]> git.proxmox.com Git - mirror_edk2.git/blob - CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c
projects / mirror_edk2.git / blob
? search:


a5442bd4b456645ca0882a3c82102bb93452767c
[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptPkcs7VerifyBase.c
1 /** @file
2 Non-runtime specific implementation of PKCS#7 SignedData Verification Wrapper.
3
4 Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "InternalCryptLib.h"
16
17 #include <openssl/objects.h>
18 #include <openssl/x509.h>
19 #include <openssl/x509v3.h>
20 #include <openssl/pkcs7.h>
21
22 /**
23 Extracts the attached content from a PKCS#7 signed data if existed. The input signed
24 data could be wrapped in a ContentInfo structure.
25
26 If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow,
27 then return FALSE. If the P7Data is not correctly formatted, then return FALSE.
28
29 Caution: This function may receive untrusted input. So this function will do
30 basic check for PKCS#7 data structure.
31
32 @param[in] P7Data Pointer to the PKCS#7 signed data to process.
33 @param[in] P7Length Length of the PKCS#7 signed data in bytes.
34 @param[out] Content Pointer to the extracted content from the PKCS#7 signedData.
35 It's caller's responsibility to free the buffer with FreePool().
36 @param[out] ContentSize The size of the extracted content in bytes.
37
38 @retval TRUE The P7Data was correctly formatted for processing.
39 @retval FALSE The P7Data was not correctly formatted for processing.
40
41 **/
42 BOOLEAN
43 EFIAPI
44 Pkcs7GetAttachedContent (
45 IN CONST UINT8 *P7Data,
46 IN UINTN P7Length,
47 OUT VOID **Content,
48 OUT UINTN *ContentSize
49 )
50 {
51 BOOLEAN Status;
52 PKCS7 *Pkcs7;
53 UINT8 *SignedData;
54 UINTN SignedDataSize;
55 BOOLEAN Wrapped;
56 CONST UINT8 *Temp;
57 ASN1_OCTET_STRING *OctStr;
58
59 //
60 // Check input parameter.
61 //
62 if ((P7Data == NULL) || (P7Length > INT_MAX) || (Content == NULL) || (ContentSize == NULL)) {
63 return FALSE;
64 }
65
66 *Content = NULL;
67 Pkcs7 = NULL;
68 SignedData = NULL;
69 OctStr = NULL;
70
71 Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
72 if (!Status || (SignedDataSize > INT_MAX)) {
73 goto _Exit;
74 }
75
76 Status = FALSE;
77
78 //
79 // Decoding PKCS#7 SignedData
80 //
81 Temp = SignedData;
82 Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)SignedDataSize);
83 if (Pkcs7 == NULL) {
84 goto _Exit;
85 }
86
87 //
88 // The type of Pkcs7 must be signedData
89 //
90 if (!PKCS7_type_is_signed (Pkcs7)) {
91 goto _Exit;
92 }
93
94 //
95 // Check for detached or attached content
96 //
97 if (PKCS7_get_detached (Pkcs7)) {
98 //
99 // No Content supplied for PKCS7 detached signedData
100 //
101 *Content = NULL;
102 *ContentSize = 0;
103 } else {
104 //
105 // Retrieve the attached content in PKCS7 signedData
106 //
107 OctStr = Pkcs7->d.sign->contents->d.data;
108 if ((OctStr->length > 0) && (OctStr->data != NULL)) {
109 *ContentSize = OctStr->length;
110 *Content = AllocatePool (*ContentSize);
111 if (*Content == NULL) {
112 *ContentSize = 0;
113 goto _Exit;
114 }
115 CopyMem (*Content, OctStr->data, *ContentSize);
116 }
117 }
118 Status = TRUE;
119
120 _Exit:
121 //
122 // Release Resources
123 //
124 PKCS7_free (Pkcs7);
125
126 if (!Wrapped) {
127 OPENSSL_free (SignedData);
128 }
129
130 return Status;
131 }
EFI Development Kit II mirror for PVE