1. Add input length check for several APIs in BaseCryptLib.
2. Add return status check when calling OpensslLib functions
3. Adjust BaseCryptLib API to match description of wrapped OpensslLib API.
4. Update INF file to add missed RuntimeServicesTableLib.
5. Fix return status issue of APIs in CryptX509.c that incorrect when error occurs.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13579
6f19259b-4bc3-4df7-8a09-
765794883524
20 files changed:
Computes exchanged common key.\r
\r
Given peer's public key, this function computes the exchanged common key, based on its own\r
Computes exchanged common key.\r
\r
Given peer's public key, this function computes the exchanged common key, based on its own\r
- context including value of prime modulus and random secret exponent. \r
+ context including value of prime modulus and random secret exponent.\r
\r
If DhContext is NULL, then return FALSE.\r
If PeerPublicKey is NULL, then return FALSE.\r
If KeySize is NULL, then return FALSE.\r
\r
If DhContext is NULL, then return FALSE.\r
If PeerPublicKey is NULL, then return FALSE.\r
If KeySize is NULL, then return FALSE.\r
- If KeySize is large enough but Key is NULL, then return FALSE.\r
+ If Key is NULL, then return FALSE.\r
+ If KeySize is not large enough, then return FALSE.\r
If this interface is not supported, then return FALSE.\r
\r
@param[in, out] DhContext Pointer to the DH context.\r
If this interface is not supported, then return FALSE.\r
\r
@param[in, out] DhContext Pointer to the DH context.\r
BaseLib\r
BaseMemoryLib\r
MemoryAllocationLib\r
BaseLib\r
BaseMemoryLib\r
MemoryAllocationLib\r
+ UefiRuntimeServicesTableLib\r
DebugLib\r
OpensslLib\r
IntrinsicLib\r
DebugLib\r
OpensslLib\r
IntrinsicLib\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {\r
+ if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {\r
+ if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (Arc4Context == NULL || Input == NULL || Output == NULL) {\r
+ if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (Arc4Context == NULL || Input == NULL || Output == NULL) {\r
+ if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {\r
+ if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {\r
+ if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (HmacMd5Context == NULL) {\r
+ if (HmacMd5Context == NULL || KeySize > INT_MAX) {\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (HmacSha1Context == NULL) {\r
+ if (HmacSha1Context == NULL || KeySize > INT_MAX) {\r
#include <Library/DebugLib.h>\r
#include <Library/BaseCryptLib.h>\r
\r
#include <Library/DebugLib.h>\r
#include <Library/BaseCryptLib.h>\r
\r
+#include "OpenSslSupport.h"\r
+\r
//\r
// Environment Setting for OpenSSL-based UEFI Crypto Library.\r
//\r
//\r
// Environment Setting for OpenSSL-based UEFI Crypto Library.\r
//\r
- Status = FALSE;\r
- PemBio = NULL;\r
-\r
//\r
// Add possible block-cipher descriptor for PEM data decryption.\r
// NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.\r
//\r
//\r
// Add possible block-cipher descriptor for PEM data decryption.\r
// NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.\r
//\r
- EVP_add_cipher (EVP_des_ede3_cbc ());\r
- EVP_add_cipher (EVP_aes_128_cbc ());\r
- EVP_add_cipher (EVP_aes_192_cbc ());\r
- EVP_add_cipher (EVP_aes_256_cbc ());\r
+ if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) {\r
+ return FALSE;\r
+ }\r
+ if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {\r
+ return FALSE;\r
+ }\r
+ if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) {\r
+ return FALSE;\r
+ }\r
+ if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) {\r
+ return FALSE;\r
+ }\r
+\r
+ Status = FALSE;\r
\r
//\r
// Read encrypted PEM Data.\r
\r
//\r
// Read encrypted PEM Data.\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (DhContext == NULL || Prime == NULL) {\r
+ if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {\r
IN CONST UINT8 *Prime\r
)\r
{\r
IN CONST UINT8 *Prime\r
)\r
{\r
+ DH *Dh;\r
+ BIGNUM *Bn;\r
\r
//\r
// Check input parameters.\r
//\r
\r
//\r
// Check input parameters.\r
//\r
- if (DhContext == NULL || Prime == NULL) {\r
+ if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {\r
- Dh->p = BN_new();\r
- Dh->g = BN_new();\r
+ Dh->g = NULL;\r
+ Dh->p = BN_new ();\r
+ if (Dh->p == NULL) {\r
+ goto Error;\r
+ }\r
+ \r
+ Dh->g = BN_new ();\r
+ if (Dh->g == NULL) {\r
+ goto Error;\r
+ }\r
- BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);\r
- BN_set_word (Dh->g, (UINT32) Generator);\r
+ Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);\r
+ if (Bn == NULL) {\r
+ goto Error;\r
+ }\r
+\r
+ if (BN_set_word (Dh->g, (UINT32) Generator) == 0) {\r
+ goto Error;\r
+ }\r
+\r
+Error:\r
+\r
+ if (Dh->p != NULL) {\r
+ BN_free (Dh->p);\r
+ }\r
+\r
+ if (Dh->g != NULL) {\r
+ BN_free (Dh->g);\r
+ }\r
+\r
+ if (Bn != NULL) {\r
+ BN_free (Bn);\r
+ }\r
+ \r
+ return FALSE;\r
{\r
BOOLEAN RetVal;\r
DH *Dh;\r
{\r
BOOLEAN RetVal;\r
DH *Dh;\r
\r
//\r
// Check input parameters.\r
\r
//\r
// Check input parameters.\r
}\r
\r
Dh = (DH *) DhContext;\r
}\r
\r
Dh = (DH *) DhContext;\r
\r
RetVal = (BOOLEAN) DH_generate_key (DhContext);\r
if (RetVal) {\r
\r
RetVal = (BOOLEAN) DH_generate_key (DhContext);\r
if (RetVal) {\r
+ Size = BN_num_bytes (Dh->pub_key);\r
+ if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) {\r
+ *PublicKeySize = Size;\r
+ return FALSE;\r
+ }\r
+ \r
BN_bn2bin (Dh->pub_key, PublicKey);\r
BN_bn2bin (Dh->pub_key, PublicKey);\r
- *PublicKeySize = BN_num_bytes (Dh->pub_key);\r
+ *PublicKeySize = Size;\r
If DhContext is NULL, then return FALSE.\r
If PeerPublicKey is NULL, then return FALSE.\r
If KeySize is NULL, then return FALSE.\r
If DhContext is NULL, then return FALSE.\r
If PeerPublicKey is NULL, then return FALSE.\r
If KeySize is NULL, then return FALSE.\r
- If KeySize is large enough but Key is NULL, then return FALSE.\r
+ If Key is NULL, then return FALSE.\r
+ If KeySize is not large enough, then return FALSE.\r
\r
@param[in, out] DhContext Pointer to the DH context.\r
@param[in] PeerPublicKey Pointer to the peer's public key.\r
\r
@param[in, out] DhContext Pointer to the DH context.\r
@param[in] PeerPublicKey Pointer to the peer's public key.\r
\r
//\r
// Check input parameters.\r
//\r
\r
//\r
// Check input parameters.\r
//\r
- if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL) {\r
+ if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) {\r
- if (Key == NULL && *KeySize != 0) {\r
+ if (PeerPublicKeySize > INT_MAX) {\r
return FALSE;\r
}\r
\r
Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);\r
return FALSE;\r
}\r
\r
Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);\r
+ if (Bn == NULL) {\r
+ return FALSE;\r
+ }\r
- *KeySize = (BOOLEAN) DH_compute_key (Key, Bn, DhContext);\r
+ Size = DH_compute_key (Key, Bn, DhContext);\r
+ if (Size < 0) {\r
+ BN_free (Bn);\r
+ return FALSE;\r
+ }\r
+ if (*KeySize < (UINTN) Size) {\r
+ *KeySize = Size;\r
+ BN_free (Bn);\r
+ return FALSE;\r
+ }\r
+ *KeySize = Size;\r
+ BN_free (Bn);\r
//\r
// Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling\r
//\r
//\r
// Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling\r
//\r
- EVP_add_digest (EVP_md5());\r
- EVP_add_digest (EVP_sha1());\r
- EVP_add_digest (EVP_sha256());\r
+ if (EVP_add_digest (EVP_md5 ()) == 0) {\r
+ goto _Exit;\r
+ }\r
+ if (EVP_add_digest (EVP_sha1 ()) == 0) {\r
+ goto _Exit;\r
+ }\r
+ if (EVP_add_digest (EVP_sha256 ()) == 0) {\r
+ goto _Exit;\r
+ }\r
+\r
RandomSeed (NULL, 0);\r
\r
//\r
RandomSeed (NULL, 0);\r
\r
//\r
//\r
Key = EVP_PKEY_new ();\r
if (Key == NULL) {\r
//\r
Key = EVP_PKEY_new ();\r
if (Key == NULL) {\r
goto _Exit;\r
}\r
Key->save_type = EVP_PKEY_RSA;\r
goto _Exit;\r
}\r
Key->save_type = EVP_PKEY_RSA;\r
PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED\r
);\r
if (Pkcs7 == NULL) {\r
PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED\r
);\r
if (Pkcs7 == NULL) {\r
//\r
P7DataSize = i2d_PKCS7 (Pkcs7, NULL);\r
if (P7DataSize <= 19) {\r
//\r
P7DataSize = i2d_PKCS7 (Pkcs7, NULL);\r
if (P7DataSize <= 19) {\r
goto _Exit;\r
}\r
\r
P7Data = malloc (P7DataSize);\r
if (P7Data == NULL) {\r
goto _Exit;\r
}\r
\r
P7Data = malloc (P7DataSize);\r
if (P7Data == NULL) {\r
*SignedDataSize = P7DataSize - 19;\r
*SignedData = malloc (*SignedDataSize);\r
if (*SignedData == NULL) {\r
*SignedDataSize = P7DataSize - 19;\r
*SignedData = malloc (*SignedDataSize);\r
if (*SignedData == NULL) {\r
OPENSSL_free (P7Data);\r
goto _Exit;\r
}\r
OPENSSL_free (P7Data);\r
goto _Exit;\r
}\r
//\r
// Register & Initialize necessary digest algorithms for PKCS#7 Handling\r
//\r
//\r
// Register & Initialize necessary digest algorithms for PKCS#7 Handling\r
//\r
- EVP_add_digest (EVP_md5());\r
- EVP_add_digest (EVP_sha1());\r
- EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA);\r
- EVP_add_digest (EVP_sha256());\r
+ if (EVP_add_digest (EVP_md5 ()) == 0) {\r
+ return FALSE;\r
+ }\r
+ if (EVP_add_digest (EVP_sha1 ()) == 0) {\r
+ return FALSE;\r
+ }\r
+ if (EVP_add_digest (EVP_sha256 ()) == 0) {\r
+ return FALSE;\r
+ }\r
+ if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) {\r
+ return FALSE;\r
+ }\r
+\r
\r
Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);\r
if (!Status) {\r
\r
Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);\r
if (!Status) {\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (RsaContext == NULL) {\r
+ if (RsaContext == NULL || BnSize > INT_MAX) {\r
break;\r
}\r
RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);\r
break;\r
}\r
RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);\r
+ if (RsaKey->n == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
break;\r
}\r
RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);\r
break;\r
}\r
RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);\r
+ if (RsaKey->e == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
break;\r
}\r
RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);\r
break;\r
}\r
RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);\r
+ if (RsaKey->d == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
break;\r
}\r
RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);\r
break;\r
}\r
RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);\r
+ if (RsaKey->p == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
break;\r
}\r
RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);\r
break;\r
}\r
RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);\r
+ if (RsaKey->q == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
break;\r
}\r
RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);\r
break;\r
}\r
RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);\r
+ if (RsaKey->dmp1 == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
break;\r
}\r
RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);\r
break;\r
}\r
RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);\r
+ if (RsaKey->dmq1 == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
break;\r
}\r
RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);\r
break;\r
}\r
RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);\r
+ if (RsaKey->iqmp == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {\r
+ if (RsaContext == NULL || MessageHash == NULL || Signature == NULL || SigSize > INT_MAX) {\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (RsaContext == NULL) {\r
+ if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) {\r
return FALSE;\r
}\r
\r
KeyE = BN_new ();\r
return FALSE;\r
}\r
\r
KeyE = BN_new ();\r
+ if (KeyE == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
+ RetVal = FALSE;\r
+ \r
if (PublicExponent == NULL) {\r
if (PublicExponent == NULL) {\r
- BN_set_word (KeyE, 0x10001);\r
+ if (BN_set_word (KeyE, 0x10001) == 0) {\r
+ goto _Exit;\r
+ }\r
- BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE);\r
+ if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) {\r
+ goto _Exit;\r
+ }\r
if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {\r
RetVal = TRUE;\r
}\r
\r
if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {\r
RetVal = TRUE;\r
}\r
\r
BN_free (KeyE);\r
return RetVal;\r
}\r
BN_free (KeyE);\r
return RetVal;\r
}\r
/**\r
Performs the PKCS1-v1_5 encoding methods defined in RSA PKCS #1.\r
\r
/**\r
Performs the PKCS1-v1_5 encoding methods defined in RSA PKCS #1.\r
\r
- @param Message Message buffer to be encoded.\r
- @param MessageSize Size of message buffer in bytes.\r
- @param DigestInfo Pointer to buffer of digest info for output.\r
+ @param[in] Message Message buffer to be encoded.\r
+ @param[in] MessageSize Size of message buffer in bytes.\r
+ @param[out] DigestInfo Pointer to buffer of digest info for output.\r
+ @param[in,out] DigestInfoSize On input, the size of DigestInfo buffer in bytes.\r
+ On output, the size of data returned in DigestInfo\r
+ buffer in bytes.\r
- @return Size of DigestInfo in bytes.\r
+ @retval TRUE PKCS1-v1_5 encoding finished successfully.\r
+ @retval FALSE Any input parameter is invalid.\r
+ @retval FALSE DigestInfo buffer is not large enough.\r
- IN CONST UINT8 *Message,\r
- IN UINTN MessageSize,\r
- OUT UINT8 *DigestInfo\r
+ IN CONST UINT8 *Message,\r
+ IN UINTN MessageSize,\r
+ OUT UINT8 *DigestInfo,\r
+ IN OUT UINTN *DigestInfoSize\r
)\r
{\r
CONST UINT8 *HashDer;\r
)\r
{\r
CONST UINT8 *HashDer;\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (Message == NULL || DigestInfo == NULL) {\r
+ if (Message == NULL || DigestInfo == NULL || DigestInfoSize == NULL) {\r
+ if (*DigestInfoSize < DerSize + MessageSize) {\r
+ *DigestInfoSize = DerSize + MessageSize;\r
+ return FALSE;\r
+ }\r
+\r
CopyMem (DigestInfo, HashDer, DerSize);\r
CopyMem (DigestInfo + DerSize, Message, MessageSize);\r
\r
CopyMem (DigestInfo, HashDer, DerSize);\r
CopyMem (DigestInfo + DerSize, Message, MessageSize);\r
\r
- return (DerSize + MessageSize);\r
+ *DigestInfoSize = DerSize + MessageSize;\r
+ return TRUE;\r
- Size = DigestInfoEncoding (MessageHash, HashSize, Signature);\r
+ if (!DigestInfoEncoding (MessageHash, HashSize, Signature, SigSize)) {\r
+ return FALSE;\r
+ }\r
\r
ReturnVal = RSA_private_encrypt (\r
\r
ReturnVal = RSA_private_encrypt (\r
Signature,\r
Signature,\r
Rsa,\r
RSA_PKCS1_PADDING\r
);\r
\r
Signature,\r
Signature,\r
Rsa,\r
RSA_PKCS1_PADDING\r
);\r
\r
- if (ReturnVal < (INTN) Size) {\r
+ if (ReturnVal < (INTN) *SigSize) {\r
- *SigSize = (UINTN)ReturnVal;\r
+ *SigSize = (UINTN) ReturnVal;\r
X509Cert = NULL;\r
\r
//\r
X509Cert = NULL;\r
\r
//\r
//\r
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);\r
if ((X509Cert == NULL) || (!Status)) {\r
//\r
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);\r
if ((X509Cert == NULL) || (!Status)) {\r
//\r
// Retrieve subject name from certificate object.\r
//\r
X509Name = X509_get_subject_name (X509Cert);\r
//\r
// Retrieve subject name from certificate object.\r
//\r
X509Name = X509_get_subject_name (X509Cert);\r
+ if (X509Name == NULL) {\r
+ goto _Exit;\r
+ }\r
+\r
if (*SubjectSize < (UINTN) X509Name->bytes->length) {\r
*SubjectSize = (UINTN) X509Name->bytes->length;\r
goto _Exit;\r
if (*SubjectSize < (UINTN) X509Name->bytes->length) {\r
*SubjectSize = (UINTN) X509Name->bytes->length;\r
goto _Exit;\r
//\r
// Release Resources.\r
//\r
//\r
// Release Resources.\r
//\r
- X509_free (X509Cert);\r
+ if (X509Cert != NULL) {\r
+ X509_free (X509Cert);\r
+ }\r
Pkey = NULL;\r
X509Cert = NULL;\r
\r
Pkey = NULL;\r
X509Cert = NULL;\r
\r
//\r
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);\r
if ((X509Cert == NULL) || (!Status)) {\r
//\r
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);\r
if ((X509Cert == NULL) || (!Status)) {\r
//\r
// Retrieve and check EVP_PKEY data from X509 Certificate.\r
//\r
//\r
// Retrieve and check EVP_PKEY data from X509 Certificate.\r
//\r
//\r
// Release Resources.\r
//\r
//\r
// Release Resources.\r
//\r
- X509_free (X509Cert);\r
- EVP_PKEY_free (Pkey);\r
+ if (X509Cert != NULL) {\r
+ X509_free (X509Cert);\r
+ }\r
+\r
+ if (Pkey != NULL) {\r
+ EVP_PKEY_free (Pkey);\r
+ } \r
//\r
// Register & Initialize necessary digest algorithms for certificate verification.\r
//\r
//\r
// Register & Initialize necessary digest algorithms for certificate verification.\r
//\r
- EVP_add_digest (EVP_md5());\r
- EVP_add_digest (EVP_sha1());\r
- EVP_add_digest (EVP_sha256());\r
+ if (EVP_add_digest (EVP_md5 ()) == 0) {\r
+ goto _Exit;\r
+ }\r
+ if (EVP_add_digest (EVP_sha1 ()) == 0) {\r
+ goto _Exit;\r
+ }\r
+ if (EVP_add_digest (EVP_sha256 ()) == 0) {\r
+ goto _Exit;\r
+ }\r
\r
//\r
// Read DER-encoded certificate to be verified and Construct X509 object.\r
//\r
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);\r
if ((X509Cert == NULL) || (!Status)) {\r
\r
//\r
// Read DER-encoded certificate to be verified and Construct X509 object.\r
//\r
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);\r
if ((X509Cert == NULL) || (!Status)) {\r
//\r
Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **) &X509CACert);\r
if ((X509CACert == NULL) || (!Status)) {\r
//\r
Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **) &X509CACert);\r
if ((X509CACert == NULL) || (!Status)) {\r
//\r
// Set up X509 Store for trusted certificate.\r
//\r
//\r
// Set up X509 Store for trusted certificate.\r
//\r
//\r
// Release Resources.\r
//\r
//\r
// Release Resources.\r
//\r
- X509_free (X509Cert);\r
- X509_free (X509CACert);\r
- X509_STORE_free (CertStore);\r
+ if (X509Cert != NULL) {\r
+ X509_free (X509Cert);\r
+ }\r
+\r
+ if (X509CACert != NULL) {\r
+ X509_free (X509CACert);\r
+ }\r
+ if (CertStore != NULL) {\r
+ X509_STORE_free (CertStore);\r
+ }\r
+ \r
IN UINTN SeedSize\r
)\r
{\r
IN UINTN SeedSize\r
)\r
{\r
+ if (SeedSize > INT_MAX) {\r
+ return FALSE;\r
+ }\r
+\r
//\r
// Seed the pseudorandom number generator with user-supplied value.\r
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.\r
//\r
// Seed the pseudorandom number generator with user-supplied value.\r
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (Output == NULL) {\r
+ if (Output == NULL || Size > INT_MAX) {\r
{\r
CHAR8 DefaultSeed[128];\r
\r
{\r
CHAR8 DefaultSeed[128];\r
\r
+ if (SeedSize > INT_MAX) {\r
+ return FALSE;\r
+ }\r
+\r
//\r
// Seed the pseudorandom number generator with user-supplied value.\r
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.\r
//\r
// Seed the pseudorandom number generator with user-supplied value.\r
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (Output == NULL) {\r
+ if (Output == NULL || Size > INT_MAX) {\r
{\r
CHAR8 DefaultSeed[128];\r
\r
{\r
CHAR8 DefaultSeed[128];\r
\r
+ if (SeedSize > INT_MAX) {\r
+ return FALSE;\r
+ }\r
+\r
//\r
// Seed the pseudorandom number generator with user-supplied value.\r
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.\r
//\r
// Seed the pseudorandom number generator with user-supplied value.\r
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
- if (Output == NULL) {\r
+ if (Output == NULL || Size > INT_MAX) {\r
[LibraryClasses]\r
BaseLib\r
DebugLib\r
[LibraryClasses]\r
BaseLib\r
DebugLib\r
+ UefiBootServicesTableLib\r
+ UefiRuntimeLib\r
\r
[Guids]\r
gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event\r
\r
[Guids]\r
gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event\r
#define __INTERNAL_CRYPT_LIB_H__\r
\r
#include <Library/BaseLib.h>\r
#define __INTERNAL_CRYPT_LIB_H__\r
\r
#include <Library/BaseLib.h>\r
-#include <Library/BaseMemoryLib.h>\r
-#include <Library/MemoryAllocationLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/BaseCryptLib.h>\r
\r
#include <Library/DebugLib.h>\r
#include <Library/BaseCryptLib.h>\r
\r
projects / mirror_edk2.git / commitdiff