CryptoPkg: Update PK Cipher Wrappers work with opaque objects.

[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptPkcs7Verify.c

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
index dcaba436797a1507a14280c783d9c085a5c131e2..bf24e92127005681cfea3956fd07ec2b8f4dbc1a 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@@ -10,7 +10,7 @@
   WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated\r
   Variable and will do basic check for data structure.\r
 \r
-Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
 which accompanies this distribution.  The full text of the license may be found at\r
@@ -163,6 +163,7 @@ X509PopCertificate (
   STACK_OF(X509)  *CertStack;\r
   BOOLEAN         Status;\r
   INT32           Result;\r
+  BUF_MEM         *Ptr;\r
   INT32           Length;\r
   VOID            *Buffer;\r
 \r
@@ -192,7 +193,8 @@ X509PopCertificate (
     goto _Exit;\r
   }\r
 \r
-  Length = (INT32)(((BUF_MEM *) CertBio->ptr)->length);\r
+  BIO_get_mem_ptr (CertBio, &Ptr);\r
+  Length = (INT32)(Ptr->length);\r
   if (Length <= 0) {\r
     goto _Exit;\r
   }\r
@@ -463,12 +465,15 @@ Pkcs7GetCertificatesList (
   BOOLEAN          Wrapped;\r
   UINT8            Index;\r
   PKCS7            *Pkcs7;\r
-  X509_STORE_CTX   CertCtx;\r
+  X509_STORE_CTX   *CertCtx;\r
+  STACK_OF(X509)   *CtxChain;\r
+  STACK_OF(X509)   *CtxUntrusted;\r
+  X509             *CtxCert;\r
   STACK_OF(X509)   *Signers;\r
   X509             *Signer;\r
   X509             *Cert;\r
-  X509             *TempCert;\r
   X509             *Issuer;\r
+  X509_NAME        *IssuerName;\r
   UINT8            *CertBuf;\r
   UINT8            *OldBuf;\r
   UINTN            BufferSize;\r
@@ -482,8 +487,11 @@ Pkcs7GetCertificatesList (
   Status         = FALSE;\r
   NewP7Data      = NULL;\r
   Pkcs7          = NULL;\r
+  CertCtx        = NULL;\r
+  CtxChain       = NULL;\r
+  CtxCert        = NULL;\r
+  CtxUntrusted   = NULL;\r
   Cert           = NULL;\r
-  TempCert       = NULL;\r
   SingleCert     = NULL;\r
   CertBuf        = NULL;\r
   OldBuf         = NULL;\r
@@ -531,19 +539,26 @@ Pkcs7GetCertificatesList (
   }\r
   Signer = sk_X509_value (Signers, 0);\r
 \r
-  if (!X509_STORE_CTX_init (&CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) {\r
+  CertCtx = X509_STORE_CTX_new ();\r
+  if (CertCtx == NULL) {\r
+    goto _Error;\r
+  }\r
+  if (!X509_STORE_CTX_init (CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) {\r
     goto _Error;\r
   }\r
   //\r
   // Initialize Chained & Untrusted stack\r
   //\r
-  if (CertCtx.chain == NULL) {\r
-    if (((CertCtx.chain = sk_X509_new_null ()) == NULL) ||\r
-        (!sk_X509_push (CertCtx.chain, CertCtx.cert))) {\r
+  CtxChain = X509_STORE_CTX_get0_chain (CertCtx);\r
+  CtxCert  = X509_STORE_CTX_get0_cert (CertCtx);\r
+  if (CtxChain == NULL) {\r
+    if (((CtxChain = sk_X509_new_null ()) == NULL) ||\r
+        (!sk_X509_push (CtxChain, CtxCert))) {\r
       goto _Error;\r
     }\r
   }\r
-  (VOID)sk_X509_delete_ptr (CertCtx.untrusted, Signer);\r
+  CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);\r
+  (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);\r
 \r
   //\r
   // Build certificates stack chained from Signer's certificate.\r
@@ -553,27 +568,25 @@ Pkcs7GetCertificatesList (
     //\r
     // Self-Issue checking\r
     //\r
-    if (CertCtx.check_issued (&CertCtx, Cert, Cert)) {\r
-      break;\r
+    Issuer = NULL;\r
+    if (X509_STORE_CTX_get1_issuer (&Issuer, CertCtx, Cert) == 1) {\r
+      if (X509_cmp (Issuer, Cert) == 0) {\r
+        break;\r
+      }\r
     }\r
 \r
     //\r
     // Found the issuer of the current certificate\r
     //\r
-    if (CertCtx.untrusted != NULL) {\r
+    if (CtxUntrusted != NULL) {\r
       Issuer = NULL;\r
-      for (Index = 0; Index < sk_X509_num (CertCtx.untrusted); Index++) {\r
-        TempCert = sk_X509_value (CertCtx.untrusted, Index);\r
-        if (CertCtx.check_issued (&CertCtx, Cert, TempCert)) {\r
-          Issuer = TempCert;\r
-          break;\r
-        }\r
-      }\r
+      IssuerName = X509_get_issuer_name (Cert);\r
+      Issuer     = X509_find_by_subject (CtxUntrusted, IssuerName);\r
       if (Issuer != NULL) {\r
-        if (!sk_X509_push (CertCtx.chain, Issuer)) {\r
+        if (!sk_X509_push (CtxChain, Issuer)) {\r
           goto _Error;\r
         }\r
-        (VOID)sk_X509_delete_ptr (CertCtx.untrusted, Issuer);\r
+        (VOID)sk_X509_delete_ptr (CtxUntrusted, Issuer);\r
 \r
         Cert = Issuer;\r
         continue;\r
@@ -595,13 +608,13 @@ Pkcs7GetCertificatesList (
   //      UINT8  Certn[];\r
   //\r
 \r
-  if (CertCtx.chain != NULL) {\r
+  if (CtxChain != NULL) {\r
     BufferSize = sizeof (UINT8);\r
     OldSize    = BufferSize;\r
     CertBuf    = NULL;\r
 \r
     for (Index = 0; ; Index++) {\r
-      Status = X509PopCertificate (CertCtx.chain, &SingleCert, &CertSize);\r
+      Status = X509PopCertificate (CtxChain, &SingleCert, &CertSize);\r
       if (!Status) {\r
         break;\r
       }\r
@@ -639,13 +652,13 @@ Pkcs7GetCertificatesList (
     }\r
   }\r
 \r
-  if (CertCtx.untrusted != NULL) {\r
+  if (CtxUntrusted != NULL) {\r
     BufferSize = sizeof (UINT8);\r
     OldSize    = BufferSize;\r
     CertBuf    = NULL;\r
 \r
     for (Index = 0; ; Index++) {\r
-      Status = X509PopCertificate (CertCtx.untrusted, &SingleCert, &CertSize);\r
+      Status = X509PopCertificate (CtxUntrusted, &SingleCert, &CertSize);\r
       if (!Status) {\r
         break;\r
       }\r
@@ -698,7 +711,8 @@ _Error:
   }\r
   sk_X509_free (Signers);\r
 \r
-  X509_STORE_CTX_cleanup (&CertCtx);\r
+  X509_STORE_CTX_cleanup (CertCtx);\r
+  X509_STORE_CTX_free (CertCtx);\r
 \r
   if (SingleCert != NULL) {\r
     free (SingleCert);\r