Correct the Hash Calculation for Revoked X.509 Certificate to align with RFC3280...

[mirror_edk2.git] / CryptoPkg / Include / Library / BaseCryptLib.h

diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index e36041bf4f782c3c60e14c73f770b682fc299e8e..bc36ac7fd1810636e9461ad7bbb1fc4a0a3f1822 100644 (file)
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1906,6 +1906,32 @@ X509StackFree (
   IN  VOID  *X509Stack\r
   );\r
 \r
+/**\r
+  Retrieve the TBSCertificate from one given X.509 certificate.\r
+\r
+  @param[in]      Cert         Pointer to the given DER-encoded X509 certificate.\r
+  @param[in]      CertSize     Size of the X509 certificate in bytes.\r
+  @param[out]     TBSCert      DER-Encoded To-Be-Signed certificate.\r
+  @param[out]     TBSCertSize  Size of the TBS certificate in bytes.\r
+\r
+  If Cert is NULL, then return FALSE.\r
+  If TBSCert is NULL, then return FALSE.\r
+  If TBSCertSize is NULL, then return FALSE.\r
+  If this interface is not supported, then return FALSE.\r
+\r
+  @retval  TRUE   The TBSCertificate was retrieved successfully.\r
+  @retval  FALSE  Invalid X.509 certificate.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509GetTBSCert (\r
+  IN  CONST UINT8  *Cert,\r
+  IN  UINTN        CertSize,\r
+  OUT UINT8        **TBSCert,\r
+  OUT UINTN        *TBSCertSize\r
+  );\r
+\r
 /**\r
   Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:\r
   Cryptographic Message Syntax Standard". The input signed data could be wrapped\r
@@ -2067,6 +2093,7 @@ AuthenticodeVerify (
   signature.\r
 \r
   If AuthData is NULL, then return FALSE.\r
+  If this interface is not supported, then return FALSE.\r
 \r
   @param[in]  AuthData     Pointer to the Authenticode Signature retrieved from signed\r
                            PE/COFF image to be verified.\r