sk_X509_pop_free ((STACK_OF(X509) *) X509Stack, X509_free);\r
}\r
\r
+/**\r
+ Pop single certificate from STACK_OF(X509).\r
+\r
+ If X509Stack, Cert, or CertSize is NULL, then return FALSE.\r
+\r
+ @param[in] X509Stack Pointer to a X509 stack object.\r
+ @param[out] Cert Pointer to a X509 certificate.\r
+ @param[out] CertSize Length of output X509 certificate in bytes.\r
+ \r
+ @retval TRUE The X509 stack pop succeeded.\r
+ @retval FALSE The pop operation failed.\r
+\r
+**/\r
+BOOLEAN\r
+X509PopCertificate (\r
+ IN VOID *X509Stack,\r
+ OUT UINT8 **Cert,\r
+ OUT UINTN *CertSize\r
+ )\r
+{\r
+ BIO *CertBio;\r
+ X509 *X509Cert;\r
+ STACK_OF(X509) *CertStack;\r
+ BOOLEAN Status;\r
+ int Result;\r
+ int Length;\r
+ VOID *Buffer;\r
+\r
+ Status = FALSE;\r
+\r
+ if ((X509Stack == NULL) || (Cert == NULL) || (CertSize == NULL)) {\r
+ return Status;\r
+ }\r
+\r
+ CertStack = (STACK_OF(X509) *) X509Stack;\r
+\r
+ X509Cert = sk_X509_pop (CertStack);\r
+\r
+ if (X509Cert == NULL) {\r
+ return Status;\r
+ }\r
+\r
+ Buffer = NULL;\r
+\r
+ CertBio = BIO_new (BIO_s_mem ());\r
+ if (CertBio == NULL) {\r
+ return Status;\r
+ }\r
+\r
+ Result = i2d_X509_bio (CertBio, X509Cert);\r
+ if (Result == 0) {\r
+ goto _Exit;\r
+ }\r
+\r
+ Length = ((BUF_MEM *) CertBio->ptr)->length;\r
+ if (Length <= 0) {\r
+ goto _Exit;\r
+ }\r
+\r
+ Buffer = malloc (Length);\r
+ if (Buffer == NULL) {\r
+ goto _Exit;\r
+ }\r
+\r
+ Result = BIO_read (CertBio, Buffer, Length);\r
+ if (Result != Length) {\r
+ goto _Exit;\r
+ }\r
+\r
+ *Cert = Buffer;\r
+ *CertSize = Length;\r
+\r
+ Status = TRUE;\r
+\r
+_Exit:\r
+\r
+ BIO_free (CertBio);\r
+\r
+ if (!Status && (Buffer != NULL)) {\r
+ free (Buffer);\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
/**\r
Retrieve the subject bytes from one X.509 certificate.\r
\r
return FALSE;\r
}\r
\r
- Status = FALSE;\r
X509Cert = NULL;\r
\r
//\r
//\r
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);\r
if ((X509Cert == NULL) || (!Status)) {\r
+ Status = FALSE;\r
goto _Exit;\r
}\r
\r
+ Status = FALSE;\r
+\r
//\r
// Retrieve subject name from certificate object.\r
//\r
X509Name = X509_get_subject_name (X509Cert);\r
+ if (X509Name == NULL) {\r
+ goto _Exit;\r
+ }\r
+\r
if (*SubjectSize < (UINTN) X509Name->bytes->length) {\r
*SubjectSize = (UINTN) X509Name->bytes->length;\r
goto _Exit;\r
}\r
*SubjectSize = (UINTN) X509Name->bytes->length;\r
if (CertSubject != NULL) {\r
- CopyMem (CertSubject, (UINT8 *)X509Name->bytes->data, *SubjectSize);\r
+ CopyMem (CertSubject, (UINT8 *) X509Name->bytes->data, *SubjectSize);\r
Status = TRUE;\r
}\r
\r
//\r
// Release Resources.\r
//\r
- X509_free (X509Cert);\r
+ if (X509Cert != NULL) {\r
+ X509_free (X509Cert);\r
+ }\r
\r
return Status;\r
}\r
return FALSE;\r
}\r
\r
- Status = FALSE;\r
Pkey = NULL;\r
X509Cert = NULL;\r
\r
//\r
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);\r
if ((X509Cert == NULL) || (!Status)) {\r
+ Status = FALSE;\r
goto _Exit;\r
}\r
\r
+ Status = FALSE;\r
+\r
//\r
// Retrieve and check EVP_PKEY data from X509 Certificate.\r
//\r
//\r
// Release Resources.\r
//\r
- X509_free (X509Cert);\r
- EVP_PKEY_free (Pkey);\r
+ if (X509Cert != NULL) {\r
+ X509_free (X509Cert);\r
+ }\r
+\r
+ if (Pkey != NULL) {\r
+ EVP_PKEY_free (Pkey);\r
+ } \r
\r
return Status;\r
}\r
//\r
// Register & Initialize necessary digest algorithms for certificate verification.\r
//\r
- EVP_add_digest (EVP_md5());\r
- EVP_add_digest (EVP_sha1());\r
- EVP_add_digest (EVP_sha256());\r
+ if (EVP_add_digest (EVP_md5 ()) == 0) {\r
+ goto _Exit;\r
+ }\r
+ if (EVP_add_digest (EVP_sha1 ()) == 0) {\r
+ goto _Exit;\r
+ }\r
+ if (EVP_add_digest (EVP_sha256 ()) == 0) {\r
+ goto _Exit;\r
+ }\r
\r
//\r
// Read DER-encoded certificate to be verified and Construct X509 object.\r
//\r
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);\r
if ((X509Cert == NULL) || (!Status)) {\r
+ Status = FALSE;\r
goto _Exit;\r
}\r
\r
//\r
Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **) &X509CACert);\r
if ((X509CACert == NULL) || (!Status)) {\r
+ Status = FALSE;\r
goto _Exit;\r
}\r
\r
+ Status = FALSE;\r
+\r
//\r
// Set up X509 Store for trusted certificate.\r
//\r
//\r
// Release Resources.\r
//\r
- X509_free (X509Cert);\r
- X509_free (X509CACert);\r
- X509_STORE_free (CertStore);\r
+ if (X509Cert != NULL) {\r
+ X509_free (X509Cert);\r
+ }\r
\r
+ if (X509CACert != NULL) {\r
+ X509_free (X509CACert);\r
+ }\r
+\r
+ if (CertStore != NULL) {\r
+ X509_STORE_free (CertStore);\r
+ }\r
+ \r
return Status;\r
}\r