OpenSSL-1.1.xx makes most data structures opaque.
This patch updates Public Key Cipher Wrapper implementations in
BaseCryptLib to use the accessor APIs for opaque object access.
The impacted interfaces includes RSA, DH, X509, PKCS7, etc.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
/** @file\r
Diffie-Hellman Wrapper Implementation over OpenSSL.\r
\r
/** @file\r
Diffie-Hellman Wrapper Implementation over OpenSSL.\r
\r
-Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
#include <openssl/bn.h>\r
#include <openssl/dh.h>\r
\r
#include <openssl/bn.h>\r
#include <openssl/dh.h>\r
\r
/**\r
Allocates and Initializes one Diffie-Hellman Context for subsequent use.\r
\r
/**\r
Allocates and Initializes one Diffie-Hellman Context for subsequent use.\r
\r
)\r
{\r
BOOLEAN RetVal;\r
)\r
{\r
BOOLEAN RetVal;\r
\r
//\r
// Check input parameters.\r
\r
//\r
// Check input parameters.\r
- BN_bn2bin (((DH *) DhContext)->p, Prime);\r
+ DH_get0_pqg (DhContext, (const BIGNUM **)&BnP, NULL, NULL);\r
+ BN_bn2bin (BnP, Prime);\r
+ BIGNUM *BnP;\r
+ BIGNUM *BnG;\r
\r
//\r
// Check input parameters.\r
\r
//\r
// Check input parameters.\r
if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {\r
return FALSE;\r
}\r
if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {\r
return FALSE;\r
}\r
if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {\r
return FALSE;\r
}\r
\r
if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {\r
return FALSE;\r
}\r
\r
- Bn = NULL;\r
-\r
- Dh = (DH *) DhContext;\r
- Dh->g = NULL;\r
- Dh->p = BN_new ();\r
- if (Dh->p == NULL) {\r
- goto Error;\r
- }\r
- \r
- Dh->g = BN_new ();\r
- if (Dh->g == NULL) {\r
- goto Error;\r
- }\r
-\r
- Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);\r
- if (Bn == NULL) {\r
- goto Error;\r
- }\r
-\r
- if (BN_set_word (Dh->g, (UINT32) Generator) == 0) {\r
+ //\r
+ // Set the generator and prime parameters for DH object.\r
+ //\r
+ Dh = (DH *)DhContext;\r
+ BnP = BN_bin2bn ((const unsigned char *)Prime, (int)(PrimeLength / 8), NULL);\r
+ BnG = BN_bin2bn ((const unsigned char *)&Generator, 1, NULL);\r
+ if ((BnP == NULL) || (BnG == NULL) || !DH_set0_pqg (Dh, BnP, NULL, BnG)) {\r
goto Error;\r
}\r
\r
return TRUE;\r
\r
Error:\r
goto Error;\r
}\r
\r
return TRUE;\r
\r
Error:\r
+ BN_free (BnP);\r
+ BN_free (BnG);\r
- if (Dh->p != NULL) {\r
- BN_free (Dh->p);\r
- }\r
-\r
- if (Dh->g != NULL) {\r
- BN_free (Dh->g);\r
- }\r
-\r
- if (Bn != NULL) {\r
- BN_free (Bn);\r
- }\r
- \r
{\r
BOOLEAN RetVal;\r
DH *Dh;\r
{\r
BOOLEAN RetVal;\r
DH *Dh;\r
if (PublicKey == NULL && *PublicKeySize != 0) {\r
return FALSE;\r
}\r
if (PublicKey == NULL && *PublicKeySize != 0) {\r
return FALSE;\r
}\r
Dh = (DH *) DhContext;\r
\r
RetVal = (BOOLEAN) DH_generate_key (DhContext);\r
if (RetVal) {\r
Dh = (DH *) DhContext;\r
\r
RetVal = (BOOLEAN) DH_generate_key (DhContext);\r
if (RetVal) {\r
- Size = BN_num_bytes (Dh->pub_key);\r
- if (Size <= 0) {\r
- *PublicKeySize = 0;\r
- return FALSE;\r
- }\r
- if (*PublicKeySize < (UINTN) Size) {\r
+ DH_get0_key (Dh, (const BIGNUM **)&DhPubKey, NULL);\r
+ Size = BN_num_bytes (DhPubKey);\r
+ if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) {\r
*PublicKeySize = Size;\r
return FALSE;\r
}\r
*PublicKeySize = Size;\r
return FALSE;\r
}\r
- \r
- BN_bn2bin (Dh->pub_key, PublicKey);\r
+\r
+ BN_bn2bin (DhPubKey, PublicKey);\r
*PublicKeySize = Size;\r
}\r
\r
*PublicKeySize = Size;\r
}\r
\r
/** @file\r
PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.\r
\r
/** @file\r
PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.\r
\r
-Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
#include <openssl/x509.h>\r
#include <openssl/pkcs7.h>\r
\r
#include <openssl/x509.h>\r
#include <openssl/pkcs7.h>\r
\r
/**\r
Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message\r
Syntax Standard, version 1.5". This interface is only intended to be used for\r
/**\r
Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message\r
Syntax Standard, version 1.5". This interface is only intended to be used for\r
//\r
// Release Resources\r
//\r
//\r
// Release Resources\r
//\r
- if (RsaContext != NULL) {\r
- RsaFree (RsaContext);\r
- if (Key != NULL) {\r
- Key->pkey.rsa = NULL;\r
- }\r
- }\r
-\r
if (Key != NULL) {\r
EVP_PKEY_free (Key);\r
}\r
if (Key != NULL) {\r
EVP_PKEY_free (Key);\r
}\r
WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated\r
Variable and will do basic check for data structure.\r
\r
WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated\r
Variable and will do basic check for data structure.\r
\r
-Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
STACK_OF(X509) *CertStack;\r
BOOLEAN Status;\r
INT32 Result;\r
STACK_OF(X509) *CertStack;\r
BOOLEAN Status;\r
INT32 Result;\r
INT32 Length;\r
VOID *Buffer;\r
\r
INT32 Length;\r
VOID *Buffer;\r
\r
- Length = (INT32)(((BUF_MEM *) CertBio->ptr)->length);\r
+ BIO_get_mem_ptr (CertBio, &Ptr);\r
+ Length = (INT32)(Ptr->length);\r
if (Length <= 0) {\r
goto _Exit;\r
}\r
if (Length <= 0) {\r
goto _Exit;\r
}\r
BOOLEAN Wrapped;\r
UINT8 Index;\r
PKCS7 *Pkcs7;\r
BOOLEAN Wrapped;\r
UINT8 Index;\r
PKCS7 *Pkcs7;\r
- X509_STORE_CTX CertCtx;\r
+ X509_STORE_CTX *CertCtx;\r
+ STACK_OF(X509) *CtxChain;\r
+ STACK_OF(X509) *CtxUntrusted;\r
+ X509 *CtxCert;\r
STACK_OF(X509) *Signers;\r
X509 *Signer;\r
X509 *Cert;\r
STACK_OF(X509) *Signers;\r
X509 *Signer;\r
X509 *Cert;\r
+ X509_NAME *IssuerName;\r
UINT8 *CertBuf;\r
UINT8 *OldBuf;\r
UINTN BufferSize;\r
UINT8 *CertBuf;\r
UINT8 *OldBuf;\r
UINTN BufferSize;\r
Status = FALSE;\r
NewP7Data = NULL;\r
Pkcs7 = NULL;\r
Status = FALSE;\r
NewP7Data = NULL;\r
Pkcs7 = NULL;\r
+ CertCtx = NULL;\r
+ CtxChain = NULL;\r
+ CtxCert = NULL;\r
+ CtxUntrusted = NULL;\r
SingleCert = NULL;\r
CertBuf = NULL;\r
OldBuf = NULL;\r
SingleCert = NULL;\r
CertBuf = NULL;\r
OldBuf = NULL;\r
}\r
Signer = sk_X509_value (Signers, 0);\r
\r
}\r
Signer = sk_X509_value (Signers, 0);\r
\r
- if (!X509_STORE_CTX_init (&CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) {\r
+ CertCtx = X509_STORE_CTX_new ();\r
+ if (CertCtx == NULL) {\r
+ goto _Error;\r
+ }\r
+ if (!X509_STORE_CTX_init (CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) {\r
goto _Error;\r
}\r
//\r
// Initialize Chained & Untrusted stack\r
//\r
goto _Error;\r
}\r
//\r
// Initialize Chained & Untrusted stack\r
//\r
- if (CertCtx.chain == NULL) {\r
- if (((CertCtx.chain = sk_X509_new_null ()) == NULL) ||\r
- (!sk_X509_push (CertCtx.chain, CertCtx.cert))) {\r
+ CtxChain = X509_STORE_CTX_get0_chain (CertCtx);\r
+ CtxCert = X509_STORE_CTX_get0_cert (CertCtx);\r
+ if (CtxChain == NULL) {\r
+ if (((CtxChain = sk_X509_new_null ()) == NULL) ||\r
+ (!sk_X509_push (CtxChain, CtxCert))) {\r
- (VOID)sk_X509_delete_ptr (CertCtx.untrusted, Signer);\r
+ CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);\r
+ (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);\r
\r
//\r
// Build certificates stack chained from Signer's certificate.\r
\r
//\r
// Build certificates stack chained from Signer's certificate.\r
//\r
// Self-Issue checking\r
//\r
//\r
// Self-Issue checking\r
//\r
- if (CertCtx.check_issued (&CertCtx, Cert, Cert)) {\r
- break;\r
+ Issuer = NULL;\r
+ if (X509_STORE_CTX_get1_issuer (&Issuer, CertCtx, Cert) == 1) {\r
+ if (X509_cmp (Issuer, Cert) == 0) {\r
+ break;\r
+ }\r
}\r
\r
//\r
// Found the issuer of the current certificate\r
//\r
}\r
\r
//\r
// Found the issuer of the current certificate\r
//\r
- if (CertCtx.untrusted != NULL) {\r
+ if (CtxUntrusted != NULL) {\r
- for (Index = 0; Index < sk_X509_num (CertCtx.untrusted); Index++) {\r
- TempCert = sk_X509_value (CertCtx.untrusted, Index);\r
- if (CertCtx.check_issued (&CertCtx, Cert, TempCert)) {\r
- Issuer = TempCert;\r
- break;\r
- }\r
- }\r
+ IssuerName = X509_get_issuer_name (Cert);\r
+ Issuer = X509_find_by_subject (CtxUntrusted, IssuerName);\r
- if (!sk_X509_push (CertCtx.chain, Issuer)) {\r
+ if (!sk_X509_push (CtxChain, Issuer)) {\r
- (VOID)sk_X509_delete_ptr (CertCtx.untrusted, Issuer);\r
+ (VOID)sk_X509_delete_ptr (CtxUntrusted, Issuer);\r
\r
Cert = Issuer;\r
continue;\r
\r
Cert = Issuer;\r
continue;\r
// UINT8 Certn[];\r
//\r
\r
// UINT8 Certn[];\r
//\r
\r
- if (CertCtx.chain != NULL) {\r
+ if (CtxChain != NULL) {\r
BufferSize = sizeof (UINT8);\r
OldSize = BufferSize;\r
CertBuf = NULL;\r
\r
for (Index = 0; ; Index++) {\r
BufferSize = sizeof (UINT8);\r
OldSize = BufferSize;\r
CertBuf = NULL;\r
\r
for (Index = 0; ; Index++) {\r
- Status = X509PopCertificate (CertCtx.chain, &SingleCert, &CertSize);\r
+ Status = X509PopCertificate (CtxChain, &SingleCert, &CertSize);\r
if (!Status) {\r
break;\r
}\r
if (!Status) {\r
break;\r
}\r
- if (CertCtx.untrusted != NULL) {\r
+ if (CtxUntrusted != NULL) {\r
BufferSize = sizeof (UINT8);\r
OldSize = BufferSize;\r
CertBuf = NULL;\r
\r
for (Index = 0; ; Index++) {\r
BufferSize = sizeof (UINT8);\r
OldSize = BufferSize;\r
CertBuf = NULL;\r
\r
for (Index = 0; ; Index++) {\r
- Status = X509PopCertificate (CertCtx.untrusted, &SingleCert, &CertSize);\r
+ Status = X509PopCertificate (CtxUntrusted, &SingleCert, &CertSize);\r
if (!Status) {\r
break;\r
}\r
if (!Status) {\r
break;\r
}\r
}\r
sk_X509_free (Signers);\r
\r
}\r
sk_X509_free (Signers);\r
\r
- X509_STORE_CTX_cleanup (&CertCtx);\r
+ X509_STORE_CTX_cleanup (CertCtx);\r
+ X509_STORE_CTX_free (CertCtx);\r
\r
if (SingleCert != NULL) {\r
free (SingleCert);\r
\r
if (SingleCert != NULL) {\r
free (SingleCert);\r
3) RsaSetKey\r
4) RsaPkcs1Verify\r
\r
3) RsaSetKey\r
4) RsaPkcs1Verify\r
\r
-Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
IN UINTN BnSize\r
)\r
{\r
IN UINTN BnSize\r
)\r
{\r
+ RSA *RsaKey;\r
+ BIGNUM *BnN;\r
+ BIGNUM *BnE;\r
+ BIGNUM *BnD;\r
+ BIGNUM *BnP;\r
+ BIGNUM *BnQ;\r
+ BIGNUM *BnDp;\r
+ BIGNUM *BnDq;\r
+ BIGNUM *BnQInv;\r
\r
//\r
// Check input parameters.\r
\r
//\r
// Check input parameters.\r
+ BnN = NULL;\r
+ BnE = NULL;\r
+ BnD = NULL;\r
+ BnP = NULL;\r
+ BnQ = NULL;\r
+ BnDp = NULL;\r
+ BnDq = NULL;\r
+ BnQInv = NULL;\r
+\r
+ //\r
+ // Retrieve the components from RSA object.\r
+ //\r
RsaKey = (RSA *) RsaContext;\r
RsaKey = (RSA *) RsaContext;\r
+ RSA_get0_key (RsaKey, (const BIGNUM **)&BnN, (const BIGNUM **)&BnE, (const BIGNUM **)&BnD);\r
+ RSA_get0_factors (RsaKey, (const BIGNUM **)&BnP, (const BIGNUM **)&BnQ);\r
+ RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnDp, (const BIGNUM **)&BnDq, (const BIGNUM **)&BnQInv);\r
+\r
//\r
// Set RSA Key Components by converting octet string to OpenSSL BN representation.\r
// NOTE: For RSA public key (used in signature verification), only public components\r
//\r
// Set RSA Key Components by converting octet string to OpenSSL BN representation.\r
// NOTE: For RSA public key (used in signature verification), only public components\r
switch (KeyTag) {\r
\r
//\r
switch (KeyTag) {\r
\r
//\r
- // RSA Public Modulus (N)\r
+ // RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)\r
- if (RsaKey->n != NULL) {\r
- BN_free (RsaKey->n);\r
- }\r
- RsaKey->n = NULL;\r
- if (BigNumber == NULL) {\r
- break;\r
- }\r
- RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);\r
- if (RsaKey->n == NULL) {\r
- return FALSE;\r
- }\r
-\r
- break;\r
-\r
- //\r
- // RSA Public Exponent (e)\r
- //\r
- if (RsaKey->e != NULL) {\r
- BN_free (RsaKey->e);\r
+ case RsaKeyD:\r
+ if (BnN == NULL) {\r
+ BnN = BN_new ();\r
- RsaKey->e = NULL;\r
- if (BigNumber == NULL) {\r
- break;\r
+ if (BnE == NULL) {\r
+ BnE = BN_new ();\r
- RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);\r
- if (RsaKey->e == NULL) {\r
- return FALSE;\r
+ if (BnD == NULL) {\r
+ BnD = BN_new ();\r
- break;\r
-\r
- //\r
- // RSA Private Exponent (d)\r
- //\r
- case RsaKeyD:\r
- if (RsaKey->d != NULL) {\r
- BN_free (RsaKey->d);\r
- }\r
- RsaKey->d = NULL;\r
- if (BigNumber == NULL) {\r
- break;\r
- }\r
- RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);\r
- if (RsaKey->d == NULL) {\r
+ if ((BnN == NULL) || (BnE == NULL) || (BnD == NULL)) {\r
- break;\r
-\r
- //\r
- // RSA Secret Prime Factor of Modulus (p)\r
- //\r
- case RsaKeyP:\r
- if (RsaKey->p != NULL) {\r
- BN_free (RsaKey->p);\r
- }\r
- RsaKey->p = NULL;\r
- if (BigNumber == NULL) {\r
+ switch (KeyTag) {\r
+ case RsaKeyN:\r
+ BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);\r
+ break;\r
+ case RsaKeyE:\r
+ BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);\r
+ case RsaKeyD:\r
+ BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);\r
+ break;\r
+ default:\r
+ return FALSE;\r
- RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);\r
- if (RsaKey->p == NULL) {\r
+ if (RSA_set0_key (RsaKey, BN_dup(BnN), BN_dup(BnE), BN_dup(BnD)) == 0) {\r
return FALSE;\r
}\r
\r
break;\r
\r
//\r
return FALSE;\r
}\r
\r
break;\r
\r
//\r
- // RSA Secret Prime Factor of Modules (q)\r
+ // RSA Secret Prime Factor of Modulus (p and q)\r
- if (RsaKey->q != NULL) {\r
- BN_free (RsaKey->q);\r
+ if (BnP == NULL) {\r
+ BnP = BN_new ();\r
- RsaKey->q = NULL;\r
- if (BigNumber == NULL) {\r
- break;\r
+ if (BnQ == NULL) {\r
+ BnQ = BN_new ();\r
- RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);\r
- if (RsaKey->q == NULL) {\r
+ if ((BnP == NULL) || (BnQ == NULL)) {\r
- break;\r
-\r
- //\r
- // p's CRT Exponent (== d mod (p - 1))\r
- //\r
- case RsaKeyDp:\r
- if (RsaKey->dmp1 != NULL) {\r
- BN_free (RsaKey->dmp1);\r
- }\r
- RsaKey->dmp1 = NULL;\r
- if (BigNumber == NULL) {\r
+ switch (KeyTag) {\r
+ case RsaKeyP:\r
+ BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);\r
+ case RsaKeyQ:\r
+ BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);\r
+ break;\r
+ default:\r
+ return FALSE;\r
- RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);\r
- if (RsaKey->dmp1 == NULL) {\r
+ if (RSA_set0_factors (RsaKey, BN_dup(BnP), BN_dup(BnQ)) == 0) {\r
return FALSE;\r
}\r
\r
break;\r
\r
//\r
return FALSE;\r
}\r
\r
break;\r
\r
//\r
- // q's CRT Exponent (== d mod (q - 1))\r
+ // p's CRT Exponent (== d mod (p - 1)), q's CRT Exponent (== d mod (q - 1)),\r
+ // and CRT Coefficient (== 1/q mod p)\r
- if (RsaKey->dmq1 != NULL) {\r
- BN_free (RsaKey->dmq1);\r
+ case RsaKeyQInv:\r
+ if (BnDp == NULL) {\r
+ BnDp = BN_new ();\r
- RsaKey->dmq1 = NULL;\r
- if (BigNumber == NULL) {\r
- break;\r
+ if (BnDq == NULL) {\r
+ BnDq = BN_new ();\r
- RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);\r
- if (RsaKey->dmq1 == NULL) {\r
+ if (BnQInv == NULL) {\r
+ BnQInv = BN_new ();\r
+ }\r
+ if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) {\r
- break;\r
-\r
- //\r
- // The CRT Coefficient (== 1/q mod p)\r
- //\r
- case RsaKeyQInv:\r
- if (RsaKey->iqmp != NULL) {\r
- BN_free (RsaKey->iqmp);\r
- }\r
- RsaKey->iqmp = NULL;\r
- if (BigNumber == NULL) {\r
+ switch (KeyTag) {\r
+ case RsaKeyDp:\r
+ BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);\r
+ break;\r
+ case RsaKeyDq:\r
+ BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);\r
+ break;\r
+ case RsaKeyQInv:\r
+ BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);\r
+ default:\r
+ return FALSE;\r
- RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);\r
- if (RsaKey->iqmp == NULL) {\r
+ if (RSA_set0_crt_params (RsaKey, BN_dup(BnDp), BN_dup(BnDq), BN_dup(BnQInv)) == 0) {\r
case MD5_DIGEST_SIZE:\r
DigestType = NID_md5;\r
break;\r
case MD5_DIGEST_SIZE:\r
DigestType = NID_md5;\r
break;\r
case SHA1_DIGEST_SIZE:\r
DigestType = NID_sha1;\r
break;\r
case SHA1_DIGEST_SIZE:\r
DigestType = NID_sha1;\r
break;\r
case SHA256_DIGEST_SIZE:\r
DigestType = NID_sha256;\r
break;\r
case SHA256_DIGEST_SIZE:\r
DigestType = NID_sha256;\r
break;\r
3) RsaCheckKey\r
4) RsaPkcs1Sign\r
\r
3) RsaCheckKey\r
4) RsaPkcs1Sign\r
\r
-Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
RsaKey = (RSA *) RsaContext;\r
Size = *BnSize;\r
*BnSize = 0;\r
RsaKey = (RSA *) RsaContext;\r
Size = *BnSize;\r
*BnSize = 0;\r
\r
switch (KeyTag) {\r
\r
\r
switch (KeyTag) {\r
\r
// RSA Public Modulus (N)\r
//\r
case RsaKeyN:\r
// RSA Public Modulus (N)\r
//\r
case RsaKeyN:\r
- if (RsaKey->n == NULL) {\r
- return TRUE;\r
- }\r
- BnKey = RsaKey->n;\r
+ RSA_get0_key (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);\r
break;\r
\r
//\r
// RSA Public Exponent (e)\r
//\r
case RsaKeyE:\r
break;\r
\r
//\r
// RSA Public Exponent (e)\r
//\r
case RsaKeyE:\r
- if (RsaKey->e == NULL) {\r
- return TRUE;\r
- }\r
- BnKey = RsaKey->e;\r
+ RSA_get0_key (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);\r
break;\r
\r
//\r
// RSA Private Exponent (d)\r
//\r
case RsaKeyD:\r
break;\r
\r
//\r
// RSA Private Exponent (d)\r
//\r
case RsaKeyD:\r
- if (RsaKey->d == NULL) {\r
- return TRUE;\r
- }\r
- BnKey = RsaKey->d;\r
+ RSA_get0_key (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);\r
break;\r
\r
//\r
// RSA Secret Prime Factor of Modulus (p)\r
//\r
case RsaKeyP:\r
break;\r
\r
//\r
// RSA Secret Prime Factor of Modulus (p)\r
//\r
case RsaKeyP:\r
- if (RsaKey->p == NULL) {\r
- return TRUE;\r
- }\r
- BnKey = RsaKey->p;\r
+ RSA_get0_factors (RsaKey, (const BIGNUM **)&BnKey, NULL);\r
break;\r
\r
//\r
// RSA Secret Prime Factor of Modules (q)\r
//\r
case RsaKeyQ:\r
break;\r
\r
//\r
// RSA Secret Prime Factor of Modules (q)\r
//\r
case RsaKeyQ:\r
- if (RsaKey->q == NULL) {\r
- return TRUE;\r
- }\r
- BnKey = RsaKey->q;\r
+ RSA_get0_factors (RsaKey, NULL, (const BIGNUM **)&BnKey);\r
break;\r
\r
//\r
// p's CRT Exponent (== d mod (p - 1))\r
//\r
case RsaKeyDp:\r
break;\r
\r
//\r
// p's CRT Exponent (== d mod (p - 1))\r
//\r
case RsaKeyDp:\r
- if (RsaKey->dmp1 == NULL) {\r
- return TRUE;\r
- }\r
- BnKey = RsaKey->dmp1;\r
+ RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);\r
break;\r
\r
//\r
// q's CRT Exponent (== d mod (q - 1))\r
//\r
case RsaKeyDq:\r
break;\r
\r
//\r
// q's CRT Exponent (== d mod (q - 1))\r
//\r
case RsaKeyDq:\r
- if (RsaKey->dmq1 == NULL) {\r
- return TRUE;\r
- }\r
- BnKey = RsaKey->dmq1;\r
+ RSA_get0_crt_params (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);\r
break;\r
\r
//\r
// The CRT Coefficient (== 1/q mod p)\r
//\r
case RsaKeyQInv:\r
break;\r
\r
//\r
// The CRT Coefficient (== 1/q mod p)\r
//\r
case RsaKeyQInv:\r
- if (RsaKey->iqmp == NULL) {\r
- return TRUE;\r
- }\r
- BnKey = RsaKey->iqmp;\r
+ RSA_get0_crt_params (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);\r
break;\r
\r
default:\r
return FALSE;\r
}\r
\r
break;\r
\r
default:\r
return FALSE;\r
}\r
\r
+ if (BnKey == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
*BnSize = Size;\r
Size = BN_num_bytes (BnKey);\r
\r
*BnSize = Size;\r
Size = BN_num_bytes (BnKey);\r
\r
}\r
\r
if (BigNumber == NULL) {\r
}\r
\r
if (BigNumber == NULL) {\r
+ *BnSize = Size;\r
+ return TRUE;\r
}\r
*BnSize = BN_bn2bin (BnKey, BigNumber) ;\r
}\r
*BnSize = BN_bn2bin (BnKey, BigNumber) ;\r
if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) {\r
return FALSE;\r
}\r
if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) {\r
return FALSE;\r
}\r
KeyE = BN_new ();\r
if (KeyE == NULL) {\r
return FALSE;\r
}\r
\r
RetVal = FALSE;\r
KeyE = BN_new ();\r
if (KeyE == NULL) {\r
return FALSE;\r
}\r
\r
RetVal = FALSE;\r
if (PublicExponent == NULL) {\r
if (BN_set_word (KeyE, 0x10001) == 0) {\r
goto _Exit;\r
if (PublicExponent == NULL) {\r
if (BN_set_word (KeyE, 0x10001) == 0) {\r
goto _Exit;\r
if (RsaContext == NULL) {\r
return FALSE;\r
}\r
if (RsaContext == NULL) {\r
return FALSE;\r
}\r
if (RSA_check_key ((RSA *) RsaContext) != 1) {\r
Reason = ERR_GET_REASON (ERR_peek_last_error ());\r
if (Reason == RSA_R_P_NOT_PRIME ||\r
if (RSA_check_key ((RSA *) RsaContext) != 1) {\r
Reason = ERR_GET_REASON (ERR_peek_last_error ());\r
if (Reason == RSA_R_P_NOT_PRIME ||\r
}\r
\r
Rsa = (RSA *) RsaContext;\r
}\r
\r
Rsa = (RSA *) RsaContext;\r
- Size = BN_num_bytes (Rsa->n);\r
+ Size = RSA_size (Rsa);\r
\r
if (*SigSize < Size) {\r
*SigSize = Size;\r
return FALSE;\r
}\r
\r
if (*SigSize < Size) {\r
*SigSize = Size;\r
return FALSE;\r
}\r
if (Signature == NULL) {\r
return FALSE;\r
}\r
if (Signature == NULL) {\r
return FALSE;\r
}\r
//\r
// Determine the message digest algorithm according to digest size.\r
// Only MD5, SHA-1 or SHA-256 algorithm is supported. \r
//\r
// Determine the message digest algorithm according to digest size.\r
// Only MD5, SHA-1 or SHA-256 algorithm is supported. \r
case MD5_DIGEST_SIZE:\r
DigestType = NID_md5;\r
break;\r
case MD5_DIGEST_SIZE:\r
DigestType = NID_md5;\r
break;\r
case SHA1_DIGEST_SIZE:\r
DigestType = NID_sha1;\r
break;\r
case SHA1_DIGEST_SIZE:\r
DigestType = NID_sha1;\r
break;\r
case SHA256_DIGEST_SIZE:\r
DigestType = NID_sha256;\r
break;\r
\r
default:\r
return FALSE;\r
case SHA256_DIGEST_SIZE:\r
DigestType = NID_sha256;\r
break;\r
\r
default:\r
return FALSE;\r
\r
return (BOOLEAN) RSA_sign (\r
DigestType,\r
\r
return (BOOLEAN) RSA_sign (\r
DigestType,\r
the lifetime of the signature when a signing certificate expires or is later\r
revoked.\r
\r
the lifetime of the signature when a signing certificate expires or is later\r
revoked.\r
\r
-Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2014 - 2017, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
TS_MESSAGE_IMPRINT *Imprint;\r
X509_ALGOR *HashAlgo;\r
CONST EVP_MD *Md;\r
TS_MESSAGE_IMPRINT *Imprint;\r
X509_ALGOR *HashAlgo;\r
CONST EVP_MD *Md;\r
UINTN MdSize;\r
UINT8 *HashedMsg;\r
\r
UINTN MdSize;\r
UINT8 *HashedMsg;\r
\r
Status = FALSE;\r
HashAlgo = NULL;\r
HashedMsg = NULL;\r
Status = FALSE;\r
HashAlgo = NULL;\r
HashedMsg = NULL;\r
\r
//\r
// -- Check version number of Timestamp:\r
\r
//\r
// -- Check version number of Timestamp:\r
if (HashedMsg == NULL) {\r
goto _Exit;\r
}\r
if (HashedMsg == NULL) {\r
goto _Exit;\r
}\r
- EVP_DigestInit (&MdCtx, Md);\r
- EVP_DigestUpdate (&MdCtx, TimestampedData, DataSize);\r
- EVP_DigestFinal (&MdCtx, HashedMsg, NULL);\r
+ MdCtx = EVP_MD_CTX_new ();\r
+ if (MdCtx == NULL) {\r
+ goto _Exit;\r
+ }\r
+ if ((EVP_DigestInit_ex (MdCtx, Md, NULL) != 1) ||\r
+ (EVP_DigestUpdate (MdCtx, TimestampedData, DataSize) != 1) ||\r
+ (EVP_DigestFinal (MdCtx, HashedMsg, NULL) != 1)) {\r
+ goto _Exit;\r
+ }\r
if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) &&\r
if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) &&\r
- (CompareMem (HashedMsg, ASN1_STRING_data (Imprint->HashedMessage), MdSize) != 0)) {\r
+ (CompareMem (HashedMsg, ASN1_STRING_get0_data (Imprint->HashedMessage), MdSize) != 0)) {\r
\r
_Exit:\r
X509_ALGOR_free (HashAlgo);\r
\r
_Exit:\r
X509_ALGOR_free (HashAlgo);\r
+ EVP_MD_CTX_free (MdCtx);\r
if (HashedMsg != NULL) {\r
FreePool (HashedMsg);\r
}\r
if (HashedMsg != NULL) {\r
FreePool (HashedMsg);\r
}\r
/** @file\r
X.509 Certificate Handler Wrapper Implementation over OpenSSL.\r
\r
/** @file\r
X.509 Certificate Handler Wrapper Implementation over OpenSSL.\r
\r
-Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
@param ... A list of DER-encoded single certificate data followed\r
by certificate size. A NULL terminates the list. The\r
pairs are the arguments to X509ConstructCertificate().\r
@param ... A list of DER-encoded single certificate data followed\r
by certificate size. A NULL terminates the list. The\r
pairs are the arguments to X509ConstructCertificate().\r
@retval TRUE The X509 stack construction succeeded.\r
@retval FALSE The construction operation failed.\r
\r
@retval TRUE The X509 stack construction succeeded.\r
@retval FALSE The construction operation failed.\r
\r
EFIAPI\r
X509ConstructCertificateStack (\r
IN OUT UINT8 **X509Stack,\r
EFIAPI\r
X509ConstructCertificateStack (\r
IN OUT UINT8 **X509Stack,\r
X509Free (\r
IN VOID *X509Cert\r
)\r
X509Free (\r
IN VOID *X509Cert\r
)\r
//\r
// Check input parameters.\r
//\r
if (X509Cert == NULL) {\r
return;\r
}\r
//\r
// Check input parameters.\r
//\r
if (X509Cert == NULL) {\r
return;\r
}\r
//\r
// Free OpenSSL X509 object.\r
//\r
//\r
// Free OpenSSL X509 object.\r
//\r
if (X509Stack == NULL) {\r
return;\r
}\r
if (X509Stack == NULL) {\r
return;\r
}\r
//\r
// Free OpenSSL X509 stack object.\r
//\r
//\r
// Free OpenSSL X509 stack object.\r
//\r
BOOLEAN Status;\r
EVP_PKEY *Pkey;\r
X509 *X509Cert;\r
BOOLEAN Status;\r
EVP_PKEY *Pkey;\r
X509 *X509Cert;\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
// Retrieve and check EVP_PKEY data from X509 Certificate.\r
//\r
Pkey = X509_get_pubkey (X509Cert);\r
// Retrieve and check EVP_PKEY data from X509 Certificate.\r
//\r
Pkey = X509_get_pubkey (X509Cert);\r
- if ((Pkey == NULL) || (Pkey->type != EVP_PKEY_RSA)) {\r
+ if ((Pkey == NULL) || (EVP_PKEY_id (Pkey) != EVP_PKEY_RSA)) {\r
goto _Exit;\r
}\r
\r
//\r
// Duplicate RSA Context from the retrieved EVP_PKEY.\r
//\r
goto _Exit;\r
}\r
\r
//\r
// Duplicate RSA Context from the retrieved EVP_PKEY.\r
//\r
- if ((*RsaContext = RSAPublicKey_dup (Pkey->pkey.rsa)) != NULL) {\r
+ if ((*RsaContext = RSAPublicKey_dup (EVP_PKEY_get0_RSA (Pkey))) != NULL) {\r
\r
if (Pkey != NULL) {\r
EVP_PKEY_free (Pkey);\r
\r
if (Pkey != NULL) {\r
EVP_PKEY_free (Pkey);\r
X509 *X509Cert;\r
X509 *X509CACert;\r
X509_STORE *CertStore;\r
X509 *X509Cert;\r
X509 *X509CACert;\r
X509_STORE *CertStore;\r
- X509_STORE_CTX CertCtx;\r
- \r
+ X509_STORE_CTX *CertCtx;\r
+\r
//\r
// Check input parameters.\r
//\r
//\r
// Check input parameters.\r
//\r
X509Cert = NULL;\r
X509CACert = NULL;\r
CertStore = NULL;\r
X509Cert = NULL;\r
X509CACert = NULL;\r
CertStore = NULL;\r
\r
//\r
// Register & Initialize necessary digest algorithms for certificate verification.\r
\r
//\r
// Register & Initialize necessary digest algorithms for certificate verification.\r
//\r
// Set up X509_STORE_CTX for the subsequent verification operation.\r
//\r
//\r
// Set up X509_STORE_CTX for the subsequent verification operation.\r
//\r
- if (!X509_STORE_CTX_init (&CertCtx, CertStore, X509Cert, NULL)) {\r
+ CertCtx = X509_STORE_CTX_new ();\r
+ if (CertCtx == NULL) {\r
+ goto _Exit;\r
+ }\r
+ if (!X509_STORE_CTX_init (CertCtx, CertStore, X509Cert, NULL)) {\r
goto _Exit;\r
}\r
\r
//\r
// X509 Certificate Verification.\r
//\r
goto _Exit;\r
}\r
\r
//\r
// X509 Certificate Verification.\r
//\r
- Status = (BOOLEAN) X509_verify_cert (&CertCtx);\r
- X509_STORE_CTX_cleanup (&CertCtx);\r
+ Status = (BOOLEAN) X509_verify_cert (CertCtx);\r
+ X509_STORE_CTX_cleanup (CertCtx);\r
if (CertStore != NULL) {\r
X509_STORE_free (CertStore);\r
}\r
if (CertStore != NULL) {\r
X509_STORE_free (CertStore);\r
}\r
+\r
+ X509_STORE_CTX_free (CertCtx);\r
+\r
}\r
\r
*TBSCertSize = Length + (Temp - *TBSCert);\r
}\r
\r
*TBSCertSize = Length + (Temp - *TBSCert);\r