Cryptlib: replace CryptPem with the Null version

CryptPem only provides one function: RsaGetPrivateKeyFromPem(). Since we
don't need to retrieve any private key, it's safe to disable the
function.

Signed-off-by: Gary Lin <glin@suse.com>

4 files changed, 46 insertions, 137 deletions

diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
index b3a06e44..77a5bd4a 100644
--- a/Cryptlib/Makefile
+++ b/Cryptlib/Makefile
@@ -40,7 +40,7 @@ OBJS		=   Hash/CryptMd4Null.o \
 		    Pk/CryptTs.o \
 		    Pk/CryptX509.o \
 		    Pk/CryptAuthenticode.o \
-		    Pem/CryptPem.o \
+		    Pem/CryptPemNull.o \
 		    SysCall/CrtWrapper.o \
 		    SysCall/TimerWrapper.o \
 		    SysCall/BaseMemAllocation.o \
diff --git a/Cryptlib/Pem/CryptPem.c b/Cryptlib/Pem/CryptPem.c
deleted file mode 100644
index 51e648b7..00000000
--- a/Cryptlib/Pem/CryptPem.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/** @file

-  PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.

-

-Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>

-This program and the accompanying materials

-are licensed and made available under the terms and conditions of the BSD License

-which accompanies this distribution.  The full text of the license may be found at

-http://opensource.org/licenses/bsd-license.php

-

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

-

-**/

-

-#include "InternalCryptLib.h"

-#include <openssl/pem.h>

-

-/**

-  Callback function for password phrase conversion used for retrieving the encrypted PEM.

-

-  @param[out]  Buf      Pointer to the buffer to write the passphrase to.

-  @param[in]   Size     Maximum length of the passphrase (i.e. the size of Buf).

-  @param[in]   Flag     A flag which is set to 0 when reading and 1 when writing.

-  @param[in]   Key      Key data to be passed to the callback routine.

-

-  @retval  The number of characters in the passphrase or 0 if an error occurred.

-

-**/

-INTN

-PasswordCallback (

-  OUT  CHAR8  *Buf, 

-  IN   INTN   Size, 

-  IN   INTN   Flag, 

-  IN   VOID   *Key

-  )

-{

-  INTN  KeyLength;

-

-  ZeroMem ((VOID *) Buf, (UINTN) Size);

-  if (Key != NULL) {

-    //

-    // Duplicate key phrase directly.

-    //

-    KeyLength = (INTN) AsciiStrLen ((CHAR8 *)Key);

-    KeyLength = (KeyLength > Size ) ? Size : KeyLength;

-    CopyMem (Buf, Key, (UINTN) KeyLength);

-    return KeyLength;

-  } else {

-    return 0;

-  }

-}

-

-/**

-  Retrieve the RSA Private Key from the password-protected PEM key data.

-

-  @param[in]  PemData      Pointer to the PEM-encoded key data to be retrieved.

-  @param[in]  PemSize      Size of the PEM key data in bytes.

-  @param[in]  Password     NULL-terminated passphrase used for encrypted PEM key data.

-  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved

-                           RSA private key component. Use RsaFree() function to free the

-                           resource.

-

-  If PemData is NULL, then return FALSE.

-  If RsaContext is NULL, then return FALSE.

-

-  @retval  TRUE   RSA Private Key was retrieved successfully.

-  @retval  FALSE  Invalid PEM key data or incorrect password.

-

-**/

-BOOLEAN

-EFIAPI

-RsaGetPrivateKeyFromPem (

-  IN   CONST UINT8  *PemData,

-  IN   UINTN        PemSize,

-  IN   CONST CHAR8  *Password,

-  OUT  VOID         **RsaContext

-  )

-{

-  BOOLEAN  Status;

-  BIO      *PemBio;

-

-  //

-  // Check input parameters.

-  //

-  if (PemData == NULL || RsaContext == NULL || PemSize > INT_MAX) {

-    return FALSE;

-  }

-

-  //

-  // Add possible block-cipher descriptor for PEM data decryption.

-  // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.

-  //

-  if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) {

-    return FALSE;

-  }

-  if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {

-    return FALSE;

-  }

-  if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) {

-    return FALSE;

-  }

-  if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) {

-    return FALSE;

-  }

-

-  Status = FALSE;

-

-  //

-  // Read encrypted PEM Data.

-  //

-  PemBio = BIO_new (BIO_s_mem ());

-  if (PemBio == NULL) {

-    goto _Exit;

-  }

-

-  if (BIO_write (PemBio, PemData, (int) PemSize) <= 0) {

-    goto _Exit;

-  }

-

-  //

-  // Retrieve RSA Private Key from encrypted PEM data.

-  //

-  *RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *) &PasswordCallback, (void *) Password);

-  if (*RsaContext != NULL) {

-    Status = TRUE;

-  }

-

-_Exit:

-  //

-  // Release Resources.

-  //

-  BIO_free (PemBio);

-

-  return Status;

-}

diff --git a/Cryptlib/Pem/CryptPemNull.c b/Cryptlib/Pem/CryptPemNull.c
new file mode 100644
index 00000000..8c9e4f0b
--- /dev/null
+++ b/Cryptlib/Pem/CryptPemNull.c
@@ -0,0 +1,44 @@
+/** @file

+  PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation which does

+  not provide real capabilities.

+

+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>

+This program and the accompanying materials

+are licensed and made available under the terms and conditions of the BSD License

+which accompanies this distribution.  The full text of the license may be found at

+http://opensource.org/licenses/bsd-license.php

+

+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+

+**/

+

+#include "InternalCryptLib.h"

+

+/**

+  Retrieve the RSA Private Key from the password-protected PEM key data.

+

+  Return FALSE to indicate this interface is not supported.

+

+  @param[in]  PemData      Pointer to the PEM-encoded key data to be retrieved.

+  @param[in]  PemSize      Size of the PEM key data in bytes.

+  @param[in]  Password     NULL-terminated passphrase used for encrypted PEM key data.

+  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved

+                           RSA private key component. Use RsaFree() function to free the

+                           resource.

+

+  @retval FALSE  This interface is not supported.

+

+**/

+BOOLEAN

+EFIAPI

+RsaGetPrivateKeyFromPem (

+  IN   CONST UINT8  *PemData,

+  IN   UINTN        PemSize,

+  IN   CONST CHAR8  *Password,

+  OUT  VOID         **RsaContext

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh
index b29f11ce..392e21a1 100755
--- a/Cryptlib/update.sh
+++ b/Cryptlib/update.sh
@@ -23,7 +23,7 @@ cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptDhNull.c Pk/CryptDhNull.c
 cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c Pk/CryptTs.c
 cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c Pk/CryptX509.c
 cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c
-cp $DIR/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c Pem/CryptPem.c
+cp $DIR/CryptoPkg/Library/BaseCryptLib/Pem/CryptPemNull.c Pem/CryptPemNull.c
 cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c SysCall/CrtWrapper.c
 cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c SysCall/TimerWrapper.c
 cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c SysCall/BaseMemAllocation.c