WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated\r
Variable and will do basic check for data structure.\r
\r
-Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
STACK_OF(X509) *CertStack;\r
BOOLEAN Status;\r
INT32 Result;\r
+ BUF_MEM *Ptr;\r
INT32 Length;\r
VOID *Buffer;\r
\r
goto _Exit;\r
}\r
\r
- Length = (INT32)(((BUF_MEM *) CertBio->ptr)->length);\r
+ BIO_get_mem_ptr (CertBio, &Ptr);\r
+ Length = (INT32)(Ptr->length);\r
if (Length <= 0) {\r
goto _Exit;\r
}\r
BOOLEAN Wrapped;\r
UINT8 Index;\r
PKCS7 *Pkcs7;\r
- X509_STORE_CTX CertCtx;\r
+ X509_STORE_CTX *CertCtx;\r
+ STACK_OF(X509) *CtxChain;\r
+ STACK_OF(X509) *CtxUntrusted;\r
+ X509 *CtxCert;\r
STACK_OF(X509) *Signers;\r
X509 *Signer;\r
X509 *Cert;\r
- X509 *TempCert;\r
X509 *Issuer;\r
+ X509_NAME *IssuerName;\r
UINT8 *CertBuf;\r
UINT8 *OldBuf;\r
UINTN BufferSize;\r
Status = FALSE;\r
NewP7Data = NULL;\r
Pkcs7 = NULL;\r
+ CertCtx = NULL;\r
+ CtxChain = NULL;\r
+ CtxCert = NULL;\r
+ CtxUntrusted = NULL;\r
Cert = NULL;\r
- TempCert = NULL;\r
SingleCert = NULL;\r
CertBuf = NULL;\r
OldBuf = NULL;\r
}\r
Signer = sk_X509_value (Signers, 0);\r
\r
- if (!X509_STORE_CTX_init (&CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) {\r
+ CertCtx = X509_STORE_CTX_new ();\r
+ if (CertCtx == NULL) {\r
+ goto _Error;\r
+ }\r
+ if (!X509_STORE_CTX_init (CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) {\r
goto _Error;\r
}\r
//\r
// Initialize Chained & Untrusted stack\r
//\r
- if (CertCtx.chain == NULL) {\r
- if (((CertCtx.chain = sk_X509_new_null ()) == NULL) ||\r
- (!sk_X509_push (CertCtx.chain, CertCtx.cert))) {\r
+ CtxChain = X509_STORE_CTX_get0_chain (CertCtx);\r
+ CtxCert = X509_STORE_CTX_get0_cert (CertCtx);\r
+ if (CtxChain == NULL) {\r
+ if (((CtxChain = sk_X509_new_null ()) == NULL) ||\r
+ (!sk_X509_push (CtxChain, CtxCert))) {\r
goto _Error;\r
}\r
}\r
- (VOID)sk_X509_delete_ptr (CertCtx.untrusted, Signer);\r
+ CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);\r
+ if (CtxUntrusted != NULL) {\r
+ (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);\r
+ }\r
\r
//\r
// Build certificates stack chained from Signer's certificate.\r
//\r
// Self-Issue checking\r
//\r
- if (CertCtx.check_issued (&CertCtx, Cert, Cert)) {\r
- break;\r
+ Issuer = NULL;\r
+ if (X509_STORE_CTX_get1_issuer (&Issuer, CertCtx, Cert) == 1) {\r
+ if (X509_cmp (Issuer, Cert) == 0) {\r
+ break;\r
+ }\r
}\r
\r
//\r
// Found the issuer of the current certificate\r
//\r
- if (CertCtx.untrusted != NULL) {\r
+ if (CtxUntrusted != NULL) {\r
Issuer = NULL;\r
- for (Index = 0; Index < sk_X509_num (CertCtx.untrusted); Index++) {\r
- TempCert = sk_X509_value (CertCtx.untrusted, Index);\r
- if (CertCtx.check_issued (&CertCtx, Cert, TempCert)) {\r
- Issuer = TempCert;\r
- break;\r
- }\r
- }\r
+ IssuerName = X509_get_issuer_name (Cert);\r
+ Issuer = X509_find_by_subject (CtxUntrusted, IssuerName);\r
if (Issuer != NULL) {\r
- if (!sk_X509_push (CertCtx.chain, Issuer)) {\r
+ if (!sk_X509_push (CtxChain, Issuer)) {\r
goto _Error;\r
}\r
- (VOID)sk_X509_delete_ptr (CertCtx.untrusted, Issuer);\r
+ (VOID)sk_X509_delete_ptr (CtxUntrusted, Issuer);\r
\r
Cert = Issuer;\r
continue;\r
// UINT8 Certn[];\r
//\r
\r
- if (CertCtx.chain != NULL) {\r
+ if (CtxChain != NULL) {\r
BufferSize = sizeof (UINT8);\r
OldSize = BufferSize;\r
CertBuf = NULL;\r
\r
for (Index = 0; ; Index++) {\r
- Status = X509PopCertificate (CertCtx.chain, &SingleCert, &CertSize);\r
+ Status = X509PopCertificate (CtxChain, &SingleCert, &CertSize);\r
if (!Status) {\r
break;\r
}\r
}\r
}\r
\r
- if (CertCtx.untrusted != NULL) {\r
+ if (CtxUntrusted != NULL) {\r
BufferSize = sizeof (UINT8);\r
OldSize = BufferSize;\r
CertBuf = NULL;\r
\r
for (Index = 0; ; Index++) {\r
- Status = X509PopCertificate (CertCtx.untrusted, &SingleCert, &CertSize);\r
+ Status = X509PopCertificate (CtxUntrusted, &SingleCert, &CertSize);\r
if (!Status) {\r
break;\r
}\r
}\r
sk_X509_free (Signers);\r
\r
- X509_STORE_CTX_cleanup (&CertCtx);\r
+ if (CertCtx != NULL) {\r
+ X509_STORE_CTX_cleanup (CertCtx);\r
+ X509_STORE_CTX_free (CertCtx);\r
+ }\r
\r
if (SingleCert != NULL) {\r
free (SingleCert);\r
@retval TRUE The P7Data was correctly formatted for processing.\r
@retval FALSE The P7Data was not correctly formatted for processing.\r
\r
-*/\r
+**/\r
BOOLEAN\r
EFIAPI\r
Pkcs7GetAttachedContent (\r
projects / mirror_edk2.git / blobdiff