From 663a5ca59d8b0037b3d1b445ce93ae3181f03685 Mon Sep 17 00:00:00 2001

From: Gary Ching-Pang Lin <glin@suse.com>

Date: Tue, 30 Sep 2014 15:27:19 +0800

Subject: [PATCH 68/74] Cryptlib: remove the unused files

I mistakenly added CryptPkcs7VerifyNull.c which may make Pkcs7Verify

always return FALSE. Besides CryptPkcs7VerifyNull.c, there are some

functions we would never use. This commit removes those files to

avoid any potential trouble.

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>

---

 Cryptlib/Makefile                  |   5 +-

 Cryptlib/Pk/CryptDh.c              | 328 --------------------------------

 Cryptlib/Pk/CryptDhNull.c          | 156 +++++++++++++++

 Cryptlib/Pk/CryptPkcs7Sign.c       | 207 --------------------

 Cryptlib/Pk/CryptPkcs7VerifyNull.c | 100 ----------

 Cryptlib/Pk/CryptRsaExt.c          | 377 -------------------------------------

 Cryptlib/update.sh                 |   5 +-

 7 files changed, 158 insertions(+), 1020 deletions(-)

 delete mode 100644 Cryptlib/Pk/CryptDh.c

 create mode 100644 Cryptlib/Pk/CryptDhNull.c

 delete mode 100644 Cryptlib/Pk/CryptPkcs7Sign.c

 delete mode 100644 Cryptlib/Pk/CryptPkcs7VerifyNull.c

 delete mode 100644 Cryptlib/Pk/CryptRsaExt.c

diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile

index 73a1e2b..9719a27 100644

--- a/Cryptlib/Makefile

+++ b/Cryptlib/Makefile

@@ -25,13 +25,10 @@ OBJS		=   Hash/CryptMd4.o \

 		    Cipher/CryptArc4.o \

 		    Rand/CryptRand.o \

 		    Pk/CryptRsaBasic.o \

-		    Pk/CryptRsaExt.o \

 		    Pk/CryptRsaExtNull.o \

-		    Pk/CryptPkcs7Sign.o \

 		    Pk/CryptPkcs7SignNull.o \

 		    Pk/CryptPkcs7Verify.o \

-		    Pk/CryptPkcs7VerifyNull.o \

-		    Pk/CryptDh.o \

+		    Pk/CryptDhNull.o \

 		    Pk/CryptX509.o \

 		    Pk/CryptAuthenticode.o \

 		    Pem/CryptPem.o \

diff --git a/Cryptlib/Pk/CryptDh.c b/Cryptlib/Pk/CryptDh.c

deleted file mode 100644

index 942b3d1..0000000

--- a/Cryptlib/Pk/CryptDh.c

+++ /dev/null

@@ -1,328 +0,0 @@

-/** @file

-  Diffie-Hellman Wrapper Implementation over OpenSSL.

-

-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.

-This program and the accompanying materials

-are licensed and made available under the terms and conditions of the BSD License

-which accompanies this distribution.  The full text of the license may be found at

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-

-#include "InternalCryptLib.h"

-#include <openssl/dh.h>

-

-

-/**

-  Allocates and Initializes one Diffie-Hellman Context for subsequent use.

-

-  @return  Pointer to the Diffie-Hellman Context that has been initialized.

-           If the allocations fails, DhNew() returns NULL.

-

-**/

-VOID *

-EFIAPI

-DhNew (

-  VOID

-  )

-{

-  //

-  // Allocates & Initializes DH Context by OpenSSL DH_new()

-  //

-  return (VOID *) DH_new ();

-}

-

-/**

-  Release the specified DH context.

-

-  If DhContext is NULL, then return FALSE.

-

-  @param[in]  DhContext  Pointer to the DH context to be released.

-

-**/

-VOID

-EFIAPI

-DhFree (

-  IN  VOID  *DhContext

-  )

-{

-  //

-  // Free OpenSSL DH Context

-  //

-  DH_free ((DH *) DhContext);

-}

-

-/**

-  Generates DH parameter.

-

-  Given generator g, and length of prime number p in bits, this function generates p,

-  and sets DH context according to value of g and p.

-  

-  Before this function can be invoked, pseudorandom number generator must be correctly

-  initialized by RandomSeed().

-

-  If DhContext is NULL, then return FALSE.

-  If Prime is NULL, then return FALSE.

-

-  @param[in, out]  DhContext    Pointer to the DH context.

-  @param[in]       Generator    Value of generator.

-  @param[in]       PrimeLength  Length in bits of prime to be generated.

-  @param[out]      Prime        Pointer to the buffer to receive the generated prime number.

-

-  @retval TRUE   DH pamameter generation succeeded.

-  @retval FALSE  Value of Generator is not supported.

-  @retval FALSE  PRNG fails to generate random prime number with PrimeLength.

-

-**/

-BOOLEAN

-EFIAPI

-DhGenerateParameter (

-  IN OUT  VOID   *DhContext,

-  IN      UINTN  Generator,

-  IN      UINTN  PrimeLength,

-  OUT     UINT8  *Prime

-  )

-{

-  BOOLEAN RetVal;

-

-  //

-  // Check input parameters.

-  //

-  if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {

-    return FALSE;

-  }

-

-  if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {

-    return FALSE;

-  }

-

-  RetVal = (BOOLEAN) DH_generate_parameters_ex (DhContext, (UINT32) PrimeLength, (UINT32) Generator, NULL);

-  if (!RetVal) {

-    return FALSE;

-  }

-

-  BN_bn2bin (((DH *) DhContext)->p, Prime);

-

-  return TRUE;

-}

-

-/**

-  Sets generator and prime parameters for DH.

-

-  Given generator g, and prime number p, this function and sets DH

-  context accordingly.

-

-  If DhContext is NULL, then return FALSE.

-  If Prime is NULL, then return FALSE.

-

-  @param[in, out]  DhContext    Pointer to the DH context.

-  @param[in]       Generator    Value of generator.

-  @param[in]       PrimeLength  Length in bits of prime to be generated.

-  @param[in]       Prime        Pointer to the prime number.

-

-  @retval TRUE   DH pamameter setting succeeded.

-  @retval FALSE  Value of Generator is not supported.

-  @retval FALSE  Value of Generator is not suitable for the Prime.

-  @retval FALSE  Value of Prime is not a prime number.

-  @retval FALSE  Value of Prime is not a safe prime number.

-

-**/

-BOOLEAN

-EFIAPI

-DhSetParameter (

-  IN OUT  VOID         *DhContext,

-  IN      UINTN        Generator,

-  IN      UINTN        PrimeLength,

-  IN      CONST UINT8  *Prime

-  )

-{

-  DH      *Dh;

-  BIGNUM  *Bn;

-

-  //

-  // Check input parameters.

-  //

-  if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {

-    return FALSE;

-  }

-  

-  if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {

-    return FALSE;

-  }

-

-  Bn = NULL;

-

-  Dh = (DH *) DhContext;

-  Dh->g = NULL;

-  Dh->p = BN_new ();

-  if (Dh->p == NULL) {

-    goto Error;

-  }

-  

-  Dh->g = BN_new ();

-  if (Dh->g == NULL) {

-    goto Error;

-  }

-

-  Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);

-  if (Bn == NULL) {

-    goto Error;

-  }

-

-  if (BN_set_word (Dh->g, (UINT32) Generator) == 0) {

-    goto Error;

-  }

-

-  return TRUE;

-

-Error:

-

-  if (Dh->p != NULL) {

-    BN_free (Dh->p);

-  }

-

-  if (Dh->g != NULL) {

-    BN_free (Dh->g);

-  }

-

-  if (Bn != NULL) {

-    BN_free (Bn);

-  }

-  

-  return FALSE;

-}

-

-/**

-  Generates DH public key.

-

-  This function generates random secret exponent, and computes the public key, which is 

-  returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly.

-  If the PublicKey buffer is too small to hold the public key, FALSE is returned and

-  PublicKeySize is set to the required buffer size to obtain the public key.

-

-  If DhContext is NULL, then return FALSE.

-  If PublicKeySize is NULL, then return FALSE.

-  If PublicKeySize is large enough but PublicKey is NULL, then return FALSE.

-

-  @param[in, out]  DhContext      Pointer to the DH context.

-  @param[out]      PublicKey      Pointer to the buffer to receive generated public key.

-  @param[in, out]  PublicKeySize  On input, the size of PublicKey buffer in bytes.

-                                  On output, the size of data returned in PublicKey buffer in bytes.

-

-  @retval TRUE   DH public key generation succeeded.

-  @retval FALSE  DH public key generation failed.

-  @retval FALSE  PublicKeySize is not large enough.

-

-**/

-BOOLEAN

-EFIAPI

-DhGenerateKey (

-  IN OUT  VOID   *DhContext,

-  OUT     UINT8  *PublicKey,

-  IN OUT  UINTN  *PublicKeySize

-  )

-{

-  BOOLEAN RetVal;

-  DH      *Dh;

-  INTN    Size;

-

-  //

-  // Check input parameters.

-  //

-  if (DhContext == NULL || PublicKeySize == NULL) {

-    return FALSE;

-  }

-

-  if (PublicKey == NULL && *PublicKeySize != 0) {

-    return FALSE;

-  }

-  

-  Dh = (DH *) DhContext;

-

-  RetVal = (BOOLEAN) DH_generate_key (DhContext);

-  if (RetVal) {

-    Size = BN_num_bytes (Dh->pub_key);

-    if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) {

-      *PublicKeySize = Size;

-      return FALSE;

-    }

-    

-    BN_bn2bin (Dh->pub_key, PublicKey);

-    *PublicKeySize = Size;

-  }

-

-  return RetVal;

-}

-

-/**

-  Computes exchanged common key.

-

-  Given peer's public key, this function computes the exchanged common key, based on its own

-  context including value of prime modulus and random secret exponent. 

-

-  If DhContext is NULL, then return FALSE.

-  If PeerPublicKey is NULL, then return FALSE.

-  If KeySize is NULL, then return FALSE.

-  If Key is NULL, then return FALSE.

-  If KeySize is not large enough, then return FALSE.

-

-  @param[in, out]  DhContext          Pointer to the DH context.

-  @param[in]       PeerPublicKey      Pointer to the peer's public key.

-  @param[in]       PeerPublicKeySize  Size of peer's public key in bytes.

-  @param[out]      Key                Pointer to the buffer to receive generated key.

-  @param[in, out]  KeySize            On input, the size of Key buffer in bytes.

-                                      On output, the size of data returned in Key buffer in bytes.

-

-  @retval TRUE   DH exchanged key generation succeeded.

-  @retval FALSE  DH exchanged key generation failed.

-  @retval FALSE  KeySize is not large enough.

-

-**/

-BOOLEAN

-EFIAPI

-DhComputeKey (

-  IN OUT  VOID         *DhContext,

-  IN      CONST UINT8  *PeerPublicKey,

-  IN      UINTN        PeerPublicKeySize,

-  OUT     UINT8        *Key,

-  IN OUT  UINTN        *KeySize

-  )

-{

-  BIGNUM  *Bn;

-  INTN    Size;

-

-  //

-  // Check input parameters.

-  //

-  if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) {

-    return FALSE;

-  }

-

-  if (PeerPublicKeySize > INT_MAX) {

-    return FALSE;

-  }

-  

-  Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);

-  if (Bn == NULL) {

-    return FALSE;

-  }

-

-  Size = DH_compute_key (Key, Bn, DhContext);

-  if (Size < 0) {

-    BN_free (Bn);

-    return FALSE;

-  }

-

-  if (*KeySize < (UINTN) Size) {

-    *KeySize = Size;

-    BN_free (Bn);

-    return FALSE;

-  }

-

-  *KeySize = Size;

-  BN_free (Bn);

-  return TRUE;

-}

diff --git a/Cryptlib/Pk/CryptDhNull.c b/Cryptlib/Pk/CryptDhNull.c

new file mode 100644

index 0000000..35045db

--- /dev/null

+++ b/Cryptlib/Pk/CryptDhNull.c

@@ -0,0 +1,156 @@

+/** @file

+  Diffie-Hellman Wrapper Implementation which does not provide

+  real capabilities.

+

+Copyright (c) 2012, Intel Corporation. All rights reserved.

+This program and the accompanying materials

+are licensed and made available under the terms and conditions of the BSD License

+which accompanies this distribution.  The full text of the license may be found at

+http://opensource.org/licenses/bsd-license.php

+

+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+

+**/

+

+#include "InternalCryptLib.h"

+

+/**

+  Allocates and Initializes one Diffie-Hellman Context for subsequent use.

+

+  @return  Pointer to the Diffie-Hellman Context that has been initialized.

+           If the interface is not supported, DhNew() returns NULL.

+

+**/

+VOID *

+EFIAPI

+DhNew (

+  VOID

+  )

+{

+  ASSERT (FALSE);

+  return NULL;

+}

+

+/**

+  Release the specified DH context.

+

+  If the interface is not supported, then ASSERT().

+

+  @param[in]  DhContext  Pointer to the DH context to be released.

+

+**/

+VOID

+EFIAPI

+DhFree (

+  IN  VOID  *DhContext

+  )

+{

+  ASSERT (FALSE);

+}

+

+/**

+  Generates DH parameter.

+

+  Return FALSE to indicate this interface is not supported.

+

+  @param[in, out]  DhContext    Pointer to the DH context.

+  @param[in]       Generator    Value of generator.

+  @param[in]       PrimeLength  Length in bits of prime to be generated.

+  @param[out]      Prime        Pointer to the buffer to receive the generated prime number.

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+DhGenerateParameter (

+  IN OUT  VOID   *DhContext,

+  IN      UINTN  Generator,

+  IN      UINTN  PrimeLength,

+  OUT     UINT8  *Prime

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

+

+/**

+  Sets generator and prime parameters for DH.

+

+  Return FALSE to indicate this interface is not supported.

+

+  @param[in, out]  DhContext    Pointer to the DH context.

+  @param[in]       Generator    Value of generator.

+  @param[in]       PrimeLength  Length in bits of prime to be generated.

+  @param[in]       Prime        Pointer to the prime number.

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+DhSetParameter (

+  IN OUT  VOID         *DhContext,

+  IN      UINTN        Generator,

+  IN      UINTN        PrimeLength,

+  IN      CONST UINT8  *Prime

+  )

+{

+  ASSERT (FALSE);

+  return FALSE; 

+}

+

+/**

+  Generates DH public key.

+

+  Return FALSE to indicate this interface is not supported.

+

+  @param[in, out]  DhContext      Pointer to the DH context.

+  @param[out]      PublicKey      Pointer to the buffer to receive generated public key.

+  @param[in, out]  PublicKeySize  On input, the size of PublicKey buffer in bytes.

+                                  On output, the size of data returned in PublicKey buffer in bytes.

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+DhGenerateKey (

+  IN OUT  VOID   *DhContext,

+  OUT     UINT8  *PublicKey,

+  IN OUT  UINTN  *PublicKeySize

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

+

+/**

+  Computes exchanged common key.

+

+  Return FALSE to indicate this interface is not supported.

+

+  @param[in, out]  DhContext          Pointer to the DH context.

+  @param[in]       PeerPublicKey      Pointer to the peer's public key.

+  @param[in]       PeerPublicKeySize  Size of peer's public key in bytes.

+  @param[out]      Key                Pointer to the buffer to receive generated key.

+  @param[in, out]  KeySize            On input, the size of Key buffer in bytes.

+                                      On output, the size of data returned in Key buffer in bytes.

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+DhComputeKey (

+  IN OUT  VOID         *DhContext,

+  IN      CONST UINT8  *PeerPublicKey,

+  IN      UINTN        PeerPublicKeySize,

+  OUT     UINT8        *Key,

+  IN OUT  UINTN        *KeySize

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

diff --git a/Cryptlib/Pk/CryptPkcs7Sign.c b/Cryptlib/Pk/CryptPkcs7Sign.c

deleted file mode 100644

index 63fe78f..0000000

--- a/Cryptlib/Pk/CryptPkcs7Sign.c

+++ /dev/null

@@ -1,207 +0,0 @@

-/** @file

-  PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.

-

-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.

-This program and the accompanying materials

-are licensed and made available under the terms and conditions of the BSD License

-which accompanies this distribution.  The full text of the license may be found at

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-

-#include "InternalCryptLib.h"

-

-#include <openssl/objects.h>

-#include <openssl/x509.h>

-#include <openssl/pkcs7.h>

-

-

-/**

-  Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message

-  Syntax Standard, version 1.5". This interface is only intended to be used for

-  application to perform PKCS#7 functionality validation.

-

-  @param[in]  PrivateKey       Pointer to the PEM-formatted private key data for

-                               data signing.

-  @param[in]  PrivateKeySize   Size of the PEM private key data in bytes.

-  @param[in]  KeyPassword      NULL-terminated passphrase used for encrypted PEM

-                               key data.

-  @param[in]  InData           Pointer to the content to be signed.

-  @param[in]  InDataSize       Size of InData in bytes.

-  @param[in]  SignCert         Pointer to signer's DER-encoded certificate to sign with.

-  @param[in]  OtherCerts       Pointer to an optional additional set of certificates to

-                               include in the PKCS#7 signedData (e.g. any intermediate

-                               CAs in the chain).

-  @param[out] SignedData       Pointer to output PKCS#7 signedData.

-  @param[out] SignedDataSize   Size of SignedData in bytes.

-

-  @retval     TRUE             PKCS#7 data signing succeeded.

-  @retval     FALSE            PKCS#7 data signing failed.

-

-**/

-BOOLEAN

-EFIAPI

-Pkcs7Sign (

-  IN   CONST UINT8  *PrivateKey,

-  IN   UINTN        PrivateKeySize,

-  IN   CONST UINT8  *KeyPassword,

-  IN   UINT8        *InData,

-  IN   UINTN        InDataSize,

-  IN   UINT8        *SignCert,

-  IN   UINT8        *OtherCerts      OPTIONAL,

-  OUT  UINT8        **SignedData,

-  OUT  UINTN        *SignedDataSize

-  )

-{

-  BOOLEAN   Status;

-  EVP_PKEY  *Key;

-  BIO       *DataBio;

-  PKCS7     *Pkcs7;

-  UINT8     *RsaContext;

-  UINT8     *P7Data;

-  UINTN     P7DataSize;

-  UINT8     *Tmp;

-

-  //

-  // Check input parameters.

-  //

-  if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||

-    SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {

-    return FALSE;

-  }

-

-  RsaContext = NULL;

-  Key        = NULL;

-  Pkcs7      = NULL;

-  DataBio    = NULL;

-  Status     = FALSE;

-

-  //

-  // Retrieve RSA private key from PEM data.

-  //

-  Status = RsaGetPrivateKeyFromPem (

-             PrivateKey,

-             PrivateKeySize,

-             (CONST CHAR8 *) KeyPassword,

-             (VOID **) &RsaContext

-             );

-  if (!Status) {

-    return Status;

-  }

-

-  Status = FALSE;

-

-  //

-  // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling

-  //

-  if (EVP_add_digest (EVP_md5 ()) == 0) {

-    goto _Exit;

-  }

-  if (EVP_add_digest (EVP_sha1 ()) == 0) {

-    goto _Exit;

-  }

-  if (EVP_add_digest (EVP_sha256 ()) == 0) {

-    goto _Exit;

-  }

-

-  RandomSeed (NULL, 0);

-

-  //

-  // Construct OpenSSL EVP_PKEY for private key.

-  //

-  Key = EVP_PKEY_new ();

-  if (Key == NULL) {

-    goto _Exit;

-  }

-  Key->save_type = EVP_PKEY_RSA;

-  Key->type      = EVP_PKEY_type (EVP_PKEY_RSA);

-  Key->pkey.rsa  = (RSA *) RsaContext;

-

-  //

-  // Convert the data to be signed to BIO format. 

-  //

-  DataBio = BIO_new (BIO_s_mem ());

-  if (DataBio == NULL) {

-    goto _Exit;

-  }

-

-  if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) {

-    goto _Exit;

-  }

-

-  //

-  // Create the PKCS#7 signedData structure.

-  //

-  Pkcs7 = PKCS7_sign (

-            (X509 *) SignCert,

-            Key,

-            (STACK_OF(X509) *) OtherCerts,

-            DataBio,

-            PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED

-            );

-  if (Pkcs7 == NULL) {

-    goto _Exit;

-  }

-

-  //

-  // Convert PKCS#7 signedData structure into DER-encoded buffer.

-  //

-  P7DataSize = i2d_PKCS7 (Pkcs7, NULL);

-  if (P7DataSize <= 19) {

-    goto _Exit;

-  }

-

-  P7Data     = malloc (P7DataSize);

-  if (P7Data == NULL) {

-    goto _Exit;

-  }

-

-  Tmp        = P7Data;

-  P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);

-  ASSERT (P7DataSize > 19);

-

-  //

-  // Strip ContentInfo to content only for signeddata. The data be trimmed off

-  // is totally 19 bytes.

-  //

-  *SignedDataSize = P7DataSize - 19;

-  *SignedData     = malloc (*SignedDataSize);

-  if (*SignedData == NULL) {