CryptoPkg Updates to support RFC3161 timestamp signature verification.

[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptPkcs7Verify.c

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
index 05c3f877430ad67c1ec09f11135b6a33b2747fb0..a9665d50473f544d464918eb170ed28557eb2943 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@@ -10,7 +10,7 @@
   WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated\r
   Variable and will do basic check for data structure.\r
 \r
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
 which accompanies this distribution.  The full text of the license may be found at\r
@@ -123,7 +123,7 @@ X509VerifyCb (
   @param[in]  P7Length     Length of the PKCS#7 message in bytes.\r
   @param[out] WrapFlag     If TRUE P7Data is a ContentInfo structure, otherwise\r
                            return FALSE.\r
-  @param[out] WrapData     If return status of this function is TRUE: \r
+  @param[out] WrapData     If return status of this function is TRUE:\r
                            1) when WrapFlag is TRUE, pointer to P7Data.\r
                            2) when WrapFlag is FALSE, pointer to a new ContentInfo\r
                            structure. It's caller's responsibility to free this\r
@@ -227,7 +227,7 @@ WrapPkcs7Data (
   @param[in]  X509Stack       Pointer to a X509 stack object.\r
   @param[out] Cert            Pointer to a X509 certificate.\r
   @param[out] CertSize        Length of output X509 certificate in bytes.\r
-                                 \r
+\r
   @retval     TRUE            The X509 stack pop succeeded.\r
   @retval     FALSE           The pop operation failed.\r
 \r
@@ -359,7 +359,7 @@ Pkcs7GetSigners (
       (TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX)) {\r
     return FALSE;\r
   }\r
-  \r
+\r
   Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);\r
   if (!Status) {\r
     return Status;\r
@@ -410,7 +410,7 @@ Pkcs7GetSigners (
   //\r
   BufferSize = sizeof (UINT8);\r
   OldSize    = BufferSize;\r
-  \r
+\r
   for (Index = 0; ; Index++) {\r
     Status = X509PopCertificate (Stack, &SingleCert, &SingleCertSize);\r
     if (!Status) {\r
@@ -455,7 +455,7 @@ Pkcs7GetSigners (
     *CertStack   = CertBuf;\r
     *StackLength = BufferSize;\r
     Status = TRUE;\r
-  } \r
+  }\r
 \r
 _Exit:\r
   //\r
@@ -485,7 +485,7 @@ _Exit:
   if (OldBuf != NULL) {\r
     free (OldBuf);\r
   }\r
-  \r
+\r
   return Status;\r
 }\r
 \r
@@ -556,11 +556,11 @@ Pkcs7Verify (
   //\r
   // Check input parameters.\r
   //\r
-  if (P7Data == NULL || TrustedCert == NULL || InData == NULL || \r
+  if (P7Data == NULL || TrustedCert == NULL || InData == NULL ||\r
     P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) {\r
     return FALSE;\r
   }\r
-  \r
+\r
   Pkcs7     = NULL;\r
   DataBio   = NULL;\r
   Cert      = NULL;\r
@@ -578,18 +578,23 @@ Pkcs7Verify (
   if (EVP_add_digest (EVP_sha256 ()) == 0) {\r
     return FALSE;\r
   }\r
+  if (EVP_add_digest (EVP_sha384 ()) == 0) {\r
+    return FALSE;\r
+  }\r
+  if (EVP_add_digest (EVP_sha512 ()) == 0) {\r
+    return FALSE;\r
+  }\r
   if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) {\r
     return FALSE;\r
   }\r
 \r
-\r
   Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);\r
   if (!Status) {\r
     return Status;\r
   }\r
 \r
   Status = FALSE;\r
-  \r
+\r
   //\r
   // Retrieve PKCS#7 Data (DER encoding)\r
   //\r
@@ -674,4 +679,4 @@ _Exit:
   }\r
 \r
   return Status;\r
-}\r
+}
\ No newline at end of file