X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=CryptoPkg%2FLibrary%2FBaseCryptLib%2FPk%2FCryptPkcs7VerifyEku.c;h=833b29ae97551b672abb7b3482e0a48110ff7ba3;hp=40cc39afe7dd529d5bfd12855b053ba89905c7a4;hb=7c342378317039e632d9a1a5d4cf7c21aec8cb7a;hpb=2b16a4fb91b9b31c0d152588f5ac51080c6c0763 diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c index 40cc39afe7..833b29ae97 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c @@ -64,19 +64,20 @@ **/ EFI_STATUS GetSignerCertificate ( - IN CONST PKCS7 *CertChain, - OUT X509 **SignerCert + IN CONST PKCS7 *CertChain, + OUT X509 **SignerCert ) { - EFI_STATUS Status; - STACK_OF(X509) *Signers; - INT32 NumberSigners; + EFI_STATUS Status; - Status = EFI_SUCCESS; - Signers = NULL; - NumberSigners = 0; + STACK_OF (X509) *Signers; + INT32 NumberSigners; - if (CertChain == NULL || SignerCert == NULL) { + Status = EFI_SUCCESS; + Signers = NULL; + NumberSigners = 0; + + if ((CertChain == NULL) || (SignerCert == NULL)) { Status = EFI_INVALID_PARAMETER; goto Exit; } @@ -84,7 +85,7 @@ GetSignerCertificate ( // // Get the signers from the chain. // - Signers = PKCS7_get0_signers ((PKCS7*) CertChain, NULL, PKCS7_BINARY); + Signers = PKCS7_get0_signers ((PKCS7 *)CertChain, NULL, PKCS7_BINARY); if (Signers == NULL) { // // Fail to get signers form PKCS7 @@ -118,7 +119,6 @@ Exit: return Status; } - /** Determines if the specified EKU represented in ASN1 form is present in a given certificate. @@ -134,8 +134,8 @@ Exit: **/ EFI_STATUS IsEkuInCertificate ( - IN CONST X509 *Cert, - IN ASN1_OBJECT *Asn1ToFind + IN CONST X509 *Cert, + IN ASN1_OBJECT *Asn1ToFind ) { EFI_STATUS Status; @@ -147,15 +147,15 @@ IsEkuInCertificate ( ASN1_OBJECT *Asn1InCert; INTN Index; - Status = EFI_NOT_FOUND; - ClonedCert = NULL; - Extension = NULL; - Eku = NULL; - ExtensionIndex = -1; - NumExtensions = 0; - Asn1InCert = NULL; + Status = EFI_NOT_FOUND; + ClonedCert = NULL; + Extension = NULL; + Eku = NULL; + ExtensionIndex = -1; + NumExtensions = 0; + Asn1InCert = NULL; - if (Cert == NULL || Asn1ToFind == NULL) { + if ((Cert == NULL) || (Asn1ToFind == NULL)) { Status = EFI_INVALID_PARAMETER; goto Exit; } @@ -164,7 +164,7 @@ IsEkuInCertificate ( // Clone the certificate. This is required because the Extension API's // only work once per instance of an X509 object. // - ClonedCert = X509_dup ((X509*)Cert); + ClonedCert = X509_dup ((X509 *)Cert); if (ClonedCert == NULL) { // // Fail to duplicate cert. @@ -193,7 +193,7 @@ IsEkuInCertificate ( goto Exit; } - Eku = (EXTENDED_KEY_USAGE*)X509V3_EXT_d2i (Extension); + Eku = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i (Extension); if (Eku == NULL) { // // Fail to get Eku from extension. @@ -215,8 +215,9 @@ IsEkuInCertificate ( goto Exit; } - if (Asn1InCert->length == Asn1ToFind->length && - CompareMem (Asn1InCert->data, Asn1ToFind->data, Asn1InCert->length) == 0) { + if ((Asn1InCert->length == Asn1ToFind->length) && + (CompareMem (Asn1InCert->data, Asn1ToFind->data, Asn1InCert->length) == 0)) + { // // Found Eku in certificate. // @@ -241,7 +242,6 @@ Exit: return Status; } - /** Determines if the specified EKUs are present in a signing certificate. @@ -256,23 +256,23 @@ Exit: @retval EFI_NOT_FOUND One or more EKU's were not found in the signature. **/ EFI_STATUS -CheckEKUs( - IN CONST X509 *SignerCert, - IN CONST CHAR8 *RequiredEKUs[], - IN CONST UINT32 RequiredEKUsSize, - IN BOOLEAN RequireAllPresent +CheckEKUs ( + IN CONST X509 *SignerCert, + IN CONST CHAR8 *RequiredEKUs[], + IN CONST UINT32 RequiredEKUsSize, + IN BOOLEAN RequireAllPresent ) { - EFI_STATUS Status; - ASN1_OBJECT *Asn1ToFind; - UINT32 NumEkusFound; - UINT32 Index; + EFI_STATUS Status; + ASN1_OBJECT *Asn1ToFind; + UINT32 NumEkusFound; + UINT32 Index; Status = EFI_SUCCESS; Asn1ToFind = NULL; NumEkusFound = 0; - if (SignerCert == NULL || RequiredEKUs == NULL || RequiredEKUsSize == 0) { + if ((SignerCert == NULL) || (RequiredEKUs == NULL) || (RequiredEKUsSize == 0)) { Status = EFI_INVALID_PARAMETER; goto Exit; } @@ -282,7 +282,7 @@ CheckEKUs( // Finding required EKU in cert. // if (Asn1ToFind != NULL) { - ASN1_OBJECT_free(Asn1ToFind); + ASN1_OBJECT_free (Asn1ToFind); Asn1ToFind = NULL; } @@ -314,11 +314,12 @@ CheckEKUs( Exit: if (Asn1ToFind != NULL) { - ASN1_OBJECT_free(Asn1ToFind); + ASN1_OBJECT_free (Asn1ToFind); } if (RequireAllPresent && - NumEkusFound == RequiredEKUsSize) { + (NumEkusFound == RequiredEKUsSize)) + { // // Found all required EKUs in certificate. // @@ -361,43 +362,45 @@ Exit: EFI_STATUS EFIAPI VerifyEKUsInPkcs7Signature ( - IN CONST UINT8 *Pkcs7Signature, - IN CONST UINT32 SignatureSize, - IN CONST CHAR8 *RequiredEKUs[], - IN CONST UINT32 RequiredEKUsSize, - IN BOOLEAN RequireAllPresent + IN CONST UINT8 *Pkcs7Signature, + IN CONST UINT32 SignatureSize, + IN CONST CHAR8 *RequiredEKUs[], + IN CONST UINT32 RequiredEKUsSize, + IN BOOLEAN RequireAllPresent ) { - EFI_STATUS Status; - PKCS7 *Pkcs7; - STACK_OF(X509) *CertChain; - INT32 SignatureType; - INT32 NumberCertsInSignature; - X509 *SignerCert; - UINT8 *SignedData; - UINT8 *Temp; - UINTN SignedDataSize; - BOOLEAN IsWrapped; - BOOLEAN Ok; - - Status = EFI_SUCCESS; - Pkcs7 = NULL; - CertChain = NULL; - SignatureType = 0; - NumberCertsInSignature = 0; - SignerCert = NULL; - SignedData = NULL; - SignedDataSize = 0; - IsWrapped = FALSE; - Ok = FALSE; + EFI_STATUS Status; + PKCS7 *Pkcs7; + + STACK_OF (X509) *CertChain; + INT32 SignatureType; + INT32 NumberCertsInSignature; + X509 *SignerCert; + UINT8 *SignedData; + UINT8 *Temp; + UINTN SignedDataSize; + BOOLEAN IsWrapped; + BOOLEAN Ok; + + Status = EFI_SUCCESS; + Pkcs7 = NULL; + CertChain = NULL; + SignatureType = 0; + NumberCertsInSignature = 0; + SignerCert = NULL; + SignedData = NULL; + SignedDataSize = 0; + IsWrapped = FALSE; + Ok = FALSE; // - //Validate the input parameters. + // Validate the input parameters. // - if (Pkcs7Signature == NULL || - SignatureSize == 0 || - RequiredEKUs == NULL || - RequiredEKUsSize == 0) { + if ((Pkcs7Signature == NULL) || + (SignatureSize == 0) || + (RequiredEKUs == NULL) || + (RequiredEKUsSize == 0)) + { Status = EFI_INVALID_PARAMETER; goto Exit; } @@ -409,11 +412,13 @@ VerifyEKUsInPkcs7Signature ( // // Wrap the PKCS7 data if needed. // - Ok = WrapPkcs7Data (Pkcs7Signature, - SignatureSize, - &IsWrapped, - &SignedData, - &SignedDataSize); + Ok = WrapPkcs7Data ( + Pkcs7Signature, + SignatureSize, + &IsWrapped, + &SignedData, + &SignedDataSize + ); if (!Ok) { // // Fail to Wrap the PKCS7 data. @@ -441,18 +446,20 @@ VerifyEKUsInPkcs7Signature ( // SignatureType = OBJ_obj2nid (Pkcs7->type); switch (SignatureType) { - case NID_pkcs7_signed: - if (Pkcs7->d.sign != NULL) { - CertChain = Pkcs7->d.sign->cert; - } - break; - case NID_pkcs7_signedAndEnveloped: - if (Pkcs7->d.signed_and_enveloped != NULL) { - CertChain = Pkcs7->d.signed_and_enveloped->cert; - } - break; - default: - break; + case NID_pkcs7_signed: + if (Pkcs7->d.sign != NULL) { + CertChain = Pkcs7->d.sign->cert; + } + + break; + case NID_pkcs7_signedAndEnveloped: + if (Pkcs7->d.signed_and_enveloped != NULL) { + CertChain = Pkcs7->d.signed_and_enveloped->cert; + } + + break; + default: + break; } // @@ -483,7 +490,7 @@ VerifyEKUsInPkcs7Signature ( // Get the leaf signer. // Status = GetSignerCertificate (Pkcs7, &SignerCert); - if (Status != EFI_SUCCESS || SignerCert == NULL) { + if ((Status != EFI_SUCCESS) || (SignerCert == NULL)) { // // Fail to get the end-entity leaf signer certificate. // @@ -514,4 +521,3 @@ Exit: return Status; } -