proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-07 21:05:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Cryptlib: replace CryptPem with the Null version

Browse Source 
CryptPem only provides one function: RsaGetPrivateKeyFromPem(). Since we
don't need to retrieve any private key, it's safe to disable the
function.

Signed-off-by: Gary Lin <glin@suse.com>
This commit is contained in:
Gary Lin 2017-04-10 17:40:06 +08:00 committed by Peter Jones
parent e9cc33d6f2
commit 513cbe2aea
4 changed files with 46 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Cryptlib/Makefile
View File

@ -40,7 +40,7 @@ OBJS = Hash/CryptMd4Null.o \
Pk/CryptTs.o \ Pk/CryptTs.o \
Pk/CryptX509.o \ Pk/CryptX509.o \
Pk/CryptAuthenticode.o \ Pk/CryptAuthenticode.o \
Pem/CryptPem.o \ Pem/CryptPemNull.o \
SysCall/CrtWrapper.o \ SysCall/CrtWrapper.o \
SysCall/TimerWrapper.o \ SysCall/TimerWrapper.o \
SysCall/BaseMemAllocation.o \ SysCall/BaseMemAllocation.o \

135
Cryptlib/Pem/CryptPem.c
View File

@ -1,135 +0,0 @@
/** @file
PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.
Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "InternalCryptLib.h"
#include <openssl/pem.h>
/**
Callback function for password phrase conversion used for retrieving the encrypted PEM.
@param[out] Buf Pointer to the buffer to write the passphrase to.
@param[in] Size Maximum length of the passphrase (i.e. the size of Buf).
@param[in] Flag A flag which is set to 0 when reading and 1 when writing.
@param[in] Key Key data to be passed to the callback routine.
@retval The number of characters in the passphrase or 0 if an error occurred.
**/
INTN
PasswordCallback (
OUT CHAR8 *Buf,
IN INTN Size,
IN INTN Flag,
IN VOID *Key
)
{
INTN KeyLength;
ZeroMem ((VOID *) Buf, (UINTN) Size);
if (Key != NULL) {
//
// Duplicate key phrase directly.
//
KeyLength = (INTN) AsciiStrLen ((CHAR8 *)Key);
KeyLength = (KeyLength > Size ) ? Size : KeyLength;
CopyMem (Buf, Key, (UINTN) KeyLength);
return KeyLength;
} else {
return 0;
}
}
/**
Retrieve the RSA Private Key from the password-protected PEM key data.
@param[in] PemData Pointer to the PEM-encoded key data to be retrieved.
@param[in] PemSize Size of the PEM key data in bytes.
@param[in] Password NULL-terminated passphrase used for encrypted PEM key data.
@param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
RSA private key component. Use RsaFree() function to free the
resource.
If PemData is NULL, then return FALSE.
If RsaContext is NULL, then return FALSE.
@retval TRUE RSA Private Key was retrieved successfully.
@retval FALSE Invalid PEM key data or incorrect password.
**/
BOOLEAN
EFIAPI
RsaGetPrivateKeyFromPem (
IN CONST UINT8 *PemData,
IN UINTN PemSize,
IN CONST CHAR8 *Password,
OUT VOID **RsaContext
)
{
BOOLEAN Status;
BIO *PemBio;
//
// Check input parameters.
//
if (PemData == NULL || RsaContext == NULL || PemSize > INT_MAX) {
return FALSE;
}
//
// Add possible block-cipher descriptor for PEM data decryption.
// NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.
//
if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) {
return FALSE;
}
if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {
return FALSE;
}
if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) {
return FALSE;
}
if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) {
return FALSE;
}
Status = FALSE;
//
// Read encrypted PEM Data.
//
PemBio = BIO_new (BIO_s_mem ());
if (PemBio == NULL) {
goto _Exit;
}
if (BIO_write (PemBio, PemData, (int) PemSize) <= 0) {
goto _Exit;
}
//
// Retrieve RSA Private Key from encrypted PEM data.
//
*RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *) &PasswordCallback, (void *) Password);
if (*RsaContext != NULL) {
Status = TRUE;
}
_Exit:
//
// Release Resources.
//
BIO_free (PemBio);
return Status;
}

44
Cryptlib/Pem/CryptPemNull.c Normal file
View File

@ -0,0 +1,44 @@
/** @file
PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation which does
not provide real capabilities.
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "InternalCryptLib.h"
/**
Retrieve the RSA Private Key from the password-protected PEM key data.
Return FALSE to indicate this interface is not supported.
@param[in] PemData Pointer to the PEM-encoded key data to be retrieved.
@param[in] PemSize Size of the PEM key data in bytes.
@param[in] Password NULL-terminated passphrase used for encrypted PEM key data.
@param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
RSA private key component. Use RsaFree() function to free the
resource.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
RsaGetPrivateKeyFromPem (
IN CONST UINT8 *PemData,
IN UINTN PemSize,
IN CONST CHAR8 *Password,
OUT VOID **RsaContext
)
{
ASSERT (FALSE);
return FALSE;
}

2
Cryptlib/update.sh
View File

@ -23,7 +23,7 @@ cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptDhNull.c Pk/CryptDhNull.c
cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c Pk/CryptTs.c cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c Pk/CryptTs.c
cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c Pk/CryptX509.c cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c Pk/CryptX509.c
cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c
cp $DIR/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c Pem/CryptPem.c cp $DIR/CryptoPkg/Library/BaseCryptLib/Pem/CryptPemNull.c Pem/CryptPemNull.c
cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c SysCall/CrtWrapper.c cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c SysCall/CrtWrapper.c
cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c SysCall/TimerWrapper.c cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c SysCall/TimerWrapper.c
cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c SysCall/BaseMemAllocation.c cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c SysCall/BaseMemAllocation.c