEdaq0dhrsNvIkNIdyc4Oc?= =?us-ascii?Q?ohTGPmUn7AqAH4u7luGtYescsQmlfKrSQ5eXs6AWrQlZkEi1r7UAadSqVMOq?= =?us-ascii?Q?9X0wUfL8EcwDuUG+jTSPKryoHDN7nAxII/JNWiHf6tqbgQxSCJB7ywrXHqxW?= =?us-ascii?Q?PrtHsvjKEs4gF8rakfa4pUytprxRCHXD8pZ2+o9Fxjo6NKBzKRNuC8UTpN5I?= =?us-ascii?Q?Dh8fAyCdK/bvyaWytq98OL8dAeuM2tmMqI171KruZvw6021+SvsZzHBDbNkF?= =?us-ascii?Q?gAhl92EN57KesAP00b6AW3/vdFQoCeQciKUjEDzJ7jaYVHm6C1uF+BTyyuCz?= =?us-ascii?Q?BS5CMXL1oG4mxpiMoKkPQCAoTualVwSeS8xEviUyVUi1NSAK3uXKktQ5aAXL?= =?us-ascii?Q?lUSo5Px+T5Md5PxlKVA/2zen5p2fvh7Sl+5sVFO2QfoMuKifbwbr6hfO7h6Z?= =?us-ascii?Q?ozSrkeDzetmzqVWZESbILRHs3wneQIFfbgX4NfjSvM9f+c79zCy/ydOVhiC5?= =?us-ascii?Q?19SyI9MMfbaywKY17bWvrdss8Kyrxv5tH7xvixrVfohgMRZ8NxfehLC/aX1o?= =?us-ascii?Q?1Jae15OvNf4dQU6fz4S2GgrpMa03d8rjlfy9dzv5NWbTCebXLmtJlDXP5LJG?= =?us-ascii?Q?BHluVZGLV2eSGPIyVW5y3NpOp66/rsItSXu5hrQi+gQBH5+1fHlofNiNprhs?= =?us-ascii?Q?Osh5S5L/P2tMYaqdy7TvFiRzaAov5CDHoBFG+POxPHQ2JCweL7QzmAWWIu4z?= =?us-ascii?Q?NwuEKPTRQWwoAnk+gCbdiekwMBuCoxdqyO2AXA8AeNOnV4rO+N0kRyLlL82Y?= =?us-ascii?Q?EWIWPwX+//aMksQNKraidCMqbaAvFjRu8TtkaCauYOIOe9eebmay/+Npgt7P?= =?us-ascii?Q?OY/zv6TbZ+cyCQTekZGa9+StAbdBbwUbOtNQHJ+Z5nEYO0SiWlmrOCm1cwiz?= =?us-ascii?Q?tMANedz2acCt75s63g82rsUKD3Ae6pT/pqqciIMjbSpXS9P2LsEZg2iXIhtu?= =?us-ascii?Q?Mw/lR99h6JWEB7PVolUar/SYJN0989vyIz9tDqZMpnfy9fNXwm4E/6NuXMMP?= =?us-ascii?Q?oupScn7U/ey4Gw+diHjlFKn3jH4uXqXveEGv39/PAYmQNdjL92aPW3LiBOyk?= =?us-ascii?Q?ydjs13PtZawzSU7dzOewJUA1zyQi1q742wZAXofxRmtV59NAKA9HmuBEVhca?= =?us-ascii?Q?BSAe4qbqRnqxz8g2nE9uECRROjL2a+fehhGSbeI6wXnIZINh8csfJXVi8dhP?= =?us-ascii?Q?RzBXsNfmaTynta9HXsEvjV1svVAuwNUgW854LZ+gE6i6yKon18YX3cToqjbK?= =?us-ascii?Q?ZwwVmk4IY7VxYTEEGVbz1+dFvA7DptVngFGsfJu+MK8g66dPnY6gHphJbG2C?= =?us-ascii?Q?prMSbMUm2SXShdsaaYHRTgZvIVD7cOk8V7xpQZ5JpTh/OkKUlkuicv7cMB5g?= =?us-ascii?Q?RrogUFrI3Tyid/9QVcXQp/iPl6MnEveDyDUxzD1chbzt7YkMpSBUkKfqmkux?= =?us-ascii?Q?ZtuYPgXmtwa1loX67ZYsbvbYxVLdq1zDvar/WL8QuggX0D3sya7GA4/eLSbT?= =?us-ascii?Q?YyfMFsOkZMdu96u+pELKgUeCOlzq6V0FXkh7u48a?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR11MB2752.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: cf65bfcf-6953-4ed4-3ee2-08da66079453 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jul 2022 02:13:16.5165 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: LKujQ1MvNB8148+Nc10PbXkrj/VsBgiBXFSuOHt8Zm56Z+RSFIQwBhdvUYboSDRtkPlwqnXQJInA0NDycqWyKQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR11MB6390 Return-Path: heng.luo@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Heng Luo > -----Original Message----- > From: Li, Yi1 > Sent: Friday, July 15, 2022 10:07 AM > To: devel@edk2.groups.io > Cc: Li, Yi1 ; Tan, Ming ; Luo, Heng > > Subject: [staging/crypto-new-api PATCH] CryptoPkg: Fix issues from crypto= code > review. >=20 > Details: > 1. Some APIs need more detail comment. > 2. Correct BnRShift() param order. > 3. Remove unsecure ECC curve from GroupToNid(). > 4. Add full public key validating procedures to EcDhDeriveSecret(). >=20 > Cc: Ming Tan > Cc: Heng Luo > Signed-off-by: Yi Li >=20 > --- > CryptoPkg/Driver/Crypto.c | 31 ++++++++++++= ++++++++--------- > -- > CryptoPkg/Include/Library/BaseCryptLib.h | 31 > ++++++++++++++++++++----------- > CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c | 7 ++++--- > CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c | 4 +++- > CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c | 61 > ++++++++++++++++++++++++++++++++++--------------------------- > CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c | 27 > +++++++++++++++++---------- > CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c | 4 +++- > CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c | 27 > +++++++++++++++++---------- > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 31 > ++++++++++++++++++++----------- > CryptoPkg/Private/Protocol/Crypto.h | 31 ++++++++++++= ++++++++-- > --------- > 10 files changed, 158 insertions(+), 96 deletions(-) >=20 > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index > de422b7f53..10a0ce8800 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -4962,7 +4962,6 @@ CryptoServiceBigNumValueOne ( > @param[out] BnRes The result. >=20 > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -5051,6 +5050,9 @@ CryptoServiceBigNumContextFree ( >=20 > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > @@ -5092,7 +5094,7 @@ CryptoServiceBigNumAddMod ( > using EcGroupFree() function. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). >=20 > @retval EcGroup object On success. > @retval NULL On failure. > @@ -5114,8 +5116,8 @@ CryptoServiceEcGroupInit ( >=20 > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. >=20 > @retval EFI_SUCCESS On success. > @@ -5426,13 +5428,14 @@ CryptoServiceEcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. >=20 > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -5466,8 +5469,9 @@ CryptoServiceEcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public = key. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -5484,15 +5488,20 @@ CryptoServiceEcDhGetPubKey ( >=20 > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA = "Group > - Description" attribute registrty for RFC 24= 09). > + Description" attribute registry for RFC 240= 9). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 8fcb496c40..0de9f0739e 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -2723,7 +2723,6 @@ BigNumValueOne ( > @param[out] BnRes The result. >=20 > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -2797,6 +2796,9 @@ BigNumContextFree ( >=20 > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > @@ -2832,7 +2834,7 @@ BigNumAddMod ( > using EcGroupFree() function. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). >=20 > @retval EcGroup object On success. > @retval NULL On failure. > @@ -2851,8 +2853,8 @@ EcGroupInit ( >=20 > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. >=20 > @retval EFI_SUCCESS On success. > @@ -3121,13 +3123,14 @@ EcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. >=20 > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -3155,8 +3158,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public = key. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -3170,15 +3174,20 @@ EcDhGetPubKey ( >=20 > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA = "Group > - Description" attribute registrty for RFC 24= 09). > + Description" attribute registry for RFC 240= 9). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c > b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c > index 3e43492a56..b6411cd541 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c > +++ b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c > @@ -442,7 +442,6 @@ BigNumValueOne ( > @param[out] BnRes The result. >=20 > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -453,8 +452,7 @@ BigNumRShift ( > OUT VOID *BnRes > ) > { > - // BN_rshift() does not modify the first argument, so we remove const. > - if (BN_rshift ((BIGNUM *)Bn, BnRes, (int)n) =3D=3D 1) { > + if (BN_rshift (BnRes, Bn, (int)n) =3D=3D 1) { > return EFI_SUCCESS; > } else { > return EFI_PROTOCOL_ERROR; > @@ -547,6 +545,9 @@ BigNumContextFree ( >=20 > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c > b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c > index 4a27433a0e..4d2fa039df 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c > +++ b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c > @@ -395,7 +395,6 @@ BigNumValueOne ( > @param[out] BnRes The result. >=20 > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -487,6 +486,9 @@ BigNumContextFree ( >=20 > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c > b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c > index 4d1aab8d32..90d1b8bce7 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c > +++ b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c > @@ -21,13 +21,13 @@ > #include >=20 > /** > - Temp comment. > + Return the Nid of certain ECC group. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). >=20 > - @retval EcGroup object On success. > - @retval NULL On failure. > + @retval !=3D-1 On success. > + @retval -1 ECC group not supported. > **/ > STATIC > INT32 > @@ -47,12 +47,6 @@ GroupToNid ( > case 21: > Nid =3D NID_secp521r1; > break; > - case 25: > - Nid =3D NID_X9_62_prime192v1; > - break; > - case 26: > - Nid =3D NID_secp224r1; > - break; > default: > return -1; > } > @@ -66,7 +60,7 @@ GroupToNid ( > using EcGroupFree() function. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). >=20 > @retval EcGroup object On success. > @retval NULL On failure. > @@ -96,8 +90,8 @@ EcGroupInit ( >=20 > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. >=20 > @retval EFI_SUCCESS On success. > @@ -218,7 +212,7 @@ EcPointGetAffineCoordinates ( > ) > { > return EC_POINT_get_affine_coordinates (EcGroup, EcPoint, BnX, BnY, Bn= Ctx) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } >=20 > /** > @@ -244,7 +238,7 @@ EcPointSetAffineCoordinates ( > ) > { > return EC_POINT_set_affine_coordinates (EcGroup, EcPoint, BnX, BnY, Bn= Ctx) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } >=20 > /** > @@ -271,7 +265,7 @@ EcPointAdd ( > ) > { > return EC_POINT_add (EcGroup, EcPointResult, EcPointA, EcPointB, BnCtx= ) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } >=20 > /** > @@ -298,7 +292,7 @@ EcPointMul ( > ) > { > return EC_POINT_mul (EcGroup, EcPointResult, NULL, EcPoint, BnPScalar, > BnCtx) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } >=20 > /** > @@ -320,7 +314,7 @@ EcPointInvert ( > ) > { > return EC_POINT_invert (EcGroup, EcPoint, BnCtx) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } >=20 > /** > @@ -414,19 +408,20 @@ EcPointSetCompressedCoordinates ( > ) > { > return EC_POINT_set_compressed_coordinates (EcGroup, EcPoint, BnX, YBi= t, > BnCtx) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } >=20 > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. >=20 > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -508,8 +503,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public = key. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -553,15 +549,21 @@ out: >=20 > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA = "Group > - Description" attribute registrty for RFC 24= 09). > - @param[in] EcPointPublic Peer public key. > + Description" attribute registry for RFC 240= 9). > + @param[in] EcPointPublic Peer public key. Certain sanity checks on t= he key > + will be performed to confirm that it is val= id. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -605,6 +607,11 @@ EcDhDeriveSecret ( > goto fail; > } >=20 > + if (!EC_KEY_check_key (EcKey)) { > + Status =3D EFI_INVALID_PARAMETER; > + goto fail; > + } > + > Ctx =3D EVP_PKEY_CTX_new (PKey, NULL); > if ((Ctx =3D=3D NULL) || (EVP_PKEY_derive_init (Ctx) !=3D 1) || > (EVP_PKEY_derive_set_peer (Ctx, PeerKey) !=3D 1) || diff --git > a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c > b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c > index 2d7e5db464..e7fe378095 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c > +++ b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c > @@ -15,7 +15,7 @@ > using EcGroupFree() function. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). >=20 > @retval EcGroup object On success. > @retval NULL On failure. > @@ -38,8 +38,8 @@ EcGroupInit ( >=20 > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. >=20 > @retval EFI_SUCCESS On success. > @@ -362,13 +362,14 @@ EcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. >=20 > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -403,8 +404,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public = key. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -422,15 +424,20 @@ EcDhGetPubKey ( >=20 > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA = "Group > - Description" attribute registrty for RFC 24= 09). > + Description" attribute registry for RFC 240= 9). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c > b/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c > index 4a27433a0e..4d2fa039df 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c > +++ b/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c > @@ -395,7 +395,6 @@ BigNumValueOne ( > @param[out] BnRes The result. >=20 > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -487,6 +486,9 @@ BigNumContextFree ( >=20 > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c > b/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c > index 2d7e5db464..e7fe378095 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c > +++ b/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c > @@ -15,7 +15,7 @@ > using EcGroupFree() function. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). >=20 > @retval EcGroup object On success. > @retval NULL On failure. > @@ -38,8 +38,8 @@ EcGroupInit ( >=20 > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. >=20 > @retval EFI_SUCCESS On success. > @@ -362,13 +362,14 @@ EcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. >=20 > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -403,8 +404,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public = key. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -422,15 +424,20 @@ EcDhGetPubKey ( >=20 > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA = "Group > - Description" attribute registrty for RFC 24= 09). > + Description" attribute registry for RFC 240= 9). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index 548116abb4..0410067c9d 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -4069,7 +4069,6 @@ BigNumValueOne ( > @param[out] BnRes The result. >=20 > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -4158,6 +4157,9 @@ BigNumContextFree ( >=20 > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > @@ -4199,7 +4201,7 @@ BigNumAddMod ( > using EcGroupFree() function. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). >=20 > @retval EcGroup object On success. > @retval NULL On failure. > @@ -4221,8 +4223,8 @@ EcGroupInit ( >=20 > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. >=20 > @retval EFI_SUCCESS On success. > @@ -4533,13 +4535,14 @@ EcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. >=20 > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -4573,8 +4576,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public = key. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -4591,15 +4595,20 @@ EcDhGetPubKey ( >=20 > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA = "Group > - Description" attribute registrty for RFC 24= 09). > + Description" attribute registry for RFC 240= 9). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > index 1b31714d77..1cf5d18cc3 100644 > --- a/CryptoPkg/Private/Protocol/Crypto.h > +++ b/CryptoPkg/Private/Protocol/Crypto.h > @@ -3863,7 +3863,6 @@ CONST VOID * > @param[out] BnRes The result, such that (BnA * BnB) % BnM. >=20 > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > typedef > @@ -3935,6 +3934,9 @@ VOID >=20 > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > typedef > EFI_STATUS > @@ -3970,7 +3972,7 @@ EFI_STATUS > using EcGroupFree() function. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409) > + Description" attribute registry for RFC 2409) >=20 > @retval EcGroup object On success > @retval NULL On failure > @@ -3989,8 +3991,8 @@ VOID * >=20 > @param[in] EcGroup EC group object > @param[out] BnPrime Group prime number > - @param[out] BnA A coofecient > - @param[out] BnB B coofecient > + @param[out] BnA A coefficient > + @param[out] BnB B coefficient > @param[in] BnCtx BN context >=20 > @retval EFI_SUCCESS On success > @@ -4260,13 +4262,14 @@ EFI_STATUS > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409) > + Description" attribute registry for RFC 2409) > @param[out] PKey Pointer to an object that will hold the ECDH key >=20 > @retval EFI_SUCCESS On success > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure **/ typedef @@ -4294,8 +4297,9 > @@ VOID > @param[in] PKey ECDH Key object > @param[out] EcPoint Properly initialized EC Point to hold the public = key >=20 > - @retval EFI_SUCCESS On success > - @retval EFI_PROTOCOL_ERROR On failure > + @retval EFI_SUCCESS On success > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure > **/ > typedef > EFI_STATUS > @@ -4309,15 +4313,20 @@ EFI_STATUS >=20 > @param[in] PKey ECDH Key object > @param[in] Group Identifying number for the ECC group (IANA = "Group > - Description" attribute registrty for RFC 24= 09) > + Description" attribute registry for RFC > + 2409) > @param[in] EcPointPublic Peer public key > @param[out] SecretSize On success, holds secret size > @param[out] Secret On success, holds the derived secret > Should be freed by caller using FreePool() > function. >=20 > - @retval EFI_SUCCESS On success > - @retval EFI_PROTOCOL_ERROR On failure > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > typedef > EFI_STATUS > -- > 2.31.1.windows.1