**/\r
EFI_STATUS\r
GetSignerCertificate (\r
- IN CONST PKCS7 *CertChain,\r
- OUT X509 **SignerCert\r
+ IN CONST PKCS7 *CertChain,\r
+ OUT X509 **SignerCert\r
)\r
{\r
- EFI_STATUS Status;\r
- STACK_OF(X509) *Signers;\r
- INT32 NumberSigners;\r
+ EFI_STATUS Status;\r
\r
- Status = EFI_SUCCESS;\r
- Signers = NULL;\r
- NumberSigners = 0;\r
+ STACK_OF (X509) *Signers;\r
+ INT32 NumberSigners;\r
\r
- if (CertChain == NULL || SignerCert == NULL) {\r
+ Status = EFI_SUCCESS;\r
+ Signers = NULL;\r
+ NumberSigners = 0;\r
+\r
+ if ((CertChain == NULL) || (SignerCert == NULL)) {\r
Status = EFI_INVALID_PARAMETER;\r
goto Exit;\r
}\r
//\r
// Get the signers from the chain.\r
//\r
- Signers = PKCS7_get0_signers ((PKCS7*) CertChain, NULL, PKCS7_BINARY);\r
+ Signers = PKCS7_get0_signers ((PKCS7 *)CertChain, NULL, PKCS7_BINARY);\r
if (Signers == NULL) {\r
//\r
// Fail to get signers form PKCS7\r
return Status;\r
}\r
\r
-\r
/**\r
Determines if the specified EKU represented in ASN1 form is present\r
in a given certificate.\r
**/\r
EFI_STATUS\r
IsEkuInCertificate (\r
- IN CONST X509 *Cert,\r
- IN ASN1_OBJECT *Asn1ToFind\r
+ IN CONST X509 *Cert,\r
+ IN ASN1_OBJECT *Asn1ToFind\r
)\r
{\r
EFI_STATUS Status;\r
ASN1_OBJECT *Asn1InCert;\r
INTN Index;\r
\r
- Status = EFI_NOT_FOUND;\r
- ClonedCert = NULL;\r
- Extension = NULL;\r
- Eku = NULL;\r
- ExtensionIndex = -1;\r
- NumExtensions = 0;\r
- Asn1InCert = NULL;\r
+ Status = EFI_NOT_FOUND;\r
+ ClonedCert = NULL;\r
+ Extension = NULL;\r
+ Eku = NULL;\r
+ ExtensionIndex = -1;\r
+ NumExtensions = 0;\r
+ Asn1InCert = NULL;\r
\r
- if (Cert == NULL || Asn1ToFind == NULL) {\r
+ if ((Cert == NULL) || (Asn1ToFind == NULL)) {\r
Status = EFI_INVALID_PARAMETER;\r
goto Exit;\r
}\r
// Clone the certificate. This is required because the Extension API's\r
// only work once per instance of an X509 object.\r
//\r
- ClonedCert = X509_dup ((X509*)Cert);\r
+ ClonedCert = X509_dup ((X509 *)Cert);\r
if (ClonedCert == NULL) {\r
//\r
// Fail to duplicate cert.\r
goto Exit;\r
}\r
\r
- Eku = (EXTENDED_KEY_USAGE*)X509V3_EXT_d2i (Extension);\r
+ Eku = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i (Extension);\r
if (Eku == NULL) {\r
//\r
// Fail to get Eku from extension.\r
goto Exit;\r
}\r
\r
- if (Asn1InCert->length == Asn1ToFind->length &&\r
- CompareMem (Asn1InCert->data, Asn1ToFind->data, Asn1InCert->length) == 0) {\r
+ if ((Asn1InCert->length == Asn1ToFind->length) &&\r
+ (CompareMem (Asn1InCert->data, Asn1ToFind->data, Asn1InCert->length) == 0))\r
+ {\r
//\r
// Found Eku in certificate.\r
//\r
return Status;\r
}\r
\r
-\r
/**\r
Determines if the specified EKUs are present in a signing certificate.\r
\r
@retval EFI_NOT_FOUND One or more EKU's were not found in the signature.\r
**/\r
EFI_STATUS\r
-CheckEKUs(\r
- IN CONST X509 *SignerCert,\r
- IN CONST CHAR8 *RequiredEKUs[],\r
- IN CONST UINT32 RequiredEKUsSize,\r
- IN BOOLEAN RequireAllPresent\r
+CheckEKUs (\r
+ IN CONST X509 *SignerCert,\r
+ IN CONST CHAR8 *RequiredEKUs[],\r
+ IN CONST UINT32 RequiredEKUsSize,\r
+ IN BOOLEAN RequireAllPresent\r
)\r
{\r
- EFI_STATUS Status;\r
- ASN1_OBJECT *Asn1ToFind;\r
- UINT32 NumEkusFound;\r
- UINT32 Index;\r
+ EFI_STATUS Status;\r
+ ASN1_OBJECT *Asn1ToFind;\r
+ UINT32 NumEkusFound;\r
+ UINT32 Index;\r
\r
Status = EFI_SUCCESS;\r
Asn1ToFind = NULL;\r
NumEkusFound = 0;\r
\r
- if (SignerCert == NULL || RequiredEKUs == NULL || RequiredEKUsSize == 0) {\r
+ if ((SignerCert == NULL) || (RequiredEKUs == NULL) || (RequiredEKUsSize == 0)) {\r
Status = EFI_INVALID_PARAMETER;\r
goto Exit;\r
}\r
// Finding required EKU in cert.\r
//\r
if (Asn1ToFind != NULL) {\r
- ASN1_OBJECT_free(Asn1ToFind);\r
+ ASN1_OBJECT_free (Asn1ToFind);\r
Asn1ToFind = NULL;\r
}\r
\r
Exit:\r
\r
if (Asn1ToFind != NULL) {\r
- ASN1_OBJECT_free(Asn1ToFind);\r
+ ASN1_OBJECT_free (Asn1ToFind);\r
}\r
\r
if (RequireAllPresent &&\r
- NumEkusFound == RequiredEKUsSize) {\r
+ (NumEkusFound == RequiredEKUsSize))\r
+ {\r
//\r
// Found all required EKUs in certificate.\r
//\r
EFI_STATUS\r
EFIAPI\r
VerifyEKUsInPkcs7Signature (\r
- IN CONST UINT8 *Pkcs7Signature,\r
- IN CONST UINT32 SignatureSize,\r
- IN CONST CHAR8 *RequiredEKUs[],\r
- IN CONST UINT32 RequiredEKUsSize,\r
- IN BOOLEAN RequireAllPresent\r
+ IN CONST UINT8 *Pkcs7Signature,\r
+ IN CONST UINT32 SignatureSize,\r
+ IN CONST CHAR8 *RequiredEKUs[],\r
+ IN CONST UINT32 RequiredEKUsSize,\r
+ IN BOOLEAN RequireAllPresent\r
)\r
{\r
- EFI_STATUS Status;\r
- PKCS7 *Pkcs7;\r
- STACK_OF(X509) *CertChain;\r
- INT32 SignatureType;\r
- INT32 NumberCertsInSignature;\r
- X509 *SignerCert;\r
- UINT8 *SignedData;\r
- UINT8 *Temp;\r
- UINTN SignedDataSize;\r
- BOOLEAN IsWrapped;\r
- BOOLEAN Ok;\r
-\r
- Status = EFI_SUCCESS;\r
- Pkcs7 = NULL;\r
- CertChain = NULL;\r
- SignatureType = 0;\r
- NumberCertsInSignature = 0;\r
- SignerCert = NULL;\r
- SignedData = NULL;\r
- SignedDataSize = 0;\r
- IsWrapped = FALSE;\r
- Ok = FALSE;\r
+ EFI_STATUS Status;\r
+ PKCS7 *Pkcs7;\r
+\r
+ STACK_OF (X509) *CertChain;\r
+ INT32 SignatureType;\r
+ INT32 NumberCertsInSignature;\r
+ X509 *SignerCert;\r
+ UINT8 *SignedData;\r
+ UINT8 *Temp;\r
+ UINTN SignedDataSize;\r
+ BOOLEAN IsWrapped;\r
+ BOOLEAN Ok;\r
+\r
+ Status = EFI_SUCCESS;\r
+ Pkcs7 = NULL;\r
+ CertChain = NULL;\r
+ SignatureType = 0;\r
+ NumberCertsInSignature = 0;\r
+ SignerCert = NULL;\r
+ SignedData = NULL;\r
+ SignedDataSize = 0;\r
+ IsWrapped = FALSE;\r
+ Ok = FALSE;\r
\r
//\r
- //Validate the input parameters.\r
+ // Validate the input parameters.\r
//\r
- if (Pkcs7Signature == NULL ||\r
- SignatureSize == 0 ||\r
- RequiredEKUs == NULL ||\r
- RequiredEKUsSize == 0) {\r
+ if ((Pkcs7Signature == NULL) ||\r
+ (SignatureSize == 0) ||\r
+ (RequiredEKUs == NULL) ||\r
+ (RequiredEKUsSize == 0))\r
+ {\r
Status = EFI_INVALID_PARAMETER;\r
goto Exit;\r
}\r
//\r
// Wrap the PKCS7 data if needed.\r
//\r
- Ok = WrapPkcs7Data (Pkcs7Signature,\r
- SignatureSize,\r
- &IsWrapped,\r
- &SignedData,\r
- &SignedDataSize);\r
+ Ok = WrapPkcs7Data (\r
+ Pkcs7Signature,\r
+ SignatureSize,\r
+ &IsWrapped,\r
+ &SignedData,\r
+ &SignedDataSize\r
+ );\r
if (!Ok) {\r
//\r
// Fail to Wrap the PKCS7 data.\r
//\r
SignatureType = OBJ_obj2nid (Pkcs7->type);\r
switch (SignatureType) {\r
- case NID_pkcs7_signed:\r
- if (Pkcs7->d.sign != NULL) {\r
- CertChain = Pkcs7->d.sign->cert;\r
- }\r
- break;\r
- case NID_pkcs7_signedAndEnveloped:\r
- if (Pkcs7->d.signed_and_enveloped != NULL) {\r
- CertChain = Pkcs7->d.signed_and_enveloped->cert;\r
- }\r
- break;\r
- default:\r
- break;\r
+ case NID_pkcs7_signed:\r
+ if (Pkcs7->d.sign != NULL) {\r
+ CertChain = Pkcs7->d.sign->cert;\r
+ }\r
+\r
+ break;\r
+ case NID_pkcs7_signedAndEnveloped:\r
+ if (Pkcs7->d.signed_and_enveloped != NULL) {\r
+ CertChain = Pkcs7->d.signed_and_enveloped->cert;\r
+ }\r
+\r
+ break;\r
+ default:\r
+ break;\r
}\r
\r
//\r
// Get the leaf signer.\r
//\r
Status = GetSignerCertificate (Pkcs7, &SignerCert);\r
- if (Status != EFI_SUCCESS || SignerCert == NULL) {\r
+ if ((Status != EFI_SUCCESS) || (SignerCert == NULL)) {\r
//\r
// Fail to get the end-entity leaf signer certificate.\r
//\r
\r
return Status;\r
}\r
-\r