DMTF
diff --git a/‎CMakeLists.txt‎
Lines changed: 5 additions & 0 deletions b/‎CMakeLists.txt‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎library/spdm_crypt_lib/CMakeLists.txt‎
Lines changed: 8 additions & 1 deletion b/‎library/spdm_crypt_lib/CMakeLists.txt‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎os_stub/cryptlib_openssl/CMakeLists.txt‎
Lines changed: 1 addition & 1 deletion b/‎os_stub/cryptlib_openssl/CMakeLists.txt‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎os_stub/cryptlib_openssl/der/der.c‎
Lines changed: 32 additions & 4 deletions b/‎os_stub/cryptlib_openssl/der/der.c‎
Lines changed: 32 additions & 4 deletions
diff --git a/‎os_stub/cryptlib_openssl/hmac/hmac_sha.c‎
Lines changed: 128 additions & 56 deletions b/‎os_stub/cryptlib_openssl/hmac/hmac_sha.c‎
Lines changed: 128 additions & 56 deletions
@@ -693,6 +693,11 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
         set(CMAKE_EXE_LINKER_FLAGS "")
 
         set(CMAKE_C_LINK_EXECUTABLE "")
+    elseif(TOOLCHAIN STREQUAL "NONE")
+        # Use native toolchain with group linking for static libraries
+        set(CMAKE_LINKER gcc)
+        set(CMAKE_EXE_LINKER_FLAGS "-no-pie")
+        set(CMAKE_C_LINK_EXECUTABLE "<CMAKE_LINKER> <LINK_FLAGS> <OBJECTS> -o <TARGET> -Wl,--start-group <LINK_LIBRARIES> -Wl,--end-group")
     endif()
 
     if(NOT TOOLCHAIN STREQUAL "NIOS2_GCC")
 
@@ -38,4 +38,11 @@ target_sources(spdm_crypt_lib
         fips/libspdm_selftest_mldsa_vec.c
         fips/libspdm_selftest_slhdsa.c
         fips/libspdm_selftest_slhdsa_vec.c
-)
+)
+
+# Link to cryptlib implementation
+if(TARGET cryptlib_openssl)
+    target_link_libraries(spdm_crypt_lib INTERFACE cryptlib_openssl)
+elseif(TARGET cryptlib_mbedtls)
+    target_link_libraries(spdm_crypt_lib INTERFACE cryptlib_mbedtls)
+endif()
@@ -68,4 +68,4 @@ elseif(ARCH STREQUAL "loongarch64")
     target_compile_options(cryptlib_openssl PRIVATE -DLIBSPDM_CPU_LOONGARCH64)
 else()
     message(FATAL_ERROR "Unknown ARCH")
-endif()
+endif()
@@ -33,12 +33,25 @@
  * @retval  false  Invalid DER key data.
  *
  **/
+typedef struct {
+    EVP_PKEY *pkey;
+    BIGNUM *bn_n;
+    BIGNUM *bn_e;
+    BIGNUM *bn_d;
+    BIGNUM *bn_p;
+    BIGNUM *bn_q;
+    BIGNUM *bn_dp;
+    BIGNUM *bn_dq;
+    BIGNUM *bn_q_inv;
+} libspdm_rsa_ctx_evp_t;
+
 bool libspdm_rsa_get_public_key_from_der(const uint8_t *der_data,
                                          size_t der_size,
                                          void **rsa_context)
 {
     bool status;
     BIO *der_bio;
+    EVP_PKEY *pkey;
 
     /* Check input parameters.*/
 
@@ -47,6 +60,7 @@ bool libspdm_rsa_get_public_key_from_der(const uint8_t *der_data,
     }
 
     status = false;
+    pkey = NULL;
 
     /* Read DER data.*/
 
@@ -59,11 +73,25 @@ bool libspdm_rsa_get_public_key_from_der(const uint8_t *der_data,
         goto done;
     }
 
-    /* Retrieve RSA Public key from DER data.*/
-
-    *rsa_context = d2i_RSA_PUBKEY_bio(der_bio, NULL);
-    if (*rsa_context != NULL) {
+    /* Retrieve RSA Public key from DER data as EVP_PKEY.*/
+    pkey = d2i_PUBKEY_bio(der_bio, NULL);
+    if (pkey == NULL) {
+        goto done;
+    }
+    if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+        goto done;
+    }
+    {
+        libspdm_rsa_ctx_evp_t *ctx;
+        ctx = (libspdm_rsa_ctx_evp_t *)allocate_pool(sizeof(libspdm_rsa_ctx_evp_t));
+        if (ctx == NULL) {
+            goto done;
+        }
+        libspdm_zero_mem(ctx, sizeof(*ctx));
+        ctx->pkey = pkey;
+        *rsa_context = (void *)ctx;
         status = true;
+        pkey = NULL; /* ownership moved */
     }
 
 done:
 
@@ -9,7 +9,9 @@
  **/
 
 #include "internal_crypt_lib.h"
-#include <openssl/hmac.h>
+#include <openssl/evp.h>
+#include <openssl/core_names.h>
+#include <string.h>
 
 /**
  * Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD use.
@@ -20,24 +22,30 @@
  **/
 void *hmac_md_new(void)
 {
-
-    /* Allocates & Initializes HMAC_CTX context by OpenSSL HMAC_CTX_new()*/
-
-    return (void *)HMAC_CTX_new();
+    /* Create EVP_MAC context for HMAC using new API */
+    EVP_MAC *mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+    if (mac == NULL) {
+        return NULL;
+    }
+    
+    EVP_MAC_CTX *ctx = EVP_MAC_CTX_new(mac);
+    EVP_MAC_free(mac);
+    
+    return (void *)ctx;
 }
 
 /**
  * Release the specified HMAC_CTX context.
- *
+ * 
  * @param[in]  hmac_md_ctx  Pointer to the HMAC_CTX context to be released.
  *
  **/
 void hmac_md_free(void *hmac_md_ctx)
 {
-
-    /* Free OpenSSL HMAC_CTX context*/
-
-    HMAC_CTX_free((HMAC_CTX *)hmac_md_ctx);
+    /* Free EVP_MAC_CTX context */
+    if (hmac_md_ctx != NULL) {
+        EVP_MAC_CTX_free((EVP_MAC_CTX *)hmac_md_ctx);
+    }
 }
 
 /**
@@ -58,15 +66,29 @@ void hmac_md_free(void *hmac_md_ctx)
 bool hmac_md_set_key(const EVP_MD *md, void *hmac_md_ctx,
                      const uint8_t *key, size_t key_size)
 {
+    /* Check input parameters */
+    if (hmac_md_ctx == NULL || key == NULL || key_size == 0) {
+        return false;
+    }
 
-    /* Check input parameters.*/
-
-    if (hmac_md_ctx == NULL || key_size > INT_MAX) {
+    EVP_MAC_CTX *ctx = (EVP_MAC_CTX *)hmac_md_ctx;
+    
+    /* Get digest name from EVP_MD */
+    const char *digest_name = EVP_MD_get0_name(md);
+    if (digest_name == NULL) {
         return false;
     }
 
-    if (HMAC_Init_ex((HMAC_CTX *)hmac_md_ctx, key, (uint32_t)key_size, md,
-                     NULL) != 1) {
+    /* Setup parameters for HMAC */
+    OSSL_PARAM params[3];
+    params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, 
+                                                (char *)digest_name, 0);
+    params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
+                                                 (void *)key, key_size);
+    params[2] = OSSL_PARAM_construct_end();
+
+    /* Initialize MAC operation with key and parameters */
+    if (EVP_MAC_init(ctx, key, key_size, params) != 1) {
         return false;
     }
 
@@ -88,19 +110,51 @@ bool hmac_md_set_key(const EVP_MD *md, void *hmac_md_ctx,
  **/
 bool hmac_md_duplicate(const void *hmac_md_ctx, void *new_hmac_md_ctx)
 {
+    if (hmac_md_ctx == NULL || new_hmac_md_ctx == NULL) {
+        return false;
+    }
 
-    /* Check input parameters.*/
+    EVP_MAC_CTX *src_ctx = (EVP_MAC_CTX *)hmac_md_ctx;
+    EVP_MAC_CTX *dst_ctx = (EVP_MAC_CTX *)new_hmac_md_ctx;
 
-    if (hmac_md_ctx == NULL || new_hmac_md_ctx == NULL) {
+    /* Get parameters from source context */
+    OSSL_PARAM params[2];
+    unsigned char *key = NULL;
+    size_t key_len = 0;
+    char digest_name[64] = {0};  // Preallocate buffer instead of using pointer to pointer
+
+    /* Get key - use fixed buffer size */
+    params[0] = OSSL_PARAM_construct_octet_string("key", &key, 0);
+    params[1] = OSSL_PARAM_construct_end();
+    
+    if (EVP_MAC_CTX_get_params(src_ctx, params) != 1) {
         return false;
     }
 
-    if (HMAC_CTX_copy((HMAC_CTX *)new_hmac_md_ctx,
-                      (HMAC_CTX *)hmac_md_ctx) != 1) {
+    /* Get digest algorithm name - use preallocated buffer */
+    params[0] = OSSL_PARAM_construct_utf8_string("digest", digest_name, sizeof(digest_name));
+    params[1] = OSSL_PARAM_construct_end();
+    
+    if (EVP_MAC_CTX_get_params(src_ctx, params) != 1) {
+        OPENSSL_free(key);
         return false;
     }
 
-    return true;
+    /* Set parameters for destination context */
+    OSSL_PARAM set_params[3];
+    set_params[0] = OSSL_PARAM_construct_octet_string("key", key, key_len);
+    set_params[1] = OSSL_PARAM_construct_utf8_string("digest", digest_name, 0);
+    set_params[2] = OSSL_PARAM_construct_end();
+
+    bool result = false;
+    if (EVP_MAC_init(dst_ctx, key, key_len, set_params) == 1) {
+        result = true;
+    }
+
+    /* Clean up temporarily allocated memory */
+    OPENSSL_free(key);
+
+    return result;
 }
 
 /**
@@ -124,24 +178,23 @@ bool hmac_md_duplicate(const void *hmac_md_ctx, void *new_hmac_md_ctx)
 bool hmac_md_update(void *hmac_md_ctx, const void *data,
                     size_t data_size)
 {
-
-    /* Check input parameters.*/
-
+    /* Check input parameters */
     if (hmac_md_ctx == NULL) {
         return false;
     }
 
-
-    /* Check invalid parameters, in case that only DataLength was checked in OpenSSL*/
-
+    /* Check invalid parameters */
     if (data == NULL && data_size != 0) {
         return false;
     }
 
+    /* If data_size is 0 and data is NULL, it's a valid case - do nothing */
+    if (data_size == 0) {
+        return true;
+    }
 
-    /* OpenSSL HMAC-MD digest update*/
-
-    if (HMAC_Update((HMAC_CTX *)hmac_md_ctx, data, data_size) != 1) {
+    /* Update MAC computation with new data */
+    if (EVP_MAC_update((EVP_MAC_CTX *)hmac_md_ctx, data, data_size) != 1) {
         return false;
     }
 
@@ -170,22 +223,16 @@ bool hmac_md_update(void *hmac_md_ctx, const void *data,
  **/
 bool hmac_md_final(void *hmac_md_ctx, uint8_t *hmac_value)
 {
-    uint32_t length;
-
-
-    /* Check input parameters.*/
-
+    size_t out_len = 0;
+    
+    /* Check input parameters */
     if (hmac_md_ctx == NULL || hmac_value == NULL) {
         return false;
     }
 
-
-    /* OpenSSL HMAC-MD digest finalization*/
-
-    if (HMAC_Final((HMAC_CTX *)hmac_md_ctx, hmac_value, &length) != 1) {
-        return false;
-    }
-    if (HMAC_CTX_reset((HMAC_CTX *)hmac_md_ctx) != 1) {
+    /* Finalize MAC computation and get the result */
+    if (EVP_MAC_final((EVP_MAC_CTX *)hmac_md_ctx, hmac_value, &out_len, 
+                      EVP_MAC_CTX_get_mac_size((EVP_MAC_CTX *)hmac_md_ctx)) != 1) {
         return false;
     }
 
@@ -217,35 +264,60 @@ bool hmac_md_all(const EVP_MD *md, const void *data,
                  size_t data_size, const uint8_t *key, size_t key_size,
                  uint8_t *hmac_value)
 {
-    uint32_t length;
-    HMAC_CTX *ctx;
-    bool ret_val;
+    EVP_MAC *mac = NULL;
+    EVP_MAC_CTX *ctx = NULL;
+    size_t out_len = 0;
+    bool ret_val = false;
+    
+    /* Check input parameters */
+    if (md == NULL || data == NULL || key == NULL || hmac_value == NULL) {
+        return false;
+    }
 
-    ctx = HMAC_CTX_new();
+    /* Create MAC object and context */
+    mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+    if (mac == NULL) {
+        goto done;
+    }
+    
+    ctx = EVP_MAC_CTX_new(mac);
     if (ctx == NULL) {
-        return false;
+        goto done;
     }
 
-    ret_val = (bool)HMAC_CTX_reset(ctx);
-    if (!ret_val) {
+    /* Get digest name */
+    const char *digest_name = EVP_MD_get0_name(md);
+    if (digest_name == NULL) {
         goto done;
     }
-    ret_val = (bool)HMAC_Init_ex(ctx, key, (uint32_t)key_size, md, NULL);
-    if (!ret_val) {
+
+    /* Setup parameters */
+    OSSL_PARAM params[2];
+    params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, 
+                                                (char *)digest_name, 0);
+    params[1] = OSSL_PARAM_construct_end();
+
+    /* Initialize with key */
+    if (EVP_MAC_init(ctx, key, key_size, params) != 1) {
         goto done;
     }
-    ret_val = (bool)HMAC_Update(ctx, data, data_size);
-    if (!ret_val) {
+
+    /* Update with data */
+    if (data_size > 0 && EVP_MAC_update(ctx, data, data_size) != 1) {
         goto done;
     }
-    ret_val = (bool)HMAC_Final(ctx, hmac_value, &length);
-    if (!ret_val) {
+
+    /* Finalize and get result */
+    size_t mac_size = EVP_MAC_CTX_get_mac_size(ctx);
+    if (EVP_MAC_final(ctx, hmac_value, &out_len, mac_size) != 1) {
         goto done;
     }
 
-done:
-    HMAC_CTX_free(ctx);
+    ret_val = true;
 
+done:
+    EVP_MAC_CTX_free(ctx);
+    EVP_MAC_free(mac);
     return ret_val;
 }