/** @file\r
PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.\r
\r
-Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <openssl/x509.h>\r
#include <openssl/pkcs7.h>\r
\r
-\r
/**\r
Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message\r
Syntax Standard, version 1.5". This interface is only intended to be used for\r
@param[in] OtherCerts Pointer to an optional additional set of certificates to\r
include in the PKCS#7 signedData (e.g. any intermediate\r
CAs in the chain).\r
- @param[out] SignedData Pointer to output PKCS#7 signedData.\r
+ @param[out] SignedData Pointer to output PKCS#7 signedData. It's caller's\r
+ responsibility to free the buffer with FreePool().\r
@param[out] SignedDataSize Size of SignedData in bytes.\r
\r
@retval TRUE PKCS#7 data signing succeeded.\r
//\r
// Check input parameters.\r
//\r
- if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||\r
- SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {\r
+ if ((PrivateKey == NULL) || (KeyPassword == NULL) || (InData == NULL) ||\r
+ (SignCert == NULL) || (SignedData == NULL) || (SignedDataSize == NULL) || (InDataSize > INT_MAX))\r
+ {\r
return FALSE;\r
}\r
\r
Status = RsaGetPrivateKeyFromPem (\r
PrivateKey,\r
PrivateKeySize,\r
- (CONST CHAR8 *) KeyPassword,\r
- (VOID **) &RsaContext\r
+ (CONST CHAR8 *)KeyPassword,\r
+ (VOID **)&RsaContext\r
);\r
if (!Status) {\r
return Status;\r
if (EVP_add_digest (EVP_md5 ()) == 0) {\r
goto _Exit;\r
}\r
+\r
if (EVP_add_digest (EVP_sha1 ()) == 0) {\r
goto _Exit;\r
}\r
+\r
if (EVP_add_digest (EVP_sha256 ()) == 0) {\r
goto _Exit;\r
}\r
if (Key == NULL) {\r
goto _Exit;\r
}\r
- if (EVP_PKEY_assign_RSA (Key, (RSA *) RsaContext) == 0) {\r
+\r
+ if (EVP_PKEY_assign_RSA (Key, (RSA *)RsaContext) == 0) {\r
goto _Exit;\r
}\r
\r
//\r
- // Convert the data to be signed to BIO format. \r
+ // Convert the data to be signed to BIO format.\r
//\r
DataBio = BIO_new (BIO_s_mem ());\r
if (DataBio == NULL) {\r
goto _Exit;\r
}\r
\r
- if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) {\r
+ if (BIO_write (DataBio, InData, (int)InDataSize) <= 0) {\r
goto _Exit;\r
}\r
\r
// Create the PKCS#7 signedData structure.\r
//\r
Pkcs7 = PKCS7_sign (\r
- (X509 *) SignCert,\r
+ (X509 *)SignCert,\r
Key,\r
- (STACK_OF(X509) *) OtherCerts,\r
+ (STACK_OF (X509) *) OtherCerts,\r
DataBio,\r
PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED\r
);\r
goto _Exit;\r
}\r
\r
- P7Data = malloc (P7DataSize);\r
+ P7Data = malloc (P7DataSize);\r
if (P7Data == NULL) {\r
goto _Exit;\r
}\r
\r
Tmp = P7Data;\r
- P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);\r
+ P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **)&Tmp);\r
ASSERT (P7DataSize > 19);\r
\r
//\r
// is totally 19 bytes.\r
//\r
*SignedDataSize = P7DataSize - 19;\r
- *SignedData = malloc (*SignedDataSize);\r
+ *SignedData = AllocatePool (*SignedDataSize);\r
if (*SignedData == NULL) {\r
OPENSSL_free (P7Data);\r
goto _Exit;\r
//\r
// Release Resources\r
//\r
- if (RsaContext != NULL) {\r
- RsaFree (RsaContext);\r
- if (Key != NULL) {\r
- Key->pkey.rsa = NULL;\r
- }\r
- }\r
-\r
if (Key != NULL) {\r
EVP_PKEY_free (Key);\r
}\r
projects / mirror_edk2.git / blobdiff