#include <openssl/x509v3.h>\r
#include <openssl/pkcs7.h>\r
\r
-UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };\r
+GLOBAL_REMOVE_IF_UNREFERENCED const UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };\r
\r
/**\r
Check input P7Data is a wrapped ContentInfo structure or not. If not construct\r
OUT UINTN *WrapDataSize\r
)\r
{\r
- BOOLEAN Wrapped;\r
- UINT8 *SignedData;\r
+ BOOLEAN Wrapped;\r
+ UINT8 *SignedData;\r
\r
//\r
// Check whether input P7Data is a wrapped ContentInfo structure or not.\r
}\r
\r
if (Wrapped) {\r
- *WrapData = (UINT8 *) P7Data;\r
+ *WrapData = (UINT8 *)P7Data;\r
*WrapDataSize = P7Length;\r
} else {\r
//\r
//\r
// Part2: Length1 = P7Length + 19 - 4, in big endian.\r
//\r
- SignedData[2] = (UINT8) (((UINT16) (*WrapDataSize - 4)) >> 8);\r
- SignedData[3] = (UINT8) (((UINT16) (*WrapDataSize - 4)) & 0xff);\r
+ SignedData[2] = (UINT8)(((UINT16)(*WrapDataSize - 4)) >> 8);\r
+ SignedData[3] = (UINT8)(((UINT16)(*WrapDataSize - 4)) & 0xff);\r
\r
//\r
// Part3: 0x06, 0x09.\r
//\r
// Part6: Length2 = P7Length, in big endian.\r
//\r
- SignedData[17] = (UINT8) (((UINT16) P7Length) >> 8);\r
- SignedData[18] = (UINT8) (((UINT16) P7Length) & 0xff);\r
+ SignedData[17] = (UINT8)(((UINT16)P7Length) >> 8);\r
+ SignedData[18] = (UINT8)(((UINT16)P7Length) & 0xff);\r
\r
//\r
// Part7: P7Data.\r
@retval FALSE The pop operation failed.\r
\r
**/\r
+STATIC\r
BOOLEAN\r
X509PopCertificate (\r
- IN VOID *X509Stack,\r
- OUT UINT8 **Cert,\r
- OUT UINTN *CertSize\r
+ IN VOID *X509Stack,\r
+ OUT UINT8 **Cert,\r
+ OUT UINTN *CertSize\r
)\r
{\r
- BIO *CertBio;\r
- X509 *X509Cert;\r
- STACK_OF(X509) *CertStack;\r
- BOOLEAN Status;\r
- INT32 Result;\r
- BUF_MEM *Ptr;\r
- INT32 Length;\r
- VOID *Buffer;\r
+ BIO *CertBio;\r
+ X509 *X509Cert;\r
+\r
+ STACK_OF (X509) *CertStack;\r
+ BOOLEAN Status;\r
+ INT32 Result;\r
+ BUF_MEM *Ptr;\r
+ INT32 Length;\r
+ VOID *Buffer;\r
\r
Status = FALSE;\r
\r
return Status;\r
}\r
\r
- CertStack = (STACK_OF(X509) *) X509Stack;\r
+ CertStack = (STACK_OF (X509) *) X509Stack;\r
\r
X509Cert = sk_X509_pop (CertStack);\r
\r
OUT UINTN *CertLength\r
)\r
{\r
- PKCS7 *Pkcs7;\r
- BOOLEAN Status;\r
- UINT8 *SignedData;\r
- CONST UINT8 *Temp;\r
- UINTN SignedDataSize;\r
- BOOLEAN Wrapped;\r
- STACK_OF(X509) *Stack;\r
- UINT8 Index;\r
- UINT8 *CertBuf;\r
- UINT8 *OldBuf;\r
- UINTN BufferSize;\r
- UINTN OldSize;\r
- UINT8 *SingleCert;\r
- UINTN SingleCertSize;\r
+ PKCS7 *Pkcs7;\r
+ BOOLEAN Status;\r
+ UINT8 *SignedData;\r
+ CONST UINT8 *Temp;\r
+ UINTN SignedDataSize;\r
+ BOOLEAN Wrapped;\r
+\r
+ STACK_OF (X509) *Stack;\r
+ UINT8 Index;\r
+ UINT8 *CertBuf;\r
+ UINT8 *OldBuf;\r
+ UINTN BufferSize;\r
+ UINTN OldSize;\r
+ UINT8 *SingleCert;\r
+ UINTN SingleCertSize;\r
\r
if ((P7Data == NULL) || (CertStack == NULL) || (StackLength == NULL) ||\r
- (TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX)) {\r
+ (TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX))\r
+ {\r
return FALSE;\r
}\r
\r
goto _Exit;\r
}\r
\r
- Temp = SignedData;\r
- Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);\r
+ Temp = SignedData;\r
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)SignedDataSize);\r
if (Pkcs7 == NULL) {\r
goto _Exit;\r
}\r
goto _Exit;\r
}\r
\r
- Stack = PKCS7_get0_signers(Pkcs7, NULL, PKCS7_BINARY);\r
+ Stack = PKCS7_get0_signers (Pkcs7, NULL, PKCS7_BINARY);\r
if (Stack == NULL) {\r
goto _Exit;\r
}\r
OldBuf = NULL;\r
}\r
\r
- WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) SingleCertSize);\r
+ WriteUnaligned32 ((UINT32 *)(CertBuf + OldSize), (UINT32)SingleCertSize);\r
CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, SingleCertSize);\r
\r
free (SingleCert);\r
//\r
CertBuf[0] = Index;\r
\r
- *CertLength = BufferSize - OldSize - sizeof (UINT32);\r
+ *CertLength = BufferSize - OldSize - sizeof (UINT32);\r
*TrustedCert = malloc (*CertLength);\r
if (*TrustedCert == NULL) {\r
goto _Exit;\r
CopyMem (*TrustedCert, CertBuf + OldSize + sizeof (UINT32), *CertLength);\r
*CertStack = CertBuf;\r
*StackLength = BufferSize;\r
- Status = TRUE;\r
+ Status = TRUE;\r
}\r
\r
_Exit:\r
}\r
\r
if (Stack != NULL) {\r
- sk_X509_pop_free(Stack, X509_free);\r
+ sk_X509_pop_free (Stack, X509_free);\r
}\r
\r
if (SingleCert != NULL) {\r
VOID\r
EFIAPI\r
Pkcs7FreeSigners (\r
- IN UINT8 *Certs\r
+ IN UINT8 *Certs\r
)\r
{\r
if (Certs == NULL) {\r
OUT UINTN *UnchainLength\r
)\r
{\r
- BOOLEAN Status;\r
- UINT8 *NewP7Data;\r
- UINTN NewP7Length;\r
- BOOLEAN Wrapped;\r
- UINT8 Index;\r
- PKCS7 *Pkcs7;\r
- X509_STORE_CTX *CertCtx;\r
- STACK_OF(X509) *CtxChain;\r
- STACK_OF(X509) *CtxUntrusted;\r
- X509 *CtxCert;\r
- STACK_OF(X509) *Signers;\r
- X509 *Signer;\r
- X509 *Cert;\r
- X509 *Issuer;\r
- X509_NAME *IssuerName;\r
- UINT8 *CertBuf;\r
- UINT8 *OldBuf;\r
- UINTN BufferSize;\r
- UINTN OldSize;\r
- UINT8 *SingleCert;\r
- UINTN CertSize;\r
+ BOOLEAN Status;\r
+ UINT8 *NewP7Data;\r
+ UINTN NewP7Length;\r
+ BOOLEAN Wrapped;\r
+ UINT8 Index;\r
+ PKCS7 *Pkcs7;\r
+ X509_STORE_CTX *CertCtx;\r
+\r
+ STACK_OF (X509) *CtxChain;\r
+ STACK_OF (X509) *CtxUntrusted;\r
+ X509 *CtxCert;\r
+\r
+ STACK_OF (X509) *Signers;\r
+ X509 *Signer;\r
+ X509 *Cert;\r
+ X509 *Issuer;\r
+ X509_NAME *IssuerName;\r
+ UINT8 *CertBuf;\r
+ UINT8 *OldBuf;\r
+ UINTN BufferSize;\r
+ UINTN OldSize;\r
+ UINT8 *SingleCert;\r
+ UINTN CertSize;\r
\r
//\r
// Initializations\r
//\r
- Status = FALSE;\r
- NewP7Data = NULL;\r
- Pkcs7 = NULL;\r
- CertCtx = NULL;\r
- CtxChain = NULL;\r
- CtxCert = NULL;\r
- CtxUntrusted = NULL;\r
- Cert = NULL;\r
- SingleCert = NULL;\r
- CertBuf = NULL;\r
- OldBuf = NULL;\r
- Signers = NULL;\r
-\r
- ZeroMem (&CertCtx, sizeof (CertCtx));\r
+ Status = FALSE;\r
+ NewP7Data = NULL;\r
+ Pkcs7 = NULL;\r
+ CertCtx = NULL;\r
+ CtxChain = NULL;\r
+ CtxCert = NULL;\r
+ CtxUntrusted = NULL;\r
+ Cert = NULL;\r
+ SingleCert = NULL;\r
+ CertBuf = NULL;\r
+ OldBuf = NULL;\r
+ Signers = NULL;\r
\r
//\r
// Parameter Checking\r
//\r
if ((P7Data == NULL) || (SignerChainCerts == NULL) || (ChainLength == NULL) ||\r
- (UnchainCerts == NULL) || (UnchainLength == NULL) || (P7Length > INT_MAX)) {\r
+ (UnchainCerts == NULL) || (UnchainLength == NULL) || (P7Length > INT_MAX))\r
+ {\r
return Status;\r
}\r
\r
//\r
// Decodes PKCS#7 SignedData\r
//\r
- Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &NewP7Data, (int) NewP7Length);\r
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&NewP7Data, (int)NewP7Length);\r
if ((Pkcs7 == NULL) || (!PKCS7_type_is_signed (Pkcs7))) {\r
goto _Error;\r
}\r
if ((Signers == NULL) || (sk_X509_num (Signers) != 1)) {\r
goto _Error;\r
}\r
+\r
Signer = sk_X509_value (Signers, 0);\r
\r
CertCtx = X509_STORE_CTX_new ();\r
if (CertCtx == NULL) {\r
goto _Error;\r
}\r
+\r
if (!X509_STORE_CTX_init (CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) {\r
goto _Error;\r
}\r
+\r
//\r
// Initialize Chained & Untrusted stack\r
//\r
CtxCert = X509_STORE_CTX_get0_cert (CertCtx);\r
if (CtxChain == NULL) {\r
if (((CtxChain = sk_X509_new_null ()) == NULL) ||\r
- (!sk_X509_push (CtxChain, CtxCert))) {\r
+ (!sk_X509_push (CtxChain, CtxCert)))\r
+ {\r
goto _Error;\r
}\r
}\r
+\r
CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);\r
if (CtxUntrusted != NULL) {\r
(VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);\r
// Build certificates stack chained from Signer's certificate.\r
//\r
Cert = Signer;\r
- for (; ;) {\r
+ for ( ; ;) {\r
//\r
// Self-Issue checking\r
//\r
// Found the issuer of the current certificate\r
//\r
if (CtxUntrusted != NULL) {\r
- Issuer = NULL;\r
+ Issuer = NULL;\r
IssuerName = X509_get_issuer_name (Cert);\r
Issuer = X509_find_by_subject (CtxUntrusted, IssuerName);\r
if (Issuer != NULL) {\r
if (!sk_X509_push (CtxChain, Issuer)) {\r
goto _Error;\r
}\r
+\r
(VOID)sk_X509_delete_ptr (CtxUntrusted, Issuer);\r
\r
Cert = Issuer;\r
Status = FALSE;\r
goto _Error;\r
}\r
+\r
if (OldBuf != NULL) {\r
CopyMem (CertBuf, OldBuf, OldSize);\r
free (OldBuf);\r
OldBuf = NULL;\r
}\r
\r
- WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) CertSize);\r
+ WriteUnaligned32 ((UINT32 *)(CertBuf + OldSize), (UINT32)CertSize);\r
CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, CertSize);\r
\r
free (SingleCert);\r
Status = FALSE;\r
goto _Error;\r
}\r
+\r
if (OldBuf != NULL) {\r
CopyMem (CertBuf, OldBuf, OldSize);\r
free (OldBuf);\r
OldBuf = NULL;\r
}\r
\r
- WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) CertSize);\r
+ WriteUnaligned32 ((UINT32 *)(CertBuf + OldSize), (UINT32)CertSize);\r
CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, CertSize);\r
\r
free (SingleCert);\r
if (Pkcs7 != NULL) {\r
PKCS7_free (Pkcs7);\r
}\r
+\r
sk_X509_free (Signers);\r
\r
if (CertCtx != NULL) {\r
IN UINTN DataLength\r
)\r
{\r
- PKCS7 *Pkcs7;\r
- BIO *DataBio;\r
- BOOLEAN Status;\r
- X509 *Cert;\r
- X509_STORE *CertStore;\r
- UINT8 *SignedData;\r
- CONST UINT8 *Temp;\r
- UINTN SignedDataSize;\r
- BOOLEAN Wrapped;\r
+ PKCS7 *Pkcs7;\r
+ BIO *DataBio;\r
+ BOOLEAN Status;\r
+ X509 *Cert;\r
+ X509_STORE *CertStore;\r
+ UINT8 *SignedData;\r
+ CONST UINT8 *Temp;\r
+ UINTN SignedDataSize;\r
+ BOOLEAN Wrapped;\r
\r
//\r
// Check input parameters.\r
//\r
- if (P7Data == NULL || TrustedCert == NULL || InData == NULL ||\r
- P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) {\r
+ if ((P7Data == NULL) || (TrustedCert == NULL) || (InData == NULL) ||\r
+ (P7Length > INT_MAX) || (CertLength > INT_MAX) || (DataLength > INT_MAX))\r
+ {\r
return FALSE;\r
}\r
\r
if (EVP_add_digest (EVP_md5 ()) == 0) {\r
return FALSE;\r
}\r
+\r
if (EVP_add_digest (EVP_sha1 ()) == 0) {\r
return FALSE;\r
}\r
+\r
if (EVP_add_digest (EVP_sha256 ()) == 0) {\r
return FALSE;\r
}\r
+\r
if (EVP_add_digest (EVP_sha384 ()) == 0) {\r
return FALSE;\r
}\r
+\r
if (EVP_add_digest (EVP_sha512 ()) == 0) {\r
return FALSE;\r
}\r
+\r
if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) {\r
return FALSE;\r
}\r
goto _Exit;\r
}\r
\r
- Temp = SignedData;\r
- Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);\r
+ Temp = SignedData;\r
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)SignedDataSize);\r
if (Pkcs7 == NULL) {\r
goto _Exit;\r
}\r
// Read DER-encoded root certificate and Construct X509 Certificate\r
//\r
Temp = TrustedCert;\r
- Cert = d2i_X509 (NULL, &Temp, (long) CertLength);\r
+ Cert = d2i_X509 (NULL, &Temp, (long)CertLength);\r
if (Cert == NULL) {\r
goto _Exit;\r
}\r
if (CertStore == NULL) {\r
goto _Exit;\r
}\r
+\r
if (!(X509_STORE_add_cert (CertStore, Cert))) {\r
goto _Exit;\r
}\r
// For generic PKCS#7 handling, InData may be NULL if the content is present\r
// in PKCS#7 structure. So ignore NULL checking here.\r
//\r
- DataBio = BIO_new_mem_buf (InData, (int) DataLength);\r
+ DataBio = BIO_new_mem_buf (InData, (int)DataLength);\r
if (DataBio == NULL) {\r
goto _Exit;\r
}\r
// Allow partial certificate chains, terminated by a non-self-signed but\r
// still trusted intermediate certificate. Also disable time checks.\r
//\r
- X509_STORE_set_flags (CertStore,\r
- X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);\r
+ X509_STORE_set_flags (\r
+ CertStore,\r
+ X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME\r
+ );\r
\r
//\r
// OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and\r
//\r
// Verifies the PKCS#7 signedData structure\r
//\r
- Status = (BOOLEAN) PKCS7_verify (Pkcs7, NULL, CertStore, DataBio, NULL, PKCS7_BINARY);\r
+ Status = (BOOLEAN)PKCS7_verify (Pkcs7, NULL, CertStore, DataBio, NULL, PKCS7_BINARY);\r
\r
_Exit:\r
//\r
\r
return Status;\r
}\r
-\r