Add CryptoPkg/Library/BaseCryptLib/ and CryptoPkg/Library/OpensslLib/openssl-rebase-helper-start

7 files changed, 442 insertions, 0 deletions

diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/smime/encr.txt b/CryptoPkg/Library/OpensslLib/openssl/demos/smime/encr.txt
new file mode 100644
index 00000000..f163a326
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/openssl/demos/smime/encr.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+
+Sample OpenSSL Data for PKCS#7 encryption
diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/smime/sign.txt b/CryptoPkg/Library/OpensslLib/openssl/demos/smime/sign.txt
new file mode 100644
index 00000000..af1341d0
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/openssl/demos/smime/sign.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+
+Test OpenSSL Signed Content
diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smdec.c b/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smdec.c
new file mode 100644
index 00000000..c4d1b090
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smdec.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple S/MIME signing example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL;
+    X509 *rcert = NULL;
+    EVP_PKEY *rkey = NULL;
+    PKCS7 *p7 = NULL;
+    int ret = 1;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Read in recipient certificate and private key */
+    tbio = BIO_new_file("signer.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    BIO_reset(tbio);
+
+    rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+    if (!rcert || !rkey)
+        goto err;
+
+    /* Open content being signed */
+
+    in = BIO_new_file("smencr.txt", "r");
+
+    if (!in)
+        goto err;
+
+    /* Sign content */
+    p7 = SMIME_read_PKCS7(in, NULL);
+
+    if (!p7)
+        goto err;
+
+    out = BIO_new_file("encrout.txt", "w");
+    if (!out)
+        goto err;
+
+    /* Decrypt S/MIME message */
+    if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
+        goto err;
+
+    ret = 0;
+
+ err:
+    if (ret) {
+        fprintf(stderr, "Error Signing Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+    PKCS7_free(p7);
+    X509_free(rcert);
+    EVP_PKEY_free(rkey);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+
+    return ret;
+
+}
diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smenc.c b/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smenc.c
new file mode 100644
index 00000000..5d36e9a4
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smenc.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple S/MIME encrypt example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL;
+    X509 *rcert = NULL;
+    STACK_OF(X509) *recips = NULL;
+    PKCS7 *p7 = NULL;
+    int ret = 1;
+
+    /*
+     * On OpenSSL 0.9.9 only:
+     * for streaming set PKCS7_STREAM
+     */
+    int flags = PKCS7_STREAM;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Read in recipient certificate */
+    tbio = BIO_new_file("signer.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    if (!rcert)
+        goto err;
+
+    /* Create recipient STACK and add recipient cert to it */
+    recips = sk_X509_new_null();
+
+    if (!recips || !sk_X509_push(recips, rcert))
+        goto err;
+
+    /*
+     * sk_X509_pop_free will free up recipient STACK and its contents so set
+     * rcert to NULL so it isn't freed up twice.
+     */
+    rcert = NULL;
+
+    /* Open content being encrypted */
+
+    in = BIO_new_file("encr.txt", "r");
+
+    if (!in)
+        goto err;
+
+    /* encrypt content */
+    p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
+
+    if (!p7)
+        goto err;
+
+    out = BIO_new_file("smencr.txt", "w");
+    if (!out)
+        goto err;
+
+    /* Write out S/MIME message */
+    if (!SMIME_write_PKCS7(out, p7, in, flags))
+        goto err;
+
+    ret = 0;
+
+ err:
+    if (ret) {
+        fprintf(stderr, "Error Encrypting Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+    PKCS7_free(p7);
+    X509_free(rcert);
+    sk_X509_pop_free(recips, X509_free);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+    return ret;
+
+}
diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smsign.c b/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smsign.c
new file mode 100644
index 00000000..ba0adb39
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smsign.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple S/MIME signing example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL;
+    X509 *scert = NULL;
+    EVP_PKEY *skey = NULL;
+    PKCS7 *p7 = NULL;
+    int ret = 1;
+
+    /*
+     * For simple S/MIME signing use PKCS7_DETACHED. On OpenSSL 0.9.9 only:
+     * for streaming detached set PKCS7_DETACHED|PKCS7_STREAM for streaming
+     * non-detached set PKCS7_STREAM
+     */
+    int flags = PKCS7_DETACHED | PKCS7_STREAM;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Read in signer certificate and private key */
+    tbio = BIO_new_file("signer.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    BIO_reset(tbio);
+
+    skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+    if (!scert || !skey)
+        goto err;
+
+    /* Open content being signed */
+
+    in = BIO_new_file("sign.txt", "r");
+
+    if (!in)
+        goto err;
+
+    /* Sign content */
+    p7 = PKCS7_sign(scert, skey, NULL, in, flags);
+
+    if (!p7)
+        goto err;
+
+    out = BIO_new_file("smout.txt", "w");
+    if (!out)
+        goto err;
+
+    if (!(flags & PKCS7_STREAM))
+        BIO_reset(in);
+
+    /* Write out S/MIME message */
+    if (!SMIME_write_PKCS7(out, p7, in, flags))
+        goto err;
+
+    ret = 0;
+
+ err:
+    if (ret) {
+        fprintf(stderr, "Error Signing Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+    PKCS7_free(p7);
+    X509_free(scert);
+    EVP_PKEY_free(skey);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+
+    return ret;
+
+}
diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smsign2.c b/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smsign2.c
new file mode 100644
index 00000000..2b7f45b2
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smsign2.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL;
+    X509 *scert = NULL, *scert2 = NULL;
+    EVP_PKEY *skey = NULL, *skey2 = NULL;
+    PKCS7 *p7 = NULL;
+    int ret = 1;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    tbio = BIO_new_file("signer.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    BIO_reset(tbio);
+
+    skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+    BIO_free(tbio);
+
+    tbio = BIO_new_file("signer2.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    BIO_reset(tbio);
+
+    skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+    if (!scert2 || !skey2)
+        goto err;
+
+    in = BIO_new_file("sign.txt", "r");
+
+    if (!in)
+        goto err;
+
+    p7 = PKCS7_sign(NULL, NULL, NULL, in, PKCS7_STREAM | PKCS7_PARTIAL);
+
+    if (!p7)
+        goto err;
+
+    /* Add each signer in turn */
+
+    if (!PKCS7_sign_add_signer(p7, scert, skey, NULL, 0))
+        goto err;
+
+    if (!PKCS7_sign_add_signer(p7, scert2, skey2, NULL, 0))
+        goto err;
+
+    out = BIO_new_file("smout.txt", "w");
+    if (!out)
+        goto err;
+
+    /* NB: content included and finalized by SMIME_write_PKCS7 */
+
+    if (!SMIME_write_PKCS7(out, p7, in, PKCS7_STREAM))
+        goto err;
+
+    ret = 0;
+
+ err:
+    if (ret) {
+        fprintf(stderr, "Error Signing Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+    PKCS7_free(p7);
+    X509_free(scert);
+    EVP_PKEY_free(skey);
+    X509_free(scert2);
+    EVP_PKEY_free(skey2);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+    return ret;
+}
diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smver.c b/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smver.c
new file mode 100644
index 00000000..75411c40
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smver.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple S/MIME verification example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
+    X509_STORE *st = NULL;
+    X509 *cacert = NULL;
+    PKCS7 *p7 = NULL;
+
+    int ret = 1;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Set up trusted CA certificate store */
+
+    st = X509_STORE_new();
+
+    /* Read in signer certificate and private key */
+    tbio = BIO_new_file("cacert.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    if (!cacert)
+        goto err;
+
+    if (!X509_STORE_add_cert(st, cacert))
+        goto err;
+
+    /* Open content being signed */
+
+    in = BIO_new_file("smout.txt", "r");
+
+    if (!in)
+        goto err;
+
+    /* Sign content */
+    p7 = SMIME_read_PKCS7(in, &cont);
+
+    if (!p7)
+        goto err;
+
+    /* File to output verified content to */
+    out = BIO_new_file("smver.txt", "w");
+    if (!out)
+        goto err;
+
+    if (!PKCS7_verify(p7, NULL, st, cont, out, 0)) {
+        fprintf(stderr, "Verification Failure\n");
+        goto err;
+    }
+
+    fprintf(stderr, "Verification Successful\n");
+
+    ret = 0;
+
+ err:
+    if (ret) {
+        fprintf(stderr, "Error Verifying Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+    PKCS7_free(p7);
+    X509_free(cacert);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+    return ret;
+}