From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web10.3193.1657863360840684399 for ; Thu, 14 Jul 2022 22:36:01 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=PGhMnFoc; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: heng.luo@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1657863360; x=1689399360; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=zfW8RyxBLWaRGlz5P7J5ILnmoPxC8utTLxf5jr/CRyw=; b=PGhMnFocLG21RJYRDrP0b06cssPmjZO9QfGglkSKDOh1t4QwwQZ721WC xF57ZnV+BpW04xn/NOWS3GRTB3GQ+6lN0AsvCazOtTQUrwywDI8qTxTwo 5R7uuVNwpXzwBuHQnEI4Qvvztw8qaFCFB7Gzyrr1fM3nzZCsWeIpPh0Sd tQC6zsi7MGAmc0jG1iS5FKzv5GmdSTnW2eMR89HU3o2iGtnp7pdpXDdKo S0CcrYoABMVIAF1s6DW8x6BrJqPx9IsnNMMPBB1vVq4h5dBVrgQLEJ2eu 7FV6+Ym0aTMGh6Q46Zzecu9CKZxob4N3b+y5C/JFWC+Fc7tC4XJY9QdUW w==; X-IronPort-AV: E=McAfee;i="6400,9594,10408"; a="265494384" X-IronPort-AV: E=Sophos;i="5.92,272,1650956400"; d="scan'208";a="265494384" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jul 2022 22:35:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.92,272,1650956400"; d="scan'208";a="699073176" Received: from orsmsx606.amr.corp.intel.com ([10.22.229.19]) by fmsmga002.fm.intel.com with ESMTP; 14 Jul 2022 22:35:52 -0700 Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Thu, 14 Jul 2022 22:35:52 -0700 Received: from orsmsx602.amr.corp.intel.com (10.22.229.15) by ORSMSX607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Thu, 14 Jul 2022 22:35:51 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Thu, 14 Jul 2022 22:35:51 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.168) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Thu, 14 Jul 2022 22:35:51 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CrzbAFFMrVRqdz4YWZ4VMzXFW0GIkVZ42TqlwDOMAFEG3QckB8rqNlCMHYhycbJUxfEhidtlEYyHQbrHF6bgbTDVuSfsv4Xy70G/HIAccprf9/iTOWrmeK+S3xNLwpw8KWwTxAV1CV/N1plXTe0Q/wT2VHFGHKLOZFyHSIkVu/DaPFeVhS0UMbSAvfimILEvoRcGnJiFpW67KICYGEwzfUWUg1XFNGWt35hMjr6qPPww+FBIJ/etxdNTxTKDgaSm/x3xnK53lbpcuIbTrgl+u9ifL/JZe36smiPrtX9roJL4LrJL37+bp16CzhvPjOVexy/5D75pKmk2ULeGqdrZuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tkLxt3lzKAn/gAviP1RAnEHb2/diq+D0xxJXWDMy06g=; b=eGqK1ULfvMLQNA192szdEvyTOj8PHUEUT2VjdZPDRhNZTkb+agv/IykFzCkjzYp3JDjTqwx+mQccHm+7kd0hQ1i7xWAhJ99BLQBeOWFp8b/LB8lRvlnwmSz5pX9mCay1VHBTpVERrBVt2LPgdg8awSv2R4ulhQBsRgGhowdIex1pVex4TbijmIZ69s4CcH2EyFLWgLHaIg5TZxNdIPNHgMJennBl61hHzbh0PixmkOSireKnfCvk5g6/vDlHSVuX32cEVtPVKolvOBCb0Skvshj5760A5n6P3/aFROqlhY/+m4pyBUQaU4Hbw6UKfp4CP+VcGXbOc4BxiTwA054t5g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from SN6PR11MB2752.namprd11.prod.outlook.com (2603:10b6:805:59::31) by SJ0PR11MB5597.namprd11.prod.outlook.com (2603:10b6:a03:300::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.14; Fri, 15 Jul 2022 05:35:43 +0000 Received: from SN6PR11MB2752.namprd11.prod.outlook.com ([fe80::d18b:1f51:52b6:f1bb]) by SN6PR11MB2752.namprd11.prod.outlook.com ([fe80::d18b:1f51:52b6:f1bb%5]) with mapi id 15.20.5417.027; Fri, 15 Jul 2022 05:35:43 +0000 From: "Heng Luo" To: "Tan, Ming" , "devel@edk2.groups.io" , "Li, Yi1" Subject: Re: [edk2-devel] [staging/crypto-new-api PATCH] CryptoPkg: Fixed possible security implications in ECDH and BN. Thread-Topic: [edk2-devel] [staging/crypto-new-api PATCH] CryptoPkg: Fixed possible security implications in ECDH and BN. Thread-Index: AQHYmAwHvO5CA7Ym9k6HVIDooGubN61+6RGAgAAAKfA= Date: Fri, 15 Jul 2022 05:35:43 +0000 Message-ID: References: <20220715052948.1297-1-yi1.li@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.500.17 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 22130cd9-0d3f-47c1-ca16-08da6623dc44 x-ms-traffictypediagnostic: SJ0PR11MB5597:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: QrDDLO19KtNUzsvW8f5URB+oZ7fgpvL8UTISv6Ck6k99gookf2/qrZRJyE26d6afdE0MbmyQyaw5E7UN6IR4lDwH+X5LT5dvpHsPyX1+0OKcsAo3iE5knBjNiBqEi50H52dhVcu5lbtrvU4isTW4AyjMz6B8f08GNE361h0fd0n0F+z/MYEobn3rG1yVHMq4ZMusmNizvRRO3zkKRe7QMJ66fsKVc3a9g8NPR98BfOxy0E8WRpTvrwi+oL4gduSpZoQ+NwAGqD7WBEQOHw6LHYk2bdbdKbiYa5ocerLhiLpREY5wbK6BEQXMCcBOsw8fN5L/hfOz4ORVKhRVycpqPi/l+pEYSdF6m9sU+dEQVlZdnmYL6FmdlKAcVXdFGkhJE8S4Nli5gtODVdajnOL2CKvjEGWkbhmHPS1anm9DJVyg0S7NV1VeJNffyLgnMAz4Yks8Ae6bvSGPxcg5k3C5kMRhwLDXVTkUWrrqcyn5EB6VB9HxEoOk3Fzjif21cJT+UVo4XZe8N2rdlsBpSwuj0g/6hqHS8PDoqfAdj41e3zKz16qp15I42Pt5gqctLuI4JK5Y///Q7RLXstJ3PIUALDiN5Dq8frwqEM730qk80t0Y/OnVq9FJSDXewcEZDXUBqHmUKswLvQgLQJRwEK/7lXwJIXA4KmAvVDnCAmDr8gFQGHbCBEWzEo280pTqg/J4Sj67QEdkMI3RHQQ+64G/1yVN/59f1s46W3HWLGwUQRRoX6uwlrem4c8ilibUZGR4IdSwgpVaWM4RXDVICITPvnYTKaRYt4HzGMP4ZabcodnMJe3EfiX7dfQiLVNITZVXbckAxKngbwkNx0/8lZ40rN9OEU37aqbaArJ3RgehlhH1ghxz8eangEWnIO15ZRkqOQ096/WdFYtRqzHVey85AQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR11MB2752.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(39860400002)(396003)(366004)(136003)(346002)(376002)(38100700002)(966005)(38070700005)(478600001)(82960400001)(71200400001)(26005)(7696005)(6506007)(66946007)(66446008)(53546011)(41300700001)(33656002)(66476007)(186003)(76116006)(110136005)(6636002)(316002)(66556008)(9686003)(8676002)(55016003)(8936002)(2906002)(15650500001)(5660300002)(30864003)(52536014)(83380400001)(86362001)(64756008)(122000001)(579004)(559001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?WagkVS7NyOGqz9In6e1EHPqnLeIfKmTyheI65osnF/2mQH4T9Mji4t3WhHgy?= =?us-ascii?Q?b7crD1kRpKvPLsO6kQHUFOlmLEGGVfrrAKPuE1mtSSbqnDWm/sA5JJTmC4a2?= =?us-ascii?Q?ybRgIwPAWJ/3i1KB2XxRmbbI93TzR9FmfaQGYchTSTVQRxvEcKtRk6ZRhZsl?= =?us-ascii?Q?Pmrrf/Tjq0E2FhZGn16ItiqghExpsXZ+0Q8CHAAZDdKi9hh40G1Rkk9ZdGMw?= =?us-ascii?Q?i2e2kiuQ5LvhtpCQlRP4ycnkgKjGB0jvMRw3NJhkn0TRpwAXFR5HWLph810p?= =?us-ascii?Q?HkKRxfOEC5Cw7WcyRgcQagW2+dWuPvJ+t9QYrMSfQpQ7qn6ngUXzOOa2hCBQ?= =?us-ascii?Q?76i1dNkoVFYgcg5EcyNUNxnnCGnIqpvThZ9XHZZzSC58msW0/whYYJB/CrnJ?= =?us-ascii?Q?ld4a6herLEHJo94w+xNKs/aq9txJyhqfk6xxaFrgc4s2xDdX0uRQLdKl+FeM?= =?us-ascii?Q?Ffvqt3IX+WXLeFwa0MHWdJqtllhEKT3ynllyRsM25gjs9Jv7F8UtnlV4wMh0?= =?us-ascii?Q?iohK2rSmCDKST/fUKuyKQm1hZ1UxbGQrG+3g1EJrTUF/Kiq+BhEmJwg4z1L+?= =?us-ascii?Q?IhOJnCL3hJRLumPH/yjzhiayIR57iXxgE3s3/gwAnOxCfxIjElaSy3J8k5py?= =?us-ascii?Q?SF8ANI7gi1CQosfjc+lrmBeX5hfJ1EWitHdbKwDyNfPjioJPdyeaREzjW1zs?= =?us-ascii?Q?iVZaxX+PTguyR9fopu0Wwo3xkW5YrwWWyM7aay9ne3uJ5ilJWaq5jdcqpycu?= =?us-ascii?Q?axEpHoJEe+1moKoMJkX4VMxfHrSex2bGxa+CGx17hL4mChXBLqitqs5GoUwW?= =?us-ascii?Q?7Jq8ohjsepbumb7HIIdDIJRdt1iSPFNzyPpH13/c7S8uB7m4CyVOHUS5cArH?= =?us-ascii?Q?vpeuowWe9s71UfHC9jMslGPhYh+FdX+0AiM0/Ys2jA07oLUzkRWxEfp9+dkf?= =?us-ascii?Q?ENQx9PemZH4rG9e1T8T6ggeNcXVLJZOpqmbJ7ZHbYGQycYd3ydHcC91zfx77?= =?us-ascii?Q?OSFOmfbqaY5HaMf4Rt1mL0NSQQftXxKRefgAlwVTZ2Ovc1BFs12fzQg6KSe6?= =?us-ascii?Q?Ll7Znancnyz17uszgDGJONRhtRW2hZmHFTgvMyDITCjui2T5CRwZY4un/dZM?= =?us-ascii?Q?/IBqZwUvdRPdz/ZZg1oBD37fIOaq6+nHGYwzpA0Wz+ctmMzthXuKt8SN5QmJ?= =?us-ascii?Q?/rsbXpXB2dxj6I97nNWjyj7Z8b5bdui7jPW6zsNH4eZ6uA0nRVt7trLA6OIU?= =?us-ascii?Q?zZeO7N3jYXrD95L3ETzRwV5gf1hmzeEOcrsNRBL9inqb+apAisFnc3DYNJo8?= =?us-ascii?Q?Chojy+WFwVNlfNxCnlc8JRryzifEb3E6L6X6m/k/mpHhBBoDNKy5s4sD7oQp?= =?us-ascii?Q?RDpm41DLtMMse5TCuw6ZGPaxs8WZg6oKmIeW9dpA//8lkLYNshb+skLIXpYv?= =?us-ascii?Q?X0FMZibcMycHTTUqQOHpeIXQ/QRUSSPDS7ZsCgz3HI17hBKX0kRxavXJU56K?= =?us-ascii?Q?RHi9bRcvsIuRPmrXwaXgoEXYJIseh97IZRHfeAloCk50dxOtoAXysJO4h3SU?= =?us-ascii?Q?zlbCyN0FPCo/ZB4qmDFrFxFIsrhOgSyObtxl2x7l?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR11MB2752.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 22130cd9-0d3f-47c1-ca16-08da6623dc44 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jul 2022 05:35:43.1574 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: +HO8NJEby5jXy1/ZwTMOIOy5DY8OXlhaA0CqBKqVvCdi6frf7+MEXm18QTflDL6nYu+0SsyemHuwLuSIpXyQgg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5597 Return-Path: heng.luo@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Heng Luo > -----Original Message----- > From: Tan, Ming > Sent: Friday, July 15, 2022 1:35 PM > To: devel@edk2.groups.io; Li, Yi1 > Cc: Luo, Heng > Subject: RE: [edk2-devel] [staging/crypto-new-api PATCH] CryptoPkg: Fixed > possible security implications in ECDH and BN. >=20 > Reviewed-by: Ming Tan >=20 > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of yi1 li > Sent: Friday, July 15, 2022 1:30 PM > To: devel@edk2.groups.io > Cc: Li, Yi1 ; Tan, Ming ; Luo, Heng > > Subject: [edk2-devel] [staging/crypto-new-api PATCH] CryptoPkg: Fixed pos= sible > security implications in ECDH and BN. >=20 > 1. Origenal code mixes up the input/output parameters for the BN_rshift() > function - the output is actually the first parameter and not the second = one. > Now we correct BnRShift() param order. >=20 > 2. NID_X9_62_prime192v1() and NID_secp224r1 prohibited by Intel Crypto/TL= S > Guidelines (due to being insufficiently secure). Now we remove those curv= e. >=20 > 3. ECDH pubilc key check is insufficient and therefore opens the implemen= tation > up to invalid curve attacks (see e.g.Dragonblood attack report). Need to > perform the checks described by Appendix D of the NIST SP800-186, or Sect= ion > 5.6.2.3 of NIST SP800-56Ar3. Now we add full public key validating proced= ures > to EcDhDeriveSecret(). >=20 > 4. Some APIs need more detail comment. Fix some typos and add more detail > discription for return value. >=20 > Cc: Ming Tan > Cc: Heng Luo > Signed-off-by: Yi Li >=20 > --- > CryptoPkg/Driver/Crypto.c | 31 ++++++++++++= ++++++++--------- > -- > CryptoPkg/Include/Library/BaseCryptLib.h | 31 > ++++++++++++++++++++----------- > CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c | 7 ++++--- > CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c | 4 +++- > CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c | 61 > ++++++++++++++++++++++++++++++++++--------------------------- > CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c | 27 > +++++++++++++++++---------- > CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c | 4 +++- > CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c | 27 > +++++++++++++++++---------- > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 31 > ++++++++++++++++++++----------- > CryptoPkg/Private/Protocol/Crypto.h | 31 ++++++++++++= ++++++++-- > --------- > 10 files changed, 158 insertions(+), 96 deletions(-) >=20 > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index > de422b7f53..10a0ce8800 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -4962,7 +4962,6 @@ CryptoServiceBigNumValueOne ( > @param[out] BnRes The result. >=20 > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -5051,6 +5050,9 @@ CryptoServiceBigNumContextFree ( >=20 > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > @@ -5092,7 +5094,7 @@ CryptoServiceBigNumAddMod ( > using EcGroupFree() function. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). >=20 > @retval EcGroup object On success. > @retval NULL On failure. > @@ -5114,8 +5116,8 @@ CryptoServiceEcGroupInit ( >=20 > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. >=20 > @retval EFI_SUCCESS On success. > @@ -5426,13 +5428,14 @@ CryptoServiceEcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. >=20 > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -5466,8 +5469,9 @@ CryptoServiceEcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public = key. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -5484,15 +5488,20 @@ CryptoServiceEcDhGetPubKey ( >=20 > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA = "Group > - Description" attribute registrty for RFC 24= 09). > + Description" attribute registry for RFC 240= 9). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 8fcb496c40..0de9f0739e 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -2723,7 +2723,6 @@ BigNumValueOne ( > @param[out] BnRes The result. >=20 > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -2797,6 +2796,9 @@ BigNumContextFree ( >=20 > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > @@ -2832,7 +2834,7 @@ BigNumAddMod ( > using EcGroupFree() function. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). >=20 > @retval EcGroup object On success. > @retval NULL On failure. > @@ -2851,8 +2853,8 @@ EcGroupInit ( >=20 > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. >=20 > @retval EFI_SUCCESS On success. > @@ -3121,13 +3123,14 @@ EcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. >=20 > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -3155,8 +3158,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public = key. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -3170,15 +3174,20 @@ EcDhGetPubKey ( >=20 > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA = "Group > - Description" attribute registrty for RFC 24= 09). > + Description" attribute registry for RFC 240= 9). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c > b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c > index 3e43492a56..b6411cd541 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c > +++ b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c > @@ -442,7 +442,6 @@ BigNumValueOne ( > @param[out] BnRes The result. >=20 > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -453,8 +452,7 @@ BigNumRShift ( > OUT VOID *BnRes > ) > { > - // BN_rshift() does not modify the first argument, so we remove const. > - if (BN_rshift ((BIGNUM *)Bn, BnRes, (int)n) =3D=3D 1) { > + if (BN_rshift (BnRes, Bn, (int)n) =3D=3D 1) { > return EFI_SUCCESS; > } else { > return EFI_PROTOCOL_ERROR; > @@ -547,6 +545,9 @@ BigNumContextFree ( >=20 > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c > b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c > index 4a27433a0e..4d2fa039df 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c > +++ b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c > @@ -395,7 +395,6 @@ BigNumValueOne ( > @param[out] BnRes The result. >=20 > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -487,6 +486,9 @@ BigNumContextFree ( >=20 > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c > b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c > index 4d1aab8d32..90d1b8bce7 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c > +++ b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c > @@ -21,13 +21,13 @@ > #include >=20 > /** > - Temp comment. > + Return the Nid of certain ECC group. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). >=20 > - @retval EcGroup object On success. > - @retval NULL On failure. > + @retval !=3D-1 On success. > + @retval -1 ECC group not supported. > **/ > STATIC > INT32 > @@ -47,12 +47,6 @@ GroupToNid ( > case 21: > Nid =3D NID_secp521r1; > break; > - case 25: > - Nid =3D NID_X9_62_prime192v1; > - break; > - case 26: > - Nid =3D NID_secp224r1; > - break; > default: > return -1; > } > @@ -66,7 +60,7 @@ GroupToNid ( > using EcGroupFree() function. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). >=20 > @retval EcGroup object On success. > @retval NULL On failure. > @@ -96,8 +90,8 @@ EcGroupInit ( >=20 > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. >=20 > @retval EFI_SUCCESS On success. > @@ -218,7 +212,7 @@ EcPointGetAffineCoordinates ( > ) > { > return EC_POINT_get_affine_coordinates (EcGroup, EcPoint, BnX, BnY, Bn= Ctx) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } >=20 > /** > @@ -244,7 +238,7 @@ EcPointSetAffineCoordinates ( > ) > { > return EC_POINT_set_affine_coordinates (EcGroup, EcPoint, BnX, BnY, Bn= Ctx) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } >=20 > /** > @@ -271,7 +265,7 @@ EcPointAdd ( > ) > { > return EC_POINT_add (EcGroup, EcPointResult, EcPointA, EcPointB, BnCtx= ) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } >=20 > /** > @@ -298,7 +292,7 @@ EcPointMul ( > ) > { > return EC_POINT_mul (EcGroup, EcPointResult, NULL, EcPoint, BnPScalar, > BnCtx) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } >=20 > /** > @@ -320,7 +314,7 @@ EcPointInvert ( > ) > { > return EC_POINT_invert (EcGroup, EcPoint, BnCtx) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } >=20 > /** > @@ -414,19 +408,20 @@ EcPointSetCompressedCoordinates ( > ) > { > return EC_POINT_set_compressed_coordinates (EcGroup, EcPoint, BnX, YBi= t, > BnCtx) ? > - EFI_SUCCESS : EFI_INVALID_PARAMETER; > + EFI_SUCCESS : EFI_PROTOCOL_ERROR; > } >=20 > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. >=20 > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -508,8 +503,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public = key. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -553,15 +549,21 @@ out: >=20 > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA = "Group > - Description" attribute registrty for RFC 24= 09). > - @param[in] EcPointPublic Peer public key. > + Description" attribute registry for RFC 240= 9). > + @param[in] EcPointPublic Peer public key. Certain sanity checks on t= he key > + will be performed to confirm that it is val= id. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -605,6 +607,11 @@ EcDhDeriveSecret ( > goto fail; > } >=20 > + if (!EC_KEY_check_key (EcKey)) { > + Status =3D EFI_INVALID_PARAMETER; > + goto fail; > + } > + > Ctx =3D EVP_PKEY_CTX_new (PKey, NULL); > if ((Ctx =3D=3D NULL) || (EVP_PKEY_derive_init (Ctx) !=3D 1) || > (EVP_PKEY_derive_set_peer (Ctx, PeerKey) !=3D 1) || diff --git > a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c > b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c > index 2d7e5db464..e7fe378095 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c > +++ b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c > @@ -15,7 +15,7 @@ > using EcGroupFree() function. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). >=20 > @retval EcGroup object On success. > @retval NULL On failure. > @@ -38,8 +38,8 @@ EcGroupInit ( >=20 > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. >=20 > @retval EFI_SUCCESS On success. > @@ -362,13 +362,14 @@ EcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. >=20 > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -403,8 +404,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public = key. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -422,15 +424,20 @@ EcDhGetPubKey ( >=20 > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA = "Group > - Description" attribute registrty for RFC 24= 09). > + Description" attribute registry for RFC 240= 9). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c > b/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c > index 4a27433a0e..4d2fa039df 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c > +++ b/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c > @@ -395,7 +395,6 @@ BigNumValueOne ( > @param[out] BnRes The result. >=20 > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -487,6 +486,9 @@ BigNumContextFree ( >=20 > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c > b/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c > index 2d7e5db464..e7fe378095 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c > +++ b/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c > @@ -15,7 +15,7 @@ > using EcGroupFree() function. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). >=20 > @retval EcGroup object On success. > @retval NULL On failure. > @@ -38,8 +38,8 @@ EcGroupInit ( >=20 > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. >=20 > @retval EFI_SUCCESS On success. > @@ -362,13 +362,14 @@ EcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. >=20 > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -403,8 +404,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public = key. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -422,15 +424,20 @@ EcDhGetPubKey ( >=20 > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA = "Group > - Description" attribute registrty for RFC 24= 09). > + Description" attribute registry for RFC 240= 9). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index 548116abb4..0410067c9d 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -4069,7 +4069,6 @@ BigNumValueOne ( > @param[out] BnRes The result. >=20 > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > @@ -4158,6 +4157,9 @@ BigNumContextFree ( >=20 > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > EFI_STATUS > EFIAPI > @@ -4199,7 +4201,7 @@ BigNumAddMod ( > using EcGroupFree() function. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). >=20 > @retval EcGroup object On success. > @retval NULL On failure. > @@ -4221,8 +4223,8 @@ EcGroupInit ( >=20 > @param[in] EcGroup EC group object. > @param[out] BnPrime Group prime number. > - @param[out] BnA A coofecient. > - @param[out] BnB B coofecient. > + @param[out] BnA A coefficient. > + @param[out] BnB B coefficient. > @param[in] BnCtx BN context. >=20 > @retval EFI_SUCCESS On success. > @@ -4533,13 +4535,14 @@ EcPointSetCompressedCoordinates ( > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409). > + Description" attribute registry for RFC 2409). > @param[out] PKey Pointer to an object that will hold the ECDH key. >=20 > @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > @@ -4573,8 +4576,9 @@ EcDhKeyFree ( > @param[in] PKey ECDH Key object. > @param[out] EcPoint Properly initialized EC Point to hold the public = key. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > @@ -4591,15 +4595,20 @@ EcDhGetPubKey ( >=20 > @param[in] PKey ECDH Key object. > @param[in] Group Identifying number for the ECC group (IANA = "Group > - Description" attribute registrty for RFC 24= 09). > + Description" attribute registry for RFC 240= 9). > @param[in] EcPointPublic Peer public key. > @param[out] SecretSize On success, holds secret size. > @param[out] Secret On success, holds the derived secret. > Should be freed by caller using FreePool() > function. >=20 > - @retval EFI_SUCCESS On success. > - @retval EFI_PROTOCOL_ERROR On failure. > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > EFI_STATUS > EFIAPI > diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > index 1b31714d77..1cf5d18cc3 100644 > --- a/CryptoPkg/Private/Protocol/Crypto.h > +++ b/CryptoPkg/Private/Protocol/Crypto.h > @@ -3863,7 +3863,6 @@ CONST VOID * > @param[out] BnRes The result, such that (BnA * BnB) % BnM. >=20 > @retval EFI_SUCCESS On success. > - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures. > @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > typedef > @@ -3935,6 +3934,9 @@ VOID >=20 > @param[in] Bn Big number to set. > @param[in] Val Value to set. > + > + @retval EFI_SUCCESS On success. > + @retval EFI_PROTOCOL_ERROR Otherwise. > **/ > typedef > EFI_STATUS > @@ -3970,7 +3972,7 @@ EFI_STATUS > using EcGroupFree() function. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409) > + Description" attribute registry for RFC 2409) >=20 > @retval EcGroup object On success > @retval NULL On failure > @@ -3989,8 +3991,8 @@ VOID * >=20 > @param[in] EcGroup EC group object > @param[out] BnPrime Group prime number > - @param[out] BnA A coofecient > - @param[out] BnB B coofecient > + @param[out] BnA A coefficient > + @param[out] BnB B coefficient > @param[in] BnCtx BN context >=20 > @retval EFI_SUCCESS On success > @@ -4260,13 +4262,14 @@ EFI_STATUS > /** > Generate a key using ECDH algorithm. Please note, this function uses > pseudo random number generator. The caller must make sure RandomSeed() > - funtion was properly called before. > + function was properly called before. >=20 > @param[in] Group Identifying number for the ECC group (IANA "Group > - Description" attribute registrty for RFC 2409) > + Description" attribute registry for RFC 2409) > @param[out] PKey Pointer to an object that will hold the ECDH key >=20 > @retval EFI_SUCCESS On success > + @retval EFI_UNSUPPORTED ECC group not supported. > @retval EFI_PROTOCOL_ERROR On failure **/ typedef @@ -4294,8 +4297,9 > @@ VOID > @param[in] PKey ECDH Key object > @param[out] EcPoint Properly initialized EC Point to hold the public = key >=20 > - @retval EFI_SUCCESS On success > - @retval EFI_PROTOCOL_ERROR On failure > + @retval EFI_SUCCESS On success > + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly. > + @retval EFI_PROTOCOL_ERROR On failure > **/ > typedef > EFI_STATUS > @@ -4309,15 +4313,20 @@ EFI_STATUS >=20 > @param[in] PKey ECDH Key object > @param[in] Group Identifying number for the ECC group (IANA = "Group > - Description" attribute registrty for RFC 24= 09) > + Description" attribute registry for RFC > + 2409) > @param[in] EcPointPublic Peer public key > @param[out] SecretSize On success, holds secret size > @param[out] Secret On success, holds the derived secret > Should be freed by caller using FreePool() > function. >=20 > - @retval EFI_SUCCESS On success > - @retval EFI_PROTOCOL_ERROR On failure > + @retval EFI_SUCCESS On success. > + @retval EFI_UNSUPPORTED ECC group not supported. > + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is > TRUE: > + Secret is NULL. > + SecretSize is NULL. > + Public key in EcPointPublic is invalid. > + @retval EFI_PROTOCOL_ERROR On failure. > **/ > typedef > EFI_STATUS > -- > 2.31.1.windows.1 >=20 >=20 >=20 >=20 >=20