X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=CryptoPkg%2FLibrary%2FBaseCryptLib%2FPk%2FCryptX509.c;h=e6bb45e64135e37a5d331f828d12dcf4f6a27292;hp=ff96d30b57148fe268f9bb0b5ed0941a99d20b70;hb=7c342378317039e632d9a1a5d4cf7c21aec8cb7a;hpb=2b16a4fb91b9b31c0d152588f5ac51080c6c0763 diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index ff96d30b57..e6bb45e641 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -38,7 +38,7 @@ X509ConstructCertificate ( // // Check input parameters. // - if (Cert == NULL || SingleX509Cert == NULL || CertSize > INT_MAX) { + if ((Cert == NULL) || (SingleX509Cert == NULL) || (CertSize > INT_MAX)) { return FALSE; } @@ -46,12 +46,12 @@ X509ConstructCertificate ( // Read DER-encoded X509 Certificate and Construct X509 object. // Temp = Cert; - X509Cert = d2i_X509 (NULL, &Temp, (long) CertSize); + X509Cert = d2i_X509 (NULL, &Temp, (long)CertSize); if (X509Cert == NULL) { return FALSE; } - *SingleX509Cert = (UINT8 *) X509Cert; + *SingleX509Cert = (UINT8 *)X509Cert; return TRUE; } @@ -82,12 +82,13 @@ X509ConstructCertificateStackV ( IN VA_LIST Args ) { - UINT8 *Cert; - UINTN CertSize; - X509 *X509Cert; - STACK_OF(X509) *CertStack; - BOOLEAN Status; - UINTN Index; + UINT8 *Cert; + UINTN CertSize; + X509 *X509Cert; + + STACK_OF (X509) *CertStack; + BOOLEAN Status; + UINTN Index; // // Check input parameters. @@ -101,7 +102,7 @@ X509ConstructCertificateStackV ( // // Initialize X509 stack object. // - CertStack = (STACK_OF(X509) *) (*X509Stack); + CertStack = (STACK_OF (X509) *)(*X509Stack); if (CertStack == NULL) { CertStack = sk_X509_new_null (); if (CertStack == NULL) { @@ -127,15 +128,16 @@ X509ConstructCertificateStackV ( // Construct X509 Object from the given DER-encoded certificate data. // X509Cert = NULL; - Status = X509ConstructCertificate ( - (CONST UINT8 *) Cert, - CertSize, - (UINT8 **) &X509Cert - ); + Status = X509ConstructCertificate ( + (CONST UINT8 *)Cert, + CertSize, + (UINT8 **)&X509Cert + ); if (!Status) { if (X509Cert != NULL) { X509_free (X509Cert); } + break; } @@ -148,7 +150,7 @@ X509ConstructCertificateStackV ( if (!Status) { sk_X509_pop_free (CertStack, X509_free); } else { - *X509Stack = (UINT8 *) CertStack; + *X509Stack = (UINT8 *)CertStack; } return Status; @@ -210,7 +212,7 @@ X509Free ( // // Free OpenSSL X509 object. // - X509_free ((X509 *) X509Cert); + X509_free ((X509 *)X509Cert); } /** @@ -237,7 +239,7 @@ X509StackFree ( // // Free OpenSSL X509 stack object. // - sk_X509_pop_free ((STACK_OF(X509) *) X509Stack, X509_free); + sk_X509_pop_free ((STACK_OF (X509) *) X509Stack, X509_free); } /** @@ -274,7 +276,7 @@ X509GetSubjectName ( // // Check input parameters. // - if (Cert == NULL || SubjectSize == NULL) { + if ((Cert == NULL) || (SubjectSize == NULL)) { return FALSE; } @@ -283,7 +285,7 @@ X509GetSubjectName ( // // Read DER-encoded X509 Certificate and Construct X509 object. // - Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert); + Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert); if ((X509Cert == NULL) || (!Status)) { Status = FALSE; goto _Exit; @@ -299,14 +301,15 @@ X509GetSubjectName ( goto _Exit; } - X509NameSize = i2d_X509_NAME(X509Name, NULL); + X509NameSize = i2d_X509_NAME (X509Name, NULL); if (*SubjectSize < X509NameSize) { *SubjectSize = X509NameSize; goto _Exit; } + *SubjectSize = X509NameSize; if (CertSubject != NULL) { - i2d_X509_NAME(X509Name, &CertSubject); + i2d_X509_NAME (X509Name, &CertSubject); Status = TRUE; } @@ -351,11 +354,11 @@ _Exit: STATIC RETURN_STATUS InternalX509GetNIDName ( - IN CONST UINT8 *Cert, - IN UINTN CertSize, - IN INT32 Request_NID, - OUT CHAR8 *CommonName OPTIONAL, - IN OUT UINTN *CommonNameSize + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN INT32 Request_NID, + OUT CHAR8 *CommonName OPTIONAL, + IN OUT UINTN *CommonNameSize ) { RETURN_STATUS ReturnStatus; @@ -377,6 +380,7 @@ InternalX509GetNIDName ( if ((Cert == NULL) || (CertSize > INT_MAX) || (CommonNameSize == NULL)) { return ReturnStatus; } + if ((CommonName != NULL) && (*CommonNameSize == 0)) { return ReturnStatus; } @@ -385,7 +389,7 @@ InternalX509GetNIDName ( // // Read DER-encoded X509 Certificate and Construct X509 object. // - Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert); + Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert); if ((X509Cert == NULL) || (!Status)) { // // Invalid X.509 Certificate @@ -443,12 +447,12 @@ InternalX509GetNIDName ( if (CommonName == NULL) { *CommonNameSize = Length + 1; - ReturnStatus = RETURN_BUFFER_TOO_SMALL; + ReturnStatus = RETURN_BUFFER_TOO_SMALL; } else { *CommonNameSize = MIN ((UINTN)Length, *CommonNameSize - 1) + 1; CopyMem (CommonName, UTF8Name, *CommonNameSize - 1); CommonName[*CommonNameSize - 1] = '\0'; - ReturnStatus = RETURN_SUCCESS; + ReturnStatus = RETURN_SUCCESS; } _Exit: @@ -458,6 +462,7 @@ _Exit: if (X509Cert != NULL) { X509_free (X509Cert); } + if (UTF8Name != NULL) { OPENSSL_free (UTF8Name); } @@ -532,10 +537,10 @@ X509GetCommonName ( RETURN_STATUS EFIAPI X509GetOrganizationName ( - IN CONST UINT8 *Cert, - IN UINTN CertSize, - OUT CHAR8 *NameBuffer OPTIONAL, - IN OUT UINTN *NameBufferSize + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT CHAR8 *NameBuffer OPTIONAL, + IN OUT UINTN *NameBufferSize ) { return InternalX509GetNIDName (Cert, CertSize, NID_organizationName, NameBuffer, NameBufferSize); @@ -572,7 +577,7 @@ RsaGetPublicKeyFromX509 ( // // Check input parameters. // - if (Cert == NULL || RsaContext == NULL) { + if ((Cert == NULL) || (RsaContext == NULL)) { return FALSE; } @@ -582,7 +587,7 @@ RsaGetPublicKeyFromX509 ( // // Read DER-encoded X509 Certificate and Construct X509 object. // - Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert); + Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert); if ((X509Cert == NULL) || (!Status)) { Status = FALSE; goto _Exit; @@ -654,7 +659,7 @@ X509VerifyCert ( // // Check input parameters. // - if (Cert == NULL || CACert == NULL) { + if ((Cert == NULL) || (CACert == NULL)) { return FALSE; } @@ -670,9 +675,11 @@ X509VerifyCert ( if (EVP_add_digest (EVP_md5 ()) == 0) { goto _Exit; } + if (EVP_add_digest (EVP_sha1 ()) == 0) { goto _Exit; } + if (EVP_add_digest (EVP_sha256 ()) == 0) { goto _Exit; } @@ -680,7 +687,7 @@ X509VerifyCert ( // // Read DER-encoded certificate to be verified and Construct X509 object. // - Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert); + Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert); if ((X509Cert == NULL) || (!Status)) { Status = FALSE; goto _Exit; @@ -689,7 +696,7 @@ X509VerifyCert ( // // Read DER-encoded root certificate and Construct X509 object. // - Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **) &X509CACert); + Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **)&X509CACert); if ((X509CACert == NULL) || (!Status)) { Status = FALSE; goto _Exit; @@ -704,6 +711,7 @@ X509VerifyCert ( if (CertStore == NULL) { goto _Exit; } + if (!(X509_STORE_add_cert (CertStore, X509CACert))) { goto _Exit; } @@ -712,8 +720,10 @@ X509VerifyCert ( // Allow partial certificate chains, terminated by a non-self-signed but // still trusted intermediate certificate. Also disable time checks. // - X509_STORE_set_flags (CertStore, - X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME); + X509_STORE_set_flags ( + CertStore, + X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME + ); // // Set up X509_STORE_CTX for the subsequent verification operation. @@ -722,6 +732,7 @@ X509VerifyCert ( if (CertCtx == NULL) { goto _Exit; } + if (!X509_STORE_CTX_init (CertCtx, CertStore, X509Cert, NULL)) { goto _Exit; } @@ -729,7 +740,7 @@ X509VerifyCert ( // // X509 Certificate Verification. // - Status = (BOOLEAN) X509_verify_cert (CertCtx); + Status = (BOOLEAN)X509_verify_cert (CertCtx); X509_STORE_CTX_cleanup (CertCtx); _Exit: @@ -787,7 +798,8 @@ X509GetTBSCert ( // Check input parameters. // if ((Cert == NULL) || (TBSCert == NULL) || - (TBSCertSize == NULL) || (CertSize > INT_MAX)) { + (TBSCertSize == NULL) || (CertSize > INT_MAX)) + { return FALSE; }