[edk2-devel] [PATCH v3 28/28] CryptoPkg: Enable cypto HMAC KDF and AES library

Wed, 08 Jun 2022 23:03:58 -0700 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594

V3: Fix build issue when DiSABLE_SHA1_DEPRECATED_INTERFACES
is defined. Percolate the #ifndef DiSABLE_SHA1_DEPRECATED_INTERFACES
to all the Sha1 functions. Replace AllocatePool() with
AllocatePages() and FreePool() with FreePages() because
FreePool() is not supported in PEI phase. FreePool() does not
free the allocated pool in PEI phase causing a memory leak.

V1: RPMC confidentiality feature requires HMAC-SHA256 support
during SMM phase. This allows the protected variable's data to
be encrypted in the SPI flash.  PEI phase requires AES.
AllocatePool is replaced by AllocatePages because the memory
allocated by AllocatePool cannot be freed in PEI phase.
This is causing a memory leak error when running this new
feature.

Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Xiaoyu Lu <xiaoyux...@intel.com>
Cc: Guomin Jiang <guomin.ji...@intel.com>
Cc: Nishant C Mistry <nishant.c.mis...@intel.com>
Signed-off-by: Jian J Wang <jian.j.w...@intel.com>
Signed-off-by: Nishant C Mistry <nishant.c.mis...@intel.com>
Signed-off-by: Judah Vang <judah.v...@intel.com>
---
 CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf             |  2 +-
 CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf             |  2 +-
 CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c | 11 ++++++-----
 CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c          | 14 +++++++++++++-
 4 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index 01de27e03747..40728af37822 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -43,7 +43,7 @@ [Sources]
   Hash/CryptParallelHashNull.c
   Hmac/CryptHmacSha256.c
   Kdf/CryptHkdf.c
-  Cipher/CryptAesNull.c
+  Cipher/CryptAes.c
   Pk/CryptRsaBasic.c
   Pk/CryptRsaExtNull.c
   Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 91a171509540..706b527338f0 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -43,7 +43,7 @@ [Sources]
   Hash/CryptCShake256.c
   Hash/CryptParallelHash.c
   Hmac/CryptHmacSha256.c
-  Kdf/CryptHkdfNull.c
+  Kdf/CryptHkdf.c
   Cipher/CryptAes.c
   Pk/CryptRsaBasic.c
   Pk/CryptRsaExtNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c 
b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c
index b7bed15c18df..d77e1f7de5e3 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c
@@ -2,13 +2,14 @@
   Base Memory Allocation Routines Wrapper for Crypto library over OpenSSL
   during PEI & DXE phases.
 
-Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
 
 #include <CrtLibSupport.h>
 #include <Library/MemoryAllocationLib.h>
+#include <Library/BaseCryptLib.h>
 
 //
 // Extra header to record the memory buffer size from malloc routine.
@@ -41,7 +42,7 @@ malloc (
   //
   NewSize = (UINTN)(size) + CRYPTMEM_OVERHEAD;
 
-  Data = AllocatePool (NewSize);
+  Data = AllocatePages (EFI_SIZE_TO_PAGES (NewSize));
   if (Data != NULL) {
     PoolHdr = (CRYPTMEM_HEAD *)Data;
     //
@@ -73,7 +74,7 @@ realloc (
   VOID           *Data;
 
   NewSize = (UINTN)size + CRYPTMEM_OVERHEAD;
-  Data    = AllocatePool (NewSize);
+  Data    = AllocatePages (EFI_SIZE_TO_PAGES (NewSize));
   if (Data != NULL) {
     NewPoolHdr            = (CRYPTMEM_HEAD *)Data;
     NewPoolHdr->Signature = CRYPTMEM_HEAD_SIGNATURE;
@@ -90,7 +91,7 @@ realloc (
       // Duplicate the buffer content.
       //
       CopyMem ((VOID *)(NewPoolHdr + 1), ptr, MIN (OldSize, size));
-      FreePool ((VOID *)OldPoolHdr);
+      FreePages (((VOID *)OldPoolHdr), EFI_SIZE_TO_PAGES (OldSize));
     }
 
     return (VOID *)(NewPoolHdr + 1);
@@ -117,6 +118,6 @@ free (
   if (ptr != NULL) {
     PoolHdr = (CRYPTMEM_HEAD *)ptr - 1;
     ASSERT (PoolHdr->Signature == CRYPTMEM_HEAD_SIGNATURE);
-    FreePool (PoolHdr);
+    FreePages (((VOID *)PoolHdr), EFI_SIZE_TO_PAGES (PoolHdr->Size));
   }
 }
diff --git a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c 
b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
index f9796b215865..ede9fa8c09ec 100644
--- a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
+++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
@@ -6,7 +6,7 @@
   This API, when called, will calculate the Hash using the
   hashing algorithm specified by PcdHashApiLibPolicy.
 
-  Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2020-2022, Intel Corporation. All rights reserved.<BR>
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -33,9 +33,11 @@ HashApiGetContextSize (
   )
 {
   switch (PcdGet32 (PcdHashApiLibPolicy)) {
+ #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
     case HASH_ALG_SHA1:
       return Sha1GetContextSize ();
       break;
+ #endif
 
     case HASH_ALG_SHA256:
       return Sha256GetContextSize ();
@@ -75,9 +77,11 @@ HashApiInit (
   )
 {
   switch (PcdGet32 (PcdHashApiLibPolicy)) {
+ #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
     case HASH_ALG_SHA1:
       return Sha1Init (HashContext);
       break;
+ #endif
 
     case HASH_ALG_SHA256:
       return Sha256Init (HashContext);
@@ -119,9 +123,11 @@ HashApiDuplicate (
   )
 {
   switch (PcdGet32 (PcdHashApiLibPolicy)) {
+ #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
     case HASH_ALG_SHA1:
       return Sha1Duplicate (HashContext, NewHashContext);
       break;
+ #endif
 
     case HASH_ALG_SHA256:
       return Sha256Duplicate (HashContext, NewHashContext);
@@ -165,9 +171,11 @@ HashApiUpdate (
   )
 {
   switch (PcdGet32 (PcdHashApiLibPolicy)) {
+ #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
     case HASH_ALG_SHA1:
       return Sha1Update (HashContext, DataToHash, DataToHashLen);
       break;
+ #endif
 
     case HASH_ALG_SHA256:
       return Sha256Update (HashContext, DataToHash, DataToHashLen);
@@ -209,9 +217,11 @@ HashApiFinal (
   )
 {
   switch (PcdGet32 (PcdHashApiLibPolicy)) {
+ #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
     case HASH_ALG_SHA1:
       return Sha1Final (HashContext, Digest);
       break;
+ #endif
 
     case HASH_ALG_SHA256:
       return Sha256Final (HashContext, Digest);
@@ -255,9 +265,11 @@ HashApiHashAll (
   )
 {
   switch (PcdGet32 (PcdHashApiLibPolicy)) {
+ #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
     case HASH_ALG_SHA1:
       return Sha1HashAll (DataToHash, DataToHashLen, Digest);
       break;
+ #endif
 
     case HASH_ALG_SHA256:
       return Sha256HashAll (DataToHash, DataToHashLen, Digest);
-- 
2.35.1.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90372): https://edk2.groups.io/g/devel/message/90372
Mute This Topic: https://groups.io/mt/91640201/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to